GRC AC 10.1 - End User Login - Request issue

Similar Messages

• End User Login Message

  Hi Folks,
  Our production IDM setup has 3 IDM instances sharing the same repository. The IDM End user is used for setting passwords in IDM and LDAP.
  Recently, couple of users have reported this error while trying to log in into IDM end user login page.
  "Your password has expired for account xxxxxx. Please change it now.
  Item User:xxxxxx was not found in the repository, it may have been deleted in another session."
  I had seen an earlier posting on this but there were no answers. Does any have a clue why this happens?
  Any lead will be greatly appreciated.
  Thanks in advance!
  Suvesh

  Hi shivjansi,
  This is normal behavior for the service desk.  It gives end-users a limited UI compared to the ticket processors.  Unfortunately the features of the limited UI are hardcoded so you cannot configure the UI so that end-users get two tabs while a ticket processor gets all six tabs. This may change in SolMan 7.1, let's hope so
  SolMan determines if a user is an end-user by checking the auth object
    CRM_TXT_ID
        Activity <ACTVT>: 02
        Text ID <TEXTID>: SU15
  If the auth check for this auth object fails, then the user is considered to be an end-user and they get the limited UI.
  Good luck!
  Jon

• Where are the ID and Password fields in End User Login ?

  Hi:
  I need to modifiy the ID / Password labels of the end-user login. I searched it in the WPMessages.properties, but i only find the variable UI_PWD_LABEL, and if i change it, it saw in the Admin Login but not in the User Login.
  Any idea?
  Thanks,
  MJ.

  Please tell us your first name and update your forum profile with it to help us. Thanks.
  The first process sets a convenience cookie with the value the user entered in the username field. This is a session cookie. The code is all there. It has nothing to do with the topic of your post.
  The Login process calls the apex login API. This performs authentication and does session registration and sets another cookie for session management.
  Where usernames and passwords are stored depends on the type of authentication you have chosen and this is recorded in the Authentication Function attribute of the authentication scheme. For Application Express authentication, the account information is in the table wwv_flow_fnd_user. You might also use your own tables for this, or LDAP, or SSO, ...
  Scott

• End user login to CI server

  Hello,
  In R/3 landscape there are 4 Application servers  and CI Cluster (2 separate servers) and DB Cluster (2 separate servers)
  In one of the CI Server,  Message server and Enrique server  is running.   (allocated virtual IPs for this  MSG server & ENQ server)
  (End user will connect to the message server)
  So when a request comes to message server, it will direct the request to one of the Application servers.
  So according to the setup, all the users should reside in the Application servers. End- users are not allowed to login to CI server.
  Only BASIS admins can login to this.
  But when checking using al08, time to time  it shows few users are login to this CI server (erpcv)
  How this happens, Is that a problem with the message server or any other issue !!!
  regards,

  You need to configure your servers in logon groups (SMLG) and distribute the correct logon groups to the users.
  My assumption, There may be few users have SAPGUI points to directly to CI.
  We also have 4 apps and 1 CI/MS and DB as cluster, but have allowed users to logon to all the servers (4 apps + 1 CI) this is due to nothing is running on CI+MS and technically speaking waste of CI resources if you are not allowing users to logon and using system.
  Don't worry SMLG (load balancing) will take care of distributing the load.

• CUPS 8.0 end user login issue

  Hi All,
  I am having CUCM 7.1.5 and CUPS 8.0(4) installed. The problem is when I tried to login the CUPS user page the it says "login failed". The CUPS intergration with CUCM seem to be fine because all the end users can be seen in CUPS. But I am not able to login the CUPS user page. Users have needed roles assigned to them.
  CUCM is sycronized with LDAP server over SSL
  Can anyone pls help me on this. What else I need to check? Is there any log to check on CUCM or CUPS?
  Thanks

  Hi Ronak,
  It is not the problem login to the CUPC  (still I didn't tried it), I have problem login to the CUPS User Web page using end user credentials in CUCM
  End users have needed roles assigned and they also are CUP enabled users
  Pls can you suggest me to any thing to check, As I said our CUCM is sycronized with LDAP server over SSL
  Thanks

• GRC Launch Pad gives "UME User Login Error! "

  All the links for RAR/RE/AE/Firefighter works, but when I go to launchpad, it gives me error " UME User Login Error! ". below the screen.  Does anybody know how to resolve this?

  That same error will also hit you in RAR if you don't have the users language maintained.
  Web Dynpro apps like LaunchPad and RAR or SPM rely on the UME information to determine the application language (also affects which language isk descriptions etc. are being shown in / can be maintained in).
  Frank.

• GRC EAM - Single Firefighter Multiple User Login

  Hi Folks,
  Good Day...Please need your valuable suggestion on the below issue...
  We have configured GRC EAM 10.0 with a mapping of Single User Id to Single Firefighter but now we have got a scenario where Multiple Users require single Firefighter ID .
  Mapping is done for Multiple users with single Firefighter ID., we have logged in with first user and successfully working but same time when the other user logged in, it is not allowing to enter into same firefighter (Popping a message as User1 is already using Firefighter)
  Please provide me if any solution...

  Hi Hima
  Good to hear (sorry for your first question and this one led me down that path)
  I assume the program to login to SAP (can't remember name off the top of my head) performs a check to see if FF is configured and the User is a FF Id. This program is locked down so you cannot view the code (if it's not the program then the kernel is performing a check but pretty sure it's the program).
  So in short, as soon as you configure the user to become a FF Id then it cannot be logged into via logon pad.
  As an additional security measure you should be able to deactivate the FF Id password as it is not required by GRC. This will add additional certainty that no user can access it (you will have change documents to show this should the account ever be removed as a FF Id).
  Regards
  Colleen

• End User Unlock and Password Reset in GRC AC 10.0

  Hi Dears,
  I have an issue related to End User Unlock and Password Reset.
  We maintained Data Source as SU01 in SPRO, So that User can able to access GRC Application through End User Login with ECC System login
  Details for raise a request.
  If user is locked or forget ECC system password, then user not able to access GRC Application through End User Login with ECC System login Details for Unlock or reset Password.
  In this situation, how user can unlock or reset the Password for ECC System.
  Could you please provide the solution to resolve the Issue.
  Note:- No LDAP or Acitive Directory.
  System Details :- GRC AC 10.0 , SP12.
  Regards,
  Karnatak.

  Hi Rupesh
  That was my warning on the post I linked you to
  Quite a few PSS solutions have this as a setup (even SCN). The key thing you are reliant on is that the email account must be restricted to only the user to receive the password/link as well as appropriate Challenge Response Questions defined as part of their registration.
  But yes, they can technically enter any User id to request the password and if they know the answers to the questions then they will get the password issue.
  Your alternatively is to introduce another system (i.e. AD which you ruled out) or see if there is a way to introduce a second factor authentication (I don't believe this is delivered with GRC).
  Regards
  Colleen

• GRC AC 10.0 - CUP User Authentication

  Hi All
  We have installed GRC AC 10.0 as a part of ramp up implementation. We will soon start with the configuration steps. For user interfacing we have 2 options (1) NWBC (2) Portal. Architecture of GRC AC 10.0 is based on webdynpro ABAP.
  Now we had a question wherein if we choose NWBC as a front end, then how do we integrate the LDAP for CUP user authentication.
  If we need to integrate LDAP as a authentication source for users in CUP, do we have the only option of going with Portal as a user interface.
  Please advise.
  Thank you.
  Anjan pandey

  > That feature in AC 10.0 is called End User Login and will have it's own URL to access via browser.
  Thanks Frank for your response. I did go through the RKT documents and seems that there is a link through which the end users will create request. we have also planned to setup a LDAP connectivity for user authentication.
  Thanks.
  Anjan Pandey

• Anonymous User Login

  Hi All,
  I have an issue with 'Forgot Password' button in the end user login. When a Forgot Password button is clicked, a Question Login workflow will trigger (I think I am right?) .Now I would like to customize the 'Question Login' workflow as per my requirements, but unfortunately I am not, I modified the system configuration object, but still with no luck I am not able to customize that workflow.
  So I thought of using anonymous login page and I can launch my own workflow as per my requirements. I have registered my workflow at 'anonymous end user tasks'. and I try to launch the anonymous login page using the url 'http://localhost:8080/idm/user/anonlogin.jsp'. I am getting the following errors.
  An unrecoverable error has occurred processing the request. Contact your system administrator.
  Syslog ID = LG-1111-024933.
  Only the Reset Administrator may access this view.
  I don't know, where I am doing wrong. For the first time I am trying to use anonymous login page.
  Did anybody faced similar problems?
  Can anybody please post some points, like what is the procedure to use a Anonymous login page?
  Thanks in advance

  Well, first, I visited Configure > User Interface, and enabled Anonymous Enrollment.
  Next, I went to user/login.jsp, and saw "Request Account". I clicked on it, and up popped the user/anonEnrollment.jsp page. (I was looking at using this for one of our requirements; turned out I didn't need it, and did something else).
  Anyway, a quick check with Live HTTP Headers for Firefox shows that the post was directly to anonEnrollment.jsp; anonEnrollment.jsp has this at the top:
  String anonUser = LoginHelper.getAnonymousUser(session);
  if (anonUser == null) {
      String url = "user/login.jsp";
      LoginHelper.redirect(req, out, url);
      return;
  }Not a huge amount of help. However, it does establish that there is an "getAnonymousUser" method, which is documented to return "the currently registered anonymous user name if any". And reading the Workflows, Forms, and Views manual, it states that the anonymous main page is for "... when a user who does not have a Identity Manager account logs in, an Identity Manager user object is created ...". Basically, if you're using pass through auth, and have a source system that will let a user authenticate, they can then set themselves up.
  So, I visited "anonmain.jsp" after clearing all cookies, and up popped "anonlogin.jsp", with a login box. I entered "anonymous", and lo!, I was logged in, and saw the anonymous user menu. In other words, I was "provisionally" logged in with an account that doesn't really exist (anonymous).
  However, I had to provide that extra bit of information, namely, my "fake" user name of "anonymous". I don't know how you'd do that without JSP customization.
  Basically, "anonymous" means "has a username, but we don't have an account", rather than "truely anonymous" as near as I can tell. The system will do it for you in the case of "Request Account" (the generated login page has some Javascript code to redirect to anonEnrollment.jsp), but it doesn't seem to be an exposed API.
  You might get somewhere with customizing the "Request Account" string in the messages catalogue, and then customizing the anonymous enrollment workflow.

• Portal - cutom message to end users (like sm02)

  Hello All,
  Is it possible in Enterprise portal to display a custom message (like sm02 in ABAP ) when end users login.
  Thanks
  Tom

  Yes...
  1. Buy Software that can do it for you --> http://www.sweetlets.com/w/solutions/system-messenger/
  2. Build it yourself.
  a. simple html file that you can embed in your framework that you can set on the fly (simple solution)
  b. time based publishing of content via KM http://help.sap.com/saphelp_nw70ehp1/helpdata/en/e8/a9a76828b8dc469969ff450ec81ced/frameset.htm (medium solution)
  c. develop some application (in webdynpro for example) that can do this all for you (advanced solution).
  Cheers,
  Benjamin

• Where can i find the user login form

  Hi everyone
  Do you know the name of the end user login form? I want to add a button on it but i don't know where i can find it.
  Somebody has an idea?

  Thanks everyone
  I found the solution in the login.jsp (idm/user/login.jsp). I will just add a link which will execute a workflow.
  I needed to have the number of failed login attemps. So I uses this code in the login JSP
  com.waveset.server.Server _server = com.waveset.server.Server.getServer();
      com.waveset.repository.Repository _repo = _server.getRepository();
      com.waveset.object.WSUser uo = (com.waveset.object.WSUser)_repo.getIfExists(com.waveset.object.Type.USER, "test");
      int nb = 0;
      if (uo != null ) {
          com.waveset.object.ObjectCache _serverCache = _server.getCache();
          uo.setCache(_serverCache);
          nb = uo.getFailedPasswordLoginAttemptsCount();
          %>
              The user is not null <BR>
              nb == <%=nb %>
          <%
      else{
          %>the user is null <BR><%
      }good luck.

• Find the User ID through which the end user logged in BEx Analyzer?

  I want to fetch the end user USERID who is executing the query. I am the end user and want to view a report, so I will login into BEx Analyzer with my userid and start executing query. Is there any way I can find that ID, in any table, program, function module or some where........?
  I don't want 'created by', 'last changed by'. I want ID through which end user is logging into in Analyzer.
  Also if the end user is logging in through RSRT wanted to know the SAP login user ID through which the user logged in?

  Hi,
  If you want to see the end user id that is running the query, and then open the workbook, select Layout from the menu u2013 Display Text elements. Click on All (or General, Filters or Variables based on your requirement). It will display the technical name, info provider, current user details. You can save it as existing work book transport to production, then when this query executed you can find end user login id.
  May be you can check RSRWBTEMPLATE table for workbook users details. Mostly end user will not have access to RSRT.
  Hope it helps you
  Thanks
  Riyez

• GRC AC Filter for System in GRC AC End user Home

  Hi,
  I need to create a filter for system (for all user) in the ALV, from END USER HOME when try to select roles and system from Model User
  I see the instructions in the link:
  http://scn.sap.com/community/grc/blog/2013/09/04/customizing-access-request-and-approval-screens-in-grc-access-control
  But i try to open application GRAC_UIBB_END_USER_LOGIN from SE80 transacction, appears a error in the navigator.
  This is what I want to accomplish

  Hello Cristian,
  Try to add the below string at the end of the URL for which you are getting error.
  &SAP_CONFIG_MODE=X&OBJECT_ID=ACCREQ
  Hope it helps.
  Regards,
  Neeraj Agarwal

• CUP 5.3 - Single Sign On fu00FCr end user request screen?

  Hi everyone,
  Is there any way to achieve Single Sign On in a windows environment using the corporate Active Directory for the END USER REQUEST SCREEN in CUP 5.3?
  I am aware of the document "Single Sign-On with SAP BusinessObjects Access Control 5.3" by the SAP GRC RIG (Harleen Kaur) so I know how to achieve Single Sign On for the CUP application itself.
  I am also aware of the option to deactivate "end user verification required" in the authentication source definition in CUP.
  What our end users are asking for is true single sign on. They would like to enter a request WITHOUT providing network user ID and/or password manually.
  Thanks!

  Hi Raghu,
  Thanks a lot!
  We have not yet configured SSO but are in the phase of analyzing our options.
  I understood that SSO is only possible for the server:port//AE/index_apr.jsp page in CUP.
  What about the end user request screen (server:port/AE)? Will this work with Windows-SSO using SPNEGO? Would I set the authentication source to LDAP or to UME (UME has multiple LDAP as user data source)?
  Many thanks and best regards
  Patrick