Synchronize portal users with R/3 automatically

Similar Messages

• Provisioning a user with a resource automatically doesn't work!!

  Hi Experts – IHAC trying to configure OIM to provisioning a user with a resource automatically (via OID connector).
  As reviewed, the membership rules (rules designer) and access policies already configured with correct param. So I would say everything should work fine.
  But when they create a new user with proper attribute. The resource didn’t perform an automate process as expected.
  In the log file show only 2 lines of error message.
  <Apr 25, 2013 2:49:46 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
  <Apr 25, 2013 2:49:47 PM ICT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
  However, manual add resource works well.
  Environment Info:
  - OIM 11gR1 (BP6)
  - OID Connector 9.1
  - AIX 7.1
  Is this consider as bug on AIX platform ? Or any inputs would appreciated.

  Just check if the rule satisfy, user is getting the role.
  --Hari                                                                                                                                                                                               

• Mapping between multiple portal user with single R/3 user

  Hi,
      It is possible to map  multiple portal user to the single R/3 user? If yes, than what is procedure to achieve it? It is possible to logon same time more than one portal user which is mapped with same R/3 user in production system?
  Thanks,
  Kundan

  you can always do that using user mapping in user admin->identity management
  where for each user details you get a tab  called user mapping.
  you have to create a R3 system in system admin and a give a system alias to it
  Use this system alias in user mapping /
  You can map multiple portal users with a single R3 user and can work parallelly.
  But make sure that you have proper license in doing that.
  Raghu

• Create new portal-user with webservice

  Hi,
  I'm trying to develop a ejb-webservice which is creating a new Portal-User.
  The webservice is working so far, I made methods like getDisplayName() which is returning the display name to a logonId and so on. All this is working. I'm using the component sap.security.api.sda for this.
  Problem: User-creation is not working. I think the problem might be, that a webservice is not authorized to create users? Or putting it in another way: Is it possible that a webservice is "logging in" at the portal, or sohehow authorizing itself?
  Thanks and regards
  Jan Hempel

  Hi Detlev,
  thanks for Your answer.
  It seems like that the problem was caused by using array-parameters in the webservice-method?!
  Strange, but after removing the array-parameter from the method it worked! Before the webservice never returned anything, not an error or anything else.
  Well, strange enough, but I can live with that.
  regards
  Jan

• Creating portal users with owner privileges?

  Hello,
  I need to let local adminstrators create users in the portal.
  This is based on instance-specific privileges, not global.
  Setting them to 'owners' of the group in the portal should let them add users.
  Once created and I log in as one of them I do not have the privileges of being an
  'owner', eventhough it's visible in the portal that I am an owner.
  Anybody?
  /

  Hi,
  To make the problem a little clearer.
  I want to have "local adminstrators" that can manage portal users i.e; delete, insert and update portal users.
  However I do not want these "local administrators" to be "Full administrators"- too dangerous.
  The "local adminstrators" should belong to the same group as the users they are set to administer. The
  only difference between a "local administrator" and a user of a group is that the "local administrator" have privileges
  to manage the other users of the group. If I have understood the concept right an owner have these privileges.
  I made them owners of the group, but this did not enable them to manage users.
  This must be a rather common approach, to have some users being able to administer other users without being a fullfledge DBA.
  Right now I'm looking into mapping them(the local administrators) to a different database schema with rights to manage users.
  I realize that to map them to another schema, then the checkbox "Use this schema for Portal Users" have to be checked when creating the
  schema. How do I check if this was checked and if it wasn't checked can I alter it now?
  Another thought is to dynamically upon meeting certain conditions making them Full Administrators, then after finishing the task
  reinstating them as normal users.. but this.. well hmm
  Thanks.
  /

• Authentication of portal users with uid on oid/ldap

  All works fine with authenticating users created on DAS that have
  dn: cn=%LDAP_USER%,cn=users,dc=edmunds,dc=com
  When I migrated user to portal schema, the auth fails. The portal schema has user dn string
  uid=%LDAP_USER%, ou=people, dc=edmunds, dc=com
  I got this dn string from export to ldif file. The portal user can log in to DAS.
  We are using HTMLdb 1.6 and I used
  LDAP Host[LDAP Test Tool] at /htmldb/f?p=4000:802 to test the parameters.
  How to make this uid dn work with AppEx?
  Thanks.

  Kenny,
  I would forget about using the is_member function for authentication until you achieve what you need directly with dbms_ldap. You can experiment with an anonymous block in SQL*Plus starting with this sample code until you can get the simple_bind_s to work with your parameters:set serveroutput on
  declare
      l_retval      pls_integer;
      l_retval2      pls_integer;
      l_session     dbms_ldap.session;
      l_ldap_host   varchar2(256);
      l_ldap_port   varchar2(256);
      l_ldap_user   varchar2(256) := 'FIRSTNAME_LASTNAME'; -- enter username in this format
      l_ldap_passwd varchar2(256) := 'PASSWORD';           -- enter password
      l_ldap_base   varchar2(256);
  begin
      l_retval                := -1;
      dbms_ldap.use_exception := TRUE;
      l_ldap_host               := 'ldap-host.some-domain.com';
      l_ldap_port               := '389';
      l_ldap_user               := 'cn='||l_ldap_user||',l=amer,dc=oracle,dc=com';
      l_session := dbms_ldap.init( l_ldap_host, l_ldap_port );
      l_retval  := dbms_ldap.simple_bind_s( l_session, l_ldap_user, l_ldap_passwd );
      dbms_output.put_line( 'Return value: ' || l_retval );
      l_retval2  := dbms_ldap.unbind_s( l_session );
      exception when others                                                                                                  
       then 
            dbms_output.put_line (rpad('ldap session ',25,' ')  || ': ' ||
                 rawtohex(substr(l_session,1,8)) ||     '(returned from init)');
            dbms_output.put_line( 'error: ' || sqlerrm||' '||sqlcode );
            dbms_output.put_line( 'user: ' || l_ldap_user );                                                        
            dbms_output.put_line( 'host: ' || l_ldap_host );
            dbms_output.put_line( 'port: ' || l_ldap_port ); 
            l_retval  := dbms_ldap.unbind_s( l_session );
  end;
  /Scott

• List of Portal users with the assigned Roles.....

  Hello All,
  I am working on EP6 SP9 and want to know from where can I get a list of all Portal users along with the assigned roles for each of them.
  One way I found is by searching for all users in User Administration role and along with the searched users, there is also an icon for Assigned roles.
  Apart from the above mentioned way, is there any other way by which I can get a direct list of the same. Is there a Java sample code for this.....?
  Please help.
  Awaiting Reply.
  Thanks and Warm Regards,
  Ritu R Hunjan

  Hi Ritu,
  Yes it is possible to get the roles of the users. You can try the following java code.
  package com.hcl.user;
  import java.util.Iterator;
  import java.util.Vector;
  import com.sap.security.api.IRole;
  import com.sap.security.api.IRoleFactory;
  import com.sap.security.api.IRoleSearchFilter;
  import com.sap.security.api.ISearchResult;
  import com.sap.security.api.IUser;
  import com.sap.security.api.IUserAccount;
  import com.sap.security.api.IUserFactory;
  import com.sap.security.api.UMFactory;
  import com.sapportals.portal.prt.component.AbstractPortalComponent;
  import com.sapportals.portal.prt.component.IPortalComponentRequest;
  import com.sapportals.portal.prt.component.IPortalComponentResponse;
  public class role_member extends AbstractPortalComponent {
  public void doContent(
  IPortalComponentRequest request,
  IPortalComponentResponse response) {
  try {
  IUserFactory userfactory = UMFactory.getUserFactory();
  IRoleFactory rolefactory = UMFactory.getRoleFactory();
  IRoleSearchFilter rolefltr = rolefactory.getRoleSearchFilter();
  rolefltr.setMaxSearchResultSize(2000);
  ISearchResult result = rolefactory.searchRoles(rolefltr);
  while (result.hasNext()) {
  response.write("<table border=0>n");
  String uniqueid = (String) result.next();
  IRole role = rolefactory.getRole(uniqueid);
  response.write("<tr><td bgcolor=Red>"+ role.getDisplayName()+ "</tr></td>n");
  Iterator users = role.getUserMembers(true);
  while (users.hasNext()) {
  String unique_user = (String) users.next();
  IUser user = userfactory.getUser(unique_user);
  IUserAccount account[] = user.getUserAccounts();
  response.write(
  "<tr><td>" + account[0].getLogonUid() + "</tr></td>n");
  response.write("</table>n");
  response.write("</br>n");
  } catch (Exception e) {
  This code gives you the list of all the users of your portal along with the roles assigned to them.
  Apart from this if you want you want to know all the roles assigned to the user on portal itself then the way you mentioned is the correct method.
  Regards
  Pravesh
  PS: Please consider awarding points.

• Unable to map the portal user with back end user through web dynpro coding

  Hi All,
  I 've a portal user which is mapped to back end user by  system in the portal.
  i 'm able to get the portal user from web dynpro application.
  But unable to get the mapped back end user
  this is my code
  String systemalias = "SAP_CRM_PROD";
  Map mapattr = new HashMap();
            //     IPrincipal principal = (IPrincipal) request.getUser();
  //   get user user mapping information
  IUserMappingData userMapping =
                 //(IUserMappingData) UMFactory.getUserMapping().getUserMappingData(systemalias, principal, mapattr);
                 (IUserMappingData) UMFactory.getUserMapping().getUserMappingData(systemalias,principal,mapattr );
  //                  For testing purposes only
                 //mappingData = userMapping;
                 HashMap map = new HashMap();
                 userMapping.enrich(map);
                 mappedPassword = map.get(UMAP_KEY_PASSWORD).toString(); //String "user"
                 mappedUserId = map.get(UMAP_KEY_USER).toString(); /
  following is the error reported .
  The project was not built since its classpath is incomplete. Cannot find the class file for javax.xml.soap.SOAPMessage. Fix the classpath then try rebuilding this project.
  please help.

  Hi Sanjay,
     request component need to be initialized before using it. Include these lines before ur code.
  IPortalComponentRequest request = (IPortalComponentRequest) this.getRequest();
  String mappedPassword = null;
  String mappedUserId = null;
  Also check these threads for ur help.
  Accessing Mapped Username / Password
  How to access user id and password via UserMapping ?
  Reward points for helpful answers.
  Regards,
  Harini S

• Create a portal user with a specific Organizational Unit in the OID??

  I would like to split my portal users by Organizational Units in the OID.
  e.g.:
  ou=country1, cn=user1
  ou=country1, cn=user2
  ou=country2, cn=user3
  is it possible?
  is it possible trough the administer tab of Portal?
  Any experience ?
  feedback??
  Thanks
  Didier

  I think it is feasible.
  But not through Administer tab.
  Use your own api to add users (DBMS_LDAP.add_s + WWSEC_API.add_portal_user)
  cn=user1, ou=country1, cn=user_search_base
  cn=user2, ou=country2, cn=user_search_base
  or maybe try to change dynamically user_create_base, I don't know if it is possible or not

• Terminate Portal User Login with JSessionID or MYSAPSSO2 Cookie

  Dear All,
  I know using Visual Administrator , we can terminate the session.
  Is it possible for the administrator to terminate a logged in portal user with his/her  JsessionID or MYSAPSSO2 cookie value or User Id programmatically.?
  Is it possible for portal admin to forcibly exit (logoutl) an active user login  without logging onto visual administrator?
  Regards,
  Eben Joyson

  The only complete mitigation for session hijacking is to run the entire site as SSL. This is Oracle's recommendation if you need a complete mitigation solution. And example of an ATG site running in full SSL is Dennis Kirk (denniskirk.com).
  The problem with doing so is that SSL (a) takes more processing power in the system running the client's browser and (2) incurs latency that degrades the perceived page performance. This is particularly true for consumers running Internet Explorer, where speed-up measures like SPDY are either incomplete or don't work. And for a hard core eComemrce site, slower page performance means that you make less money.
  Most sites, including those that you mention, use a mixture of SSL and non-SSL pages to overcome this. They use non-SSL for those areas of the site where penetration does not have a material negative impact. Browsing catalog pages as an anonymous user, for example. If someone hijacks my session and I'm browsing the catalog anonymously, they're welcome to it. There's nothing private in my session. Even robots can access that content.
  Once I login or go to pages where private information is being exchanged, then you have to secure the session. That's where the protocol switcher servlet comes in. As you authenticate, you switch the user to SSL.
  I've tried a number of additional mitigation steps. Unfortunately I can't discuss them here at this time.
  And none of the servlets that you mention have any benefit with mitigating session hijacking.

• Hi everyone, to use the portal with many users using the same portal user?

  I have an another question is possible to use the portal with many users using the same portal user with diferent roles in the same time?
  thanks

  Hi Israel,
  It is possible to have same user logged in through differnt terminals or browser windows. However if there are say 10 roles assigned to that user, all 10 will be visible in all the windows. However you may open and work on different roles.. in the different windows.
  Note that the real time collaboration features shall not be available if the same user logs in multiple times.
  Hope this is useful.
  Regards,
  Anagha

• Synchronize SAP Roles with IDM Roles

  Hi, i have a question concerning SAP integration in IDM.
  Is it possible to import the Roles from SAP (named Activity groups) in IDM? And how does the "synchronize identity system roles with resource roles" function work?
  Thanks in advance!
  gojo

  The job synchronizes FND Users with the Workflow directory service (plus any other systems you specify). PER is a special case, and will only be synchronized with the Workflow directory service if they are associated with a user - otherwise the records are not included. If they have corresponding HZ_PARTY records, then these may be synchronized, but should not really be used for notifications, since there is no login mechanism for the users to view the notification sent to a party record.
  HTH,
  Matt
  WorkflowFAQ.com - the ONLY independent resource for Oracle Workflow development
  Alpha review chapters from my book "Developing With Oracle Workflow" are available via my website http://www.workflowfaq.com
  Have you read the blog at http://thoughts.workflowfaq.com ?
  WorkflowFAQ support forum: http://forum.workflowfaq.com

• Portal user issue - all users are viewing data of one particluar user...

  Hi all,
  we are implementing ess 1.0 on EP7.0 and using ecc6.0
  Now, while creating Jco connection we had provided user id/pwd of a user in portal and assigned that user to an employee in backend r3 (say abc).(we followed the famous pdf available on sdn: Configuring the Business Package for Employee Self-Service (ESS) u2013 mySAP ERP 2004 by an HCL employee)
  Now the Problem is:
  whenever an xyz user logs in to portal with ess role, and views any data...say perosnal information, telephone no., address, etc than that xyz user sees all this data of the employee(abc) to whom we had mapped our user which was used while creating Jco connections.
  infact if xyz tries to edit any data than it gets reflected to abc.
  to genralise: any portal user with ess role logs in to portal is viewing/editing data of abc employee...which normally should not be the case.
  plz try and help me resolve this issue...
  Regards,
  JJ

  Hi!
  You have to configre your JCo Destionations to use Portal SSO.
  Additionally in your HR Backend you have to maintain (I think it is) Info type 0105 (sub-type 001) and assign every personal number the appropriate UserID so that every user sees his own data.
  A technical user is only needed for the JCo destinations dealing with metadata. The "real" JCo destinations performing RFC calls to the HR Backend can be configured to use Portal SSO.
  For more details refer to http://help.sap.com/saphelp_nw70/helpdata/EN/44/45a04028f40160e10000000a1550b0/content.htm
  Hope this helps!
  Regards,
  Volker

• Can't create user with 9iAS(1.0.2.1)

  I did a fresh installation of 9ias(1.0.2.1) on a 8.1.7 EE database. Everything works fine until I need to create a Portal user. When I click "Create New users", I got a error window "Error: (WWC-00000)". If I click the "Back" icon on the top of the window, I got the same error window.
  Has anyone else has created a new portal user with 9ias(1.0.2.1)?
  Thanks for your help!
  Young

  I AM FACING THE SAME ERROR.
  THE PROBLEM IS NOT JUST IN THE "CREATE USERS", I THINK THERE IS SOME SORT OF PROBLEM WITH THE "LOGIN SERVER", BECAUSE IF CONNECT TO " http://hostname/pls/portal30_sso, AFTER I INPUT THE LOGIN INFO I GET THE SAME "WWC-00000" ERROR.
  WORKING WITH THE PORTAL ITSELF IS OK. ONLY THE FUNCTIONS RELATED TO THE LOGIN SERVER DO NOT WORK.
  THIS IS A NEW INSTALLATION (8.1.7 SE + iAS 1.0.2.1 SE UNDER Windows2000).
  ANY HELP WILL BE GREATLY APPRECIATED!!
  REGARDS

• Wwsec_api add or modify portal user problem

  Hi,
  Has anyone been successful in using wwsec_api.modify portal user and set a date field? In our DB we have the default date format set to YY. We call the modify portal user with a 4 digit year (1989) and it gets inserted into the portal user table as 2089 (the current DB century). This is due to the fact of an implicit conversion to YY format since the P_DATE_OF_BIRTH paramter is varchar2. Does anyone know a way around this other than setting our default date mask to YYYY (which we cannot do).
  Thanks,
  Tom
  null

  Hi, this isn't the wrong forum for your post, but you may get a faster response from the Login Server forum :-)