Making users available for OpenSSO realm group and role assignment?? Help.
Here is the situation. We have 3 Open SSO realms set up. One we have called OpenSSO-Admin, a second called OpenSSO-Provider and a third OpenSSO-Internal. We are having issues provisioning and managing the OpenSSO-Internal OpenSSO-Provider realms, but OpenSSO-Admin seems to be fine.
Here is the behavior that is manifest.
In the 2 'broken' realms, when we create users and assign them to the appropriate Open SSO realm, they appear to be provisioned correctly in IDM as well as the realm (We have validated user creation in LDAP and everything about the user appears to be fine). When we view the groups and roles in the specific resources, we are presented with a list of users that are in Brackets and appear to be provisioned. The brackets indicate that the users are not found as available users. The bracketed users can not be unassigned, nor can any others. note, our bracketed users in the list of assigned users are created from a workflow which assigns them directly to the appropriate group and role based on their business role.
The third realm, OpenSSO-Admin works fine and we can add, and manage users in the groups and roles within the realm.
We have ruled out the workflow as a source as the problem persists when we use the tool to manage users. We can create a user from scratch and add them to the realms. In the 'Broken' relms, the users do not appear in thelist of available users to be assigned to the groups or roles. Yet in the 'good realm, everything appears fine. We can move users from one realm to another and the problem persists in the broken realms, but when a user is added to the 'good' realm, everything is fine.
I have tried reconciling and get no different results.
Question is, We have isolated that the issue seems to be in the generation / management of the left hand "Available Users" list. How and where is this generated from and how can we check/fix or regenerate this list?
Thanks.
Joe
I should clarify. We are using Sun IDM 8.1
Similar Messages
-
Background job fails for BDC profile creation and role assignment
Hi Experts,
I have created a BDC Function module for Tcode 'PFCG' for profile creation and role assignment, and called this FM in my zprogram. the problem is that when i run this program in foreground it executes succesfully, but if i schedule it in background it fails throwing error in job log 'Role 'Z...' does not contain any active authorizations'. But i have created one more program to create authorization objects which runs before this zprogram.I have also checked the authorization object in 'RSECADMIN', it reflects active. I dont understand whats happening exactly when it runs background.
Below is the process of job
1. ZMIS_AUTH_OBJECT_CREATE
Variant : auth-create
2. ZMIS_AUTH_ASSIGN_TO_ROLE
Variant : auth-assign
The problem is in second program, runs in foreground but fails in background.
Code which i have written in my second program
***BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
***Generation of Profile created
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14 .
Experts please help me out its very urgent. your help is appreciated and rewarded. Thanking you in advance.
Regards,
ChetanHi Praveen,
Yeah definately, my requirement is that I have to access of some BI reports to certain users, so contract data will be downlaoded from ECC on application server, need to read that file from application server and for the each contract i ahould create a authorization object, role creation and assigning of role to the user and profile generation and activation.
To achieve this i have written two programs
1) ZMIS_AUTH_OBJECT_CREATE- This program will create the Authorization Object using BDC and Role creation Using the BAPI
"" Creation of Authorization Object
CALL FUNCTION 'ZAUTHOBJ'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
g_authname_001 = 'ZDUMMY_MIS'
g_targetauth_002 = wa_tab-auth
g_authtxt_003 = wa_tab-short_desc
g_authtxtmd_004 = wa_tab-med_desc
marked_04_005 = 'X'
g_authtxt_006 = wa_tab-short_desc
g_authtxtmd_007 = wa_tab-med_desc
tctiobjnm_04_008 = 'ZBUS_UNIT'
g_authtxt_009 = wa_tab-short_desc
g_authtxtmd_010 = wa_tab-med_desc
marked_05_011 = ''
opt_01_012 = 'EQ'
low_01_013 = wa_tab-bu
g_authtxt_014 = wa_tab-short_desc
g_authtxtmd_015 = wa_tab-med_desc
marked_04_016 = 'X'
g_authtxt_017 = wa_tab-short_desc
g_authtxtmd_018 = wa_tab-med_desc
tctiobjnm_04_019 = 'ZCONTRCT'
g_authtxt_020 = wa_tab-short_desc
g_authtxtmd_021 = wa_tab-med_desc
marked_05_022 = ''
opt_01_023 = 'EQ'
low_01_024 = lv_contract
g_authtxt_025 = wa_tab-short_desc
g_authtxtmd_026 = wa_tab-med_desc
g_authtxt_027 = wa_tab-short_desc
g_authtxtmd_028 = wa_tab-med_desc
g_authname_029 = wa_tab-auth
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message.
"" Creation of role
LOOP AT it_role INTO wa_role.
CLEAR wa_text.
wa_text-text = wa_role-desc.
wa_text-langu = 'E'.
APPEND wa_text TO it_text.
wa_jobrole-agr_name = wa_role-role_name.
wa_parentrole-agr_name = 'ZM_CT_DUMMY_MIS'.
wa_method-usmethod = 'CHANGE'.
CALL FUNCTION 'ZBAPI_JOBROLE_CLONE'
EXPORTING
jobrole = wa_jobrole
parent = wa_parentrole
method = wa_method
TABLES
* RETURN =
shorttext = it_text
* LONGTEXT =
* MENU_NODES =
* MENU_TEXTS =.
ENDLOOP.
2) ZMIS_AUTH_ASSIGN_TO_ROLE - This program will generate the profile created assign it to the role.
""*BDC for Profile creation and assignment to Roles
CALL FUNCTION 'ZROLE'
EXPORTING
ctu = 'X'
mode = p_mode
UPDATE = 'L'
* GROUP =
* USER =
* KEEP =
* HOLDDATE =
nodata = '/'
agr_name_neu_001 = wa_role-role_name
text_002 = wa_role-desc
text_003 = wa_role-desc
text_004 = wa_role-desc
value_01_005 = 'T-ML330881'
h_fval_low_01_006 = wa_role-auth
profn_007 = lv_profile
ptext_008 = lv_text1
* IMPORTING
* SUBRC =
TABLES
messtab = temp_message .
COMMIT WORK AND WAIT.
""*Generation of Profile created
LOOP AT it_role INTO wa_role.
CALL FUNCTION 'PRGN_AUTO_GENERATE_PROFILE_NEW'
EXPORTING
activity_group = wa_role-role_name
* PROFILE_NAME =
* PROFILE_TEXT =
no_dialog = ' '
rebuild_auth_data = ''
org_levels_with_star = ' '
fill_empty_fields_with_star = 'X'
template = ' '
check_profgen_tables = 'X'
generate_profile = 'X'
authority_check_pfcg = 'X'
EXCEPTIONS
activity_group_does_not_exist = 1
activity_group_enqueued = 2
profile_name_exists = 3
profile_not_in_namespace = 4
no_auth_for_prof_creation = 5
no_auth_for_role_change = 6
no_auth_for_auth_maint = 7
no_auth_for_gen = 8
no_auths = 9
open_auths = 10
too_many_auths = 11
profgen_tables_not_updated = 12
error_when_generating_profile = 13
OTHERS = 14
IF sy-subrc <> 0.
MESSAGE ID sy-msgid TYPE sy-msgty NUMBER sy-msgno
WITH sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
ENDIF.
ENDLOOP.
For creating authorization objects, role & profile i have created one dummy auth, dummy role & dummy profile respectively.
i have created dummy objects to copy the roles from dummy object and assign the same to new Auth obj, role & profile.
Let me know what needs to be done. because these both the programs run perfectly in foreground, but fails in background.
Regards,
Chetan -
Apple is great!
Why is iMessage taking my incoming emails and then not making them available for my PC to get? Why can I not send a text msg with photos when iMessage is turned off (but MMS is still on).
I compose an iMessage with the destination as my email address and I attach 2 photos I want on my PC. I send them several times from my iPhone 5C but they never arrive. I look at my ipad later and realize that it's iMessage app is getting ( and swallowing) these emails. I then turn the ipad off. Still can't get the photos through because iphone is now getting them on it's iMessage. I turn off the iMessage feature and try to send photos from text msging. Phone tells me it can't send photos unless iMessage it turned on. What happened to regular MMS text messaging? I go and try to send photos as an email attachment and see that there is no option to attach from the stupid email program. I look up online to learn about the brave new world of apple attachments and send them.
Why is iMessage taking my incoming emails and then not making them available for my PC to get?
The email program on my iphone is not configured to remove messages from the server.
If iMessage is turned off I don't have the issue.
Why can I not send a text msg with photos when iMessage is turned off (but MMS is still on).Did not work. I've selected iMessage to ON and left it. After a few hours I recieved a message "activation unsuccessful. Turn on iMessage to try again". This has been going on for the past 3 days.
-
Table name for Internal order group and Profit center group
Hello Friends,
Could any one provide me the table for Internal order group and Profit center group.
We are developing new customized report and user requested internal order group and Profit center group in the selection criteria.
I have checked for this tables but found only these fields in structures.
Thanks in advance,
Ravi Kiran.Or use FM [G_SET_TREE_IMPORT|http://www.sdn.sap.com/irj/scn/advancedsearch?query=g_set_tree_import] to read the hierarchy/Group. (Read FM and FG documentation, you can also add break-point and call some S_ALRxxx transaction which use this FM for the objects you need).
Regards,
Raymond -
A update(6.1.5) was available for my ipod 4 and an error occurred. Itunes is telling me to restore my ipod, but i know that if i restore my ipod everything will be erased. But will i have the opinion to get everything back after i restore my ipod? I dont have any music, but i have about 14000 photos. And none of my photos are saved to my laptop. Help Please!
Photos
- If they are in an iPod backup then restore from that backup. See the restore topic of:
iOS: How to back up
- If you used PhotoStream then try getting them from your PhotoStream. See that topic of:
iOS: Importing personal photos and videos from iOS devices to your computer
- Maybe via How to perform iPad recovery for photos, videos
Wondershare Dr.Fone for iOS: iPhone Data Recovery - Wondershare Official -
Is there a 32 Bit edition available for windows server 2012 and windows server 2008
Dear All,
Is there a 32 Bit edition available for windows server 2012 and windows server 2008?
Regards,
AhmedHi,
Quote:
All editions of Windows Server 2008 R2 are 64-bit only.
Reference link below(session Supported upgrade paths):
https://technet.microsoft.com/en-us/library/dd379511(v=ws.10).aspx
And based on MS official description about system requirement for Windows Server 2012/2012 R2, we may find out that they only has 64 bit OS.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
New software update available for Nokia C2-02 and ...
Hey,
There's a new SW update available for Nokia C2-02 and Nokiw C2-03: version 7.63. These device models are also sold as C2-06/C2-07/C2-08 on certain regions. The update is already available via Nokia Suite, FOTA update should be coming out sooner or later as well. I will post an update about the here later on.
Key changes:
A warning is now given when the volume is too loud
Improvements to the display brightness
Can now unsubscribe from the Tips and Offers service
Timezone fix for Russia and Argentina
Fix for device camera sometimes crashing during taking photos
General usability & performance improvements
http://www.microsoft.com/en/mobile/nokia-x-updates/
http://www.microsoft.com/en/mobile/nokia-x2-update/
http://www.microsoft.com/en/mobile/asha-software-update/
http://www.microsoft.com/en/mobile/support/software-update/wp8-software-update/
http://www.developer.nokia.com/Community/Wiki/Nokia_firmware_change_logs
https://twitter.com/LumiaSWUpdatesHi iluyimbazi
Thank you for posting and welcome to Nokia Support Discussions!
Try to reinstall the software of your Nokia C2-02. Using Nokia Suite click on Tools > Software update > Reinstall.
If in case you can't reinstall the software, try doing a master reset. Go to Menu > Settings > Restore factory settings > Restore All.
Note: Create a backup first before doing any kind of reset to avoid deletion of data. If prompted for a lock code, enter 12345 unless you changed it.
If my post helped you, please don't forget to click on the "White Star" and if it resolved your issue click on "Accept as Solution" -
Standard smartform for application V5-Groups. and Output type LL00.
Hi,
I want the name of standard smartform for application V5-Groups. and Output type LL00.
I need to print Ship to party address of Multiple Deliveries.
Can anyone tell me the standard form name and Print program name.
Regards,
RajenderHi Lavanya,
SD_LOADING_LIST is a script.
Can you please provide me with a standard smartform as we need to develop this in smartform only.
Thanks,
Rajender. -
Please help! Two days ago I received a message stating that a new update was available for my new 5s and IPad Air. I attempted to do the update and wasn't allowed to. Since then I am not able to access the internet on either device. It has been 2 days. These are very expensive paper weights that are only 2 weeks old!
Thank you for your response. Like you it doesn't make sense to me either, however I finally got a response back from AT&T. There are two towers down in my rural area and they should be backup tomorrow between 2-3pm. The update 'mess' is just a coincidence? We'll see,,,,,,,,,,,,,,,,
-
When will Siri be available for the iPod Touch and the iPad?
When will Siri be available for the iPod Touch and the iPad? Really wish Siri would be expanded to other high end Apple devises like the iPod Touch 4th generation and the new iPad instead of it just being iPhone 4S exclusive. That's such a cool feature!
Well.. Me and one of my good friends both have iPod Touch 4th gen 32gb's and my friend read on the Technobuffalo website that IOS 5.1 was suppose to come with Siri for the iPod touch and probably the iPad and I updated my iPod 4th gen to IOS 5.1 and it still doesn't have Siri !
-
Is iTunes 10.5 beta available for windows 32 bit and where is it found?
New to the developers site. Can someone tell me if iTunes 10.5 beta is available for Windows (32 Bit) and where it can be found for download? Thanks.
You're out in the public forums here, bryan. Best not to ask questions like that here ... it's a breach of your NDA. Try the developer forums instead?
http://developer.apple.com/devforums/ -
BAPI/FM for setting the user status for the Project definition and WBS elem
Hi,
I have to set the User Status for the Project Definition and the WBS elements in that project.
The User status to be set is the same for the project and wbs elements.
Please let me know if there is any BAPI/FM to set the user status..
Thanks in advance.
Regards
ShivaHi Shkithija,
There is a dump encoutered in the form "PS_FLAG_GET_GLOBAL_FLAGS" for 'chk_precommit_ok' in the "BAPI_PS_PRECOMMIT".
But it is showing SY-SUBRC = 0 when used along with BAPI_TRANSACTION_COMMIT.
May i know what are input parameters we need to pass it to "BAPI_PS_PRECOMMIT".
Do you have any idea.
Please let me know
Regards
vishnu -
Report to see user type and roles assigned to users in EP?
Hi,
a) Is there any reporting mechanism in EP? Any specific report which throws up user types and roles assigned to the users? There is an option of 'Export' in the user management role but unfortunately it does not give information on User Type.
b) If the group is assigned a role, How can we see ( in any report) the roles assigned to a group? In the 'export' option of the 'User Management' this information does not come.By default Portal UME comes along with the installation of portal.
Sometimes we may integrate external users using LDAP. At that time users come from ABAP stack or some active directories. But you can also create users in the portal UME. The purpose of using LDAP is to maintain the users centrally rather than creating again in portal.
You can check them in user administration->identity management and search for the users.
THere you can see some users will be from UME and some from LDAP.
User Admin tool is nothing but User Administration only.
Raghu -
Difference between Groups and roles?
Hi All,
What is the difference between groups and roles?
Thanks for your time and help.Oracle does not have anything called a 'group'.
A role is a named object that can contain a set of privileges. The members of the set can be individual privileges or can be another role that contains its own set of privileges. Roles can then be granted to users (or to other roles) so that those users (or roles) have the specified privileges.
See the SQL Language reference - http://docs.oracle.com/cd/B28359_01/server.111/b28286/toc.htm
Read the topics for CREATE ROLE, GRANT and REVOKE -
I have already bought two tracks off of Kanye West new album Good Music, but when I try to complete album it is not available for me to purchase. Can anyone help?
I have tried many things and none of them work i have purchased over 340 songs itunes and id really noy like to lose them all.
Maybe you are looking for
-
iTunes RADIO is not working. “iTunes could not connect to the iTunes Store. Make sure your internet connection is active and try again.” Try as I may, as many as ten attempts, trying to connect after restart, after shutdown, nothing works. Just so …
-
Table T169P: entry 1000 does not exist
Hi, While doing the Goods Receipt, against Purchase Order, the following error is coming: Table T169P: entry 1000 does not exist Please guide. Regards,
-
How to recover music from iPod hard drive??
I've got an 80GB iPod, not sure of generation it's from 2006. A few months ago I had an issue when playing in my truck and the accessory I was using burned a hole in the lower left corner of the face of the iPod. After this happened, I was able to li
-
Why won't the 10.6.8 update install?
I am doing a free install on a large hard drive. I previously ran Leopard o my old mac, bought snow leopard, then upgraded to mountain lion. That worked fine. Now i have put a 640gb hard drive in my mac, installed 10.6.3, works fine. Now i want to up
-
How can I set my phone to delete messages after a certain period of time? 6 months, 1 year??? It is taking up over 4GB on my phone. I don't want to delete everything just the oldest ones.