SPNego: User ID Mapping

Similar Messages

• User Defined Mapping Problem

  Dear SDNs,
  I write a user defined mapping program under a namespace, and I want to use it in other namespaces by drag and drop instead of importing, is that possible?

  Hi,
  <i>>>>Prakash, I'm a little confused, I think mapping program like java and XSLT can only imported in user defined function in Mapping, isn't it?</i>
  No, you will be importing it under Imported Archive. You will find User Defined Function inside the Graphical Mapping.
  Refer this link for UDF
  http://help.sap.com/saphelp_nw04/helpdata/en/22/e127f28b572243b4324879c6bf05a0/content.htm
  <i>>>>What do you mean by the "F4"? Can you explain it to me ?</i>
  F4 is Value request. In the Interface mapping when you are assigning the mapping program you will click on the "?" button which is nothing but F4. You can also press F4 which is equal to pressing "?"
  Thanks,
  Prakash

• Cannot add users to mapped third party group

  when i try to add a user to a group i get the following message
  "cannot add users to mapped third party group"

  If a group was mapped in via AD/LDAP/SAP then the users must be added in the 3rd party (AD/LDAP/SAP) you cannot create members inthe CMC. This is by product design. If you want to add members to groups in the CMC they must be enterprise groups only (groups created in the CMC not mapped in from 3rd parties).
  Regards,
  Tim

• Table that stores the business role and user id mapping

  Hi,
  i want to know the table that stores the Business role and the business role and user id mapping in CRM system.
  Thanks in Advance.
  Regards,
  Pricy

  Hi Mary,
  There is no direct table but there is a way to find it.
  HRP1263 is the table where business roles are stored when maintained at org level. These are stored against the Position.
  For getting user ID and position linkage refer table HRP1001.
  In HRP1001 table use below criteria to get the User and Position.
  OTYPE = CP
  SCLAS = US
  SOBID = User ID
  ENDDA = 31.12.9999
  Get the OBJID
  Query the HRP1001 table again with following
  OTYPE = CP
  OBJID = OBJID from above Query
  ENDDA = 31.12.9999
  SCLAS = S
  SOBID = Thats Position.
  Pass the position to HRP1263 as below.
  OTYPE = S
  OBJID = POSITION
  PROFILE - Thats business role assigned for the given position and user.
  Hope this is helpful.
  Regards,
  Naresh

• GRC AC 10.0 Maintain Master User ID Mapping

  Hi,
  I try to configure "Maintain Master User ID Mapping" in the transaction
  SPRO->GRC->Access Control
  Example:
  SYSTEM: A
  USER ID: B
  MASTER USER ID: C
  If i try to launch the PSS for the C user, also change the password of the B user?
  This, not working.
  Regards

  Hello Prashant,
  I want to talk to you regarding GRC upgrade / Migration.
  Could you please provide me your contact details or email me on my mail id i.e. [email protected]
  I hope you remember me, we had worked together in Mumbai (CG) around 4-5 years back.
  Regards,
  Atul Rajwade

• How to create mass users and map them to existing  hrms users

  Hi,
  Im running oracle ebusiness suite 12i . I want to create mass users , and map them to existing hrms users.
  The users I want to create exist in an excel spreadsheet with the columns employee id, user name. They will all be granted the same responsibility. I want to map them to existing hrms users using the employee id key.
  I have read about the package FND_USER_PKG.CREATEUSER and I can loop over it by using sql loader to create a temporary table, but I m lost on how to automatically map them to hrms users as part of the script.
  Any help.
  dula

  Thanks a lot Omka,
  I managed to create the users by running the script:
  declare
  Cursor C1 is
  select d.product_code,b.responsibility_key from FND_USER_RESP_GROUPS_ALL a,fnd_responsibility b,fnd_user c,fnd_application d
  where a.user_id = c.user_id
  and a.responsibility_id = b.responsibility_id
  and b.application_id = d.application_id
  and c.user_name ='JOCHIENG';
  Cursor employee is
  SELECT EMPLOYEE_ID,EMPLOYEE_NAME from eldoret_final;
  BEGIN
  for e in employee loop
  fnd_user_pkg.createuser
  x_user_name => e.EMPLOYEE_NAME
  *,x_owner => ''*
  *,x_unencrypted_password => 'welcome123'*
  *,x_start_date => SYSDATE - 10*
  *,x_end_date => NULL*
  *,x_description => 'CBK Employee'*
  *,X_EMPLOYEE_ID => e.EMPLOYEE_ID*
  fnd_user_pkg.addresp(upper (e.EMPLOYEE_NAME),'PER', 'CBK_EMPLOYEE_DIRECT_ACCESS','STANDARD', 'DESCRIPTION', sysdate, null);
  end loop;
  commit;
  end;
  I had first created the user JOCHIENG and assigned it the responsibility for Self service. So the script just assigns the responsibilities by copying from the one assgined to this user.
  Everything seems ok. However, when trying to log in as the new user, the login error: Login failed. Please verify your login information or contact the system administrator.
  is returned. But I can reset the password using the forms under Security > Define. Even with the correct password, the login doesn't go through.
  Any idea?
  dula

• How to prevent a rdp user from mapping drives on the server ?

  Hi,
  User A from Domain A (using Win7 pro) is able to rdp to Server Z (Windows Server 2008) which is in Domain Z and is able to map drive.
  My question is : How do I prevent User A from mapping any drive in Server Z ?
  Please advise. TIA !

  Hi,
  if a user has access to the other share there is no way to prevent that user from mapping a drive.
  However, you can remove the "map Network drive" functionality via policy, please see
  http://msdn.microsoft.com/en-us/library/ms812045.aspx
  That does not prevent users from mapping  their drive manually using the "net use ..." command from a shell. While it is possible to restrict running of the net command, I do not recommend that (see
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5012142-cfe9-4b24-99b9-d7ff3b84f0f4/what-security-policy-blocks-use-of-the-net-command-for-nonadmin-users?forum=winserverGP).
  ( What you may consider when having Shares cross-forest, you can remove that authorized users permission from the share replacing it by DOMAIN\Domain users groups, etc. So access to the share is limited instead of using a share that a user has access to.
  Please Keep in mind that even when you remove the Network drives a user can still Access the resource via UNC. )
  Regards,
  Martin

• Problems with User Defines Mapping Objects - Dynamic Configuration

  We have a mapping object that takes data passed in from R3 and does an HTTP Post to another system using a URL and file name that is passed from the header record. We had a consultant set this up for us last year and in creating the new one we just pretty much copied what he did. The problem is, it is not working for us. We have the url and file name, we pass it to the user defined code that is supposed to pass it to the url and file name in the configuration. The java code looks like this:
  public String getPcurlOut(String pcurl,Container container){
  String ourSourceFileName = "START";
  DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  if (conf != null) {
  DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/File","Directory");
  conf.put(key, pcurl + ".xml");
  ourSourceFileName = conf.get(key);
  } else {
  ourSourceFileName = "conf == null";
  Basically we want to pass a url and file name to our communication channel based on values that come from our file in R3
  It is almost exactly like the one that works. Can anyone help with this?
  Thanks
  Mike
  Message was edited by:
          Michael Curtis

  Hi Michael
  <i>Basically we want to pass a url and file name to our communication channel based on values that come <b>from our file in R3</b></i>
  --> This means you have file as a sender adapter.
  Check adapter specific message properties in sender adapter.
  Please refer this blog , it is really worth.
  /people/michal.krawczyk2/blog/2005/11/10/xi-the-same-filename-from-a-sender-to-a-receiver-file-adapter--sp14
  Also
  DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/File","Directory")
  Try writing this as
  DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System/File","<b>FileName</b>")
  Regards

• Importing Roles-User Groups Mapping from one Environment to Another

  Hi,
  I have this situation. I am using WLP8.1 SP4
  I have two environments (E1 and E2)and I have 2 MS Active Directory server (MS1 and MS2). The LDAP authenticator in E1 is configured to use MS1 and the LDAP authenticator in E2 is configured to use MS2. The user groups are stored in the Active Directory servers and the role-user groups mappings are done within the Weblogic.
  I imported the role-user groups mappings from E1 to E2 and it works. After that, if I map another user group to an existing role and do an import again from E1 to E2, it does not take any effect. Why is it so? Any kind soul can help me? I am very lost now.?:|

  Hello! :)
  Unfortunately, I'm already using Catalog Manager in transferring files. I'd really like to find out if there is a particular file that defines the permissions of the objects that I should also transfer, or if I should really do that manually for each of the objects?
  Thanks for the reply! :)

• SAML - USer Principal mapped on a SAML attribute - How to do ???

  Dear security experts,
  I have configured on my weblogic platform a Sender vouches SAML profile.
  I am trying to map the UserPrincipal (the one I get from the webServiceContext in my web service) to a SAML attribute (different from the SAML subject).
  I have written a class that implement the interfaces SAMLIdentityAssertionNameMapper and SAMLIdentityAssertionAttributeMapper .
  Here is an overview of the simplified implementation :
  public String mapNameInfo(SAMLNameMapperInfo info, ContextHandler handler) {
  return "user2";
  public void mapAttributeInfo(Collection<SAMLAttributeStatementInfo> attribStmts, ContextHandler contextHandler) {
  Set<Principal> principals = new HashSet<Principal>();
  principals.add(PrincipalFactory.getInstance().createWLSUser("user1"););
  ((SecurityTokenContextHandler)contextHandler).addContextElement(ContextElementDictionary.SAML_ATTRIBUTE_PRINCIPALS, principals);
  After weblogic has loaded my SAML assertion, I can see in the log that my uibject has two User Principal : user1, user2. When I call getUserPrincipal in my webservice, I always get "user1". I need to get "user2".
  Why mapNameInfo() always has the priority ? Is it the good way to implement this mechanism ?
  Thanks for your help.

  Gyan:
  How is that possible? If you import the VOImpl inside EOImpl, the import statement is ok. But how would you use that? There is no findViewObject method? The OADBTransaction class that I can use has only findObject method that one can use and I tried that but wasn't successful. Shouldn't you have to import OAApplicationModule and a host of other classes? Is that even possible?
  I thought about the entity expert approach but I don't have a need to execute any query. I just need to refer to the view attribute from within the EOImpl. That's what I am looking for. If there is a way to refer to a view attribute from within the EOImpl without having to populate that attribute in a session/transaction variable that would be a better solution for me because there may be more attributes that I need from different VOs later on and everytime I need some VO attribute I don't have to create and populate a session/transaction variable.
  Please let me know if it can be done. Can you please elaborate more on your proposal? I really appreciate your time and help. Thanks!
  - Muzammil

• Mac Users + OVI Maps Build ClientIndex

  For Mac users unable to use Nokia Maploader for Mac here is how to merge index links provided by ovikovi
  IndexAsia
  IndexAustralia/Oceania
  Index Africa 
  Index NorthCentralAmerica
  Index South America
  Index Europe
  Unzip folders and drag respective folders to Documents as here 
  Documents
  It is probably helpful to open this screenshot now
  Merge ClientIndex
  Create a New Folder in Documents ClientIndex
  Open Terminal on Mac > Finder > Go > Utilities > Terminal
  Type after $ prompt cd Documents <hit return>
  Type after $ prompt cp -r Africa/* ClientIndex <hit return>
  Repeat with index for other countries as in terminal screenshot
  When finished drag ClientIndex folder to E:\CITIES\diskcache
  This procedure also works for merging individual maps and is documented elsewhere on forum.
  Happy to have helped forum in a small way with a Support Ratio = 37.0
  Solved!
  Go to Solution.

  England
  Northern Ireland
  Scotland
  Wales
  French regions:
  Alsace
  Aquitaine
  Auvergne
  Bretagne
  Bourgogne
  Centre
  Champagne-Ardenne
  Corsica
  Franche-Comté
  Langedoc-Roussillon
  Limousin
  Lorraine
  Midi-Pyrénées
  Normandie
  Nord-Pas-de-Calais
  Paris-Ile-de-France
  Pays-de-la-Loire
  Poitou-Charentes
  Provence-Alpes-Côte-d'Azur
  Rhône-Alpes
  German regions:
  Baden-Württemberg
  Bayern
  Berlin/Brandenburg
  Hessen
  Mecklenburg-Vorpommern
  Niedersachsen/Bremen
  Nordrhein-Westfalen
  Rheinland-Pfalz/Saarland
  Sachsen
  Sachsen-Anhalt
  Schleswig-Holstein/Hamburg
  Thüringen
  Italian Regions:
  Abruzzo
  Basilicata
  Calabria
  Campania
  Emilia-Romagna
  Friuli-Venezia Giulia
  Lazio
  Liguria
  Lombardia
  Marche
  Molise
  Piemonte
  Puglia
  Sardegna
  Sicilia
  Toscana
  Trentino-Alto Adige
  Umbria
  Valle d'Aosta
  Veneto
  Spanish regions:
  Andalucía
  Aragón
  Asturias
  Islas Canarias
  Cantabria
  Castilla y Léon
  Castilla la Mancha
  Catalunya
  Ceuta
  Communidad Valénciana
  Extremadura
  Galicia
  Islas Baleares
  La Rioja
  Madrid
  Melilla
  Murcia
  Navarre
  País Vasco
  Happy to have helped forum in a small way with a Support Ratio = 37.0

• User & Role mapping - EP

  Hi,
  How do I create roles and map them to users on Enterprise Portal. We are on CRM 5.0 and EP 6
  Thanks
  Guest01

  Thx Gregor, I have now changed my screen name. It was a lazy work on my part that I opened my user with guest and continued the same.
  We actually dont have any portal administrator at the moment and I need to take this mantle for some time. I will explore the user mapping as suggested by you.
  thanks
  Kumar

• SGD 4.31 - User application mapping( AD enable )

  Dear Forum users,
  Objective: Assign AD authenticated users with specific applications.....
  I have installed SGD 4.31 in my SFV240 server. Have configured and enable AD for users to authenticate.
  These are my DNS SGD servers lookup:
  portal-01.esuria.com.bn ---> 172.16.2.82
  172.16.2.82 ---> portal-01.esuria.com.bn
  portal-02.esuria.com.bn ---> 172.16.2.83
  172.16.2.83 ---> portal-02.esuria.com.bn
  Note: In our existing DNS server, our admin configured the Domain as "ESURIA.COM.BN"
  These are my Array Manager AD Settings:
  URL: ad://esuria.com
  Base Domain: esuria.com
  Default Domain: esuria.com
  Note: Our existing AD server, admin has configured the Domain as "ESURIA.COM"
  Object Manager Settings:
  Note: These are created by default( dc=bn, dc=com, dc=esuria )
  I created Active Directory Container( cn=Users )
  I created Person object ( cn=ali ) and assign some applications to ali.
  Note:
  1) User Ali is created in AD server only.
  2) The reason i created the above AD Container and Person object is to assigned specific applications to user Ali.
  Open a firefox browser and type the sgd url and click login. Enter username ali and password and i am successfully login to SGD webtop. Unfortunately, every time i login to webtop, i saw the LDAP Applications NOT the applications i specified in the Object Manager( Person Object ).
  Here are the logs output:
  root@portal-02 # tail -f server-login.log
  2007/11/12 18:43:25.152 (pid 11467) server/login/moreinfo #1194864205152
  Attempted login for ali
  using disambiguation attributes {}.
  2007/11/12 18:43:25.165 (pid 11467) server/login/moreinfo #1194864205165
  The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
  has found a potential login candidate
  .../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.
  2007/11/12 18:43:25.177 (pid 11467) server/login/moreinfo #1194864205177
  The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
  has found a potential login candidate
  .../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.
  2007/11/12 18:43:26.568 (pid 11467) server/login/info #1194864206568
  Login attempt for ali.
  Login successful.
  2007/11/12 18:43:26.571 (pid 11467) server/login/info #1194864206571
  User .../_service/sco/tta/ldapcache/CN=Ali,CN=Users,DC=ESURIA,DC=COM
  logged in using profile
  .../_ens/o=Tarantella System Objects/cn=LDAP Profile
  from 172.16.2.109.
  I believe i had missed some steps. Can the forum experts, help me to archive my objective..
  Thanks.

  This docs page describes the steps that are required:
  http://docs.sun.com/source/820-1088/ldap_mirroring.html
  It's worth noting that the location of the users in ENS must map directly to the location of the users in LDAP/AD.
  So a user located in active directory under domain "esuria.com" must be positioned in ENS under "dc=com,dc=esuria". I can see from the example you gave you are using "dc=bn,dc=com,dc=esuria". These will not match.
  So instead of of creating a user in ENS under "dc=bn,dc=com,dc=esuria,cn=Users" you would create them under "dc=com,dc=esuria,cn=Users".
  HTH
  Deany Dean
  Edited by: deanydean_sgd on Nov 13, 2007 5:10 AM

• Display the shopping cart details via Monitor shopping cart without the user being mapped in organizational structure

  Dear Experts,
  I have a scenario where the Project/Support team members won't be mapped into the organizational structure. But they must be able to view the shopping cart details. Could you please help me in providing some clue to achieve this.
  As of now, I am getting the below error if the user is trying to view the shopping cart details when the user is not mapped into the organizational struture.
  Thanks in advance for your help.
  Best Regards,
  Bharathi

  Hi Bharathi,
  Make it more simple. Create a separate organizational unit for the Support/Admin team and intergrate the users there.
  It's the common practic.
  Regards
  Konstantin

• Business Partner to User Id Mapping

  Hi All,
  Can anybody tell me where do we map the System User ID to the Businesss Partner.
  Answers would be awarded.
  Thanks & Regards,
  Stephen

  Hi Stephen,
  You can do the same in transaction BP.
  Select Business Partner with Employee Role --> Goto Identification tab.
  There you can maintain the PERNR and SY-UNAME.
  Let me know if this helps.
  Regards,
  Vivek Pandey