SAP IDM Connector list

Similar Messages

• SAP IDM Integration with LDAP VS Rest.

  Hi,
  I'm looking for an best approach through I can integrate my custom application with SAP IDM 7.2. I have read couple of article and found IDM is based on VDS and allow LDAP as well as Restful web services.
  Would like to know the best approach.
  Here what I want to achieve:
  1. Dynamic Schema detection for User, Role and Employee
  2. Get all User List and there corresponding Role.
  3. Password Reset/Set/Change
  Thanks
  Shital

  Hi Nits,
  This guide presents the official SAP Connectors for IdM. SAP and 3rd-party.
  It seems that are no official connector for ADOBE CQ and HYBRIS.
  But you can build you own connector. (JDBC, WebServices, LDAP)
  Using the same concept as the SAP Standard connectors, Folders (Aplication Actions, Plugins) HOOK Tasks.
  It will depended in what integration layer this solutions offer.

• Runtime error while using SAP Enterprise Connector in a J2EE Web Servlet

  Hello,
  I'm facing problems while trying to do a RFC call out of a Servlet.
  I'm using Development Components (DCs) and my project setup is as follows:
  Firstly I've created a DC of type J2EE/Web Module. This DC implements an absolutly simple servlet which has to do the RFC-Call.
  The relevant code is:
  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
     JCO.Client jcoclient = JCO.createClient("010", "DV*****", "***", "DE", "ovd***", "01");
     jcoclient.connect();
     Bapi_Flight_Getlist_Input input = new Bapi_Flight_Getlist_Input();
     input.setAirline("LH");
     SAPProxies_PortType myproxy = new SAPProxies_PortType();
     myproxy.messageSpecifier.setJcoClient(jcoclient);
     try {
        Bapi_Flight_Getlist_Output output = myproxy.bapi_Flight_Getlist(input);
        BapisfldatType_List list = output.get_as_listFlight_List();
        int listsize = list.size();
        for (int i = 0; i < listsize; i++) {
           BapisfldatType elem = list.getBapisfldatType(i);
           response.getWriter().print("Date: " + elem.getArrdate() + '\t' + "Arrive: " + elem.getArrtime());
     } catch (Exception e) {
        response.getWriter().print(e.toString());
     jcoclient.disconnect();
  The proxy for the RFC Module "BAPI_FLIGHT_GETLIST" - in this case the classes around "SAPProxies_PortType" were generated by NWDS ("SAP Enterprise Connector" Wizard).
  I had to manually add following DCs as "Used DCs" to get my DC built:
  com.sap.aii.proxy.framework (default)
  com.sap.aii.util.misc (default)
  com.sap.mw.jco (default)
  So far, so good...
  As a J2EE/Web module DC can't be deployed I've created a second DC of type J2EE/Enterprise Application and referenced the first DC. This DC is also built fine and can be deployed.
  But... When I call my servlet I get following Error Message on the web browser:
  The request cannot be processed.
    Details:      
    com.sap.engine.services.servlets_jsp.server.exceptions.ServletNotFoundException: Cannot load the requested servlet [LocalDevelopmentservletxxx.com/servlet/TestServlet].
  Exception id: [000C295D60FB006F0000003600000EA8000461A05860B4BA]
  I also had a look in the trace files:
  Vollstu00E4ndiger Nachrichtentext
  application [LocalDevelopmentservletxxx.com] Processing HTTP request to servlet [TestServlet] finished with error. The error is: com.sap.engine.services.servlets_jsp.server.exceptions.ServletNotFoundException: Cannot load the requested servlet [LocalDevelopmentservletxxx.com/servlet/TestServlet].
  at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.getServlet(WebComponents.java:330)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:354)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Caused by: java.lang.NoClassDefFoundError: com/sap/aii/proxy/framework/core/AbstractType
  Loader Info -
  ClassLoader name: [xxx.com/testear]
  Parent loader name: [Frame ClassLoader]
  References:
     common:service:http;service:servlet_jsp
     service:ejb
     common:service:iiop;service:naming;service:p4;service:ts
     service:jmsconnector
     library:jsse
     library:servlet
     common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
     library:ejb20
     library:j2eeca
     library:jms
     library:opensql
     common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore
     interface:resourcecontext_api
     interface:webservices
     interface:cross
     interface:ejbserialization
  Resources:
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\apps\ibm.com\testear\servlet_jsp\LocalDevelopmentservletxxx.com\work
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\apps\ibm.com\testear\servlet_jsp\LocalDevelopmentservletxxx.com\root\WEB-INF\classes
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\apps\ibm.com\testear\src.zip
  Loading model: {parent,references,local}
  The error occurred while trying to load "com.xxx.test.sap.connector.Bapi_Flight_Getlist_Output".
  at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:401)
  at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
  at java.lang.Class.getDeclaredConstructors0(Native Method)
  at java.lang.Class.privateGetDeclaredConstructors(Class.java:1618)
  at java.lang.Class.getConstructor0(Class.java:1930)
  at java.lang.Class.newInstance0(Class.java:278)
  at java.lang.Class.newInstance(Class.java:261)
  at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.getServlet(WebComponents.java:319)
  ... 14 more
  I think it has something to do with the used DCs... but I don't know why the classes are not found after deployment. I also tried
  to package the relevant jar-files from the used DCs into the EAR-File - but the I faced problems with the JCo
  Thank you for any help.
  Osman

  Hi,
  One thing that can be helpful is to add the references of the JAR files that you are adding as Used DC in the EAR.
  This can be done by adding Library type References in the application-j2ee-engine.xml Deployment descriptor in the EAR project.
  Following link will be helpful: http://help.sap.com/saphelp_nw70/helpdata/EN/83/82814282cfc153e10000000a1550b0/content.htm
  Regards,
  Alka.

• SAP IDM - SPML integation

  Hi,
  I was trying to integrate SAP IDM with SPML using VDS.
  While configuring VDS for SPML request I am getting an error as follows.
  "Exception: Could not load external 'attrClass' or one of its referenced classes"
  I am getting this error while starting the identity service in VDS.
  The configuration guide does not talk about adding any other jar/class files.
  Any help in this regard is highly appreciated.
  Thanks in advance.
  Regards
  Sunil

  I know that this thread is old, but when deploying the IdM Identity Service, in conjunction with GRC 10 WebServices (for the CallBack Service functionality), you can't just disable the attribute and continue; you must fix it or else you will not be able to deploy the .ear file needed to further deploy to java (i'll go into detail on this in another post).
  The way, I got past this error was to go Tools - > Options (in VDS) and update the java settings to use the java version I have installed (or as close as I could), I set VDS to use a specified complier (the same compiler for my version of Java - in the same BIN folder) then ensured the classpath was updated with all the classpath's listed in the error (I added them to the Windows CLASSPATH environment variable also):
  The service Compiled and started without issue and I was able to deploy the .ear file out of VDS for Java.
  -ALJ

• SAP IDM 7.0 connecting to SAP GRC 10.1

  Hi Gurus,
  I was looking into connecting SAP IDM 7.0 with SAP GRC AC 10.1 and I cannot find a suitable connector for this.
  Could any of you provide some guidance on how to make this connections.
  Thanks and Regards,
  Juan

  If i remember correctly the 7.0 version had only mx_provision, mx_deprovision and mx_modify -tasks so the integration would have be built on these tasks. As there is no validate add task to hang the GRC call GRC would have to do provisioning.
  7.0 datamodel is different than 7.2, I haven't studied in detail but would guess there is enough difference also in the tables that store tasks/jobs etc that the 7.2 GRC provisioning framework would not   even import to 7.0. You would need to set-up a 7.2 on the side to study the framework to see how to duplicate the tasks..
  VDS in the middle is another thing as it would need to be able to communicate with your custom connector in 7.0.
  If you must stick with 7.0 maybe the GRC connector of 7.1 is worth a try.. But you would probably need also older VDS.
  Depending on the level of your existing customisations and what data from 7.0 is worth keeping the upgrade to 7.2 is not necessarily big thing compared to the effort of building the interim custom interface.. The real question is how big and complex is your 7.0 implementation?
  regards, Tero

• SAP IDM  7.0 integration with third party system

  Hi Experts,
  I know SAP IDM  7.0 can integrate with third party systems and create user ids on most of the third party systems.
  But I need to know regarding If it is possible to integrate with following systems
  1) Microsoft Exchange 2007 (  I know till exchange 2003 SAP  IDM support )
  2)  Microsoft  Active directory 2008 ( I know till Actice directory 2003)
  3) EMC  Documentum 6.5
  4)  ARIS 7.1.0
  5)  BlackBoard, Release 9.0
  6) Oracle 10g  ( Is it possible to create users at oracle level ? or at what level ? )
  7)  Sun Solaris Sparc  ( Is it possible to create users at  OS level )
  If you have information how on this please share. I know that  provisioning framework will have templates for most of the target systems. I want to know if they are available for above systems on SAP IDM 7.0 or if not have we can connect to them?

  Hi Matthew
  Your expertise in SAP IDM is indeed a great help!!
  >Can't see why not, it's all done via SQL commands. I've done similar things with MSSQL
  You mean that there will be oracle 10g drivers/oledb connectors in SAP IDM and in through SQL commands like "create user alfredo identified by alfredos_secret; " we can create user  in oracle database ?. As you said this should be possible.  What about creating user( user management ) in oracle 10g application  like dba or scot  and assigning the privileges in oracle application?
  >might need to do via UNIX scripts, but it can be done
  You mean that Unix scripts will be defined in SAP IDM and SAP IDM will execute these scripts in the Sun Solaris Sparc ?. It should be possible as you said. By the way how we will be able connect to Sun Solaris sparc ?  Is it via  the option "file " under the "Repositories" with repositories wizard  and later executing the file from SAP IDM ?
  Thank you once again for your expert answers on third party systems.

• BI SDK - BI SAP Query Connector

  Hi together,
  when I use the BI SAP Query Connector, I have a problem
  in getting any further as establishing the connection.
  When I list all tables (IBIRelational::getTable()) I get some "strange" names. I do not understand where these objects come from, since I cannot find them in the DDIC. I have expected either tables, or SAP Queries in that list.
  Is there an example about the BI SAP Query connector? The examples of the BI SDK only explain MDX/JDBC in detail, these are working fine.
  Maybe somebody has worked with the SAP Query Connector and can help me.
  Thanks a lot
  KB

  Thanks for the hint, though I do not completely get what you mean. I guess I have missed something here, since I do not have an example for this (MDX / JDBC I found with the SDK).
  Below is how I open the connection, which is working (I get the tables). But I have no idea how I can can select something on this (as said, missing an example).
  From what I have read I should be able to invoke a SAP Query and retrieve results. Any hint is appreciated.
  KB
  mcf = (ManagedConnectionFactory) Class.forName(com.sap.ip.bi.sdk.dac.connector.sapq.SapqManagedConnectionFactory.class.getName()).newInstance();
  cf = (IConnectionFactory) mcf.createConnectionFactory();
  cs = Utilities.getConnectionSpec(connProp, cf);
  connection = (IBIConnection) cf.getConnectionEx(cs);
  IBIRelational rel = connection.getRelational();
  List foundTables =
  rel.getObjectFinder().findTable((String) null, (String) null, "%");

• SAP IDM 7.1 Role assignment issue

  Hello IDM Experts,
  I am facing one critical issue here. We have connected SAP GRC with SAP IDM for risk analysis and CUP approvals and then once the approvers have approved the requests, IDM assigns these approved roles to users in backend SAP Systems.
  We are now facing issue here past 1-month. Before we never faced this issue.
  The issue is when the Roles are approved from GRC-CUP AC 5.3, post the approvals, the IDM is pulling the data and some of the roles are not getting assigned in SAP Backend systems. In the 1st and 2nd attempt it is not getting assigned however sometimes in the 3rd attempt it is getting assigned. This kind of weird behavior we have come across first time.  Has anyone come across such issues before?
  What could be the possible reason for the roles not getting assigned in SAP Backend system from IDM?
  We checked everything right from dispatchers, connectors, workflow, SQL Logs, Job logs but we are unable to figure out the reason for this issue.
  Do we need to restart the dispatcher or is there any issue with cache memory? 
  Can anyone help here to resolve this High Priority issue?
  Thanks in advance!

  IDM Experts,
  Can I get response on this topic from the experts?
  Will restarting the dispatchers help in this situation? Is this related to housekeeping issue of dispatcher.
  Why are some roles from IDM are not getting assigned in SAP Backend system? Also it is getting rejected 1st and 2nd time and during 3rd time it is getting approved. Please advise
  Regards
  Malini Rao

• SAP IDM 7.1 SP4 and Windows 2008r2 domain controller

  Hello,
  in the PAM and in the SAP NetWeaver Identity Management  IDM Connector Overview  i can't find any information about its possible and supported  to provisioning user and groups to an 2008r2 domain controller?!
  is it supported?
  best regards
  thomas berger

  AllowSSBToAnyVolume isn't a key but a value under the key SystemStateBackup. So make sure you have the following:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup
  Name: AllowSSBToAnyVolume
  Data type: DWORD
  Value data: 1
  Is that the case?
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• SAP IDM and SAP Ariba Integration

  is there any connector available for the integration from sap ariba? or has anyone any experience with the sap ariba integration?!
  we want create,change and archive the ariba user with sap idm 7.2.

  hi fedya,
  the case is very simple - we must create / change and deactivte Enterprise users on the ariba Portal!
  I attached the ariba screenshot:
  bg thomas

• SAP IDM vs SAP GRC

  Hi All,
  One basic question is coming again and again due to overlapping features of SAP IDM and SAP GRC. Why SAP IDM is required when all most all use cases can be fulfilled by SAP GRC? Is there any document available which can tell me why customer can choose IDM when he already has GRC?
  1. SAP IDM and GRC both can accomplish access request and provisioning.
  2. SAP IDM and GRC both has capability of risk management.
  Then why SAP IDM is required?
  Thanks,
  Dhiman Paul.

  Hi Dhiman,
  SAP IDM is more flexible and is Java based (providing excellent customizations).  GRC 10 is ABAP based and originally designed for Access Control.  As mentioned by Chris, IDM connectors are flexible than GRC & provisioning workflow is highly variable.
  I'd say if there are quite a few number of Legacy systems to be connected for IDM solution, SAP IDM would be an ideal choice than SAP GRC, as it can be implemented with less cost and customization.
  My simple opinion.  There may be other points as well.
  BR,
  Ganesh

• SAP IDM with MS Active Directory (OU names in Arabic)

  Dear Gurus,
  With SAP IDM , we need to integrate with MS Active directory such a way that SAP IDM only fetches users who have “SAP” in one of the AD field. That means do not read entire AD but only fetches users in SAP who have “SAP” tagged in one of the AD field.
  Is it possible ? We tried that in SAP LDAP connector but its not possible in LDAP connector in SAP as LDAP connector is reading through all the users in our CUA system.
  Question is it possible through SAP IDM that we use some thing (maybe  BAPI) to restrict users and do not read all users but only users having “SAP” in one of the AD field.
  Also note that our AD has some OU's name in Arabic.
  Regards,

  If you want to filter this in the ADS Initial Load job then you can modify the repository LDAP Filter:
  (&(objectclass=person)(orgUnit=SAP))
  Replace orgUnit=SAP with your your attribute and tag.
  Br,
  Chris

• SAP Groupware Connector for Novell GroupWise

  Hi all,
  I have a task that "investigate SAP CRM and Novell GroupWise integration". I wanna ask you that:
  Can SAP CRM synchronizes with groupwise?
  do we have a SAP Groupware Connector for Novell GroupWise?
  Regards,
  Chuong Hoang

  Hi,
  sorry for my slowly respond.
  according to information shared from help.sap.com. I know that:
  "SAP provides two SAP Groupware Connectors, one for MS Exchange Server and the other for Lotus Domino Server."
  "The SAP Groupware connector consists of:
        _ SAP Groupware connector.
        _ SAP Groupware connector proxy."
  in case that I need a connection between SAP CRM and Novell GroupWise, what will I can do???
       1. Do I need to develop my own SAP Groupware connector, which consists of 2 listed things above?
       2. Is it possible to do that?
  Please help me answer these questions.
  Regards,
  Chuong Hoang

• SAP LDAP Connector / UME LDAP and Global Site Selector (GSS)

  Hi,
  I'm wondering if SAP LDAP Connector / UME LDAP will work with Global Site Selector service, such as  CISCO GSS 4400 Series, so that GSS can provide load-balancing for LDAP access.
  If it works, is there a specific configuration on the SAP side?
  Thanks in advance.
  -denny-

  Hey Denny,
    Wondering if you ever sorted this out. I'm trying the same thing right now and UME is failing (and portal won't start) when I use the FQDN of the GSS. Behavior is strikingly similar to using the FQDN of the Active Directory domain. The only way I found to use AD as an LDAP source is to list individual DCs in the UME config. I'm hoping to use GSS instead.
  -Kevin

• OIM - SAP CUA Connector - Unlocking Accounts

  Hello All
  We are implementing the Oracle Identity Manager connector for SAP CUA, and have the following concern:
  If a user is locked manually by the SAP Security Administrator in a target SAP System (Prod for example), what is to prevent the End User from logging into OIM Self Service and unlocking themselves?
  The OIM Connector Doc seems to state that the target system is unlocked regardless of locked state (meaning it sends an unlock request regardless of whether the user is locked or not).
  How does this take Maintenance/Downtimes into consideration (where no business/end users should be in the system)?  What about fraudulent or suspicious accounts (where the Security team has frozen/locked someone's account to prevent further activity)?
  My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account.  The only unlocks which should take place are for Incorrect Passwords?
  Just wondering if anyone has experience with OIM connecting to SAP CUA

  >
  Nigel Wyman wrote:
  > My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account.  The only unlocks which should take place are for Incorrect Passwords?
  >
  > Just wondering if anyone has experience with OIM connecting to SAP CUA
  Not worked with OIM, but worked with SAP IDM/GRC:
  But I was asking why you would use CUA once you will have OIM working ?
  1.you should have only  a single point of user administration, why dont you lock the user  from OIM instead of logging into CUA.
  2.In our  present project , DEV and QA we are using ACCESS enforcer for all user administration purposes with approval workflows, it works very well. security should not login to the systems without approval.