Issue adding second user store for failover in OAM

Similar Messages

• User Store for Portal

  Hello,
  We are implementing a new portal, and having trouble deciding on the user store for the portal.
  Scenario:
  u2022     The main functionality of the Portal is dependent on the SAP Systems (ESS\MSS), and BW System.
  u2022     Currently there is no CUA or SAP Identity management Systems available. 
  u2022     The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP.
  From our preliminary brainstorming, we came up with following decision:
  u2022     Use the ECC ABAP Store for user Base (So we leverage all the ECC users, and their current role assignments in the portal)
  u2022     Later on, once weu2019re ready to install SAP IDM, and then Switch Portalu2019s User Store from ECC ABAP Store to IDM.
  QUESTIONS:
  1.     Is our approach here correct?
  2.     Would it possible to switch portalu2019s user store from ECC ABAP Store to IDM?
  3.     Should we consider installing CUA in the meantime until weu2019re ready to move to IDM?
  Any Help or opinions would be much appreciatedu2026
  Thanks,
  Harman

  Hi,
  Q1 You wrote: " The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP."
  This is not 100% true... take a look at this help document as it explains some possibilities for you:
  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
  Q2 Not really, see Q1 and in addition IDM is a Management and Provisioning System/Tool. It isn't a userstore on itself.
  In other words IDM contains the single truth but it provisions it to systems (JAVA , ABAP, LDAP etc).
  So it won't be possible to connect your Portal from an ABAP user store to an IDM user store as it doens't exist.
  What theoretically could be possible is to now connect you Portal to an ABAP user store and later Back to its own UME and let this UME be under provisioning by the IDM system. But I can remember that it is not supported to go back from ABAP to UME. See also: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/f5/8fdc3fca21eb06e10000000a1550b0/frameset.htm
  Q3 Personally I think it is a first good step as it helps you to centralize and uniform your users and roles. But If you already decided to go for IDM (lets say next year) then it maybe the Return On Investment for implementing CUA now is nihil.
  Do not hesitate to ask if above answers are unclear.
  Good Luck,
  Benjamin

• User store for OAM

  I am setting OID as default User store for OAM 11gR2. And shall continue to use the internal UserIdentityStore1 as Security Store.
  Is this ok? What is best practice.

  This should be fine and is recommended way.
  When trying to set this up. I would recommend keep few things in mind. i.e. Make sure that you are having a new LDAP Authentication Module created for default User Identity Store. You don't want to create a mess out of your Authentication Modules and Authentication scheme configurations. Few of the OOTB Authentication Schemes use LDAP Authentication Module. If you change the User IdentityStore for it. Then your system store would be UserIdentityStore1 whereas the OAMConsoleScheme and other Authentication Schemes will be using LDAP Module which will be pointing to your OID's User Identity Store instead of your System Store.
  ~Yagnesh

• Migration assistant added second user did not merge data: iTunes

  I set up my new mac at the store then came home and connected my OLD iMac to the new via Firewire. I used Migration Assistant, and the migration took about 90 minutes. When it was done I had two parallel usernames; my old username with the old desktop look and stuff and the new computer's username I set up with the clerk at the Mac Store. Now I have two separate users on my computer, complete with two separate iTunes. When I look in the finder under Macintosh HD/Users, I see an icon for the new user (the little house) and a folder labeled with the old username but it has a red "negative" circle over it (like a push icon on an iPhone, but with a minus sign in the middle), plus a Shared folder.
  The weird thing is that all the documents and stuff merged, but I have to go to the old user to use iTunes. My old computer did also have 2 users (why? I have no idea) and it brought the iTunes library I did not use in, but not the massive library I do use in. I teach a fitness class and have about 100 unique playlists and ALOT of music on that thing - but the wrong library was brought in. Now I have to switch back to the old user to use iTunes and that just seems silly. I have tried 'add to library" to try to bring the stuff over but it can't see into the other user I guess.
  Any suggestions? It is so frustrating that my whole library is there but I can't access it on the new user after spending all that money.
  Thanks!

  Read here on why a second user was added and how to remedy.
  http://web.me.com/pondini/AppleTips/SetupAsst.html
  Regards,
  Captfred

• We had a Ipad 1st generation IOS5.  Added second email address for Messaging.  Tested and message came from 1st email address.  How do you get the second address to be the sender?

  Have a 1st generation Ipad IOS5 and added a second email address for messaging.  Tested sending a message to my Iphone and it was received as being sent by the first email address.  How do you select the second email address as the sender of a message?

  Hello slapshot13scotty,
  The information below details where to adjust both where messages are sent from and received.
  Receive iMessages using another email address:
  Go to Settings > Messages > Receive At > Add Another Email.
  Specify the phone number or Apple ID email address that appears in the “from” field when you start a new conversation:
  Go to Settings > Messages > Receive At > Caller ID.
  Existing conversations aren’t affected when you change this setting.
  iPhone User Guide
  http://manuals.info.apple.com/MANUALS/1000/MA1622/en_US/iphone_ios5_user_guide.p df
  Cheers,
  Allen

• Using two User Stores for one relying party trust

  Hi all,
  We got a request to implement a trust with an external party. 
  Internal users should be able to make use of that application. But also external users, which have their account stored in a different user store (question is asked if its a SQL or LDAP kind of store).
  Is it possible to have a SSO effect for both internal and external users? 
  Somehow ADFS has to know if the user is internal or external. I can imagine an internal user being in the office will get a nice SSO feeling. From what i think this is not possible for external users. External users should still authenticate once on our sts
  (adfs). Lets say this is true, is it possible for ADFS to see if a user is external, and then use the User Store that belongs to that external user?
  You also must take in mind that an internal user could also be in a internet cafe, so SSO is not possible. Also this time the user should authenticate to the sts. But this time it has to use Active Directory as User Store.
  I know internal users have a username in a different format then external users. 
  Is it possible for ADFS to know which User Store to pick based on the format of the username?
  Thanks in advance for the reaction.

  Hi,
  Thank you for your posting!
  Since Active Directory Federation Service is not an extension of Active Directory schema, I suggest you refer to the following forum to get professional support:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Thank you for your understanding and support.
  Best Regards,
  Amy Wang

• Adding LDAP User store to UME

  We need to authenticate users against an LDAP server.  This works fine from the workbench where the UME ContentSource is database_only.  However, the central WebAs (Netweaver 2004) was installed with ContentSource of r3_rw.  According to the documentation, a prerequisite to adding an LDAP user store is: "You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source."  Since our WebAS Java is not configured this way, is there any way, short of re-installing the server, to add an LDAP user store?  TIA,
  Steve

  Hi Steve,
  Once you choose an ABAP data source, there is no going back.
  You can however synchronize the ABAP with the LDAP server. Have the ABAP user management periodically import users from the LDAP server.
  -Michael

• Issue on LDAP as a user-store for WebLogic Administrators

  Hi All,
  I have configured a Novell LDAP into WEblogic 10.3.2 successfully. I am able to view all of LDAP users and groups on Weblogic Admin Console, which includes my own account in LDAP.
  Now I am trying to configure my account as a Weblogic administrator so that I can log in the Weblogic Admin Console as my own account in LDAP. I don't want to set up an Administrators group in LDAP. I want to add the user to the Admin global role. As my understanding, all I need to do is
  1. Go to "myrealm"
  2. Click the tab "Roles and Policies"
  3. Click the tab "Realm Roles"
  4. Expand the link "Global Roles"
  5. Click the link "View Role Conditions" coressponding to the name "Admin". Enter the panel "Edit Global Role"
  6. Click the button "Add Conditions"
  7. Select "Predicate List" as "user"
  8. Click the button "Next"
  9. Enter my username (jwang) in LDAP to the field "User Argument Name:"
  10. Click the button "Add"
  11. Click the button "Finish"
  12. Back to the page "Edit Global Role"
  13. Here I can see
  User : jwang
  Or
  Group : Administrators
  14. Click the button "Save"
  15. Restart the server
  16. Log in with the new user jwang. It got denied.
  Can someone help me on this and why I can not log in?
  Thanks a lot.
  John

  Hi Faisal,
  Thank you very much for your prompt reply. With your suggestion, I do figure out where my problem is. I did set the control flag in my ldapAuthenticator "OPTIONAL". However, it appears that the DefaultAuthenticator is given as "REQUIRED" by default.
  Once I changed it to be "OPTIONAL", it works.
  Thanks again.
  John

• AppleTV2 doesn't see entire library after adding second user - sameID

  My wife and I have separate logins on our iMac, but use a shared library for iTunes for storage space reasons. Unfortunately, that introduces subtle differences over time since Apple doesn't really sync between the two logins. For example, she has country music active in her iTunes, I don't. We recently got two AppleTVs and did home sharing. With one of our iTunes doing the share it worked fine to the AppleTV. Once we tried to share both versions of the library to the AppleTV, though, it started missing things. My podcasts don't show up now, and there is a mixture of music now. It is the same on both AppleTVs, so it appears to be something on the Mac itself that needs updating.
  I've tried rebooting the systems, enabling and disabling home sharing on all systems, and so on.
  What file does the Apple TV use to look at the iTunes Library, and how can it be forced to update it.

  Make sure the computer is authorized in iTunes for each login account.

• Why won't garageband work for second user account

  I have recently had new hard drive installed in my iMac, after a lot of time recovering everything I have my main (admin) user account working fine, including garageband 11 working fine after having to go through the unistall and delete all the library files work around. But now when I add a second user account for my kids, i get the same problem I had earlier. It shouldn't be the same thing because all of those files were deleted. I have cleared out the lirary files in the ~user library as well just in case but still the same issue. I get the warning that garageband needs to download files to work, it seemingly downloads all the files, then installs them, gets to 100% installed and then crashes.

  . I get the warning that garageband needs to download files to work, it seemingly downloads all the files, then installs them, gets to 100% installed and then crashes.
  This looks like GarageBand is trying to install the additional content - loops, instruments - for  the new users all over again as well. This should not happen. All loops and instruments should have been installed in the system library for all users and not in your user library for you alone. Or there may be a permissions problem with the system library. Did you install all additional contents from an administrator account or a regular user account without administrator privileges?

• Issue adding user Calendar

  I am having an issue adding a user calendar.
  In the Workgroup manager if I enable calendaring it seems to allow me to select the host and save it, but if I come back later it is still deselected.
  Note: all users and groups have access to all services at the moment, and the web calendar is enabled for their group. The DNS seems to be working fine - the Wiki works without a problem, so does AFP, and Open Directory logins.
  Any help would be appreciated.

  Wish I had some luck on this.
  I changed over the OSX server to handle DNS - which works fine -just in case that had any bearing, but no luck as yet - it still refuses to enable calendaring for any user.

• Second User ID listed for My Email Account

  I had forgotten my Skype ID so i went through the procedure of getting my user ID on the website.  when i got the email and followed the link i was surprised to see two User IDs listed.  one was familiar and the other i never saw before.  when i looked through my account info i could not find anywhere where the second account was listed.  how can there be a second user id for my email address and where can i go to delete the invalid user ID.  

  You need to configure Mail preferences correctly.

• User Store

  Everything worked with Access Manager 6.0, but now I'm using AM 7.0. Not in legecy mode. New GUI.
  Creating a sub realm and policy with a referral at the root did not work for protecting multiple applications. I think referrals only give users permissions to manage policies in sub realms. I wanted to create a realm for each application, but that approach does not seem to work. Any suggestions?
  I've given up on sub realms and just created a user store and a normal policy at the root. When I try to authenticate, Access Manager keeps checking the policy server LDAP. I want the user authenticating against the user store I just added.
  In the policy I selected the new user store for the authentication scheme, but that did not seem to work.
  Any suggestions or ideas?

  Thank you for replying. I was wondering if anyone watches this forum.
  Yes, I created an LDAP Authentication Module for the new user store. In the policy I created an "Authentication Scheme" that refers to my new user store.
  No, I have not modied the chain. When tried changing "Default Authentication Chain", I was unable to login to the AM console using the amAdmin user id.
  I thought "Administrator Authentication Chain" applied to amAdmin and I could modify the "Default Authentication Chain" to use my new user store.
  Thanks again!

• USER EXIT for TCODE ME51N,ME52N

  Hi Expers,
  I have one requirement, If you go to TCODE ME51n, ME52N, ME53N,  we will get one ALV grid . So user will change the layout according to his intrests & will save that layout.
  While saving that layout we will get 2 checkboxes
  1>User specific
  2>Default setting.
  So here my requirement is to disable "default setting" check box, sice users are not allowed to set default setting because it affects other users.
  Please help me to solve this issue & provide me user exit for the same
  Regards,
  Santhosh

  Hi,
  AMPL0001  User subscreen for additional data on AMPL
  LMEDR001  Enhancements to print program
  LMELA002  Adopt batch no. from shipping notification when posting
  LMELA010  Inbound shipping notification: Transfer item data from
  LMEQR001  User exit for source determination
  LMEXF001  Conditions in Purchasing Documents Without Invoice Rece
  LWSUS001  Customer-Specific Source Determination in Retail
  M06B0001  Role determination for purchase requisition release
  M06B0002  Changes to comm. structure for purchase requisition rel
  M06B0003  Number range and document number
  M06B0004  Number range and document number
  M06B0005  Changes to comm. structure for overall release of requi
  M06E0004  Changes to communication structure for release purch. d
  M06E0005  Role determination for release of purchasing documents
  ME590001  Grouping of requsitions for PO split in ME59
  MEETA001  Define schedule line type (backlog, immed. req., previe
  MEFLD004  Determine earliest delivery date f. check w. GR (only P
  MELAB001  Gen. forecast delivery schedules: Transfer schedule imp
  MEQUERY1  Enhancement to Document Overview ME21N/ME51N
  MEVME001  WE default quantity calc. and over/ underdelivery toler
  MM06E001  User exits for EDI inbound and outbound purchasing docu
  MM06E003  Number range and document number
  MM06E004  Control import data screens in purchase order
  MM06E005  Customer fields in purchasing document
  MM06E007  Change document for requisitions upon conversion into PO
  MM06E008  Monitoring of contr. target value in case of release orders
  These are all the user exits you have in the ME Package. Identify the exit which is suitable to fulfill your requirement.

• "Bad request" errors in Firefox with second user account

  Yesterday, I set up a second user account for my husband to use. Everything seems to work fine with one annoying exception. When Firefox 3 is used as the browser under the new user account, I get frequent "Bad Request" errors with various web mail programs (MobileMe, GMail, Earthlink's web mail).
  This does not happen when the same Firefox 3 is used under my original user account. It also does not happen when performing the same functions with Safari under the new user account. It also doesn't seem to matter whether Fast User Switching is enabled or disabled.
  I have tried clearing caches, deleting cookies, deleting preferences etc. in the second user's Firefox, all to no avail. Anyone have any other ideas?
  I guess one thing I'm a little unclear about... is the second user actually using the same Firefox app as the first user? If so, would there be a way to install a 2nd Firefox app that would only be for the second user? I'm just thinking maybe there is some kind of conflict going on?
  Any thoughts or help out there much appreciated!

  I think I figured it out. I found an article online that said if you have Parental Controls enabled on an account (which I did on the second user account), it will not allow Firefox to write cookies, thus causing the "bad request" errors.
  This is not exactly true, as Firefox under the new user DID seem to be writing cookies just fine. However, when I disabled Parental Controls on the account, suddenly the errors went away. So, it doesn't have to do with cookies, but there is something about having Parental Controls turned on that can cause these errors.