User mapping certificate in UME (J2EE) with ABAP system as Backend (SNC)

Similar Messages

• User mapping when installing JAVA addin for ABAP

  Hi,
  I have installd SAP ABAP on a domain.
  As the ABAP went fine and successfully gets installed.
  When I am installing JAVA addon for ABAP it is throwing an error lke the users are not mapped.
  So can any one guide me where actually I should map the SAP users in a domain.
  Prashanth

  Your question is very vague, please post the full error.
  As this is a java add-in it should user ABAP as datasource so no user mapping should be required.
  User mapping is used where java and backend system use different datasources and the naming conventions are different...
  Theres not enough information here to give you an objective answer.
  Regards
  Juan

• Create a new user for oracle 10G ASM instance with sysdba system privilege

  Hi,
  In our Golden Gate Project, we require the SYS user credential to connect to the Oracle 10g  ASM instance to read the database transaction logs.But our client is not providing the SYS user credential to  connnect to ASM instance.
  I'm getting the error message "ORA-01109:  database not open",When I tried to create a new user using the  below the steps in oracle 10g ASM instance
  1. Login using "sqlplus / as sysdba"
  2. Create user <username> identified by <password>;
  But in oracle 11g ASM instance, I'm able to create new  user  by connecting the ASM instance with SYSASM role without issues.
  Is there is any workaround to create a new user with sysdba system privilege in oracle 10g ASM instance?.
  Thanks in advance .

  Hi,
  Recreate the password file for the ASM instance as follows:
  Unix:
  orapwd file=<ORACLE_HOME>/dbs/PWD<SID> password=<sys_password>
  Windows:
  orapwd file=<ORACLE_HOME>/database/PWD<SID>.ora password=<sys_password>
  Now sys password is reset, we are ready to use sys for ASM management. I decided to create another user ASMDBA as I tried above.
  SQL> create user ASMDBA identified by test01;
  User created.
  SQL> grant SYSASM, SYSOPER to ASMDBA;
  Grant succeeded.
  SQL> select * from v$pwfile_users;
  USERNAME SYSDBA SYSOPE SYSASM
  SYS TRUE TRUE TRUE
  ASMDBA FALSE TRUE TRUE
  Please see this link : http://orachat.com/how-to-change-asm-sys-password-creating-sysasm-user-11g/
  Thank you

• Ws adapter only works with ABAP system?

  Hello all
  I am working with PI 7.1. We have used ws adapter where the corresponding sender or receiver is ABAP system. Now we're trying to use ws sender adapter from Java.
  So ws CC and sender agreement is configured, wsdl is generated. In NWDS CE 7.1 we imported the wsdl, however when we tried to generate web service client from the imported wsdl (from context menu), we got error:
  IWAB0399E Error in generating Java from WSDL:  WSDLException (at /wsdl:definitions/wsdl:portType/wsp:Policy): faultCode=INVALID_WSDL: Encountered unexpected element 'Policy'.:
      WSDLException (at /wsdl:definitions/wsdl:portType/wsp:Policy): faultCode=INVALID_WSDL: Encountered unexpected element 'Policy'.:
      at com.ibm.wsdl.util.xml.DOMUtils.throwWSDLException(Unknown Source)
  Why is that? does it mean ws adapter only works with SAP ABAP system? Anybody used ws adapter with non-abap sender?
  Thanks
  Jayson

  Hi VJ,
  thank you so much for your information. However do you have any official SAP statement saying that? I need to have some kind of proof to show the high-level manager about this.
  Do you also mean that the receiver of ws CC must be also ABAP system?
  We basically can not use soap adapter, because RM is required in our scenario which is only supported by ws adapter, not soap adapter.
  Thanks
  Jayson

• How to get Maintenance_HDB certificate for BW Powered With HANA system.

  Hi,
  We need to install Maintenance_HDB license in order to install BI -CONT addon component on our newly installed BW Powered With HANA system. But we could not get Maintenance_HDB license, as we are able to get only Maintenance_ADA License for our system.
  The main clarification required here is while adding a new entry in SMP (Service Market Place) of BW Powered By HANA system, what is the product that needs to selected in order to get HANA as database. We did selected Netweaver 7.3 for which we were actually made to select MAXDB as database but not HANA.
  Thanks & Regards,
  Pavan Indrakumar

  Well even though it says your customer number is not authorized for HANA DATABASE license for BW, we can add HANA as database product under Netweaver 7.3 and proceed requesting for Maintenace License.
  Not sure about the exact criteria behind the license provisioning.

• SU01 or ABAP SYSTEM - User Language on Portal

  Dear All,
  I am working on Portal Framework - Masthead and Footer PCD files in JSP enivronment. Now, I have a requirement where I have to fetch the Language of User present in ABAP SYSTEM- SU01 transaction. Can anyone help me how to fetch this._ With some code or some way to tackle the condition?_
  Thanks,
  Roshan

  Hi Roshan,
  Check this thread - User mapping certificate in UME (J2EE) with ABAP system as Backend (SNC)
  Best Regards,
  Sen

• User Mapping to R/3 - admin.pwdprotection=false but still pwd field appears

  <br />
  Hello All,<br />
  I am doing SSO using user mapping to R/3 system from Portal as the ids are different for Portal and R/3.<br />
  I can access a transaction iview from R/3 successfully using user mapping(in SSO) but the problem is everytime a user changes his R/3 password, the mapped password is to be changed in Portal.Otherwise, unable to access transaction iview.<br />
  1) I have changed the property ume.usermapping.admin.pwdprotection=false in configtool but still in User Admin > User mapping for system access , the password field is populated and while accessing the R/3, the password is being verified. I have seen in another system where the password field is not being asked after modifying the property to false, only id field is present. From the end user, under Personalize > User Profile > User Mapping for system, no systems are present as expected for mapping. Logon method in system is uidpw and mapping type is "Admin".<br />
  Versions - Portal is NW7.0 SP18 and ECC is .0 EhP3.<br />
  anybody faced the same problem? Is there a note to fix it?<br />
  2)Also, in the User Admin > User mapping for system access , in the dropdown I can see the system aliases I have created in systems but not in System admin> sys config > Ume config > under User Mapping , I do not find any reference system. <br />
  After first restart it was not there, after some time it has come, later it was coming as configured but invalid beside the system in braces in dropdown like abc(configured but invalid). Once I unselected, now it is no more available in dropdown.<br />
  3) I have used diagtool to identify the problem. In the ticket, how do I see the mapped user?<br />
  I am seeing only the following details.From the log - <br />
  The created ticket is: <br />
  [ [Ticket [initialized]<br />
    Ticket Version  = 0<br />
    Ticket Codepage =  (Encoding=1100)<br />
    User = 121444<br />
    Issuing System ID     = EPD  ( Portal name)<br />
    Issuing System Client = 000<br />
    Creation Time = 200905150649<br />
    Valid Time    = 8 h 0 min<br />
    Signature (length=261 bytes)<br />
    InfoUnit id=32, name=portal_user, content=portal:121444, length=16<br />
    InfoUnit id=136, name=authscheme, content=basicauthentication, length=19<br />
    InfoUnit id=1, length=9<br />
    InfoUnit id=2, length=3<br />
    InfoUnit id=3, length=3<br />
    InfoUnit id=4, length=12<br />
    InfoUnit id=5, length=4<br />
    InfoUnit id=10, length=9<br />
  ]. <br />
  Authentication stack: [ticket].<br />
  <br />
  Does this have an entry for mapped user of target R/3 system also?<br />
  If I am not finding the userid/pwd in ticket, how is SSO working? based on user mapping only?<br />
  Thanks,<br />
  Isvarya<br />

  Thanks Anja for the quick response.
  My primary objective is to use SSO with logon tickets to backend which is independent of user passwords.
  regarding 1)
  From the link -
  http://help.sap.com/saphelp_nw70/helpdata/EN/f8/3b514ca29011d5bdeb006094191908/frameset.htm
  Features
  ●      Either users or administrators can perform user mapping.
  ¡        Users must always enter a password to validate their mapped user ID.
  This password is not stored, but is used to confirm that the user is entering a user ID with which he or she has access to the ABAP-based system.
  ○       Administrators can enter a password to validate their entries.
  The UME property ume.usermapping.admin.pwdprotection defines whether or not the administrator must enter a password. By default the administrator must enter one.
  is also in the same lines.
  But as per the SAP library link, I do not find a reference system  because of problem 2 in the initial post.
  Also, I have a screenshot of user admin where the password field itself is not present. If you can share your email id, I will send the scrnshot without pwd and mine with password.
  2)I have seen this note. But, none of the 3 cases mentioned are applicable to me..user mapping is working just fine..Only reference system is not populated. 
  3) Becuase of 1, I was expecting to see mapped id alone or mapped id along with system name in logon tickets.
  Thanks for the response.

• UME synch with CUA

  What are any issue with UME synch with ABAP CUA? If I have one CUA should I point all of my UMEs (Java instances to a single ABAP instance).
  Does anyone have any experience with CUA and java? What architecture issues should I be aware of>
  Thanks
  Mikie

  Theoretically you can do this for ABAP UME users, but there is a big "gotcha":
  Java systems don't have the same client concept as an ABAP system, and what is behind the ABAP role mapping on the Java side is not known to the ABAP system and may even differ.
  The consequence is that if you point multiple Java UME's to one ABAP CUA system's client dependent user store... then assigning a role to the user will assign it in all Java systems, depending on what is mapped behind it.
  Using a <SID> naming conventions for Java systems within the ABAP roles is not scalable and there are many standard roles anyway.
  A consideration I have heard of was to use a multiple of ABAP clients, one for each Java system, but that might not be scalable as a solution either unless you are sure you will only have limited number of Java landscapes and systems.
  Instead of trying to support such a workaround yourself, you will be better off looking into an IdM. See the thread at the top of the forum page about Identity Management (IdM).
  Cheers,
  Julius

• MYSAPSSO2 cookie format in J2ee and ABAP - NW7

  Hello
  I installed NW7 with ABAP + Java with system id DV1. I was able to configure the java and abap to issue ticket and to be accepted by other systems (DV2).
  If I login to the DV1 abap host using webgui url(integrated ITS), I am getting the MYSAPSSO2 cookie in the browser IE.  With this I am able to login to DV2 j2ee and also to ABAP.
  If I login to DV1 j2ee engine using the portal link, I am not seeing the MYSAPSSO2 cookie in the browser, but seeing JSESSIONID and with it still I am able to login to DV2.
  My question : Is the JSESSIONID exactly equal to MYSAPSSO2 ? If not how can I make the DV1 J2ee to issue MYSAPSSO2 cookie ? Thanks.
  SAPLearner

  Hi
  I am able to test and able to login to the other j2ee or abap system. But still not able to see the MYSAPSSO2 cookie issued by EP j2ee.
  DV1 - NW7 SP12 system ABAP + J2ee(with portal on it)
  DV2 - NW7 SP12 system ABAP + J2ee(with BI java)
  I have exported DV1's java and abap certificate to DV2, made it trusted and the the connection is working.
  When I login to DV1 j2ee using the url  http://<DV1fullhostname>.com:52200/irj/portal
  and getting the below in my browser
  SignOnDefault=<windows id>; JSESSIONID=(DV1host_DV1_22)ID2068173650DB0050916542928689590End; SAPPORTALSDB0=urn%253Acom.sapportals.appdesigner%253Aframework%2526isPersonalizeMode%3Dfalse; GWS_AUTO_LOGIN=FALSE; AbxUserLocale=en_US_STAFF; PortalAlias=portal; saplb_*=(DV1host_DV1_22)613943650
  With this above cookie I am able to login to DV2 j2ee http://<DV2fullhostname>.com:52500/nwa
  or abap http://<DV2fullhostname>.com:8025/sap/bc/gui/sap/its/webgui
  without any issue. In my browser I do not see MYSAPSSO2 cookie. Why is that?
  My login stack in j2ee is defined as below.
             1. Evaluate ticket
             2. Basic login modele
             3. Create ticket
  At the same time if I login to DV1 abap http://<DV1fullhostname>.com:8022/sap/bc/gui/sap/its/webgui  I can see the cookie MYSAPSSO2 in the browser and still able to login to DV2.
  Dont understand why my DV1 j2ee is not issuing MYSAPSSO2 cookie and issueing JSESSIONID ?
  Appreciate your reply
  SAPLearner

• About user mapping

  hello every one
  i have a question that is....
  we configuration users mapping between SAP portal and R/3 System.
  in this case, we know the user's IDs are "one to one" relationship.
  but some times, we have to integrate the more external system such as BI system or others.
  so how to map the users as "one to more" relationship in the portal?
  waiting for your reply.
  thinks !

  Ok, I will try:
  1. in System Administration > System Configuration > System Landscape create your own folder and a system there in - one for your R/3 backend, one for BI:
  http://help.sap.com/saphelp_nw70/helpdata/EN/ec/0fe43d19734b5ae10000000a11405a/frameset.htm
  Don't forget to test the connections.
  2. Enable User Mapping and maintain the mapping data for both systems:
  http://help.sap.com/saphelp_nw70/helpdata/EN/0d/fd76a0c4e0834ba1a17698d0b5553d/frameset.htm
  There are 2 ways to map users: by Administrator tool or the users shall enter their own data:
  http://help.sap.com/saphelp_nw70/helpdata/EN/b6/8b9aea8d7c11d5bdd8006094191908/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/EN/b6/8b9af08d7c11d5bdd8006094191908/frameset.htm
  3. Within Content Administration open the properties of the iView you would like to assign to a system. There you will find a property named 'System'. Choose the one with the correct user mapping for your context.
  Hope this clarifies to you.
  Cheers,
  Anja

• I am not getting any system in User Mapping..............

  Hi,
  I have created one user... But in my user
  Personalize > User Mapping > System drop down list i am not getting any systems....
  How can i solve this problem..
  please help me...
  Best Regards
  Ravi Shankar B

  Hai ravi,
                   After navigating from User Admin to User Mapping,
  In the Search , enter your userId and search it in Users.
  Your User Id will be displayed in the Table  With Edit Link.
  Now check the drop down List box at the right.
  Your System will be displayed.
  Before doing user mapping , Make sure that you have created system properly and gave all Connector and User Management Property Entries and Created System Aliases.
  Hope This Helps. Award Points if u find this use ful.
  Regards,
  Eben

• Business Role change made password deactivated or reset in ABAP systems.

  Hi,
  We recently made changes Business role by adding technical role but this changes has deactivated or reset password for assigned users who had Productive password in connected ABAP system.
  We have two type of users, one who access SAP Portal and ABAP with Single Sign on and second who login into Portal and ABAP with password.
  This BR change has impacted second type of users who had Productive password.
  Regards,
  Manish

  Hello Manish,
  you have marked the thread as "Assumed answered". Could you please share with the community the outcome of your OSS ticket with SAP, so that others can benefit, too? Then you can mark the post as answered. Right now the thread isn't really helpful to anyone (neither you nor the community).
  Also, if you answer Jai's questions, maybe we can help in solving your problem?
  Having several irons in the fire can't be bad, right?
  Regards,
  Steffi.

• No DSR- data transfer to ABAP- system

  Hello,
  DSR data were not transferred from J2EE to ABAP- system.
  I checked the Note 926590 "- DSR data is not displayed in transaction ST03G" but i can't find any errors
  for example:
  Service dsr started. (3203 ms). (std_server0.out)
  INFO: DSR: Dynamic Library dsrlib.dll (version 24) successfully loaded.  (sapccmsr.log)
  if i use the testprogram for display DSR- Data i get an error "it is an internal error occurred".
  Best regards
  Lutz

  Hi,
  Please go though Note 1090526 - No DSR data in ST03G and STATTRACE - Troubleshooting.
  Let me know if it helps.
  -roshan

• Portal UME in ABAP asking user mapping???

  Hi all,
  I've decided to configure portal UME beeing the ABAP UME in backend system. I Can create users in portal and SU01 and i can logon in both systems with the same user. Now i've a system to connect the MSS/ESS iviews and portal asks me for user credentials in R/3, why ? It is the same user !! Have I to configure anything more?
  Thanks for replys,
  Best Regards,
  Pedro Rodrigues.

  Hi Pedro,
  To my knowledge ESS/MSS iViews are connecting ICM server on ABAP side and, thus, BSP iViews (at least, some of them). To avoid requests for user credentials from ICM server you need to configure SSo between your J2EE (where Portal is installed) and ABAP systems.
  Here is the link that might be helpful for you:
  http://help.sap.com/saphelp_erp2005/helpdata/en/89/6eb8e7af2f11d5993700508b6b8b11/frameset.htm
  Also you can search in the SDN Weblogs for steps on how to configure SSO.
  Regards,
  Mike

• UME java mapping with ABAP

  Hi Experts
  I need to keep the users of my AS Java syncronized with some user in ERP.
  Thats means, when some user change some information in ABAP, i need to get this information and change in AS Java too, like email or password...
  I can't use CUA, and i can't use that function that syncronized ABAP user in AS Java automatically. There is another way to do it?
  Could somene help me?
  Best Regards
  Marcos Brandã

  Hi Martin
  Thanks for your response,
  When i was talking about the function that syncronized the user in abap and java, i was talking exactly about use ABAP user store as a source for UME. This solution doesn't wirk because the customer do not when activate this. He is worried about the performance and the information of the user in 2 diferent location, there is a lot of users in ABAP user store and he don't want this solution.
  I need to get just specific user to reply in Java stack user store. I kown how can i do it without get user password, but this do not resolve to me. I need the same user credencials in both systems.
  I will see th SPML / Idm and what kind of problems this solution brings to me, if this solve my problem, i will try to use it.
  There is another way, instead this two way? maybe get the encripted password, decript it and save in java user store with encription mecanism of ume?
  Best Regards
  Marcos Brandao