Work Portal Authentication with MSAD

Similar Messages

• Not Working-central web-authentication with a switch and Identity Service Engine

  on the followup the document "Configuration example : central web-authentication with a switch and Identity Service Engine" by Nicolas Darchis, since the redirection on the switch is not working, i'm asking for your help...
  I'm using ISE Version : 1.0.4.573 and WS-C2960-24PC-L w/software 12.2(55)SE1 and image C2960-LANBASEK9-M for the access.
  The interface configuration looks like this:
  interface FastEthernet0/24
  switchport access vlan 6
  switchport mode access
  switchport voice vlan 20
  ip access-group webauth in
  authentication event fail action next-method
  authentication event server dead action authorize
  authentication event server alive action reinitialize
  authentication order mab
  authentication priority mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  authentication violation restrict
  mab
  spanning-tree portfast
  end
  The ACL's
  Extended IP access list webauth
      10 permit ip any any
  Extended IP access list redirect
      10 deny ip any host 172.22.2.38
      20 permit tcp any any eq www
      30 permit tcp any any eq 443
  The ISE side configuration I follow it step by step...
  When I conect the XP client, e see the following Autenthication session...
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
             Interface:  FastEthernet0/24
            MAC Address:  0015.c549.5c99
             IP Address:  172.22.3.184
              User-Name:  00-15-C5-49-5C-99
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  single-host
       Oper control dir:  both
          Authorized By:  Authentication Server
             Vlan Group:  N/A
       URL Redirect ACL:  redirect
           URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC16011F000000490AC1A9E2
        Acct Session ID:  0x00000077
                 Handle:  0xB7000049
  Runnable methods list:
         Method   State
         mab      Authc Success
  But there is no redirection, and I get the the following message on switch console:
  756005: Mar 28 11:40:30: epm-redirect:IP=172.22.3.184: No redirection policy for this host
  756006: Mar 28 11:40:30: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  I have to mention I'm using an http proxy on port 8080...
  Any Ideas on what is going wrong?
  Regards
  Nuno

  OK, so I upgraded the IOS to version
  SW Version: 12.2(55)SE5, SW Image: C2960-LANBASEK9-M
  I tweak with ACL's to the following:
  Extended IP access list redirect
      10 permit ip any any (13 matches)
  and created a DACL that is downloaded along with the authentication
  Extended IP access list xACSACLx-IP-redirect-4f743d58 (per-user)
      10 permit ip any any
  I can see the epm session
  swlx0x0x#show epm session ip 172.22.3.74
       Admission feature:  DOT1X
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
  And authentication
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
       Interface:  FastEthernet0/24
       MAC Address:  0015.c549.5c99
       IP Address:  172.22.3.74
       User-Name:  00-15-C5-49-5C-99
       Status:  Authz Success
       Domain:  DATA
       Oper host mode:  multi-auth
       Oper control dir:  both
       Authorized By:  Authentication Server
       Vlan Group:  N/A
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
       Session timeout:  N/A
       Idle timeout:  N/A
       Common Session ID:  AC16011F000000160042BD98
       Acct Session ID:  0x0000001B
       Handle:  0x90000016
       Runnable methods list:
       Method   State
       mab      Authc Success
  on the logging, I get the following messages...
  017857: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  017858: Mar 29 11:27:04: epm-redirect:epm_redirect_cache_gen_hash: IP=172.22.3.74 Hash=271
  017859: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: CacheEntryGet Success
  017860: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: Ingress packet on [idb= FastEthernet0/24] matched with [acl=redirect]
  017861: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Enqueue the packet with if_input=FastEthernet0/24
  017862: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_process ...
  017863: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Not an HTTP(s) packet
  What I'm I missing?

• SAPGUI and Portal Authentication using AD Credentials with usr/passw prompt

  Hi Experts,
  We have the following requirements:
  1. Portal/EP has UME set to ABAP (in other words using ECC6 system's user/password).
  2. ECC6 user-id's differ from Active Directory user.
  3. User logs in to Active Directory.
  4. User wants to log on to SAPGUI (ECC6 system), with a user-name password prompt, using the Active directory Credentials.
  5. User wants to log on to Portal/EP, with a user-name password promt, using the Active Directory Credentials.
  The following suggested solution was the closest to the requirement (without to much technical detail):
  1. For SAPGUI, implement SSO on the workstation GUI's and maintain the Active Directory user in transaction SU01 in the ALIAS field.
  This should enable the user to, after having logged onto the Active Directory, to open the SAPGUI and WITHOUT user-name password prompt, be authenticated and logged into SAP. This would entail settings to be done on each workstations GUI.
  2. For the Portal/EP, implement Kerberos on the portal, setting it to authenticate to the AD. As per note 935644 maintain an additional attribute on the UME, to enable the mapping between the UME and the AD users.
  This should enable the user, after having logged onto the Active Directory, to open Internet Explorer, go to the Portal URL, and be authenticated and logged into the portal, without WITHOUT user-name password prompt.
  Do you know the viability of this solution, or whether there is any better suggestion (especially to keep the user-name password prompt, and without changing the ECC6 or Active directory users).
  Regards.

  AJP,
  The description you have given is an exact description of the capability of our product. I represent a company called CyberSafe, and our products are designed and sold to SAP customers for integrating the SAP user authentication with Active Directory authentication. We have some unique features in our product which you could benefit from, e.g. our SAP GUI SNC library has the ability to popup a logon screen asking user for Active Directory account and password before it logs the user onto SAP. Also, when the SAP system has authenticated the user, either via the Web browser or via SAP GUI their Kerberos principal name (determined from AD account name and domain) is mapped onto a SAP user using a table in the ABAP system. The browser authentication even uses this same table for mapping so that an authenticated account name does not need to be same as the SAP user they log onto.
  If you would like to discuss our product more, and/or arrange a free evaluation please contact me using the email address in my SDN business card.
  Thankyou,
  Tim

• SiteMinder Authentication with Portal

  Hi,
  We are implementing CA's SiteMinder Login Module for Portal Authentication. In the Login Modules configurations, if I assign
  SiteMinder Login Module - REQUISITE
  CreateTicket Login Module - REQUIRED
  we are able to authenticate through Site Minder Policy server.
  What I want is,
  if I use reverse proxy of SiteMinder; login through SiteMinder.
  If I use direct link of the portal; login through BasicPasword Login Module.
  I tried :
  SiteMinder Login Module - OPTIONAL
  CreateTicket Login Module - SUFFICIENT
  Basic Password Login Module - REQUISITE
  CreateTicket Login Module - OPTIONAL
  In this configuration if I use Site Minder authentication, it is ok but if I use direk link to portal it gives error.
  I want to be sure that above configuration is ok or not
  Thanks in advance
  Abdul.

  Hi Shobit,
  Check this link:
  Cookies Problem with 3 tiered SSO
  Thanks and Regards,
  Shyam.

• I have a very similar problem (5506) in that I changed my appleID loginid and now none of my home shares work. All itunes have been re-authorized/authenticated with the new appleID string. Yet I still receive this error. I too am looking for suggestions.

  I have a very similar problem in that I changed my appleID loginid and now none of my home shares work (5506) . All itunes have been re-authorized/authenticated with the new appleID string. Yet I still receive this error. I too am looking for suggestions.

  If you no longer have the computer(s) you want to deauthorise,
  Log in to iTunes,  go to "view your account info" on the itunes store,  deauthorise all five, (Please Note: this can only be done Once every 12 months)  and then re-authorize your current Computer(s) one at a time.
  Authorise / Deauthorise About
  http://support.apple.com/kb/HT1420

• Policy agent 2.2 amfilter local authentication with session binding failed

  Hi All,
  I have policy agent 2.2 for weblogic 8.1 sp4 installed on redhat linux. All are working fine in my development box. But I was running all the process under user root, so today I decided to change it to a regular user, joe. I changed all the files' owner for weblogic server and policy agent from root to joe, and restart server as user Joe. After the change, I can not access the application on Weblogic server. I changed file ownership back to root and restart weblogic server as root, still same error.
  Here is the error I got:
  10.4.4 403 Forbidden
  The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
  Here is the error I found from agent log file, amFilter:
  AmFilter: now processing: SSO Task Handler
  05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  SSOTaskHandler: caching SSO Token for user uid=amAdmin,ou=People,dc=etouch,dc=net
  05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  AmBaseSSOCache: cached the sso token for user principal : uid=amadmin,ou=people,dc=etouch,dc=net sso token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#, cache size = 1
  05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  SSOTaskHandler: SSO Validation successful for uid=amAdmin,ou=People,dc=etouch,dc=net
  05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  AmFilter: now processing: J2EE Local Logout Task Handler
  05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  AmFilter: local logout skipped SSO User => amAdmin, principal =>null
  05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  AmFilter: now processing: J2EE Local Auth Task Handler
  05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  LocalAuthTaskHandler: No principal found. Initiating local authentication for amAdmin
  05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  LocalAuthTaskHandler: doing local authentication with session binding
  05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  LocalAuthTaskHandler: Local authentication failed, invalidating session.05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  WARNING: LocalAuthTaskHandler: Local authentication failed for : /portal/index.jsp, SSO Token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#
  05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
  AmFilter: result =>
  FilterResult:
       Status      : FORBIDDEN
       RedirectURL     : null
       RequestHelper:
            null
       Data:
            null
  -----------------------------------------------------------

  Hi,
  I'm having the exact same problem in the Prod environment, but on a Sun App Server. In development all is fine, in prod we now have:
  ERROR: AmFilter: Error while delegating to inbound handler: J2EE Local Auth Task Handler, access will be denied
  java.lang.IllegalStateException: invalidate: Session already invalidated
  at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1258)
  at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:164)
  at com.sun.identity.agents.filter.LocalAuthTaskHandler.doLocalAuthWithSessionBinding(LocalAuthTaskHandler.java:289)
  at com.sun.identity.agents.filter.LocalAuthTaskHandler.authenticate(LocalAuthTaskHandler.java:159)
  at com.sun.identity.agents.filter.LocalAuthTaskHandler.process(LocalAuthTaskHandler.java:106)
  at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
  at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
  at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
  at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
  at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
  at java.security.AccessController.doPrivileged(Native Method)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  FilterResult:
  Status : FORBIDDEN
  RedirectURL : null
  RequestHelper:
  null
  Data:
  null
  Also, we I debug I see:
  LocalAuthTaskHandler: No principal found. Initiating local authentication for ...
  Did you receive any solution for this?
  Many, many thanks,
  Philip

• EP Sneak Preview - Moving from Portal Authentication to LDAP

  Has anyone used the EP sneak preview, configuring first against portal authentication alone and then moving users to LDAP and leaving just the roles in the portal db, without having disaster strike and have to reinstall, etc.?
  Thanks in advance.

  hi,
  according to the Quick Install Guide
  <i>(url: https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/Quick%20Installation%20Guide%20for%20SAP%20NetWeaver%20EP%20on%20MaxDB,%20Developer%20Edition%20Sneak%20Preview.htm)</i>
  first i installed the latest JDK, which is 1.4.2_08
  manually i set the following environment variables (like i read a few threads before):
  CLASSPATH =
  %JAVA_HOME%lib;%JAVA_HOME%jrelib;
  JAVA_HOME = C:j2sdk1.4.2_08
  Path = %JAVA_HOME%bin;c:j2sdk1.4.2_08bin;c:j2sdk1.4.2_08jrebin;...
  when clicking sapinst.exe it says: <i>latest JRE 1.4.2 with latest Patch level could not be found.</i>
  then i checked startinstgui.bat and get the following error:
  the system cannot find the path.
  Starting SAPinst GUI with local Java Runtime
    Java Runtime found in JAVA_HOME environment variable
    Java path: C:j2sdk1.4.2_08binjava.exe
  a logon screen appears for sagui installation, which wants to logon to localhost and port 21212. this does not work as i have no webserver running...
  i am riding xp - maybe the whole thing really works only on win2000 or win server 2003?
  any comments apreciated.
  Matthias

• Caching for Web Portal Authenticated clients

  Reading CUWN documentation, Sticky Key Caching works only on WPA2-enabled WLANs.   Is it possible to enable a caching to help Web Portal Authenticated clients perform intra-controller roaming faster?

  Ok, so here's how it works:
  When the client gets on the network, the controller contacts the DHCP server and hands the client back its IP (as with any helper address).
  In order for web auth to work, you need to open a browser on the client.
  When you go to a page (say www.google.com) your browser does a DNS query for the IP address of the site (www.google.com), the controller intercepts the query.
  Since you have not been authenticated yet, the controller does not allow the query directly, but it proxies the query to the DNS server you were trying to resolve against. It sources this query from its interface that is on the VLAN the SSID your client is on maps to.
  That reply is proxied back to your computer, and then your browser does its normal request to Google?s IP.
  The controller then intercepts that request, and sends a reply back redirecting the browser to the controller login page (usually https://1.1.1.1).
  Once you log into the web page, you will be redirected back to your original page (www.google.com).
  I hope I explained it well. If I wasn't clear, please let me know.
  -Eric

• Creation of Portal iview, with BSP on internal server, call portal external

  Hi all,
  folowing issue:
  we have a test portal link with the internet via apache reverse proxy:
  e.g. http://www.xxx.at/irj   is linked with http://cscinternal.csc.com:51000/irj
  The portal can be started without any problem.
  further we have a bsp applikation on an other internal SAP Server which can be reached with
  http://cscinternal02.csc.com:8047.
  the server is also listed in the apache reverseproxy list as   http://www.xxx.at/its
  The bsp application link: http://www.xxx.at/its/sap/bc/bsp/sap/y_test_pdf_01/main.htm
  can be reach via internet without any problem.
  The bsp shows an radiobutton list + button, with the button one can show a list in an second window.
  so, now i will call this bsp in an iview via portal
  01. i tried the "URL iview", result: i can reach the html but on any action the side do nothing
  02. i tried to config "iview BSP" BUT .... i have now idea what system i should put in,
       the second sap system is configured but there is the internal name in (i guess) ...
  so i'm  newbee in portal things, so i don't know where i can configure a system ...,
  BUT beside this, PLEASE can anyone describe me how i can manage this internal BSP
  in the portal to call it from external?
  thanks a lot
  bye Mike

  Hi Mike,
  Try below steps to make sure your have proper  connection between Portal and  back end SAP system.
  1) Create  a system object , Enter required details for "Web Application Server" Properties with below two options
            A) Enter Direct SAP Server details
            Web AS Host Name : cscinternal02.csc.com:8047
            Web AS Path: /its/sap/bc/bsp/sap
            Web AS Protocol: http
           B) Enter apache reverseproxy
            Web AS Host Name : www.xxx.at/its
            Web AS Path:/sap/bc/bsp/sap
            Web AS Protocol: http
  2) Create  a  Alias  .  Run the connection test for Web Application Server (WAS). Make  sure  connection tests are successfull
  3) Create a  BSP Iview ,
    BSP Definition Type:  Application
    Selct System Alias
    Customer Namespace: sap
    Application NameSpace: sap
    Business Server Page (BSP) Application:  y_test_pdf_01
    Start Page: main.htm
  Let me know if  it works.
  Thanks
  Aravind
  Intelligroup

• Certificate based authentication with sender SOAP adapter. Please help!

  Hi Experts,
     I have a scenario where first a .Net application makes a webservice call to XI via SOAP Adapter. Then the input from the .Net application is sent to the R/3 system via RFC adapter.
  .Net --->SOAP -
  >XI -
  >RFC -
  R/3 System
  Now as per client requirement I have to implement certificate based authentication in the sender side for the webservice call. In this case the .Net application is the "client" and XI is the "server". In other words the client has to be authenticated by XI server. In order to accomplish this I have setup the security level in the SOAP sender channel as "HTTPS  with client authentication". Additionally I have assigned a .Net userid in the sender agreement under "Assigned users" tab.
  I have also installed the SSL certificate in the client side. Then generated the public key and loaded it into the XI server's keystore.
  When I test the webservice via SOAPUI tool I am always getting the "401 Unauthorized" error. However if I give the userid/password for XI login in the properties option in the SOAPUI tool then it works fine. But my understanding is that in certificate based authentication, the authentication should happen based on the certificate and hence there is no need for the user to enter userid/password. Is my understanding correct? How to exactly test  certificate based authentication?
  Am I missing any steps for certificate based authentication?
  Please help
  Thanks
  Gopal
  Edited by: gopalkrishna baliga on Feb 5, 2008 10:51 AM

  Hi!
  Although soapUI is a very goot SOAP testing tool, you can't test certificate based authentication with it. There is no way (since I know) how to import certificat into soapUI.
  So, try to find other tool, which can use certificates or tey it directly with the sender system.
  Peter

• Regarding : How to add a user to portal group with the help of webdynpro .

  Hii ,
  I am working on an application in which with the help of an action( Button)  we r adding a user in Ztable in R/3 , as well as  group in portal.
  The user r successfully creating in Ztable but from portal side No user is assigned to Portal group.
  I need coding solution for " How to add a user to portal group with help of webdynpro"
  Any usefull link will also do.
  Pls anyone have any solution ??
  Thnks in advance.
  Rewards r waiting for u .

  Hi,
  Use UME api to add user to portal group.
  Using UME API:
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
  Regards,
  Naga

• LDAP authentication with MD5 passwords

  Hi,
  in one of our Linux servers we have MD5 passwords stored in /etc/shadow. We want to implement pam_ldap on that machine, and move passwords to an LDAP database.
  I know it is to be done with {crypt} storage scheme.
  This works with DS 5.2 running on a Linux box, but under Solaris 8 I couldn't get it working. I know that Solaris 8 doesn't support MD5 passwords in its crypt(3) function, and I suppose Directory Server uses that. Somewhere I read that, however crypt() in Solaris 9 does support MD5.
  Can you confirm that after upgrading to Solaris 9, authentication with MD5-hashed passwords will be possible? Has anyone tried it?
  Thanks in advance,
  Kristof

  Thanks you for your reply.
  Our openldap version is openldap-2.3.39
  And all passwords are encrypted with : Base 64 encoded md5
  Below is a sample password:
  {md5}2FeO34RYzgb7xbt2pYxcpA==Thanks again for any help..

• How to  work on SDK with SAP B1 2005

  hi all,
      its too urgent, if you have any information about it, kindly help me.
  1. i need some details related to SDK. what are the tools needed for working on SDK with SAP B1 2005,
  2. how to get the "microsoft visual studio" for writing code for sdk.is there any seperate tool available with SDK for that or we have to use the general " microsoft visual studio" for VB and VC++.
  3. how to work on Screen painter add-on, able to design the forms,but how and where to write the code to make it work, or is there any tool kit for generating the code.
  4. pls give the link in the SAP portal for downloading the " tools and software needed for working on SDK with SAP B1 2005.
  if you have any tools, software and guide files related to sdk kindly please send me to my gmail address " [email protected] ".
  it is very urgent, if you have any resources regarding this then kindly send me as soon as possible.
  regards
  sandip

  Sandip,
  The forum that you have posted your question in is for questions related to the SAP Business One Integration for SAP NetWeaver.  Your question is SDK related and should be posted in the SAP Business One SDK Discussion forum.
  That being said ... here are the answers to your questions ...
  1. As far as the SDK goes, it does not provide an IDE.  Since the API's are COM, then you can use any IDE that can communicate with COM objects such as VB6, VB.Net, C#, C++, etc.
  2. As stated above, the SDK does not provide an IDE.  You would need to purchase one or you can get a free one from Microsoft on there website such as Visual Basic 2005 Express Edition.
  3. The Screen Painter is an SAP tool (independant of any IDE) that allows you to graphically create new SAP Business One looking forms and then save them to an XML format.  You would then in your code use the LoadBatchActions method to load your XML form.  Documentation on the Screen Painter and the LoadBatchActions method is in the SAP Business One SDK Help Center Documentation that comes with the SDK as well as there is eLearning available for the SDK on this portal as well as the SAP PartnerEdge Portal if you are an SAP Business One partner.
  4. If you are an SAP Business One partner and have an "S" number, you can log into the SAP PartnerEdge Portal and then under SAP Business One and "Installations & Updates" you can download the SAP Business One product as the SDK installation is part of the overall installation package.  If you are not a partner you would need to contact your local SAP Business One sales representative.
  Other tools available that work with the SAP Business One SDK are located on the SDN Portal under this link ...
  SAP Business One Tools [original link is broken]
  HTH,
  Eddy
  P.S. please give points for helpful answers!

• RSA authentication with LDAP group mapping

  Greetings,
  I'm trying to set up RSA authentication with LDAP group mapping with ACS Release 4.2(1) Build 15 Patch 3.
  The problem I'm having is that my users are in multiple OU's on our AD tree.  When I only put our base DN in for User Directory Subtree on ACS, it fails with a "External DB reports about an error condition" error.  If I add an OU in front of it, then it will work fine.
  As far as I know, you can only use one LDAP configuration with RSA.
  Any thoughts on this?

  @Tarik
  I believe your suggestion is the only way i'm going to get this to work. I ran across a similar method just this week that I have been working on.
  I was hoping for dynamic mapping with the original method, but I haven't found any way to make it happen.  I have resorted to creating a Radius profile on the RSA appliance for each access group I need.  Using the Class attribute, I then pass the desired Group name to the ACS, i.e. OU=Admins, and that seems to work.
  Thankfully, I have a small group of users that I am attempting to map.  I will only map those who need elevated priviliges to narrow down how many profiles I will have to manually create.  Likewise, our Account Admin will have to determine who gets assigned a particular access group.
  I would still prefer to do this dynamically.
  Scott

• Is there a problem using popup LOVs in a portal form with a bind variable?

  I have a portal form with 2 LOVs. The second LOV is a dependent LOV whose bind variable can be NULL. I have read Note 263923.1, "How To Create Dependent Lovs In Forms", and my form works as long as I use combo boxes to display the LOVs. I need to use popups so the user can search the LOVs as they are quite lengthy. Plus I want to be able to pick a value from my second LOV without selecting a value from the first LOV -- hence, my bind variable can be null and that is where my problem lies. As long as I select a value from the first LOV, the second LOV popup will work. If I click on the icon to display the second LOV without pre-selected a value from the first LOV, I get the following error:
  POPUP LOV ERROR:
  LOV: "9A17692880B6B8509F514F5B9CA9EC808DD403218B3CF19A33C04CD1FAB0ADE17ADC33E6B67998A933357CE5264D204E"
  Parse Message: Parse as pre-set global: "TORE".
  Find Message: LOV is of type DYNAMIC (LOV based on SQL query).
  Query: "SELECT ...."
  wwv_bind.prepare_bind: ORA-01403: no data found
  My form is based on a table with a custom layout. The sql for the second LOV is similar to: SELECT ENAME, EMPNO FROM SCOTT.EMP WHERE (DEPTNO = :DEPT AND :DEPT IS NOT NULL) OR :DEPT IS NULL.
  Thanks in advance for any help,
  Carol

  Don't use EPS any more! It does not support transparency nor color management.
  If you save vector files from Illustrator, use AI with PDF compatiblity.
  If you save image files from Photoshop, use PSD.
  If you save image files combined with vector forms and/or text from Photoshop, use PDP which is a Photoshop PDF.
  For vectors from Illustrator use CMYK files.
  For images use RGB, conversion to CMYK should never done before PDF export, better, if the printer allows it, is to export a PDF with live transparency as it is PDF/X-4
  If the printer requires a PDF with CMYK only export a PDF/X-1a.