Routing internal users through UAG
We have published SharePoint on the UAG and want all internal users to access SharePoint through the UAG, as if they were connecting from outside our network. This is working. The problem is that we are trying to publish Office Web Apps
for SharePoint and it is not working internally or externally. We followed the TechNet article "Publishing Office Web Apps Server Using a Reverse Proxy Server." Is this a supported configuration (to route all internal traffic through UAG
as if the connection was external to the network)?
Thanks for your reply. The underlying setup is the following and this should clarify things a bit:
UAG is load balancing SharePoint farm.
Internal DNS is the same as the Public DNS to access SharePoint. (For example sp.domain.com)
At this point Office Web Apps works normally for both internal and external users.
Since we want users to experience the same login steps, the following was done:
A DNS record was created internally, so that sp.domain.com resolves to the public IP of the UAG. This way everyone is going through the UAG for access regardless if they are internal or external users. This is when we started having issues. It seems that
there is a loop somewhere when office web apps tries to send the document back to SharePoint.
Similar Messages
-
Publishing a site through UAG without using the Portal login
Good Day -
I'd like to ask if there is a way to publish access to an internal site through UAG without users having to use the Portal login - say by providing a link -Hello,
The portal app is mandatory even if you not use it, indeed if you delete this app UAG stop to work as expected.
In order to publish your internal site without going through the portal, in select application select the following options:
Type: Web
Web: Other Web Application (application specific hostname)
With this you could bind a direct DNS name to your publication without using the portal in order to access to it.
Regards,
Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
http://security.sakuranohana.fr/ -
Hi All,
My ACS5.2 joined Windows 2003 Active Directory successfully. I created Support group with user1 in the internal store, also created Support-AD group with userad1 in the AD store. Identity Store Sequency is set Internal first, then AD. I can map Support-AD group to the local Support group without any problem.
Internal user gets authenticated and authorized OK. However, if the user is an AD user, the rule for AD users is not picked. So it goes to default.
I must have missed something. Please help. I have uploaded my screenshots.Thanks in advance.Hello Robert
I am facing the same problems like you.
Pls can you help me to configure ACS to join the AD ?
My goal is to authenticate users on AD for access to cisco routers and switches
I configured local users on ACS5.2 and I tested them. Everything is working fine (authentication, authorization etc)
Now I try to authenticate users from AD without success
I would like to send you the screenshots of the current configuration. Can you pls tell me where is the mistake or what have I forgotten to apply ?
Pls send me an email to send you the screenshots
Happy New Year
Kostas Papachristofis
Message was edited by: Kostas Papachristofis
I attach the screenshots -
Internal user gets trafic from public AV Edge interface
please can you help me to understand the following scenario:
a call between two internal users causes traffic from the public AV interface of the Edge server and the internal clients.
I know that the Edge server will be used to get the public IP address of the users router (to send data over NAT).
But is there another scenario where data will be send from the public or to the public AV interface of the Edge server when the user is internal?
Thanks for your helpHi Augustin Ziegler,
Do you have users who are using the mobile client?
Any internally connected 2013 mobile clients will leverage the external UCWA URL which in a properly configured environment should cause the client to resolve and connect to a reverse proxy service. The actual data path can vary here depending on the
network configuration. The connection could be directed out a corporate firewall to the Internet and back in through a different firewall to the reverse proxy server connecting back into the external web service on the Lync Front End server. Or this
traffic could be purposely directed to the internal interface of a reverse proxy server listening for the same traffic as on the external interface, which would shorten the trip distance but still be routed to the external web services. Either way the
registration traffic and all connectivity between the 2013 mobile client and the Lync Front End server is hairpinned in some fashion.
All connectivity between internal mobile clients and the Edge server will follow the same logic, meaning that these clients will connect to the
external interface of the Edge Server just as if they were external clients. It does
not mean that all media is hairpinned though. All Lync clients will still attempt direct connections so in the event of internal peer calls or when joining conference calls on the Lync AVMCU media will still be able to be routed directly as long
as that traffic path is not filtered in a way to prevent this from happening. In cases where the Edge Server must step-in to assist in relaying the media then the internal mobile clients will be taking the long way around to the external Edge interface.
Best regards,
Eric -
Exchange Web Services for external O365 users w/UAG
The client has UAG in use, currently, for OWA and EAS for the on-prem mailboxes.
We have O365 Federation enabled right now using ADFS with proxies. ADFS is *not* behind the UAG firewall. sss.clientdomain.com resolves directly to the ADFS proxies. We've successfully tested the SSO redirect.
With UAG in play, how will that affect Exchange Online mailbox users who are trying to get to OWA from their home PC? The UAG proxy is set for pre-auth to the internal AD DS.
Is this going to be a problem for Exchange Online users using OWA and EAS? If so, how do I get around this? My goal is to make sure UAG is as small of a piece of this puzzle as possible, seeing it is nearing end-of-life.Exchange Online OWA users will likely have to authenticate twice here - once to get to the on-prem Exchange server for OWA through UAG, and then again at the ADFS Proxy, after the on-prem redirection. The alternative would be
to provide Exchange Online users the separate URL, so as to connect directly to Exchange Online, and therefore only getting prompted for authentication once at the ADFS Proxy.
-
Redirect external user (internet) & internal user (intranet)
Hi, we are developing a public portal services in which we have two kind of user: a) public user that access through internet to the portal. b) internal user that access inside a domain to the portal.
We want to know How we can know which is the external and which is the internal in order to assign a portal desktop.
I have seen in the forms the following options:
1.-> IISPROXY
2.-> SPNEGO
3.-> APACHE & SAPDISPATCHER
1.-> It seems that we the last release of the portal is obsolete
2.-> It seems that SPNEGO is for internal use only (intranet).
3.-> I have not documentation about.
I would be very grateful if someone give a solution and documentation or links about it.
Thanks in advanced.
Regards.Hi Optima,
You can use a appIntegrator to distinguish intranet/ extranet users..
Have a look at "HowToUseAppIntegrator_en.pdf" from service market place.
This weblog should give you some idea about appintegrator: Step-By-Step Guide to implement Application Integrator
Regards,
SK. -
External users can communicate web server, Internal users can't communicate
Hi All,
This Babu, I have Cisco - 1941 and ASA 5510, ISP was terminated on Router point ot point connectivity(10.10.10.0/30). Router isdie ip is Public ip
(49.49.49.1/28), firewall inside ip is 49.49.49.2 and i have done nating in firewall with private ip 192.168.1.0/24.
we have web server, this is also connected in Intranet, this internal ip was 192.168.1.13 nat with publi ip 49.49.49.13.
In this scenario all external users can communicate with web server ie www.example.com. but internal users can't communicate with www.example.com
All internal user able to ping the web server with 192.168.1.13 successfully and get the internet also.
Please help me, what is the problem...Hi Jereen,
my user tried the following :
- went to http://oraclepartnernetwork.oracle.com/
- at top of the page, click on the "Register / Sign In" link.
- entered user name [email protected], and password (he tried also with a reset system generated password)
- got "Invalid Login" Error
so it seems the issue is not with beehive online, but with SSO to start with...
my other sun.com users have the same issue. Could it be a restriction on Sun.com domain ?
I understand now my issue is not with beehive online, so don't hesitate to redirect me to the appropriate support team if necessary.
Thanks a lot for all your help
christian -
SPAM effectiveness report for an internal user
Years ago on a previous product, we had a report we could run which would show the SPAM effectiveness for an individual user. This was useful for associates who felt they were receiving too much SPAM, when in reality, we were stopping 99.4% of the SPAM destined for them and the 2 they received over the past month were not devastating.
I looked through the reports available from the ESAs but do not see anything similar. We are running ESA 7.6.3-019 and SMA 7.9.0-107.
ThanksHello Mark,
in general spam efficiency reports would not work for individual, mainly because the spam detection process is not only limited to the spam engine, the major work is actually done by the reputation engine. In other words, senderbase, which on average blocks more that 90% of all connection attempts, mostly from hosts with a score of -5 or worse. By default these connections are already dropped before sender and recipients are injected, so the system is not aware who the potential spam was targeted for.
You could work around this by enabling delayed HAT rejection, which would still wait until sender and recipients are injected, before disconnecting. In this case, you can check
GUI: Monitor->Incoming Mail
specify a time range, and then enter the internal user in the search field below the main table. Or leave it empty and just hit "Search" for a list of all users, the list then can be sorted by clicking on the column names. The result table will contain entries like "Total Attemted" and "Spam Detected", and of course the results can be exported as well.
Hope that is what you are looking after.
Regards,
Andreas -
Oracle on NT (Logmnr and Internal User fail)
Hi,
My Environment is NT. I got two questions First, I have problem to use "Log Viewer"
DBMS_LOGMNR_D to create the dictionary file.
In the statement, I should have file name and file directory to generate the dictionary file. The problem is the file directoy format of NT and Unix is different, so I changed the file directory to the right format for NT. However, I tried several kinds of format. None of them works. So, does anyone knows the right format for "logmnrd" for NT?
Second, my test environment can not be logged in as internal user , system and sys. I am sure the password is correct, but at the time I connectted by them. I got the error message indicating me that "Insufficient Privilege". I don't know why? So the only way for me the shutdown the database is through the NT services.
Does any one know how to solve this?
Thanks in advance.
chechunHi,
My Environment is NT. I got two questions First, I have problem to use "Log Viewer"
DBMS_LOGMNR_D to create the dictionary file.
In the statement, I should have file name and file directory to generate the dictionary file. The problem is the file directoy format of NT and Unix is different, so I changed the file directory to the right format for NT. However, I tried several kinds of format. None of them works. So, does anyone knows the right format for "logmnrd" for NT?
Second, my test environment can not be logged in as internal user , system and sys. I am sure the password is correct, but at the time I connectted by them. I got the error message indicating me that "Insufficient Privilege". I don't know why? So the only way for me the shutdown the database is through the NT services.
Does any one know how to solve this?
Thanks in advance.
chechun -
Creating internal user account in ACS 5.2
I have an ACS 5.2 server integrated with Active directory . Now i need to create an internal user account to login to some radisu devices using internal user database .I have near about 600 users all are authenticating through AD .
Regards ,
SandeepThere is system account in ACS ,which is using to run the scripts . in AD the same account is cerated as a service account and last day the account got expired .we extended that account but its not working ,As per AD team there is no issue from AD side .but we are unable to login to the devices using that account .when we are running the script contineous failed attempts is coming .
So now we need to create an internal account for testing purpose .
I have created the same and issue got fixed . -
ALV output converted into PDF format and send that PDF to user through mail
Hi Experts,
I have report earlier its output was in alv grid.
Now i want that ALV output converted into PDF format.And that PDF output send to user through mail.
Can u please tell how to do?
My code is here(output is displaying in ALV grid).
INCLUDE <icon>.
TYPE-POOLS: slis, kkblo.
TABLES : zmsd_freight_hdr, zmsd_freight_det, zmsd_blinfo, zmsd_diheader.
TABLES : lfa1.
DATA : t_hdr LIKE zmsd_freight_hdr OCCURS 0 WITH HEADER LINE,
T_DET LIKE ZMSD_FREIGHT_DET OCCURS 0 WITH HEADER LINE,
t_bl LIKE zmsd_blinfo OCCURS 0 WITH HEADER LINE,
t_di LIKE zmsd_diheader OCCURS 0 WITH HEADER LINE.
DATA: BEGIN OF t_det OCCURS 0.
INCLUDE STRUCTURE zmsd_freight_det.
DATA type(30).
DATA: END OF t_det.
DATA: v_target2(30),
v_zsammg LIKE t_det-zsammg,
v_gsttotal LIKE t_det-zamount.
DATA : BEGIN OF t_data OCCURS 0,
zsammg LIKE zmsd_freight_hdr-zsammg,
zdidbl LIKE zmsd_freight_hdr-zdidbl,
zvkorg LIKE zmsd_freight_hdr-zvkorg,
zinvno LIKE zmsd_freight_hdr-zinvno,
zttlamt LIKE zmsd_freight_hdr-zttlamt,
zstatus LIKE zmsd_freight_hdr-zstatus,
ztype LIKE zmsd_freight_hdr-ztype,
zconfirm LIKE zmsd_freight_hdr-zconfirm,
zconfirmdate LIKE zmsd_freight_hdr-zconfirmdate,
erdat LIKE zmsd_freight_hdr-erdat,
ernam LIKE zmsd_freight_hdr-ernam,
erzet LIKE zmsd_freight_hdr-erzet,
aedat(10),
aenam LIKE zmsd_freight_hdr-aenam,
aezet LIKE zmsd_freight_hdr-aezet,
zline LIKE zmsd_freight_det-zline,
zfptype LIKE zmsd_freight_det-zfptype,
zchrcode LIKE zmsd_freight_det-zchrcode,
zcurcode LIKE zmsd_freight_det-zcurcode,
zqty LIKE zmsd_freight_det-zqty,
zuom LIKE zmsd_freight_det-zuom,
zrate LIKE zmsd_freight_det-zrate,
zamount LIKE zmsd_freight_det-zamount,
zexrate LIKE zmsd_freight_det-zexrate,
zccode LIKE zmsd_blinfo-zccode, "MADK991565
zccode like ZMSD_FREIGHT_HDR-zfcode, "MADK991565
zbldate(10),
zbl LIKE zmsd_blinfo-zbl,
type(3),
waerk LIKE zmsd_freight_det-zcurcode,
zamountl LIKE zmsd_freight_det-zamount,
END OF t_data.
DATA : w_layout TYPE slis_layout_alv,
w_catalog TYPE slis_fieldcat_alv,
t_catalog TYPE slis_t_fieldcat_alv,
w_sort TYPE slis_sortinfo_alv,
t_sort TYPE slis_t_sortinfo_alv.
DATA V_ZINVNO like T_HDR-ZINVNO. "MADK991565
DATA : v_count TYPE i.
SELECTION-SCREEN BEGIN OF BLOCK a0 WITH FRAME TITLE text-001.
PARAMETERS : p_zvkorg LIKE zmsd_freight_hdr-zvkorg OBLIGATORY .
SELECT-OPTIONS : s_zdidbl FOR zmsd_freight_hdr-zdidbl ,
s_zccode FOR lfa1-lifnr ,
s_status FOR zmsd_freight_hdr-zstatus ,
s_ztype FOR zmsd_freight_hdr-ztype ,
s_erdat FOR zmsd_freight_hdr-erdat ,
s_ernam FOR zmsd_freight_hdr-ernam ,
s_zconfd FOR zmsd_freight_hdr-zconfirmdate .
PARAMETERS : p_zconf AS CHECKBOX .
SELECTION-SCREEN END OF BLOCK a0.
SELECTION-SCREEN BEGIN OF BLOCK a1 WITH FRAME TITLE text-002.
PARAMETERS : p_hdr RADIOBUTTON GROUP rad DEFAULT 'X' ,
p_det RADIOBUTTON GROUP rad .
SELECTION-SCREEN END OF BLOCK a1.
INITIALIZATION.
AT SELECTION-SCREEN.
START-OF-SELECTION.
PERFORM get_data.
PERFORM process.
PERFORM display.
END-OF-SELECTION.
PERFORM fm_get_num_pages.
AT USER-COMMAND.
AT LINE-SELECTION.
TOP-OF-PAGE.
PERFORM fm_top_of_page USING '7010' sy-title space.
FORM get_data.
SELECT *
FROM zmsd_freight_hdr
INTO TABLE t_hdr
WHERE zvkorg EQ p_zvkorg
AND zdidbl IN s_zdidbl
AND zstatus IN s_status
AND ztype IN s_ztype
AND erdat IN s_erdat
AND ernam IN s_ernam
AND zconfirmdate IN s_zconfd
AND ZFCODE IN S_ZCCODE. "MADK991565
IF p_zconf = 'X'.
DELETE t_hdr WHERE zconfirm NE 'C'.
ENDIF.
CHECK NOT t_hdr[] IS INITIAL.
SELECT *
FROM zmsd_blinfo
INTO TABLE t_bl
FOR ALL ENTRIES IN t_hdr
WHERE zsammg = t_hdr-zsammg.
SORT t_bl BY zsammg.
SELECT *
FROM zmsd_diheader
INTO TABLE t_di
FOR ALL ENTRIES IN t_hdr
WHERE zsammg = t_hdr-zsammg.
SORT t_di BY zsammg.
IF P_DET = 'X'. "MADK933361
SELECT *
FROM zmsd_freight_det
INTO TABLE t_det
FOR ALL ENTRIES IN t_hdr
WHERE zsammg = t_hdr-zsammg
AND ZINVNO = T_HDR-ZINVNO . "MADK991565
SORT t_det BY zsammg zline. "MADK991565
SORT T_DET BY ZSAMMG ZINVNO ZLINE. "MADK991565
ENDIF. "MADK933361
ENDFORM.
FORM process.
REFRESH t_data.
CLEAR v_gsttotal. "MADK933361
LOOP AT t_hdr.
Start of MADK933361
CLEAR: v_target2.
v_zsammg = t_hdr-zsammg.
V_ZINVNO = T_HDR-ZINVNO. "MADK991565
AT NEW zsammg. "MADK991565
AT NEW ZINVNO. "MADK991565
PERFORM get_gst_value.
ENDAT.
End of MADK933361
PERFORM move_header.
CHECK t_data-zccode IN s_zccode.
IF p_det = 'X'.
CSF Project Changes Starts DEV34 MADK985782
LOOP AT T_DET WHERE ZSAMMG = T_HDR-ZSAMMG..
LOOP AT t_det WHERE zsammg = t_hdr-zsammg AND
zinvno = t_hdr-zinvno.
CSF Project Changes Ends DEV34 MADK985782
PERFORM move_header.
CHECK t_data-zccode IN s_zccode.
MOVE-CORRESPONDING t_det TO t_data.
t_data-zamountl = t_data-zamount * t_data-zexrate.
APPEND t_data.
CLEAR t_data.
ENDLOOP.
ELSE.
APPEND t_data.
CLEAR t_data.
ENDIF.
AT END OF zsammg.
CLEAR v_gsttotal.
ENDAT.
*Start of changes for IS090901289-PIA MADK991565
AT END OF ZINVNO.
CLEAR V_GSTTOTAL.
ENDAT.
*End of changes for IS090901289-PIA MADK991565
ENDLOOP.
ENDFORM.
FORM move_header.
MOVE-CORRESPONDING t_hdr TO t_data.
t_data-zttlamt = t_data-zttlamt + v_gsttotal. "MADK933361
t_data-waerk = 'SGD'.
IF NOT t_hdr-aedat IS INITIAL.
WRITE: t_hdr-aedat TO t_data-aedat.
ELSE.
CLEAR : t_data-aedat.
ENDIF.
READ TABLE t_bl WITH KEY zsammg = t_hdr-zsammg BINARY SEARCH.
IF sy-subrc EQ 0.
t_data-zccode = t_bl-zccode. "MADK991565
T_DATA-ZCCODE = T_HDR-ZFCODE. "MADK991565
IF NOT t_bl-zbldate IS INITIAL.
WRITE: t_bl-zbldate TO t_data-zbldate.
ENDIF.
t_data-zbl = t_bl-zbl.
t_data-type = 'DBL'.
ELSE.
READ TABLE t_di WITH KEY zsammg = t_hdr-zsammg BINARY SEARCH.
IF sy-subrc EQ 0.
t_data-zccode = t_di-zdiforcode. "MADK991565
T_DATA-ZCCODE = T_HDR-ZFCODE. "MADK991565
t_data-type = 'DI'.
ENDIF.
ENDIF.
ENDFORM.
FORM display.
IF t_data[] IS INITIAL.
MESSAGE s398(00) WITH 'No Data Selected'.
EXIT.
ENDIF.
DATA : l_repid LIKE sy-repid.
l_repid = sy-repid.
REFRESH t_catalog.
CLEAR t_catalog.
w_layout-cell_merge = 'X'.
PERFORM map_fields.
CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
EXPORTING
i_callback_program = l_repid
i_callback_user_command = 'ALV_USER_COMMAND'
is_layout = w_layout
it_fieldcat = t_catalog[]
i_grid_title = sy-title
i_save = 'A'
it_sort = t_sort[]
TABLES
t_outtab = t_data
EXCEPTIONS
program_error = 1
OTHERS = 2.
IF sy-subrc <> 0.
ENDIF.
ENDFORM.
FORM map_fields.
Sort Order
CLEAR v_count.
PERFORM sf USING 'ZDIDBL' 'X' 'X'.
Fields to be displayed
CLEAR v_count.
IF p_hdr = 'X'.
PERFORM af USING :
DESCRIPTION FIELD LEN RTABLE RFIELD
'DI/DBL ' 'ZDIDBL' '14' ' ' ' ',
'Type ' 'TYPE' '04' ' ' ' ',
'Forwarder Code ' 'ZCCODE' '14' ' ' ' ',
'BL Number ' 'ZBL' '14' ' ' ' ',
'BL Date ' 'ZBLDATE' '10' ' ' ' ',
'Invoice Number ' 'ZINVNO' '15' ' ' ' ',
'Extraction ' 'ZSTATUS' '05' 'ZMSD_FREIGHT_HDR' 'ZSTATUS ',
'Freight Type ' 'ZTYPE' '05' 'ZMSD_FREIGHT_HDR' 'ZTYPE ',
'Confirmation ' 'ZCONFIRM' '05' 'ZMSD_FREIGHT_HDR' 'ZCONFIRM',
'Confirm Date ' 'ZCONFIRMDATE' '10' 'ZMSD_FREIGHT_HDR'
'ZCONFIRMDATE',
'Total Amount ' 'ZTTLAMT' '18' ' ' ' ',
'Created On ' 'ERDAT' '10' ' ' ' ',
'Created By ' 'ERNAM' '10' ' ' ' ',
'Changed On ' 'AEDAT' '10' ' ' ' ',
'Changed By ' 'AENAM' '10' ' ' ' '.
ELSE.
PERFORM af USING :
DESCRIPTION FIELD LEN RTABLE RFIELD
'DI/DBL ' 'ZDIDBL' '14' ' ' ' ',
'Type ' 'TYPE' '04' ' ' ' ',
'Forwarder Code ' 'ZCCODE' '14' ' ' ' ',
'BL Number ' 'ZBL' '14' ' ' ' ',
'BL Date ' 'ZBLDATE' '10' ' ' ' ',
'Invoice Number ' 'ZINVNO' '15' ' ' ' ',
'Extraction ' 'ZSTATUS' '05' 'ZMSD_FREIGHT_HDR' 'ZSTATUS ',
'Freight Type ' 'ZTYPE' '05' 'ZMSD_FREIGHT_HDR' 'ZTYPE ',
'Confirmation ' 'ZCONFIRM' '05' 'ZMSD_FREIGHT_HDR' 'ZCONFIRM',
'Confirm Date ' 'ZCONFIRMDATE' '10' 'ZMSD_FREIGHT_HDR'
'ZCONFIRMDATE',
'Total Amount ' 'ZTTLAMT' '18' ' ' ' ',
'Freight Payment ' 'ZFPTYPE' '14' ' ' ' ',
'Charge Code ' 'ZCHRCODE' '10' ' ' ' ',
'Currency ' 'ZCURCODE' '08' ' ' ' ',
'Quantity ' 'ZQTY' '13' ' ' ' ',
'UoM ' 'ZUOM' '04' ' ' ' ',
'Rate ' 'ZRATE' '15' ' ' ' ',
'Amt(Foreign Curr)' 'ZAMOUNT' '16' ' ' ' ',
'Exchange Rate ' 'ZEXRATE' '13' ' ' ' ',
'Amt(Local Curr) ' 'ZAMOUNTL' '16' ' ' ' ',
'Created On ' 'ERDAT' '10' ' ' ' ',
'Created By ' 'ERNAM' '10' ' ' ' ',
'Changed On ' 'AEDAT' '10' ' ' ' ',
'Changed By ' 'AENAM' '10' ' ' ' '.
ENDIF.
ENDFORM.
FORM af USING text
field
len
table
reffield.
v_count = v_count + 1.
w_catalog-col_pos = v_count.
w_catalog-fieldname = field.
w_catalog-ref_tabname = table.
w_catalog-ref_fieldname = reffield.
w_catalog-seltext_s = text.
w_catalog-seltext_m = text.
w_catalog-seltext_l = text.
w_catalog-outputlen = len.
IF field = 'ZTTLAMT' OR field = 'ZAMOUNTL'.
w_catalog-no_zero = 'X'.
w_catalog-cfieldname = 'WAERK'.
w_catalog-datatype = 'CURR'.
ENDIF.
IF FIELD = 'ZRATE' OR FIELD = 'ZAMOUNT'.
IF field = 'ZAMOUNT'.
w_catalog-no_zero = 'X'.
w_catalog-cfieldname = 'ZCURCODE'.
w_catalog-datatype = 'CURR'.
ENDIF.
IF field = 'ZQTY' OR field = 'ZRATE'.
w_catalog-no_zero = 'X'.
w_catalog-datatype = 'DEC'.
ENDIF.
APPEND w_catalog TO t_catalog.
CLEAR w_catalog.
ENDFORM.
FORM sf USING fieldname sortup group.
v_count = v_count + 1.
CLEAR w_sort.
w_sort-fieldname = fieldname.
w_sort-spos = v_count.
w_sort-up = sortup.
w_sort-group = group.
APPEND w_sort TO t_sort.
ENDFORM.
FORM alv_user_command USING in_ucomm LIKE sy-ucomm
in_selfield TYPE slis_selfield.
DATA: lfs_data LIKE t_data.
IF in_ucomm = '&IC1'.
READ TABLE t_data INDEX in_selfield-tabindex INTO lfs_data.
CHECK NOT lfs_data-zdidbl IS INITIAL.
IF lfs_data-type = 'DBL'.
DATA: l_zdbl LIKE zmsd_diheader-zdinum.
l_zdbl = in_selfield-value.
EXPORT l_zdbl TO MEMORY ID 'VBL'.
CALL TRANSACTION 'ZMSD_BL01'.
ENDIF.
IF lfs_data-type = 'DI'.
DATA: v_dinum LIKE zmsd_diheader-zdinum.
v_dinum = in_selfield-value.
EXPORT v_dinum TO MEMORY ID 'VDI'.
CALL TRANSACTION 'ZMSD_DI01'.
ENDIF.
ENDIF.
ENDFORM.
FORM get_gst_value.
LOOP AT t_det WHERE zsammg = v_zsammg
AND ZINVNO = V_ZINVNO. "MADK991565
CHECK t_data-zccode IN s_zccode.
t_det-zamount = t_det-zamount * t_det-zexrate.
SELECT SINGLE y0mmtarget2
INTO v_target2
FROM y0mmipstranslate
WHERE y0mmdatatype = '70' AND
y0mmsource = t_det-zchrcode.
SELECT SINGLE y0mmtarget1
INTO t_det-type
FROM y0mmipstranslate
WHERE y0mmdatatype = '76' AND
y0mmsource = v_target2.
IF t_det-type NE '3Z'.
v_gsttotal = v_gsttotal +
( t_det-zamount * 5 / 100 ).
ENDIF.
ENDLOOP.
Regards,
Raj.Hello,
Following is the procedure to convert alv output to spool and then it to PDF Format.
After we display the ALV, we can check whether it is running in the background using system field u2018sy-batchu2018. Then,we call an function module named u2018GET_JOB_RUNTIME_INFOu2019 to get the current job information. Then go to spool request table tbtcp to get the spool id.
Get current job details
CALL FUNCTION u2018GET_JOB_RUNTIME_INFOu2019
IMPORTING
eventid = gd_eventid
eventparm = gd_eventparm
external_program_active = gd_external_program_active
jobcount = gd_jobcount
jobname = gd_jobname
stepcount = gd_stepcount
EXCEPTIONS
no_runtime_info = 1
OTHERS = 2.
SELECT * FROM tbtcp
INTO TABLE it_tbtcp
WHERE jobname = gd_jobname
AND jobcount = gd_jobcount
AND stepcount = gd_stepcount
AND listident <> u20180000000000u2032
ORDER BY jobname
jobcount
stepcount.
READ TABLE it_tbtcp INTO wa_tbtcp INDEX 1.
Finally, we can call function module u2018CONVERT_ABAPSPOOLJOB_2_PDFu2018 to convert spool reqeust(which is stored in OTF format) to PDF format. Then we can call either function module u2018SO_DOCUMENT_SEND_API1u2032 or SAP BCS (Business Communication Service) to send the pdf as an email attachment.
CALL FUNCTION u2018CONVERT_ABAPSPOOLJOB_2_PDFu2019
EXPORTING
src_spoolid = gd_spool_nr
no_dialog = c_no
dst_device = c_device
IMPORTING
pdf_bytecount = gd_bytecount
TABLES
pdf = it_pdf_output
EXCEPTIONS
err_no_abap_spooljob = 1
err_no_spooljob = 2
err_no_permission = 3
err_conv_not_possible = 4
err_bad_destdevice = 5
user_cancelled = 6
err_spoolerror = 7
err_temseerror = 8
err_btcjob_open_failed = 9
err_btcjob_submit_failed = 10
err_btcjob_close_failed = 11
OTHERS = 12.
Regards,
Sayali
Edited by: Sayali Paradkar on Apr 20, 2010 12:51 PM -
BSP - UserId and Password for Internal Users - Anonymous for other users
Hello,
We developed an application via BSP's. This application can be accessed by two kind of users.
1. External Users, with should access the page without using a userId and password.
2. Internal Users, they will have more authorisation and need to specify their userId and Password.
How can we accomplish this? I tried internal aliases, but can't get it to work properly.
In the first service 'zbsp' I didn't specify a userId and password in sicf.
Then I created an internal alias 'zbsp' referring to this 'zbsp'. In this alias I specified a userId and Password, but the system still asks for a userId and Password. (and after logging in the system gives the following error: The application name in URL .../bc/bsp/sap/zbsp2/uat_report.htm is invalid.)
What did I do wrong? Or are there other ways to accomplish this?
Greetings,
BartTake a look at the following mesaages that discussed the whole SSO and SSO2 ticket logins.
As for a way to handle the two different login types. Well first and formost - active the SSO Tickets on your system. Set your BSP up for that.
Then create a new starting page with an alias to the pöublic section for BSP's in your system. On this page make two links.
For your external users - one that redirects to your BSP passing the user and password in the url for the "read only external user" - that's the sap-user=name here&sap-password=passwordhere.
For your internal people give them simply the link to the BSP which when they click it will see no user name and password and redirect them to the BSP login.
Make sure you setup the BSP login according to SAP note 517860 and follow the instructions from http://help.sap.com/saphelp_nw04/helpdata/en/1d/13c73cee4fb55be10000000a114084/frameset.htm using the supplied SYSTEM_PUBLIC)
It's a bit basic but it works, we do it
Oh and setting up the system for the SSO (transaction sso2) is very very simple!! -
Enabling a User through OIM API
Hi I am trying to enable a user through OIM API, However the end date is already passed for that user, I am setting up a new end date through the Program (showm below). However the update user is not working (i am not sure).
Map usermap = new HashMap();
usermap.put("Users.User ID", User_id );
Map grpmap = new HashMap();
grpmap.put("Groups.Group Name", Group_Name);
tcResultSet ts = userClient.findUsers(usermap); //find all users
String existing_end_date = ts.getStringValue("Users.End Date");
tcResultSet tg = groupClient.findGroups(grpmap); //find requireq group
long ukey = ts.getLongValue("Users.Key");
long gkey = tg.getLongValue("Groups.Key"); //find group key
// ENABLE THE USER
java.util.Date new_end_date = new java.util.Date(111,1,1);
Calendar cal = Calendar.getInstance();
cal.setTime(new_end_date);
DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
String Str1 = dateFormat.format(cal.getTime());
String Str2 = existing_end_date + " 12:00:00";
System.out.println(User_id+" OLD End Date:" + Str2 + " New End Date: " + Str1);
Map usermap2 = new HashMap();
usermap2.put("Users.User ID", User_id );
usermap2.put("Users.End Date", Str1);
userClient.updateUser(ts,usermap2);
userClient.enableUser(ukey);
I am getting the following error:
U0000018 OLD End Date:2009-09-30 12:00:00 New End Date: 2011-02-01 12:00:00
2/12/2010 15:02:53 oracle.j2ee.rmi.RMIMessages EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
Thor.API.Exceptions.tcAPIException: The user cannot be enabled because the end date is passed.
Not sure why it is happening. It looks like the Updateuser is not working, or something else?
Please advise. Thanks in advance.Hi Suren,
thanks for the note.
I found that as soon as I enable the user, I am getting the followimg messages in the opmn logs:
INFO,06 Dec 2010 10:55:41,841,[XELLERATE.JAVACLIENT],System Event Handler: Validating Organization for an User.
INFO,06 Dec 2010 10:55:41,944,[XELLERATE.JAVACLIENT],System Event Handler: Triggering Processes related to User.
INFO,06 Dec 2010 10:55:42,402,[XELLERATE.JAVACLIENT],System Event Handler: Enabling the User
INFO,06 Dec 2010 10:55:42,421,[XELLERATE.JAVACLIENT],System Event Handler: Validating Organization for an User.
INFO,06 Dec 2010 10:55:42,427,[XELLERATE.JAVACLIENT],System Event Handler: Triggering Processes related to User.
INFO,06 Dec 2010 10:55:42,439,[XELLERATE.JAVACLIENT],System Event Handler: Changing application data based on Organization change.
INFO,06 Dec 2010 10:55:42,442,[XELLERATE.JAVACLIENT],System Event Handler: Auto-Group Membership Event.
INFO,06 Dec 2010 10:55:43,715,[XELLERATE.JAVACLIENT],System Event Handler: Evaluating User Policies
So, the access policies are getting evaluated, triggering provisioning processes.
What I am planning to do is, to disable the access policies and try to run the Program.
Because of this issue, my Program is throwing an error (until I looked into the opmn logs, it doesn't make sense).
6/12/2010 10:55:50 oracle.j2ee.rmi.RMIMessages EXCEPTION_ORIGINATES_FROM_THE_REMOTE_SERVER
WARNING: Exception returned by remote server: {0}
Thor.API.Exceptions.tcAPIException: Error occurred enabling Xellerate User instance.
Regards
Vijay Chinnasamy -
Access Policy is not getting trigggered after creation of user through GTC
Hi,
I have an access policy for ALL USER role and that provision users to an RO after getting created in oim. I have a trusted source flat file reconciliation GTC for user creation. I am facing issue when user is getting created through GTC, access policy is not getting triggered. But while creating an user through web console the same access policy is working fine and user is getting provisioned with RO.
If anybody have any idea how to resolve this, please help me in this regards.
Regards,
AvijitHi ,
its good to know that its working. As per my experience it works for once (through reconciliation) but then stops working. Now to confirm try to revoke the user by changing the group member-ship through reconciliation and see if the resource is revoked or not (repeat it for 2 -3 times). Note that don't do it form within IDM web admin console, do it through reconciliation.
do post your results.......
Regards. -
ISE internal user authentication failure - user not found
Hi Forumers'
I trying to do wireless 802.1x, where identity store using intenral user.
But i found this error message when i trying to connect
Authentication failed :
22056 Subject not found in the applicable identity store(s)
My authrorization rules is built like this
identity groups = user identities group / " mygroup"
condition = no setting
permissions = standard / PermitAccess
Question 1
Any troubleshooting step to do on this?
Question 2
For the Authorization rules, what's the condition should set for using Internal User as Identity store?
Thanks
NoelThe error is caused to an authentication failure and is not an issue with authorization
You need to look at your authentications policy (Policy->Authentications) and see which identity store was authenticated against
In addition can do the Live Authentications page (Monitor->Authentications) and for the failing record click on the icon under details. This will give you the full details of the requets processing and you can see which rule was matched in the identity policy (Identity Policy Matched Rule) and "Selected Identity Stores".
Maybe you are looking for
-
Dbw0: terminating instance due to error 472
Running RH linux 6.2, and EE 8.1.6.1. Am using MTS and have applied oracle's patch on the ora601 bug. HOwever I have come across a terminated instance with error 472 on two occasions. Both times I was running a soak test for first 15+ hrs and then 20
-
Can I connect TC to DV4210-WA modem?
Can I connect my TC to a DV4210-WA Inventel modem? I get no access to the internet when I follow the basic instructions.
-
How can I forward ports in Cisco C897VA-K9 model
Hi there, Does any body know how I can use port forwarding in Cisco 897 model I want to have a 115.1.1.1:60095 to 172.16.1.1:80 for example . many thanks
-
"HTTP error: 501 Not Implemented" error while uploading emp photo
Hi, While uploading employee photo getting error "HTTP error: 501 Not Implemented" this error i am getting while linking employee photo to SAP. pls suggest me how to solve. thanx in advance
-
[svn:fx-3.x] 5687: Flex Framework Bug Fix
Revision: 5687 Author: [email protected] Date: 2009-03-27 16:27:38 -0700 (Fri, 27 Mar 2009) Log Message: Flex Framework Bug Fix SDK-14684 Un-hardcode the 10 digit limit in PhoneNumberValidator Added a minDigits property to PhoneNumberValidator. Added