Synchronize portal users with R/3 automatically
I am trying to find out more about how the portal will automatically create an user and assign it its relavent roles once the user has been created in R/3. I understand this is possible with ECC6? i have searched but cant seem to find what i am looking for.
Any links/advice with be much appreciated.
Hi,
You can use the ABAP server as the data store for portal users. So all the user ids, roles & groups in the ERP system is available in portal.
Please check the following link & sublinks for detail info.
http://help.sap.com/saphelp_nw70/helpdata/en/49/9dd53f779c4e21e10000000a1550b0/frameset.htm
Regards,
Abhishek
Similar Messages
-
Provisioning a user with a resource automatically doesn't work!!
Hi Experts – IHAC trying to configure OIM to provisioning a user with a resource automatically (via OID connector).
As reviewed, the membership rules (rules designer) and access policies already configured with correct param. So I would say everything should work fine.
But when they create a new user with proper attribute. The resource didn’t perform an automate process as expected.
In the log file show only 2 lines of error message.
<Apr 25, 2013 2:49:46 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
<Apr 25, 2013 2:49:47 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
However, manual add resource works well.
Environment Info:
- OIM 11gR1 (BP6)
- OID Connector 9.1
- AIX 7.1
Is this consider as bug on AIX platform ? Or any inputs would appreciated.Just check if the rule satisfy, user is getting the role.
--Hari -
Mapping between multiple portal user with single R/3 user
Hi,
It is possible to map multiple portal user to the single R/3 user? If yes, than what is procedure to achieve it? It is possible to logon same time more than one portal user which is mapped with same R/3 user in production system?
Thanks,
Kundanyou can always do that using user mapping in user admin->identity management
where for each user details you get a tab called user mapping.
you have to create a R3 system in system admin and a give a system alias to it
Use this system alias in user mapping /
You can map multiple portal users with a single R3 user and can work parallelly.
But make sure that you have proper license in doing that.
Raghu -
Create new portal-user with webservice
Hi,
I'm trying to develop a ejb-webservice which is creating a new Portal-User.
The webservice is working so far, I made methods like getDisplayName() which is returning the display name to a logonId and so on. All this is working. I'm using the component sap.security.api.sda for this.
Problem: User-creation is not working. I think the problem might be, that a webservice is not authorized to create users? Or putting it in another way: Is it possible that a webservice is "logging in" at the portal, or sohehow authorizing itself?
Thanks and regards
Jan HempelHi Detlev,
thanks for Your answer.
It seems like that the problem was caused by using array-parameters in the webservice-method?!
Strange, but after removing the array-parameter from the method it worked! Before the webservice never returned anything, not an error or anything else.
Well, strange enough, but I can live with that.
regards
Jan -
Creating portal users with owner privileges?
Hello,
I need to let local adminstrators create users in the portal.
This is based on instance-specific privileges, not global.
Setting them to 'owners' of the group in the portal should let them add users.
Once created and I log in as one of them I do not have the privileges of being an
'owner', eventhough it's visible in the portal that I am an owner.
Anybody?
/Hi,
To make the problem a little clearer.
I want to have "local adminstrators" that can manage portal users i.e; delete, insert and update portal users.
However I do not want these "local administrators" to be "Full administrators"- too dangerous.
The "local adminstrators" should belong to the same group as the users they are set to administer. The
only difference between a "local administrator" and a user of a group is that the "local administrator" have privileges
to manage the other users of the group. If I have understood the concept right an owner have these privileges.
I made them owners of the group, but this did not enable them to manage users.
This must be a rather common approach, to have some users being able to administer other users without being a fullfledge DBA.
Right now I'm looking into mapping them(the local administrators) to a different database schema with rights to manage users.
I realize that to map them to another schema, then the checkbox "Use this schema for Portal Users" have to be checked when creating the
schema. How do I check if this was checked and if it wasn't checked can I alter it now?
Another thought is to dynamically upon meeting certain conditions making them Full Administrators, then after finishing the task
reinstating them as normal users.. but this.. well hmm
Thanks.
/ -
Authentication of portal users with uid on oid/ldap
All works fine with authenticating users created on DAS that have
dn: cn=%LDAP_USER%,cn=users,dc=edmunds,dc=com
When I migrated user to portal schema, the auth fails. The portal schema has user dn string
uid=%LDAP_USER%, ou=people, dc=edmunds, dc=com
I got this dn string from export to ldif file. The portal user can log in to DAS.
We are using HTMLdb 1.6 and I used
LDAP Host[LDAP Test Tool] at /htmldb/f?p=4000:802 to test the parameters.
How to make this uid dn work with AppEx?
Thanks.Kenny,
I would forget about using the is_member function for authentication until you achieve what you need directly with dbms_ldap. You can experiment with an anonymous block in SQL*Plus starting with this sample code until you can get the simple_bind_s to work with your parameters:set serveroutput on
declare
l_retval pls_integer;
l_retval2 pls_integer;
l_session dbms_ldap.session;
l_ldap_host varchar2(256);
l_ldap_port varchar2(256);
l_ldap_user varchar2(256) := 'FIRSTNAME_LASTNAME'; -- enter username in this format
l_ldap_passwd varchar2(256) := 'PASSWORD'; -- enter password
l_ldap_base varchar2(256);
begin
l_retval := -1;
dbms_ldap.use_exception := TRUE;
l_ldap_host := 'ldap-host.some-domain.com';
l_ldap_port := '389';
l_ldap_user := 'cn='||l_ldap_user||',l=amer,dc=oracle,dc=com';
l_session := dbms_ldap.init( l_ldap_host, l_ldap_port );
l_retval := dbms_ldap.simple_bind_s( l_session, l_ldap_user, l_ldap_passwd );
dbms_output.put_line( 'Return value: ' || l_retval );
l_retval2 := dbms_ldap.unbind_s( l_session );
exception when others
then
dbms_output.put_line (rpad('ldap session ',25,' ') || ': ' ||
rawtohex(substr(l_session,1,8)) || '(returned from init)');
dbms_output.put_line( 'error: ' || sqlerrm||' '||sqlcode );
dbms_output.put_line( 'user: ' || l_ldap_user );
dbms_output.put_line( 'host: ' || l_ldap_host );
dbms_output.put_line( 'port: ' || l_ldap_port );
l_retval := dbms_ldap.unbind_s( l_session );
end;
/Scott -
List of Portal users with the assigned Roles.....
Hello All,
I am working on EP6 SP9 and want to know from where can I get a list of all Portal users along with the assigned roles for each of them.
One way I found is by searching for all users in User Administration role and along with the searched users, there is also an icon for Assigned roles.
Apart from the above mentioned way, is there any other way by which I can get a direct list of the same. Is there a Java sample code for this.....?
Please help.
Awaiting Reply.
Thanks and Warm Regards,
Ritu R HunjanHi Ritu,
Yes it is possible to get the roles of the users. You can try the following java code.
package com.hcl.user;
import java.util.Iterator;
import java.util.Vector;
import com.sap.security.api.IRole;
import com.sap.security.api.IRoleFactory;
import com.sap.security.api.IRoleSearchFilter;
import com.sap.security.api.ISearchResult;
import com.sap.security.api.IUser;
import com.sap.security.api.IUserAccount;
import com.sap.security.api.IUserFactory;
import com.sap.security.api.UMFactory;
import com.sapportals.portal.prt.component.AbstractPortalComponent;
import com.sapportals.portal.prt.component.IPortalComponentRequest;
import com.sapportals.portal.prt.component.IPortalComponentResponse;
public class role_member extends AbstractPortalComponent {
public void doContent(
IPortalComponentRequest request,
IPortalComponentResponse response) {
try {
IUserFactory userfactory = UMFactory.getUserFactory();
IRoleFactory rolefactory = UMFactory.getRoleFactory();
IRoleSearchFilter rolefltr = rolefactory.getRoleSearchFilter();
rolefltr.setMaxSearchResultSize(2000);
ISearchResult result = rolefactory.searchRoles(rolefltr);
while (result.hasNext()) {
response.write("<table border=0>n");
String uniqueid = (String) result.next();
IRole role = rolefactory.getRole(uniqueid);
response.write("<tr><td bgcolor=Red>"+ role.getDisplayName()+ "</tr></td>n");
Iterator users = role.getUserMembers(true);
while (users.hasNext()) {
String unique_user = (String) users.next();
IUser user = userfactory.getUser(unique_user);
IUserAccount account[] = user.getUserAccounts();
response.write(
"<tr><td>" + account[0].getLogonUid() + "</tr></td>n");
response.write("</table>n");
response.write("</br>n");
} catch (Exception e) {
This code gives you the list of all the users of your portal along with the roles assigned to them.
Apart from this if you want you want to know all the roles assigned to the user on portal itself then the way you mentioned is the correct method.
Regards
Pravesh
PS: Please consider awarding points. -
Unable to map the portal user with back end user through web dynpro coding
Hi All,
I 've a portal user which is mapped to back end user by system in the portal.
i 'm able to get the portal user from web dynpro application.
But unable to get the mapped back end user
this is my code
String systemalias = "SAP_CRM_PROD";
Map mapattr = new HashMap();
// IPrincipal principal = (IPrincipal) request.getUser();
// get user user mapping information
IUserMappingData userMapping =
//(IUserMappingData) UMFactory.getUserMapping().getUserMappingData(systemalias, principal, mapattr);
(IUserMappingData) UMFactory.getUserMapping().getUserMappingData(systemalias,principal,mapattr );
// For testing purposes only
//mappingData = userMapping;
HashMap map = new HashMap();
userMapping.enrich(map);
mappedPassword = map.get(UMAP_KEY_PASSWORD).toString(); //String "user"
mappedUserId = map.get(UMAP_KEY_USER).toString(); /
following is the error reported .
The project was not built since its classpath is incomplete. Cannot find the class file for javax.xml.soap.SOAPMessage. Fix the classpath then try rebuilding this project.
please help.Hi Sanjay,
request component need to be initialized before using it. Include these lines before ur code.
IPortalComponentRequest request = (IPortalComponentRequest) this.getRequest();
String mappedPassword = null;
String mappedUserId = null;
Also check these threads for ur help.
Accessing Mapped Username / Password
How to access user id and password via UserMapping ?
Reward points for helpful answers.
Regards,
Harini S -
Create a portal user with a specific Organizational Unit in the OID??
I would like to split my portal users by Organizational Units in the OID.
e.g.:
ou=country1, cn=user1
ou=country1, cn=user2
ou=country2, cn=user3
is it possible?
is it possible trough the administer tab of Portal?
Any experience ?
feedback??
Thanks
DidierI think it is feasible.
But not through Administer tab.
Use your own api to add users (DBMS_LDAP.add_s + WWSEC_API.add_portal_user)
cn=user1, ou=country1, cn=user_search_base
cn=user2, ou=country2, cn=user_search_base
or maybe try to change dynamically user_create_base, I don't know if it is possible or not -
Terminate Portal User Login with JSessionID or MYSAPSSO2 Cookie
Dear All,
I know using Visual Administrator , we can terminate the session.
Is it possible for the administrator to terminate a logged in portal user with his/her JsessionID or MYSAPSSO2 cookie value or User Id programmatically.?
Is it possible for portal admin to forcibly exit (logoutl) an active user login without logging onto visual administrator?
Regards,
Eben JoysonThe only complete mitigation for session hijacking is to run the entire site as SSL. This is Oracle's recommendation if you need a complete mitigation solution. And example of an ATG site running in full SSL is Dennis Kirk (denniskirk.com).
The problem with doing so is that SSL (a) takes more processing power in the system running the client's browser and (2) incurs latency that degrades the perceived page performance. This is particularly true for consumers running Internet Explorer, where speed-up measures like SPDY are either incomplete or don't work. And for a hard core eComemrce site, slower page performance means that you make less money.
Most sites, including those that you mention, use a mixture of SSL and non-SSL pages to overcome this. They use non-SSL for those areas of the site where penetration does not have a material negative impact. Browsing catalog pages as an anonymous user, for example. If someone hijacks my session and I'm browsing the catalog anonymously, they're welcome to it. There's nothing private in my session. Even robots can access that content.
Once I login or go to pages where private information is being exchanged, then you have to secure the session. That's where the protocol switcher servlet comes in. As you authenticate, you switch the user to SSL.
I've tried a number of additional mitigation steps. Unfortunately I can't discuss them here at this time.
And none of the servlets that you mention have any benefit with mitigating session hijacking. -
Hi everyone, to use the portal with many users using the same portal user?
I have an another question is possible to use the portal with many users using the same portal user with diferent roles in the same time?
thanksHi Israel,
It is possible to have same user logged in through differnt terminals or browser windows. However if there are say 10 roles assigned to that user, all 10 will be visible in all the windows. However you may open and work on different roles.. in the different windows.
Note that the real time collaboration features shall not be available if the same user logs in multiple times.
Hope this is useful.
Regards,
Anagha -
Synchronize SAP Roles with IDM Roles
Hi, i have a question concerning SAP integration in IDM.
Is it possible to import the Roles from SAP (named Activity groups) in IDM? And how does the "synchronize identity system roles with resource roles" function work?
Thanks in advance!
gojoThe job synchronizes FND Users with the Workflow directory service (plus any other systems you specify). PER is a special case, and will only be synchronized with the Workflow directory service if they are associated with a user - otherwise the records are not included. If they have corresponding HZ_PARTY records, then these may be synchronized, but should not really be used for notifications, since there is no login mechanism for the users to view the notification sent to a party record.
HTH,
Matt
WorkflowFAQ.com - the ONLY independent resource for Oracle Workflow development
Alpha review chapters from my book "Developing With Oracle Workflow" are available via my website http://www.workflowfaq.com
Have you read the blog at http://thoughts.workflowfaq.com ?
WorkflowFAQ support forum: http://forum.workflowfaq.com -
Portal user issue - all users are viewing data of one particluar user...
Hi all,
we are implementing ess 1.0 on EP7.0 and using ecc6.0
Now, while creating Jco connection we had provided user id/pwd of a user in portal and assigned that user to an employee in backend r3 (say abc).(we followed the famous pdf available on sdn: Configuring the Business Package for Employee Self-Service (ESS) u2013 mySAP ERP 2004 by an HCL employee)
Now the Problem is:
whenever an xyz user logs in to portal with ess role, and views any data...say perosnal information, telephone no., address, etc than that xyz user sees all this data of the employee(abc) to whom we had mapped our user which was used while creating Jco connections.
infact if xyz tries to edit any data than it gets reflected to abc.
to genralise: any portal user with ess role logs in to portal is viewing/editing data of abc employee...which normally should not be the case.
plz try and help me resolve this issue...
Regards,
JJHi!
You have to configre your JCo Destionations to use Portal SSO.
Additionally in your HR Backend you have to maintain (I think it is) Info type 0105 (sub-type 001) and assign every personal number the appropriate UserID so that every user sees his own data.
A technical user is only needed for the JCo destinations dealing with metadata. The "real" JCo destinations performing RFC calls to the HR Backend can be configured to use Portal SSO.
For more details refer to http://help.sap.com/saphelp_nw70/helpdata/EN/44/45a04028f40160e10000000a1550b0/content.htm
Hope this helps!
Regards,
Volker -
Can't create user with 9iAS(1.0.2.1)
I did a fresh installation of 9ias(1.0.2.1) on a 8.1.7 EE database. Everything works fine until I need to create a Portal user. When I click "Create New users", I got a error window "Error: (WWC-00000)". If I click the "Back" icon on the top of the window, I got the same error window.
Has anyone else has created a new portal user with 9ias(1.0.2.1)?
Thanks for your help!
YoungI AM FACING THE SAME ERROR.
THE PROBLEM IS NOT JUST IN THE "CREATE USERS", I THINK THERE IS SOME SORT OF PROBLEM WITH THE "LOGIN SERVER", BECAUSE IF CONNECT TO " http://hostname/pls/portal30_sso, AFTER I INPUT THE LOGIN INFO I GET THE SAME "WWC-00000" ERROR.
WORKING WITH THE PORTAL ITSELF IS OK. ONLY THE FUNCTIONS RELATED TO THE LOGIN SERVER DO NOT WORK.
THIS IS A NEW INSTALLATION (8.1.7 SE + iAS 1.0.2.1 SE UNDER Windows2000).
ANY HELP WILL BE GREATLY APPRECIATED!!
REGARDS -
Wwsec_api add or modify portal user problem
Hi,
Has anyone been successful in using wwsec_api.modify portal user and set a date field? In our DB we have the default date format set to YY. We call the modify portal user with a 4 digit year (1989) and it gets inserted into the portal user table as 2089 (the current DB century). This is due to the fact of an implicit conversion to YY format since the P_DATE_OF_BIRTH paramter is varchar2. Does anyone know a way around this other than setting our default date mask to YYYY (which we cannot do).
Thanks,
Tom
nullHi, this isn't the wrong forum for your post, but you may get a faster response from the Login Server forum :-)
Maybe you are looking for
-
ITunes Lagging after replacing the Hard Drive
Hi Everyone - A recent purchase of a MacBook Pro 2.5 GHz Non-Glossy (12 days ago). Replacement of the HD from Hitatchi to Samsung 'Ultra Quiet' (my Hitatchi was making funky noises) Now when I open iTunes (or even Quicktime) to play music, there are
-
When I try to open editor I get an error message that I am not connected to the internet (which I am) or my computer clock is set incorrectly (which it is not).
-
Hi, we are trying to set define ACL for weblogic security for JSP and could't manage to do it. In the online documentation there are examples for servlets but not for html or jsp files. How have to be defined t
-
Dear Experts., Am created one query for retreving the data based on location and the document date in A/R invoice i write query in over demodatabase it getting exact report.. after that i write this query into Original database it getting error lik
-
Need help on how to file a complaint
I've never had to complain against a utility before - but on 9/30/10 I was given a price guarantee for 2 yrs for my landline by "chris" in Tampa, FL - and my bill keeps going up. I spoke with Andrea in Escalations today who told me that my bill can g