MDM Portal CUA Security
Hello Experts:
We have a scenario as below.
1) Enterprise portal witn windows NTML and using CUA for user base.
2) MDM 5.5 SP4 need to be integrated.
3) The R/3 is 620
1) How can we authenticate the portal/cua user in MDM
2) How can we create users in MDM automatically while creating in CUA.
Please help.
Please let me know for any more details, I can send.
Hi Sabari,
MDM at the moment does not support SSO based on any standard mechanism. The only option is using the <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/69/3482ee0d70492fa63ffe519f5758f5/frameset.htm">User Mapping</a> facilities of the portal.
See also the MDM docs
<a href="http://service.sap.com/nw04operation">service.sap.com/nw04operation</a> -> MDM about MDM 5.5 Portal Content Installation <a href="https://service.sap.com/~sapidb/011000358700004656462006E">(PDF in service marketplace)</a>.
this is a known limitiation and the MDM people are working on it.
Regards,
Patrick
Similar Messages
-
Hello Experts:
We have a scenario as below.
1) Enterprise portal witn windows NTML and using CUA for user base.
2) MDM 5.5 SP4 need to be integrated.
3) The R/3 is 620
1) How can we authenticate the portal/cua user in MDM
2) How can we create users in MDM automatically while creating in CUA.
Please help.
Please let me know for any more details, I can send.As far as I know this is not possible, because CUA requires the use of RFC destinations and logical systems and such, the standard ALE configuration for SAP systems. Unfortunately since MDM was purchased, and has not been really built into the rest of the netweaver suite, it does not have ALE. I'm hopeful that in the next life cycle or so of MDM we may see more of a shift towards the traditional architecture of SAP.
Now, don't quote me on this, as I'm not positive. This is just what I believe. -
We are implementing EP 6.0, currently with SP11. We have developed some iViews, which are using RFC functions to get information from backend system, in this case SRM.
Everything worked fine, till the day weve transported those developments into other systems (production and testing systems). We are getting the following error Access denied (Object: com.sap.portal.system/security/no_safety). This error only comes out if the iView is called from inside another one, if called isolated it works fine.
Does any one have any idea about how to solve this?Hi AA, you can find in the log file in order to identify what is the object that you need to add in the security zone.
You can find information for the security zones on:
http://help.sap.com/saphelp_nw04/helpdata/en/25/85de55a94c4b5fa7a2d74e8ed201b0/content.htm
Regards. -
Create/Edit relationship tables in MDM Portal
Hello,
When we set the Relationships tab and all fields on the tab with 'Updatable' = true in the MDM Portal, the only option is to Delete a relationship in the Portal. A user cannot create a new relationship in the Portal.
We are on version 7.0 in portal.
Is this a limitation in this version and does anyone know if this is corrected in a later new release?
thanksHmmmm.. as far as I remember the answer is no.
The way I do it is to drop an empty text box over the file name in the table and make this a hyperlink to the file.
Some people report that this doesn't work and use a shape with almost zero opacity. I think they have this problem when using internal rather than external links. If you are linking to files in a download folder on your server you will be using external links and the text box is a lot quicker to do.
The links on this page are done in this fashion....
http://www.iwebformusicians.com/iWebMusicWebsite/WebsiteMap.html -
Pop ups on Standard MDM Portal iViews throw Portal Runtime Error
Hi all,
We are facing some issues with MDM Standard Search iViews in Portal. We have configured MDM standard iViews using MDM Search Texts iView, MDM Result Set iView, MDM Search Picklists iView, MDM Item Details etc. We are facing a problem with the MDM Search Picklists iViews wherein we have to click the ellipses button to open the pop up. Whenever we open the pop up, the pop up shows Portal Runtime Error. Please find the screenshot below:
http://img209.imageshack.us/img209/1138/portalruntimeerror.jpg
The MDM System is working fine. The other Standard iViews are also working fine. The surprising thing is that, when the Super Admin role is assigned to the user, the iViews start working perfectly as shown below:
http://img696.imageshack.us/img696/6808/worksfinethisway.jpg
I have checked the permissions also on all these iViews as well as the System object and did not find any problem. Moreoever, this was working fine till some days back. All of a sudden these iViews have stopped working. Please guide me as to what can be the reason for this and any possible solutions.
Thanks in advance.
Regards,
AnkurI would check the logs but it sounds like a permission error to me. Can you or your basis resources modify the Security Zones?
System Administration -> Permissions -> expand Security Zones folder -> right click on com.sap.pct.mdm.appl.masteriviews and select Open Permissions -> in the assign permissions section add read permissions for a particular user, role, or group which the user getting the error is part of, check the End User checkbox -> Save. Login to the portal and try again.
-Greg -
Need to replicate Portal /irj security setting
Hi Folks,
I am working on a Portal 6 - Web AS 6.40 SPS 21
I have strange proprietary application (I guess aspx) handling user authentication in the production Portal: whenever a user points the browser to the production portal public URL (say https://portal.customer.com), a reverse proxy forward the request to the custom auth app; the user enters his domain credentials and, if successful, he's redirected over the Portal, in an authenticated session (if I look at the browser cookies I can see the SAPSSO2).
Now the problem: I would like my web module project (I am writing a very simple JSP using Web Module Project and Ent. App. project to deploy) to behave exactly as /irj does from a security perspective.
Question 1: how do I have to set up security in my xml descriptors (web.xml and web-j2ee-engine.xml) in NWDS to achieve this?
Question 2: do I need to change the auth template in the Security Provider in Visual Adiministrator for my app, or just leave it with the "basic" auth module it originally comes? I am confused about this because I would expect a "ticket" template with its 5 modules stack to be more appropriate then "basic", but if I look at how irj is configured in the Security Proivider, I see only "basic" used...
Finally: I am (try to be) a strict-RTFM-observer as much as I can, but I really need your help here guys.
Hope someone can shed some light on this foggy topic.
Thanks in advance.
Cheers,
AlexOk guys, fixed it myself, luckily.
See /people/alessandro.guarneri/blog/2010/06/05/http-header-variable-authentication-in-sap-portal -
Question on MDM 2.1 security.
Hi All,
We are trying to configure MDM 2.1 for our project and we have a question about security.
One of our goal is to flter data according to a particular user. For instance, we have a group of users that will be able to see only their own data (so their own interval data, MC, etc). So we need to filter data at the database level.
Do you know if it is possible to do this in MDM 2.1 ?
Many thanks.It sounds like you're attempting to pass Local EJB objects over a Remote interface, which is not permitted. EJBLocalObjects can not be passed outside the ejb tier. You'll need to either pull their data out into data access object classes (basically structs) or return EJBObjects.
--ken -
I have a page with item level security enabled for the page.
I have added 5 tabs on one of the sections, and have set security for each of the tabs.
On one of the tabs I limited the access to 1 group, however anyone that has access to the page group can see that tab. Is there an overriding security for tabs somewhere I do not know about?
Thanks,
PeterFirst, check the access for the PAGE GROUP properties since any access granted there will override specific access to a tab on a page in that page group. I've set up all the page groups in our portal to not have any access granted to any groups at the PAGE GROUP level but set it on the Root page of that page group (then sub pages can either inherit that access or I can specify different access at the page, tab, or even item level.)
-
Hi,
I am working with CUA systems and i want to set a security lock in such a way that, when i do the transports i don't want the user assignments to transport to get transported to target system and getting replaced.
ThanksHi,
I think you can do these settings in the control table PRGN_CUST.
In this table you must contain the entry USER_REL_IMPORT:=NO.
Bye -
Crawling iplanet portal server secured content.
Hi, All,
I am new on the iplanet portal server. Try to come up a solution to crawling
the secured content with a valid user name and password. What this the
authentication mechanism of iplanet portal server keep the user's session?
is iPlanet Portal server using cookie to store the session id or pass it
back and forth as a parameter? Where can I find more information about this?
Any response is appreciated!
Hao Huangcurrently there is no testing tool available as a part of the product.
-
I would like to create i-views in SAP Netweaver Portal for MDM SP5 and Basis Consulatant told to me MDM and Portal connectivity establised.
Step 1:-Right-click your folder where you want to create your iView and from the context menu, select New u2192 iView to launch the iView Wizard.
Step 2:-Enter a Name (display name) and an ID for the iView (the ID name must be entered without blank spaces).
Step 3:-Select Allias for MDM Server from drodown List.
But instead of getting Step 3 , I got Summary to finished.
How will configure Step 3.Hi Jitesh
I have do exact same way and list of i-view are following .
Tell MDM relevant i-views exist or not ,If not what we need to do...
BEx Web Application iView
Col Room Navigation iView
Collaboration Configuration Template
CRM BW iView
CRM E-Commerce Document Overview
CRM Fact Sheet BW iView
CRM Fact Sheet Form iView
CRM Fact Sheet List iView
CRM Generic Internet Sales
CRM PCUI BSP iView
CRM Telephony
CRM Value Help iView
Crystal Enterprise Report
JDBC Stored Procedure iView
KM Application Log iView
KM Cache Monitor iView
KM Classification Inbox iView
KM Configuration iView
KM Content Exchange Subscriber iView
KM Content Exchange Syndicator iView
KM Content Exchange Syndicator Offers iView
KM Content Exchange Syndicator Subscriber iView
KM Crawler Monitor iView
KM Crawler Monitor iView (Legacy)
KM Discussion Group Admin iView
KM Discussion Group Contributors iView
KM Discussions iView
KM Document iView
KM Document iView Without Content Filter
KM Folder Settings Admin iView
KM Folder Settings Admin iView
KM Index Administration iView
KM Indexing Monitor iView
KM Navigation iView
KM Quick Poll Administration
KM Quick Poll iView
KM Recent Notifications iView
KM Search iView
KM Subscription iView
KM Taxonomy Query Builder
KM Taxonomy Trainer iView
KM Taxonomy Update Log iView
KM Trex Monitor iView
KM Upload iView
KM XML Forms Builder Check iView
KM XML Forms Builder iView
Navigation Destination
Object-Based Navigation
Page Navigation
Personalized SAP Web Dynpro iView
Portal Activity Report iView
Proxy-to-Portlet iView (WSRP)
Proxy-to-Remote iView
Related Services iView
SAP BSP iView
SAP CRM R/3 Transaction iView
SAP IAC iView
SAP MiniApp iView
SAP RFC iView
SAP Transaction iView
SAP Web Dynpro iView
Search
Service Map iView
URL iView
User Management
Web Service iView
Web Target iView
WorkProtect Mode
Workset Map iView
XML iView -
Hi,
My company has decided to use only one cua for both productive and non productive systems (dev. , test, ...). What are the security issues or risks of this kind of set up? Same question for SAP SolMan for both production and non productive systems.
Thanks.
Regards.
Philippe.Hi
From a security point of view Julius is quite right, furthermore, by creating one CUA for Test and Developemnt, and another for productive use, you will also gain the option to test changes to your CUA landscape before migrating them to production.
From a more pragmatic point of view I must admit that I have created many "only-one-CUA-Solutions". This will give you the advantage of a Single point of user maintenance, but if you do so, make sure that your master system is installed on a system with the highest possible security level, and that is I guess your productive system, or dedicated CUA System.
And remember, a new client on test, development or solman, will not provide that level of security, unless your can ensure that level of security on all clients on the system.
Regards
Morten Nielsen -
MDM Portal Consultant Requirements
Hi All,
I would be entering into the field of MDM, and being from the Java and EP side, i would be working on the portal (Custom and Customizing) side of it.
Please enlighten me with the best practices available in this stream.
Some common and important things that i should be careful about while implementing MDM on EP.
I have read most of the documents and posts available on SDN.
Thanks in Advance...
~NitinNitin,
You can find documentation EP-MDM integration, We can integrate MDM with any other SAP NetWeaver Co ponent,
Help.sap.com MDM Documenation section IT Scenarios MDM-EP integration available......
You can refer the doc....
Regards,
Raj -
MDM Portal configurations.
Hi,
Very recently we have integrated MDM 5.5 SP4 with our portal server EP6 WAS 6.40 SP16, i also have created the MDM system to connect to MDM repository. But i am totally unaware what could be the next thing? I assigned the std. roles to one user id but i am getting the error. Can anyone please give me or provide any link to document that discribes how we can create applications, how we can use MDM APIs?
Also in my NWDS, i am unable to locate the MDM Perspective. How can i get rid of all these issues?
Please help as i am a newbie for MDM.
Regards,
AmeyaHi,
Steps for using standard MDM iViews:
1. Deploy the MDM SCAs on your portal
2. Restart the Portal Server
3. Create the MDM System and System Alias
4. Assign the System Alias to the user and complete the user mapping
5. Check the connection of the system with the repository
After the above steps you will be able to use the standard MDM iViews available like Item Details, ResultSet etc.
JAVA APIs
Java APIs are basically used when you want some customization i.e. the functionality required that standard iViews cannot provide and there is no MDM Perspective in NWDS you can either use WebDynpro or Java Perspective and you have to use the APIs available for various operations like Connection with the repository,Session establishment,Workflows etc.
Please refer the Java Doc shipped with the MDM Installation for more information about the classes and methods available for MDM operations.
Hope you will get some idea.
Regards,
Jitesh Talreja -
In which place the MDM Iviews resides in portal
help me understand the MDM Java architecture and In which place the MDM Iviews resides in portal. Can any one Help me on this
Hi Pandian,
please follow the below useful links about MDM ivews.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/bebdb8c4-0801-0010-aa81-a9b8d14e8415?QuickLink=events…
Creating and Managing iViews (SAP Library - MDM Portal Content Development Guide)
https://scn.sap.com/thread/968936
Thank you
Rahul
Maybe you are looking for
-
My iPhone 5s has notes on it that it keeps under the Notes Account "ON MY PHONE". Most of my notes sync to iCloud, but these notes don't. How can I move them over - and why didn't they go to the cloud in the first place? I know this is a simple set
-
Query builder query to generate list folders for a group
working on custom reporting application in Excel using SDK. have query for users and groups as follows: SELECT TOP 1000000 SI_EMAIL_ADDRESS, SI_FORCE_PASSWORD_CHANGE, SI_NAME, SI_ID, SI_USERGROUPS, SI_USERFULLNAME, SI_ALIASES, SI_DESCRIPTION, SI_LAST
-
What do I need to send a fax from my Imac
-
Do I need to replace my battery or is this a mavericks thing? (Service Battery)
I just updated my operation system a few days ago to Mavericks and I noticed that I'm getting a "service battery" warning. Possibly a coincidence but I'm not sure how many cycles my battery can take. According to Coconut Battery, I've gone through 30
-
Firefox keeps (not responding) how do I fix it?
Firefox keeps (not responding) was using 6.0 and saw online that someone switched back to 5.0 so I tried that, still not working. Also saw on your help page that other people are having this problem. Any solutions?