Portal and R3 user mapping

Experts,
We are on EP6 with 4.7 backend and using AD as our data source.
We implemented ESS on ITS and we have few users who have different portal user ID and R/3 ID and I want their ID to be mapped to their R3 ID.
So far, I've added my r3 usrID as one of the parameters in AD and in the UM config file, I've mapped this field to userID.
I've defined the sap reference system and when I go to user mapping under "personalize" it says "Error occurred while reading the selected user mapping data"
Can someone tell me what could be wring with this setup?
Thanks,
James

Well, this may not be the "best way" to do it but.....
<p>
<img src=http://home1.gte.net/res00icr/SA.jpg>
<p>
Make it a dedicated system and then you can have your users go up to personalize it once and done. Then what every you need the back end for just reference the system you created.

Similar Messages

Portal Runtime Error - User Mapping

Hi
I installed EP6 SP9, KMC and TREX successfully. I logged into the portal and created a system to connect to R3 and also the system alias. When I tried to do the user mapping I get the following error:
Portal Runtime Error
An exception occurred while processing a request for :
iView : pcd:portal_content/administrator/super_admin/super_admin_role/com.sap.portal.user_administration/com.sap.portal.user_mapping/com.sap.portal.userMappingAdmin/com.sap.portal.userMappingAdmin
Component Name : com.sap.portal.usermanagement.admin.UserMappingAdmin
User Mapping not fully available..
Exception id: 12:06_31/03/05_0003_3886350
See the details for the exception ID in the log file
Please help.
Sriram

This was also discussed several days ago in this forum - please search the forum before posting.
Did you install the strong encryption libraries? Without those libraries then usermapping cannot be stored securly in the DB and thus you see the error - by default ume.usermapping.unsecure is set to false, for VERY GOOD REASON. If you allow unsecure usermapping the the user/pwd data is stored in BASE64 strings in the DB - this is hardly secure.
Only set ume.usermapping.unsecure to true in non-productive environments.
Nick

Sponsor portal and internal users

Hi
I have configured on our ISE to use AD-users as sponsors. And this works perfect.
but I'm also trying to configure an internal user, for the sponsor portal.
I Have configured it almost the same way so i don't understand why the ISE is reporting :
Sponsor authentication has failed : Sponsorgroup not found for user
My identity store is a sequence for AD and internal users, and i can see from the log that it looks in the right place :
Identity Store:
Internal Users
My condition is that the internal user, should be a member of identity group : sponsorAllAccount
my identity group :
Identity Group:
SponsorAllAccount
and then get a created sponsor group, this sponsor grop that is allocated to the condition, works fine for det AD-users.
Evaluating Identity Policy
5435 Sponsor authentication has failed
any suggestions of why ? I'm now running the lastes 1.1.1 version.
Br
Tuva

Hi Tarik
thanks for the answer.
I'm certain that the user does not exist in the AD domain, anyhow, then my log would tell me that the authentication failed because of wrong password !?
I can se from the log that the ISE is doing lookup in the internal database.
this is output from he logging :
Identity Store:
Internal Users
I have ,made a identity store sequence with both AD and internal users.
Br
Tuva

Portal Runtime Error - User Mapping error

Hi,
I got below error in portal screen(EP6,SP12) when i navigated "User Administrator" -> "User Mapping".
Thanks in advance for your kindly help.
Portal Runtime Error
An exception occurred while processing a request for :
iView : pcd:portal_content/administrator/super_admin/super_admin_role/com.sap.portal.user_administration/com.sap.portal.user_mapping/com.sap.portal.userMappingAdmin/com.sap.portal.userMappingAdmin
Component Name : com.sap.portal.usermanagement.admin.UserMappingAdmin
The exception was logged. Inform your system administrator..
Exception id: 06:16_27/05/05_0005_2051150
See the details for the exception ID in the log file
in defaultTrace1.trc, there is error as below.
#1.5#000C2900F78900140000002600000A900003F813C8396092#1117188777281#com.sap.portal.portal#sap.com/irj#com.sap.portal.portal#Administrator#733#####Thread[PRT-Async 1,5,PRT-Async]##0#0#Error#1#/System/Server#Java###Exception ID:06:12_27/05/05_0004_2051150
[EXCEPTION]
#1#com.sapportals.portal.prt.component.PortalComponentException: Error in service call of Portal Component
Component : pcd:portal_content/administrator/super_admin/super_admin_role/com.sap.portal.user_administration/com.sap.portal.user_mapping/com.sap.portal.userMappingAdmin/com.sap.portal.userMappingAdmin
Component class : com.sapportals.portal.prt.component.usermanagement.UserMappingAdminComponent
User : Administrator
     at com.sapportals.portal.prt.core.PortalRequestManager.handlePortalComponentException(PortalRequestManager.java:969)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:343)
     at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
     at com.sapportals.portal.prt.core.async.AsyncIncludeRunnable$1$DoDispatchRequest.run(AsyncIncludeRunnable.java:377)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sapportals.portal.prt.core.async.AsyncIncludeRunnable.run(AsyncIncludeRunnable.java:390)
     at com.sapportals.portal.prt.core.async.ThreadContextRunnable.run(ThreadContextRunnable.java:164)
     at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:729)
     at java.lang.Thread.run(Thread.java:534)
Caused by: java.lang.NullPointerException
     at java.util.Hashtable.put(Hashtable.java:393)
     at java.util.Properties.setProperty(Properties.java:102)
     at com.sapportals.portal.prt.component.usermanagement.MappingFieldParser.addElementToCreds(MappingFieldParser.java:177)
     at com.sapportals.portal.prt.component.usermanagement.MappingFieldParser.parseFieldItem(MappingFieldParser.java:155)
     at com.sapportals.portal.prt.component.usermanagement.MappingFieldParser.parse(MappingFieldParser.java:58)
     at com.sapportals.portal.prt.component.usermanagement.UserMappingDataModel.interpreteUserMappingFields(UserMappingDataModel.java:929)
     at com.sapportals.portal.prt.component.usermanagement.UserMappingDataModel.getCredentials(UserMappingDataModel.java:638)
     at com.sapportals.portal.prt.component.usermanagement.UserMappingDataModel.getCredentials(UserMappingDataModel.java:236)
     at com.sapportals.portal.prt.component.usermanagement.UserMappingView.addLogonScreenFields(UserMappingView.java:238)
     at com.sapportals.portal.prt.component.usermanagement.UserMappingView.createUserMappingGrid(UserMappingView.java:498)
     at com.sapportals.portal.prt.component.usermanagement.UserMappingAdminView.doContent(UserMappingAdminView.java:63)
     at com.sapportals.portal.prt.component.usermanagement.UserMappingAdminComponent.doContent(UserMappingAdminComponent.java:180)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)
     at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
     at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
     ... 7 more

Hi Kuoming,
The usermapping error is because you have installed portal with weak encryption. You can fix the usermapping error by reading the following forum question.
/thread/24177 [original link is broken]
Please post any EP question in the following forum
/community [original link is broken]

Wireless Virtual LAN - SSID and ACS User Mapping

Hi Everybody
We have the following senario:
- WLC 4402 and ACS 3.3
- 2 SSID's , One for Emploies - one for gests
- All users are (guest and emploies) are authentication against the ACS Server.
We would like to only permit Guest users to use the Guest SSID.
I've been reading the Wireless Virtual LAN Deployment Guide :
http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wvlan_an.pdf
and have tried to use methode 1.
- RADIUS-based SSID access control:
"Upon successful 802.1X or MAC address authentication, the RADIUS server
passes back the allowed SSID list for the WLAN user to the access point or bridge. If the user used an SSID on the allowed SSID list, then the user is allowed to associate to the WLAN. Otherwise, the user is disassociated from the access point or bridge."
"This is configured by enableling the ?[026/009/001] cisco-av-pair? option. On the ACS Server
- Enable and configure Cisco IOS/PIX RADIUS Attribute,
009\001 cisco-av-pair
- Example: ssid=LEAP_WEP"
I've tried this, but regardless of wich SSID the user(-group) has configured, it sill can access all SSID's?
Does anyone have any idea of what I'm doing wrong?
Does this setting only apply to Accesspoint, or is it also valid for the WLC 44xx series?
Greetings
Jarle

Hi I'm sorry but this still does not help.
We have now upgraded ACS to version 4.0 and I'm still having the same problems.
This is what i have configured:
WLC:
- WLAN
- SSID : Public
- WLAN id = 3
- L2 Security : 802.1x
- Interface Name : GuestVLAN
- Controller - Interface
- management - Untagged
- GuestVLAN - VLAN 112
- Security
- RADIUS Servers
When authenticating a Guest(belonging to the proper group in acs) - the right VLAN is used, IP Adresses from DHCP is recieved, and the Guest can access internet.
Switch:
- Port connected to WLC uses Trunking.
- Guests are connected to VLAN 112 and "native VLAN" is used to connect the Private Users.
ACS:
- AAA Client is the WLC, Authenticating using Cisco Airespace
- Guest Users are member of Group 11
- Private Users are member of Group 1
Group 11
- Use Per Group NAR to only allow WLAN Access
- Cisco Airespace RADIUS Attributes
x 14179\001 - Aire-WLAN-ID = 3
- Cisco IOS / PIX RADIUS Attributes
x 009\001 Ciso-av-pair = "ssid=Public"
- IETF Radius Attributes
x 006 Service Type = Login
x 007 Framed-Prot = ppp
x 064 Tunnel-Type = VLAN
x 065 Tunnel-Medium-tye = 802.1x
x 081 Tunnel-Private-Group-ID = 112
Group (default Group)
- Cisco Airespace RADIUS
x 14179\001 Aire-WLAN-ID = 1
- Cisco IOS/PIX Radius Attrib
x 009\001 Cisco-av-pair = "ssid=Private"
- IETF RADIUS
x 008 Service-type = Login
x 064 Tunnel-Type = VLAN
x 065 Tunnel-Medium-tye = 802.1x
x 081 Tunnel-Private-Group-ID = 1
Do you have any idea of what i should change?
Greetings
Jarle

EP + BW: Problems with user mapping in the portal

Hi,
I'm trying to connect the portal with the BW by using the report RSPOR_SETUP which is a step-by-step guide. The steps #1 - #11 seems to be ok but my problem is the 12th step, the user mapping/allocation maintenance in the portal.
There is an error emerging (in BW): System failure during call of function module RSWR_RFC_SERVICE_TEST (System failure indicates normally an authentication problem between ABAP and Java)
Another error is emerging by testing the connection in the portal. (System administration u2013 system configuration u2013 system landscape u2013 connection test: the first connection, the SAP Web-AS connection is ok but the second, connection test for connector, is not working.
Especially the connection to the backend system with the defined connector is not working. The output is: u201CConnection failure. Check that single sign on is correct configured.
On step 12 of the step-by-step guide I have to select a user in the portal, relate him to a system alias und maintain his technical username and password for the BW. I think here is the problem. Iu2019m able to select and save a system alias for the user, but Iu2019m not able to save his technical username and password. There is another error emerging (in the portal): u201CVerification of user mapping data for system SAP_BW failed, check credentials for errorsu201D, so Iu2019m not able to save the username and password.
I think thats the my problem. the log file confirms that: "Did not find any existing logon data for principal...." & "No user mapping data available for principal...."
I hope my problem description is understandable.
Any ideas how I can solve the credentials problem to save the username and the password?
Thanks in advance.
Tan
Edited by: Tan Yildiz on Jul 22, 2009 1:26 PM

I could deploy some of the usage types, but there is an error regarding the BI-REPPLAN package. I think it's one of the very last errors that stands between me and a working EP - BI connection. There is a problem with the version. Could you check the log details, to find out more?
Thank you.
<!LOGHEADER[START]/>
<!HELP[Manual modification of the header may cause parsing problem!]/>
<!LOGGINGVERSION[1.5.3.7185 - 630]/>
<!NAME[D:\usr\sap\BIP\JC02\SDM\program\log\sdmcl20090806164716.log]/>
<!PATTERN[sdmcl20090806164716.log]/>
<!FORMATTER[com.sap.tc.logging.TraceFormatter(%24d %s: %m)]/>
<!ENCODING[UTF8]/>
<!LOGHEADER[END]/>
Aug 6, 2009 6:47:16 PM   Info: -
Starting validation -
Aug 6, 2009 6:47:16 PM   Info: Prerequisite error handling strategy: OnPrerequisiteErrorSkipDepending
Aug 6, 2009 6:47:16 PM   Info: Update strategy: UpdateLowerOrChangedVersions
Aug 6, 2009 6:47:16 PM   Info: Starting deployment prerequisites:
Aug 6, 2009 6:47:18 PM   Info: Loading selected archives...
Aug 6, 2009 6:47:18 PM   Info: Loading archive 'D:\usr\sap\BIP\JC02\SDM\program\temp\BIREPPLAN04_0-10005889.SCA'
Aug 6, 2009 6:47:21 PM   Info: Selected archives successfully loaded.
Aug 6, 2009 6:47:21 PM   Error: Unresolved dependencies found for the following SDAs:
1.: development component 'bi/plan/helpers/table2'/'sap.com'/'MAIN_NW701P03_C'/'2846642'/'0'
dependency:
       name:     'bi/alv/common'
     vendor:     'sap.com'
There is no component either in SDM repository or in Deployment batch that resolves the dependency.
dependency:
       name:     'bi/alv/ui'
     vendor:     'sap.com'
There is no component either in SDM repository or in Deployment batch that resolves the dependency.
Deployment will be aborted.
Aug 6, 2009 6:47:21 PM   Error: No Software Component Archive (SCA) or Software Delivery Archive (SDA) selected. Select at least one.
Deployment will be aborted.
Aug 6, 2009 6:47:21 PM   Error: Prerequisites were aborted.
Aug 6, 2009 6:47:22 PM   Error: Error while creating deployment actions. No Software Component Archive (SCA) or Software Delivery Archive (SDA) selected. Select at least one.
Deployment will be aborted.
Aug 6, 2009 6:47:23 PM   Info: -
Ending validation -

Exception in User Mapping (Remote iViews) in Federated Portal Network (FPN)

Hi all,
I am trying to implement Federated Portal Network. Content Usage mode as 'Remote Delta link' but getting runtime exception at Consumer Portal side while navigating through following path:
Ideally it should display login page asking for user credentials to connect to remote producer portal
Path at Consumer Portal side: Personalize -> User Mapping (Remote iViews) -> select remote producer portal alias from Remote Content Provider dropdown
Consumer portal : EP1 SPS 12
Producer portal: EP4 SPS 11
Exception as below:
The initial exception that caused the request to fail, was:
com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/every_user/general/eu_role/com.sap.portal.portal_personalization/com.sap.portal.umeEnduserRemoteUserMappingWD/com.sap.portal.umeEnduserRemoteUserMappingWD)
at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:422)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
Request you to kindly share your inputs.
Thanks and Regards

Hi all,
I am trying to implement Federated Portal Network. Content Usage mode as 'Remote Delta link' but getting runtime exception at Consumer Portal side while navigating through following path:
Ideally it should display login page asking for user credentials to connect to remote producer portal
Path at Consumer Portal side: Personalize -> User Mapping (Remote iViews) -> select remote producer portal alias from Remote Content Provider dropdown
Consumer portal : EP1 SPS 12
Producer portal: EP4 SPS 11
Exception as below:
The initial exception that caused the request to fail, was:
com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/every_user/general/eu_role/com.sap.portal.portal_personalization/com.sap.portal.umeEnduserRemoteUserMappingWD/com.sap.portal.umeEnduserRemoteUserMappingWD)
at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:422)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
    at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
Request you to kindly share your inputs.
Thanks and Regards

User mapping issue using SAP net weaver developer studio

Dear All,
I am getting below error when updating user mapping in SAP Enterprise Portal. I was able to update the data through SAP portal but not through the below code.
Code:
userMapData.setSystemAlias(“WebEx”);
mappingData.put(UmeConstants.USERNAME, "user id");
                                                               mappingData.put(UmeConstants.PASSWORD, "pasword");
if (!userMapData.setMappingData(newUser, mappingData,logger)) {
errorMessage = new ErrorMessage("Set user maaping data for + " + newUser.getDisplayName() + " failed.", "ApolloUMECreateUser.setUserMappingData()");
public boolean setMappingData(IUser iUser, Map logonData, UmeLog logger) {
        //logonData needs to be able to be null to clear the user mapping!
        if (iUser != null) {
            try {
                  IUserMappingData mappingData = iUserMapping.getUserMappingData(systemAlias, iUser, logonData);
                //IUserMappingService iums = (IUserMappingService)PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
                //IUserMappingData mappingData = iums.getMappingData (systemAlias, iUser);
                mappingData.storeLogonData(logonData);
                        return true;
            catch (IOException ioe) {
return false;
            catch (Exception e) {
                        return false;
        return false;
Error:
#1.5#00155D007802007D0000417100000B480004F636722D1228#1396613610296#com.sap.security.core.umap.imp.UserMappingDataImp#ibm.com/ibm.com.tivoli.im.umeagent#com.sap.security.core.umap.imp.UserMappingDataImp.saveLogonDataInternal(Map, boolean)#Guest#0##n/a##88b1fdb2bbf211e3a6ac00000032f136#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###Cannot save logon data for principal {0} because there is no mapped backend user ID in the logon data map to save.#1#"user id, password" (unique ID: "USER.PRIVATE_DATASOURCE.un:aujastest31")#
#1.5#00155D00780200740000411600000B480004F636722D12D8#1396613610296#System.err#ibm.com/ibm.com.tivoli.im.****umeagent#System.err#Guest#0##n/a##88cc4ee9bbf211e3b0a300000032f136#SAPEngine_Application_Thread[impl:3]_33##0#0#Error##Plain###Apr 4, 2014 5:43:30 PM com.ibm.tim.agents.UmeAgent [SAPEngine_Application_Thread[impl:3]_33] Info: Created the Writer
#1.5#00155D007802007D0000417200000B480004F636722D18DA#1396613610296#com.sap.security.core.umap.imp.UserMappingDataImp#ibm.com/ibm.com.tivoli.im.umeagent#com.sap.security.core.umap.imp.UserMappingDataImp#Guest#0##n/a##88b1fdb2bbf211e3a6ac00000032f136#SAPEngine_Application_Thread[impl:3]_24##0#0#Error##Java###storeLogonData(Map)
[EXCEPTION]
{0}#1#com.sap.security.api.UMException: Mapped backend user ID not specified.
      at com.sap.security.core.umap.imp.UserMappingDataImp.saveLogonDataInternal(UserMappingDataImp.java:280)
      at com.sap.security.core.umap.imp.UserMappingDataImp.saveLogonData(UserMappingDataImp.java:251)
      at com.sap.security.core.umap.imp.UserMappingDataImp.storeLogonData(UserMappingDataImp.java:223)
      at com.ibm.tivoli.integration.im.agents.umeagent.sap.usermapping.UserMapData.setMappingData(UserMapData.java:106)
      at com.ibm.tivoli.integration.im.agents.umeagent.sap.UMECreateUser.setUserMappingData(UMECreateUser.java:381)
      at com.ibm.tivoli.integration.im.agents.umeagent.sap.UMECreateUser.UMECreateSAPUser(UMECreateUser.java:118)
      at com.ibm.tim.agents.UmeAgent.UMEProcessAddRequest(UmeAgent.java:207)
      at com.ibm.tim.agents.UmeAgent.processRequest(UmeAgent.java:134)
      at com.ibm.tim.agents.UmeAgent.doPost(UmeAgent.java:89)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
      at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
      at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
      at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
      at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
      at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
      at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
      at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
      at java.security.AccessController.doPrivileged(Native Method)
      at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
      at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

Thanks Rodrigo for you reply.
In Data Base user is exist and manually user mapping is working only through code i am getting error. Using code user is creating but mapping is not happening. I am sending ep6User user as iUser please find requested code.
Please suggest Thanks in advanced!!!
public UmeUser processRequest(com.ibm.dsml2.parser.AddRequest addRequest) {
        UmeUser ep6User = null;
        try {
            Enumeration enumAddRequestAttr = addRequest.enumerateAttr();
            Properties userAttributes = new Properties();
            while (enumAddRequestAttr.hasMoreElements()) {
                com.ibm.dsml2.parser.Attr attr = (com.ibm.dsml2.parser.Attr) enumAddRequestAttr.nextElement();
               if (attr.getValueCount() == 1) {
                    userAttributes.put(attr.getName(), getAttributeValue(attr));
                else {
                    List list = new ArrayList(attr.getValueCount());
                    for (int i = 0; i < attr.getValueCount(); i++) {
                        list.add(getAttributeValue(attr, i));
                    userAttributes.put(attr.getName(), list);
            ep6User = new UmeUser(userAttributes, logger);
        catch (Exception e) {
            logger.log(this.getClass().getName(), e);
        return ep6User;

User Mapping not fully Available Error

Hi
while connecting from EP to Sap R/3
created folder in System Administration and System object as Dedicated
system name: sapsystem - next - finish
selected propety category :Connector
AppHost : 101.110.110.105
Remote Host : 3
SAP Client : 800
SAP SYstem name : global
SAP SYstem ID : 00
SAP Server Port : 3200
System TYpe : SAP_R3
SAVE
Property Category : usermanagement
logon method - UIDPW
user mapping type - admin,user
SAVE
System alias as (sys1)
User Administration - UserMapping- search
Administrator in Users - start - edit-
System alias - sys1
user - sapuser i.e( R/3 server)
password - xyzabc
SAVE
then raising error Portal Runtime error
User Mapping not fully Available
with Exception id
Regards
Rakesh

Hi,
First you must import sap crptographic toolkit from help.sap.com, following link: http://help.sap.com/saphelp_nw2004s/helpdata/en/04/d246215f1d4f588d1d9c49391acb01/frameset.htm
Here be careful to follow all the steps, have a look at the link and the subt topic deploying crptographic toolkit.
Onec you have done that, restart the portal and related services.
Now it is possible that you might face other new probles or exceptions.
In that case you might need to update your jce files etc.
Please refer to the sap note: 796540
in that case

User mapping certificate in UME (J2EE) with ABAP system as Backend (SNC)

I hope someone can help me with the user mapping concept (X.509 V3 certificates) for both "worlds" (ABAP and JAVA Stack).
I know how to install and configure certificate based (X.509) login to SAP ABAP and SAP JAVA (J2EE) Stack (--> enable encryption for communication and Single Sign On).
Situation:
We have a ready installed and configured X.509 certificate authentication environment for the ABAP world (between SAP GUI and SAP Server System)
and the user mapping was configured in the ABAP System (SU01). As the users are using certificates, the passwords are deactivated on the ABAP System.
Now if you want to integrate a JAVA (J2EE) Sytem and you want to configure the UME to the ABAP System (as Backend), you have an administrative effort problem with the user mapping (X.509) in the UME configuration.
1.) It is possible to assign manually the user public key to every user --> But to much effort
2.) As the user does not have a password (deactivated in the ABAP system), the way to combine the automatic mapping with a user login does not work.
3.) In the distinguished name of the user certificate there is no information about the SAP username itself
--> you are not able to use any information of the DN to bind a user in the Login Module configuration.
Now my question:
Is it possible to use the sncname information from the ABAP System (still configured and available) for the UME configuration?
As i know, it is possible to write an own Login Module. Does anybody has a customized Login module for this issue?
At the end the best solution would be to enable the same user mapping mechanism on the JAVA world as on the ABAP world. --> Mapping the Distinguished Name to the SAP User

We have developed a login module which is working with Kerberos auth, not x.509 auth, but still solves a very similar problem to the problem you are describing. As you know, when SNC is used to logon to ABAP stack, the SNC name of the user is mapped onto a SAP user via entries in the USRACL table. Our mapping login module takes the authenticated user principal name from the shared state and uses this to lookup the entry in USRACL table on ABAP stack, and from this it will know which SAP user to use, and can update shared state with this info so that CreateTicketLoginModule will created an SSO2 ticekt for the mapped SAP user id.
This means that mapping of users externally authetnicated identity onto SAP user/client can be managed in one place, e.g in ABAP stack using USRACL table entires and su01 t-code etc.
I know it is not exactly what you wanted, since you are looking to use x.509 certifiates instead of Kerberos authentication, but I thought it was worth sharing so that you know the concept has already been implemeneted many times. Many of our customers use this login module when they have our product, for the same reasons that you have stated.
Thanks,
Tim

Many Portal users mapping one R/3 user and query their own data ?

Hi everyone :
I want to discuss a issue as follow with all :
Precondition : The SSO had done between Portal and R/3.
Issue : Many Portal user(vendor) mapping one R/3 user(pulic vendor user),when they logon Portal, they can query the report, but the data was for the vendor logon now !
Any discuss is welcome!
Best Regards,
Jianguo Chen

Hi everyone :
I want to discuss a issue as follow with all :
Precondition : The SSO had done between Portal and R/3.
Issue : Many Portal user(vendor) mapping one R/3 user(pulic vendor user),when they logon Portal, they can query the report, but the data was for the vendor logon now !
Any discuss is welcome!
Best Regards,
Jianguo Chen

SSO and User Mapping at same time

Hi,
Can we use SSO and User mapping at same time between Portal and SAP Backend system?
For some of the users the user id is different in both end.
After implementing the SSO... Will it affect the existing user mapping? and the system alias created for that?
If not, Can we use both SSO and user Mapping same time?
Thanks,
VB

Hi VB,
In this case I suggest you create 2 systems one you might have created for users who are having common user ids in portal & at the backend system.
For the users whose ids are defeering you can create reference system and in user managemant property of that system
Authentication Ticket Type - Select -SAP Logon TicketSAP Assertion Ticket
Logon Method - UWPW
User Mapping Fields - {100,200,300}Client;Language
where 100,200,300 are the clients of the backend system.
Assign this system in the ivews.
Thanks,
Vishal

Portal Runtime Error while performing User Mapping to SAP SRM

Please find below the error I received while User Mapping from Enterprise Portal to SAP SRM :
Portal Runtime Error
An exception occurred while processing a request for :
iView : pcd:portal_content/administrator/super_admin/super_admin_role/com.sap.portal.user_administration/com.sap.portal.user_mapping/com.sap.portal.userMappingAdmin/com.sap.portal.userMappingAdmin
Component Name : com.sap.portal.usermanagement.admin.UserMappingAdmin
User Mapping not fully available..
Exception id: 04:21_23/06/05_0073_8097650
See the details for the exception ID in the log file

Hi,
yes, Karsten is correct. Just some background:
"User Mapping not fully available.." finally means that user mapping is configured to use strong encryption, but the main crypto key for user mapping is missing. Usually, that's because "SAP Java Cryptographic Toolkit" and/or "JCE policy files for unlimited strength encryption" are not installed (or the server hasn't be restarted afterwards). The note will most likely help
Best regards
Heiko

User mapping from portal to R/3

Hello everyone,
Our situation is this :
We made some visual composer iviews (charts and tables) that get data from R/3.
Instead of creating users in R/3, we want to use only one public user who can only call RFC's in R/3. So how is the user mapping implemented in this situation?
Please give me detailed explanation for it or links of documentation.
I will be appreciative and all answers will be rewarded with points.
Thanks for help.

In addition and from a maintenance perspective you could do a: Portal Group to R/3 UserMapping.
This will then automatically map all Portal Users in the Portal Group to the one R/3 user in the back-end. This saves effort when new users are created on the portal you don't have to map them all.
This method is also proposed by SAP for mapping to MDM for example.
NOTE: When you choose this you cannot trace the user in the back-end because
this back-end user is shared. If this is not a problem for your scenarion then I would say go for it.
Cheers,
Benjamin Houttuin

Users mapping between EP and ABAP system

Hello
I'd like to ask for some guidance in my quest
Current situation looks like this:
I've configured UME in AS Java to work with LDAP as read only data source. Then I've configured SPNego to run SSO - It works, users from MS AD can log into portal.
Now I have application in WD which authorizes via EP/AD - works fine.
And next step is users mapping between AD and ABAP backend (serving some BAPI's for WD app)
I've found a bunch of help pages starting from
http://help.sap.com/saphelp_nwce711/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
But somehow it's quite complicated to achieve this mapping. I've tried to set RFC destinations logon type to user mapping but without succes.
Can anyone point me to some more clear example or give path to configure this scenario? Is there a way of configuring this with NWA or some XML file editing is required?
Any help will be appreciated.
BTW: whole environment is in version 7.11
Best regards
Maciej

There is no equivalent to SPNEGO on the ABAP side.
If your goal is to propagate the user, then possible options are:
-> Wait for SAML 2.0 or invest now in a SAML 1.0 provider.
-> Use the same kerberos ticket for the EP as what your ABAP system will accept: route = SNC and 3rd party libraries.
-> Issue SAP logon tickets for the ABAP system from the EP, and use these in your WDA.
Another option is to expose the service with saved logon data in the ICF. If the service is just a wrapper for the BAPI, then you can also consider using trusted RFC between the service and the backend, but this might not be acceptable for your service.
I have only done experimental stuff with this and some of the above is not released yet. Also consider the consequences, even if it "does work"...
Cheers,
Julius

Portal and R3 user mapping

Similar Messages

Maybe you are looking for