UME in EP6.0

Similar Messages

• EP6.0 UME Email Notifications

  I have a quick question or two - hopefully someone can answer.
  When using the UME notifications to send emails to administrators and the user (for example password reset, lock, unlock etc) -
  1. Why will no email be sent if the user performing the action (administrator or otherwise) has no email address?  OK I know in theory this shouldnt be possible but some UME configurations (ABAP for example) dont enforce the email address rule.  This is true regardless of whether the system / admin email address have been set in config.
  2. For delete ONLY - the sending email address is ALWAYS the users own email address rather than the system / admin email address defined (as it is for every other action) ?
  Thanks
  Haydn

  Detlev,
  Thanks for the response - its just confirmed my thinking really - for Q2 it does seem a bit odd that this one would be singled out to be different .... It will become a bug I suspect when (and if) we actually decide to use that notification type ....
  For the Q1 - perhaps I wasnt 100% clear but I think you got the gist of it. 
  Assuming the UME has been configured with the system email address (that which appears as the sender in the mail) and the admin address (the email address of any arbitrary admin group who should also receive a mail) - all this works as expected (and indeed the end user gets the mail also) BUT ....
  If the person who was performing the admin action in the portal doesnt have an email address attached to his / her portal profile - no emails at all will be sent.  Fundamentally this shouldn't happen often I guess but if for example you use an ABAP UME - email address need not necessarily be mandatory - therefore the portal user doesnt have an email address.  This seems contrary to the other options where the system set email address is used if set. 
  I can understand the flip side to that - if there is no system email address set then it must use the email address of the person performing the action and if that were also blank then no email can be sent since it would be invalid.
  Haydn

• Install EP6 with XI 3.0 on the same WAS

  Hello,
  I've installed EP6 on the same Web AS that XI 3.0 is installed.
  I would like to know if it is ok to install EP6 that way ? can I connect EP6 to R/3 systems while it is installed that way ?
  Please Advice,
  Dimitry Haritonov

  Hello John,
  Finally I understood what was my problem.
  During the installation Web AS 6.40 (ABAP+JAVA) for XI 3.0, you choose a specific UME option that is suitable only for XI : "Use central ABAP system for users and groups".
  If you install EP6 on the same Web AS you won't be able to connect your portal to LDAP. In other words you won't be able to change data source (Portal->system Administration->System configuration->UM configuration->Data Sources ).
  note number : 718383
  I'd be glad if someone will add another info on the subject.
  Regards,
  Dimitry Haritonov
  Message was edited by: Dimitry Haritonov

• How to use company users on existing ldap server as EP6.0 sp2  Users?

  Hi everybody
  Our company user data is on a  LDAP server we want to connect our EP6  UME  to this existing LDAP server so that existing company users can access  the Portal with their company id and password. What configuration we should do on the portal ?
  thanks and regards
  Rajendra

  Hi!
  Look at Admin Guide:
  Administration Guide->Portal Platform->System Administration->User Management Configuration->Configuration of Data Sources Used for User Management->Defining an LDAP Directory as a Data Source
  WBR, Lnk

• UME: SAP R/3 system config

  I'm trying to set User authentication to SAP R/3 system, not load balanced system, on the User Management Configuration values: Client=601, Userid=sapjsf, Password=pwd, sys id=s01, Group and Message server= no values, Application server= IP addreess, Sys. number=00, Max pool=10, Max wait=10000.
  When testing connection, I got this message:
  (System ID): com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: Open file 'sapmsg.ini' failed
  (System ID & System Number): OK
  now, is this an error? where is and what values are needed at sapmsg.ini file? as our SAP R/3 is not a load balanced system.
  Did I miss any item for the setup, in dataSourceConfiguration_r3.xml? I made sure the SAPJSF "communication user" got the right sap role and authorizations,
  Portal version : EP6 SP2 PL22
  Regards,
  AAAttar

  Thanks Tan,
  Yes it was Undocumented fun, When leaving SystemId, Group and Message servers blank, I was able to connect, and map the BW WAS6.2 users.
  However R/3 4.6C user can not be referenced as an SAP UME for user logon directly, it must have a WAS6.2 or higher,
  http://help.sap.com/saphelp_ep60sp2/helpdata/en/9e/fdcf3d4f902d10e10000000a114084/frameset.htm
  Regards,
  AAAttar

• UME using SAP R/3 as Data Source

  Hi,
  We are trying to set User authentication to SAP R/3 system, not load balanced system, on the User Management Configuration values: Client=501, Userid=sapjsf, Password=pwd, sys id=RS1, Group and Message server= blank, Application server= server.company.com, Sys. number=00, Max pool=10, Max wait=300000.
  When testing connection, I get this message:
  (System ID): com.sap.mw.jco.JCO$Exception: (101) RFC_ERROR_PROGRAM: 'mshost' missing
  (System ID & System Number): OK
  Is this an error? since our SAP R/3 is not a load balanced system.
  Did we miss any item for the setup, in dataSourceConfiguration_r3.xml? The SAPJSF "communication user" got the right sap role and authorizations.
  Portal version : EP6 SR1
  Regards
  Huzaifah

  Hi,
  If u want to Use The SAP R3 System as Data source u may
  do it from config tool if u got following message.
  WARNING! You are not allowed to select dataSourceConfiguration_r3.xml as active configuration file.
  (For Portal Patch less than SP13 u must download two data source file which is attached with note - 718383
  and upload it to portal which is described in the note)
  the following are the procedure which i apply ,
  Go to System Administration -> System Configuration ->UM  Configuration
  Now Do not change Data source from Here.
  Make sure  your data source is "Database Only"
  (dataSourceConfiguration_database_only.xml)
  Now enter the following value under SAP System Tab.
  Client : - Your sap system client
  User:-  Sap user
  password: - password
  System language:- your system language
  Application server: - Host name or IP of sap system
  System Number : -  SAP instance number
  Maximum Size of Connection Pool : -  As per req.
  Maximum Wait Time in Milliseconds :- 10000
  Now, save the changes and shutdown the portal server.
  Using Config Tool change the data source. Run the following
  <drive:\> usr\sap\<sid>\JC<instance number>\J2EE\configtool\configtool.bat
  (Make sure the portal system is shutdown)
  Under Cluster Data -> Global Server Configuration -> services -> com.sap.security.core.ume.services
  Now find the key: -  ume.persistence.data_source_configuration     
  The default was : - dataSourceConfiguration_database_only.xml
  change the value to :- dataSourceConfiguration_r3.xml     
  click on set and from flie-> apply
  Now restart the portal server ur data source changer to SAP R3 System
  Regards,
  Kaushal

• Scheduled automatic upload of roles/user mapping from R/3 to EP6

  EP6.0 offers a nice tool to <b>upload roles</b> together with the <b>user mapping</b> from an R/3 backend system to the portal. This works very well, but in an environment where the user mapping happens on the backend system this <b>manual</b> process has to be repeated to keep the user mapping up to date.
  It would be very useful if this process could run in <b>batch mode</b> and could be <b>scheduled</b>. Does anyone has a solution for this problem?
  The way the portal user administration is designed works maybe very good for small companies, but for large companies with many users a <b>batch upload tool</b> is really needed!
  <b>People from SAP</b> have told me that they are thinking about such a tool, but the pressure from the customers is not high enough to put it on their project list. So maybe we can <b>unite forces</b> to increase pressure on SAP project management.

  Dear Krishna,
  There are a few solutions for this problem and we are investigating some of them now:
  - you can use an LDAP server. Transfer users and the groups to which they belong from the R3 system to LDAP. The groups correspond to the roles the users have. The portal can use the groups on the LDAP server. The portal roles have to be attached to the groups and not to the users.
  - we are also thinking about writing a JAVA program that automizes the manual role upload that SAP delivers in the portal. The KM part of the portal contains a scheduler which can be used to schedule the upload of uesr mappings from R3 to the portal.
  - you can also make an ABAP web service that is called from a program on the portal to transfer the usermapping. The program makes use of the UME API.
  - Or you can make an ABAP program on R3 that calls a JAVA program on the portal that makes use of the UME API to store the user mapping on the portal.
  your iview question:
  Maybe you can change the default setting for the preferred GUI in the master iview that is used for the creation of the iviews. When you create a new iview the portal creates a delta link based on the master iview., so when you change the master iview all new created iview based on the master iview will have the correct setting immediately.
  Best regards,
  Johan

• "Password has expired" for user created via UME API

  Hi,
  I have written a service that processes new user accounts and uses the UME API to create them. The code works fine on my local Sneak Preview installation of EP6 SP16, allowing the created users to logon and forcing them to change their password on first login.
  When I try and run this code on EP6 SP14 it completes without generating any exceptions but when I try and login I get the message "Password has expired" and cannot login or change the users password.
  Does anyone know why?
  I have the following UME settings for both servers:
  ume.logon.security_policy.password_change_allowed = TRUE
  ume.logon.security_policy.password_change_required = TRUE
  ume.logon.security_policy.password_expire_days = 99999
  The SP14 server also uses LDAP to authenticate users primarily  and has the following setting:
  ume.persistence.data_source_configuration = dataSourceConfiguration_ads_deep_readonly_db.xml
  There are some other UME configuration differences but none that seem relevant to this problem.
  Can anyone suggest what the problem might be?
  Cheers,
  Steve Archer

  The Xp machine is fine acessing the mb
  its the macbook that is having a problem accessing the xp machine coz it says that the password has expired
  but there is no password for the user on the xp machine that i am trying to access from my mb
  so that would be:
  xp to mb = fine all working
  mb to xp = password expired even though no password required for the xp user

• LDAP user authentication on EP6 built on NW04 abap+java

  Hello,
  Our customer insisted we install is EP6 system as a ABAPJAVA system. He asked that users login to the portal will be authenticated (username password) from their directory service via LDAP. Because the EP6 is built on a ABAPJAVA, and not only JAVA, I cannot use the portal or visual adiministrator tools to make the LDAP be the source User Management system.
  I have been looking all day in the sap online help and I do not see any instructions on how to configure user+password logon authentication via LDAP on an ABAP based UME system. The most I have managed was to setup the connection from the EP6 system to ldap via transaction LDAP and bring up the ldap connector.
  I need to know how to proceed from here.
  Thanks
  Boaz

  Hello,
  I add a notion that this configuration is not supported.
  However, please look at the following link, which relates to an ABAP system, I refer to the bolded section.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/aa/a17941601b050de10000000a1550b0/frameset.htm
  The following is mentioned in this link:
  The user password is not transferred from the SAP Web AS to the LDAP directory during the synchronization of the user data. You must therefore maintain the user password with one of the following options:
  You specify the passwords centrally in the LDAP server. The users must log on using the UME, are authenticated with the LDAP server, receive a logon ticket and can then access all systems with Single Sign-On. In this case, all systems must be configured so that they accept logon tickets.
  ·        You specify the passwords in a decentralized way, both in the CUA and in the LDAP directory (or in the UME). In this case, the CUA systems do not need to accept logon tickets.
  What is the meaning behind this?
  Thanks
  Boaz

• Change permissions for UME repository

  Dear friends,
         Is it possible to change permissions for the ume repository. By default, it has "Allow" permission for List Children and Read properties. I dont see any options to change permissions under Settings -> permissions. Does anyone here in this forum knows how can I achieve the same? I am actually trying to index the ume repository and the crawler fails. I was wondering if the repository needed to have a full control. So, I am trying to change the permissions.
  We are on EP6 SP13 (all components)
  Any help is appreciated,
  Thanks,
  Mandar

  Hello experts,
  any ideas?
  I need aswell to change the permission in the UME repository...
  Thanks in advance!
  Greets
  Thomas

• EP 6.0 and ABAP UME Issue

  Discovered a strange occurance when using EP6.0 SP19 with ABAP based UME.
  If you change the user details (email address for example) in SU01 - it is not reflected in the portal UME details BUT a change of the same users details in the portal UME is immediately reflected in the SU01 user record in the backend.
  I havent managed to arrange a UME restart yet to see if the new data is pulled through then but there must be a UME setting for this surely?  Some sort of UME cache setting?
  Anyone any ideas?
  Thanks........ Haydn

  Hi Haydn,
  Invalidating the cache should not force you to log on again, at least not in 7.0. I was able to try this this morning. (My coworker tells me that you might have a problem in your authschemes.) This is completely independent of the session management. When you log on the UME stores your user and the relevant groups, roles, actions, and account objects in the cache. These object then expire after an hour by default. The UME uses this cached information in most cases. If the information it requires is not cached, the UME gets the information it requires from the data source directly and stores it in the cache.
  See also: http://help.sap.com/saphelp_nw04s/helpdata/en/45/77e32308d072ace10000000a1553f7/frameset.htm
  -Michael

• CUA as data source for portal UME

  Hi all
  We want to use the CUA system as the data source for our EP6's UME.
  Obviously our end users do not login to the CUA system and therefore have no password to this system. It doesn't seem rational to provide them a password to this system, but then again which password will they use?
  I'm guessing that this is the case for most of the SAP customers.
  Does this mean that we can't use the CUA as the UME data source?
  If any of you use the CUA as the UME, we'd be very glad to hear your solution to this situation (we can't use one of the child systems as the UME).
  Thanks,
  Yeti

  Hi Yeti,
  My remarks below will not answer your question but it will help you with some decision on your UME data source.
  As far as I know, most Portal use LDAP as their main UME datasource. This is largely due to the fact that LDAP contains ALL the users that are "employee" of the company. As for CUA, it does not contain ALL your users which could pose a problem for you when you want to execute certain Portal functions (or management approval flows) which require users who does not exist in your CUA (but exist in LDAP).
  3 presentations which I think its good to have a look and share with....
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d5f57332-0a01-0010-12ab-dd472e87b8e6
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/c477de90-0201-0010-35ab-ddac4448ba9f
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/706065c4-3564-2a10-2382-a52fcbd7eefb
  But there are also setup that uses CUA as their UME. I have linked some of the past threads who use CUA as their UME. I hope they can shine some light to your question. You can do a search here in the forum with "CUA UME portal" and you will also find posts that can help answer your question.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/706d054d-da24-2b10-f18a-fc82faf6468e
  Solution Manager as a  source for Portal UME
  Multiple SAP Systems as UME
  EP
  Something to think about if you consider SSO with CUA as UME.
  how to sso between portal and abap
  Something more interesting to read about:
  LDAP connection from ABAP to Portal
  The above are base on my experience and the Portal setup which I have done for the company. But maybe there are better suggestions from other Portal guys,Experts,Gurus out here who will contribute to answer your question. 
  Hope that helps.
  Ray

• EP6 Role Assignment

  Hello,
  Scenario: portal uses an LDAP as its UM store in read only mode.
  As I understand it:
  Users and Groups are stored on the LDAP
  Roles are stored in the Portal database
  Is this correct so far?
  Secondly:
  Where is the actual User/Role or Group/Role assignment held? I believe it is also in the database. Is this right? If this is the case then usage of the UME API to programmatically do these assignments should be possible
  But what if either of these assignments are held in the LDAP does this mean that usage of the UME API to programmatically do these assignments will not be possible?
  Thanks
  Mr.T

  Hello,
     I'm assuming that you are talking about EP6.  Your understanding of the scenario is correct.  The actual User/Role and Group/Role assignments are stored in the database.  I would say your assumption about the UME API is correct but since I really don't know anything about the API, we will have to see if anyone else knows for sure.
  John

• Roles tab not working in USER MANAGEMENT OF EP6 SP9

  Hi
  I have successfully installed WAS 6.4 SP9 with EP6 SP9, TREX, KMC.  When I click on USERAdministration -> ROLES, Im getting an error in a Dialog box
    "Internet Explorer cannot open the Internet Site http://<hostname>:<port>/irj/portal". Operation Aborted
  I got the same error even after 3 times fresh installation.  During installation process I didn't encountered any error.
  Can anyone guide me in this.
  thanks
  raj

  as already said this is a problem with Portal SP9. There is a problem with the iview.
  You have two choices. Install a newer patch (patch 13).
  Or go directly to the WebAS Java start page
  http://
  There you can logon to the UME Interface ( a link is provided at the startpage) and assign roles to users or groups.
  The usermanagement is the same for portal and webas java so it should work - at least it did for me.
  Tell me if it works.
  Message was edited by: Dirk Jäckel

• Alternate api's in ep6.0

  hi
  Can someone tell me what are the alternate api's in ep6.0
  which we can use in place of the follwing ep5.0 api's
  com.sapportals.portal.security.usermanagement.AbstractBackendConnection
  com.sapportals.portal.security.usermanagement.IModifyLogonDataBroker
  Thanks in advance
  Subra

  Hi Ramachandra,
  sorry, it seems SDN interprets the comma after the link as part of the link. Here's the link again:
  https://media.sdn.sap.com/javadocs/NW04/SP12/ume/index.html
  Regards
  Heiko