Different ways to do User Mapping

Similar Messages

• How to defne user mapping for a Webservice method to acheive single sign on

  I all,
  I have created a Web service System using a url (containing full path of my wsdl )
  Now this particular wsdl(my webservice) has an <b>authenticate method</b> , which takes username and password.
  wanted to know is there any way that i can do user mapping for it .
  i.e when i create an ivew for this web service system using authenticate method , it should pick up the username and password from the user mapping. presently the ivew itself asks for username and password ?
  else can anyone tellme is there a way to do user mapping for my web service system that i have created using a wsdl url. presently it works with any junk username password, i mean the connection always succeds , may be because accessing a wsdl dosent requires any user name and password.
  thanks

  I all,
  I have created a Web service System using a url (containing full path of my wsdl )
  Now this particular wsdl(my webservice) has an <b>authenticate method</b> , which takes username and password.
  wanted to know is there any way that i can do user mapping for it .
  i.e when i create an ivew for this web service system using authenticate method , it should pick up the username and password from the user mapping. presently the ivew itself asks for username and password ?
  else can anyone tellme is there a way to do user mapping for my web service system that i have created using a wsdl url. presently it works with any junk username password, i mean the connection always succeds , may be because accessing a wsdl dosent requires any user name and password.
  thanks

• A different way to deal with "unknown" user after upgrade from Tiger.

  It's a known issue that doing upgrade and install or archive and install from Tiger to Leopard, produces a lot of folders with "unknown" group in their "get info" panel. This has to do with a different group structure in Tiger and Leopard.
  In Tiger, every user has their own private group with the same name as the username. That group is set to be user's primary group.
  In leopard, every new user with an account is a member of the group staff (gid=20) which is not present in Tiger. Leopard doesn't fully understand Tiger's private group structure, hence the "unknown" group. This causes various problems such as Finder crashes when trying to change the permissions and ownership in the get info window.
  Apple's proposed way of dealing with this is described [here|http://docs.info.apple.com/article.html?artnum=307128].
  However, this method doesn't change the existing group structure and doesn't resolve all the problems.
  I'd like to suggest a different way of dealing with it.
  1. create a new admin user (if you don't have one already), log out of your primary account and log into the new one.
  2. enter the following in terminal:
  *sudo dscl . delete /users/"username"*
  where username is the short name of the user on the main account (not the one you are currently logged into).
  This will delete that user.
  3. Log out/in.
  4. go to system preferences->accounts and create a new user with the name and short name exactly as the one you've deleted in step 2.
  You'll be get a popup saying that a home directory by this name already exists and asking if you want to use it. Say "Yes".
  That's it. Your main user will be recreated using the native group structure of Leopard with gid=20(staff). Permissions on your home directory will be reset with correct group and ownership.
  I tested the process on my powerbook after an upgrade and install from Tiger to leopard and it worked without a hitch.
  I like this method better than Apple's because it completely gets rid of Tiger's group structure which was creating all the confusion. The only downside as far as I can see is that you might have to manually change the group ownership on some files belonging to the main user that sit outside your home directory.
  I would appreciate any comments on this.

  hmm, I confess, I did this before installing 10.5.2 so i can't say for sure. However, I've dealt with a few people (see e.g. this [thread|http://discussions.apple.com/thread.jspa?messageID=7012957]) who are running 10.5.2 and still have this issue. I don't know what if anything 10.5.2 did about this but I'm quite sure that it didn't change the group structure inherited from Tiger.
  Message was edited by: V.K.

• Different ways to find Customer exit, User Exit & Badi

  Dear All,
  What are the different ways by which we can find  Customer Exit, User Exit & Badi for a given transaction code
  Thanks
  Ravindra suvarna

  <b>use  this report  u  can  find associate badi and  user exit both for  perticular transaction</b>&----
  *& Report  ZNEGI16                                                     *
  REPORT  ZNEGI16                                 .
  TABLES : TSTC,
  TADIR,
  MODSAPT,
  MODACT,
  TRDIR,
  TFDIR,
  ENLFDIR,
  SXS_ATTRT ,
  TSTCT.
  DATA : JTAB LIKE TADIR OCCURS 0 WITH HEADER LINE.
  DATA : FIELD1(30).
  DATA : V_DEVCLASS LIKE TADIR-DEVCLASS.
  PARAMETERS : P_TCODE LIKE TSTC-TCODE,
  P_PGMNA LIKE TSTC-PGMNA .
  DATA wa_tadir type tadir.
  START-OF-SELECTION.
  IF NOT P_TCODE IS INITIAL.
  SELECT SINGLE * FROM TSTC WHERE TCODE EQ P_TCODE.
  ELSEIF NOT P_PGMNA IS INITIAL.
  TSTC-PGMNA = P_PGMNA.
  ENDIF.
  IF SY-SUBRC EQ 0.
  SELECT SINGLE * FROM TADIR
  WHERE PGMID = 'R3TR'
  AND OBJECT = 'PROG'
  AND OBJ_NAME = TSTC-PGMNA.
  MOVE : TADIR-DEVCLASS TO V_DEVCLASS.
  IF SY-SUBRC NE 0.
  SELECT SINGLE * FROM TRDIR
  WHERE NAME = TSTC-PGMNA.
  IF TRDIR-SUBC EQ 'F'.
  SELECT SINGLE * FROM TFDIR
  WHERE PNAME = TSTC-PGMNA.
  SELECT SINGLE * FROM ENLFDIR
  WHERE FUNCNAME = TFDIR-FUNCNAME.
  SELECT SINGLE * FROM TADIR
  WHERE PGMID = 'R3TR'
  AND OBJECT = 'FUGR'
  AND OBJ_NAME EQ ENLFDIR-AREA.
  MOVE : TADIR-DEVCLASS TO V_DEVCLASS.
  ENDIF.
  ENDIF.
  SELECT * FROM TADIR INTO TABLE JTAB
  WHERE PGMID = 'R3TR'
  AND OBJECT in ('SMOD', 'SXSD')
  AND DEVCLASS = V_DEVCLASS.
  SELECT SINGLE * FROM TSTCT
  WHERE SPRSL EQ SY-LANGU
  AND TCODE EQ P_TCODE.
  FORMAT COLOR COL_POSITIVE INTENSIFIED OFF.
  WRITE:/(19) 'Transaction Code - ',
  20(20) P_TCODE,
  45(50) TSTCT-TTEXT.
  SKIP.
  IF NOT JTAB[] IS INITIAL.
  WRITE:/(105) SY-ULINE.
  FORMAT COLOR COL_HEADING INTENSIFIED ON.
  Sorting the internal Table
  sort jtab by OBJECT.
  data : wf_txt(60) type c,
  wf_smod type i ,
  wf_badi type i ,
  wf_object2(30) type C.
  clear : wf_smod, wf_badi , wf_object2.
  Get the total SMOD.
  LOOP AT JTAB into wa_tadir.
  at first.
  FORMAT COLOR COL_HEADING INTENSIFIED ON.
  WRITE:/1 SY-VLINE,
  2 'Enhancement/ Business Add-in',
  41 SY-VLINE ,
  42 'Description',
  105 SY-VLINE.
  WRITE:/(105) SY-ULINE.
  endat.
  clear wf_txt.
  at new object.
  if wa_tadir-object = 'SMOD'.
  wf_object2 = 'Enhancement' .
  elseif wa_tadir-object = 'SXSD'.
  wf_object2 = ' Business Add-in'.
  endif.
  FORMAT COLOR COL_GROUP INTENSIFIED ON.
  WRITE:/1 SY-VLINE,
  2 wf_object2,
  105 SY-VLINE.
  endat.
  case wa_tadir-object.
  when 'SMOD'.
  wf_smod = wf_smod + 1.
  SELECT SINGLE MODTEXT into wf_txt
  FROM MODSAPT
  WHERE SPRSL = SY-LANGU
  AND NAME = wa_tadir-OBJ_NAME.
  FORMAT COLOR COL_NORMAL INTENSIFIED OFF.
  when 'SXSD'.
  For BADis
  wf_badi = wf_badi + 1 .
  select single TEXT into wf_txt
  from SXS_ATTRT
  where sprsl = sy-langu
  and EXIT_NAME = wa_tadir-OBJ_NAME.
  FORMAT COLOR COL_NORMAL INTENSIFIED ON.
  endcase.
  WRITE:/1 SY-VLINE,
  2 wa_tadir-OBJ_NAME hotspot on,
  41 SY-VLINE ,
  42 wf_txt,
  105 SY-VLINE.
  AT END OF object.
  write : /(105) sy-ULINE.
  ENDAT.
  ENDLOOP.
  WRITE:/(105) SY-ULINE.
  SKIP.
  FORMAT COLOR COL_TOTAL INTENSIFIED ON.
  WRITE:/ 'No.of Exits:' , wf_smod.
  WRITE:/ 'No.of BADis:' , wf_badi.
  ELSE.
  FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
  WRITE:/(105) 'No userexits or BADis exist'.
  ENDIF.
  ELSE.
  FORMAT COLOR COL_NEGATIVE INTENSIFIED ON.
  WRITE:/(105) 'Transaction does not exist'.
  ENDIF.
  AT LINE-SELECTION.
  data : wf_object type tadir-object.
  clear wf_object.
  GET CURSOR FIELD FIELD1.
  CHECK FIELD1(8) EQ 'WA_TADIR'.
  read table jtab with key obj_name = sy-lisel+1(20).
  move jtab-object to wf_object.
  case wf_object.
  when 'SMOD'.
  SET PARAMETER ID 'MON' FIELD SY-LISEL+1(10).
  CALL TRANSACTION 'SMOD' AND SKIP FIRST SCREEN.
  when 'SXSD'.
  SET PARAMETER ID 'EXN' FIELD SY-LISEL+1(20).
  CALL TRANSACTION 'SE18' AND SKIP FIRST SCREEN.
  endcase.

• Wt are different ways to find enhancement spots(User Exits) in ECC 6.0??

  Hi Friends,
  How are you all doing??
  Friends relevant  answers are awarded points. Pls give solutions..
  What are the different ways to find the enhancement spots (i mean user exit points) in ECC 6.0??
  I want to find the enhancement spot in sale order transaction (va01/va02) after save happening or else after commit happen. In that i need to call the badi method on_costing_component. So friends could you give solution for this.

  Hi
  You can see this document for knowing the Userexits for a given Trxn.
  <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/abap/abap-code-samples/userexits%20in%20a%20transaction.doc">Listing UserExits in Transactions</a>
  Regards
  Raj

• User mapping autentication with different address

  hello everybody,
  we have a SAP NTW portal version 7.0
  address is http://portal.xxx.it/irj
  inside we have some url iview with user mapping autentication.
  the iview work correctly but we decided to have a second address for portal:
  http://portal.yyy.it/irj
  when we use this address then iview don't work (not paramenter was passed to autentication).
  Configuration is correct (user mapping, system configuration, permission, etc etc)
  We have problem only when we use second address
  any suggestion?

  Hi,
  use HTTPWatch or Firebug to find out what the browser / portal submits to the URL.
  br,
  Tobias

• Portal and R3 user mapping

  Experts,
  We are on EP6 with 4.7 backend and using AD as our data source.
  We implemented ESS on ITS and we have few users who have different portal user ID and R/3 ID and I want their ID to be mapped to their R3 ID. 
  So far, I've added my r3 usrID as one of the parameters in AD and in the UM config file, I've mapped this field to userID. 
  I've defined the sap reference system and when I go to user mapping under "personalize" it says "Error occurred while reading the selected user mapping data"
  Can someone tell me what could be wring with this setup?
  Thanks,
  James

  Well, this may not be the "best way" to do it but.....
  <p>
  <img src=http://home1.gte.net/res00icr/SA.jpg>
  <p>
  Make it a dedicated system and then you can have your users go up to personalize it once and done.  Then what every you need the back end for just reference the system you created.

• Different ways to establish SSO between Portal and ADP

  Hi,
  We are implementing payroll with the help of ADP.
  Please let me know different ways of establishing SSO between portal  and ADP
  Thanks
  Bala Duvvuri

  You may a few issues. SSO with logon tickets is based on accessing web sites in the same domain. So, if the portal is on http://ourportal.company.com, then the web site being accessed needs to have a URL like http://adphosted.company.com. Is the ADP system accessible by a DNS alias that is within company.com? If so, you're OK. If not, then there will be problems.
  The other SSO method is user mapping, but the security implications are not good...

• User Mapping in JCO Destination

  Hi All,
  My current configuration is as follows:
  EP6 SP17 -> User mapped through Portal to R3 system.
  JCO Destinations -> I use a one technical user for all the WAS users ('user/password' option)
  I want that the JCO will use the same mapping as the Portal.
  Is it possible?
  Is there a guide/tutorial for configuring the User Mapping option for a JCO destionation?
  p.s
  i cannot use SAPLOGONTICKET because the WAS (Portal) user and the R3 user are different.
  Thanks,
  Omri

  Hi Omri,
  I don`t think the Portal user mapping could be utilized by JCo destination on WAS in a trivial way.
  You can try to read such data using Portal service in your WD application and afterward pass JCo connection to RFC model but may be it is not so good idea.
  Another option is to move user mapping logic to R/3 ( don`t ask how it is just guess ).
  Also there is no user mapping on the WAS regarding JCo destination (at least I have never heard about it).
  Best regards, Maksim Rashchynski.

• DPS 6 remote user mapping question

  I have a directory where each user is defined in 2 different subtrees, with a DIT like the one below.
  In each subtree, a user has the same RDN. I know it's a bad design but I've no choice ...
  The user entries in the 1st subtree have a certificate and people want to use it to authenticate to the upstream LDAPS proxy.
  The user entries in the 2nd subtree have no certificate but they've an attribute supposed to contain a "DN value" corresponding to their profile, an entry in a specific ou.
  I'd like to use the remote mapping feature of DPS 6 so that it authenticates users with their "org_unit1" DN, and then connect to the directory with the profile defined in each user entry of org_unit2.
  It would require to configure DPS6 to "know" that the request to get the user mapping attribute has to be done
  against the org_unit2 ou instead of the org_unit1. That is the proxy requests would itselves use a data view with an alternate seach base, while the client requests would use other data views..
  Possible ? Any other/better way to achieve this ?
  Otherwise, I also think about a data view that would aggregate both user entries in a single one. I don't know if it's possible but even if it is, would the proxy itself (and the clients) be able to use that view to do its search requests ?
  o=org
  |
  |
  _____ou=org_unit1,o=org
  |
  |__ou=people
  |
  |_cn=user1
  |_objectclass:inetOrgPerson
  |_usercertificate;binary:: ....
  |_cn=user2
  |_objectclass:inetOrgPerson
  |_usercertificate;binary:: ....
  _____ou=org_unit2,o=org
  |
  |__ou=people
  |
  |_cn=user1
  |_objectclass:userDefinedPerson
  |_userdefinedprofile:profil1
  |_cn=user2
  |_objectclass:userDefinedPerson
  |_userdefinedprofile:profil2
  _____ou=profiles,o=org
  |
  |__cn=profil1
  |__cn=profil2
  ... Anyway, I'd li

  Would need more info to give a firm answer but it looks doable.
  Could you elaborate on the authentication method you would like to use once the profile associated with the user has been retrieved ? Do you plan to reuse original user password with the profile dn or do you plan to use proxied authorization? In the latter case, you can perform the ldap operations as the profile identity w/o having to provide any password.
  -Sylvain

• Webdynpro & User-mapping

  Hi experts,
  I have one question related with Web Dynpro applications. Let's assume I have some WDA. I would like to create a few WD iViews and all of them for my WDA. Is it possible to set the iViews such that each iView will connect to different system? Moreover I would like to use user-mapping.
  Thank you in advance for your answers!
  Best Regard
  Zbynek

  So I found the way how to execute web dynpro application with different JCOs. It's described here http://help.sap.com/saphelp_nw70/helpdata/en/af/84a34098022a54e10000000a1550b0/frameset.htm
  But still I don't know whether it's possible to use user-mapping. Now I don't think so because each JCO connection can use just one user account. Is it right assumption?
  Zbynek

• Change to User Mapping Strong encryption to weak encryption

  HI Floks,
  we have EP 5.0 and want to change the Branding Images on the Logon Page.
  However, Direct Editing is not available.But User Mapping is availble
  The path in EP 5.0 was :
  "System Administration -> System Configuration -> UME Configuration -> User Mapping".
  its strongly encrypted
  am looking this info "Encryption of User Mapping Data: Strong encryption ". Ihave to change brading image
  Does anyone know why or if there is another way to modify the UME property ume.logon.branding_image. how to convert this encryption or another way is there to change logo .\
  if any links or suggestions are provide me
  thanks
  Preethi

  Hi Preethi,
  I'm wondering about your message. It seems you mismatch EP5 and EP6 with each other.
  In EP5 the logon screen can be found at the IIS. There are 2 different logon screens: form logon or HTTP logon. The branding image is only available for form logon. In the admin guide for EP5 you can find the following information:
  'You can customize the form-based logon to reflect your companyu2019s branding or other special
  requirements. The dialog is located at Inetpub\wwwroot\SAPPortal\FormLogon.asp.'
  see also
  http://help.sap.com/saphelp_ep50sp6/helpdata/en/a2/297c55fa2f5447973d25825c1a665b/frameset.htm
  Furthermore there was no strong encryption possible for EP5.
  The path you mentioned in your message reflects only for EP6 and onwards. And I'm wondering why you talk of strong encryption in this context. The way of encryption has nothing to do with the branding image.
  Regards,
  Anja

• User mapping settings

  Hello All,
  If Personalisation features has been configured in such a way that a user can set his own password, and that too user id and password required to a 3rd party system.
  Like a user in a portal wants to login to a SAP R3 system. And he should also be in a position to give his logon credentials with a 3rd party interference.
  Thanks in advance,
  PKS.

  Hi Sachin,
  sorry, but I'm not sure if I understood your question. At least, it doesn't seem to be a question at all (grammatically).
  But let me guess:
  - You want to configure your portal in a way, that users can set their password by themselves
  - You also want to connect to a third party system (let me guess: R/3) via portal
  - You ask yourself if these two things interfere with each other.
  Here's the answer: The logon to portal and the logon to R/3 are completely different things. You may configure SSO between portal and R/3 using 'SAP Logon Ticket' or 'User Mapping'. The logon mechanism to R/3 is not 'disturbed', even if the user changes his portal password.
  Hope this matches your issue. If not please come back with some better english.
  Carsten

• User mapping for the B2B Internet Sales on the Portal environment

  Dear All,
    We implement a B2B Internet Sales scenario and we use a SAP CRM 4 system as also a SAP Enterprise Portal 6. The problem we have is the following.
    On the portal environment we maintain the SAP CRM as system and we have maintained the user mapping between the portal and the CRM users. The portal users have access on standard SAP transaction like for example the BP, etc. We try to give also access using the SSO functionality on the B2B Internet Sales and the problem on this case is that the Portal user have no the same mapping because on the B2B web site the system uses different user ids. For example I logon on the SAP CRM system with user iq000001 but on the B2B Internet Sales I logon with the user-id 45311.
    Does anyone an idea how I can solve this problem ?
    Thanks in advance

  Dear Tiest,
    Thanks for your reply. So, your answer is correct because when I maintain an internet user for example I use the BP transaction (Business Partner Management) and when I choose the Internet User role then I maintain all the relevant data (user name, alias, etc). The system as you know, automatically creates also an SAP user.
    About your alternative way to create the users using the XCM user administration tool, I have no idea how I will manage the process. Do you have any documentation about that ?
    Thanks in advance

• SSO to Exchange without user mapping

  I have Exchange configured for collabration groupware integration, and it works fine. I can get my calander entries without a problem when I have a user mapping set for the Exchange Transport. I have SSO enabled using the iis_proxy.dll authenticating via Active Directory also without a problem. I can also connect to OWA without any issue. The only thing I don't like is that I need a user mapping for the calander availabity.
  Does anyone know of a way to make this more automatic? I don't want the users to need to maintain their own mappings.

  We are in the exact same situation. I thought that the SSO22KerbMap ISAPI filter would do just that but the user mapping is required no matter what, unless I'm missing something in my config. The Exchange and Active Directory users are the same so a user mapping should not be required.