User management infrastructure

Similar Messages

• Call for participation: OASIS Enterprise Key Management Infrastructure TC

  We would welcome your participation in this process. Thank you.
  Arshad Noor
  StrongAuth, Inc.
  To: OASIS members & interested parties
  A new OASIS technical committee is being formed. The OASIS Enterprise Key
  Management Infrastructure (EKMI) Technical Committee has been proposed by the
  members of OASIS listed below. The proposal, below, meets the requirements of
  the OASIS TC Process [a]. The TC name, statement of purpose, scope, list of
  deliverables, audience, and language specified in the proposal will constitute
  the TC's official charter. Submissions of technology for consideration by the
  TC, and the beginning of technical discussions, may occur no sooner than the
  TC's first meeting.
  This TC will operate under our 2005 IPR Policy. The eligibility
  requirements for becoming a participant in the TC at the first meeting (see
  details below) are that:
  (a) you must be an employee of an OASIS member organization or an individual
  member of OASIS;
  (b) the OASIS member must sign the OASIS membership agreement [c];
  (c) you must notify the TC chair of your intent to participate at least 15
  days prior to the first meeting, which members may do by using the "Join this
  TC" button on the TC's public page at [d]; and
  (d) you must attend the first meeting of the TC, at the time and date fixed
  below.
  Of course, participants also may join the TC at a later time. OASIS and the TC
  welcomes all interested parties.
  Non-OASIS members who wish to participate may contact us about joining OASIS
  [c]. In addition, the public may access the information resources maintained for
  each TC: a mail list archive, document repository and public comments facility,
  which will be linked from the TC's public home page at [d].
  Please feel free to forward this announcement to any other appropriate lists.
  OASIS is an open standards organization; we encourage your feedback.
  Regards,
  Mary
  Mary P McRae
  Manager of TC Administration, OASIS
  email: mary.mcrae(AT)oasis-open.org
  web: www.oasis-open.org
  a) http://www.oasis-open.org/committees/process.php
  b) http://www.oasis-open.org/who/intellectualproperty.php
  c) See http://www.oasis-open.org/join/
  d) http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ekmi
  CALL FOR PARTICIPATION
  OASIS Enterprise Key Management Infrastructure (EKMI) TC
  Name
  OASIS Enterprise Key Management Infrastructure (EKMI) TC
  Statement of Purpose
  Public Key Infrastructure (PKI) technology has been around for more than a
  decade, and many companies have adopted it to solve specific problems in the
  area of public-key cryptography. Public-key cryptography has been embedded in
  some of the most popular tools -- web clients and servers, VPN clients and
  servers, mail user agents, office productivity tools and many industry-specific
  applications -- and underlies many mission-critical environments today.
  Additionally, there are many commercial and open-source implementations of PKI
  software products available in the market today. However, many companies across
  the world have recognized that PKI by itself, is not a solution.
  There is also the perception that most standards in PKI have already been
  established by ISO and the PKIX (IETF), and most companies are in
  operations-mode with their PKIs -- just using it, and adopting it to other
  business uses within their organizations. Consequently, there is not much left
  to architect and design in the PKI community.
  Simultaneously, there is a new interest on the part of many companies in the
  management of symmetric keys used for encrypting sensitive data in their
  computing infrastructure. While symmetric keys have been traditionally managed
  by applications doing their own encryption and decryption, there is no
  architecture or protocol that provides for symmetric key management services
  across applications, operating systems, databases, etc. While there are many
  industry standards around protocols for the life-cycle management of asymmetric
  (or public/private) keys -- PKCS10, PKCS7, CRMF, CMS, etc. -- however, there is
  no standard that describes how applications may request similar life-cycle
  services for symmetric keys, from a server and how public-key cryptography may
  be used to provide such services.
  Key management needs to be addressed by enterprises in its entirety -- for both
  symmetric and asymmetric keys. While each type of technology will require
  specific protocols, controls and management disciplines, there is sufficient
  common ground in the discipline justifying the approach to look at
  key-management as a whole, rather than in parts. Therefore, this TC will
  address the following:
  Scope
  A) The TC will create use-case(s) that describe how and where
  the protocols it intends to create, will be used;
  B) The TC will define symmetric key management protocols,
  including those for:
  1. Requesting a new or existing symmetric key from a server;
  2. Requesting policy information from a server related to caching of keys on the
  client;
  3. Sending a symmetric key to a requestor, based on a request;
  4. Sending policy information to a requestor, based on a request;
  5. Other protocol pairs as deemed necessary.
  C) To ensure cross-implementation interoperability, the TC will create a test
  suite (as described under 'Deliverables' below) that will allow different
  implementations of this protocol to be certified against the OASIS standard
  (when ratified);
  D) The TC will provide guidance on how a symmetric key-management infrastructure
  may be secured using asymmetric keys, using secure and generally accepted
  practices;
  E) Where appropriate, and in conjunction with other standards organizations that
  focus on disciplines outside the purview of OASIS, the TC will provide input on
  how such enterprise key-management infrastructures may be managed, operated and
  audited;
  F) The TC may conduct other activities that educate users about, and promote,
  securing sensitive data with appropriate cryptography, and the use of proper
  key-management techniques and disciplines to ensure appropriate protection of
  the infrastructure.
  List of Deliverables
  1. XSchema Definitions (XSD) of the request and response protocols (by August
  2007) 2. A Test Suite of conformance clauses and sample transmitted keys and
  content that allows for clients and servers to be tested for conformance to the
  defined protocol (by December 2007)
  3. Documentation that explains the communication protocol (by August 2007)
  4. Documentation that provides guidelines for how an EKMI may be built,
  operated, secured and audited (by December 2007)
  5. Resources that promote enterprise-level key-management: white papers,
  seminars, samples, and information for developer and public use. (beginning
  August 2007, continuing at least through 2008)
  Anticipated Audiences:
  Any company or organization that has a need for managing cryptographic keys
  across applications, databases, operating systems and devices, yet desires
  centralized policy-driven management of all cryptographic keys in the
  enterprise. Retail, health-care, government, education, finance - every industry
  has a need to protect the confidentiality of sensitive data. The TC's
  deliverables will provide an industry standard for protecting sensitive
  information across these, and other, industries.
  Security services vendors and integrators should be able to fulfill their use
  cases with the TC's key management methodologies.
  Members of the OASIS PKI TC should be very interested in this new TC, since the
  goals of this TC potentially may fulfill some of the goals in the charter of the
  PKI TC.
  Language:
  English
  IPR Policy:
  Royalty Free on Limited Terms under the OASIS IPR Policy
  Additional Non-normative information regarding the start-up of the TC:
  a. Identification of similar or applicable work:
  The proposers are unaware of any similar work being carried on in this exact
  area. However, this TC intends to leverage the products of, and seek liaison
  with, a number of other existing projects that may interoperate with or provide
  functionality to the EKMI TC's planned outputs, including:
  OASIS Web Services Security TC
  OASIS Web Services Trust TC
  W3C XMLSignature and XMLEncryption protocols and working group
  OASIS Digital Signature Services TC
  OASIS Public Key Infrastructure TC
  OASIS XACML TC (and other methods for providing granular access-control
  permissions that may be consumed or enforced by symmetic key management)
  b. Anticipated contributions:
  StrongAuth, Inc. anticipates providing a draft proposal for the EKMI protocol,
  at the inception of the TC. The current draft can be viewed at:
  http://www.strongkey.org/resources/documentation/misc/skcl-sks-protocol.html
  and a working implementation of this protocol is available at:
  http://sourceforge.net/projects/strongkey for interested parties.
  c. Proposed working title and acronym for specification:
  Symmetric Key Services Markup Language (SKSML), subject to TC's approval or
  change.
  d. Date, time, and location of the first meeting:
  First meeting will be by teleconference at:
  Date: January 16, 2007
  Time: 10 AM PST, 1PM EST
  Call in details: to be posted to TC list
  StrongAuth has agreed to host this meeting.
  e. Projected meeting schedule:
  Subject to TC's approval, we anticipate monthly telephone meetings for the first
  year. First version of the protocol to be voted on by Summer 2007. StrongAuth is
  willing to assist by arranging for the teleconferences; we anticipate using
  readily available free teleconference services.
  f. Names, electronic mail addresses, of supporters:
  Ken Adler, ken(AT)adler.net
  June Leung,June.Leung(AT)FundServ.com
  John Messing, jmessing(AT)law-on-line.com
  Arshad Noor, arshad.noor(AT)strongauth.com
  Davi Ottenheimer, davi(AT)poetry.org
  Ann Terwilliger, aterwil(AT)isa.com
  g. TC Convener:
  Arshad Noor, arshad.noor(AT)strongauth.com

  Hi Bilge,
  did you put your text in a blender before sending it?
  I understood everything works fine except the miscellaneous menu item in the configuration tab of ERM?
  Have you already tried to clear all browser cache, close all browsers and try it again?
  Best,
  Frank

• User Management Service Item in Cisco Portal

  Hello,
  I am right now using the CIAC portal to perform simple tasks on my infrastructure and I would like to be able to add a user to a given group in AD.
  I have done the TEO process (with group and user parameters) and it works.
  I have done the service request (with the form, the fields, the category, etc.) and I can fill it.
  But I cannot figure out how to integrate these both elements through service link, with an agent and adapters.
  Does somebody knows how to do it? Or where I can find some step by step information to do it?
  Thanks by advance

  Hey David,
  I must have misunderstood your question as I thought you couldn't "...figure out how to integrate these both elements through service link, with an agent and adapters." - Starter Edition has a reusable approach.
  I'm interested in understanding where the user management features of Starter Edition aren't quite making your grade. The requirements driving Starter Edition's feature set are as they pertain to the enterprise as a private cloud deployment. Given this environment, the two primary deployment scenarios SE addresses are 1) no external user account data source (no directory integration), 2) external data source integration using one of the three types of directory servers supported by Cloud Portal. Scenario 2 two supports user authentication only and user authentication and authorization.
  Scenario 1 supports user and organization management using Cloud Portal as the data source. Scenario 2 supports a pre-populated data source under the premise that enterprises most commonly have a existing directory services they desire to integrate with the solution, which is to say that an uncommon and not natively supported scenario is one in which the enterprise has no existing user account data source, but has idle directory services they would like for the solution to populate with new user accounts created through he solution. Certainly, such a scenario may be supported by extending the solution.
  Let me know how you come along.
  Regards,
  Lee
  Sent from Cisco Technical Support iPhone App

• User Management via Web Services

  Hi,
  We are investigating building a user management application that will control user creation and management across a range of applications, including SAP ECC6 and BW.  The idea is to use web services to interact with the systems.  I have seen that a range of BAPIs exist for managing users (e.g. BAPI_USER_CREATE, BAPI_USER_CHANGE) - does anyone have any experience in using these BAPIs via web services that they would be willing to share?
  Thanks

  HI Colin,
  We did that successfully. It was webservice/infopath based Interactive . net form which would do user management and also Workflow funtionality. In summary from my experience
  - Initial cost would be cheaper, however ongoing maintainance on whole infrastructure should be considered.
  - SAP BAPI/FM/webservice development was very easy
  - Integration with Infopath was challange
  - Fronted development was pain as you would need other people to do that for you
  - Once operational, was very easy to managed
  - Future enhancement was limitless
  - Limitation of integration to other technology
  - Should only be justifiable in absence of IDM solution
  - Too much custom development
  - Change management in SAP was easy (Transport, testing, QA etc) however Infopath and Frontend change Management was not easy
  Let me know what other information you need. Finding BAPI's and designing in SAP is the easy part, you should think more about how you are going to deploy Webservice to end users.
  However if your IT department has more bucks to spend, think about more longer term solution and towards IDM or product such as GRC etc.

• Is it possible to switch from Office 365 online user management to Active Directory after Exchange online migration?

  If we utilize the Cutover method to migrate from on-premise Exchange (2007) to Office 365, which to my understanding will hand over user management/authentication to Office 365 online during the process, is possible to later switch from Office 365 user management
  to Active Directory (synced to a future local domain, or even possibly via AD federation single sign-on)? If so, how difficult is this process and is there any documentation available?
  Asking this because the organization  I'm working for plans to upgrade (re-do actually) its entire infrastructure. There will be a completely brand new domain/AD set up that's totally unrelated to the old one. At the same time, we also plan to migrate
  all emails (previously hosted locally on Exchange 2007) to Office 365 and get rid of local exchange. Now because we will set up new domain, we do not want to carry over the older AD to the cloud, hence we will not use the "Staged Migration". 
  So the plan is to to use "Cutover" migration first, which means all authentications will become Office 365 managed. That's fine for now. But later, after we set up our new domain and AD controller etc, we'd like to have Exchange Online switch back
  to syncing with our new on-premise AD. We'd also like to consider the AD Federation Services if it's not too complicated to set up.
  Your advice on this would be greatly appreciated!

  In principle, you cannot sync back from the cloud AD to the on-prem, yet. But you can take advantage of the soft-matching mechanism once you have the new AD in place:
  http://support.microsoft.com/kb/2641663
  Be careful though, as the moment you turn on Dirsync, all the matching users in the cloud will have their attributes overwritten. A very good idea is to do an 'export' of the cloud AD first, using the WAAD module for PowerShell and the Get-MsolUser cmdlets,
  which you can then use to compare or import data in the new on-prem AD. Some links:
  http://technet.microsoft.com/en-us/library/hh974317.aspx
  http://msdn.microsoft.com/en-us/library/azure/dn194133.aspx

• VPN user management via VMS

  I am using Catalyst 6500 IPSEC module for VPN remote access users. As far as I know you can manage VPN remote access users via CiscoWorks VMS if they are connected to a VPN3000 series concentrator.
  Is it possible to manage these users if they connect to IPSEC module the same way using VMS?

  HI Colin,
  We did that successfully. It was webservice/infopath based Interactive . net form which would do user management and also Workflow funtionality. In summary from my experience
  - Initial cost would be cheaper, however ongoing maintainance on whole infrastructure should be considered.
  - SAP BAPI/FM/webservice development was very easy
  - Integration with Infopath was challange
  - Fronted development was pain as you would need other people to do that for you
  - Once operational, was very easy to managed
  - Future enhancement was limitless
  - Limitation of integration to other technology
  - Should only be justifiable in absence of IDM solution
  - Too much custom development
  - Change management in SAP was easy (Transport, testing, QA etc) however Infopath and Frontend change Management was not easy
  Let me know what other information you need. Finding BAPI's and designing in SAP is the easy part, you should think more about how you are going to deploy Webservice to end users.
  However if your IT department has more bucks to spend, think about more longer term solution and towards IDM or product such as GRC etc.

• Differences between OA 11i and R12 on User Management

  Hi All,
  Please give some details about differences between OA 11i and R12 on User Management (Role Responsibilities and Role Based Access Control,etc).
  Please advise me on this regard.
  Moreover,I don't have any Metalink username and Password.
  Thanks

  New features introduced for User Management (UMX) in R12
  The following are the new features introduced in R12 for User Management (UMX):
  1)Proxy User:
  This new functionality:
  · Provides the delegator the ability to grant/revoke the proxy privilege to individuals
  · Provide a mechanism throughout the application’s framework where the user can access the proxy switcher feature
  · Provide a mechanism throughout the application’s framework which indicates to the user that they are acting as a proxy
  · Provide the ability to track the delegate’s actions within the system, while the delegate is acting on behalf of the delegator (Audit)
  Benefits of Proxy User:
  Ability to delegate proxy authority provides great security controls and Granular control of proxy authority is provided i.e delegate authority can be specified for date ranges
  2) ICM (Separation of Duties – SoD) Integration
  Oracle User Management is integrated with Oracle Internal Controls Manager (ICM) for the prevention, detection, enforcement, and resolution of separation-of-duties constraints during the assignment of roles by administrators to users.
  For example, a constraint (created using a set of ICM UIs) can be defined such that no user is allowed to have "Role A" and "Role B" at the same time. In such a case, anadministrator attempting to assign Role B to a user who already has Role A will be presented with a dialog page displaying the constraint violation information.
  At this point, the administrator can take one of two actions:
  • Go back to the role assignment page and remove the assignment that is causing the
  violation.
  • Override the constraint violation, if he has the "AMW: Allow SOD Violation
  Override" permission granted to him.
  With this permission, the administrator will see Apply and Cancel buttons on the constraint violation dialog page. Clicking Apply will override the constraint, and assign Role B to the user despite the warning. Clicking Cancel will cancel the save operation without granting Role B to the user.
  UMX integration with ICM is enabled according to the setting of site-level profile option "UMX: Enable ICM Validation". The default value is "Yes".
  3) Enhanced Forget Username/Password Functionality
  Forgot Username Functionality is Introduced in R12 along with Forgot Password. So now Users can query on either lost “username” or lost “password” Users should enter email address if lost username and enter username if lost password
  Users can now aslo reset username as part of email address verification instead of a two step process.
  4)New Registration Process Type for Administrator Role Assignment
  New Registration Process Type is introduced for type “Administrator Assisted Additional Access”
  Different policies (registration processes) can be used as administrative actions vs. self service requests for
  · Approval Routing
  · UI
  · Notifications
  · Business Logic
  Simpler registration processes can be created for self-service and administrator flavors
  Support for alternative approvals for administrator role assignment is also introduced.
  5) Security Wizard Infrastructure
  a)Security Wizard Infrastructure
  · Infrastructure for product teams to create their own security wizards in context of a role.
  · Product teams can create their wizards and seed relevant information
  · These wizards appear in list of security wizards available to the administrator when creating/updating role information
  b)New User Interface for Delegated Administration
  · Existing functionality(11.5.10) of delegated administration setup implemented using wizard infrastructure
  · Wizard guides the user through what options they can set for a delegated administration
  6) Search Enhancement for List of Value’s (LOV)
  Search Enhancements has been made in LOV’s in User management.
  a) All LOVs in User Management (UMX) are now searchable by
  · Role
  · Responsibility
  · Both
  · Internal Code
  b)A type included in the results – to differentiate roles and responsibilities

• OIM 9.1.0 with Database User Management: Connector Exception upon Connect

  Hi,
  I've been struggling with the Database User Management connector (9.0.4) with Sybase, following the steps word-for-word as per the documentation (Oracle® Identity Manager Connector Guide for Database User Manage Release 9.0.4; E10425-0; July 2009).
  When defining the IT Resource through the Install Connector wizard, I get the following when it does a connection test:
  14:51:52,795 ERROR [WEBAPP] Class/Method: CreateITResourceAction/testConnectivityForDataBase/ClassNotFoundException encounter some problems: No ClassLoaders found for: com.sybase.jdbc2.jdbc.SybDriver
  java.lang.ClassNotFoundException: No ClassLoaders found for: com.sybase.jdbc2.jdbc.SybDriver
  even though I've ensured jconn2.jar is in the ThirdParty directory, reflushed the cache, and restarted OIM; the connector still can't seem to load the driver.
  I've tried the database testing script with similar results.
  Any thoughts?
  Cheers
  Simon
  PS: I believe v5.5 of JConnect (as required by the OIM Connector) has been EOL'd and Sybase. They recommend you use v6.0 (v6 is jconn3.jar)), which from what I can see should work as com.sybase.jdbc3.jdbc.SybDriver; I tried that as well but had the same ClassNotFoundException.

  I've fixed it; needed to copy jconn2.jar into the $JBOSS_HOME/lib directory and restart the server.

• Can not launch user manager

  Hello,
  I just installed Lookout 6.0 , the OS is Windows 2000, and not install
  any NI's DSC module. When choose the menu Options>>user manager
  and trying to launch it , there always popup an error message : could
  not start the user manager. Please advise what is wrong and how to
  repair it. Thanks.
  David

  This may help you... 
  http://digital.ni.com/public.nsf/allkb/6ABE5C9554F285D386256E9B0066156E
  -Khalid

• SAPJSF user cannot log-on to the User Management Engine.

  We have a newly installed PI 7.0 system.
  SLDCHECK is succussful but if we go to the http://hostname:50100/sld - we are redirected to http://hostname:50100/logon/logonServlet?redirectURL=%2Fwebdynpro%2Fdispatcher%2Fsap.com%2Ftc%7Esld%7Ewd%7Emain%2FMain
  When we check the default.trc file, we see the error: User "SAPJSF" is the communication user for the connection between User Management Engine and the ABAP backend system SIDCLNTxyz. This user cannot log-on to the User Management Engine.
  The SAPJSF user is not locked in SU01.  This user is used by the JCO providers to connect to the gateway service.
  We opened Visual Administrator and navigated to Server0 -> Services -> UM Provider
  We changed the password  property at ume.r3.connection.master.passwd
  We then restarted the ABAP and J2EE engine.  But we still see this error.
  Any help to solve this issue is appreciate.
  Jay Malla

  Hi,
  Please, refer the link below. It says you cannot logon with SAPJSF user to J2EE engine for security reasons.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/4e/225b42eeb66255e10000000a155106/frameset.htm
  Thanks
  R.Murali

• User Management - How to submit Additional Access Request on behalf of employee

  User Management - how can we configure "Access Requests" so that Managers can submit Additional Access Requests, or Initial Access Requests on behalf of employee?
  Have looked at "Manage Proxies" but this seems to allow access to everything - not ideal
  Please assist with knowledge and/or experience
  Many Thanks
  Me

  Additional Access Request Registration Process is complete
  Giving access to User Management to users is not an option.
  What I would like is the scenario below - is this achievable?
  When employee goes to iProcurement > Preferences > Access Requests > Request Access | they can submit an access request on behalf of themselves.
  Would like an option where a manager, navigates to same UI as above, has option to choose a subordinate, and request additional access on their behalf
  The table UMX_REG_REQUESTS has columns REQUESTED_FOR_USER_ID & REQUESTED_BY_USER_ID - so it seems they don't have to be same person (manager can submit request on behalf of an employee)
  Can this be achieved through UI for "Access Requests"?

• Hiding fields in standard user management view

  Hi all,
  How to hide fields in user management views.
  Like in the create user view, suppose I want to hide the <b>additional information fieldgroup</b>. how can I do it?
  I have the par file and tried to comment the code which is related to the additional information field group. But when we try creating an iview from the new par(modified par-i changed changed the name ) I do not c the portal component called <b>create user</b>. I am a bit confused.
  Can anyone help me out regarding this.
  thanks,
  Paul

  Hi Paul
  Have a look at
  http://help.sap.com/saphelp_webas630/helpdata/en/d1/956f8b86b2a949913ed22d253e0012/content.htm
  and http://help.sap.com/saphelp_webas630/helpdata/en/91/646d498fd94142a37e90a3b848e45e/content.htm
  By setting the default values you can either have them displayed or hidden.
  Hope this helps,
  Regards
  Uma.

• BPC Mass User Management Tool in BPC 10.0 NW-Version Component Error

  Hi,
  We have a problem when importing request K900024.RBP and R900024.RBP.
  We changed the UJ_STRING in "DATA: lv_value TYPE uj_value" in the source code as recommended at BPC Mass User Management Tool in BPC 10.0 NW
  Unfortunately, when we try to import CSV files we receive a error message "BPC Version Component must be 800". Our is 801.
  Where can I find this files or its upgrades? Is there a SAP link?
  Can anybody help us?
  Best Regards,
  Ana Teresa

  Hi Ana,
  See note https://css.wdf.sap.corp/sap/support/notes/1861347.  You should solve this issue.
  Best Regards,
  Charlie

• Problem connection in OIM 9.1 with SAP user managment

  Hi!
  When I want to provision a sap user management resource to an user, it appeared this problem.
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Create User Request
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] userId :PRUEBA4803, userGroup:AUDITOR_ARG,lastName:prueba4803,firstName:prueba4803,userTitle:0003,langComm:S,department:,langLogIn:,timeZone:,telephone:,extension:,Fax:,email:,dateFormat:1,decimalNotation:Y,function:,roomNo:,floor:,building:,code:,commType:,alias:,startMenu:000,userType:A,sapUserId:,empId:PRUEBA4803,fromHRMS:
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Request
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] Inside XLSAPUTILITIES
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] SAP Create Connection Requesting****
  2008-07-30 14:50:52,587 INFO [XL_INTG.SAPUSERMANAGEMENT] START SAP Connection creation.
  It is strange because it was working all right since 3 months ago and in these 2 last weeks, it is frequently this problem. Sometimes it works sometimes it does not.
  Of course, I tried the connection between OIM and SAP, with the SAP login, and the connection is all OK.
  My oim vertion is 9.1 and the SAP User Management connector is 9.0.4.1.
  Did anybody have this problem before?
  Bye!

  Oh I forget, when I restart the application server, in my case the jboss, the problem is fixed. Strange...

• OIM 11g: Error Installing Sybase DBUM User Management 9.1.0.4 connector

  Hi All,
  While installing Sybase DBUM User Management 9.1.0.4 connector from OIM console, I get the following:
  While on Step 2 of the wizard (Connector Installation):
  - Configuration of connector libraries: passes
  - Import of connector XML Files (using deployment manager): FAILS
  The following error message appears:
  DOBJ.XML_IMPORT_ERROR
  Unresolved dependency{WIN=Reconciliation Manager}
  Operating System: Linux
  Thanks in advance for any ideas!

  which release of OIM are you using.
  Did you try to retry the installation of connector?
  If not then refrsh your OIM database and then install again.
  Seems like some earlier installation has kept some data in OIM DB.