SAP IDM Integration with LDAP VS Rest.
Hi,
I'm looking for an best approach through I can integrate my custom application with SAP IDM 7.2. I have read couple of article and found IDM is based on VDS and allow LDAP as well as Restful web services.
Would like to know the best approach.
Here what I want to achieve:
1. Dynamic Schema detection for User, Role and Employee
2. Get all User List and there corresponding Role.
3. Password Reset/Set/Change
Thanks
Shital
Hi Nits,
This guide presents the official SAP Connectors for IdM. SAP and 3rd-party.
It seems that are no official connector for ADOBE CQ and HYBRIS.
But you can build you own connector. (JDBC, WebServices, LDAP)
Using the same concept as the SAP Standard connectors, Folders (Aplication Actions, Plugins) HOOK Tasks.
It will depended in what integration layer this solutions offer.
Similar Messages
-
Hi.
Has anyone successfully integrated with LDAP using the C library from
LDAP SDK?
Currently I'm facing a problem when I tried to generate the C++ wrapper
for the C library. The compiler is unable to resolved the data type of
some data structs. This is because the definition for these structs are
not defined in any of the include files provided. According to the LDAP
SDK doc, this is because the fields for those data structs are not
intended to be accessible to the clients.
That is why in my wrapper project, I defined these struct, each has the
property Opaque = TRUE.
The following is the error message:
BEGIN FILE
Working directory is d:\forte\tmp\cg13\pc_nt\ldapsrch
Processing BOM file: LDAPSrch.bom
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 11.00.7022 for
80x86
Copyright (C) Microsoft Corp 1984-1997. All rights reserved.
LDAPSrch.cc
LDAPSrch.cc(70) : error C2027: use of undefined type 'BerElement'
LDAPSrch.cc(127) : error C2027: use of undefined type 'LDAP'
LDAPSrch.cc(184) : error C2027: use of undefined type 'LDAPMessage'
LDAPSrch.cc(203) : error C2733: second C linkage of overloaded function
'ldap_init' not allowed
LDAPSrch.cc(204) : error C2733: second C linkage of overloaded function
'ldap_simple_bind_s' not allowed
LDAPSrch.cc(205) : error C2733: second C linkage of overloaded function
'ldap_perror' not allowed
LDAPSrch.cc(206) : error C2733: second C linkage of overloaded function
'ldap_search_s' not allowed
LDAPSrch.cc(207) : error C2733: second C linkage of overloaded function
'ldap_first_entry' not allowed
LDAPSrch.cc(208) : error C2733: second C linkage of overloaded function
'ldap_next_entry' not allowed
LDAPSrch.cc(209) : error C2733: second C linkage of overloaded function
'ldap_get_dn' not allowed
LDAPSrch.cc(210) : error C2733: second C linkage of overloaded function
'ldap_first_attribute' not allowed
LDAPSrch.cc(211) : error C2733: second C linkage of overloaded function
'ldap_next_attribute' not allowed
LDAPSrch.cc(212) : error C2733: second C linkage of overloaded function
'ldap_get_values' not allowed
LDAPSrch.cc(213) : error C2373: 'ldap_value_free' : redefinition;
different
type modifiers
LDAPSrch.cc(214) : error C2733: second C linkage of overloaded function
'ldap_ber_free' not allowed
LDAPSrch.cc(215) : error C2733: second C linkage of overloaded function
'ldap_msgfree' not allowed
LDAPSrch.cc(216) : error C2373: 'ldap_memfree' : redefinition; different
type modifiers
LDAPSrch.cc(217) : error C2733: second C linkage of overloaded function
'ldap_unbind' not allowed
cl /W3 /Gf /GX /MD /c /Ob1 /vmg /DSTRICT /DWIN32 /D__WIN32__
/DLIBOO_DLL
WIN32_LEAN_AND_MEAN /Id
:\forte\install\inc\cmn /Id:\forte\install\inc\os
/Id:\forte\install\inc\ds
/Id:\forte\install\inc\handles /Id:\forte :\forte\LdapAPIs\include
/FoLDAPSrch.obj /Tp LDAPSrch.cc
So, please advise on how should I proceed.
Thanks in advance.
from: suen
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>Hi Anoop,
To adapt an SAP Workflow, you can create a configuration. In this configuration you can redefine values for steps of the workflow definition. These values are evaluated at runtime instead of the values originally defined.
You can configure the following step types:
Activity
User decision
Document from template
Wait
Moreover,Features
You can set the following data individually in the step definition of the configurable step types:
1)Responsible agents
2)Excluded agents
3)Message recipient for completion
4)Priority
5)Requested start
6)Indicator denoting whether the step is included in the workflow log
7)Activation of a latest end, a latest start, or a requested end with the reaction Send mail
This URL privides info about various workflow codes http://help.sap.com/erp2005_ehp_02/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/content.htm
Regds,
Krutarth
· Reference date/time for latest end, latest start, and requested end
· Message recipient for missed deadline
· Information about the work item display -
ActiveDirectory - SAP IDM integration in Identity Life cycle Management
Hi Experts
In our landscape SAP HCM is supposed to be the leading data source and SAP IDM takes identity information from SAP HCM. From SAP IDM it will provision into Active directory and other third party systems, Sap systems.
Here are the questions
1) How can we leverage on the investment on Active directory after SAP IDM -Active directory investment ? I mean after SAP IDM comes to a landscape, Active directory will only be used to login to domain and for authentication if for java system Active directory have been set as user data source. What are the other advantages of Active directory- SAP IDM integration as Active directory will not be leading data source and identity information will be in identity store.?
2) After the user details are taken from SAP HCM system, will the user record will be created in SAP IDM on Identity store ? Is it where we actually assign the SAP IDM business role and the related technical role to the user?
3) Suppose if we assign a business role " employee " , will IDM actually create user id in all target system and assign all the technical roles? . Or we have to manually select each repository for target system in Identity center and select the privileges and provision it ? Will there be any automated feature that after assigning the business role to identity in identity store users and roles get automatically provisioned on all the target systems?
Thank you in advance for your help.Hi Matt,
Thank you very much.
Only change we have is before approval it should go to GRC AC check all the compliance and only after that it is approved and it should come back to SAP IDM .
I am actually looking for a tutorial which actually shows how you assign a business role and the whole procedure of SAP IDM automatically provisioning to target systems which you have just explained. I suppose there is no such exact tutorial and I want to know how we can configure this on SAP IDM . Any specific clues?
Also I am describing the exact steps that will follow . Correct me if I am wrong.
1) User id will be created on AD with same user name and password as it is in Identity store. Will be assigned AD groups
2) Create same user in Portal and make the user data source as AD and will assign the technical role portal as per the business role definition
3) create same user in all abap systems and set abap database as user data source and assign the technical role needed as per the business role definition
4) Create same user in third party systems and with the privileges on their target systems as per the business role definition.
With this provisioning stops. I suppose all the above steps will be automatically done by SAP IDM with no manual interaction required after final approval. Correct me if I am wrong.
So some other information i wanted is
1) When you assign business role at work flow, how exactly SAP IDM know about the target systems that user should be created and assigned roles and made their authentication source.
for eg:- for a business role "employee" should get access to ERP with role X, AD with group Y, Portal with role Z. So in work flow when business role employee is assigned how SAP IDM will know that user should be created on to ERP with role X, AD with group Y, Portal with role Z. Can you explain technically along with detail steps? Or how exactly we configure a business role which knows the target systems and their techical roles.
Thank you once again for the fabulous help . You/Matthew is a tremendous help in understanding SAP IDM better. -
SAP Portal Integration with InfoView
Hi Experts,
I have successfully configured SAP Portal Integration with InfoView using the following steps provided by Ingo:
- set the system that you want to be authenticated against as the DEFAULT system in the options of the SAP authentication.
- go to the webapps folder of your app server and navigate to the InfOView folder
For the Java version of InfoView (Windows environment) you need to edit the file web.xml, which is located (assuming Tomcat as application server) in the directory \Program Files\Business Objects\Tomcat55\webapps\InfoViewApp\WEB-INF for the actual deployment.
In addition you can make the change to the file in the folder <INSTALLDIR>\BusinessObjects Enterprise12.0\warfiles\WebApps\InfoViewApp\WEB-INF. The files in the second locations are being used when you redeploy the web applications with a tool like wdeploy. You need to change the following values
authentication.default = secSAPR3
siteminder.enabled = False
sso.enabled = True
Then I have created URLiView to InfoView login page, when the user click on the link, BOBJ will use the DEFAULT system to authenticate user.
However, there is a new requirement for users who exist in another SAP system to SSO into InfoView too. My question is whether we can specify in URLiView url or other configuration to select which SAP System to authenticate user on?
I would like to create Role A and Role B in Portal and each will display different URLiView that will authenticate user against different SAP System if possible.
Appreciate your advise.
Regards,
MedyHi Ingo,
Thank you for your reply.
We are trying to create an URLiView to the logon page of InfoView: http://<BOBJ Server>/InfoViewApp/logon.jsp that will bring the user to InfoView home if SSO passed instead of OpenDocument URL.
I have tried to add URL parameters to the URLiView (http://<BOBJ Server>//InfoViewApp/logon.jsp?SAP_SYSID=DCD&SAP_CLIENT=200), but InfoView is still using the default system in CMC to authenticate user.
Please advise.
Best Regards,
Medy
Edited by: Medy henry on Apr 29, 2010 4:00 AM -
What SAP-modules can be SAP HR integrated with?
Hi to all!
I have a following question: What SAP-modules can be SAP HR integrated with? What HR objects and business processes could be involved in integration. What are the main advantages of this kind of integration.The best advantage of SAP HCM is that we have Integration with other Modules
as per as SAP HCM i worked integration with FICO , SD
Business objects form FICO side will be Cost Center
and there are many Advantages with the integrations with other modules -
SAP CRM Integration with lotus notes & blackberry (Mobile application) ?
Dear Experts,
Can any one pls explain me rough step in SAP CRM Integration with lotus notes & blackberry (Mobile application) ! I dont want detailed steps but pls explain me some important steps for this integration. Also pls tell me which standard SAP document i hve to refer for it !
As i am totally new to such integraion. pls help me out of this !!!! Helpful answer will be rewarded with full points.
Regards,
Amol Tambe.Hi Amol Tambe,
Please refer the following SDN threads to find more information about SAP CRM and Lotus notes integration:
Re: Integration of SAP CRM 7.0 with Lotus
Re: Need the connectivity between CRM and Lotus Notes.
However, the above discussion is for CRM online and Lotus notes integration.
Hope this helps!
Regards,
Chethan
Edited by: Chethan Kumar C M on Sep 27, 2009 9:41 AM -
Hello ,
We are looking to integrate SAP TM with GIS,
any recommendations of the GIS tool like PC Miler or Randy Mc Nally etc.... which supports below need's
Provide Accurate Distance and Duration based on the real time traffic
Provide a route based on the real time traffic
Another requirement we are looking is to track the truck at any point of the time - In EM we can track based on Events but is there any functionality to track based on the GPS system available in the Truck
Thanks
KumarLocked due duplicity SAP TM integration with GIS
-
Hello,
may I ask you how SAP GRC Access Control can be integrated with Identity Management?
I would like a description of the model and to understand if CUP, ERM, RAR are all mandatory components to do the integration (it's not clear to me if only CUP should be use to integrate IDM).
Thank you to all
DanielaHi Daniela,
there are two basic options of integrating Netweaver Identity Management and SAP BusinessOBjects Access Control:
- CUP can call IdM to provision roles to non-SAP systems through IdM
- IdM can call CUP to hand over a request (or parts of it) for SoD and critical transaction checks
As a third option, I have seen customers using both tools in parallel, provisioning users and master data through IdM and assigning SAP authorizations through CUP/RAR.
The best kind of integration for your scenario is something that depends on your requirements and your desired processes. Technically you can do a lot, but it makes sense to invest the effort to find out what the best option is in your exact case.
Kind regards,
Frank. -
Hi there
one of our customers raised the question if SAP IDM can be integrated with SLD (system landscape directory)? Obviously, one of the dispatchers showed up in the SLD for one time (maybe during installation).
best regards
MatthiasHi Billy
in fact the core components of SAP IDM are not implemented in NetWeaver. They are running on a Windows Server (e.g. the dispatchers). Those are the components we want to register in SLD.
Only the UI components are running in an NetWeaver AS Java, but this one is already in SLD.
best regards
Matthias -
Is possible this integration?. The idea is that the agent will do authentication with LDAP directly
Hi Anoop,
To adapt an SAP Workflow, you can create a configuration. In this configuration you can redefine values for steps of the workflow definition. These values are evaluated at runtime instead of the values originally defined.
You can configure the following step types:
Activity
User decision
Document from template
Wait
Moreover,Features
You can set the following data individually in the step definition of the configurable step types:
1)Responsible agents
2)Excluded agents
3)Message recipient for completion
4)Priority
5)Requested start
6)Indicator denoting whether the step is included in the workflow log
7)Activation of a latest end, a latest start, or a requested end with the reaction Send mail
This URL privides info about various workflow codes http://help.sap.com/erp2005_ehp_02/helpdata/en/9b/572614f6ca11d1952e0000e82dec10/content.htm
Regds,
Krutarth
· Reference date/time for latest end, latest start, and requested end
· Message recipient for missed deadline
· Information about the work item display -
SAP B1 Integration with third party system
Dear all,
i want to connect some parts of SAP Business One with my Webinterface. I have installed the Netweaver integration tool (B1i). Does somebody know if I can use this tool to connect SAP B1 also to another system then only R/3. And if yes how can I create the new langscape?
many thanks, davidEdd,
thanks a lot. I also saw your documentation you wrote about the integration tool in January 2006. Technicle it should be possible for my system, but I need to test it...
I have now one important license-question:
1) The integration tool is free if I have a SAP B1 license, isn't it?
2) Lets say 10 of my employees enter master data in 5 different companies of my webinterface. Each employee has his own user account on my webinterface. Now the entered data in the different databases (companies) are sent to SAP B1 thru the integration tool and master data are created in SAP B1 in 5 different Databases (companies). NOBODY is logged in SAP B1 directly. All Data are comming thru the integration tool, but from different Webinterface-User and for different Databases. How many licenses in that case I would need for SAP Business One? Just one for the integration tool as the only direct-user of SAP B1 in that case, or 10 for the different accounts on my webinterface from which the data are comming from?
Many thanks, David -
SAP JAM integration with Cloud for Customer
I'm in the middle of the setup of the SAP JAM to C4C integration and using the guide here https://websmp109.sap-ag.de/~sapidb/012002523100002202222015E/C4C_JAM_WP_1502.pdf.
In section 2.4.1.1, it says "Contact your SuccessFactor, SAP Jam customer support or administrator to get the SuccessFactors Secured
Token Service certificate for your SAPJam company."
Since it is the first time I deal with SuccessFactors, I have no idea who to contact to get this "signing certificate". Do I need to contact the SF Cloud support team or is that something I can get on my own from our SuccessFactors instance?
CheersHi Thierry,
in general the guide refers to opening a ticket in the SuccessFactors support portal to request the ticket. As this is your first implementation you probably don't have a registered user in here.
Question:
Do you have someone else on the project/at the customer to help with the basic implementation of the SuccessFactors Platform? If yes, please ask this person to open a ticket with SuccessFactors support.
If not, then you can also open the ticket directly in C4C and it should be internally routed to the appropriate support contact.
Please note: In addition you will also need to do some basic configuration of the SuccessFactors Platform and SAP Jam. More information about initial steps to access and setup
the SuccessFactors Platform for SAP Jam can be found in the document „Setting up SAP Jam for Integration with other SAP Solutions” included in the package “SAP Best Practice for SAP Cloud for Customer Integration” available at http://service.sap.com/rds-cfc-erp
If you are interested in more information, please check out the respective training offerings for SuccessFactors Platform and SAP Jam available as "Academy Courses".
Hope this helps,
Ingo -
SAP Jam Integration with Cloud For Customer error
Hello Experts,
We are integrating SAP Jam with Cloud for Customer tenant. We have followed the instructions that are mentioned in 1311 guide for SAP Jam integration.
But right now we are getting an error on SAP FEED work center and Account View.
Error that we are getting is as follows:
You are not authorized to access /c/C0000209652T.com/widget/v1/feed?wid=1&auth=single_use_token&skin=gr&faces=true&type=follows&num_items=30&avatar=true&live_update=true&mobile=false&post_mode=inline&reply_mode=inline&single_use_token=&locale=en
Kindly help us understand the mistake or step that we might have skipped.
Thanks & Regards,
Chandan BankarMy example in the document deals with User ID as key_identifier.
ie., we need a unique key which is common to both servers so that we can identify accounts. This is done through assertion attribute exchange.
For eg, if I have an account with userID vatsav in C4C, then I must have an account with same userID in JAM (or vice versa) provided I set UserID for "Account Name Origin" in Step 10.
Doing this way, I am telling JAM that I am using UserID as an assertion attribute which identifies both my accounts in C4c and JAM without any problem. When you login into C4C using vatsav as UserID, it automatically searches feeds for same userID in JAM and displays them in Mashup.
It's a big concept actually. Implementation's already done by SAP.
Hope, I am clear. -
SAP Workflow integrated with Microsoft Outlook
Hello All,
I have the following question. When an work item comes in the SBWP inbox, as soon as the work item is executed by the user
the workitem disappears from the SBWP. Now my question is if SAP Workflow is integrated with Microsoft Outlook (so that email containing the work item as a link reaches Outlook), is there a way to make the email disappear from the Outlook as soon as the SAP work item is completed.
Can someone throw some light on the same.
Thanks,
SachinHi,
Duet workflow scenario is available. SAP Application sends workitem to Duet Server and Outlook client has Duet add-in. You need Duet Server and user license.
Also SAP MAPI Service Provider is available. You can access SAP Inbox items from your outlook client. I think SAP MAPI Service provider is free.
Regards,
Masa -
SAP HR Integration with KRONOS
Hi All,
Am looking for information on SAP Time mgmt integration with KRONOS time clock application. I understand that there are tools available in SAP HR for a seamless integration with KRONOS application (KRONOS being a certified ISV provider); So how does this work out? is there any documentation on how this can achieved etc?
regards
ChandraChandra,
We went with Kronos as our consulting partner at the time indicated as you said that they were SAP certified and it would be a seamless integration with standard IDOCS. That was very far from the truth and to this day we would love to get rid of Kronos in favor of a true dummy clock system for collecting IN/OUT punches simply.
In the end we had to custom code an interface to send a MINIMASTER (employee data) file to the Kronos server via FTP as well as an interface to create a flat .txt file containing the punch data on the Kronos server that gets picked up and processed via PI (or XI to some) and then processed as an IDOC that eventually become 2011 records. We used 3 developers in house as well as having to retain a consultant to do the interfaces on the Kronos server. In the end it works pretty well but the support from the Kronos side has been awful and when we wanted to clear up some of the SQL punch tables we where told by Kronos we would have to purchase a separate archiving product. Instead I wrote a custom delete program. It was a huge project and cost and took more time than anyone anticipated. The only good thing I guess I could say Is we have been able to use the same IDOC and PI interface to process punch files we have coming from other countries clock systems.
But personally here in the US we did not have a good experience with Kronos and still have unresolved issues with license/support fees today.
Good luck,
Martha.
Maybe you are looking for
-
I got a new computer a while ago and tried to sync my iPhone 3. I thought my library was housed at iTunes, but when I sync, it does not sync the previous library. I can see my apps, but they are "grayed" out and I cannot maneuver them on my compute
-
Error in Retroactive wages in payslip and Payroll register
Dear Consultants, One of my client facing error while retroactive wage display in payslip and as well as Payroll register, when the employee is having any retro arrears that time the total arrears are coming as "Stat.net subs.adjustment" but client w
-
Deleting event in iCal 5.0.1 not syncing with Google Calendar
When I delete an event from iCal, it does not sync with Google Calendar. However, when I create an event in iCal, it syncs just fine with Google Calendar. Creating and deleting events from Google Calendar syncs fine with iCal. Has anyone else exper
-
No "before new record saved" trigger event in workflow definition ?
Hello, I have following problem: I have to make a simple integration, where products have information about available quantity of given product . Assume we have field - it is called "Available amount" and it tells how many products are on stock. Now
-
Ok, i've been trying since like 2 days ago to solve this problem, but i havent been able to do so. this is the error i get: what is your name: neo Hello neo Do you want to go first? (1)Yes, (2)No 1 the number of marbles is: 42 How many marbles you wa