Portal Replication

Similar Messages

• Portal Replication Across Global Servers

  I am creating a Portal site in the US. This same site needs to be accessed in Indonesia, and it has been suggested to replicate the Portal site in Indonesia considering download times, etc. I have replicated regular website, but never a Portal. What would this entail? What kind of replication procedures are provided or would be needed?
  Regards,
  Kendra

  I don't recommend this approach. There are lots of references from one entry to another in the directory and so renaming the suffix is not that simple. In addition, the directory contains host names, domain names, and other information that is not going to be consistent with your Windows host. I would say it's possible, but probably not practical in a reasonable time frame.
  The recommended way to do development with the Sun Portal is to create some build scripts that can be used for different environments. This way you can simply create a "build" and run your scripts on various deployment targets. This creates a repeatable process that avoids the types of problems you are running into.
  Take a look at the ANT build scripts that are used to create the sample portals. There is a wealth of information there that will help you understand how to use scripts to create and deploy your portal. You will also have a really good understanding of the difference between Access Manager tasks and Portal Server tasks once you digest that information.
  - Jim

• Replication of Users from portal to R/3

  Hi,
  I would like to develop a portal functionnality that allows replication of users from portal to R/3. I know that the functionnality already exists in portal but we need to do another one because of special requirements. How could I find the java code of the existing functionnality to understand how SAP built it?
  Thanks

  Hi,
       You can check the following link
  <a href="http://help.sap.com/saphelp_nw04/helpdata/en/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.htm">UME</a>
  It will give you an idea of UME Architecture.
  See if it helps you.

• Userid replication from SRM to portal

  Dear Gents,
  Userid's are created in SRM system depending on external vendor registrations.  these users dont exist in ECC(ess/mss) system. Is it possible that we could update our LDAP with HR and SRM systems both as data source? and once userid is created in ECC or SRM, LDAP gets updated and from there Portal creates userid?
  if we add CRM too and all 3 systems have different users, how could we then assign corrosponding A, B, C roles automatically  in portal? if its a common role, we can add it to everyone group but with diffent technical system userid , how to proceed with different roles assignments????
  thanks
  Ankur

  Hi Ankur,
    Regarding your post from Oct 20th, I'm a little unclear. Are you referring to anonymous users or self-registration? It sounds like you're referring to self-registration so my question/request to you would be to please provide a little more info on how you configured self-registration. For example, it's possible to allow for simple self-registration where users are created at the time of registration and then allowed to see any content assigned to "Everyone". Conversely, you can setup up self-registration "with approval" where workflow rules will route this request and ensure new users are approved and assigned proper content. Which are you using?
    Regarding you latest post on Oct 24th: You can certainly do just as you described and host Portal servers for various applications on disparate hardware but I wouldn't call it a requirement still until we hear some more answers regarding the above. But, assuming we need to go that route, this can easily be done as you suggest. You can either offer a link to other Portals on each login page or offer that link on the home page of users once logged into each Portal. This may be cleaner as you can then configure SSO between these Portals and users can more seamlessly "jump" from one to another.
    Still another option would be to build a Federated Portal Network where content you produce on one (or more) Portal(s) is also consumed on one (or more) other Portal(s). Check the following links for this, it's pretty straight-forward:
  Content Sharing in SAP NetWeaver Portal
  http://wiki.sdn.sap.com/wiki/display/EP/ImplementingaFederatedPortalNetworkonSAPNetWeaverPortal+7
  But, like I said, I'm not sure you have to do this in your case. I'm interested in hearing more about your self-registration scenario before recommending FPN or even multiple Portal servers. Let me know.
  -Kevin

• Failover portal site and replication

  I am about to build our failover portal site, and would like to have some feedback from the one of you that already implemented this. I currently have a ALUI 6.1 on a .NET platform, using sql server, content, collaboration, studio and process servers.
  Any tips and recommendations are greatly appreciated.
  Edited by lilachtaylor at 07/25/2007 1:49 PM

  I am about to build our failover portal site, and would like to have some feedback from the one of you that already implemented this. I currently have a ALUI 6.1 on a .NET platform, using sql server, content, collaboration, studio and process servers.
  Any tips and recommendations are greatly appreciated.
  Edited by lilachtaylor at 07/25/2007 1:49 PM

• ISE 1.2 CWA with Multiple PSNs - SessionID Replication / Session Expired

  Hi all.
  I have a (2) Policy Services Nodes (PSNs) in an ISE 1.2 deployment running patch 1. We are using Wireless MAB and CWA on 5760 Wireless LAN Controllers running v3.3.3.
  We are hitting an issue wherein a client first passes MAB and then gets redirected to a CWA custom portal. The client then receives a Session Expired message. This seems to be related to the fact that CWA is technically a 2-stage authentication (MAB by the WLC and then CWA by the client). Specifically, it seems to happen when the WLC makes its MAB RADIUS access-request to PSN-1 and then the client comes in to PSN-2 to complete the CWA. This issue does not happen when only one PSN is in use and all authentication traffic (both MAB RADIUS and CWA) is directed at a single PSN.
  Clients resolve the FQDN in the redirect URL using public DNS and a public DNS zone file (call it cwa-portal.example.com). cwa-portal.example.com has two A records for the two PSN nodes. DNS is responding to queries using DNS round-robin.
  I have the PSNs configured in a Node Group for session information replication between PSNs, but this doesn't seem to make a difference in behavior.
  So I ask:
  What is the recommended architecture for CWA when using more than one PSN? It seems that you would need to keep the two authentication flows pinned together so that they both hit the same PSN when using more than one PSN in a deployment. A load balancer balancing on the SessionID string comes to mind (both the RADIUS MAB request and the CWA URL contain this unique per-client SessionID), but that seems terribly overbuilt for a seemingly simple problem. On the other hand, it also seems like using a Node Group setup should easily be able to replicate client SessionIDs to all nodes in the deployment so that this isn't an issue. I.e., if the WLC authenticates MAB on PSN-1, then PSN-1 should tell the Node Group about it such that when the client CWA's on PSN-2, PSN-2 doesn't respond with a Session Expired message.
  Is there any Cisco documentation that talks about this?
  Possibly related:
  https://supportforums.cisco.com/discussion/12131531/ise-12-guest-access-session-expired
  Justin

  Tim,
  Thanks for your reply and confirming my suspicion. Hopefully a future version of ISE will provide automated SessionID synchronization among PSNs so that front-end finagling in a multi-PSN environment won't be necessary.
  For anyone else with this issue who for whatever reason can't implement a load balancer(s), I built an automated EEM applet running on a "watchdog" switch (3750 running 12.2(55)SEE9) using IPSLA tracking that senses when PSN1 is down and then
  modifies an ASA to change its client-facing NAT statement for PSN1 to PSN2
  modifies the primary and HA wireless LAN controllers to change its MAB RADIUS aaa server group to use PSN2
  reverts the ASA and WLCs to using PSN1 when PSN1 is detected up and running again
  The applet ensures the SessionID authentications stay "glued" together so that both WLCs and the client hit the same PSN for both stages of authentication. It's failover only, not a load balancing solution, but it meets our current project's need for an automated HA environment.
  PM me if you want the code. I'm have a little too much going on ATM to sanitize and post it. :)
  Justin

• SSO Portal worng access

  Dear gurus:
  I have problems with the SSO configuration for Portal. I have executed the Diagtool from Note 957666 - Diagtool for Troubleshooting Security Configuration and this is the result:
  <!LOGHEADER[START]/>
  <!HELP[Manual modification of the header may cause parsing problem!]/>
  <!LOGGINGVERSION[1.5.3.7185 - 630]/>
  <!NAME[output\diagtool_080520_211200.log]/>
  <!PATTERN[diagtool_080520_211200.log]/>
  <!FORMATTER[com.sap.tc.logging.TraceFormatter([%s] %26d %m)]/>
  <!ENCODING[UTF8]/>
  <!LOGHEADER[END]/>
  [Info] May 20, 2008 9:12:07 PM    TXT*********************************************************************
  [Info] May 20, 2008 9:12:07 PM       diagtool version: 1.7.5
  [Info] May 20, 2008 9:12:07 PM     configiration file: J:\diagtool\conf\sso2.conf
  [Info] May 20, 2008 9:12:07 PM        configtool path: J:\usr\sap\EPI\JC01\j2ee\configtool\
  [Info] May 20, 2008 9:12:07 PM   
  [Info] May 20, 2008 9:12:07 PM            system name: EPI
  [Info] May 20, 2008 9:12:07 PM         system version: 7.00
  [Info] May 20, 2008 9:12:07 PM              SP number: 12
  [Info] May 20, 2008 9:12:07 PM   
  [Info] May 20, 2008 9:12:07 PM    Canonical Host Name: SAPIA64BW.gonvarri.com
  [Info] May 20, 2008 9:12:07 PM                   Host: SAPIA64BW
  [Info] May 20, 2008 9:12:07 PM                     IP: 10.20.1.91
  [Info] May 20, 2008 9:12:07 PM   
  [Info] May 20, 2008 9:12:07 PM             jdk vendor: Sun Microsystems Inc.
  [Info] May 20, 2008 9:12:07 PM            jdk version: 1.4.2_15
  [Info] May 20, 2008 9:12:07 PM    TXT*********************************************************************
  [Error] May 20, 2008 9:12:09 PM    JmxConnectionFactory.getMBeanServerConnection(...) failed for:  com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server. properties:{java.naming.provider.url=SAPIA64BW:50304, java.naming.factory.initial=com.sap.engine.services.jndi.InitialContextFactoryImpl, java.naming.security.principal=Administrator, java.naming.security.credentials=gonvarri1}
  [Error] May 20, 2008 9:12:09 PM    Log Viewer Client was not initialized.
  [Error] May 20, 2008 9:12:10 PM    JmxConnectionFactory.getMBeanServerConnection failed(...) for: com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server. properties:{java.naming.provider.url=SAPIA64BW:50304, java.naming.factory.initial=com.sap.engine.services.jndi.InitialContextFactoryImpl, java.naming.security.principal=Administrator, java.naming.security.credentials=gonvarri1}
  [Error] May 20, 2008 9:12:10 PM    LC client was not initialized
  [Info] May 20, 2008 9:12:10 PM    TXT
  com.sap.engine.config.diagtool.tests.util.PropertiesDump
  [Info] May 20, 2008 9:12:10 PM    (EvaluateAssertionTicketLoginModule) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
  [Info] May 20, 2008 9:12:10 PM    (EvaluateTicketLoginModule) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
  [Info] May 20, 2008 9:12:10 PM    TicketKeystore (3 entries)
            entry #1 (SAPLogonTicketKeypair-cert)
            ===========
  CERTIFICATE entry:
  Creation date               : Tue May 20 20:44:00 CEST 2008 (20 May 2008 18:44:00 GMT)
  Version                     : ver.3 X.509
  Algorithm                   : DSA
  Key Size                    : 1024 bits
  Subject name                : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  Issuer name                 : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  Serial number               : 60679227
  Signature Algorithm         : dsaWithSHA (1.2.840.10040.4.3)
  Validity:
                   not before : Tue May 20 20:42:00 CEST 2008 (20 May 2008 18:42:00 GMT)
                   not after  : Wed May 20 20:42:00 CEST 2009 (20 May 2009 18:42:00 GMT)
  Public key fingerprint      : 97:56:3E:4F:D2:7E:71:97:5A:4B:BE:CD:47:90:00:18
  Certificate fingerprint(MD5): 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
  Certificate extensions      :
     [critical]
     [non critical]
           SubjectKeyIdentifier: A3:2F:12:D4:B9:4C:33:00:A7:CB:22:F2:56:0A:3C:53:EE:57:13:F3
            entry #2 (SAPLogonTicketKeypair)
            ===========
  PRIVATE KEY entry
  Creation date               : Tue May 20 20:44:00 CEST 2008 (20 May 2008 18:44:00 GMT)
  Version:                    : PKCS#8 DSA
  Key Size                    : 1024 bits
  CertificationChain has 1 certificate(s)
    certificate #0 -
  Version                     : ver.3 X.509
  Algorithm                   : DSA
  Key Size                    : 1024 bits
  Subject name                : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  Issuer name                 : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  Serial number               : 60679227
  Signature Algorithm         : dsaWithSHA (1.2.840.10040.4.3)
  Validity:
                   not before : Tue May 20 20:42:00 CEST 2008 (20 May 2008 18:42:00 GMT)
                   not after  : Wed May 20 20:42:00 CEST 2009 (20 May 2009 18:42:00 GMT)
  Public key fingerprint      : 97:56:3E:4F:D2:7E:71:97:5A:4B:BE:CD:47:90:00:18
  Certificate fingerprint(MD5): 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
  Certificate extensions      :
     [critical]
     [non critical]
           SubjectKeyIdentifier: A3:2F:12:D4:B9:4C:33:00:A7:CB:22:F2:56:0A:3C:53:EE:57:13:F3
            entry #3 (BW_BWI_certificate)
            ===========
  CERTIFICATE entry:
  Creation date               : Tue May 20 20:44:04 CEST 2008 (20 May 2008 18:44:04 GMT)
  Version                     : ver.1 X.509
  Algorithm                   : DSA
  Key Size                    : 1024 bits
  Subject name                : CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
  Issuer name                 : CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
  Serial number               : 0
  Signature Algorithm         : dsaWithSHA (1.2.840.10040.4.3)
  Validity:
                   not before : Mon May 19 20:39:21 CEST 2008 (19 May 2008 18:39:21 GMT)
                   not after  : Fri Jan 01 01:00:01 CET 2038 (1 Jan 2038 00:00:01 GMT)
  Public key fingerprint      : 96:9B:1F:02:D1:18:BC:25:61:16:BB:8D:AA:13:EA:68
  Certificate fingerprint(MD5): 47:5D:87:50:89:F5:DD:72:A4:A3:B2:BA:FA:6A:B4:09
  Certificate extensions      :
      NONE
  [Info] May 20, 2008 9:12:10 PM    <?xml version="1.0" encoding="UTF-8"?>
  <!--  Configuration File for Authentication Schemes -->
  <!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/authschemes.xml#4 $ from $DateTime: 2004/01/20 17:27:21 $ ($Change: 14181 $) -->
  <document>
       <authschemes>
          <!--  authschemes, the name of the node is used -->
          <authscheme name="uidpwdlogon">
              <!-- multiple login modules can be defined -->
              <authentication-template>
                ticket
              </authentication-template>
              <priority>20</priority>
              <!-- the frontendtype TARGET_FORWARD = 0, TARGET_REDIRECT = 1, TARGET_JAVAIVIEW = 2 -->
              <frontendtype>2</frontendtype>
              <!-- target object -->
              <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
          </authscheme>
          <authscheme name="certlogon">
              <authentication-template>
                  client_cert
              </authentication-template>
              <priority>21</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
          </authscheme>
          <authscheme name="basicauthentication">
              <authentication-template>
                  ticket
              </authentication-template>
              <priority>20</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
          </authscheme>
          <authscheme name="header">
              <authentication-template>
                  header
              </authentication-template>
              <priority>5</priority>
              <frontendtype>2</frontendtype>
              <frontendtarget>com.sap.portal.runtime.logon.header</frontendtarget>
          </authscheme>
          <!-- Reserved 'anonymous' authscheme added for being in the list of authschemes -->
          <authscheme name="anonymous">
              <priority>-1</priority>
          </authscheme>
      </authschemes>
      <!--  References for Authentication Schemes, this section must be after authschemes -->
      <authscheme-refs>
          <authscheme-ref name="default">
              <authscheme>uidpwdlogon</authscheme>
          </authscheme-ref>
          <authscheme-ref name="UserAdminScheme">
              <authscheme>uidpwdlogon</authscheme>
          </authscheme-ref>
      </authscheme-refs>
  </document>
  [Info] May 20, 2008 9:12:10 PM    <?xml version="1.0" encoding="UTF-8"?>
  <!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_database_only.xml#2 $ from $DateTime: 2004/07/01 09:31:21 $ ($Change: 16627 $) -->
  <!DOCTYPE dataSources SYSTEM  "dataSourceConfiguration.dtd">
  <dataSources>   
      <dataSource id="PRIVATE_DATASOURCE"
                  className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
                  isReadonly="false"
                  isPrimary="true">
          <homeFor>
              <principals>
                   <principal type="group"/>
                   <principal type="user"/>
                   <principal type="account"/>
                  <principal type="team"/>
                  <principal type="ROOT" />
                  <principal type="OOOO" />
              </principals>
          </homeFor>
          <notHomeFor/>
          <responsibleFor>
              <principals>
                   <principal type="group"/>
                   <principal type="user"/>
                   <principal type="account"/>
                  <principal type="team"/>
                  <principal type="ROOT" />
                  <principal type="OOOO" />               
              </principals>
          </responsibleFor>
          <privateSection/>
      </dataSource>
  </dataSources>
  [Info] May 20, 2008 9:12:10 PM    com.sap.security.core.umap.key = ******
  login.authschemes.definition.file = authschemes.xml
  login.serviceuser.lifetime = 100
  login.ticket_client = 000
  login.ticket_keyalias = SAPLogonTicketKeypair
  login.ticket_keystore = TicketKeystore
  login.ticket_lifetime = 8
  login.ticket_portalid = auto
  ume.acl.validate_cached_acls = false
  ume.admin.account_privacy = true
  ume.admin.addattrs =
  ume.admin.allow_selfmanagement = false
  ume.admin.auto_password = true
  ume.admin.create.redirect =
  ume.admin.debug_internal = false
  ume.admin.display.redirect =
  ume.admin.modify.redirect =
  ume.admin.nocache = false
  ume.admin.orgunit.adapterid =
  ume.admin.password.migration = false
  ume.admin.phone_check = true
  ume.admin.public.addattrs =
  ume.admin.search_maxhits = 1000
  ume.admin.search_maxhits_warninglevel = 200
  ume.admin.self.addattrs =
  ume.admin.self.addressactive = false
  ume.admin.self.generate_password = false
  ume.admin.self.privacystatement.link =
  ume.admin.self.privacystatement.version = 1
  ume.admin.selfreg_company = false
  ume.admin.selfreg_guest = true
  ume.admin.selfreg_sus = false
  ume.admin.selfreg_sus.adapterid = SUS
  ume.admin.selfreg_sus.adminrole =
  ume.admin.selfreg_sus.deletecall = true
  ume.admin.wd.components.umeadminapp = {sap.com/tcsecumewdkit;com.sap.security.core.wd.maintainuser.MaintainUserComp},{sap.com/tcsecumewdkit;com.sap.security.core.wd.maintainrole.MaintainRoleComp},{sap.com/tcsecumewdkit;com.sap.security.core.wd.maintaingroup.MaintainGroupComp}
  ume.admin.wd.locales =
  ume.admin.wd.table.size.large = 20
  ume.admin.wd.table.size.medium = 10
  ume.admin.wd.table.size.small = 5
  ume.admin.wd.tenant.identifier.all = - All -
  ume.admin.wd.tenant.identifier.none = - None -
  ume.admin.wd.url.help = http://help.sap.com/saphelp_nw04s/helpdata/en/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.htm
  ume.admin.wdactive = true
  ume.allow_nested_groups = true
  ume.cache.acl.default_caching_time = 1800
  ume.cache.acl.initial_cache_size = 10000
  ume.cache.acl.permissions.default_caching_time = 3600
  ume.cache.acl.permissions.initial_cache_size = 100
  ume.cache.default_cache = distributableCache
  ume.cache.group.default_caching_time = 3600
  ume.cache.group.initial_cache_size = 500
  ume.cache.notification_time = 0
  ume.cache.principal.default_caching_time = 3600
  ume.cache.principal.initial_cache_size = 500
  ume.cache.role.default_caching_time = 3600
  ume.cache.role.initial_cache_size = 500
  ume.cache.user.default_caching_time = 3600
  ume.cache.user.initial_cache_size = 500
  ume.cache.user_account.default_caching_time = 3600
  ume.cache.user_account.initial_cache_size = 500
  ume.company_groups.description_template = Company
  ume.company_groups.displayname_template = ()
  ume.company_groups.enabled = false
  ume.company_groups.guestusercompany_enabled = true
  ume.company_groups.guestusercompany_name = Guest Users
  ume.db.connection_pool.j2ee.is_unicode = false
  ume.db.connection_pool_type = SAP/BC_UME
  ume.db.or_search.max_arguments = 50
  ume.db.parent_search.max_arguments = 300
  ume.db.use_default_transaction_isolation = false
  ume.ldap.access.action_retrial = 2
  ume.ldap.access.additional_password.1 = ******
  ume.ldap.access.additional_password.2 = ******
  ume.ldap.access.additional_password.3 = ******
  ume.ldap.access.additional_password.4 = ******
  ume.ldap.access.additional_password.5 = ******
  ume.ldap.access.auxiliary_naming_attribute.grup =
  ume.ldap.access.auxiliary_naming_attribute.uacc =
  ume.ldap.access.auxiliary_naming_attribute.user =
  ume.ldap.access.auxiliary_objectclass.grup =
  ume.ldap.access.auxiliary_objectclass.uacc =
  ume.ldap.access.auxiliary_objectclass.user =
  ume.ldap.access.base_path.grup =
  ume.ldap.access.base_path.uacc =
  ume.ldap.access.base_path.user =
  ume.ldap.access.context_factory = com.sun.jndi.ldap.LdapCtxFactory
  ume.ldap.access.creation_path.grup =
  ume.ldap.access.creation_path.uacc =
  ume.ldap.access.creation_path.user =
  ume.ldap.access.dynamic_group_attribute =
  ume.ldap.access.dynamic_groups = false
  ume.ldap.access.flat_group_hierachy = true
  ume.ldap.access.kerberos_data_url =
  ume.ldap.access.msads.control_attribute = userAccountControl
  ume.ldap.access.msads.control_value = 512
  ume.ldap.access.msads.grouptype.attribute = grouptype
  ume.ldap.access.msads.grouptype.value = 4
  ume.ldap.access.multidomain.enabled = false
  ume.ldap.access.naming_attribute.grup =
  ume.ldap.access.naming_attribute.uacc =
  ume.ldap.access.naming_attribute.user =
  ume.ldap.access.objectclass.grup =
  ume.ldap.access.objectclass.uacc =
  ume.ldap.access.objectclass.user =
  ume.ldap.access.password = ******
  ume.ldap.access.server_name =
  ume.ldap.access.server_port =
  ume.ldap.access.server_type =
  ume.ldap.access.size_limit = 0
  ume.ldap.access.ssl = false
  ume.ldap.access.ssl_socket_factory = com.sap.security.core.server.https.SecureConnectionFactory
  ume.ldap.access.time_limit = 0
  ume.ldap.access.user =
  ume.ldap.access.user_as_account = true
  ume.ldap.blocked_accounts = Administrator,Guest
  ume.ldap.blocked_groups = Administrators,Guests
  ume.ldap.blocked_users = Administrator,Guest
  ume.ldap.cache_lifetime = 300
  ume.ldap.cache_size = 100
  ume.ldap.connection_pool.connect_timeout = 25000
  ume.ldap.connection_pool.max_connection_usage_time_check_interval = 120000
  ume.ldap.connection_pool.max_idle_connections = 5
  ume.ldap.connection_pool.max_idle_time = 300000
  ume.ldap.connection_pool.max_size = 10
  ume.ldap.connection_pool.max_wait_time = 60000
  ume.ldap.connection_pool.min_size = 1
  ume.ldap.connection_pool.monitor_level = 0
  ume.ldap.connection_pool.retrial = 2
  ume.ldap.connection_pool.retrial_interval = 10000
  ume.ldap.default_group_member = cn=DUMMY_MEMBER_FOR_UME
  ume.ldap.default_group_member.enabled = false
  ume.ldap.record_access = FALSE
  ume.ldap.unique_grup_attribute =
  ume.ldap.unique_uacc_attribute =
  ume.ldap.unique_user_attribute =
  ume.locking.enabled = true
  ume.locking.max_wait_time = 30
  ume.login.basicauthentication = 1
  ume.login.context = ticket
  ume.login.context.default = ticket
  ume.login.guest_user.uniqueids = Guest
  ume.login.mdc.hosts =
  ume.logoff.redirect.silent = false
  ume.logoff.redirect.url =
  ume.logon.allow_cert = false
  ume.logon.branding_image = layout/branding-image.jpg
  ume.logon.branding_style = css/ur/ur_.css
  ume.logon.branding_text = layout/branding-text.gif
  ume.logon.force_password_change_on_sso = true
  ume.logon.httponlycookie = true
  ume.logon.locale = false
  ume.logon.logon_help = false
  ume.logon.logon_help.name_required = false
  ume.logon.logon_help.securityquestion = false
  ume.logon.r3master.adapterid = master
  ume.logon.security.enforce_secure_cookie = false
  ume.logon.security.local_redirect_only = true
  ume.logon.security.relax_domain.level = 1
  ume.logon.security_policy.auto_unlock_time = 60
  ume.logon.security_policy.cert_logon_required = false
  ume.logon.security_policy.enforce_policy_at_logon = false
  ume.logon.security_policy.lock_after_invalid_attempts = 6
  ume.logon.security_policy.log_client_hostaddress = true
  ume.logon.security_policy.log_client_hostname = false
  ume.logon.security_policy.oldpass_in_newpass_allowed = false
  ume.logon.security_policy.password_alpha_numeric_required = 1
  ume.logon.security_policy.password_change_allowed = true
  ume.logon.security_policy.password_change_required = TRUE
  ume.logon.security_policy.password_expire_days = 90
  ume.logon.security_policy.password_history = 0
  ume.logon.security_policy.password_impermissible =
  ume.logon.security_policy.password_last_change_date_default = 12/31/9999
  ume.logon.security_policy.password_max_idle_time = 0
  ume.logon.security_policy.password_max_length = 14
  ume.logon.security_policy.password_min_length = 5
  ume.logon.security_policy.password_mix_case_required = 0
  ume.logon.security_policy.password_special_char_required = 0
  ume.logon.security_policy.password_successful_check_date_default = 12/31/9999
  ume.logon.security_policy.userid_digits = 0
  ume.logon.security_policy.userid_in_password_allowed = false
  ume.logon.security_policy.userid_lowercase = 0
  ume.logon.security_policy.userid_special_char_required = 0
  ume.logon.security_policy.useridmaxlength = 20
  ume.logon.security_policy.useridminlength = 1
  ume.logon.selfreg = false
  ume.logonAuthenticationFactory = com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
  ume.multi_tenancy.automatic_logonid_prefixing = true
  ume.multi_tenancy_support_enabled = false
  ume.notification.admin_email =
  ume.notification.create_approval = true
  ume.notification.create_by_batch_performed = true
  ume.notification.create_denied = true
  ume.notification.create_performed = true
  ume.notification.create_request = true
  ume.notification.delete_performed = true
  ume.notification.email_asynch = true
  ume.notification.lock_performed = true
  ume.notification.mail_host =
  ume.notification.pswd_reset_performed = true
  ume.notification.pswd_reset_request = true
  ume.notification.selfreg_performed = true
  ume.notification.system_email =
  ume.notification.unlock_performed = true
  ume.notification.update_by_batch_performed = true
  ume.notification.workflow_email =
  ume.persistence.batch.page_size = 25
  ume.persistence.data_source_configuration = dataSourceConfiguration_database_only.xml
  ume.persistence.pcd_roles_data_source_configuration = dataSourceConfiguration_PCDRoles.xml
  ume.persistence.ume_roles_data_source_configuration = dataSourceConfiguration_UMERoles.xml
  ume.principal.simple_search.attributes.account = j_user
  ume.principal.simple_search.attributes.action = uniquename
  ume.principal.simple_search.attributes.group = uniquename
  ume.principal.simple_search.attributes.role = uniquename
  ume.principal.simple_search.attributes.user = uniquename,firstname,lastname
  ume.r3.connection.001.TimeZoneMapping =
  ume.r3.connection.001.ashost =
  ume.r3.connection.001.client =
  ume.r3.connection.001.group =
  ume.r3.connection.001.gwhost =
  ume.r3.connection.001.gwserv =
  ume.r3.connection.001.lang =
  ume.r3.connection.001.msghost =
  ume.r3.connection.001.passwd = ******
  ume.r3.connection.001.poolmaxsize = 10
  ume.r3.connection.001.poolmaxwait =
  ume.r3.connection.001.r3name =
  ume.r3.connection.001.receiverid = 001
  ume.r3.connection.001.receiverid_guest = 001
  ume.r3.connection.001.snc_lib =
  ume.r3.connection.001.snc_mode =
  ume.r3.connection.001.snc_myname =
  ume.r3.connection.001.snc_partnername =
  ume.r3.connection.001.snc_qop =
  ume.r3.connection.001.sysnr =
  ume.r3.connection.001.user =
  ume.r3.connection.001.userole = false
  ume.r3.connection.002.TimeZoneMapping =
  ume.r3.connection.002.ashost =
  ume.r3.connection.002.client =
  ume.r3.connection.002.group =
  ume.r3.connection.002.gwhost =
  ume.r3.connection.002.gwserv =
  ume.r3.connection.002.lang =
  ume.r3.connection.002.msghost =
  ume.r3.connection.002.passwd = ******
  ume.r3.connection.002.poolmaxsize = 10
  ume.r3.connection.002.poolmaxwait =
  ume.r3.connection.002.r3name =
  ume.r3.connection.002.receiverid = 002
  ume.r3.connection.002.receiverid_guest = 002
  ume.r3.connection.002.snc_lib =
  ume.r3.connection.002.snc_mode =
  ume.r3.connection.002.snc_myname =
  ume.r3.connection.002.snc_partnername =
  ume.r3.connection.002.snc_qop =
  ume.r3.connection.002.sysnr =
  ume.r3.connection.002.user =
  ume.r3.connection.002.userole = false
  ume.r3.connection.003.TimeZoneMapping =
  ume.r3.connection.003.ashost =
  ume.r3.connection.003.client =
  ume.r3.connection.003.group =
  ume.r3.connection.003.gwhost =
  ume.r3.connection.003.gwserv =
  ume.r3.connection.003.lang =
  ume.r3.connection.003.msghost =
  ume.r3.connection.003.passwd = ******
  ume.r3.connection.003.poolmaxsize = 10
  ume.r3.connection.003.poolmaxwait =
  ume.r3.connection.003.r3name =
  ume.r3.connection.003.receiverid = 003
  ume.r3.connection.003.receiverid_guest = 003
  ume.r3.connection.003.snc_lib =
  ume.r3.connection.003.snc_mode =
  ume.r3.connection.003.snc_myname =
  ume.r3.connection.003.snc_partnername =
  ume.r3.connection.003.snc_qop =
  ume.r3.connection.003.sysnr =
  ume.r3.connection.003.user =
  ume.r3.connection.003.userole = false
  ume.r3.connection.master.TimeZoneMapping =
  ume.r3.connection.master.abap_debug =
  ume.r3.connection.master.ashost =
  ume.r3.connection.master.client =
  ume.r3.connection.master.group =
  ume.r3.connection.master.gwhost =
  ume.r3.connection.master.gwserv =
  ume.r3.connection.master.lang = EN
  ume.r3.connection.master.msghost =
  ume.r3.connection.master.msserv =
  ume.r3.connection.master.passwd = ******
  ume.r3.connection.master.poolmaxsize = 10
  ume.r3.connection.master.poolmaxwait =
  ume.r3.connection.master.r3name =
  ume.r3.connection.master.receiverid = master
  ume.r3.connection.master.receiverid_guest = master
  ume.r3.connection.master.snc_lib =
  ume.r3.connection.master.snc_mode =
  ume.r3.connection.master.snc_myname =
  ume.r3.connection.master.snc_partnername =
  ume.r3.connection.master.snc_qop =
  ume.r3.connection.master.sysnr =
  ume.r3.connection.master.trace =
  ume.r3.connection.master.user =
  ume.r3.connection.tpd.adapterid = value of ume.r3.connection.tpd.systemid
  ume.r3.connection.tpd.systemid = SUS
  ume.r3.mastersystem = BWICLNT300
  ume.r3.mastersystem.uid.mode = 1
  ume.r3.orgunit.adapterid =
  ume.r3.sync.sender = SAPMUM
  ume.r3.use.role = false
  ume.replication.adapters.001.companies =
  ume.replication.adapters.001.scope =
  ume.replication.adapters.002.companies =
  ume.replication.adapters.002.scope =
  ume.replication.adapters.003.companies =
  ume.replication.adapters.003.scope =
  ume.replication.adapters.index_1 =
  ume.replication.adapters.index_2 =
  ume.replication.adapters.index_3 =
  ume.replication.adapters.master.companies =
  ume.replication.adapters.master.scope =
  ume.replication.crm_sup_register_check = BBP_SUS_BUPA_REGID_CHECK
  ume.replication.messaging.active = false
  ume.replication.sync.display_all_doc = false
  ume.roles.pcd_roles_with_actions =
  ume.roles.xml_files = *role.xml
  ume.secaudit.get_object_name = false
  ume.secaudit.log_actor = true
  ume.spml.schema_name = schema.xml
  ume.superadmin.activated = false
  ume.superadmin.password = ******
  ume.supergroups.anonymous_group.description = Built-in Group Anonymous Users
  ume.supergroups.anonymous_group.displayname = Anonymous Users
  ume.supergroups.anonymous_group.uniquename = Anonymous Users
  ume.supergroups.authenticated_group.description = Built-in Group Authenticated Users
  ume.supergroups.authenticated_group.displayname = Authenticated Users
  ume.supergroups.authenticated_group.uniquename = Authenticated Users
  ume.supergroups.everyone.description = Built-in Group Everyone
  ume.supergroups.everyone.displayname = Everyone
  ume.supergroups.everyone.uniquename = Everyone
  ume.testum = false
  ume.tpd.classloader =
  ume.tpd.companies = 0
  ume.tpd.imp.class = com.sap.security.core.tpd.SimpleTPD
  ume.tpd.prefix = STPD_
  ume.trace.external_trace_class = com.sap.security.core.util.imp.UMTrace_630
  ume.usermapping.admin.pwdprotection = true
  ume.usermapping.key.protection = TRUE
  ume.usermapping.refsys.mapping.type = internal
  ume.usermapping.unsecure = false
  ume.users.displayname_template = ,
  ume.users.email_pattern = ?@?.?*
  ume.virtual_groups.description_template = Virtual group
  ume.virtual_groups.displayname_template =
  ume.virtual_groups.group_names_separator = ;
  ume.virtual_groups.name_prefix =
  ume.virtual_groups.names =
  ume.virtual_groups.trim_group_names = true
  ume.virtual_groups.user_attribute =
  ume.virtual_groups.user_attribute.multivalue = true
  ume.virtual_groups.user_attribute.namespace =
  [Info] May 20, 2008 9:12:10 PM    TXT
  com.sap.engine.config.diagtool.tests.authentication.sso2.SSOTicketIssuerConfigTest
  This test verifies the Single Sign-On (SSO) configuration on J2EE Engine.
  It checks the prerequisites for issuing SSO logon tickets:
  validity of the ticket client
     the client is a three-digit string, e.g. 071
  validity of the ticket signing private key/certificate
     the ticket signing PK location, defined in UME properties,
     must be a keypair and the acceptable algorithm is DSA.
  [Info] May 20, 2008 9:12:10 PM    client string OK
  [Info] May 20, 2008 9:12:10 PM    keystore  view name found in UME: [TicketKeystore]
  [Info] May 20, 2008 9:12:10 PM    keystore alias name found in UME: [SAPLogonTicketKeypair]
  [Info] May 20, 2008 9:12:10 PM   
  ~ getName ~
  SAPLogonTicketKeypair
  ~ isCertificate ~
  false
  ~ isKeypair ~
  true
  ~ getCertificate ~
  Version: 3
  Serial number: 60679227
  Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
  Issuer: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  Valid not before: Tue May 20 20:42:00 CEST 2008
        not after: Wed May 20 20:42:00 CEST 2009
  Subject: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  DSA public key (1024 bits):
  y: 3c01d64c6c4f5459e7a436429d4e3905b5200333847262a730b65c35be02adc436a3962808a0ea1b544507364397075794dd8f11bc8528bd548141aec0a33d4f3c0818217d07484d43823fccc487038dd2aaa42f0d2c0498c853ed3c172902434674a9b3e7ff12dd6f4a2834978d35ca9cf69bdc1becec2c16267ae334f2fdc
  p: 827dd49ca2056984e98371b1340d5d71839285b25acaa382d7ac386e9440843f0a467aa875a8c1ca3b70ba6a970712f6b199ed3eec5313f3940a67bbd69f38722961ab023d17a1333c52235d9fb7d10e95e3a55ef9b04fc7c920c572da7ac3d50f240dbb8e54da9ebb702111c53582e535852e9f593979b33250c88683961917
  q: fa5079dafa3f3ab1e80a6df5bd16f224d8f8d71b
  g: 4fbdf52e3304f051c17ca55c9381b5c17d4c205076853450cfd9fc72b2e1b2b16fa01048b8ff17e7a90ae1e018053e34d9d561df714cc8dc92b151b5df6659706b5e57c319a2d6583b7d32d2e9e1f1663eaaac460dcd4e677036f7f9be0b2e16a05d695d5b8113a903cb3863561abd364a5d6c156617fa10a32099e1d2347713
  Certificate Fingerprint (MD5)  : 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
  Certificate Fingerprint (SHA-1): DD:56:49:B1:D3:0B:BD:79:A3:03:CF:66:33:86:4C:A0:16:FD:04:8F
  Extensions: 1
  ~ getChain ~
    chain [1]
      Subject:CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
      Algorithm:dsaWithSHA(1.2.840.10040.4.3)
  ~ getClass ~
  class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
  [Info] May 20, 2008 9:12:10 PM    The keystore entry test successful.
  [Info] May 20, 2008 9:12:10 PM    The keystore entry is a keypair.
  [Info] May 20, 2008 9:12:10 PM    The SSO private key signing algorithm is [DSA]
  [Info] May 20, 2008 9:12:10 PM    The private key format is [PKCS#8]
  [Info] May 20, 2008 9:12:10 PM    The system can issue SSO logon tickets.
  [Info] May 20, 2008 9:12:10 PM    The tickets will be issued with client [000], system [EPI]
  [Info] May 20, 2008 9:12:10 PM    TXT
  com.sap.engine.config.diagtool.tests.authentication.sso2.SSOTicketVerifierConfigTest
  This test verifies the Single Sign-On (SSO) configuration on J2EE Engine.
  It checks all SSO certificates imported in the SSO trusted key store view
  defined in UME properties table. The certificates are verified for validity,
  algorithm identifier, and public/private key content. The test checks also
  the Access Control Lists configured in evaluate authentication modules.
  The ACLs must contain Subjects and Issuers that are available
  in the SSO trusted key store view
  [Info] May 20, 2008 9:12:10 PM    keystore  view name found in UME: [TicketKeystore]
  [Info] May 20, 2008 9:12:10 PM    keystore alias name found in UME: [SAPLogonTicketKeypair]
  [Info] May 20, 2008 9:12:10 PM      ***  checking SSO anchors *** 
  [Info] May 20, 2008 9:12:10 PM    found 2 entries
  [Info] May 20, 2008 9:12:10 PM     ************ entry #1 [SAPLogonTicketKeypair-cert] **************
  [Info] May 20, 2008 9:12:10 PM   
  ~ getName ~
  SAPLogonTicketKeypair-cert
  ~ isCertificate ~
  true
  ~ isKeypair ~
  false
  ~ getCertificate ~
  Version: 3
  Serial number: 60679227
  Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
  Issuer: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  Valid not before: Tue May 20 20:42:00 CEST 2008
        not after: Wed May 20 20:42:00 CEST 2009
  Subject: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
  DSA public key (1024 bits):
  y: 3c01d64c6c4f5459e7a436429d4e3905b5200333847262a730b65c35be02adc436a3962808a0ea1b544507364397075794dd8f11bc8528bd548141aec0a33d4f3c0818217d07484d43823fccc487038dd2aaa42f0d2c0498c853ed3c172902434674a9b3e7ff12dd6f4a2834978d35ca9cf69bdc1becec2c16267ae334f2fdc
  p: 827dd49ca2056984e98371b1340d5d71839285b25acaa382d7ac386e9440843f0a467aa875a8c1ca3b70ba6a970712f6b199ed3eec5313f3940a67bbd69f38722961ab023d17a1333c52235d9fb7d10e95e3a55ef9b04fc7c920c572da7ac3d50f240dbb8e54da9ebb702111c53582e535852e9f593979b33250c88683961917
  q: fa5079dafa3f3ab1e80a6df5bd16f224d8f8d71b
  g: 4fbdf52e3304f051c17ca55c9381b5c17d4c205076853450cfd9fc72b2e1b2b16fa01048b8ff17e7a90ae1e018053e34d9d561df714cc8dc92b151b5df6659706b5e57c319a2d6583b7d32d2e9e1f1663eaaac460dcd4e677036f7f9be0b2e16a05d695d5b8113a903cb3863561abd364a5d6c156617fa10a32099e1d2347713
  Certificate Fingerprint (MD5)  : 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
  Certificate Fingerprint (SHA-1): DD:56:49:B1:D3:0B:BD:79:A3:03:CF:66:33:86:4C:A0:16:FD:04:8F
  Extensions: 1
  ~ getChain ~
    chain [1]
      Subject:CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
      Algorithm:dsaWithSHA(1.2.840.10040.4.3)
  ~ getClass ~
  class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
  [Info] May 20, 2008 9:12:10 PM    The certificate CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE algorithm OK.
  [Info] May 20, 2008 9:12:10 PM     ************ entry #2 [BW_BWI_certificate] **************
  [Info] May 20, 2008 9:12:10 PM   
  ~ getName ~
  BW_BWI_certificate
  ~ isCertificate ~
  true
  ~ isKeypair ~
  false
  ~ getCertificate ~
  Version: 1
  Serial number: 0
  Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
  Issuer: CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
  Valid not before: Mon May 19 20:39:21 CEST 2008
        not after: Fri Jan 01 01:00:01 CET 2038
  Subject: CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
  DSA public key (1024 bits):
  y: 8c6ac727a5a7048353e1bde69321c38bd99272f2bd771a678532dc0c8f8bb1f9c5d7c6443986345d0a2a2b4dd1c75b929667ebb6cf1412c4f99381b9ac571f8d2c334892db815547c4e418b001b2276e6a49c106c0248f1a8686650a656f33e648cf8d3e54becf5e0bcdcf5034afd94bf1d7f574258f6e75651b983187dd0093
  p: ffe26acc911b083ba364f621c222f00778501509d9748e364824daf19f80448ebd439d2077cff772120bebf27319a108959ec959eb80047729c7d794eb73eff5eaa90def10b5b4aaee638e6b16a9e0608da6f489e259eeb0a3be1a7cac431361ab3bccc13967e571596889e6a605ab6721b0d18712acb8d349ced2f8c1e5cc21
  q: 90648a4ec3287c602b63a4d44182fb284d790bfd
  g: eb309896ee2cae22e23186d98244bd8910dc697c922930d561529d51a9bc72e9e30012e2205f60752c83a9665b3d8a4d9dbdc7a30a7cb118e97cf114f6571589ed037f39f926523fe08fef40e7339066368c7957c8b744441970497f3d09231cc9af95f178d1632a0c42ff603cb294668021e4a6bcb86fc69d15041fd0f554bb
  Certificate Fingerprint (MD5)  : 47:5D:87:50:89:F5:DD:72:A4:A3:B2:BA:FA:6A:B4:09
  Certificate Fingerprint (SHA-1): 3B:CC:58:02:86:47:D2:02:E2:E2:DB:73:84:C1:F1:81:DB:D1:72:F3
  ~ getChain ~
    chain [1]
      Subject:CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
      Algorithm:dsaWithSHA(1.2.840.10040.4.3)
  ~ getClass ~
  class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
  [Info] May 20, 2008 9:12:10 PM    The certificate CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE algorithm OK.
  [Info] May 20, 2008 9:12:10 PM      ***  com.sap.security.core.server.jaas.EvaluateTicketLoginModule  *** 
  [Info] May 20, 2008 9:12:10 PM    28 configurations found.
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/com.sap.aii.security.ws*KeystoreHelp_client]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/com.sap.aii.security.ws*KeystoreHelp_client]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/KeystoreHelp/client
      auth_method=client-cert
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/com.sap.aii.af.ispeak.app*pip]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/com.sap.aii.af.ispeak.app*pip]}(size: 3)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
                      #1 ume.configuration.active = true
            2.  ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule )  ( REQUISITE ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
            3.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( OPTIONAL ) com.sap.security.core.server.jaas.CreateTicketLoginModule
                      #1 ume.configuration.active = true
    authentication properties:
      realm_name=ISPEAK
      policy_domain=/RWB
      auth_method=basic
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/tcslmslmapp*slmSolManServices_Config1]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/tcslmslmapp*slmSolManServices_Config1]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/slmSolManServices/Config1
      auth_method=client-cert
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/cafruntimeear*CAFDataService_Config]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/cafruntimeear*CAFDataService_Config]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/CAFDataService/Config
      auth_method=basic
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/com.sap.aii.af.service.trex.ws*TrexProcessor_basic]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/com.sap.aii.af.service.trex.ws*TrexProcessor_basic]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/TrexProcessor/basic
      auth_method=basic
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/tcsecwssec~app*wssproc_plain]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/tcsecwssec~app*wssproc_plain]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/wssproc/plain
      auth_method=basic
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/tckmcbc.rf.wsrfwsear*RepositoryFrameworkWS_Config1]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/tckmcbc.rf.wsrfwsear*RepositoryFrameworkWS_Config1]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/RepositoryFrameworkWS/Config1
      auth_method=basic
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/com.sap.xi.mdt*AdapterMessageMonitoring_basic]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/com.sap.xi.mdt*AdapterMessageMonitoring_basic]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/AdapterMessageMonitoring/basic
      auth_method=basic
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/com.sap.aii.af.ms.app*MessagingSystem]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/com.sap.aii.af.ms.app*MessagingSystem]}(size: 2)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
                      #1 ume.configuration.active = true
            2.  ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule )  ( REQUISITE ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
    authentication properties:
      realm_name=Message Display Tool
      policy_domain=/RWB
      auth_method=basic
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/tcslmslmapp*slmServices_config]
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM    {[sap.com/tcslmslmapp*slmServices_config]}(size: 4)
            1.  ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
            2.  ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
            3.  ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule )  ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
            4.  ( com.sap.security.core.server.jaas.CreateTicketLoginModule )  ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
    authentication properties:
      realm_name=Upload Protected Area
      policy_domain=/slmServices/config
      auth_method=client-cert
  [Warning] May 20, 2008 9:12:10 PM    No options defined
  [Info] May 20, 2008 9:12:10 PM      ----
  [Info] May 20, 2008 9:12:10 PM      |                                                                       |
  [Info] May 20, 2008 9:12:10 PM      |   Auth stack [sap.com/com.sap.lcr*sld]
  [Info] May 20, 2008 9:12:10 PM      |                                                     

  When I execute RSPOR_SETUP report from SE38 to check the configuration between BW and Protal, the system shows the following message:
  http://img58.imageshack.us/img58/1910/j2eegw5.png
  http://img53.imageshack.us/img53/4158/step7vf1.png
  This is my configuration:
  http://img58.imageshack.us/img58/5937/strustry9.png
  http://img142.imageshack.us/img142/9721/keystorageyt6.png
  http://img53.imageshack.us/img53/6971/ticketbl2.png
  http://img53.imageshack.us/img53/2689/evaluatemr0.png
  http://img177.imageshack.us/img177/1271/umeyz5.png
  http://img53.imageshack.us/img53/9763/slddf1.png
  Entry in dev_jrfc.trc
  Message : java.lang.RuntimeException: call FM RSWR_RFC_SERVICE_TEST to ProgId SAPIA64BW_PORTAL_EPI on host SAPIA64BW with SSO not authorized: Missing Password
  Datasource : 11197950:J:\usr\sap\EPI\JC01\j2ee\cluster\server0\dev_jrfc.trc
  Could you please help me??
  Thanks in advance
  Edited by: Juan de la Cruz Arellano Royo on May 21, 2008 11:17 AM

• In portal it shows both status in bex it shows current

  Hi experts,
  Can anyone please tell me when i run sales order report it shows (current)Booked status in BW(BEX) but in portal it shows open and Booked status(it should show only Booked status).Thanks

  Hi Rohit,
  As per your suggestion i have removed high value from filter and then checkd CRMSUBTAB in ERP  it shows an entry CRS_MATERIAL_EXTRACT
  Entries in ERP-table CRMSUBTAB
  Client
  User
  Object Name Downloaded
  Up-or downloaded
  object class
  Function Module name
  CRM
  D
  MATERIAL
  CRS_MATERIAL_EXTRACT
  Also find the entries in CRM-table CRMSUBTAB
  Entries in CRM-table CRMSUBTAB
  Client
  User
  Object Name Downloaded
  Up-or downloaded
  object class
  Function Module name
  CRM
  ADPTESTMBDOC
  D
  ADPTEST
  ADPTST_EXTRACT_MODULE
  CRM
  ADPTESTMBDOC
  U
  ADPTEST
  CRM_ADPTESTMBDOC_LOAD_PROXY
  CRM
  BUAG_MAIN
  D
  BUPA
  CRM_BUAG_MAIN_EXTRACT_GUIDS
  CRM
  BUPA_MAIN
  D
  BUPA
  CRM_BUPA_MAIN_EXTRACT_GUIDS
  CRM
  BUPA_REL
  D
  BUPA
  CRM_BUPA_REL_EXTRACT_GUIDS
  CRM
  CMDOC_NOTIFY
  D
  CMDOC_NOTIFY
  CRM_CM_EXTRACT_GUIDS
  CRM
  VEND_MAIN
  D
  BUPA
  CRM_BUPA_MAIN_EXTRACT_GUIDS
  After that i did material replication but it still shows block size 0

• Vendor Replication Issue

  Hello Experts,
  We are in SRM 7.0 classic scenario.We are facing an issue in Vendor replication as described below:-
  We have connected a new backend R/3 system to the SRM system i.e now the SRM system is connected to 2 backend R/3 system.
  We replicated the vendor from the new backend R/3 system as shown below
  1.Transaction BBPGETVD to bring the vendors from the new backend R/3 system into SRM system
  2.Transaction BBPUPDVD to update the vendor from the new backend R/3 system.
  There were around 25000 vendors linked to the Required Purchasing org in the the new backend R/3 system, but out of these only 2 could be replicated.
  We verified the Vendor Replication as described below
  1) SE16-Table VENMAP(logsys-new backend R/3 system)
  2) SE16-BBPM_BUT_FRG0061(To confirm the Org ID of the Porg for which these vendors are extended)
  We can see that the vendor are from the New backend R/3 system and extended for the required Porg.
  However, when we try to search for these vendors in the SRM portal, we are unable to find it.
  Can you all experts, plz let us know
  1. Why only 2 vendors were successfully replicated from the new backend R/3 system?We checked the vendors status using LFM1 & LFB1 and could see many more vendor could had been replicated.
  2.Why we were unable to search for the vendors in portal inspite of the fact the we can see the vendor in VENMAP and also in the BBPM_BUT_FRG0061(we have ensured that we are putting the correct Porg ID in the search for eg. 0 5*******) and also we can search the vendor from the old R/3 system?
  We would like to also mention that we have same vendors with different vendor numbers in different backend R/3 system.
  Any pointers to resolve this issue will be highly appreciated.
  Regards,
  RKS

  Hello Experts ,
  I forgot to mention that ,i'm getting following warning message:-
  Warning:
  If you use external number assignment,you will lose data records
  Number of supplier lost                                   23.333
  The following allocation results from the transfer.
  Total number of suppliers:                              23.335
  Adoption of R/3 description                            23.333
  Can you all experts plz explain what is "external number assignment" and also we are using option transfer only R/3 number
  but still why 23.333 verdors are lost
  Thank you in advance for suggestions,
  Thaks & Regards,
  RKS

• SRM 5.0 - Non-replication of Blocked Vendors from R/3 to EBP

  Hi Team,
  We are using SAP SRM 5.0 for e-procurement.
  Issue:
  The R/3 vendor is transferred to SRM for creation of bidder ID for e-procurement. Presently there is no check/warning message in the system while transferring blocked vendor from R/3 to SRM using BBPGETVD.
  The blocked vendor while bidding using e-procurement portal gets a warning message that the 'User is blocked or archived'. With this warning message, the panic situation arises and the bidder gets confused while bidding.
  Solution:
  BADI BBP_TRANSDATA_PREP was implemented. The Error message u2018Vendor is blockedu2019 was given in case of block vendor of SAP R/3 not getting replicated in SAP SRM. This did not work as the message appearing during BBPGETVD was actually the original Message of Message class BBP_BUPA Message No: 030
  Original: u201CAll backend descriptions are already assigned in the systemu201D
  It was changed to: u201CVendor is already transferred or blockedu201D.
  This was tested and was working fine as the Vendor replication was being done individually and not in lots.
  The unblocked ones were getting replicated. The blocked ones and the ones that had already got replicated were throwing up the warning message: u201CVendor is already transferred or blockedu201D.
  About 5-8 Vendors both blocked and unblocked behaved as was desired. On further testing it was found that the blocked Vendors instead of throwing up the message were moving on to the next screen/stage for transferring of Vendors. On checking it was found that certain Vendors (Blocked) are appearing in an internal table and as such the required warning message is not appearing.
  We are unable to comprehend where from are these Blocked Vendors appearing in the internal table?
  Alternatively do kindly suggest if there are any other solutions for this issue by way of configuration change or some other method.
  Thanks.
  Best regards,
  Vijay

  Hello Vijay,
  Make use of the EEWB transaction for the BO vendor replication. You have an abiltiy to set your own attributes on which/what  kind of data you want to replicate into SRM from ECC.
  All the best.
  Regards,
  Mani

• Order of start infrastructure and Portal - SCRIPT

  I replied to someone's query on this topic, so I thought it might be useful for others as well. The script that I wrote in June 2002 for an article in oracle magazine.
  It is simple & it works, in a way tells you status of the
  components as well.
  Put it an a file chmod to allow execute ...
  I have included the debug in the script as well.
  Hope this helps.
  Sunder Aswani (an Oracle & Portal DBA consultant in London)
  # Enter the shell type here. Trnsf. /opt/oracle to mid tier.
  # Script to start infra/portal on a single or with mid tier system
  # By Sunder Aswani (An oracle & Portal DBA consultant in London)
  # Version 1.0 dated 20th June 2002.
  $ORACLE_HOME/bin/oidctl connect=iasdb server=oidldapd instance=1 start
  $ORACLE_HOME/bin/oidctl connect=iasdb server=oidldapd instance=2 start
  $ORACLE_HOME/dcm/bin/dcmctl start -ct ohs
  $ORACLE_HOME/bin/oidmon start
  $ORACLE_HOME/dcm/bin/dcmctl start oc4j
  $ORACLE_HOME/opmn/bin/opmnctl startall
  $ORACLE_HOME/bin/emctl start
  /opt/oracle/portal/dcm/bin/dcmctl start -ct ohs
  /opt/oracle/portal/opmn/bin/opmnctl startall
  ps -ef|grep http
  $ORACLE_HOME/dcm/bin/dcmctl getstate -v
  $ORACLE_HOME/ldap/bin/ldapcheck
  ## Each of these processes will have an associated log. /Given the UNIX example:
  ## Process oidmon is Alive as PID 1035 -->oidmon.log (guardian process)
  ## Process oidldapd is Alive as PID 1051 -->oidldapd01.log (ldap dispatcher)
  ## Process oidldapd is Alive as PID 1043 -->oidldapd01s1043.log (ldap server)
  ## Not Running ---- Process oidrepld -->oidrepld01xxxx.log (if replication)
  ## $ORACLE_HOME/bin/odisrvreg -h sun.portal.com -p 4032 -D "cn=orcladmin" -w ias_admin1
  ## It is best to clean out the existing log files so we can view the results of your test. Please do
  the following:
  ## a. stop all oid processes
  ## b. repeat Step 1 until you no longer see the OID processes
  ## c. clean out all existing logfiles in the $ORACLE_HOME/ldap/log
  ## d. restart the oid processes with extended tracing...
  ## oidmon connect=<SID> start
  ## $ORACLE_HOME/bin/oidctl connect=<SID> server=oidldapd instance=1 flags=" -port <PORT> -host <HOST>
  -debug <DEBUG-LEVEL>" start
  ## $ORACLE_HOME/bin/oidctl connect=iasdb server=oidldapd instance=1 flags=" -port 4032 -h sun.portal.c
  om -debug 65535" start
  ##DEBUG-LEVELS for the oidctl command:
  ### 1 = Trace function calls
  ## 2 = Debug packet handling
  ### 4 = Heavy trace debugging
  ## 8 = Connection Management
  ## 16 = Print out packets sent and received
  ## 32 = Search filter processing
  ## 64 = Configuration file processsing
  ## 128 = Access control list processing
  ## 256 = Stats log connections/operations/results
  ## 512 = Stats log entries sent
  ## 1024 = Print communication with the back-end
  ## 2048 = Print entry parsing debugging
  ## 4096 = Schema-related debugging
  ##32768 = Replication Specific debugging
  ## Bind the ports as follows:
  $ORACLE_HOME/bin/ldapbind -h sun.portal.com -p 4032 -D cn=orcladmin -w ias_admin1
  webcachectl start
  ## /opt/oracle/portal/webcache/bin/webcachectl start (SHOULD say already running IF NO MID TIER)

  Have been trying a bit more and found out how to access the chart to a certain extent. It seems to be possible the change the X-Axis Values via:
  chart.axes(xlcategory).minimumscale
  chart.axes(xlcategory).maximummscale
  Are however not able to find values that really will show up, have tried numerous formats, and by using just simple numbers like for example 100 the code runs, but the X-axis values dissapears instead of changing.
  The question is if it is at all possible to then also change the actual data in the chart to show the weeks that are entered. No use of changing the axis values without changing the data for the weeks as well. Have not been able to find anything about accessing
  the data values, perhaps they are not accessible? From within MS Project it is not possible to Clock on the "edit source data" in the menu which appears when right clicking on the chart.
  Any ideas are welcome.
  Kind regards //Anders

• XI Integration scenario for material replication from SRM to SRM-MDM

  Hi Guys,
  We are working with the following landscape:
  SRM Server 5.5
  ECC 6.0
  SRM-MDM 5.5 SP6
  PI 2005_1_700 SP0006
  I have a question for you about replication of the material master form SRM EBP to SRM-MDM.
  In XI we are trying to configure this scenario. For this we have imported the following XI Content:
  - SAP SRM Server 5.5
  - SAP SRM-MDM 2.0
  We have the following problem; that when tring to configure the this scenario we are getting GUID errors. Probable because some XI content is missing. In the SRM-MDM 2.0 XI content we also see that SRM 6.0 scenario's are avilable in the currenlty imported XI content, but when clicking on 'Edit action' in these scenario's we are getting the following error:
  "Software component version with GUID XXXXXXXXXX... does not exists"
  Can any one tell me why SRM 6.0 scenario's are availble in the XI content for SRM-MDM 2.0, and which additional XI content we need to import to get rid of these GUID error's?
  Becasue of this the configuration in the Integration Directory fails.Transfering the integration scenario to the Integration directory  gives a couple of errors: "Unable to load action. Check whether all necessary actions have been released in the integration repository".
  Hopefully some of you know what to do, because I am currenlty stuck....... Do we need to import additional XI content, or maybe the Xi content for SRM 6.0. If so where can I get the XI content for SRM 6.0. It is not available on the SAP Support portal as a download.
  Thx In advance.
  Regards,
  Wouter

  Hi,
  >"Software component version with GUID XXXXXXXXXX... does not exists"
  try updating SLD (CIM DATA) with the latest patch available
  Regards,
  Michal KRawczyk

• Maintaining Settings for Integration into SAP Enterprise Portal

  Hi All,
  I get the following error in step 12 running RSPOR_SETUP
  System failure during call of function module RSWR_RFC_SERVICE_TEST
  Return Value in this step is: 1   (System failure)
  I am running BW 3.5 SP19
  EP 6.0 SP19
  All other step are OK
  I can authenication from the Portal to BW using SSO but not from BW to the portal.
  I get the same error when trying to publish a query to the Portal.
  Here are are more error from the trc log file
  Exception thrown [Thu Jan 11 13:18:34,426]:Exception thrown by application running in JCo Server
  com.sap.engine.services.ejb.exceptions.BaseRemoteException: Exception in method processFunction.
       at com.sapportals.portal.prt.service.rfc.PRTRFCRemoteObjectImpl0_0.processFunction(PRTRFCRemoteObjectImpl0_0.java:127)
       at sun.reflect.GeneratedMethodAccessor282.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.engine.services.ejb.session.stateless_sp5.ObjectStubProxyImpl.invoke(ObjectStubProxyImpl.java:187)
       at $Proxy7.processFunction(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.handleRequest(RFCDefaultRequestHandler.java:100)
       at com.sap.engine.services.rfcengine.RFCJCOServer.handleRequestInternal(RFCJCOServer.java:113)
       at com.sap.engine.services.rfcengine.RFCJCOServer$ApplicationRunnable.run(RFCJCOServer.java:157)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Caused by: java.lang.NullPointerException
       at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:101)
       at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
       at com.sapportals.portal.prt.service.rfc.RFCEngineService.retrieveUser(RFCEngineService.java:330)
       at com.sapportals.portal.prt.service.rfc.RFCEngineService.handleEvent(RFCEngineService.java:225)
       at com.sapportals.portal.prt.service.rfc.PRTRFCBean.processFunction(PRTRFCBean.java:37)
       at com.sapportals.portal.prt.service.rfc.PRTRFCRemoteObjectImpl0_0.processFunction(PRTRFCRemoteObjectImpl0_0.java:118)
       ... 16 more
  Please help....
  Thanks,
  Jeff Wallace

  Ben,
  I ran test with the following error
  Runtime Errors         CALL_FUNCTION_REMOTE_ERROR   
  Date and Time          01/11/2007 13:57:23                                                                               
  ShrtText                                           
       "Exception in method processFunction."         
  I am on SP19 on both the Portal and BW
  I am using the same user name in both the Portal and BW
  Both have Administrative permissions(SAP_ALL and add all portal roles to Portal user)
  Below is my UME config
  #Thu Jan 11 14:02:22 EST 2007
  login.authschemes.default=default
  login.authschemes.definition.file=authschemes.xml
  login.serviceuser.lifetime=100
  login.ticket_client=000
  login.ticket_keyalias=SAPLogonTicketKeypair
  login.ticket_keystore=TicketKeystore
  login.ticket_lifetime=8
  login.ticket_portalid=auto
  ume.acl.validate_cached_acls=FALSE
  ume.admin.account_privacy=FALSE
  ume.admin.addattrs=
  ume.admin.allow_selfmanagement=TRUE
  ume.admin.auto_password=TRUE
  ume.admin.create.redirect=
  ume.admin.debug_internal=FALSE
  ume.admin.display.redirect=
  ume.admin.modify.redirect=
  ume.admin.nocache=FALSE
  ume.admin.password.migration=false
  ume.admin.phone_check=TRUE
  ume.admin.search_maxhits=1000
  ume.admin.search_maxhits_warninglevel=200
  ume.admin.self.addattrs=
  ume.admin.selfreg_company=FALSE
  ume.admin.selfreg_guest=TRUE
  ume.admin.selfreg_sus=FALSE
  ume.admin.selfreg_sus.adapterid=SUS
  ume.admin.selfreg_sus.adminrole=
  ume.admin.selfreg_sus.deletecall=TRUE
  ume.allow_nested_groups=TRUE
  ume.allow_nested_roles=FALSE
  ume.authenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
  ume.cache.acl.default_caching_time=1800
  ume.cache.acl.initial_cache_size=10000
  ume.cache.acl.permissions.default_caching_time=3600
  ume.cache.acl.permissions.initial_cache_size=100
  ume.cache.default_cache=distributableCache
  ume.cache.group.default_caching_time=3600
  ume.cache.group.initial_cache_size=500
  ume.cache.notification_time=0
  ume.cache.principal.default_caching_time=3600
  ume.cache.principal.initial_cache_size=500
  ume.cache.role.default_caching_time=3600
  ume.cache.role.initial_cache_size=500
  ume.cache.user.default_caching_time=3600
  ume.cache.user.initial_cache_size=500
  ume.cache.user_account.default_caching_time=3600
  ume.cache.user_account.initial_cache_size=500
  ume.company_groups.description_template=Company
  ume.company_groups.displayname_template= ()
  ume.company_groups.enabled=FALSE
  ume.company_groups.guestusercompany_enabled=TRUE
  ume.company_groups.guestusercompany_name=Guest Users
  ume.db.connection_pool.j2ee.is_unicode=FALSE
  ume.db.connection_pool.j2ee.jta_transaction_support_enabled=FALSE
  ume.db.connection_pool.j2ee.xatransactions_used=FALSE
  ume.db.connection_pool_type=SAP/BC_UME
  ume.db.or_search.max_arguments=50
  ume.db.parent_search.max_arguments=300
  ume.db.use_default_transaction_isolation=FALSE
  ume.ldap.access.action_retrial=2
  ume.ldap.access.auxiliary_naming_attribute.grup=
  ume.ldap.access.auxiliary_naming_attribute.uacc=
  ume.ldap.access.auxiliary_naming_attribute.user=
  ume.ldap.access.auxiliary_objectclass.grup=
  ume.ldap.access.auxiliary_objectclass.uacc=
  ume.ldap.access.auxiliary_objectclass.user=
  ume.ldap.access.base_path.grup=
  ume.ldap.access.base_path.uacc=
  ume.ldap.access.base_path.user=
  ume.ldap.access.context_factory=com.sun.jndi.ldap.LdapCtxFactory
  ume.ldap.access.creation_path.grup=
  ume.ldap.access.creation_path.uacc=
  ume.ldap.access.creation_path.user=
  ume.ldap.access.dynamic_group_attribute=
  ume.ldap.access.dynamic_groups=FALSE
  ume.ldap.access.flat_group_hierachy=TRUE
  ume.ldap.access.msads.control_attribute=userAccountControl
  ume.ldap.access.msads.control_value=512
  ume.ldap.access.msads.grouptype.attribute=grouptype
  ume.ldap.access.msads.grouptype.value=4
  ume.ldap.access.multidomain.enabled=FALSE
  ume.ldap.access.naming_attribute.grup=
  ume.ldap.access.naming_attribute.uacc=
  ume.ldap.access.naming_attribute.user=
  ume.ldap.access.objectclass.grup=
  ume.ldap.access.objectclass.uacc=
  ume.ldap.access.objectclass.user=
  ume.ldap.access.server_name=
  ume.ldap.access.server_port=
  ume.ldap.access.server_type=
  ume.ldap.access.size_limit=0
  ume.ldap.access.ssl=FALSE
  ume.ldap.access.ssl_socket_factory=com.sap.security.core.server.https.SecureConnectionFactory
  ume.ldap.access.time_limit=0
  ume.ldap.access.user=
  ume.ldap.access.user_as_account=TRUE
  ume.ldap.blocked_accounts=Administrator,Guest
  ume.ldap.blocked_groups=Administrators,Guests
  ume.ldap.blocked_users=Administrator,Guest
  ume.ldap.cache_lifetime=300
  ume.ldap.cache_size=100
  ume.ldap.connection_pool.connect_timeout=25000
  ume.ldap.connection_pool.max_connection_usage_time_check_interval=120000
  ume.ldap.connection_pool.max_idle_connections=5
  ume.ldap.connection_pool.max_idle_time=300000
  ume.ldap.connection_pool.max_size=10
  ume.ldap.connection_pool.max_wait_time=60000
  ume.ldap.connection_pool.min_size=1
  ume.ldap.connection_pool.monitor_level=0
  ume.ldap.connection_pool.retrial=2
  ume.ldap.connection_pool.retrial_interval=10000
  ume.ldap.default_group_member=cn\=DUMMY_MEMBER_FOR_UME
  ume.ldap.default_group_member.enabled=FALSE
  ume.ldap.record_access=FALSE
  ume.ldap.unique_grup_attribute=
  ume.ldap.unique_uacc_attribute=uid
  ume.ldap.unique_user_attribute=uid
  ume.locking.enabled=TRUE
  ume.locking.max_wait_time=30
  ume.login.anonymous_user.mode=1
  ume.login.basicauthentication=1
  ume.login.context=ticket
  ume.login.context.default=ticket
  ume.login.guest_user.uniqueids=Guest
  ume.login.mdc.hosts=
  ume.logoff.redirect.silent=FALSE
  ume.logoff.redirect.url=
  ume.logon.allow_cert=FALSE
  ume.logon.branding_image=/logon/layout/branding-image.jpg
  ume.logon.branding_text=/logon/layout/branding-text.gif
  ume.logon.force_password_change_on_sso=TRUE
  ume.logon.httponlycookie=TRUE
  ume.logon.locale=FALSE
  ume.logon.logon_help=TRUE
  ume.logon.r3master.adapterid=master
  ume.logon.security.enforce_secure_cookie=FALSE
  ume.logon.security.local_redirect_only=TRUE
  ume.logon.security.relax_domain.level=1
  ume.logon.security_policy.auto_unlock_time=60
  ume.logon.security_policy.cert_logon_required=FALSE
  ume.logon.security_policy.lock_after_invalid_attempts=6
  ume.logon.security_policy.log_client_hostaddress=TRUE
  ume.logon.security_policy.log_client_hostname=FALSE
  ume.logon.security_policy.oldpass_in_newpass_allowed=TRUE
  ume.logon.security_policy.password_alpha_numeric_required=0
  ume.logon.security_policy.password_change_allowed=TRUE
  ume.logon.security_policy.password_change_required=TRUE
  ume.logon.security_policy.password_expire_days=99999
  ume.logon.security_policy.password_history=0
  ume.logon.security_policy.password_last_change_date_default=12/31/9999
  ume.logon.security_policy.password_max_length=14
  ume.logon.security_policy.password_min_length=0
  ume.logon.security_policy.password_mix_case_required=0
  ume.logon.security_policy.password_special_char_required=0
  ume.logon.security_policy.userid_digits=0
  ume.logon.security_policy.userid_in_password_allowed=TRUE
  ume.logon.security_policy.userid_lowercase=0
  ume.logon.security_policy.userid_special_char_required=0
  ume.logon.security_policy.useridmaxlength=20
  ume.logon.security_policy.useridminlength=5
  ume.logon.selfreg=TRUE
  ume.logonAuthenticationFactory=com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
  ume.notification.admin_email=
  ume.notification.create_approval=TRUE
  ume.notification.create_by_batch_performed=TRUE
  ume.notification.create_denied=TRUE
  ume.notification.create_performed=TRUE
  ume.notification.create_request=TRUE
  ume.notification.delete_performed=TRUE
  ume.notification.email_asynch=TRUE
  ume.notification.lock_performed=TRUE
  ume.notification.mail_host=AD70
  ume.notification.pswd_reset_performed=TRUE
  ume.notification.pswd_reset_request=TRUE
  ume.notification.selfreg_performed=TRUE
  ume.notification.system_email=
  ume.notification.unlock_performed=TRUE
  ume.notification.unlock_request=TRUE
  ume.notification.update_by_batch_performed=TRUE
  ume.notification.workflow_email=
  ume.persistence.batch.page_size=25
  ume.persistence.data_source_configuration=dataSourceConfiguration_database_only.xml
  ume.persistence.pcd_roles_data_source_configuration=dataSourceConfiguration_PCDRoles.xml
  ume.persistence.ume_roles_data_source_configuration=dataSourceConfiguration_UMERoles.xml
  ume.principal.cache_group_hierarchy=TRUE
  ume.principal.cache_indirect_parents=TRUE
  ume.principal.cache_role_hierarchy=TRUE
  ume.r3.connection.001.TimeZoneMapping=
  ume.r3.connection.001.ashost=
  ume.r3.connection.001.client=
  ume.r3.connection.001.group=
  ume.r3.connection.001.gwhost=
  ume.r3.connection.001.gwserv=
  ume.r3.connection.001.lang=
  ume.r3.connection.001.msghost=
  ume.r3.connection.001.poolmaxsize=10
  ume.r3.connection.001.poolmaxwait=
  ume.r3.connection.001.r3name=
  ume.r3.connection.001.receiverid=001
  ume.r3.connection.001.receiverid_guest=001
  ume.r3.connection.001.snc_lib=
  ume.r3.connection.001.snc_mode=
  ume.r3.connection.001.snc_myname=
  ume.r3.connection.001.snc_partnername=
  ume.r3.connection.001.snc_qop=
  ume.r3.connection.001.sysnr=
  ume.r3.connection.001.user=
  ume.r3.connection.001.userole=FALSE
  ume.r3.connection.002.TimeZoneMapping=
  ume.r3.connection.002.ashost=
  ume.r3.connection.002.client=
  ume.r3.connection.002.group=
  ume.r3.connection.002.gwhost=
  ume.r3.connection.002.gwserv=
  ume.r3.connection.002.lang=
  ume.r3.connection.002.msghost=
  ume.r3.connection.002.poolmaxsize=10
  ume.r3.connection.002.poolmaxwait=
  ume.r3.connection.002.r3name=
  ume.r3.connection.002.receiverid=002
  ume.r3.connection.002.receiverid_guest=002
  ume.r3.connection.002.snc_lib=
  ume.r3.connection.002.snc_mode=
  ume.r3.connection.002.snc_myname=
  ume.r3.connection.002.snc_partnername=
  ume.r3.connection.002.snc_qop=
  ume.r3.connection.002.sysnr=
  ume.r3.connection.002.user=
  ume.r3.connection.002.userole=FALSE
  ume.r3.connection.003.TimeZoneMapping=
  ume.r3.connection.003.ashost=
  ume.r3.connection.003.client=
  ume.r3.connection.003.group=
  ume.r3.connection.003.gwhost=
  ume.r3.connection.003.gwserv=
  ume.r3.connection.003.lang=
  ume.r3.connection.003.msghost=
  ume.r3.connection.003.poolmaxsize=10
  ume.r3.connection.003.poolmaxwait=
  ume.r3.connection.003.r3name=
  ume.r3.connection.003.receiverid=003
  ume.r3.connection.003.receiverid_guest=003
  ume.r3.connection.003.snc_lib=
  ume.r3.connection.003.snc_mode=
  ume.r3.connection.003.snc_myname=
  ume.r3.connection.003.snc_partnername=
  ume.r3.connection.003.snc_qop=
  ume.r3.connection.003.sysnr=
  ume.r3.connection.003.user=
  ume.r3.connection.003.userole=FALSE
  ume.r3.connection.master.TimeZoneMapping=
  ume.r3.connection.master.abap_debug=
  ume.r3.connection.master.ashost=
  ume.r3.connection.master.client=
  ume.r3.connection.master.group=
  ume.r3.connection.master.gwhost=
  ume.r3.connection.master.gwserv=
  ume.r3.connection.master.lang=EN
  ume.r3.connection.master.msghost=
  ume.r3.connection.master.msserv=
  ume.r3.connection.master.poolmaxsize=10
  ume.r3.connection.master.poolmaxwait=
  ume.r3.connection.master.r3name=
  ume.r3.connection.master.receiverid=master
  ume.r3.connection.master.receiverid_guest=master
  ume.r3.connection.master.snc_lib=
  ume.r3.connection.master.snc_mode=
  ume.r3.connection.master.snc_myname=
  ume.r3.connection.master.snc_partnername=
  ume.r3.connection.master.snc_qop=
  ume.r3.connection.master.sysnr=
  ume.r3.connection.master.trace=
  ume.r3.connection.master.user=
  ume.r3.connection.tpd.adapterid=value of ume.r3.connection.tpd.systemid
  ume.r3.connection.tpd.systemid=SUS
  ume.r3.mastersystem=BWP
  ume.r3.mastersystem.uid.mode=1
  ume.r3.orgunit.adapterid=
  ume.r3.sync.sender=SAPMUM
  ume.r3.use.role=FALSE
  ume.replication.adapters.001.companies=
  ume.replication.adapters.001.scope=
  ume.replication.adapters.002.companies=
  ume.replication.adapters.002.scope=
  ume.replication.adapters.003.companies=
  ume.replication.adapters.003.scope=
  ume.replication.adapters.index_1=
  ume.replication.adapters.index_2=
  ume.replication.adapters.index_3=
  ume.replication.adapters.master.companies=
  ume.replication.adapters.master.scope=
  ume.replication.crm_sup_register_check=BBP_SUS_BUPA_REGID_CHECK
  ume.replication.messaging.active=FALSE
  ume.replication.sync.display_all_doc=FALSE
  ume.roles.pcd_roles_with_actions=
  ume.roles.xml_files=*role.xml
  ume.secaudit.get_object_name=FALSE
  ume.secaudit.log_actor=TRUE
  ume.secstore.active=TRUE
  ume.spml.schema_name=schema.xml
  ume.superadmin.activated=FALSE
  ume.supergroups.anonymous_group.description=Built-in Group Anonymous Users
  ume.supergroups.anonymous_group.displayname=Anonymous Users
  ume.supergroups.anonymous_group.uniquename=Anonymous Users
  ume.supergroups.authenticated_group.description=Built-in Group Authenticated Users
  ume.supergroups.authenticated_group.displayname=Authenticated Users
  ume.supergroups.authenticated_group.uniquename=Authenticated Users
  ume.supergroups.everyone.description=Built-in Group Everyone
  ume.supergroups.everyone.displayname=Everyone
  ume.supergroups.everyone.uniquename=Everyone
  ume.testum=FALSE
  ume.tpd.classloader=
  ume.tpd.companies=0
  ume.tpd.imp.class=com.sap.security.core.tpd.SimpleTPD
  ume.tpd.prefix=STPD_
  ume.trace.debug_exception_level=1
  ume.trace.external_trace_class=com.sap.security.core.util.imp.UMTrace_630
  ume.usermapping.admin.pwdprotection=TRUE
  ume.usermapping.key.protection=TRUE
  ume.usermapping.refsys.mapping.type=internal
  ume.usermapping.unsecure=FALSE
  ume.users.displayname_template=,
  ume.version.sapj2eeengine=630
  Thanks,
  Jeff

• Value Mapping Replication Inbound Structure

  Hi All,
  I am using Value Mapping Replication to upload Value Mapping Table in runtime cache, to do this first i create value mapping manually in ID with source and target.
  Source:Agency : ValCustomerNo_B
  Schema : ValB
  Value : xxx
  Target:Agency : ValCustomerNo_J
  Schema : ValJ
  Value : yyy
  Now try to upload 1800 record in the same value mapping table through Value Mapping Replication. Inbound structure looks like this.
  <?xml version="1.0"?>
  <ns1:ValueMappingReplication>
       <Item>
            <Operation>Insert</Operation>
            <GroupID>f16372c043bd11dea79f001558c985eb</GroupID>
            <Context> http://sap.com/xi/XI</Context>
            <Identifier scheme=" ValB" agency="ValCustomerNo_B">3DASDIG</Identifier>
       </Item>
       <Item>
            <Operation>Insert</Operation>
            <GroupID>f16372c043bd11dea79f001558c985eb</GroupID>
            <Context>http://sap.com/xi/XI</Context>
            <Identifier scheme="ValJ" agency="ValCustomerNo_J">1960452622</Identifier>
       </Item>
       <Item>
            <Operation> Insert </Operation>
            <GroupID>f16372c043bd11dea79f001558c985eb</GroupID>
            <Context>http://sap.com/xi/XI</Context>
            <Identifier scheme=" ValB " agency="ValCustomerNo_B">4CAHRJTN</Identifier>
       </Item>
       <Item>
            <Operation>Insert</Operation>
            <GroupID>f16372c043bd11dea79f001558c985eb</GroupID>
            <Context>http://sap.com/xi/XI</Context>
            <Identifier scheme="ValJ" agency=" ValCustomerNo_J">1960457894</Identifier>
       </Item>
  I do not know is this xml structure is correct for XI adapter to create correct rows in value mapping table or not?
  At runtime value mapping function in graphical mapping, for manually create record in Value mapping table is coming correctly where in case VM replication record it always map to one arbitrary number.
  Even when I look into runtime cache notification, manually created record comes in pair like..
  Agency : ValCustomerNo_B | Schema : ValB | Value : xxx | Group ID | Context
  Agency : ValCustomerNo_J  | Schema : ValJ  | Value : yyy | Group ID | Context
  Where as record for VM Replication comes in sequence first all ValB and then ValJ, they are not in pair
  Agency : ValCustomerNo_B | Schema : ValB | Value : xxx | Group ID | Context
  Agency : ValCustomerNo_B | Schema : ValB | Value : ppp | Group ID | Context
  u2026u2026.
  Agency : ValCustomerNo_J  | Schema : ValJ  | Value : yyy | Group ID | Context
  Agency : ValCustomerNo_J  | Schema : ValJ  | Value : aaa | Group ID | Context
  I suspect inbound xml structure is not correct for VM replication.
  With Regards
  Sunil
  Edited by: Sunil Pandey on May 18, 2009 7:40 PM

  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/00ee347e-aabb-2a10-b298-d15a1ebf43c5  that should clear a lot of doubts

• Automatic upload of roles from ECC to portal (UME with LDAP)

  Hi experts,
  This thread reopen the question asked on the following message : automatic upload of roles from BI to portal
  However, it concerns this time "UME with LDAP".
  Problematic :
  SAP Library 04s tells us that is not yet possible to automate role replication (or role assigment replication) from ABAP Based back-end to Netweaver Portal. Only manual process for initial upload is possible.
  Source = http://help.sap.com/saphelp_nw04s/helpdata/en/41/5e4d40ecf00272e10000000a155106/frameset.htm
  Questions :
  1 - Did anyone ever try to implement such an automatic tool ?
  2 - What if I'm not able to write on the Active Directory ? I am still able, at least, to automate role assignment replication from ABAP Based back-end to Netweaver Portal (ie. UME with LDAP) ? Directly from SAP R/3 to EP through UME, without passing through Active Directory since the group field is not maintained in AD.
  Many thanks for your inputs
  Alexis MARTIN

  Hello,
  As I did not read the previous thread I don't know what exactly you are trying to achieve, but I can tell you about what we have done - as far as it is not too late yet.
  We use the portal with integration to a BI system. In the ABAP stack we have lots of roles with menu items for hundreds of reports. We want the users to see these roles in the portal.
  First we have used the role migration tool of the portal to upload these roles. There is a Java API for executing role uploads from code. You need to create a webservice in the java stack to call this api, and can call the webservice from ABAP.
  However it is just a question of time and role size until this will not work at all. Standard role migration is more or less crap, stability is a problem. It also creates a lot of logs in the PCD and thus fills the database with trash. (After a few OSS messages there is now a program for deleting logs + you can turn of logging.) Also upload of larger roles takes up to an hour, and you alwasy have the problem that your portal roles are not up to date during the day.
  When I got completely fed up, I have implemented an own navigation connector. When you log on to the portal it will connect to the ABAP stack via RFC, load the role, and generate the portal menu from it. It uses caching, but on every logon it checks whether the role has been updated in ABAP since the last time it was loaded. It is up to date, faster then PCD navigation, and you need absoluetely no periodical synching at all. I cant even understand why this is not offered by SAP per standard!
  Drawback is that it will of course only work for the menu items, and only menu items with an "URL-type" are supported. I'm prettry sure however that it would be possible to implement a few other types as well.
  Let me know if you are interested in the solution, I can give you a few additional details: oliverDOTsvisztATwienerbergerDOTcom
  Oliver