Issue on LDAP as a user-store for WebLogic Administrators

Similar Messages

• User Store for Portal

  Hello,
  We are implementing a new portal, and having trouble deciding on the user store for the portal.
  Scenario:
  u2022     The main functionality of the Portal is dependent on the SAP Systems (ESS\MSS), and BW System.
  u2022     Currently there is no CUA or SAP Identity management Systems available. 
  u2022     The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP.
  From our preliminary brainstorming, we came up with following decision:
  u2022     Use the ECC ABAP Store for user Base (So we leverage all the ECC users, and their current role assignments in the portal)
  u2022     Later on, once weu2019re ready to install SAP IDM, and then Switch Portalu2019s User Store from ECC ABAP Store to IDM.
  QUESTIONS:
  1.     Is our approach here correct?
  2.     Would it possible to switch portalu2019s user store from ECC ABAP Store to IDM?
  3.     Should we consider installing CUA in the meantime until weu2019re ready to move to IDM?
  Any Help or opinions would be much appreciatedu2026
  Thanks,
  Harman

  Hi,
  Q1 You wrote: " The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP."
  This is not 100% true... take a look at this help document as it explains some possibilities for you:
  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
  Q2 Not really, see Q1 and in addition IDM is a Management and Provisioning System/Tool. It isn't a userstore on itself.
  In other words IDM contains the single truth but it provisions it to systems (JAVA , ABAP, LDAP etc).
  So it won't be possible to connect your Portal from an ABAP user store to an IDM user store as it doens't exist.
  What theoretically could be possible is to now connect you Portal to an ABAP user store and later Back to its own UME and let this UME be under provisioning by the IDM system. But I can remember that it is not supported to go back from ABAP to UME. See also: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/f5/8fdc3fca21eb06e10000000a1550b0/frameset.htm
  Q3 Personally I think it is a first good step as it helps you to centralize and uniform your users and roles. But If you already decided to go for IDM (lets say next year) then it maybe the Return On Investment for implementing CUA now is nihil.
  Do not hesitate to ask if above answers are unclear.
  Good Luck,
  Benjamin

• User store for OAM

  I am setting OID as default User store for OAM 11gR2. And shall continue to use the internal UserIdentityStore1 as Security Store.
  Is this ok? What is best practice.

  This should be fine and is recommended way.
  When trying to set this up. I would recommend keep few things in mind. i.e. Make sure that you are having a new LDAP Authentication Module created for default User Identity Store. You don't want to create a mess out of your Authentication Modules and Authentication scheme configurations. Few of the OOTB Authentication Schemes use LDAP Authentication Module. If you change the User IdentityStore for it. Then your system store would be UserIdentityStore1 whereas the OAMConsoleScheme and other Authentication Schemes will be using LDAP Module which will be pointing to your OID's User Identity Store instead of your System Store.
  ~Yagnesh

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• Using two User Stores for one relying party trust

  Hi all,
  We got a request to implement a trust with an external party. 
  Internal users should be able to make use of that application. But also external users, which have their account stored in a different user store (question is asked if its a SQL or LDAP kind of store).
  Is it possible to have a SSO effect for both internal and external users? 
  Somehow ADFS has to know if the user is internal or external. I can imagine an internal user being in the office will get a nice SSO feeling. From what i think this is not possible for external users. External users should still authenticate once on our sts
  (adfs). Lets say this is true, is it possible for ADFS to see if a user is external, and then use the User Store that belongs to that external user?
  You also must take in mind that an internal user could also be in a internet cafe, so SSO is not possible. Also this time the user should authenticate to the sts. But this time it has to use Active Directory as User Store.
  I know internal users have a username in a different format then external users. 
  Is it possible for ADFS to know which User Store to pick based on the format of the username?
  Thanks in advance for the reaction.

  Hi,
  Thank you for your posting!
  Since Active Directory Federation Service is not an extension of Active Directory schema, I suggest you refer to the following forum to get professional support:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Thank you for your understanding and support.
  Best Regards,
  Amy Wang

• Issue adding second user store for failover in OAM

  I am attempting to add a second OVD instance to the OAM Directory servers for Access Manager, Access Server & Identity server. I am getting the error
  Unable to contact the DS. This may happen if DS is down or invalid credentials are provided.
  I have verified communication between the OAM and OVD servers, I have imported the certificate into the OIS & AAA databases using certutil, I have used the same cert to connect to the directory with an ldap browser. Any idea why I can not access the server from OAM?

  Hi,
  I assume its OAM 10g -
  Even though you add failover servers through the console, you would need to check if its reflected in the correct xml file.
  Theres a file by name 'failover.xml' (I dont remember the path). Please check if its updated with the correct information.
  -- Pramod Aravind

• OS user ids for weblogic and OBIEE11g

  Hello Experts
  One of our client asked us whether we should use the same OS user credentials OR different for installing weblogic and OBIEE11g on AIX server. If yes why , If no then why.
  I know that we need to install weblogic first and then OBIEE11g - SOFTWARE ONLY .
  Also if could provide the link for the step by step installation /configuration of weblogic and obiee 11g on AIX 7.1.
  Thanks

  894860 wrote:
  Hello Experts
  One of our client asked us whether we should use the same OS user credentials OR different for installing weblogic and OBIEE11g on AIX server. If yes why , If no then why.
  I know that we need to install weblogic first and then OBIEE11g - SOFTWARE ONLY .
  Also if could provide the link for the step by step installation /configuration of weblogic and obiee 11g on AIX 7.1.
  ThanksRefer to this link for instructions on installation: http://satyaobieesolutions.blogspot.in/2012/08/obiee-installation-on-aix-obiee-11g.html
  It is usually recommended to use the same user because of the issues with permissions on the files and folders when using different accounts for installating different components.

• LDAP: apple-user-homeurl for 10.6.7

  Hi all,
  I have a problem with Portable Home Directories through LDAP and AFP. The file server is running 10.6.6, and I never experienced any issues until I upgraded my client to 10.6.7. Now the HomeSync fails to sync the data.
  @ FileSyncAgent-verbose.log:
  EXCEPTION: Permissions Error <-[SPeerFSPHD mountPeerVolume] (Peer-FS-PHD.m:157): "'((afpAccessDenied))' error -5000"
  The problem seems to be that HomeSync tries to write to a directory, without having the correct permission. I traced the problem back to the "apple-user-homeurl" entry in LDAP. Changing it from
  <home_dir><url>afp://fileserver/home</url><path></path></homedir>
  to
  <home_dir><url>afp://fileserver</url><path>home/</path></homedir>
  solved the problem.
  Can anyone confirm that one has to make this change for clients running 10.6.7? How could this affect clients running older versions, like 10.5? Will updating the server to 10.6.7 change anything? Is there any Apple resource documenting this change in 10.6.7?
  Thanks in advance
  ++

  In my case LDAP is running on a Linux Server, and the homes are AFP shares through a Mac OS 10.6.6 server. I simply edited the LDAP entry "apple-user-homeurl" for my user, as explained above.
  In the meanwhile I tested to log on to 10.6.6 and 10.5.8 - and in both cases PHD were working with my changed LDAP account. But I haven't yet dared to update the server to 10.6.7.
  Somehow 10.6.7 seems to read the path to the home directory in a different way... I would appreciate if anyone could confirm this, and maybe add more details.

• User Store

  Everything worked with Access Manager 6.0, but now I'm using AM 7.0. Not in legecy mode. New GUI.
  Creating a sub realm and policy with a referral at the root did not work for protecting multiple applications. I think referrals only give users permissions to manage policies in sub realms. I wanted to create a realm for each application, but that approach does not seem to work. Any suggestions?
  I've given up on sub realms and just created a user store and a normal policy at the root. When I try to authenticate, Access Manager keeps checking the policy server LDAP. I want the user authenticating against the user store I just added.
  In the policy I selected the new user store for the authentication scheme, but that did not seem to work.
  Any suggestions or ideas?

  Thank you for replying. I was wondering if anyone watches this forum.
  Yes, I created an LDAP Authentication Module for the new user store. In the policy I created an "Authentication Scheme" that refers to my new user store.
  No, I have not modied the chain. When tried changing "Default Authentication Chain", I was unable to login to the AM console using the amAdmin user id.
  I thought "Administrator Authentication Chain" applied to amAdmin and I could modify the "Default Authentication Chain" to use my new user store.
  Thanks again!

• User Exit for third party order processes.Missing in ECC 6.

  Hi All,
  There is a user exit EXIT_SAPLJ3AM_003 which exist in 4.6C version of SAP for AFS.
  This user exit is for Third Party order processes. This is called within the include LJ3AMFD1 of the main program SAPLJ3AM.
  But this User exit is missing in ECC version of SAP for AFS.
  Could anyone please let me know how I can resolve this issue as I need this User exit for my requirement. Has SAP provided any enhancement spots for this?
  I tried to search the enhancement spots and OSS notes but couldnu2019t get any useful information.
  Please advice.
  Thanks,
  Ameesha

  changed our requirement

• Using a User Store different from LDAP to identify users

  Hello everybody,
  I've developed a couple of authentication classes in Access Manager and
  I found the constrain to use a LDAP user store very limitative.
  I have to develop a class that check the credential against a table in
  a database. I've no LDAP user store at all. I find all the relevant
  information in the db. So I can correctly authenticate the user but I
  can't "say" to the Identity Server that the user is also correctly
  identified. In the code I can create a new NIDPPrincipal object with a
  (null UserAuthority) setting its properties for the authenticated user.
  It works but anyway I've to add a "fake" LDAP User store to be able to
  check the "identify user" option in the method definition in the
  Administration Console. And I presume that the Identity Server can
  became unstable because it can not find the User in the user store.
  I've looked at the LDAP Plugin extesion, trying to create a "wrapper"
  to the db, but the documented API is only about the LDAP definition and
  does not expose any interface to catch ldap search or read (or whatever
  else the Indentity Server may ask to the User store) so I guess that the
  LDAP access is hard-wired in the Identity server code. This approach
  seems very strange because the modular architecture of the NAM solution
  could work very well with other type of user stores than LDAP. I
  expected to find an interface to abstract the User Authority.
  I'm missing something or my argumentations are very wrong?
  Thanks
  Giovanni
  cannata_g
  cannata_g's Profile: http://forums.novell.com/member.php?userid=17484
  View this thread: http://forums.novell.com/showthread.php?t=422784

  cannata g wrote:
  >
  > Hello everybody,
  > I've developed a couple of authentication classes in Access Manager
  > and I found the constrain to use a LDAP user store very limitative.
  >
  > I have to develop a class that check the credential against a table in
  > a database. I've no LDAP user store at all. I find all the relevant
  > information in the db. So I can correctly authenticate the user but I
  > can't "say" to the Identity Server that the user is also correctly
  > identified. In the code I can create a new NIDPPrincipal object with a
  > (null UserAuthority) setting its properties for the authenticated
  > user. It works but anyway I've to add a "fake" LDAP User store to be
  > able to check the "identify user" option in the method definition in
  > the Administration Console. And I presume that the Identity Server can
  > became unstable because it can not find the User in the user store.
  >
  > I've looked at the LDAP Plugin extesion, trying to create a "wrapper"
  > to the db, but the documented API is only about the LDAP definition
  > and does not expose any interface to catch ldap search or read (or
  > whatever else the Indentity Server may ask to the User store) so I
  > guess that the LDAP access is hard-wired in the Identity server code.
  > This approach seems very strange because the modular architecture of
  > the NAM solution could work very well with other type of user stores
  > than LDAP. I expected to find an interface to abstract the User
  > Authority.
  >
  > I'm missing something or my argumentations are very wrong?
  I'm probably not really the right person but the way I see it is that
  NAM supports LDAP userstores therefore it kinda makes why the LDAP code
  is so heavily embedded. Maybe log an enhancement request to see if JDBC
  can be supported as an authentication mechanism.
  Cheers,
  Edward

• Cannot load classes for custom user store

  I implemented a custom user store and deployed as sda library into NetWeaver preview SP16. NetWeaver is not able to load those classes when configuring that user store through Visual Administrator. Below is the error message I got,
  Unable to register user store!
  java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Can not instantiate UserContext.
       at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:78)
       at com.sap.engine.services.security.server.UserStoreFactoryCache.registerUserStore(UserStoreFactoryCache.java:120)
       at com.sap.engine.services.security.server.UserStoreFactoryImpl.registerUserStore(UserStoreFactoryImpl.java:150)
       at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImpl.registerUserStore(RemoteUserStoreFactoryImpl.java:64)
       at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImplp4_Skel.dispatch(RemoteUserStoreFactoryImplp4_Skel.java:99)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Caused by: java.lang.ClassNotFoundException: mypackage.myusercontextimpl
  Found in negative cache
  Loader Info -
  ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore]
  Parent loader name: [Frame ClassLoader]
  References:
     library:com.sap.ip.basecomps
     library:core_lib
     common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
     library:servlet
     library:sapxmltoolkit
     library:com.sap.mw.jco
     library:com.sap.util.monitor.jarm
     library:j2eeca
     library:opensql
     interface:security
     interface:log
     interface:shell
     interface:keystore_api
     library:ejb20
     interface:webservices
     library:com.sap.guid
     interface:appcontext
     interface:endpoint_api
     interface:resourceset_api
     interface:resourcecontext_api
     common:service:iiop;service:naming;service:p4;service:ts
     interface:ejbcomponent
     interface:container
     interface:visual_administration
     interface:transactionext
     interface:dsr_ejbcontext_api
     service:timeout
     library:tc~jmx
     interface:cross
     service:file
     service:locking
     library:tcSLUTIL
     service:memory
     library:antlr
     library:jdbdictionary
     library:opensqlextensions
  Resources:
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\dbpool.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\basicadmin.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_compat.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\adminadapter\adminadapter.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\jstartupimpl.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx_notification\jmx_notification.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\security\security.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\com.sap.security.core.ume.service\com.sap.security.core.ume.service.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_userstore_lib.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\webservices_lib.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\jstartupapi.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas_test.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\sqljimpl.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.tpd.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.perm.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\connector\connectorimpl.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\saaj-api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\configuration\configuration.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_jaas.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_xmlbind.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_util.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_csi.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_core.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_ssf.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\userstore\userstore.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_https.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_service_api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\jaxrpc-api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\opensqllib.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\deploy\deploy.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx\jmx_sec.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx\jmx.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\jaxm-api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\keystore\keystore.jar
  Loading model: {parent,local,references}
       at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:348)
       at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:75)
       ... 13 more
       at com.sap.engine.services.security.exceptions.BaseSecurityException.writeReplace(BaseSecurityException.java:349)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at java.io.ObjectStreamClass.invokeWriteReplace(ObjectStreamClass.java:896)
       at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1011)
       at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
       at com.sap.engine.services.rmi_p4.DispatchImpl.throwException(DispatchImpl.java:139)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:306)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

  Hi sheshu0022,
  Based on my research, the issue can be occurred due to something get corrupted in the script task. To fix this issue, please copy the code in the task, then rebuild the script task with the same code to test again.
  The following similar thread is for your reference:
  http://stackoverflow.com/questions/15165760/ssis-script-task-fails-on-server-with-error-cannot-load-script-for-execution
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support

• Can I upload a simple iPhone App that all it does is direct the User to a Filemaker Pro URL   fmp://~filename.fmp?$VariableName=Value  This launches Filemaker Go and directs the user to the Database Hosted online   Right now there is no app store for

  Can I upload a simple iPhone App that all it does is direct the User to a Filemaker Pro URL   fmp://~filename.fmp?$VariableName=Value  This launches Filemaker Go and directs the user to the Database Hosted online
  Right now there is no app store for Filemaker Go.   Filemaker Forgot about us.
  So I want to create a simple native iPhone App that all it does
  is launch
  fmp://~/filename.fmp12?$VariableName=value
  This URL will launch the Filemaker Go App
  Filemaker Go is a app that the user will have to have
  downloaded already on the device..
  The Simple Native app will launch the Filemaker Go.
  The fmp  URL has the information where the Filemaker Pro database is hosted
  and get  the user where they need to be..
  Help Me please
  iPhone 5s, iOS 8.1.3

  That would be software. And, you said "upload." That's "uploading software." Why do you question what you stated?
  I don't know where you even want to upload this software. The only way it can be downloaded to a device is through the iTunes store. Do you even know what you want to do?

• Need User Exits for Creation of Delivery and for Posting Goods Issue

  Hi,
  I need User Exits for
  Creation of Delivery
  Posting Goods Issue
  I need to make some checks regarding customer license expiration and if checks fail, I need to stop Creation of Delivery and Posting Goods Issue.
  Thanks in advance,
  Will reward,
  Mindaugas

  In the delivery you can use userexit USEREXIT_SAVE_DOCUMENT_PREPARE to make your checks and send an error message to the user in case they fail.
  You can find this user exit (form routine) in include MV50AFZ1.
  Hope that helps,
  Michael

• I'm a brand new Mac user. I want to send photos from Iphoto to my local store for printing, like I can do in Picasa. I can't find that option in Iphoto.

  I'm a brand new Mac user. I want to send photos from Iphoto to my local store for printing, like I can do in Picasa. I can't find that option in Iphoto. I do not want to order them through Itunes.

  I have not idea how you do it with Picasa but with iPhoto you either export the photos to a desktop folder and upload from there or burns that folder to CD - or from the upload window use the media browser in the lower left hand corner of the upload windows - media ==> photos ==> iPhoto
  For pictures see -  https://discussions.apple.com/thread/3547767?tstart=0
  LN