We need to give field-level authorization for some fields
The schenario is as follows :
1. There are various storage locations within a plant.
2. There is one or more people incharge of creating PO and receiving
stocks for every storage location.
3. We dont want to authorise the person incharge of one storage
location to receive stock in another storage location or even view the
other storage locations at the time of creating the PO or any other
transaction. The user incharge of one storage location should not be
able to view any other storage location in any storage location field's
drop down.
regards
Manish
+91 9811647727
Hi Umesh,
Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu." -> the pop-up "help - P_ABAP" appears.
There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
Object HR: Master data (P_ORGIN) (two authorizations)
Infotype 0002 ' '
Subtype * ' '
Authorization level R ' '
Organizational key ' ' 0001YYYYXXX
Object HR: Reporting (P_ABAP)
Report name SAPDBPNP
Degree of simplification 1
Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
Hope this help
Sarah
Similar Messages
-
"Low-level" authorizations for accessing BW reports - add users to role
Using the advice in Topic "Low-level" authorizations for accessing BW reports, I have been able to publish a query to a role that has 3 test users and each user gets the same query but with different data, as determined in the tables.
Is there a way to look up the users and e-mail addresses from a table and associate them to the role? We have several hundred e-mail recipients that will not need BW access, but only need an e-mail with a static report that contains data on their own territories.Hi!
i think programatically it might be complex. You got to maintain a seperate variant of report per user and use this variant to send mail. that means you need to maintain a variant and a Broadcast setting per user. once maintained you can use it any number of times the values will be recalculated everytime.
with regards
ashwin
<i>PS n: Assigning point to the helpful answers is the way of saying thanks in SDN. you can assign points by clicking on the appropriate radio button displayed next to the answers for your question. yellow for 2, green for 6 points(2)and blue for 10 points and to close the question and marked as problem solved. closing the threads which has a solution will help the members to deal with open issues with out wasting time on problems which has a solution and also to the people who encounter the same porblem in future. This is just to give you information as you are a new user.</i> -
AR I Need To Make Group or batch for some of transactions that imported ??
Hi,
In Receivables i need make a group or batch for some of invoices that imported from another system (Point of sales)
what functionality or responsibility make this function like batch but i need to import some invoice fo batch not create batch and create invoices
Thanks,
Mohamed GamalI think it's better to start with Ubuntu or another user-friendly distro than try your hand at Arch. A lot of the things you talk about reveal a lack of knowledge about the inner workings of Linux (no offense; that's just how it is). Linux distros are extremely modular, and GUIs are interchangeable. Aesthetics, therefor, are as well. You can install Ubuntu, OpenSuSE, Fedora and Arch and get them to look identical.
As for creating your custom distro, I am not sure distros would like you to strip logos and stuff (which, for consistency, at some point, might also involve copyrights - you do not want your boot logo to say 'Customix - (c) Ubuntu Canonical' or something).
If there are projects around that allow you to change the aesthetics (which seems to be mostly what you're after), then by all means use those . Hacking scripts etc. for consistency can be a tedious job, if you are not comfortable with command line tools. It will only be harder to (re)brand Arch since it comes with the minimal amount of branding required upstream.
The DE menus are ordered by XDG standards. It's fully automatic. If you want to change that, you need to hack the .desktop files.
Last edited by .:B:. (2012-01-16 19:51:01) -
Field level Authorization for IT0002
Hi All,
We have a requirement to control the authorization for the field NI Number/Social Security number from IT0002.
This field is getting displayed in various standard reports which are in use by administrators/Managers etc....
We want to disable the access of this field to every one, even the HR administartor.
Kindly suggest if this is possible using authorizations.
I know that we can hide the field in display access for PA20 or PA30, but I am particularly serching the option for various reports.
Regards,
Umesh Chaudhari.Hi Umesh,
Please see the documentations for authorization profile P_ABAP in the R/3 library and the following:
SU03 -> HR Human resources -> position your cursor to P_ABAP HR: Reporting -> choose button "Docu." -> the pop-up "help - P_ABAP" appears.
There is an example, which describes a similar issue regarding RPTIME00 and the Basic pay infotype (0008).
The standard reports of personnel administration are based on logical database PNP I would recommend to set your authorization as follows:
Object HR: Master data (P_ORGIN) (two authorizations)
Infotype 0002 ' '
Subtype * ' '
Authorization level R ' '
Organizational key ' ' 0001YYYYXXX
Object HR: Reporting (P_ABAP)
Report name SAPDBPNP
Degree of simplification 1
Please note, that if a user has authorization for e.g. the birthday list , (s)he will be able to view the birth date through thisquery, although (s)he cannot access to IT0002 through PA20.
Another possibility would be using Customer-Specific Authorization Object P_NNNNN. I have attached a file with a very comprehensive documentation regarding HR authorizations. P_NNNNN is documented on pages 40 ff.
Hope this help
Sarah -
Object level authorizations for deffirent user restrictions
Hi
i have 1 object, this object have only 3 values?
i need authorizations for this object at report level?
rsa1- i keep authorization relevant?
rsecadmin i can include this object , here i need give from value and to value? i have 3 values only? suppose user 1 want only 1 value? user 2 need 2 and 3 value? how can i restrict like this ? ple let em knowHi Suneel,
Go to RSECADMIN.
Here, in maintain authorizations, create authorization for your characteristics along with the special characteristics.
i.e. in your case, create authorization(assume 0plant is marked as authorization relevant)
0PLANT
0TCAACTVT
0TCAIPROV
0TCAVALID
Double click on each characteristic to assign them the authorized value set.
Thus, you will create two authorizations
Z_PLANT_1
0PLANT...................I..EQ..............1
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Z_PLANT_2&3
0PLANT...................I..EQ..............2
..............................I..EQ..............3
0TCAACTVT.............I...EQ..............3
0TCAIPROV.............I...EQ..........ZPROVIDER
0TCAVALID..............I...EQ...........*
Go to RSECADMIN again in user tab in assignment, assign these authorizations created to the respective users.
Like assign User1 -
>Z_PLANT_1
................User2 -
>Z_PLANT_2&3
Refer the link below for more information
[Analysis Authorization|http://help.sap.com/saphelp_nw70/helpdata/en/66/019441b8972e7be10000000a1550b0/frameset.htm]
Hope this helps,
Best regards,
Sunmit. -
Plant level authorization for Notification Change
Hi All
We have 7 plants and person belong to one plant is able to open and change the notification of other plants.
In the role we have given restriction for the plant for the Tcode IW 22 and for the object SWERK .In the Notification only Workcenter and Plant fields are mandatory.
How can we restrict for a user belong to a particular plant can only change his plant notifications using IW22 only ---not IW28
Thanks in advance
gangsDear gangs,
Check in all the roles of that user in orgnozation levels maintenance plant and planning plant.
It may happen in one role you have ristricted for that user, but in other roles it may be having the t.code authorization for IW22 and with other plant also.
Check that also.
Regards,
Praveen. -
BI7 InfoObject Value Level Authorization for Queries
Hi Guys/Gals,
this is my requirement.....
we have a HR ODS which has personal information of employees from 72 Companies.
we have a query based on this ODS ....
My requirement is when User A runs the query only data from Company A must be displayed...
and when User B runs the same query only data from Company B must be displayed....
no pop-ups for the company code .....
i posted this question yesterday & got a few replies....i tried them out... but there is this issue...
i used the RSECADMIN & created the AO which includes the 0COMP_CODE....
then i added it to the role using PFCG....
when i add the AO i created in the " BI Analysis Authorizations: Na " section...
the query gives a "no authorization" error.....
then one of u guy asked me to add it in to the
"SAP Business Information Warehouse - Reporting" section,,,, so i did that....
but unless i also add " BI Analysis Authorizations: Na " with * the query doesn't work....
and when i add " BI Analysis Authorizations: Na " with * &
"SAP Business Information Warehouse - Reporting" with the AO i created...
the filter doesn't work... it displays all the data
please help me.....Hello Christopher,
your thread is a little bit confusing and unclear. I just had a look at the other two threads you posted and here are my comments:
Prerequisite for the use of BI 7.0 analysis authorizations:
- each user needs authorizations for the three special dimensions (0TCAACTVT, 0TCAIPROV and 0TCAVALID) otherwise queries won't run!
As a consequence you will have to create analysis authorizations like this:
<b>ZCOMP_1000</b>
0COMP_CODE<i> I EQ</i> 1000
0TCAACTVT <i>I EQ</i> 03
0TCAIPROV <i>I EQ</i> your HR DSO
0TCAVALID <i>I EQ</i> *
<b>ZCOMP_2000</b>
0COMP_CODE<i> I EQ</i> 2000
0TCAACTVT <i>I EQ</i> 03
0TCAIPROV <i>I EQ</i> your HR DSO
0TCAVALID <i>I EQ</i> *
You can then assign these authorizations directly to your specific users using RSU01 or you will create a role and add the authorization object S_RS_AUTH with value ZCOMP_1000 and another one that contains S_RS_AUTH with value ZCOMP_2000.
Of course your users will need authorizations for standard reporting such as S_RFC, S_RS_COMP, S_RS_COMP1.
S_RS_ICUBE, S_RS_ODSO, S_RS_MPRO, S_RS_ISET are not necessary any more for reporting because they were replaced by 0TCAIPROV in the analysis authorization.
Finally the query selection must be COMPLETELY be a part of the user's authorizations. This is best done by an query variable that is filled from the user's authorizations at runtime.
Good luck,
Petra -
Object level authorizations for reports
HI
I have 20 charactesr in cube , around 15 have navigational attributes.
i need to give authorizations for 5 objects only .( navigational attributes).
i have 10 reports, i need 2 reports only authorizations relavant.
if i restrict 5 objects authorizations , its effect all queris? in this scenerio i need to create 2 cubes?
ple let me knowhi suneel,
As you said you require authorization for 2 reports, you can restrict those Infoobjects with the authorization variables and in the other 3reports use that object but do not restrict to the authorization variables..
So, the user will be able to see whole data for 3 reports where authorization is not used.
Hope it is clear.
Thanks
Lavanya -
Need to give access to users for report painter query without GR55
Hi,
I need to create a transaction code for a query created using report painter. We do not want to give access to user for GR55.
Please help us in achieveing this one or any other way to execute report without GR55 access.
Regds,
Servesh
Moderator: Please, search before posting - it has been answered several timesHi,
You can create the transaction the same using SE93 transaction code.
Also see the below link for detailed rocess:-
[http://home4sap.com/Blog/2009/08/how-to-create-a-transaction-code-for-report-painter-reports/]
Regards,
Gaurav -
Object level authorization for SLT Configuration schema in HANA DB
Hi All,
We have connected SLT with HANA DB (& ECC as source system).
Now for certain users we wanted to restrict the access for certain tables ( tables owned by SLT Schema, i.e schema created in HANA DB with the configuration name provided in the SLT configuration).
With the SYSTEM user object level authorization's of another schema is not possible hence , an error is thrown when we are trying to provide/control the access of single table for a user.
Is it ok that we generate a password for SLT schema and try login with schema owner. Is it the best practice or Is there any other way around.
Regards,
KumarHi Santosh,
You can find more info about SLT Roles and Authorization from below security guide.
http://help.sap.com/hana/SAP_HANA_Security_Guide_Trigger_Based_Replication_SLT_en.pdf
Regards,
V Srinivasan -
Second Level Authorization for ESS
Hi,
I have an issue regarding ESS . The requirement is to provide a second level authorization when anybody clicks on the content in ESS. i,e a logon screen. On successful authentification the user has to see the required info. We should also be able to provide a 5 min idle time out. Can anybody help me with this.
Thanks,
AbhishekAbhishek, Did you find any solution for second level authentication for ESS?
-
Object level checking for some of the basis tcodes(internal audit)
Hi masters,
in our company every month we check access controls for some of basis tcodes,i am giving it below,is the selection for Tcode and object level values combinations are correct or is there any modifications please notify.
Tcodes Imp Auth Objects Auth fields Auth values
SCC1 S_CLNT_IMP Actvt 21,60
S_TABU_CLI CLIIDMAINT X
SCC4 S_TABU_CLI CLIIDMAINT X
S_TABU_DIS Authorization Group *
Actvt 01,02
SCC5 S_CLNT_IMP Actvt 21,60
S_TABU_CLI CLIIDMAINT X
SCC7 S_TRANSPRT Request type *
Actvt 43,60,75
S_CLNT_IMP Actvt 21,60
SCC8 S_DATASET PROGRAM *
Actvt 06,34,A7
S_TRANSPRT Request type *
Actvt 43,60,75
SCC9 S_TABU_CLI CLIIDMAINT X
S_CLNT_IMP Actvt 21,60
SCCL S_TABU_CLI CLIIDMAINT X
S_CLNT_IMP Actvt 21,60
SCU0 S_TABU_DIS Authorization Group SS
Actvt 01,02
S_TABU_RFC Actvt 3
OBR1
SM01 S_ADMI_FCD TLCK
SM04 S_ADMI_FCD PADM
SM12 S_ENQUE S_ENQ_ACT DPFU,DLOU
SM13 S_ADMI_FCD UADM,UMON
SM50 S_ADMI_FCD PADM
SM54 S_ADMI_FCD NADM
SM55 S_ADMI_FCD NADM
SM56
SM59 S_ADMI_FCD NADM
RFCA
SMLT S_LANG_ADM Actvt 02,16,61
Table *
SPAD S_SPO_DEV SPODEVICE *
SP01 S_SPO_DEV SPODEVICE *
S_ADMI_FCD SP01,SP0R
ST01 S_ADMI_FCD ST0M,ST0R
ST05 S_ADMI_FCD ST0M,ST0R
RZ04 S_RZL_ADM Actvt 1
RZ06 S_RZL_ADM Actvt 1
RZ10 S_RZL_ADM Actvt 1
RZ21 S_RZL_ADM Actvt 1
S_BTCH_JOB JOBGROUP *
JOBACTION DELE,RELE
SM49 S_LOG_COM Command *
Opsystem *
Host *
S_RZL_ADM Actvt 1
SM69 S_RZL_ADM Actvt 1
SM63 S_RZL_ADM Actvt 1
SMLG S_RZL_ADM Actvt 1
SE16 S_TABU_DIS Authorization Group *
Actvt 01,02
SM30 S_TABU_DIS Authorization Group *
Actvt 01,02
SM31 S_TABU_DIS Authorization Group *
Actvt 01,02
SPRO S_PROJECT PROJECT_ID *
APPL_COMP *
PROJ_CONF *
Actvt 02,06
S_DOKU_AUT DOKU_ACT MAINTAIN
DOKU_DEVCL *
DOKU_MODE *
SPRO_ADMIN S_PROJECTS APPL_COMP *
PRCLASS *
Actvt 01,70
S_PROJECT PROJECT_ID *
APPL_COMP *
PROJ_CONF *
Actvt 02,06
PFCG S_USER_AGR ACT_GROUP *
Actvt 01,02
S_USER_PRO Actvt 01,02
PROFILE *
SM19 S_ADMI_FCD AUDA,AUDD
SU01 S_USER_AGR *
01,02
S_USER_GRP Class *
Actvt 01,02
SU02 S_USER_PRO Profile *
Actvt 01,02
SU03 S_USER_AUT OBJECT *
AUTH *
Actvt 01,02
S_USER_PRO Profile *
Actvt 01,02
SU05
SU10 S_USER_GRP Class *
Actvt 01,02
SU12 S_USER_GRP Class *
Actvt 01,02
SU20 S_DEVELOP DevClass *
ObjectType SUSO
ObjectName *
P_Group *
Actvt 01,02
SU21 S_DEVELOP DevClass *
ObjectType SUSO
ObjectName *
P_Group *
Actvt 01,02
SU22 S_DEVELOP DevClass *
ObjectType SUST
ObjectName *
P_Group *
Actvt 01,02
CMOD S_DEVELOP DevClass *
ObjectType CMOD
ObjectName *
P_Group *
Actvt 01,02
SA38 S_PROGRAM P_Action SUBMIT,BTCSUBMIT
P_Group *
SD11 S_DEVELOP DevClass T,Y,Z*
ObjectType UDMO,UENO
ObjectName *
P_Group *
Actvt 01,02
SE11 S_DEVELOP DevClass T,Y,Z*
ObjectType DOMA,DTEL.ENQU
ObjectName *
P_Group *
Actvt 01,02
SE12 S_DEVELOP DevClass T,Y,Z*
ObjectType DOMA,DTEL.ENQU
ObjectName *
P_Group *
Actvt 01,02
SE13
SE14 S_DEVELOP DevClass T,Y,Z*
ObjectType INDX.MCID,TABL
ObjectName *
P_Group *
Actvt 01,02
SE15 S_DEVELOP DevClass *
ObjectType *
ObjectName *
P_Group *
Actvt 3
SE37
SE38 S_DEVELOP DevClass T,Y,Z*
ObjectType FUGR,PROG
ObjectName *
P_Group *
Actvt 01,02
SE93 S_DEVELOP DevClass T,Y,Z*
ObjectType TRAN
ObjectName *
P_Group *
Actvt 01,02
SE41 S_DEVELOP DevClass *
ObjectType *
ObjectName *
P_Group *
Actvt 01,02
SE43 S_DEVELOP DevClass *
ObjectType *
ObjectName *
P_Group *
Actvt 3
SE43N S_DEVELOP DevClass '
ObjectType '
ObjectName '
P_Group '
Actvt 01,02
SE51 S_DEVELOP DevClass T,Y,Z*
ObjectType FUGR,PROG,DYNP
ObjectName *
P_Group *
Actvt 01,02
SE80 S_DEVELOP DevClass T,Y,Z*
ObjectType *
ObjectName *
P_Group *
Actvt 01,02
SE81 S_DEVELOP DevClass *
ObjectType *
ObjectName *
P_Group *
Actvt 01,02
SE82 S_DEVELOP DevClass Y,Z
ObjectType APPLTREE
ObjectName *
P_Group *
Actvt 01,02
SE91
SE92
SE92N
SNRO S_NUMBER NROBJ *
Actvt 02,17,11
SQ00 S_QUERY Actvt 02,23
SQ01 S_QUERY Actvt 02,23
SQ02 S_QUERY Actvt 02,23
SQ03 S_QUERY Actvt 23
SQVI
SM35 S_BDC_MONI BDCAKTI ABTC,AONL,DELE
SM35P S_BDC_MONI BDCAKTI ANAL
SM36 S_BTCH_ADM BTCADMIN Y
SM37 S_BTCH_JOB Jobaction PROT,SHOW
Jobgroup *
SM39
SM62
SM64 S_BTCH_ADM BTCADMIN Y
SE01 S_CTS_ADMI CTS_ADMFCT EPS1,EPS2,PROJ
S_TRANSPRT Actvt *
Ttype *
SE06 S_C_FUNCT PROGRAM SAPLSTRF,SAPLSTRI
CFUNCNAME SYSTEM
ACTVT 16
S_TRANSPRT Actvt 43,60,65
Ttype *
SE09 S_TRANSPRT Actvt 43,60,65
Ttype *
S_CTS_ADMI CTS_ADMFCT EPS1,EPS2,PROJ
SE10 S_TRANSPRT Actvt 43,60,65
Ttype *
S_CTS_ADMI CTS_ADMFCT *
SPAM S_CTS_ADMI CTS_ADMFCT IMPA,IMPS
S_TRANSPRT Actvt 43,60,65
Ttype PATC,PIEC
STMS S_CTS_ADMI CTS_ADMFCT *
S_RFC Actvt 16
RFC_NAME EPSF,STPA
RFC_TYPE FUGR
Edited by: rameshbabu muddana on Mar 2, 2009 10:56 AMhi,thanks for reply "you should not care about the transaction start s_tcode at all - only check the object required"
It has made manditory policy to check for users and roles every month with given criteria of Tcode and object,now i have been given the task to check the combination of Tcode and object value combination are correct or not,please validate the combinations and suggest,we are using ECC 5.0,i had gone through wild card use (#) when we check in SUIM,i am getting confused that when i give # followed by value, data i am getting different from without #.please provide an example for SE16 with S_TABU_DIS
how to check?
i am checking in this way
S_TCODE SE16
S_TABU_DIS
Activity
Value 01or 02
Authorization Group
Value #&NC& -
We have a SharePoint Enterprise 2013 system at RTM level. We've installed Workflow Manager 1.0 by following the steps at
http://technet.microsoft.com/en-us/library/jj658588.aspx. For the final step of Validating the Installation we created a simple list-level workflow and verified that the workflow
is invoked successfully. This is working successfully, but only for a single user. If other users in the same site collection try to invoke the workflow on this same list we get the ULS Log Error:
Claims Authentication af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.SharePoint.SPException: The specified user or domain group was not found. --->
System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
followed by:
Failed to issue new security token. Exception: Microsoft.SharePoint.SPException: The specified user or domain group was not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
(as details below).
All accounts that are attempting to use the Test Workflow (both working and non-working user accounts) are valid AD accounts and are included in the User Profile Sync that runs nightly. All have Contribute or Design permission level (and for testing,
Full Control).
What could cause the Claims Authentication to fail when certain users attempt to launch the workflow?
Thank you for your response.
Jim Mac.
08/29/2013 10:22:51.94 w3wp.exe (0x2020) 0x26D8 SharePoint Foundation
Claims Authentication af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.SharePoint.SPException: The specified user or domain group was
not found. ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType,
Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity,
SPClaim loginClaim) --- End of inner exception stack trace --- at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdent... 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94* w3wp.exe (0x2020) 0x26D8 SharePoint Foundation
Claims Authentication af3zp Unexpected ...ity, SPClaim loginClaim) at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String
encodedIdentityClaimSuffix) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromTokenSignature(SPRequestInfo requestInfo, IClaimsIdentity identity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo
requestInfo, IClaimsIdentity identity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope)'. 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94 w3wp.exe (0x2020) 0x26D8 SharePoint Foundation
Claims Authentication fo1t Monitorable STS Call: Failed to issue new security token. Exception: Microsoft.SharePoint.SPException: The specified user or domain group was not found. --->
System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType) at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)
--- End of inner exception stack trace --- at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim logi... 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94* w3wp.exe (0x2020) 0x26D8 SharePoint Foundation
Claims Authentication fo1t Monitorable ...nClaim) at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.CreateTokenCacheReferenceFromTokenSignature(SPRequestInfo requestInfo, IClaimsIdentity identity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentTokenCacheReferenceClaim(SPRequestInfo
requestInfo, IClaimsIdentity identity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope) at Microsoft.IdentityModel.Securi... 94aa5c2d-fa45-9b83-b203-a92b20102583
08/29/2013 10:22:51.94* w3wp.exe (0x2020) 0x26D8 SharePoint Foundation
Claims Authentication fo1t Monitorable ...tyTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal
principal, RequestSecurityToken request) 94aa5c2d-fa45-9b83-b203-a92b20102583Hi Aries,
I am facing issue with work flow where Workflow goes to Suspend mode.
I am facing an issue with SP2013 Custom Workflow developed using Visual Studio 2012.
Objective of the Custom workflow: User fills the form and submit, list get updated and workflow will initiate and go for the process.
Issue: After the deployment of WF, for first time when user is filling the form and submit, list is getting updated. But the Workflow Goes to "Suspend" mode. (
This Custom Workflow has a configuration file where we are providing other details including ID of Impersonator (farm is running under Claim Based Authentication).
Work flow works fine once when the Impersonator initiate the workflow (Fill the form and submit for approval) and everything works fine after that.
Following steps are already performed
1.Make sure User profile synchronization is started.
2.Make sure the user is not the SharePoint system user.
3.Make sure the user by whom you are logged is available in User Profile list.
4.Step full synchronization of User Profile Application.
From the ULS logs it seems the user's security token from the STS service and User profile service is not being issued.
Appreciate any thoughts or solution.
Following are the log files.
<-------------------------------Information taken from "http://YYYY.XXXXX.com/sites/xxxx/_layouts/15/wrkstat.aspx" where it is showing workflow status as "Suspend"------->
http://yyyy.XXXX.com/sites/xxxx/_vti_bin/client.svc/sp.utilities.utility.ResolvePrincipalInCurrentcontext(input=@ParamUser,scopes='15',sources='15',inputIsEmailOnly='false',addToUserInfoList='False')?%40ParamUser='i%3A0%23.w%7CXXXXX%5Csps_biscomdev'
Correlation Id: f5bd8793-a53c-2127-bfb1-70bc172425e8 Instance Id: 14a985a0-60c8-42db-a42c-c752190b8106
RequestorId: f5bd8793-a53c-2127-0000-000000000000. Details: RequestorId: f5bd8793-a53c-2127-0000-000000000000. Details: An unhandled exception occurred during the execution of the workflow instance. Exception details: System.ApplicationException: HTTP 401
{"error_description":"The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug>
configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."} {"x-ms-diagnostics":["3001000;reason=\"There
has been an error authenticating the request.\";category=\"invalid_client\""],"SPRequestGuid":["f5bd8793-a53c-2127-8654-672758a68234"],"request-id":["f5bd8793-a53c-2127-8654-672758a68234"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"SPRequestDuration":["34"],"SPIisLatency":["0"],"Server":["Microsoft-IIS\/7.5"],"WWW-Authenticate":["Bearer
realm=\"b14e1e0f-257f-42ec-a92d-377479e0ec8d\",client_id=\"00000003-0000-0ff1-ce00-000000000000\",trusted_issuers=\"00000005-0000-0000-c000-000000000000@*,[email protected]79e0ec8d\"","NTLM"],"X-Powered-By":["ASP.NET"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
RequireReadOnly"],"Date":["Fri, 10 Apr 2015 19:48:07 GMT"]} at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance
instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)
ULS Log
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Authentication Authorization agb9s Medium OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Runtime ajd6k Verbose Value for isAnonymousAllowed is : False f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Runtime ajd6l Verbose Value for checkAuthenticationCookie is : True f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.70 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Execution Time=18.7574119057031 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.71 w3wp.exe (0x1C74) 0x1AB8 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.73 PowerShell.exe (0x29BC) 0x2B9C SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {AF89E1D7-C47F-467B-8FD4-D7DC768820EE}
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Parent No
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80.
04/16/2015 15:22:03.73 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Application Authentication Pipeline). Parent Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.74 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication ah25l Medium SPJsonWebSecurityBaseTokenHandler: ValidateActorIsSelfIssuer! Issuer '00000005-0000-0000-c000-000000000000' is not self
issuer. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Getting Site Subscription Id). Parent [S2S] Getting token from STS and setting Thread Identity f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Getting Site Subscription Id). Execution Time=0.341314329055788 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.75 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring nasq Medium Entering monitored scope (Reading token from Cache using token signature). Parent [S2S] Getting token from STS and setting Thread
Identity f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General ajji6 High Unable to write SPDistributedCache call usage entry. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Reading token from Cache using token signature). Execution Time=7.5931438213516 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Application Authentication ajwpx Medium SPApplicationAuthenticationModule: Failed to build cache key for user f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.76 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Topology aeayb Medium SecurityTokenServiceSendRequest: RemoteAddress: 'http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc' Channel:
'Microsoft.IdentityModel.Protocols.WSTrust.IWSTrustChannelContract' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:fd5eba94-c39d-4667-89bd-089411c87f09' f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.77 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Topology aeax9 Medium SecurityTokenServiceReceiveRequest: LocalAddress: 'http://c1vspwfe01.vitas.com:32843/SecurityTokenServiceApplication/securitytoken.svc'
Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue' MessageId: 'urn:uuid:fd5eba94-c39d-4667-89bd-089411c87f09' f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.77 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Monitoring nasq Medium Entering monitored scope (ExecuteSecurityTokenServiceOperationServer). Parent No f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication ah25l Medium SPJsonWebSecurityBaseTokenHandler: ValidateActorIsSelfIssuer! Issuer '00000005-0000-0000-c000-000000000000' is not self
issuer. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {F17590DF-49D9-439D-86BC-5AE6416BB765} f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8b Verbose Looking up site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation General narq Verbose Releasing SPRequest with allocation Id {3847D5A4-15C6-4AF9-B062-E22BB555DF4F} f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0s1 High Identity claims mapped to '0' user profiles. Claims: [nameid: '', nii: 'windows', upn: '', smtp: '', sip: ''], User Profiles: f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0sr Unexpected UserProfileException caught.. Exception Microsoft.Office.Server.Security.UserProfileNoUserFoundException: 3001002;reason=The
incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator. at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() is thrown. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Portal Server User Profiles ae0su High The set of claims could not be mapped to a single user identity. Exception 3001002;reason=The incoming identity is not mapped
to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator. has occured. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication ae0tc High The registered mappered failed to resolve to one identity claim. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator. at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
contextUri, List`1 claims) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication af3zp Unexpected STS Call Claims Saml: Problem getting output claims identity. Exception: 'Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator. at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
contextUri, List`1 claims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.ResolveUserIdentityClaim(Uri contextUri, ClaimCollection inputClaims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetIdentityClaim(Uri
contextUri, ClaimCollection inputClaims, SPCallingIdentityType callerType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetLogonIdentityClaim(SPRequestInfo requestInfo, IClaimsIdentity inputIdentity, IClaimsIdentity
outputIdentity, SPCallingIdentityType callerType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity, SPCallingIdentityType callerType)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope)'. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.78 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Claims Authentication fo1t Monitorable STS Call: Failed to issue new security token. Exception: Microsoft.Office.Server.Security.UserProfileNoUserFoundException:
3001002;reason=The incoming identity is not mapped to any user profile account in SharePoint. Possible cause is that no user profiles are created in user profile database. Contact your administrator. at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetSingleUserProfileFromClaimsList(UserProfileManager
upManager, IEnumerable`1 identityClaims) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.<>c__DisplayClass2.<GetMappedIdentityClaim>b__0() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass5.<RunWithElevatedPrivileges>b__3()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated
secureCode) at Microsoft.Office.Server.Security.UserProfileIdentityClaimMapper.GetMappedIdentityClaim(Uri context, IEnumerable`1 identityClaims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetClaimFromExternalMapper(Uri
contextUri, List`1 claims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.ResolveUserIdentityClaim(Uri contextUri, ClaimCollection inputClaims) at Microsoft.SharePoint.IdentityModel.SPIdentityClaimMapperOperations.GetIdentityClaim(Uri
contextUri, ClaimCollection inputClaims, SPCallingIdentityType callerType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetLogonIdentityClaim(SPRequestInfo requestInfo, IClaimsIdentity inputIdentity, IClaimsIdentity
outputIdentity, SPCallingIdentityType callerType) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity, SPCallingIdentityType callerType)
at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.AugmentOutputIdentityForRequest(SPRequestInfo requestInfo, IClaimsIdentity outputIdentity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal
principal, RequestSecurityToken request, Scope scope) at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal
principal, RequestSecurityToken request) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x0C48) 0x1318 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (ExecuteSecurityTokenServiceOperationServer). Execution Time=17.1551132895382 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication fsq7 High SPSecurityContext: Request for security token failed with exception: System.ServiceModel.FaultException: The server was
unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in
order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message
response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Claims Authentication 8306 Critical An exception occurred when trying to issue security token: The server was unable to process the request due to an internal
error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to
the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Application Authentication Pipeline). Execution Time=52.3525336320678 f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Application Authentication ajezs High SPApplicationAuthenticationModule: Error authenticating request, Error details { Header: {0}, Body: {1} }. Available
parameters: 3001000;reason="There has been an error authenticating the request.";category="invalid_client" {"error_description":"The server was unable to process the request due to an internal error. For more information
about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as
per the Microsoft .NET Framework SDK documentation and inspect the server trace logs."} . f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 8nca Medium Application error when access /sites/testrpa2/_vti_bin/client.svc, Error=The server was unable to process the request due to an internal
error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to
the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken
rst, RequestSecurityTokenResponse& rstr) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context,
Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo, SPRequestSecurityTokenProperties properties) at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForApplicationAuthentication(Uri context,
SecurityToken onBehalfOf) at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.<>c__DisplayClass4.<GetLocallyIssuedToken>b__3() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated
secureCode) at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.ConstructIClaimsPrincipalAndSetThreadIdentity(HttpApplication httpApplication, HttpContext httpContext, SPFederationAuthenticationModule fam)
at Microsoft.SharePoint.IdentityModel.SPApplicationAuthenticationModule.AuthenticateRequest(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.79 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8b Verbose Looking up context site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in the farm SharePoint_Config_QA f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8d Verbose Looking up the additional information about the typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8f Verbose Site lookup is replacing
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly with the alternate access url
http://inetdev. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8g Verbose Looking up typical site
http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation General 6t8h Verbose Found typical site /sites/testrpa2 (407ba20c-079b-4b99-9e70-f86e6e13ddde) in web application SPWebApplication Name=SPDEV - 80. f5bd8793-a53c-2127-8485-418c67f110f6
04/16/2015 15:22:03.80 w3wp.exe (0x1C74) 0x183C SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope (Request (GET:http://inetdev:80/sites/testrpa2/_vti_bin/client.svc/site/ReadOnly)). Execution Time=62.2890618779761 f5bd8793-a53c-2127-8485-418c67f110f6
Regards
Sakti -
MIR4 Invoice - Restrict POST Authorization for Some Users
Hi Experts,
We are doing Invoice Release Workflow (MIR7) With 3 level Approval. When the document goes for approval in EDIT mode (MIR4) to multiple Levels anyone can change the document but the post authorization should be given only to the manager.
We created a Role with authorization object M_RECH_WRK and enabled only (3 Display and 77 Pre-Enter) still post button could not be disabled for some users. Kindly suggest a way to disable POST Option in MIR4 only for certain Users.
Regards,
DheepakHi Dheepak,
Refer to these thread:
[Disable post option in MIR7|Disable post option in MIR7;
[ POSTING ISSUE|MIR7 posting issue;
Hope you find these useful.
Reetesh -
Problem in second level navigation for some users.
Hello friends,
We have a group with few users, we have assigned certain roles to that group, all the roles are visible to all but the order of second level navigatin has changed for some users and not for all. Please suggest some solution.
Thanks,
MittsHi Mittal,
Is there any merging of roles going on?
When you assign new roles, does the 2nd level navigation contain the same nodes but in a different order, or are there additional nodes added?
Perhaps you can explain in more detail the set up.
Daniel
Maybe you are looking for
-
How can i insert the text file in a hashSet???
Hi, here's the code to feed the text file into the program, i need to put the words from the text file into a hashSet, im not too sure how to go about doing this, can anyone help please? import java.io.*; public class FileIn { BufferedReader in; publ
-
I just tried to reset factory settings on my i phone 4 s it still downloading from 5 hours
i just tried to reset factory settings on my i phone 4 s it still downloading from 5 hours..i dont know what to do
-
when i am logging and capturing, capturing stops and i get the message tape trouble check vtr. i read some post that it was an AJA problem and i called their tek support and they sent me the pulling txt file to put in my pluggins folder and the probl
-
Sol 9 smpatch missing some patch names from analyze results
when running smpatch analyze -x idlist=patches_to_analyze (which contains 9 patches), some of the results are missing their names: bash-2.05# smpatch analyze -x idlist=patches_to_analyze 118322-01 112233-12 SunOS 5.9: Kernel Patch 112912-01 SunOS 5.9
-
I want to delete a whole line in txt file where i found a string with DATE format.
#The date have specific format mm/dd/yyyy #I Need to find a line where is date older than one year and then erase it $Date = (Get-Date).AddDays(-365) write-host "-----------------------" $a= '\d{2}\/\d{2}\/\d{4}' Select-String -pattern "$a" -Path C