Permission problems in Federated Portal Setup
Hello SDNers,
I am trying to setup Federation between two portals. Both the portals are in the same domain and use the same LDAP user data source.
Both the portals are on NW 7.0 EHP1 SP 05.
I am following the online help and few other links. I have followed all the steps explained.
SSO and trust between portals is properly setup and is validated.
The point where I am stuck at is with the permissions on the producer portal for the "Guest" user.
If I assign Super Admin role to the Guest user in the producer portal, every thing works fine. I can see the roles in Consumer portal for Remote Role Assignment and also I am able to do Remote Delta Links.
However, this is not anticipated. (We cannot assign super admin to Guest user)
If I remove the Super Admin role to the Guest user in the producer portal, every thing breaks - I cannot see the remote roles from Consumer portal, I cannot see any content under Netweaver Content Producers for the given producer.
I have given "Everyone" group - read access to everything below "Portal Content" folder both on producer and consumer portals.
PCD_Service user is assigned the actions Remote_Producer_Write_Access and Remote_Producer_Read_Access in both portals.
Log says:
Call failed
EXCEPTION
SOAP Fault Exception (Actor SAPEPP) com.sapportals.portal.prt.service.soap.exception.SoapFaultHandler] : The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.Bridge or the service was not found.
My Questions are:
1. What does Guest user have to do in the whole process - Where it is exactly used ?
2. How can I give Guest user the required permissions (especially to portal service com.sap.portal.prt.soap.Bridge) ?
Please suggest.
Thank You ,
Raj Kumar
Thank you for your answers.
Vaibhav -
I have checked the "End User" option for Everyone group in producer portal.
How do I assign security zones permission to Everyone group ?
Can you please throw some light in that area.
Dao -
I do not want to use the Guest user any where.
However, internally some how the "Guest" user is being used for communication between producer and consumer.
Also, the Guest user we are talking about is the one on the producer portal (not on consumer)
How can I make use of a different user for FPN purposes and make sure that it has access to all the FPN related services on the producer ?
Once again - to emphasize -
If I assign super admin role to Guest user on producer portal - every thing works fine (RRA and RDL)
If I remove the super admin role to Guest user on producer portal - neither RRA nor RDL will work.
Kindly suggest.
Thank You once again for your time.
-- Raj
Similar Messages
-
Usermapping problem with federated portals
HI experts,
We r implimenting FPN functionality for SEM (BI- Integrated Planning) .
We have installed portal server for Federated portal
.After installation we have set the ticket evaluation parameter in service provider in Visual admin ..
we have registered producerer as well as consumer in Fedportal .
everything is fine . after that we have creaated 1 role in Fed portal .
we r able to find the role in consumer portal .
now the thing is
we r trying to map the user with backend user from federated portals .. (user from LDAP)
i am unable to save usermapping credentials and getting following error too .... (no SSO for us here )
User attributes successfully modified
Verification of user mapping data for system "SEPCLNT900" failed; check the credentials for mistakes.
Plz help me out from this problem ..
Thanks & Regards,HI Sandeep
I have gone through the note ...
Still some confusion is there ..
we r facing problems with usermapping ....
we r not creating users by manual .. users from LDAP .
we r getting users fine ..but problem iswe give the user id & pwd after saving that ..it hasn't got saved first to allow usermapping ..
while testing the system object it is working fine
i.e system admin->support -->sapapplication
there we r testing with transaction ....itz working fine..
what could be the problem
itz working fine in developent server ..
in development no LDAP.
Thanks -
Guest User permission for Federated portal setup
Hello SDNers,
I am trying to setup Federation between two portals. Both the portals are in the same domain and use the same LDAP user data source.
Both the portals are on NW 7.0 EHP1 SP 05.
I am following the online help and few other links. I have followed all the steps explained.
SSO and trust between portals is properly setup and is validated.
The point where I am stuck at is with the permissions on the producer portal for the "Guest" user.
If I assign Super Admin role to the Guest user in the producer portal, every thing works fine. I can see the roles in Consumer portal for Remote Role Assignment and also I am able to do Remote Delta Links.
However, this is not anticipated. (We cannot assign super admin to Guest user)
If I remove the Super Admin role to the Guest user in the producer portal, every thing breaks - I cannot see the remote roles from Consumer portal, I cannot see any content under Netweaver Content Producers for the given producer.
I have given "Everyone" group - read access to everything below "Portal Content" folder both on producer and consumer portals.
PCD_Service user is assigned the actions Remote_Producer_Write_Access and Remote_Producer_Read_Access in both portals.
Log says:
Call failed
EXCEPTION
SOAP Fault Exception (Actor SAPEPP) com.sapportals.portal.prt.service.soap.exception.SoapFaultHandler] : The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.Bridge or the service was not found.
My Questions are:
1. What does Guest user have to do in the whole process - Where it is exactly used ?
2. How can I give Guest user the required permissions (especially to portal service com.sap.portal.prt.soap.Bridge) ?
Please suggest.
Thank You ,
Raj KumarNo cross posting.
Read the "Rules of Engagement"
Regards
Juan -
TLN missing for users in Federated Portal Network Setup
Hello All,
We are facing a weird problem in our Federated portal Production setup; when the users login to portal they are not able to see the TLN. On further investigating we found that this issue is happening when the user id is locked in any of the producer portals within our FPN environment due to which the users are not able to view roles related to other systems as well in which there id is active.
This issue is reproducable but only occur once the ID are locked and password is expired in one of the assigned system.
Our FPN setup is as below:
Consumer C connects to Producers
1. A (RDL)
2. B (RDL) - BI Dual Stack
3. D (RRA) - BI Dual Stack
In turn A (producer) connects to 4 ECC systems (F3, M1, R1, R5)
We are using RRA and RDL both in our environment.We have connected all federated portal with P4 Port, so if required we
can use RDL.
Please note our consumer C is EHP1 SP5 and both BI systems B and D are EP 7 sp13.
Any help in this regard is highly appreciated as this is critical issue affecting users in our production environment badly.
Regards,
PriyankaHello,
This was an SAP bug. We raised an OSS message and it is taken care now. User now gets TLN and then portal runtime error if the id is locked.
Regards,
Priyanka -
Federated Portal Network how to setup, configure, requirements
Hi
We are reading and understanding the Federated Portal Network.
I got understood of the fundamental concept of sharing data or content by the networked portal .. etc..
But I want to know more on FPN,
how to setup?
how to manage?
any configurations we have to do?
what are the requirements in terms of software/hardware etc...
if there is any detailed document, please help me on that.
I have already gathered few docs from help.sdn and snd forums. but setup, configuration, maintain, requirements .. still on mess in my mind.
I want to have any doc with is precise and clear to understand.
Please helpme out..
Thanks in advance
Regards
Kiran Jakkaraju
Wipro Technologies.Hi Kiran,
You should be able to find the answers to the questions you posted in the FPN documentation set on teh SAP Help Portal, which you can find here: <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/5b/9f2d4293825333e10000000a155106/frameset.htm">http://help.sap.com/saphelp_nw2004s/helpdata/en/5b/9f2d4293825333e10000000a155106/frameset.htm</a>.
Note that the documentation assumes you have prior portal experience. The solution is based on NW2004s.
If you have any comments (good and bad) about the documentation feel free to post to this thread.
Regards,
Michael -
Problem in Remote Delta Links in Federated Portal
Hi experts,
I am trying the federated portal content usage modes. My producer and consumer are EP7 and SP13.
I have done the Setting up trust both the side.
I have created Netweaver content Producer, with P4 communication properties.
I can able to get the remote roles in consumer (it is working fine).
But I am not able to see the Producer PCD. I didnt get the expand button in the Netweaver content Producer object .
Please help me, Where I made mistake..
Thanks and Regards,
Chinnadurai RHi Chinnadurai
1.During the process of Registering (Adding) Producer Portal, while entering the connection parameters of the NetWeaver producer portal use appropriate Host name against Host Name input field instead of IP address. Perhaps this might create some problem during execution in later stage.
e.g. Host Name: use Hostname123 instead of XXX.XX.XXX.XXX
NOTE: Here always use fully qualified domain name
2. Check whether producer is 'Blocked'
3. Try to add new producer again followed by connection test and registration ...it might work...
4. Sometimes it may happen that you are able to see PCD under portal content studio of consumer portal but if when you open the producer under 'NetWeaver content producers' and if it does not contain folders in it, the registration is considered to be unsuccessful even though it stated it was successful while registration
Regards,
Kapil Sharma
Edited by: Kapil Sharma on Mar 20, 2008 4:51 PM -
Federated portal network - missing tab on consumer role
Hi,
We're on EP 7.01, SP4, and on two occantions we've had problems with missing tabs on a consumer role in our federated portal network setup. An entire workset on both occations is missing from the RDL-shared role. In the two cases the problem has been observed on different roles with two different worksets. When analyzing the RDL-shared roles, the producer role is fine but the consumer role is simply missing the attached workset. If the role is copied to the consumer again, the workset is still missing.
A full synchronization solves the problem.
The RDL-mechanism has been running fine for over half a year, so its quit odd that we now experience this issue.
Has anyone else experienced anything similar?
Kind regards,
RasmusHi Rasmus,
Is your consumer portal required High Availability? A scheduled re-bounce of the instance should help (weekly, monthly, etc.) as a preventive measure. Maybe you can observe to see how long does it take before the problem comes back (after a full cache refreshed) and then schedule your re-bounce accordingly. As much as we try to do our best, "things" happen
Or, you can adjust your cache settings (e.g. reduce the maxValidityPeriodInSecond property) to avoid the problem.
http://help.sap.com/saphelp_nw70/helpdata/EN/5b/9f2d4293825333e10000000a155106/frameset.htm
According to the following link, the cache stores only semantic objects (iViews, pages, layouts and roles); since worksets are not semantic objects, could that be why?!
http://help.sap.com/saphelp_nw70/helpdata/EN/5b/9f2d4293825333e10000000a155106/frameset.htm
Regards,
Dao -
Federated portal's, cann't see the roles and portal content from producer
We are configuring a Federated Portal, with a Producer EP7.0 SP13 and a Consumer EP7.0 SP13. The connection test is successful.
I can see the producer on the consumer and the consumer on the producer.
The problem is that I can not see the portal content of the producer in the portal content of the consumer. The producer roles are also not available on the consumer. I have selected the producer as the data source in the consumer UME,
then enter * in the role name field, then select "go", but nothing comes up.
Can anybody help me?Hi J De Voijs
Following might be the reason:
1. User should exist in both user store of Consumer and Producer portal otherwise it wont work.
2. Incase if the registration is successful then there might be some problem with your servers (Consumer & Producer) clock timings.
3. Remote Role Assignment may get fail perhaps because user to whom remote role assignment is done doesnt have End User role assigned to him/her at Producer Portal. End-user permission enables business users to run content at runtime. Just as end users require end-user permission to run local content on your portal, they also need end-user permission for local content originating from a remote producer.
4. You should have Owner permission in the objects to which you want to assign permissions otherwise Remote Role Assignment wont work.
5. In the portal content studio, open the producer under 'NetWeaver content producers'. If it does not contain folders in it, the registration is considered to be unsuccessful even though it stated it was successful while registration.
6. During the process of Registering (Adding) Producer Portal, while entering the connection parameters of the NetWeaver producer portal use appropriate Host name against Host Name input field instead of IP address. Perhaps this might create some problem during execution in later stage.
e.g. Host Name: use sapProducerportal02 instead of 172.19.144.155
7. Also go through the following URLs (w.r.t Permissions):
1) http://help.sap.com/saphelp_nw2004s/helpdata/en/43/2232580bb93fece10000000a11466f/content.htm
2) http://help.sap.com/saphelp_nw2004s/helpdata/en/f6/2604e505fd11d7b84200047582c9f7/content.htm
3) http://help.sap.com/saphelp_nw04/helpdata/en/f6/2604e905fd11d7b84200047582c9f7/frameset.htm
4)http://help.sap.com/saphelp_nw04/helpdata/en/f6/2604e505fd11d7b84200047582c9f7/frameset.htm
5)http://help.sap.com/saphelp_nw04/helpdata/en/5b/0fab1b76984ed0944d5c732cfad1b2/frameset.htm
Points pls if you find it useful...
Thanks and Regards, -
How to make Federated Portal Network Content available in a Consumer Portal
Hello Experts,
we have the following situation:
We have two NW 7.0 Portals: 1 Main Portal on and 1 BI-Portal
We would like to do a remote role assignment via the Federated Portal option in the Portal, so that we can make the BEX-Explorer role from the BI Portal available in our main Portal.
I've already created a connection to the BI-Portal (Producer-Portal) in "Federated Portal" and have already registered the main portal as the Consumer in the BI Portal. I used SAP Help for that:
http://help.sap.com/saphelp_nw04s/helpdata/en/67/7e70424edcc553e10000000a1550b0/frameset.htm
Now I have the problem, that I can not find the remote role from the BI Portal in the Identity Management of our main Portal? Does anybody has a idea (or maybe a solution ) how to fix this problem? The SAP Help is not very helpful, it always deals with the same notes...
Regards
Andreas
PS: Of course u can earn points!!!!Hi
first of all i would check that the SSO is working between the two portals..
Log into one of the portal.. Change the URL to the other portal. If you have to log in, then there is a problem with your SSO. Remember to have enough permission on both the portal.
If that works, then log into the consumer portal and check what you find in the portal content of the producer portal.
Let me know the result, and I will help you further..
Best Regards
Kristoffer Engh -
Error while accessing a BI iView from the federated portal to the BI portal
Hi,
We got an issue when we execute BI report from our federated SAP Portal.
The user can navigate into the portal, but when he executes an BI iView, sometime he gets the following error message:
"500 Internal Server Error
blabla...
Root Cause
The initial exception that caused the request to fail was:
BEx Web application "xxxxx" does not exist. The application was either ended by a timeout or an error occurred, which was entered into the trace log. See SAP Notes 937697 and 948490"
He can then refresh the page and execute the report again, and it will works.
Here is our lanscape :
Federated Portal EP6 SP18
BI Portal SP20
Iview are created on the Federated Portal and consume BI web template.
I don't think about a timeout issue, since sometime we got the selection screen and once we click on a button (after some seconds) we got the error.
Any ideas ?
rgds,
SebastienHello,
Please could you remove the proxy setting and check whether it will give you same error or not.
Even we have faced the similar similar issue and once we have removed the proxy setting and cross checked it , it worked fine and later we came to know that the problem is in network proxy setting application.Check with the net working team for the same.
Thanks
Geeta -
Hi everyone,
We encounter permission problems with our Visual Composer Applications.
We have created three applications using the visual composer and accessing a BI-system as backend
But the developer has super_user permissions and we dont want our endusers to have them.
Therefor we created new roles only with the permission to see that specific report.
But now, the users are not allwoed to see the data.
The error says, that I should ckeck the permissions.
Well, I did. The user can execute the queries I used directly with BEx - no problem, but within the VC-application not.
So I assume the problem are permissions in the portal.
If I give the user super_user permissions it works, but thats not what I want.
I want the user having minimal permissions in the portal.
Is there somebody who can help me?
Sincerely
MarkHi
Your problem looks like portal authorization issue. There is separate role for 'End Users' to execute & view the portal iview. Just check with your EP administrator, he will solve the problem. There will be role like -
*VC_Role.
*eu_Role.
Regards
Sandeep -
Questions on Federated Portal Network
Hi All,
I have a few questions on Federated Portal Network. Please if someone can provide appropriate answers
It is said that the look n feel will be same. Will the consumer have the look n feel of the producer or the producer application will have the look n feel of the consumer portal. Also, if it is required for the content of the producer portal to maintain it's own look n feel, is it possible
How to take care of the performance bottlenecks. Are there any standards available to improve the performance
Any limitation on the no of producer portals which can be configured with the consumer portal
If one portlet, has undergone some kind of change, then how is the consumer portal notified of this. Is there some kind of synchronization mechanism that takes place or this change is implicitly conveyed to the consumer portal, both in the case of Remote Delta Link or Remote Role Assignment
How does the session management work between the consumer portal and producer portal
What is meant by transitive content sharing
Regards
NikhilHi Rasmus,
Is your consumer portal required High Availability? A scheduled re-bounce of the instance should help (weekly, monthly, etc.) as a preventive measure. Maybe you can observe to see how long does it take before the problem comes back (after a full cache refreshed) and then schedule your re-bounce accordingly. As much as we try to do our best, "things" happen
Or, you can adjust your cache settings (e.g. reduce the maxValidityPeriodInSecond property) to avoid the problem.
http://help.sap.com/saphelp_nw70/helpdata/EN/5b/9f2d4293825333e10000000a155106/frameset.htm
According to the following link, the cache stores only semantic objects (iViews, pages, layouts and roles); since worksets are not semantic objects, could that be why?!
http://help.sap.com/saphelp_nw70/helpdata/EN/5b/9f2d4293825333e10000000a155106/frameset.htm
Regards,
Dao -
Test IVIEWS in Consumers for Federal Portal.
Hi All,
This is the first time iam establishing Federal Portal and i have done with all the configuration steps ie
Setting Truct , SSO , creating and registering of Consumers and Producers etc.
Now i want to check it by creating some iviews etc.. But i dont know and not getting how to create it and test.
Could any body telthe steps to create I views in Consumers and how to test SSO and how to use COnsumers.
Points wil be assigned.
Thanks in Advance.
Regards,
Akash..Hi Akash,
Steps you need to take:
- Setup trust between consumer and producer portal by exchanging certificates and making Visual Administrator entries in the Security Provider Service.
- Create producer.
- Register producer.
See this document for good descriptions of steps to take:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/70191d1e-2bd1-2a10-d9b7-ba19500da527
Also for remote role assignment in NW 7.0 SP15 you need to add some UME Actions to a role that is aasigned to pcd_service user. See following link for the material:
http://help.sap.com/saphelp_nw04s/helpdata/en/43/2236fc0b413fe1e10000000a11466f/frameset.htm
Please have a look and reward points if helpfull. Good luck!
Best regards,
Jan Laros -
Missing MSS iViews in Federated Portal Network
Hello, portal gurus, we have a FPN related issue that hope some of you can help.
We have two portal systems that we set up as a Federated Portal
Network. One producer portal, verision is 7.0, SP11, and one
consumer portal, version is 7.0 SP13. We installed the ESS and MSS business
packages in the producer portal. Those business packages came with the SAP NetWeaver
2005 installation, and they are working ok on the producer portal.
In addition, we were able to do the remote role assignment in the
consumer portal successfully. The problem is that some of the MSS
links and iViews that are shown up ok in the producer portal are missing from the consumer portal.
Have anyone experienced the same issue? Is it because the dismatch of the SP level causing the issue? Are there any fixes to this issu?
Thanks a lot for any input!
JaneHi Jane,
PCD content and KM content are two different things and they have different transport mechanism.
If you want to transport PCD content to another portal go to System Administration/Transport/Transport Package/Export. In PCD tree in any place create transport package and add to it objects which you need (folders, roles, worksets, iviews and so on) and save transport package file localy on your computer or server. After that go to the system where you want to locate your content. Go to System Administration/Transport/Transport Package/Import If you save tranport file localy on your computer chose client and upload tranport file.
KM transport very clear describe here How to Export KM Contents by ICE protocol using Offline Channel Beside this way you can transport KM content use program Portal Drive (very useful program especially when you need quickly transport some KM files from one portal to another).
Regards
Dmitriy -
Federated Portal: accessing content, through Consumer, stored on Producer
Hello Guys,
I am working on a project which has a Federated Portal Network scenario. Details of it are as follows:
Details:
SAP EP 7.0 with SP11. Two portal installations: Consumer and Producer. Both Consumer and Producer are used for logging on by users. Consumer does not have any content. Users logging on to Consumer accesses all the content from Producer rendered through Remote Role Assignment which works fine. Through Consumer, I am able to access in Top Level Navigation, the Role and all assigned worksets, of the Producer. For a particular workset I have a page containing an AppIntegrator iView. AppIntegrator iView is being used as we are catering to more than one language on the portals. This AppIntegrator iView is rendering an HTML page which is stored in a KM repository on Producer (as I mentioned all content is on Producer). The path to the HTML page on KM repository is given in the URL Template property of the AppIntegrator iView created on the Producer.The path for example is something like: <System.protocol>://<System.server>:<System.port>/irj/go/km/docs/myrepository/testPage/<Request.Language>/includes/mypage.html
The links on the HTML page are all relative links. For eg, {a href = "/irj/portal/theQuickLink" target="_top"}. The behaviour I want is to navigate to the workset/page once I click the link on the HTML page while staying in the Consumer portal.
Problem/Question:
On the Consumer I see the HTML page and till this point the navigation is in Consumer portal. But when I click on any of the links on this page the navigation takes me to the Producer URL. I am transferred to the Producer portal and am no longer in the Consumer portal.
Thanks in advance.
KaushikVinoth,
I am aware about the solution provided by you. But my problem here is the Server name + port and not the rest of the URL.
For eg. my consumer portal is http://Aserver:50000
and producer portal is http://Bserver:51000.
While I am able to access the HTML page via consumer and till then the URL has the consumer Server + port details (for eg. http://Aserver:50000), once I click any link on it the URL in the address bar of the browser window changes to that of the producer for eg http://Bserver:51000. All subsequent browsing happens in the producer as I am transferred to the Producer.
Let me know if anybody has more suggestions.
Thanks,
Kaushik
Maybe you are looking for
-
My daughters iphone4 is frozen to a blank screen with the apple on it. We have turned it on and off and it still remains on this screen. We cannot access gef phone at all. Any idea why this is happening or how to correct?
-
How do you create clear titles in FCP?
We have these custom titles we created in illustrator and imported as the head titles in a Video but when its rendered and played back the resolution is terrible. Has anyone encountered this and is there a solution?
-
I've tried to update my ipad 2 with IOs 6 but it was not possible. An error message always appear after some time during e download. Is there an solution?
-
Cropping issue with pathfinder
Hello there, I believed to have found the solution for my issue here in this forum, - finally! - then tried it all out... and failed. Actually, I've spent roughly four hours now on this and I'm about to quit... So now maybe there's somebody out there
-
Customizing the Ora-error to more descriptive messages....
Hi , Is it possible to replace the default oracle errors with the ones i have defined in a table.....????? For example , when the user tries to insert the same deptno in dept table , the system displays the error : unique constraint violated....(dept