Custom User and Group picker

Hi all,
I need to change the standard User picker with new business rules (filters).
This page is called from a lot of standard KM IViews like Subscription, this is possible? how?
com.sap.netweaver.kmc.people.PeopleFinder
Thanks,

Hi all,
I need to change the standard User picker with new business rules (filters).
This page is called from a lot of standard KM IViews like Subscription, this is possible? how?
com.sap.netweaver.kmc.people.PeopleFinder
Thanks,

Similar Messages

  • Custom User and Group classes

    Hi,
    I have a login custom module which does the authentication for my application.
    Till now I was using WLSUserImpl and WLSGroupIpml and everything was working fine.
    Now to make the LoginModule weblogic independent , I replaced the User and Group
    classes with my own classes which extend from java.security.Principal.
    But for some reason this isnt working. Am I missing something obvious.??
    This the exception stack trace which I get
    java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
    com.isone.security.providers.authentication.ISOGroup@9719f4, com.isone.security.providers.authentication.ISOGroup@28ebb4,
    com.isone.security.providers.authentication.ISOGroup@8ab721, com.isone.security.providers.authentication.ISOGroup@fcf06c,
    com.isone.security.providers.authentication.ISOGroup@c7539, com.isone.security.providers.authentication.ISOGroup@1e41830,
    com.isone.security.providers.authentication.ISOGroup@1f01b29, com.isone.security.providers.authentication.ISOGroup@8721bd,
    com.isone.security.providers.authentication.ISOGroup@1b81d4f, com.isone.security.providers.authentication.ISOGroup@8c6e04,
    com.isone.security.providers.authentication.ISOGroup@18aeabe, com.isone.security.providers.authentication.ISOGroup@13968f1,
    com.isone.security.providers.authentication.ISOGroup@18c28a, com.isone.security.providers.authentication.ISOGroup@18bff68,
    com.isone.security.providers.authentication.ISOGroup@2d2da4]
         at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
         at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
         at weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
         at weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
         at weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
         at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
         at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
         at weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
         at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
         at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
         at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)

    And this will explain you why there is no way to do this right now:
    (CR125681 -- although it says 7.0SP1 it is not fixed even in 8.1 SP2 and
    there is no time frame for the fix)
    http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_clfydoc&answerpage=solution&page=wls/S-21705.htm
    We've had the same issue and even have an open support case and for now
    the only way to workaround the bug is to
    use the WLSUserImpl and WLSGroupImpl classes.
    HTH,
    Dejan
    Pavel wrote:
    See if this will help:
    http://edocs.bea.com/wls/docs81/dvspisec/pv.html
    Pavel.
    "Anil" <[email protected]> wrote:
    I actually extended PrincipalValidatorImpl and returned java.security.Principal
    as the base class.
    But still I got the same exception.
    PaulF <paulf@reply_in_newsgroup.com> wrote:
    On 25 Feb 2004 06:45:50 -0800, Anil <[email protected]> wrote:
    Hi,
    I have a login custom module which does the authentication for my
    application.
    Till now I was using WLSUserImpl and WLSGroupIpml and everything was
    working fine.
    Now to make the LoginModule weblogic independent , I replaced the
    User
    and Group
    classes with my own classes which extend from java.security.Principal.
    But for some reason this isnt working. Am I missing something obvious.??
    This the exception stack trace which I get
    java.lang.SecurityException: [Security:090398]Invalid Subject:
    principals=[com.isone.security.providers.authentication.ISOUser@1698cbe,
    com.isone.security.providers.authentication.ISOGroup@9719f4,
    com.isone.security.providers.authentication.ISOGroup@28ebb4,
    com.isone.security.providers.authentication.ISOGroup@8ab721,
    com.isone.security.providers.authentication.ISOGroup@fcf06c,
    com.isone.security.providers.authentication.ISOGroup@c7539,
    com.isone.security.providers.authentication.ISOGroup@1e41830,
    com.isone.security.providers.authentication.ISOGroup@1f01b29,
    com.isone.security.providers.authentication.ISOGroup@8721bd,
    com.isone.security.providers.authentication.ISOGroup@1b81d4f,
    com.isone.security.providers.authentication.ISOGroup@8c6e04,
    com.isone.security.providers.authentication.ISOGroup@18aeabe,
    com.isone.security.providers.authentication.ISOGroup@13968f1,
    com.isone.security.providers.authentication.ISOGroup@18c28a,
    com.isone.security.providers.authentication.ISOGroup@18bff68,
    com.isone.security.providers.authentication.ISOGroup@2d2da4]
         at
    weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
         at weblogic.security.service.RoleManager.getRoles(RoleManager.java:279)
         at
    weblogic.security.service.AuthorizationManager.isAccessAllowed(AuthorizationManager.java:694)
         at
    weblogic.servlet.security.internal.WebAppSecurity.hasPermission(WebAppSecurity.java:567)
         at
    weblogic.servlet.security.internal.SecurityModule.checkPerm(SecurityModule.java:134)
         at
    weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:327)
         at
    weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:182)
         at
    weblogic.servlet.security.internal.FormSecurityModule.checkA(FormSecurityModule.java:181)
         at
    weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
         at
    weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3539)
         at
    weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
         at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
         at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
    I think that you need to extend WLSAbstractPrincipal I think instead
    of
    WLSPrincipal if you aren't going to implement your own
    PrincipalValidator. The default PrincipalValidator is going to expect
    a
    principal that extends WLSAbstractPrincipal.
    PaulF
    Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

  • Populating users and groups - design considerations/best practice

    We are currently running a 4.5 Portal in production. We are doing requirements/design for the 5.0 upgrade.
    We currently have a stored procedure that assigns users to the appropriate groups based on the domain info and role info from an ERP database after they are imported and synched up by the authentication source.
    We need to migrate this functionality to the 5.0 portal. We are debating whether to provide this functionality by doing this process via a custom Profile Web service. It was recommended during ADC and other presentation that we should stay away from using the database security/membership tables in the database directy and use the EDK/PRC instead.
    Please advise on the best way to approach(With details) this issue. We need to finalize the best approach to take asap.
    Thanks.
    Vanita

    So the best way to do this is to write a custom Authentication Web Service.  Database customizations can do much more damage and the EDK/PRC/API are designed to prevent inconsistencies and problems.
    Along those lines they also make it really easy to rationalize data from multiple backend systems into an orgainzation you'd like for your portal.  For example you could write a Custom Authentication Source that would connect to your NT Domain and get all the users and groups, then connect to your ERP system and do the same work your stored procedure would do.  It can then present this information to the portal in the way that the portal expects and let the portal maintain its own database and information store.
    Another solution is to write an External Operation that encapsulates the logic in your stored procedure but uses the PRC/Server API to manipulate users and group memberships.  I suggest you use the PRC interface since the Server API may change in subtle ways from release to release and is not as well documented.
    Either of these solutions would be easier in the long term to maintain than a database stored procedure.
    Hope this helps,
    -Akash

  • User and Group Recon Error with OID

    On a new development installation of OID and OIM, I am getting the following error while trying to run either User or Group reconciliations:
    LDAP: error code 53 - Function Not Implemented, search filter attribute modifytimestamp is not indexed/cataloged
    How can I add the appropriate index to allow these tasks to run?
    Kerry

    Have you tried:
    4.3 Using Custom Attributes in Oracle Internet Directory
    You can search for an attribute in Oracle Internet Directory only if the attribute is indexed. By default, standard attributes of the user and group entries are indexed. If you use a custom attribute, you can index it by using the catalog command. For example, if you migrate automount data to be used by automount programs such as amd or autofs, index the automountKey attribute by using the catalog command, as follows:
    catalog connect="connect_str" add="TRUE" attribute="automountKey"
    (from http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/e12023/migrate.htm)
    Hope this helps
    Martin

  • Using users and groups from LDAP in ADF application

    Hi there,
    I'm using WebLogic Server 10.3.5.0 and JDev 11.1.2.3.0.
    I configured my WL server to use the users and groups defined in my LDAP server (they display when I select the Users or Groups tab). So this works fine (I think).
    Now I want to use 1 group, let's call the group ApplicationGroup, and all it's users to give them access to my ADF Application.
    But I can't find proper/up-to-date info about how to do this.
    I tried 2 major things:
    1) I configured ADF Security to use Authentication and Authorization. Defined an Enterprise Role with the same name as in my WL server (so ApplicationGroup) then defined a
    Application Role with a custom name and added the Enterprise Role to it. That Application Role I gave access to all my TF's and Web Pages. When I deploy this, It just doesn't work (Migrate Users and Groups is not checked).
    2) Used the Authentication option in the ADF Security and the rest is the same as in 1). This works +-, I can login with all users so the role mapping isn't configured right I guess?
    Any help or documentation that could help me?

    Since we aren't using EM I had to find an other way. And I found it.
    In web.xml ADF Security (I suppose) automaticly adds 'valid-users'. In my weblogic.xml I added my enterprise role as a principal to 'valid-users' and this works for me.
    Thanks for the help.

  • Admin Console not displaying new Users and Groups from LDAP

    We created a new Realm in WebLogic, which specifies the location of the Netscape
    LDAP server. Our Weblogic application, called TGSLC, is able to find the ldap
    server to use for authentication. My problem is this- the Admin Console is not
    displaying the new users and groups from the LDAP server. Shouldn't the WebLogic
    Admin Console display any users and groups specified in the ldap server, which
    is referenced in the customized Realm?

    Hi Andy,
    I am not sure why you are unable to see the users and groups through the
    console., you should be able to. Can you post the config.xml?
    thanks,
    -satya
    Andy Levy <[email protected]> wrote in message
    news:3b700c36$[email protected]..
    >
    We're running WLS 6.0 Sp2 on Windows 2000 Professional.
    "Satya Ghattu" <[email protected]> wrote:
    Andy,
    Could you please tell us what Version of Weblogic you are running?
    thanks,
    -satya
    Andy Levy <[email protected]> wrote in message
    news:[email protected]..
    We created a new Realm in WebLogic, which specifies the location ofthe
    Netscape
    LDAP server. Our Weblogic application, called TGSLC, is able to findthe
    ldap
    server to use for authentication. My problem is this- the Admin
    Console
    is not
    displaying the new users and groups from the LDAP server. Shouldn'tthe
    WebLogic
    Admin Console display any users and groups specified in the ldap
    server,
    which
    is referenced in the customized Realm?

  • LDAP user and group configuration in ADF application

    Hi All,
    I have to use LDAP user and groups in my ADF application. I have configured the LDAP on WLS server successfully and can see all users/groups under tab "User and Groups". I have added the Enterprise Role in jazn-data.xml matching the name of groups. Created Application role in jazn-data.xml and assigned a role of Enterprise Role.
    However not added any user in jazn-data.xml. Which i guess not required because it will picked from LDAP.
    Now how to configure the JDeveloper to use those users ? What changes need to make in jazn-data.xml ? or in jps-config.xml / web.xml/ weblogic-application.xml
    Am i missing nay configuration step. i have referred ADF Security set up - step by step tutorial - quick question but not found useful
    I am using JDeveloper 11.1.1.5.
    Thanking you all in advance.
    Mukesh.

    I have below changes in files
    1] In jps-config.xml
    -- Added identity store and selected it from drop down in Security Context tab.
    2] In weblogic-application.xml
    In Security tab --> Role assignment mapped valid-users to principle name.
    <security>
    <realm-name>myrealm</realm-name>
    <security-role-assignment>
    <role-name>valid-users</role-name>
    <principal-name>DERDev</principal-name>
    </security-role-assignment>
    </security>
    3] Same thing done in weblogic.xml . I do not know the difference between weblogic-application.xml and weblogic.xml configuartion and which will work.
    4] Added security role "DERDev" along with the default/automatically added role "valid users"
    <security-role>
    <role-name>DERDev</role-name>
    </security-role>
    Still no luck ...... i am missing again ? I referred many links but found not a single document mentioning all steps
    Mukesh

  • User and group handling in LDAP Realm

    Hi,
    I'm currently using an LDAP Realm for storing users and groups, which I need to be able to add, amend and remove at runtime.
    I understand that in earlier versions of Weblogic, the methods to do the add/remove/modify were not implemented but I was told that this may change in WL6. If so, is there any documentation or examples about these methods ? If not, would I need to extend ManageableRealm to create a custom realm ?
    Any help much appreciated.
    Dave

    Hi Dave:
    In our project, we use security realm (LDAP realm) for Users and Groups authentication. We turned the CacheRealm on to optimize performance. To add and amend Users and Groups, we use a stateless EJB to talk to LDAP server. This kind of partition works fine for us to separate the user authentication
    logic and user management logic.
    Fun
    Dave Horner wrote:
    Hi,
    I'm currently using an LDAP Realm for storing users and groups, which I need to be able to add, amend and remove at runtime.
    I understand that in earlier versions of Weblogic, the methods to do the add/remove/modify were not implemented but I was told that this may change in WL6. If so, is there any documentation or examples about these methods ? If not, would I need to extend ManageableRealm to create a custom realm ?
    Any help much appreciated.
    Dave

  • Hi I do not want iTunes to open up automatically when I turn on my macbook pro.  I tried going to System Preferences Users and Groups Login Items and then I took iTunes off the list but it still opens up automatically when I turn on my laptop.

    Hi I do not want iTunes to open up automatically when I turn on my macbook pro.  I tried going to System Preferences>Users and Groups>Login Items and then I took iTunes off the list but it still opens up automatically when I turn on my laptop. What should I do?

    Hi r,
    Make sure you close iTunes before shutdown.  And you're quite welcome.

  • I am trying to stop programs from opening automatically when I turn my computer on.  I tried system preferences users and groups login items...then I deleted them from the list but it did nothing.

    I am trying to stop programs from opening automatically when I turn my computer on.  I tried system preferences>users and groups>login items...then I deleted them itunes and emial from the list but it did nothing.  They continue to open up every time I turn on my Macbook Pro.

    Hi r,
    It sounds like you're running Lion?
    Have you tried running Verify and/or Repair Disk?
    Have you tried running Repair Permissions?
    Do you have at least 15% free space available on your HD?

  • How to change default /Users and /Groups to different Volume?

    Users are created in /Volumes/<boot>/Users and groups in /Volumes/<boot>/Groups.
    We need these to be created on a different volume, eg., /Volumes/External/Users, and /Volumes/External/Groups.
    Setup Assistant correctly put user Backups into */Volumes/External/Shared Items/Backups* and also correctly put web services on /Volumes/External/ServiceData -- we want to do the same for Groups and Users.
    Groups are the most critical, as the group needs bulk storage. Users we could leave as is if it can't be done.
    How can this be configured? We've read File Server Admin, Open Directory Admin, and Advanced Server admin from http://www.apple.com/server/macosx/resources/documentation.html without finding an answer.
    Thanks in advance.

    1. Create new folders on the external volume to hold users and groups, but to prevent confusion name them something other than "Users" and "Groups". /Volumes/External/NetUsers and /Volumes/External/NetGroups would be reasonable choices.
    2. Share both of these folders (in Server Admin -> server name in sidebar -> File Sharing -> Volumes & Browse modes -> select each folder -> click Share near the top right).
    3. Enable both folders for automounting on clients (Server Admin -> server name in sidebar -> File Sharing -> Share Points-> select each folder -> Share Point tab under that -> Enable Automount option) with the default options (Directory: /LDAPv3/127.0.0.1, Protocol: AFP, Use for: User home folders and group folders). Be sure to click Save (not just OK in the dialog).
    4. To migrate users, run Workgroup Manager, and change the home location for the users you want to move (select Accounts in the toolbar -> /LDAPv3/127.0.0.1 from the hidden pop-up menu under that -> User icon tab at the left -> select the user(s) you want to change -> Home tab on the right -> select the NetUsers option from the "Where" list). Then, for each user, run this command on the server: "sudo cp -Rp /Users/username /Volumes/External/NetUsers".
    5. Similarly, move Group folders in WGM (Accounts -> /LDAP... -> Groups icon on left -> select groups to move -> Group Folder tab on right -> NetGroups in the list). Then, for each group, run "sudo cp -Rp /Groups/groupname /Volumes/External/NetGroups".
    6. Test to make sure all is working before deleting the old user and group folders from /Users and /Groups (do NOT delete /Users and /Groups themselves, just the individual folders from under them).

  • Generate report to show all users and groups in Shared Services in EPM 11x

    Hi,
    Is there any way to generate a report (like a migration report or job status report) which can be generated through workspace/shared services 11.1.1.3 so that my admin can look at all the users and groups created. Something that I can view and probably print out? Any suggestions?
    ~Adeeba

    Yes, I knew this one. This basically shows me the users and groups assigned specific provision access. Is there any way to view a report that shows which users and groups have access to dimensions of an individual planning application?
    ~Adeeba

  • Assigning Roles to Users and Groups

    Hi,
    We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
    it is an urgent assignment for me..help can be appreciated...
    sudhir

    Sudhir,
    You can assign the roles to users and groups as below.
    1. Select the System Administration in the top level navigtion
    2. Select user administration
    3. You can search for a specific user or a group from this iView.
    4. Use the edit button to edit the profie of the user or group.
    5. Search for the role in the search iView.
    6. Add the role to the user of group and save.

  • Upgraded to 3.1 and lost all users and groups.  How do we get them back?

    We ran the update to Server 3.1 (from 3.0) on our Mavericks Mac-Mini Server.
    Everything had been fine before the update, but now all users and groups have completely disappeared.
    The only user we have is the main administrator log-in.
    Since we verified that all of our data, wikis, and other items are still in place, it might be easier to just re-create the groups and users (and permission therein).
    But, we cannot log into Workgroup Manager, nor can we add users/groups in the Server app (because it is "grayed-out").
    Can somebody please provide a suggestion??
    We are a small engineering firm with only 5 users, so it's not like this would take all day.
    Thanks, Mike

    Have you tried
    sudo sso_util configure -r REALM_NAME -a diradmin afp
    (cf. Lion Server: AFP users unable to authenticate with Kerberos after upgrading)in Apple Support ?
    p.

  • WINDOWS 8.1 - System Tools no longer displaying User and Group Settings after adding a new LOCAL user.

    I jumped on my parents computer, which is on a domain.  I added a new local user(with my live.com login) and gave it admin status.  That's when the trouble began.
    The main user profile disappeared.  I used the command prompt fix (see other fixes) to add the missing user back into admin.  I logged back in, and it set up the account for the first time (WTF?).  I cannot access any files from the main account
    (that I logged into just fine before to get this debacle started.)
    When going to Local Computer Management --> System Tools, my users and groups tool is missing.
    I ran lusrmgr.msc only to find out that the most current version of Windows 8.1 and this is what it said "This snapin may not be used with this edition of Windows 8.1.  To manage user accounts for this computer, use the User Accounts tool in the
    Control Panel."   <---- Awesome!  (that was sarcasm.)
    I have spent over two hours in the User Account tool during the course of this problem only to prove that a picture of a computer is more useful that that "tool".  
    To anyone reading this ticket, the best advice I can offer you (as long as its not a crucial machine) is to back up what you can gain access to, format your hard-drive and reinstall windows and start over again.  I wouldn't recommend reinstalling 8.1,
    I would say go back to 7 and wait until 10 comes out.   Windows 8 is the new Vista.  Good luck!

    Hello AhavahOlam,
    I can understand your feelings.
    If my understanding is right, after adding a new local user in domain-joined Windows 8.1, you can’t open the local users and groups.
    Can you still add account by going to Control Panel\User Accounts and Family Safety\User Accounts\Manage Accounts?
    As this computer is domain-based, it is recommended to contact the domain administrator to see if the option is blocked.
    Best regards,
    Fangzhou CHEN
    Fangzhou CHEN
    TechNet Community Support

Maybe you are looking for

  • How do I sync an iPhone 4 and iPhone 5 contact list on my iMac and keep the contact lists separate?

    I am going crazy. I have an iPhone 4 and my husband an iPhone 5. When our devices are synced to iTunes, our contact lists are merged. I've previously set up a separate user account for each of us and we both have separate apple id's. I even tried set

  • How to change Color of IMAGE Links

    Page properties is the only place I can find to change the color of LINKS. It works for text, but not for the border it automatically puts around a linked image. It's purple! Can't I make it white to blend in with the background? I have already chang

  • String not found in Table

    I get a String not found in table on one of the Tabs in the properties area of many of my steps in TestStand. I had this error once before and it was due to the switch exec not being installed. I have downloaded the NISwitch and installed it yet I st

  • Download to excel on grid generates url with Cross Site Scripting Attack

    When we try to download to exell on a grid (8.50.18). The webserver comes back with an automaticly generated url. This url now contains the characters "%0d%0a" (CR/LF Our firewall/ proyserver detects this string in the url as a Cross Site Scripting A

  • Image Does Not Show Up in Downloads

    Hey everyone- My podcast can be found at: https://itunes.apple.com/us/podcast/core-training-for-distance/id826714987 (I am still working on some of the meta tags...) My question is this. My image shows up fine in the iTunes store. However, when you g