SPNego for user mapping
Hi All,
How to use SPNego for user mapping?
Please tell me how to configure SPNego for USer Mapping?
Kumar
Update User Mapping ID api
i followed the above thread and wrote the code in a java file as below
IPortalComponentRequest req = (IPortalComponentRequest) this.getRequest();
IUserMappingService umapser = (IUserMappingService)
PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
IUser userid = req.getUser();
IUserMappingData iumdata = umapser.getMappingData ("System Alias", userid);
Map map = new HashMap ();
try {
map.put("user","userid");
map.put("mappedpassword","password");
iumdata.storeLogonData(map);
} catch (Exception e) {response.write(e.getMessage());}
but problem is it is throwing compilation error for IPortalComponentRequest req = (IPortalComponentRequest) this.getRequest();(getReques() cannot be used for the type classname)
please help me in resolving this issue
points will be rewarded for sure.
Similar Messages
-
How can i use exisitng user data(Id, password) for user mapping
Hi All,
For User mapping , we can import user mapping data for many users from user administration. and for each user
we can maintain mapping data in the standard format.
eg:
[User]
uid=user2
$usermapping$:BCE:user=ext_user2
$usermapping$:BCE:mappedpassword=password
i am clear till this point.
this all works if we know the userid and passowrd on the system 'BCE'.the passwords on the system 'BCE', are encrypted . so there is no chance for me to know the passwords.
so how can i use the existed userid/passowrd on the system 'BCE' for the mapped user and mapped password on the portal while doing usermapping.
Thanks in Advance,
LakshmiHi,
I think this should work.
1. Setup SSO with SAP logon tickets first. How to do this is described many places, e.g. http://help.sap.com/saphelp_nw04/helpdata/en/d3/41c8ecb31d11d5993800508b6b8b11/content.htm
This SSO will not work at first, because the username is different in the back-end system. So what you need to do is to get the back-end username into the ticket (don't need a password because that is done by the SAP logon ticket)
2. Create a portal component which uses the usermanagement API to create a usermapping which only consists of the username and a blank password. You can do this manually I think if you have no reference system defined.
IUserMappingService umap =(IUserMappingService)PortalRuntime.getRuntimeResources().getService(IUserMappingService.KEY);
//this is the currently logged in user. You might another user
IUserContext user = request.getUser();
//Get the existing data (think it can be null)
IUserMappingData userMapping=umap.getMappingData(systemAlias, user);
HashMap map = new HashMap();
map.put(IUserMappingService.UMAP_KEY_USER, backEndUserName);
//add blank password map.put(IUserMappingService.UMAP_KEY_PASSWORD, "");
//store the values userMapping.storeLogonData(map);
Voila, this should allow you to do SSO using SAP logon tickets, but with another name that you use against the portal. I am uncertain if this will work if you have multiple usermappings in the sap logon ticket
PS since the sap logon ticket is issued at logon time, you need to relogon to get the changes done by the code
Regards
Dagfinn -
No system available for user mapping in create new group.
Hi Experts,
I faced this problem when i create a new group
"There are no systems available for user mapping for the selected principal."
i checked that my server is running well with other groups.
i would just like to ask what determines the "selected principal"? is it because i select the wrong roles or the roles does not need the system?
i'm confused as some previous groups i created works well until this new group, i've tried to create a new 1 but the problem still exsist.
Thanks.hi,
Define permission to the system that you have created.
right click on hte system that you have ccreated - > in properties dropdown go to permissions -> search the group/ user for which you want to map this system - > and give permission as enduser.
this will make your system accessible while user mapping.
regards,
Sujay -
SAP_J2EE_ADMIN, no systems available for user mapping
Hello,
We are using EP 7.0 to run CRM applications (client 100).
We are creating portal users in 001 client of CRM server.
When I try to map users of portal to users of crm through user administration, it says that, "There are no systems available for user mapping for the selected principal".
I discovered that this warning disappears if I give the user has SAP_J2EE_ADMIN role in 001 client. But this time the user has the content adminstrator, user administrator and system administrator tabs as well. I don't want to give administrator rights to everyone.
What can I do?
Any recommendations?I maintained the permissions like Administrator:None, End User:X, Role Assigner:X.
I removed the J2EE_ADMIN role from the user.
But unfortunately the result did not change. The user can not access the CRM system.
Here is the error:
Portal Runtime Error
An exception occurred while processing a request for :
iView : pcd:portal_content/com.sap.pct/specialist/com.sap.pct.crm/com.sap.pct.crm.roles/com.sap.pct.crm.crm_user/com.sap.pct.crm.ckm.home/com.sap.pct.crm.ckm.work/com.sap.pct.crm.act.activities
Component Name : com.sap.portal.appintegrator.sap.BSP
Exception in SAP Application Integrator occured: Cannot retrieve system object for this alias. System Alias: 'SAP_CRM', System ID: 'pcd:portal_content/j2eeadmin/systems/com.arr.SAP_CRM'. User: 'ILKNURY', Reason: Access denied (Object(s): portal_content/j2eeadmin/systems/com.arr.SAP_CRM).
Exception id: 04:32_24/04/07_0038_5660850
See the details for the exception ID in the log file -
How to set/get the values thru Wedbynpro coding for User mapping fields
Hi All
In system object we have the user mapping fields like District,city,plant,Salesmanager.
now we want to set/get the values of these usermapping fields of system object thru webdynpro coding...
if anybody have sample codes of the same then it would be great help to me
Thanks in advance
Thanks
Trisha RaniHi Kavitha
Thanks for your reply
My requirement is exactly as follows.
1) i have created one portal system object in system administration and also i created usermapping fields in the system object from the usermanagement in system object.
i created the user mapping fields like Plant,SalesManager,District etc.
i also created the system alias name for the same system object
2) Now i came to persoanlize link and mapped the system object to the portal user.
while mapping to the system object we need to enter Mapping userId, Password , once we enter these values and we can also enter the values of usermapping fields which we defined while creating the system object ( for example District,Salesmanager,Plant etc)
once we enter all the values and click on save then these usermapping values to be mapped to the portal user.
3) Now my requirement is , i want to control the usermapping field values thru webdynpro coding for setting/getting the values.
I need sample code of the same.
Please let me know if u need more details on the same.
Thanks
Trisha Rani -
User mapping error: NO systems available for the selected principal
I have a problem related to User mapping. After creating system alias, I mapped my j2ee_admin user successfully. Then I created 15 more users and when I click usermapping for all of them, it is not displaying the system alias. It is giving error "There are no systems available for user mapping for the selected principal"
I cannot understand that when I click connection test, it is successful. The user mapping for j2ee_admin user is working. But when I try to do the same for other users, it is not displaying the system alias and giving me the above error.
Can anybody guide me through the error. I have given "Everyone" role to all the 15 users. Any kind of help will be appreciated and points will be rewarded.Hello Abdul,
This is a permission problem. Open the permission editor of the system and assign any role/group in the permission editor and select the checkbox corresponding to end-user.
Now assign this role/group to all the users.
It will solve ur problem.
Regards
Deb
[Reward Points for helpful answers] -
User mapping for groups doesn't work
Hi,
I have a problem with the user mapping for groups. When I select "User Mapping for System Access" I get the error message "There are no systems available for user mapping for the selected principal." There are some hints, what the reason could be, but I think I checked them all. For the single users in the group, the User mapping works without problems. Does anybody know what the reason for this problem could be? We are running SAP EP 7.0.
Kind regards,
DominikHi,
It seems that the system you are pointing to is a delta link linking to "nowhere" and the source system has been deleted.
The main reason for the problem is that the delta link system refers to a system that (no longer) exists.
Try recreating the delta link's base system with the same location in the PCD and correct attributes.
Hope this helps.
Regards
Srinivasan T -
Portal Runtime Error while performing User Mapping to SAP SRM
Please find below the error I received while User Mapping from Enterprise Portal to SAP SRM :
Portal Runtime Error
An exception occurred while processing a request for :
iView : pcd:portal_content/administrator/super_admin/super_admin_role/com.sap.portal.user_administration/com.sap.portal.user_mapping/com.sap.portal.userMappingAdmin/com.sap.portal.userMappingAdmin
Component Name : com.sap.portal.usermanagement.admin.UserMappingAdmin
User Mapping not fully available..
Exception id: 04:21_23/06/05_0073_8097650
See the details for the exception ID in the log fileHi,
yes, Karsten is correct. Just some background:
"User Mapping not fully available.." finally means that user mapping is configured to use strong encryption, but the main crypto key for user mapping is missing. Usually, that's because "SAP Java Cryptographic Toolkit" and/or "JCE policy files for unlimited strength encryption" are not installed (or the server hasn't be restarted afterwards). The note will most likely help
Best regards
Heiko -
Question about Logon ticket with user mapping at BI-JAVA environment
We're implementing BI 7.0 including BI Java and SAP EP for end user
access.
I have two question about SSO method when we're using BI Java.
I know we can simply configure SSO logon ticket with BI-Java(EP
included) and BI-ABAP through BI template installer and we already
succeeded in that case.
But the problem is we want to change it to user mapping SSO method for
some our internal reason.
After we configure user mapping SSO, we've got SSO failed error when we
call BI-Java stuff like BEx Web Application iView.
After many testing implemented, we found SSO Logon ticket with user
mapping (using SAP reference system). It seems working now.
But our question is "Is it no problem when we use SSO logon ticket with
user mapping?" Is there any restriction or issue?
One more question is we can ONLY use user base mapping when reference
system used. How can we assign BI-ABAP users to EP Group?Using an SAP Reference system is allright. But if the reason u r going for this is because of different usernames in EP and BI, why dont you go for user mapping.
Anyways, on restriction of reference syetms is that you can have ONLY ONE reference system defined in portal. In you case you can only have the BI system defined.
Hope this helps!! -
Hi
I have created one user in UME - USER1 and another in backend R3 system - USER2. Then by going to Identity Management and going to USER1, I have gone to User Mapping for System Access tab and i've given below details -
System Selection - Selected the System alias TESTSYSTEM for R3 system
Mapping Data - user credentials for USER2
That is all i did for user mapping. Now, in portal, developed customised codes. And, inside code, I have hard coded USER1 and TESTSYSTEM for doing the connectivity for all the users who are trying to access backend data. Code is as below -
IUserFactory userFact = UMFactory.getUserFactory();
IUser myUser = userFact.getUserByLogonID("USER1");
con = cgservice.getConnection("TESTSYSTEM", cp);
ix = con.createInteractionEx();
ixspec = ix.getInteractionSpec();
Then calling BAPI.
And i have created the system for r3 correctly. But, now i am getting below problem -
exceptioncom.sapportals.connector.connection.ConnectionFailedException: Connection Failed: Nested Exception. Failed to get connection. Please contact your admin. error in closing connection java.lang.NullPointerException
Please help.
Thanks - prodyutHi Naga,
have you seen this thread from yesterday:
Configuration Issue in User Mapping ..
Hope it helps you resolve your problem too,
Robert -
Problem in AppIntegrator user mapping parameter
Hi ,
I am trying sso for http://www.diamondintelligence.com/include/login.aspx? (Note I have done AppIntegrator for Yahoo)
I have created system,
Name of the server:www.diamondintelligence.com
protocaol: http
URI of web application: /include/login.aspx?
alias: myAlias
I have done user mapping for the system. userid: thillai pass: theatre
Created iView property(the input fields does not have id for the above URL viewsource, I used input name)
System: myAlias
URL Template: <System.protocol>://<System.server><System.uri>?<Authentication>
URL Template fragment for user mapping: inp_username=<MappedUser>&inp_password=<MappedPassword> (here inp_username is input field name)
iView preview shows the same view while open the URL directly.. the SSO is not done here.
I think problem is input field not having id.. please help to solve this issue . it is very urgent.
Regards,
Chinnadurai RHi Detlev and Jan,
Thanks for Reply.
Detlev: Http Monitor Shows the below message:
POST /include/login.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
Referer: http://www.diamondintelligence.com/include/login.aspx?
Accept-Language: en-gb
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: www.diamondintelligence.com
Content-Length: 112
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: __utmc=111986961; ASP.NET_SessionId=lcb2qqv1jxwcmc55n3mbjmus
__VIEWSTATE=dDwxMjE3MzgwNjQ0Ozs%2Bt80ls4a1QNgQx%2FMMiG%2F9iYv%2BuSY%3D&inp_username=thillai&inp_password=theatre
Jan: I am not looking SSO With Logon Tickets. only with user mapping.
is possible creating Custom Application Integrator to scccess SSO?
Regards,
Chinnadurai R -
Different ways to do User Mapping
Hello all,
Could some one tell me about the ways in which we could map the user id to SAP r3 id. We already have a reference system which will do the user mapping.
Another way is to have the LDAP save the Mapped user id along with the authentication data.
Wanted to know if there are any other ways to do such a user mapping.
Thanks ,
MeghnaHi,
User mapping is used for Single Sign-On (SSO) to back-end systems. User mapping maps a portal user ID to the user ID of the back-end system.
Systems are represented by their default alias in various interfaces, such as the User Mapping dialog that displays during personalization. To make a system available for user mapping, you must:
● In the System Aliases Editor, define a default alias for each system that you create. For information about creating system aliases and default system aliases,
● In the System Property Editor, set the User Mapping Type property to either:
--> User: Only the end user can set user mapping
--> Admin: Only the administrator can set user mapping
-->Admin/User: Both the end user and the administrator can set user mapping
User mapping supports the following authentication methods:
● SSO using user ID and password
This method always requires user mapping. The portal ID is mapped to the user ID and password of the back-end system.
● SSO using logon tickets to ABAP-based systems
This method only requires user mapping if users have different user IDs in the SAP NetWeaver Portal and ABAP-based systems. Passwords are not mapped.
To access more than one ABAP back-end system, you can define a reference system. As long as all the ABAP back-end systems use the same user ID, the user can access all the systems by mapping their portal user ID to the user ID on the reference system.
Go through these helpful links for Setting User Mapping with Backend:-
http://help.sap.com/erp2005ehp_03/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm_
http://help.sap.com/erp2005ehp_03/helpdata/EN/0d/fd76a0c4e0834ba1a17698d0b5553d/frameset.htm_
Hope these helps,
Reward points if helpful
Regards,
Shailesh Nagar -
User Mapping Data through IUser.getTransientAttribute()
Hi All,
Was wondering if there is a way I can get all the IUserMappingData for an IUser without having to specify the system name.
i.e. Like I can call IUser.getRoles() can I do a similiar thing for User Mapping Data?
I thought maybe -
IUserMappingData nameSpaceMappingData = (IUserMappingData)iUser.getTransientAttribute(IUserMappingData.USER_MAPPING_NAMESPACE, ?name?);
But not sure what to put in as the attribute name, whether I put user, mappedpassword, systemalias, etc.
Any suggestions?
Cheers,
Scott...storeLogonData(null);
How simple (and stupid of me!) was that? -
Connected MDM and LDAP, but but now what? Why user mapping?
Hi Gurus,
In my last thread, I posted that I was not able to connect MDM with LDAP. I was finally able to.
My problem now is I have to define user mapping in SAP Portal for the MDM business iViews to work.
By connecting MDM and LDAP, I got the benefit that now the authentication and authorization is happening via LDAP.
But this does eliminate the need for user mapping. If this is the case then why the real benefit of using LDAP?
In this case this becomes worse as I need to know the user's LDAP Password which no body will share for sure.
Any ideas? I want to get rid off this user mapping stuff.
Warn Regards,
Karanwithout knowing specifics of ur architecture, i can quickly point out two things:
1) LDAP is primarily used for authentication, true.
2) Portal User mapping should not be an issue if u already have portal tied up to the active directory or some kind of single sign on?
So portal knows the users who has logged it, polls the Active directory for authentication and Active directory logs into MDM with that users role.
-Sudhir -
Hello,
any body tell me What are the available user mapping types ?
Thanks,
KiranThere are no types in user mapping.
User mapping is used when there are different user id's across system landscape and they cannot be managed centrally.
Using user mapping we can map portal user id's with other systems like R3, non sap systems etc..
so that user no need to aiuthenticate again. It is one method of achieving SSO in portal.
http://help.sap.com/saphelp_nw04s/helpdata/en/f8/3b514ca29011d5bdeb006094191908/frameset.htm
Also check the blogs for more information:
How to setup R/3 Reference system for User Mapping
Creating R/3 System and user mapping problem
User Mapping-based Single Sign On
Raghu
Maybe you are looking for
-
Hi, foreign currency rounding. if i make advance payment to vendor 100000 GBP(69), after i booked invoice 150000 GBP(72) then i clear the advance payment 100000 GBP to invoice amount. now i am making final payment to vendor. at the time of 50000 GBP
-
Java application to connect to AP 7.00 (IPC)
Hi, I have to develop standalone java application that connects to IPC and does configurations via the IPC Server (via the RFCs the IPC Server exports). I have JCo connection to the SAP ECC system (only one server. I assume the IPC server is running
-
Drop shadow affects background colour when printing to PDF
I have a diagram in AI format with drop shadows against a coloured background. When I print it from Illustrator to PDF, the background colour around the objects with drop shadows is slightly out, leading to a "blocky" effect. Also, some lines that ov
-
Keyboard+MagicMouse+TwelveSouthMagicWand. Is there a case for this?
I have an Apple wireless keyboard, Apple magic mouse, and TwelveSouth Magic wand, and want to bring this with me when I travel. Is there a case that will hold all three?
-
I am trying to turn on my iMessage on my iPhone 5, but there is no number for me to select to send
I have my own id, but as far as getting my iMessage to work it only allows my to select my email. My phone number does not come up at all. It only shows my number right after sign in.