SAP IDM Connector list
Hi there!
So I was looking at the most recent version of the SAP IDM Connector List, and I don't see BI or BOBJ. Can anyone provide best practices information on connecting / working with these systems? We are considering leveraging AD for Authentication and Authorization.
Please advise.
Thanks,
Matt
AFAIK there is no direct provisioning from IdM 7.2 to BO. In my current project the BO access rights are delivered via AD groups. BI is just an ABAP system.
It was possible to map the BO access rights agains BI-privileges. But AD was chosen as that enabled SSO-login to BO.
Your BO/BI/authorization-folks should know how the mapping of access rights works.
regards, Tero
Similar Messages
-
SAP IDM Integration with LDAP VS Rest.
Hi,
I'm looking for an best approach through I can integrate my custom application with SAP IDM 7.2. I have read couple of article and found IDM is based on VDS and allow LDAP as well as Restful web services.
Would like to know the best approach.
Here what I want to achieve:
1. Dynamic Schema detection for User, Role and Employee
2. Get all User List and there corresponding Role.
3. Password Reset/Set/Change
Thanks
ShitalHi Nits,
This guide presents the official SAP Connectors for IdM. SAP and 3rd-party.
It seems that are no official connector for ADOBE CQ and HYBRIS.
But you can build you own connector. (JDBC, WebServices, LDAP)
Using the same concept as the SAP Standard connectors, Folders (Aplication Actions, Plugins) HOOK Tasks.
It will depended in what integration layer this solutions offer. -
Runtime error while using SAP Enterprise Connector in a J2EE Web Servlet
Hello,
I'm facing problems while trying to do a RFC call out of a Servlet.
I'm using Development Components (DCs) and my project setup is as follows:
Firstly I've created a DC of type J2EE/Web Module. This DC implements an absolutly simple servlet which has to do the RFC-Call.
The relevant code is:
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
JCO.Client jcoclient = JCO.createClient("010", "DV*****", "***", "DE", "ovd***", "01");
jcoclient.connect();
Bapi_Flight_Getlist_Input input = new Bapi_Flight_Getlist_Input();
input.setAirline("LH");
SAPProxies_PortType myproxy = new SAPProxies_PortType();
myproxy.messageSpecifier.setJcoClient(jcoclient);
try {
Bapi_Flight_Getlist_Output output = myproxy.bapi_Flight_Getlist(input);
BapisfldatType_List list = output.get_as_listFlight_List();
int listsize = list.size();
for (int i = 0; i < listsize; i++) {
BapisfldatType elem = list.getBapisfldatType(i);
response.getWriter().print("Date: " + elem.getArrdate() + '\t' + "Arrive: " + elem.getArrtime());
} catch (Exception e) {
response.getWriter().print(e.toString());
jcoclient.disconnect();
The proxy for the RFC Module "BAPI_FLIGHT_GETLIST" - in this case the classes around "SAPProxies_PortType" were generated by NWDS ("SAP Enterprise Connector" Wizard).
I had to manually add following DCs as "Used DCs" to get my DC built:
com.sap.aii.proxy.framework (default)
com.sap.aii.util.misc (default)
com.sap.mw.jco (default)
So far, so good...
As a J2EE/Web module DC can't be deployed I've created a second DC of type J2EE/Enterprise Application and referenced the first DC. This DC is also built fine and can be deployed.
But... When I call my servlet I get following Error Message on the web browser:
The request cannot be processed.
Details:
com.sap.engine.services.servlets_jsp.server.exceptions.ServletNotFoundException: Cannot load the requested servlet [LocalDevelopmentservletxxx.com/servlet/TestServlet].
Exception id: [000C295D60FB006F0000003600000EA8000461A05860B4BA]
I also had a look in the trace files:
Vollstu00E4ndiger Nachrichtentext
application [LocalDevelopmentservletxxx.com] Processing HTTP request to servlet [TestServlet] finished with error. The error is: com.sap.engine.services.servlets_jsp.server.exceptions.ServletNotFoundException: Cannot load the requested servlet [LocalDevelopmentservletxxx.com/servlet/TestServlet].
at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.getServlet(WebComponents.java:330)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:354)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: java.lang.NoClassDefFoundError: com/sap/aii/proxy/framework/core/AbstractType
Loader Info -
ClassLoader name: [xxx.com/testear]
Parent loader name: [Frame ClassLoader]
References:
common:service:http;service:servlet_jsp
service:ejb
common:service:iiop;service:naming;service:p4;service:ts
service:jmsconnector
library:jsse
library:servlet
common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
library:ejb20
library:j2eeca
library:jms
library:opensql
common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore
interface:resourcecontext_api
interface:webservices
interface:cross
interface:ejbserialization
Resources:
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\apps\ibm.com\testear\servlet_jsp\LocalDevelopmentservletxxx.com\work
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\apps\ibm.com\testear\servlet_jsp\LocalDevelopmentservletxxx.com\root\WEB-INF\classes
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\apps\ibm.com\testear\src.zip
Loading model: {parent,references,local}
The error occurred while trying to load "com.xxx.test.sap.connector.Bapi_Flight_Getlist_Output".
at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:401)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:1618)
at java.lang.Class.getConstructor0(Class.java:1930)
at java.lang.Class.newInstance0(Class.java:278)
at java.lang.Class.newInstance(Class.java:261)
at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.getServlet(WebComponents.java:319)
... 14 more
I think it has something to do with the used DCs... but I don't know why the classes are not found after deployment. I also tried
to package the relevant jar-files from the used DCs into the EAR-File - but the I faced problems with the JCo
Thank you for any help.
OsmanHi,
One thing that can be helpful is to add the references of the JAR files that you are adding as Used DC in the EAR.
This can be done by adding Library type References in the application-j2ee-engine.xml Deployment descriptor in the EAR project.
Following link will be helpful: http://help.sap.com/saphelp_nw70/helpdata/EN/83/82814282cfc153e10000000a1550b0/content.htm
Regards,
Alka. -
Hi,
I was trying to integrate SAP IDM with SPML using VDS.
While configuring VDS for SPML request I am getting an error as follows.
"Exception: Could not load external 'attrClass' or one of its referenced classes"
I am getting this error while starting the identity service in VDS.
The configuration guide does not talk about adding any other jar/class files.
Any help in this regard is highly appreciated.
Thanks in advance.
Regards
SunilI know that this thread is old, but when deploying the IdM Identity Service, in conjunction with GRC 10 WebServices (for the CallBack Service functionality), you can't just disable the attribute and continue; you must fix it or else you will not be able to deploy the .ear file needed to further deploy to java (i'll go into detail on this in another post).
The way, I got past this error was to go Tools - > Options (in VDS) and update the java settings to use the java version I have installed (or as close as I could), I set VDS to use a specified complier (the same compiler for my version of Java - in the same BIN folder) then ensured the classpath was updated with all the classpath's listed in the error (I added them to the Windows CLASSPATH environment variable also):
The service Compiled and started without issue and I was able to deploy the .ear file out of VDS for Java.
-ALJ -
SAP IDM 7.0 connecting to SAP GRC 10.1
Hi Gurus,
I was looking into connecting SAP IDM 7.0 with SAP GRC AC 10.1 and I cannot find a suitable connector for this.
Could any of you provide some guidance on how to make this connections.
Thanks and Regards,
JuanIf i remember correctly the 7.0 version had only mx_provision, mx_deprovision and mx_modify -tasks so the integration would have be built on these tasks. As there is no validate add task to hang the GRC call GRC would have to do provisioning.
7.0 datamodel is different than 7.2, I haven't studied in detail but would guess there is enough difference also in the tables that store tasks/jobs etc that the 7.2 GRC provisioning framework would not even import to 7.0. You would need to set-up a 7.2 on the side to study the framework to see how to duplicate the tasks..
VDS in the middle is another thing as it would need to be able to communicate with your custom connector in 7.0.
If you must stick with 7.0 maybe the GRC connector of 7.1 is worth a try.. But you would probably need also older VDS.
Depending on the level of your existing customisations and what data from 7.0 is worth keeping the upgrade to 7.2 is not necessarily big thing compared to the effort of building the interim custom interface.. The real question is how big and complex is your 7.0 implementation?
regards, Tero -
SAP IDM 7.0 integration with third party system
Hi Experts,
I know SAP IDM 7.0 can integrate with third party systems and create user ids on most of the third party systems.
But I need to know regarding If it is possible to integrate with following systems
1) Microsoft Exchange 2007 ( I know till exchange 2003 SAP IDM support )
2) Microsoft Active directory 2008 ( I know till Actice directory 2003)
3) EMC Documentum 6.5
4) ARIS 7.1.0
5) BlackBoard, Release 9.0
6) Oracle 10g ( Is it possible to create users at oracle level ? or at what level ? )
7) Sun Solaris Sparc ( Is it possible to create users at OS level )
If you have information how on this please share. I know that provisioning framework will have templates for most of the target systems. I want to know if they are available for above systems on SAP IDM 7.0 or if not have we can connect to them?Hi Matthew
Your expertise in SAP IDM is indeed a great help!!
>Can't see why not, it's all done via SQL commands. I've done similar things with MSSQL
You mean that there will be oracle 10g drivers/oledb connectors in SAP IDM and in through SQL commands like "create user alfredo identified by alfredos_secret; " we can create user in oracle database ?. As you said this should be possible. What about creating user( user management ) in oracle 10g application like dba or scot and assigning the privileges in oracle application?
>might need to do via UNIX scripts, but it can be done
You mean that Unix scripts will be defined in SAP IDM and SAP IDM will execute these scripts in the Sun Solaris Sparc ?. It should be possible as you said. By the way how we will be able connect to Sun Solaris sparc ? Is it via the option "file " under the "Repositories" with repositories wizard and later executing the file from SAP IDM ?
Thank you once again for your expert answers on third party systems. -
BI SDK - BI SAP Query Connector
Hi together,
when I use the BI SAP Query Connector, I have a problem
in getting any further as establishing the connection.
When I list all tables (IBIRelational::getTable()) I get some "strange" names. I do not understand where these objects come from, since I cannot find them in the DDIC. I have expected either tables, or SAP Queries in that list.
Is there an example about the BI SAP Query connector? The examples of the BI SDK only explain MDX/JDBC in detail, these are working fine.
Maybe somebody has worked with the SAP Query Connector and can help me.
Thanks a lot
KBThanks for the hint, though I do not completely get what you mean. I guess I have missed something here, since I do not have an example for this (MDX / JDBC I found with the SDK).
Below is how I open the connection, which is working (I get the tables). But I have no idea how I can can select something on this (as said, missing an example).
From what I have read I should be able to invoke a SAP Query and retrieve results. Any hint is appreciated.
KB
mcf = (ManagedConnectionFactory) Class.forName(com.sap.ip.bi.sdk.dac.connector.sapq.SapqManagedConnectionFactory.class.getName()).newInstance();
cf = (IConnectionFactory) mcf.createConnectionFactory();
cs = Utilities.getConnectionSpec(connProp, cf);
connection = (IBIConnection) cf.getConnectionEx(cs);
IBIRelational rel = connection.getRelational();
List foundTables =
rel.getObjectFinder().findTable((String) null, (String) null, "%"); -
SAP IDM 7.1 Role assignment issue
Hello IDM Experts,
I am facing one critical issue here. We have connected SAP GRC with SAP IDM for risk analysis and CUP approvals and then once the approvers have approved the requests, IDM assigns these approved roles to users in backend SAP Systems.
We are now facing issue here past 1-month. Before we never faced this issue.
The issue is when the Roles are approved from GRC-CUP AC 5.3, post the approvals, the IDM is pulling the data and some of the roles are not getting assigned in SAP Backend systems. In the 1st and 2nd attempt it is not getting assigned however sometimes in the 3rd attempt it is getting assigned. This kind of weird behavior we have come across first time. Has anyone come across such issues before?
What could be the possible reason for the roles not getting assigned in SAP Backend system from IDM?
We checked everything right from dispatchers, connectors, workflow, SQL Logs, Job logs but we are unable to figure out the reason for this issue.
Do we need to restart the dispatcher or is there any issue with cache memory?
Can anyone help here to resolve this High Priority issue?
Thanks in advance!IDM Experts,
Can I get response on this topic from the experts?
Will restarting the dispatchers help in this situation? Is this related to housekeeping issue of dispatcher.
Why are some roles from IDM are not getting assigned in SAP Backend system? Also it is getting rejected 1st and 2nd time and during 3rd time it is getting approved. Please advise
Regards
Malini Rao -
SAP IDM 7.1 SP4 and Windows 2008r2 domain controller
Hello,
in the PAM and in the SAP NetWeaver Identity Management IDM Connector Overview i can't find any information about its possible and supported to provisioning user and groups to an 2008r2 domain controller?!
is it supported?
best regards
thomas bergerAllowSSBToAnyVolume isn't a key but a value under the key SystemStateBackup. So make sure you have the following:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup
Name: AllowSSBToAnyVolume
Data type: DWORD
Value data: 1
Is that the case?
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
SAP IDM and SAP Ariba Integration
is there any connector available for the integration from sap ariba? or has anyone any experience with the sap ariba integration?!
we want create,change and archive the ariba user with sap idm 7.2.hi fedya,
the case is very simple - we must create / change and deactivte Enterprise users on the ariba Portal!
I attached the ariba screenshot:
bg thomas -
Hi All,
One basic question is coming again and again due to overlapping features of SAP IDM and SAP GRC. Why SAP IDM is required when all most all use cases can be fulfilled by SAP GRC? Is there any document available which can tell me why customer can choose IDM when he already has GRC?
1. SAP IDM and GRC both can accomplish access request and provisioning.
2. SAP IDM and GRC both has capability of risk management.
Then why SAP IDM is required?
Thanks,
Dhiman Paul.Hi Dhiman,
SAP IDM is more flexible and is Java based (providing excellent customizations). GRC 10 is ABAP based and originally designed for Access Control. As mentioned by Chris, IDM connectors are flexible than GRC & provisioning workflow is highly variable.
I'd say if there are quite a few number of Legacy systems to be connected for IDM solution, SAP IDM would be an ideal choice than SAP GRC, as it can be implemented with less cost and customization.
My simple opinion. There may be other points as well.
BR,
Ganesh -
SAP IDM with MS Active Directory (OU names in Arabic)
Dear Gurus,
With SAP IDM , we need to integrate with MS Active directory such a way that SAP IDM only fetches users who have “SAP” in one of the AD field. That means do not read entire AD but only fetches users in SAP who have “SAP” tagged in one of the AD field.
Is it possible ? We tried that in SAP LDAP connector but its not possible in LDAP connector in SAP as LDAP connector is reading through all the users in our CUA system.
Question is it possible through SAP IDM that we use some thing (maybe BAPI) to restrict users and do not read all users but only users having “SAP” in one of the AD field.
Also note that our AD has some OU's name in Arabic.
Regards,If you want to filter this in the ADS Initial Load job then you can modify the repository LDAP Filter:
(&(objectclass=person)(orgUnit=SAP))
Replace orgUnit=SAP with your your attribute and tag.
Br,
Chris -
SAP Groupware Connector for Novell GroupWise
Hi all,
I have a task that "investigate SAP CRM and Novell GroupWise integration". I wanna ask you that:
Can SAP CRM synchronizes with groupwise?
do we have a SAP Groupware Connector for Novell GroupWise?
Regards,
Chuong HoangHi,
sorry for my slowly respond.
according to information shared from help.sap.com. I know that:
"SAP provides two SAP Groupware Connectors, one for MS Exchange Server and the other for Lotus Domino Server."
"The SAP Groupware connector consists of:
_ SAP Groupware connector.
_ SAP Groupware connector proxy."
in case that I need a connection between SAP CRM and Novell GroupWise, what will I can do???
1. Do I need to develop my own SAP Groupware connector, which consists of 2 listed things above?
2. Is it possible to do that?
Please help me answer these questions.
Regards,
Chuong Hoang -
SAP LDAP Connector / UME LDAP and Global Site Selector (GSS)
Hi,
I'm wondering if SAP LDAP Connector / UME LDAP will work with Global Site Selector service, such as CISCO GSS 4400 Series, so that GSS can provide load-balancing for LDAP access.
If it works, is there a specific configuration on the SAP side?
Thanks in advance.
-denny-Hey Denny,
Wondering if you ever sorted this out. I'm trying the same thing right now and UME is failing (and portal won't start) when I use the FQDN of the GSS. Behavior is strikingly similar to using the FQDN of the Active Directory domain. The only way I found to use AD as an LDAP source is to list individual DCs in the UME config. I'm hoping to use GSS instead.
-Kevin -
OIM - SAP CUA Connector - Unlocking Accounts
Hello All
We are implementing the Oracle Identity Manager connector for SAP CUA, and have the following concern:
If a user is locked manually by the SAP Security Administrator in a target SAP System (Prod for example), what is to prevent the End User from logging into OIM Self Service and unlocking themselves?
The OIM Connector Doc seems to state that the target system is unlocked regardless of locked state (meaning it sends an unlock request regardless of whether the user is locked or not).
How does this take Maintenance/Downtimes into consideration (where no business/end users should be in the system)? What about fraudulent or suspicious accounts (where the Security team has frozen/locked someone's account to prevent further activity)?
My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account. The only unlocks which should take place are for Incorrect Passwords?
Just wondering if anyone has experience with OIM connecting to SAP CUA>
Nigel Wyman wrote:
> My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account. The only unlocks which should take place are for Incorrect Passwords?
>
> Just wondering if anyone has experience with OIM connecting to SAP CUA
Not worked with OIM, but worked with SAP IDM/GRC:
But I was asking why you would use CUA once you will have OIM working ?
1.you should have only a single point of user administration, why dont you lock the user from OIM instead of logging into CUA.
2.In our present project , DEV and QA we are using ACCESS enforcer for all user administration purposes with approval workflows, it works very well. security should not login to the systems without approval.
Maybe you are looking for
-
Forward, backword arrows do not function
The backward, forward buttons are not illuminated and do not function.
-
What type of camera to purchase
I am looking for a camera to purchase for taking photos of my children playing and do sports. Like Karate, Cross Country, and Baseball. Plus everyday activites
-
Using FindChangeByList Javascript
I read the excellent article in Nov 08 issue of InDesign Magazine on using FindChangeByList. I am publishing stories on the card game Bridge which uses symbols for Hearts, Spades, Diamonds, and Clubs. I would like to use a script that replaces easily
-
What is it like, using an iPhone 5 on the att GSM Wirless Network?
What is it like, using an Unlocked iPhone 5, on the AT&T GSM Wireless Network? Cost per Month ? Signal Strength ?
-
Is it possible to build a flash programme that will create new files that can be accessed or edited. I would like to know all the possible ways.