Portal.wwdoc_document Access
Hi all,
I am trying to write a SQL script that I can use in conjunction with Oracle Reports (Portal). I want this script to show all new documents uploaded by anyone in a page group. When I run the script from my Desktop app, I see everyones document. When I run the script in the portal, I only see the documents that I uploaded no one elses. It looks like I am running into some kind of permissions issue.
Is there any other way around this issue using Oracle Reports? I know I can probably use the Omni Portlet or maybe a PL/SQL item.
Here is the script:
select
'<a href="/portal/page?_pageid='
|| replace(security_object_name, '/', ',')
|| '&_dad=portal&_schema=PORTAL target="_blank">'
|| real_filename || '</a> ' as real_filename /* Creates link to the parent page */
, replace(creator, '.', ' ') as creator
, last_updated
, NVL(SUBSTR(to_char(doc_size/1000), 0, INSTR(to_char(doc_size/1000), '.')-1),0) || ' KB'
as doc_size
, SUBSTR(security_object_name, 0, INSTR(security_object_name, '/')-1) as security_object_name
from portal.wwdoc_document
where trunc(last_updated) >= (trunc(sysdate)-7)
and SUBSTR(security_object_name, 0, INSTR(security_object_name, '/')-1) = '73' /* Page Group */
order by last_updated desc
One thing to note that I noticed in another post is that this table is not governed by portal ACLs.
Re: APIs for downloading content
So it looks like it is the view - but there is something off in this view and actual access the individual has. It seems to just join on username and miss group associations.
select "SUBSCRIBER_ID","NAME","PATHID","FILENAME","REAL_FILENAME"
,"MIME_TYPE","DOC_SIZE","DAD_CHARSET","LAST_UPDATED","CONTENT_TYPE"
,"BLOB_CONTENT","CREATOR","SESSION_ID","LANGUAGE","REFCOUNT"
,"SECURITY_OBJECT_TYPE","SECURITY_OBJECT_NAME","DAV_ID"
,"DAV_LOCK_TOKEN","DAV_OWNER","EXPIRE_SECONDS"
from wwdoc_document$ a
where (EXISTS (
select 1 from wwsec_sys_priv$ b
where b.object_type_name = 'DOCUMENT'
AND b.name = a.name
AND b.owner = upper('portal')
AND b.grantee_type = 'USER'
AND b.grantee_group_id = 0
AND b.grantee_user_id in ( wwctx_api.get_user_id(), 2) --user PUBLIC
OR (EXISTS (
select 1 from wwsec_sys_priv$ b, wwsec_flat$ c
where b.object_type_name = 'DOCUMENT'
AND b.name = a.name
AND b.owner = upper('portal')
AND b.grantee_type = 'GROUP'
AND b.grantee_group_id = c.group_id
AND c.person_id = wwctx_api.get_user_id()
AND b.grantee_user_id = 0 ) )
Similar Messages
-
How do i delete from portal.wwdoc_document?
Hi,
i followed the instructions of modpls user's guide and lama madi (?) an managed to build an application to up- and download files. but i store the files in my own tables. unfortunately all files uploaded are stored in portal.wwdoc_document too. I succeeded in building a report on wwdoc_document, but when i try to build a form or even when i try to manipulate wwdoc_document from sqlplus (as sysdba) i get an 'insufficient privileges'-error when i want to delete files.
Access for select/delete for orcladmin is granted on wwdoc_document.
So, what is my mistake?
thank you,
Ralf SchmittHi Ralf,
try deleting from portal.wwdoc_document$ instead of wwdoc_document - it's an updateable system view on the same table and you can use it in-session.
Otherwise if you wish, use portal.wwdoc_api.remove_document(name)
Hope this helps
Andrea -
Portal not accessable via browser as inside sapmmc - http provider is red
Hi Experts,
I am very new to NW admin side and currently my client is facing an issue while accessing portal via browser.
Problem: Some times suddently when users try to access production portal it takes a lot of time to open up and in most cases it doesn' t get opened up at all. To check what' s wrong with the portal i access sapmmc and inside their i find under current status -> ... -> services -> http provider -> total requests in red status with a description as avg request - response time last reported value above threshold limit. It will be the same case under open alerts too.
My server configuration is:
SAP-JEE = 7.0SP14
OS = Windows 2003 (X86) 5.2
Server Version = 1.4.2_17-bo6
Kernel Version = 7.00 patch level 109886.44
Server = 32 bit
RAM = 16.00GB
Processor = Intel(R) Xeon(R) CPU E5450 @3.00GHZ (8CPUs)
Heap Size: 1024 MB
Approximate number of users = 500 - 600
Currently to solve the issue, we give a reboot to server. But with the progress in time the frequency is getting increased drastically (approx once in 2- 3 days).
Any pointers on how to solve this issue will be greatly appreciated.
Thanks In Advance,
Vipin.Hi all,
Thanks for your valuable inputs!
Now the issue seems to end up by raising an OSS notes with SAP and i have been given responsibility to prepare a doc that needs to be submited to SAP.
I have already got the screenshots from SAPMMC on it' s status and all, but also requires log information specific to the reason behind this behaviour. Can i know where the log information specific to such issues gets logged and all the necessary information that i need to document to raise an OSS.
Inputs with be of great help and will be highly appreciated.
Thanks In Advance,
Vipin. -
Add tab in Portal to access SAP BW system
Hello All,
Currently, we have SAP ECC tab available in the Portal to access the ECC system directly with a single sign on.
Similarly, we want to add a tab to access SAP BW system wherein user can login to BW system to execute a process chain..
Please advice me with the development required for the same.
Thanks & Regards
SnehaHi Sneha,
Please follow the below steps.
1) Create a system object to BW system and get the single sign on done and test the connections are fine(BASIS TEAM)
2) Create a Portal Role called BW Extractor
3) Create a standard transaction iview to rspc to BW system, and make the entry point on iview to true
4) Add the iview to the Portal Role
5) Add the Portal Role to user or user group.
Please let me know how it goes !
Regards,
Vivek Nidhi -
Getting error in portal while accessing dms repostitory
Hi Experts,
Iam getting the below error in portal while accessing the dms repository. the repository was fine status is in green color
but still getting the error while iam viewing it from content administration > kmcontent> my repository name
what should i do please help me in this
com.sap.netweaver.bc.rf.common.exception.IOOperationFailedException: Connection Failed: Connection setup failedConnection Failed: Nested Exception. Failed to get connection. Please contact your admin.
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMR3FunctionCalls.openConnection(DMSRMR3FunctionCalls.java:5934)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMR3FunctionCalls.getTopLevelFolders(DMSRMR3FunctionCalls.java:426)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMStructure.refreshChildren(DMSRMStructure.java:531)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMStructure.getChildren(DMSRMStructure.java:574)
at com.sap.pct.plm.dmsrmconnectorforkm.DMSRMMutableNamespaceManager.findResources(DMSRMMutableNamespaceManager.java:930)
at com.sapportals.wcm.repository.CollectionImpl2.internalGetChildrenManager(CollectionImpl2.java:310)
at com.sapportals.wcm.repository.CollectionImpl.internalGetChildren(CollectionImpl.java:1616)
at com.sapportals.wcm.repository.CollectionImpl.doGetChildren(CollectionImpl.java:145)
at com.sapportals.wcm.repository.CollectionImpl.getChildren(CollectionImpl.java:125)
at com.sapportals.wcm.repository.CollectionImpl.getChildren(CollectionImpl.java:358)
at com.sapportals.wcm.service.resourcelistfilter.cm.ResourceListFilter.getChildren(ResourceListFilter.java:420)
at com.sapportals.wcm.rendering.collection.AbstractRendererStatus.initialfilter(AbstractRendererStatus.java:331)
at com.s...
Please help me in this .............
waiting for your responses.....
Thanks & Regards,
Shilpa.Hi,
Thanks for your imediate response. we deplyed the DMS connectors in portal we got standard role document explorer
and i changed the parameters in the dmsrm repository but still facing the same error.
please help me in this
waiting for your response
Regards,
Shilpa. -
Dear gurus:
I have problems with the SSO configuration for Portal. I have executed the Diagtool from Note 957666 - Diagtool for Troubleshooting Security Configuration and this is the result:
<!LOGHEADER[START]/>
<!HELP[Manual modification of the header may cause parsing problem!]/>
<!LOGGINGVERSION[1.5.3.7185 - 630]/>
<!NAME[output\diagtool_080520_211200.log]/>
<!PATTERN[diagtool_080520_211200.log]/>
<!FORMATTER[com.sap.tc.logging.TraceFormatter([%s] %26d %m)]/>
<!ENCODING[UTF8]/>
<!LOGHEADER[END]/>
[Info] May 20, 2008 9:12:07 PM TXT*********************************************************************
[Info] May 20, 2008 9:12:07 PM diagtool version: 1.7.5
[Info] May 20, 2008 9:12:07 PM configiration file: J:\diagtool\conf\sso2.conf
[Info] May 20, 2008 9:12:07 PM configtool path: J:\usr\sap\EPI\JC01\j2ee\configtool\
[Info] May 20, 2008 9:12:07 PM
[Info] May 20, 2008 9:12:07 PM system name: EPI
[Info] May 20, 2008 9:12:07 PM system version: 7.00
[Info] May 20, 2008 9:12:07 PM SP number: 12
[Info] May 20, 2008 9:12:07 PM
[Info] May 20, 2008 9:12:07 PM Canonical Host Name: SAPIA64BW.gonvarri.com
[Info] May 20, 2008 9:12:07 PM Host: SAPIA64BW
[Info] May 20, 2008 9:12:07 PM IP: 10.20.1.91
[Info] May 20, 2008 9:12:07 PM
[Info] May 20, 2008 9:12:07 PM jdk vendor: Sun Microsystems Inc.
[Info] May 20, 2008 9:12:07 PM jdk version: 1.4.2_15
[Info] May 20, 2008 9:12:07 PM TXT*********************************************************************
[Error] May 20, 2008 9:12:09 PM JmxConnectionFactory.getMBeanServerConnection(...) failed for: com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server. properties:{java.naming.provider.url=SAPIA64BW:50304, java.naming.factory.initial=com.sap.engine.services.jndi.InitialContextFactoryImpl, java.naming.security.principal=Administrator, java.naming.security.credentials=gonvarri1}
[Error] May 20, 2008 9:12:09 PM Log Viewer Client was not initialized.
[Error] May 20, 2008 9:12:10 PM JmxConnectionFactory.getMBeanServerConnection failed(...) for: com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server. properties:{java.naming.provider.url=SAPIA64BW:50304, java.naming.factory.initial=com.sap.engine.services.jndi.InitialContextFactoryImpl, java.naming.security.principal=Administrator, java.naming.security.credentials=gonvarri1}
[Error] May 20, 2008 9:12:10 PM LC client was not initialized
[Info] May 20, 2008 9:12:10 PM TXT
com.sap.engine.config.diagtool.tests.util.PropertiesDump
[Info] May 20, 2008 9:12:10 PM (EvaluateAssertionTicketLoginModule) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
[Info] May 20, 2008 9:12:10 PM (EvaluateTicketLoginModule) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
[Info] May 20, 2008 9:12:10 PM TicketKeystore (3 entries)
entry #1 (SAPLogonTicketKeypair-cert)
===========
CERTIFICATE entry:
Creation date : Tue May 20 20:44:00 CEST 2008 (20 May 2008 18:44:00 GMT)
Version : ver.3 X.509
Algorithm : DSA
Key Size : 1024 bits
Subject name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Issuer name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Serial number : 60679227
Signature Algorithm : dsaWithSHA (1.2.840.10040.4.3)
Validity:
not before : Tue May 20 20:42:00 CEST 2008 (20 May 2008 18:42:00 GMT)
not after : Wed May 20 20:42:00 CEST 2009 (20 May 2009 18:42:00 GMT)
Public key fingerprint : 97:56:3E:4F:D2:7E:71:97:5A:4B:BE:CD:47:90:00:18
Certificate fingerprint(MD5): 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate extensions :
[critical]
[non critical]
SubjectKeyIdentifier: A3:2F:12:D4:B9:4C:33:00:A7:CB:22:F2:56:0A:3C:53:EE:57:13:F3
entry #2 (SAPLogonTicketKeypair)
===========
PRIVATE KEY entry
Creation date : Tue May 20 20:44:00 CEST 2008 (20 May 2008 18:44:00 GMT)
Version: : PKCS#8 DSA
Key Size : 1024 bits
CertificationChain has 1 certificate(s)
certificate #0 -
Version : ver.3 X.509
Algorithm : DSA
Key Size : 1024 bits
Subject name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Issuer name : CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Serial number : 60679227
Signature Algorithm : dsaWithSHA (1.2.840.10040.4.3)
Validity:
not before : Tue May 20 20:42:00 CEST 2008 (20 May 2008 18:42:00 GMT)
not after : Wed May 20 20:42:00 CEST 2009 (20 May 2009 18:42:00 GMT)
Public key fingerprint : 97:56:3E:4F:D2:7E:71:97:5A:4B:BE:CD:47:90:00:18
Certificate fingerprint(MD5): 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate extensions :
[critical]
[non critical]
SubjectKeyIdentifier: A3:2F:12:D4:B9:4C:33:00:A7:CB:22:F2:56:0A:3C:53:EE:57:13:F3
entry #3 (BW_BWI_certificate)
===========
CERTIFICATE entry:
Creation date : Tue May 20 20:44:04 CEST 2008 (20 May 2008 18:44:04 GMT)
Version : ver.1 X.509
Algorithm : DSA
Key Size : 1024 bits
Subject name : CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Issuer name : CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Serial number : 0
Signature Algorithm : dsaWithSHA (1.2.840.10040.4.3)
Validity:
not before : Mon May 19 20:39:21 CEST 2008 (19 May 2008 18:39:21 GMT)
not after : Fri Jan 01 01:00:01 CET 2038 (1 Jan 2038 00:00:01 GMT)
Public key fingerprint : 96:9B:1F:02:D1:18:BC:25:61:16:BB:8D:AA:13:EA:68
Certificate fingerprint(MD5): 47:5D:87:50:89:F5:DD:72:A4:A3:B2:BA:FA:6A:B4:09
Certificate extensions :
NONE
[Info] May 20, 2008 9:12:10 PM <?xml version="1.0" encoding="UTF-8"?>
<!-- Configuration File for Authentication Schemes -->
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/authschemes.xml#4 $ from $DateTime: 2004/01/20 17:27:21 $ ($Change: 14181 $) -->
<document>
<authschemes>
<!-- authschemes, the name of the node is used -->
<authscheme name="uidpwdlogon">
<!-- multiple login modules can be defined -->
<authentication-template>
ticket
</authentication-template>
<priority>20</priority>
<!-- the frontendtype TARGET_FORWARD = 0, TARGET_REDIRECT = 1, TARGET_JAVAIVIEW = 2 -->
<frontendtype>2</frontendtype>
<!-- target object -->
<frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
</authscheme>
<authscheme name="certlogon">
<authentication-template>
client_cert
</authentication-template>
<priority>21</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
</authscheme>
<authscheme name="basicauthentication">
<authentication-template>
ticket
</authentication-template>
<priority>20</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
</authscheme>
<authscheme name="header">
<authentication-template>
header
</authentication-template>
<priority>5</priority>
<frontendtype>2</frontendtype>
<frontendtarget>com.sap.portal.runtime.logon.header</frontendtarget>
</authscheme>
<!-- Reserved 'anonymous' authscheme added for being in the list of authschemes -->
<authscheme name="anonymous">
<priority>-1</priority>
</authscheme>
</authschemes>
<!-- References for Authentication Schemes, this section must be after authschemes -->
<authscheme-refs>
<authscheme-ref name="default">
<authscheme>uidpwdlogon</authscheme>
</authscheme-ref>
<authscheme-ref name="UserAdminScheme">
<authscheme>uidpwdlogon</authscheme>
</authscheme-ref>
</authscheme-refs>
</document>
[Info] May 20, 2008 9:12:10 PM <?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_database_only.xml#2 $ from $DateTime: 2004/07/01 09:31:21 $ ($Change: 16627 $) -->
<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">
<dataSources>
<dataSource id="PRIVATE_DATASOURCE"
className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
isReadonly="false"
isPrimary="true">
<homeFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</homeFor>
<notHomeFor/>
<responsibleFor>
<principals>
<principal type="group"/>
<principal type="user"/>
<principal type="account"/>
<principal type="team"/>
<principal type="ROOT" />
<principal type="OOOO" />
</principals>
</responsibleFor>
<privateSection/>
</dataSource>
</dataSources>
[Info] May 20, 2008 9:12:10 PM com.sap.security.core.umap.key = ******
login.authschemes.definition.file = authschemes.xml
login.serviceuser.lifetime = 100
login.ticket_client = 000
login.ticket_keyalias = SAPLogonTicketKeypair
login.ticket_keystore = TicketKeystore
login.ticket_lifetime = 8
login.ticket_portalid = auto
ume.acl.validate_cached_acls = false
ume.admin.account_privacy = true
ume.admin.addattrs =
ume.admin.allow_selfmanagement = false
ume.admin.auto_password = true
ume.admin.create.redirect =
ume.admin.debug_internal = false
ume.admin.display.redirect =
ume.admin.modify.redirect =
ume.admin.nocache = false
ume.admin.orgunit.adapterid =
ume.admin.password.migration = false
ume.admin.phone_check = true
ume.admin.public.addattrs =
ume.admin.search_maxhits = 1000
ume.admin.search_maxhits_warninglevel = 200
ume.admin.self.addattrs =
ume.admin.self.addressactive = false
ume.admin.self.generate_password = false
ume.admin.self.privacystatement.link =
ume.admin.self.privacystatement.version = 1
ume.admin.selfreg_company = false
ume.admin.selfreg_guest = true
ume.admin.selfreg_sus = false
ume.admin.selfreg_sus.adapterid = SUS
ume.admin.selfreg_sus.adminrole =
ume.admin.selfreg_sus.deletecall = true
ume.admin.wd.components.umeadminapp = {sap.com/tcsecumewdkit;com.sap.security.core.wd.maintainuser.MaintainUserComp},{sap.com/tcsecumewdkit;com.sap.security.core.wd.maintainrole.MaintainRoleComp},{sap.com/tcsecumewdkit;com.sap.security.core.wd.maintaingroup.MaintainGroupComp}
ume.admin.wd.locales =
ume.admin.wd.table.size.large = 20
ume.admin.wd.table.size.medium = 10
ume.admin.wd.table.size.small = 5
ume.admin.wd.tenant.identifier.all = - All -
ume.admin.wd.tenant.identifier.none = - None -
ume.admin.wd.url.help = http://help.sap.com/saphelp_nw04s/helpdata/en/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.htm
ume.admin.wdactive = true
ume.allow_nested_groups = true
ume.cache.acl.default_caching_time = 1800
ume.cache.acl.initial_cache_size = 10000
ume.cache.acl.permissions.default_caching_time = 3600
ume.cache.acl.permissions.initial_cache_size = 100
ume.cache.default_cache = distributableCache
ume.cache.group.default_caching_time = 3600
ume.cache.group.initial_cache_size = 500
ume.cache.notification_time = 0
ume.cache.principal.default_caching_time = 3600
ume.cache.principal.initial_cache_size = 500
ume.cache.role.default_caching_time = 3600
ume.cache.role.initial_cache_size = 500
ume.cache.user.default_caching_time = 3600
ume.cache.user.initial_cache_size = 500
ume.cache.user_account.default_caching_time = 3600
ume.cache.user_account.initial_cache_size = 500
ume.company_groups.description_template = Company
ume.company_groups.displayname_template = ()
ume.company_groups.enabled = false
ume.company_groups.guestusercompany_enabled = true
ume.company_groups.guestusercompany_name = Guest Users
ume.db.connection_pool.j2ee.is_unicode = false
ume.db.connection_pool_type = SAP/BC_UME
ume.db.or_search.max_arguments = 50
ume.db.parent_search.max_arguments = 300
ume.db.use_default_transaction_isolation = false
ume.ldap.access.action_retrial = 2
ume.ldap.access.additional_password.1 = ******
ume.ldap.access.additional_password.2 = ******
ume.ldap.access.additional_password.3 = ******
ume.ldap.access.additional_password.4 = ******
ume.ldap.access.additional_password.5 = ******
ume.ldap.access.auxiliary_naming_attribute.grup =
ume.ldap.access.auxiliary_naming_attribute.uacc =
ume.ldap.access.auxiliary_naming_attribute.user =
ume.ldap.access.auxiliary_objectclass.grup =
ume.ldap.access.auxiliary_objectclass.uacc =
ume.ldap.access.auxiliary_objectclass.user =
ume.ldap.access.base_path.grup =
ume.ldap.access.base_path.uacc =
ume.ldap.access.base_path.user =
ume.ldap.access.context_factory = com.sun.jndi.ldap.LdapCtxFactory
ume.ldap.access.creation_path.grup =
ume.ldap.access.creation_path.uacc =
ume.ldap.access.creation_path.user =
ume.ldap.access.dynamic_group_attribute =
ume.ldap.access.dynamic_groups = false
ume.ldap.access.flat_group_hierachy = true
ume.ldap.access.kerberos_data_url =
ume.ldap.access.msads.control_attribute = userAccountControl
ume.ldap.access.msads.control_value = 512
ume.ldap.access.msads.grouptype.attribute = grouptype
ume.ldap.access.msads.grouptype.value = 4
ume.ldap.access.multidomain.enabled = false
ume.ldap.access.naming_attribute.grup =
ume.ldap.access.naming_attribute.uacc =
ume.ldap.access.naming_attribute.user =
ume.ldap.access.objectclass.grup =
ume.ldap.access.objectclass.uacc =
ume.ldap.access.objectclass.user =
ume.ldap.access.password = ******
ume.ldap.access.server_name =
ume.ldap.access.server_port =
ume.ldap.access.server_type =
ume.ldap.access.size_limit = 0
ume.ldap.access.ssl = false
ume.ldap.access.ssl_socket_factory = com.sap.security.core.server.https.SecureConnectionFactory
ume.ldap.access.time_limit = 0
ume.ldap.access.user =
ume.ldap.access.user_as_account = true
ume.ldap.blocked_accounts = Administrator,Guest
ume.ldap.blocked_groups = Administrators,Guests
ume.ldap.blocked_users = Administrator,Guest
ume.ldap.cache_lifetime = 300
ume.ldap.cache_size = 100
ume.ldap.connection_pool.connect_timeout = 25000
ume.ldap.connection_pool.max_connection_usage_time_check_interval = 120000
ume.ldap.connection_pool.max_idle_connections = 5
ume.ldap.connection_pool.max_idle_time = 300000
ume.ldap.connection_pool.max_size = 10
ume.ldap.connection_pool.max_wait_time = 60000
ume.ldap.connection_pool.min_size = 1
ume.ldap.connection_pool.monitor_level = 0
ume.ldap.connection_pool.retrial = 2
ume.ldap.connection_pool.retrial_interval = 10000
ume.ldap.default_group_member = cn=DUMMY_MEMBER_FOR_UME
ume.ldap.default_group_member.enabled = false
ume.ldap.record_access = FALSE
ume.ldap.unique_grup_attribute =
ume.ldap.unique_uacc_attribute =
ume.ldap.unique_user_attribute =
ume.locking.enabled = true
ume.locking.max_wait_time = 30
ume.login.basicauthentication = 1
ume.login.context = ticket
ume.login.context.default = ticket
ume.login.guest_user.uniqueids = Guest
ume.login.mdc.hosts =
ume.logoff.redirect.silent = false
ume.logoff.redirect.url =
ume.logon.allow_cert = false
ume.logon.branding_image = layout/branding-image.jpg
ume.logon.branding_style = css/ur/ur_.css
ume.logon.branding_text = layout/branding-text.gif
ume.logon.force_password_change_on_sso = true
ume.logon.httponlycookie = true
ume.logon.locale = false
ume.logon.logon_help = false
ume.logon.logon_help.name_required = false
ume.logon.logon_help.securityquestion = false
ume.logon.r3master.adapterid = master
ume.logon.security.enforce_secure_cookie = false
ume.logon.security.local_redirect_only = true
ume.logon.security.relax_domain.level = 1
ume.logon.security_policy.auto_unlock_time = 60
ume.logon.security_policy.cert_logon_required = false
ume.logon.security_policy.enforce_policy_at_logon = false
ume.logon.security_policy.lock_after_invalid_attempts = 6
ume.logon.security_policy.log_client_hostaddress = true
ume.logon.security_policy.log_client_hostname = false
ume.logon.security_policy.oldpass_in_newpass_allowed = false
ume.logon.security_policy.password_alpha_numeric_required = 1
ume.logon.security_policy.password_change_allowed = true
ume.logon.security_policy.password_change_required = TRUE
ume.logon.security_policy.password_expire_days = 90
ume.logon.security_policy.password_history = 0
ume.logon.security_policy.password_impermissible =
ume.logon.security_policy.password_last_change_date_default = 12/31/9999
ume.logon.security_policy.password_max_idle_time = 0
ume.logon.security_policy.password_max_length = 14
ume.logon.security_policy.password_min_length = 5
ume.logon.security_policy.password_mix_case_required = 0
ume.logon.security_policy.password_special_char_required = 0
ume.logon.security_policy.password_successful_check_date_default = 12/31/9999
ume.logon.security_policy.userid_digits = 0
ume.logon.security_policy.userid_in_password_allowed = false
ume.logon.security_policy.userid_lowercase = 0
ume.logon.security_policy.userid_special_char_required = 0
ume.logon.security_policy.useridmaxlength = 20
ume.logon.security_policy.useridminlength = 1
ume.logon.selfreg = false
ume.logonAuthenticationFactory = com.sap.security.core.logon.imp.SAPJ2EEAuthenticator
ume.multi_tenancy.automatic_logonid_prefixing = true
ume.multi_tenancy_support_enabled = false
ume.notification.admin_email =
ume.notification.create_approval = true
ume.notification.create_by_batch_performed = true
ume.notification.create_denied = true
ume.notification.create_performed = true
ume.notification.create_request = true
ume.notification.delete_performed = true
ume.notification.email_asynch = true
ume.notification.lock_performed = true
ume.notification.mail_host =
ume.notification.pswd_reset_performed = true
ume.notification.pswd_reset_request = true
ume.notification.selfreg_performed = true
ume.notification.system_email =
ume.notification.unlock_performed = true
ume.notification.update_by_batch_performed = true
ume.notification.workflow_email =
ume.persistence.batch.page_size = 25
ume.persistence.data_source_configuration = dataSourceConfiguration_database_only.xml
ume.persistence.pcd_roles_data_source_configuration = dataSourceConfiguration_PCDRoles.xml
ume.persistence.ume_roles_data_source_configuration = dataSourceConfiguration_UMERoles.xml
ume.principal.simple_search.attributes.account = j_user
ume.principal.simple_search.attributes.action = uniquename
ume.principal.simple_search.attributes.group = uniquename
ume.principal.simple_search.attributes.role = uniquename
ume.principal.simple_search.attributes.user = uniquename,firstname,lastname
ume.r3.connection.001.TimeZoneMapping =
ume.r3.connection.001.ashost =
ume.r3.connection.001.client =
ume.r3.connection.001.group =
ume.r3.connection.001.gwhost =
ume.r3.connection.001.gwserv =
ume.r3.connection.001.lang =
ume.r3.connection.001.msghost =
ume.r3.connection.001.passwd = ******
ume.r3.connection.001.poolmaxsize = 10
ume.r3.connection.001.poolmaxwait =
ume.r3.connection.001.r3name =
ume.r3.connection.001.receiverid = 001
ume.r3.connection.001.receiverid_guest = 001
ume.r3.connection.001.snc_lib =
ume.r3.connection.001.snc_mode =
ume.r3.connection.001.snc_myname =
ume.r3.connection.001.snc_partnername =
ume.r3.connection.001.snc_qop =
ume.r3.connection.001.sysnr =
ume.r3.connection.001.user =
ume.r3.connection.001.userole = false
ume.r3.connection.002.TimeZoneMapping =
ume.r3.connection.002.ashost =
ume.r3.connection.002.client =
ume.r3.connection.002.group =
ume.r3.connection.002.gwhost =
ume.r3.connection.002.gwserv =
ume.r3.connection.002.lang =
ume.r3.connection.002.msghost =
ume.r3.connection.002.passwd = ******
ume.r3.connection.002.poolmaxsize = 10
ume.r3.connection.002.poolmaxwait =
ume.r3.connection.002.r3name =
ume.r3.connection.002.receiverid = 002
ume.r3.connection.002.receiverid_guest = 002
ume.r3.connection.002.snc_lib =
ume.r3.connection.002.snc_mode =
ume.r3.connection.002.snc_myname =
ume.r3.connection.002.snc_partnername =
ume.r3.connection.002.snc_qop =
ume.r3.connection.002.sysnr =
ume.r3.connection.002.user =
ume.r3.connection.002.userole = false
ume.r3.connection.003.TimeZoneMapping =
ume.r3.connection.003.ashost =
ume.r3.connection.003.client =
ume.r3.connection.003.group =
ume.r3.connection.003.gwhost =
ume.r3.connection.003.gwserv =
ume.r3.connection.003.lang =
ume.r3.connection.003.msghost =
ume.r3.connection.003.passwd = ******
ume.r3.connection.003.poolmaxsize = 10
ume.r3.connection.003.poolmaxwait =
ume.r3.connection.003.r3name =
ume.r3.connection.003.receiverid = 003
ume.r3.connection.003.receiverid_guest = 003
ume.r3.connection.003.snc_lib =
ume.r3.connection.003.snc_mode =
ume.r3.connection.003.snc_myname =
ume.r3.connection.003.snc_partnername =
ume.r3.connection.003.snc_qop =
ume.r3.connection.003.sysnr =
ume.r3.connection.003.user =
ume.r3.connection.003.userole = false
ume.r3.connection.master.TimeZoneMapping =
ume.r3.connection.master.abap_debug =
ume.r3.connection.master.ashost =
ume.r3.connection.master.client =
ume.r3.connection.master.group =
ume.r3.connection.master.gwhost =
ume.r3.connection.master.gwserv =
ume.r3.connection.master.lang = EN
ume.r3.connection.master.msghost =
ume.r3.connection.master.msserv =
ume.r3.connection.master.passwd = ******
ume.r3.connection.master.poolmaxsize = 10
ume.r3.connection.master.poolmaxwait =
ume.r3.connection.master.r3name =
ume.r3.connection.master.receiverid = master
ume.r3.connection.master.receiverid_guest = master
ume.r3.connection.master.snc_lib =
ume.r3.connection.master.snc_mode =
ume.r3.connection.master.snc_myname =
ume.r3.connection.master.snc_partnername =
ume.r3.connection.master.snc_qop =
ume.r3.connection.master.sysnr =
ume.r3.connection.master.trace =
ume.r3.connection.master.user =
ume.r3.connection.tpd.adapterid = value of ume.r3.connection.tpd.systemid
ume.r3.connection.tpd.systemid = SUS
ume.r3.mastersystem = BWICLNT300
ume.r3.mastersystem.uid.mode = 1
ume.r3.orgunit.adapterid =
ume.r3.sync.sender = SAPMUM
ume.r3.use.role = false
ume.replication.adapters.001.companies =
ume.replication.adapters.001.scope =
ume.replication.adapters.002.companies =
ume.replication.adapters.002.scope =
ume.replication.adapters.003.companies =
ume.replication.adapters.003.scope =
ume.replication.adapters.index_1 =
ume.replication.adapters.index_2 =
ume.replication.adapters.index_3 =
ume.replication.adapters.master.companies =
ume.replication.adapters.master.scope =
ume.replication.crm_sup_register_check = BBP_SUS_BUPA_REGID_CHECK
ume.replication.messaging.active = false
ume.replication.sync.display_all_doc = false
ume.roles.pcd_roles_with_actions =
ume.roles.xml_files = *role.xml
ume.secaudit.get_object_name = false
ume.secaudit.log_actor = true
ume.spml.schema_name = schema.xml
ume.superadmin.activated = false
ume.superadmin.password = ******
ume.supergroups.anonymous_group.description = Built-in Group Anonymous Users
ume.supergroups.anonymous_group.displayname = Anonymous Users
ume.supergroups.anonymous_group.uniquename = Anonymous Users
ume.supergroups.authenticated_group.description = Built-in Group Authenticated Users
ume.supergroups.authenticated_group.displayname = Authenticated Users
ume.supergroups.authenticated_group.uniquename = Authenticated Users
ume.supergroups.everyone.description = Built-in Group Everyone
ume.supergroups.everyone.displayname = Everyone
ume.supergroups.everyone.uniquename = Everyone
ume.testum = false
ume.tpd.classloader =
ume.tpd.companies = 0
ume.tpd.imp.class = com.sap.security.core.tpd.SimpleTPD
ume.tpd.prefix = STPD_
ume.trace.external_trace_class = com.sap.security.core.util.imp.UMTrace_630
ume.usermapping.admin.pwdprotection = true
ume.usermapping.key.protection = TRUE
ume.usermapping.refsys.mapping.type = internal
ume.usermapping.unsecure = false
ume.users.displayname_template = ,
ume.users.email_pattern = ?@?.?*
ume.virtual_groups.description_template = Virtual group
ume.virtual_groups.displayname_template =
ume.virtual_groups.group_names_separator = ;
ume.virtual_groups.name_prefix =
ume.virtual_groups.names =
ume.virtual_groups.trim_group_names = true
ume.virtual_groups.user_attribute =
ume.virtual_groups.user_attribute.multivalue = true
ume.virtual_groups.user_attribute.namespace =
[Info] May 20, 2008 9:12:10 PM TXT
com.sap.engine.config.diagtool.tests.authentication.sso2.SSOTicketIssuerConfigTest
This test verifies the Single Sign-On (SSO) configuration on J2EE Engine.
It checks the prerequisites for issuing SSO logon tickets:
validity of the ticket client
the client is a three-digit string, e.g. 071
validity of the ticket signing private key/certificate
the ticket signing PK location, defined in UME properties,
must be a keypair and the acceptable algorithm is DSA.
[Info] May 20, 2008 9:12:10 PM client string OK
[Info] May 20, 2008 9:12:10 PM keystore view name found in UME: [TicketKeystore]
[Info] May 20, 2008 9:12:10 PM keystore alias name found in UME: [SAPLogonTicketKeypair]
[Info] May 20, 2008 9:12:10 PM
~ getName ~
SAPLogonTicketKeypair
~ isCertificate ~
false
~ isKeypair ~
true
~ getCertificate ~
Version: 3
Serial number: 60679227
Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
Issuer: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Valid not before: Tue May 20 20:42:00 CEST 2008
not after: Wed May 20 20:42:00 CEST 2009
Subject: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
DSA public key (1024 bits):
y: 3c01d64c6c4f5459e7a436429d4e3905b5200333847262a730b65c35be02adc436a3962808a0ea1b544507364397075794dd8f11bc8528bd548141aec0a33d4f3c0818217d07484d43823fccc487038dd2aaa42f0d2c0498c853ed3c172902434674a9b3e7ff12dd6f4a2834978d35ca9cf69bdc1becec2c16267ae334f2fdc
p: 827dd49ca2056984e98371b1340d5d71839285b25acaa382d7ac386e9440843f0a467aa875a8c1ca3b70ba6a970712f6b199ed3eec5313f3940a67bbd69f38722961ab023d17a1333c52235d9fb7d10e95e3a55ef9b04fc7c920c572da7ac3d50f240dbb8e54da9ebb702111c53582e535852e9f593979b33250c88683961917
q: fa5079dafa3f3ab1e80a6df5bd16f224d8f8d71b
g: 4fbdf52e3304f051c17ca55c9381b5c17d4c205076853450cfd9fc72b2e1b2b16fa01048b8ff17e7a90ae1e018053e34d9d561df714cc8dc92b151b5df6659706b5e57c319a2d6583b7d32d2e9e1f1663eaaac460dcd4e677036f7f9be0b2e16a05d695d5b8113a903cb3863561abd364a5d6c156617fa10a32099e1d2347713
Certificate Fingerprint (MD5) : 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate Fingerprint (SHA-1): DD:56:49:B1:D3:0B:BD:79:A3:03:CF:66:33:86:4C:A0:16:FD:04:8F
Extensions: 1
~ getChain ~
chain [1]
Subject:CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Algorithm:dsaWithSHA(1.2.840.10040.4.3)
~ getClass ~
class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
[Info] May 20, 2008 9:12:10 PM The keystore entry test successful.
[Info] May 20, 2008 9:12:10 PM The keystore entry is a keypair.
[Info] May 20, 2008 9:12:10 PM The SSO private key signing algorithm is [DSA]
[Info] May 20, 2008 9:12:10 PM The private key format is [PKCS#8]
[Info] May 20, 2008 9:12:10 PM The system can issue SSO logon tickets.
[Info] May 20, 2008 9:12:10 PM The tickets will be issued with client [000], system [EPI]
[Info] May 20, 2008 9:12:10 PM TXT
com.sap.engine.config.diagtool.tests.authentication.sso2.SSOTicketVerifierConfigTest
This test verifies the Single Sign-On (SSO) configuration on J2EE Engine.
It checks all SSO certificates imported in the SSO trusted key store view
defined in UME properties table. The certificates are verified for validity,
algorithm identifier, and public/private key content. The test checks also
the Access Control Lists configured in evaluate authentication modules.
The ACLs must contain Subjects and Issuers that are available
in the SSO trusted key store view
[Info] May 20, 2008 9:12:10 PM keystore view name found in UME: [TicketKeystore]
[Info] May 20, 2008 9:12:10 PM keystore alias name found in UME: [SAPLogonTicketKeypair]
[Info] May 20, 2008 9:12:10 PM *** checking SSO anchors ***
[Info] May 20, 2008 9:12:10 PM found 2 entries
[Info] May 20, 2008 9:12:10 PM ************ entry #1 [SAPLogonTicketKeypair-cert] **************
[Info] May 20, 2008 9:12:10 PM
~ getName ~
SAPLogonTicketKeypair-cert
~ isCertificate ~
true
~ isKeypair ~
false
~ getCertificate ~
Version: 3
Serial number: 60679227
Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
Issuer: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Valid not before: Tue May 20 20:42:00 CEST 2008
not after: Wed May 20 20:42:00 CEST 2009
Subject: CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
DSA public key (1024 bits):
y: 3c01d64c6c4f5459e7a436429d4e3905b5200333847262a730b65c35be02adc436a3962808a0ea1b544507364397075794dd8f11bc8528bd548141aec0a33d4f3c0818217d07484d43823fccc487038dd2aaa42f0d2c0498c853ed3c172902434674a9b3e7ff12dd6f4a2834978d35ca9cf69bdc1becec2c16267ae334f2fdc
p: 827dd49ca2056984e98371b1340d5d71839285b25acaa382d7ac386e9440843f0a467aa875a8c1ca3b70ba6a970712f6b199ed3eec5313f3940a67bbd69f38722961ab023d17a1333c52235d9fb7d10e95e3a55ef9b04fc7c920c572da7ac3d50f240dbb8e54da9ebb702111c53582e535852e9f593979b33250c88683961917
q: fa5079dafa3f3ab1e80a6df5bd16f224d8f8d71b
g: 4fbdf52e3304f051c17ca55c9381b5c17d4c205076853450cfd9fc72b2e1b2b16fa01048b8ff17e7a90ae1e018053e34d9d561df714cc8dc92b151b5df6659706b5e57c319a2d6583b7d32d2e9e1f1663eaaac460dcd4e677036f7f9be0b2e16a05d695d5b8113a903cb3863561abd364a5d6c156617fa10a32099e1d2347713
Certificate Fingerprint (MD5) : 88:FE:7F:24:F7:64:2A:CC:D7:BE:16:70:74:73:96:27
Certificate Fingerprint (SHA-1): DD:56:49:B1:D3:0B:BD:79:A3:03:CF:66:33:86:4C:A0:16:FD:04:8F
Extensions: 1
~ getChain ~
chain [1]
Subject:CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE
Algorithm:dsaWithSHA(1.2.840.10040.4.3)
~ getClass ~
class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
[Info] May 20, 2008 9:12:10 PM The certificate CN=EPI,OU=I0020275421,O=SAP Trust Community,C=DE algorithm OK.
[Info] May 20, 2008 9:12:10 PM ************ entry #2 [BW_BWI_certificate] **************
[Info] May 20, 2008 9:12:10 PM
~ getName ~
BW_BWI_certificate
~ isCertificate ~
true
~ isKeypair ~
false
~ getCertificate ~
Version: 1
Serial number: 0
Signature algorithm: dsaWithSHA (1.2.840.10040.4.3)
Issuer: CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Valid not before: Mon May 19 20:39:21 CEST 2008
not after: Fri Jan 01 01:00:01 CET 2038
Subject: CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
DSA public key (1024 bits):
y: 8c6ac727a5a7048353e1bde69321c38bd99272f2bd771a678532dc0c8f8bb1f9c5d7c6443986345d0a2a2b4dd1c75b929667ebb6cf1412c4f99381b9ac571f8d2c334892db815547c4e418b001b2276e6a49c106c0248f1a8686650a656f33e648cf8d3e54becf5e0bcdcf5034afd94bf1d7f574258f6e75651b983187dd0093
p: ffe26acc911b083ba364f621c222f00778501509d9748e364824daf19f80448ebd439d2077cff772120bebf27319a108959ec959eb80047729c7d794eb73eff5eaa90def10b5b4aaee638e6b16a9e0608da6f489e259eeb0a3be1a7cac431361ab3bccc13967e571596889e6a605ab6721b0d18712acb8d349ced2f8c1e5cc21
q: 90648a4ec3287c602b63a4d44182fb284d790bfd
g: eb309896ee2cae22e23186d98244bd8910dc697c922930d561529d51a9bc72e9e30012e2205f60752c83a9665b3d8a4d9dbdc7a30a7cb118e97cf114f6571589ed037f39f926523fe08fef40e7339066368c7957c8b744441970497f3d09231cc9af95f178d1632a0c42ff603cb294668021e4a6bcb86fc69d15041fd0f554bb
Certificate Fingerprint (MD5) : 47:5D:87:50:89:F5:DD:72:A4:A3:B2:BA:FA:6A:B4:09
Certificate Fingerprint (SHA-1): 3B:CC:58:02:86:47:D2:02:E2:E2:DB:73:84:C1:F1:81:DB:D1:72:F3
~ getChain ~
chain [1]
Subject:CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE
Algorithm:dsaWithSHA(1.2.840.10040.4.3)
~ getClass ~
class com.sap.engine.config.diagtool.lib.keystore.OfflineKeystoreEntry
[Info] May 20, 2008 9:12:10 PM The certificate CN=BWI,OU=I0020275421,OU=SAP Web AS,O=SAP Trust Community,C=DE algorithm OK.
[Info] May 20, 2008 9:12:10 PM *** com.sap.security.core.server.jaas.EvaluateTicketLoginModule ***
[Info] May 20, 2008 9:12:10 PM 28 configurations found.
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.security.ws*KeystoreHelp_client]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.security.ws*KeystoreHelp_client]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/KeystoreHelp/client
auth_method=client-cert
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.af.ispeak.app*pip]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.af.ispeak.app*pip]}(size: 3)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
#1 ume.configuration.active = true
2. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( REQUISITE ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
3. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( OPTIONAL ) com.sap.security.core.server.jaas.CreateTicketLoginModule
#1 ume.configuration.active = true
authentication properties:
realm_name=ISPEAK
policy_domain=/RWB
auth_method=basic
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tcslmslmapp*slmSolManServices_Config1]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tcslmslmapp*slmSolManServices_Config1]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/slmSolManServices/Config1
auth_method=client-cert
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/cafruntimeear*CAFDataService_Config]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/cafruntimeear*CAFDataService_Config]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/CAFDataService/Config
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.af.service.trex.ws*TrexProcessor_basic]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.af.service.trex.ws*TrexProcessor_basic]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/TrexProcessor/basic
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tcsecwssec~app*wssproc_plain]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tcsecwssec~app*wssproc_plain]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/wssproc/plain
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tckmcbc.rf.wsrfwsear*RepositoryFrameworkWS_Config1]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tckmcbc.rf.wsrfwsear*RepositoryFrameworkWS_Config1]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/RepositoryFrameworkWS/Config1
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.xi.mdt*AdapterMessageMonitoring_basic]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.xi.mdt*AdapterMessageMonitoring_basic]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/AdapterMessageMonitoring/basic
auth_method=basic
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.aii.af.ms.app*MessagingSystem]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/com.sap.aii.af.ms.app*MessagingSystem]}(size: 2)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
#1 ume.configuration.active = true
2. ( com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule ) ( REQUISITE ) com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule
authentication properties:
realm_name=Message Display Tool
policy_domain=/RWB
auth_method=basic
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/tcslmslmapp*slmServices_config]
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM {[sap.com/tcslmslmapp*slmServices_config]}(size: 4)
1. ( com.sap.security.core.server.jaas.EvaluateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateTicketLoginModule
2. ( com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.EvaluateAssertionTicketLoginModule
3. ( com.sap.engine.services.security.server.jaas.ClientCertLoginModule ) ( OPTIONAL ) com.sap.engine.services.security.server.jaas.ClientCertLoginModule
4. ( com.sap.security.core.server.jaas.CreateTicketLoginModule ) ( SUFFICIENT ) com.sap.security.core.server.jaas.CreateTicketLoginModule
authentication properties:
realm_name=Upload Protected Area
policy_domain=/slmServices/config
auth_method=client-cert
[Warning] May 20, 2008 9:12:10 PM No options defined
[Info] May 20, 2008 9:12:10 PM ----
[Info] May 20, 2008 9:12:10 PM | |
[Info] May 20, 2008 9:12:10 PM | Auth stack [sap.com/com.sap.lcr*sld]
[Info] May 20, 2008 9:12:10 PM |When I execute RSPOR_SETUP report from SE38 to check the configuration between BW and Protal, the system shows the following message:
http://img58.imageshack.us/img58/1910/j2eegw5.png
http://img53.imageshack.us/img53/4158/step7vf1.png
This is my configuration:
http://img58.imageshack.us/img58/5937/strustry9.png
http://img142.imageshack.us/img142/9721/keystorageyt6.png
http://img53.imageshack.us/img53/6971/ticketbl2.png
http://img53.imageshack.us/img53/2689/evaluatemr0.png
http://img177.imageshack.us/img177/1271/umeyz5.png
http://img53.imageshack.us/img53/9763/slddf1.png
Entry in dev_jrfc.trc
Message : java.lang.RuntimeException: call FM RSWR_RFC_SERVICE_TEST to ProgId SAPIA64BW_PORTAL_EPI on host SAPIA64BW with SSO not authorized: Missing Password
Datasource : 11197950:J:\usr\sap\EPI\JC01\j2ee\cluster\server0\dev_jrfc.trc
Could you please help me??
Thanks in advance
Edited by: Juan de la Cruz Arellano Royo on May 21, 2008 11:17 AM -
External Facing Portal with access to ITS via Transaction Iview
Hi Experts,
We have a requirement to make the portal available externally for third party vendors to access ECC transactions. We have configured a URL with a reverse proxy to the portal server. Portal loads fine from outside the network, but when launching a transaction I-view, a page cannot be displayed error comes up in IE-8 and Chrome says it cannot access the ECC server.
I've searched the forums and come up with a couple of tips, but that brings on a couple more questions.
It seems you can direct traffic from external URL to portal server:port, but when launching an transaction I-view, it needs to be redirected again to the ECC server:port/sap/bc/gui* (or something like that for SICF GUI service). Question here is, once this redirect happens, technically the ECC box is now available externally vs. only the portal? Is this recommended?
Other option I've found is to try and use IAC I-views instead. Is this really much different than a transaction i-view in how portal handles the opening Iframe? Does it allow backend connectios without rerouting internet traffic to the backend server?
Are they any other options to make this type of setup work for external facing portals using transaction iviews to access ITS?
Thanks for the help!Hi
Did you able to resolve the issue. We have installed Web Dispatcher through we are able to call the EP but when calling the transaction iViews page not found error pops up, since from EP server request to ECC goes via the URL http://<ecchost.domain>.:8000/sap/bc/gui/sap/its/webgui?sap-client=100.
Thanks
Murthy -
Reg : Error in Portal while accessing BI Report.
Hi,
When I am trying to access BI report in the portal I got the following error in Portal
User #### has no RFC authorization for function group SYST.
Please assist to resolve the issue.
Thanks,
Prakash.Hi
This is an authorization issue.
Either include SYST in authorization object S_RFC.
Or assign SAP_ALL role to the user and then try. -
HTML Files in portal that access relative images
We put html files on some of our pages. These open up and display their contents, which include images. These images we store on the same portal page (but hide them) so the html page has access to them in the same directory. So, we basically, use a portal page as a web server directory to put the html, css, images, etc.
Is this going to break in a future version of portal?
According to:
http://download-west.oracle.com/docs/cd/B14099_19/portal.1014/b13809/apdxurls.htm
"Following this release, path-based URLs that follow the following syntax will be obsolete"
That sounds to me like my above scenario will break. Yes?
Thanks.Why do you use html files exactly ? Because, we have legacy HTML documents that are from our pre-portal intranet days. We were able to just stick them into a portal page and they worked. And, the nice thing is that they can link to each other with relative links within the same directory/path. So, it's not just images. We really don't care that much about images, that was just an example that would be easy for people to understand. Using the /images folder does not solve most of problem. And, like I mentioned before, we also have PDFs with PDF-to-PDF web links where they all link to each other with relative links within the same directory. We also have some Flash (swf) files that take advantage of page-path URLs.
It's not like our whole portal is made up of HTML documents. But, we used many of them instead of Word or PDF documents, because that's what we had from before. So, in most cases we can convert them to PDFs. But, there are some cases where we have mini websites made up of HTML files all stuck into a Portal page. These, and the PDF-to-PDF linked documents are a bigger problem.
This is a major headache that we are not looking forward to. -
ESS / MSS -- Error in Portal while Accessing Who's Who (Urgent)
Hi Gurus,
I get the following error while accessing who's who, please clarify
Read of object with ID portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.whoiswho/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.whoiswhoapplication failed
some where inside the error log it gives that
Caused by: com.sapportals.portal.pcd.gl.PermissionControlException: Access denied (Object(s): portal_content/com.sap.pct/srvconfig/com.sap.pct.erp.srvconfig.ess.employee_self_service/com.sap.pct.erp.srvconfig.whoiswho/com.sap.pct.erp.srvconfig.fpmapplications/com.sap.pct.erp.srvconfig.whoiswhoapplication)
Is this becasue of the unavailability of change authorization?
We have'nt actually started the config.
SeraHi,
This is because you have to give end user permissions for the portal user ot access the objects.This is an issue with permission.
refer the note 939412 for solution.
Regards,
Sharadha -
IP Address determination based Portal Roles Access
Dear Experts,
Current Scenario - SAP Portal is accessible directly and via Citrix (VPN).
Based on the URL alias - we have implemented Desktop Filtering.
eg if the URL ends with / internet - You get restricted roles
eg if the URL ends with / intranet - You get wider roles
In Production, we also have Netscaler Reverse Proxy and HTTPs settings in place for External (outside firewall) access.
New Requirement (Example) - Based on the IP address of the client, determine which subnet it falls under and based on that -
If used within Citrix - Provide certain roles
If not used within Citrix - Restricted access / Redirect to a different URL on the redirect server.
Questions - With the current desktop filtering in place based on URL determination and no specific restriction for inside/outside Citrix access -
I believe tweaking SAP Portal Logon logic can get very painful and overtly complicated for such scenarios.
Please suggest which would be a good way to crack this? eg using admin settings at these levels - eg Citrix, Network OS Exit, Reverse Proxy etc based on Best Practise ?
Thanks for your inputs ~ DhanzHi Dhanz,
You are right, it's a complicated scenario.
Unfortunately I am not expert on Citrix, Network OS Exit, Reverse Proxy, etc. But I have discussed this issue with web dispatcher expert colleagues and I believe you can use the IP address as distinguishing criterion / mapping table. Please see the documentation below:
http://help.sap.com/saphelp_nw04/helpdata/en/de/89023c59698908e10000000a11402f/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/24/62c6bacba12442a869a599149227ab/frameset.htm
I hope it helps,
Kind regards,
Lisandro Magnus -
Schedule Portal Users Access Restriction
Hi All,
I have a scenario where in I need to restrict the access of some specific user(s)/Groups to the portal during a specific time period daily. This has to be automated and scheduled accordingly. I dont want to either delete the users or specifiy user expiry date. Please suggest if any one of you have a solution or suggestion regarding this.
Regards,
SreeramWhat are you using for your LDAP?
I do not see a way to do it via portals but with me in MSADS I can restrict days and time from there. -
Oracle Portal and access data from OID
I was trying to do the employee search on Portal. I need to enter firstname or lastname of an employee and click search button and it display employee details
These are the steps I followed
I created a database provider "Portal1" using the schema Portal
Then I created a dynamic page using that provider
This is the code I have in the dynamic page
<HTML>
<HEAD>
<TITLE>Example</TITLE>
</HEAD>
<BODY>
<H2>Example of A Dynamic Page</H2>
<ORACLE>SELECT * FROM PORTAL.WWSEC_PERSON
</ORACLE>
</BODY>
</HTML>
Dynamic page was created successfully.
This is my intention. Create a dynamic page and run it as a portlet and publish it in the portal repository. Then use that portlet as any other portlet on the page.
I assume if I use a bind variable in the sql, I'll be able to pass the parameter (lastname/firstname) from the page and display the employee details on the page.
This is my problem. When I tried to run the dynamic page as portlet, I am getting the following error. Please advise if I am doing something wrong or is there any other way to access emplyee details
INTERNAL ERROR
"Failed to parse the query, ORA -00942 table or view does not exist
Failed to parse as PORTAL_PUBLIC - SELECT * FROM PORTAL.WWSEC_PERSON$
The preference path does not exist - ORACLE.WEBVIEW.PARAMETERS
ThanksAs the forum name says: "product-related questions cannot be answered here"
Please choose an appropriate Portal forum for your questions. -
Netweaver portal and access to sharepoint document.
Hello everybody,
I need to know if i can create a link from an iview in the portal on a folder with document on share point or on the document itself.
I don't know share point. And i need to know if i could create a link to a document on share point like we could do on the document in the KM Content of the portal.
Any idea?Hello Jérome!
Basicly yes, you can use such links. Sharepoint offers at least two ways of access to it's documents: Either with navigation to a sharepoint site offering the document in question or through WebDAV access.
Another option is to create a Repository to the WebDAV-Source of sharepoint in the portal KM and create links pointing to the new repository.
If you want to use SAP Portal Search (TREX) on those docs, the WebDAV-Repository is your best choice.
Cheers,
Jürgen -
How to keep navigation with in the portal when accessing third party applic
Hi
I am trying to integrate Peoplesoft applications into portal.I am able to access the PS applications,but when i try to navigate through the Peoplesoft pages,page is not opening in Content area.Peoplesoft page is opening in the browser rather than in the content area.
As for my concren in navigation at oneplace its leaving the portal environment to other Ps serevers environment.As PS link is pointing to PS server.
How to overcome this problem.I want to open all peoplesoft pages within the portal content area.
regards
UsmanAnyone to answer this question.Urgent.
regards
Usman
Maybe you are looking for
-
How to map single to multiple record in Biztalk Map
Hi, I have a flat file Input as below For understandability I am making it as XML: <Input> <Name>vignesh</Name> <Country>India</Country> <orderNumber>123<orderNumber> </Input> I am having a look up table to retrieve multiple LineItem per Name Output
-
How to apply compliance framework oem 12c
Hi At Compliance Library I got the default Compliance Frameworks. One of them is the "PCI DSS (Version 2.0)" framework .. When I click Enterprise - Compliance - Results and then I click Compliance Frameworks on Evaluation Results I have "No data to d
-
Hi I am doing Intercompany STO and preparing document type NB and give some conditions like base price and other conditions like freight.I then do delivery with transaction VL10B. But when I go to create Billing document it is created with 0 value.Ho
-
Queue Based printers stopped working after Zen 7 installed
We have just installed Zenworks 7 suite. We have Windows XP machines with new Novell client and zfdagent. We have a policy setup and users can login and receive their applications but they can not print. All over our printers have Queues, Servers and
-
How to Work Faster in AE, Shake, etc.
Hi, In perusing the market for jobs in rotoscoping, or other digital artist positions related to film, it seems that speed is paramount. If you can't work fast enough, you're fired! What's the best way, outside of practice (which is obvious) to work