XI User Store / J2EE configuration
Hi all i hope you can help me,
Currently our XI user store points at client 000 to authenticate against when you login to the integration builder.
I would like to change this to client 280. I've checked all the settings in the config guides and install manuals and can't find and useful information !
I've changed the setting in the UME side on the visual administrator, but its not having any effect.
Any help would be much appreciated.
James
Hi James,
yes, of course. What to do depends on your scenario. Do you use IDoc RFC or ABAP proxy? Usually you have to delete and create a business system in SLD with the same name, delete the old business in IB directory and import again. Then configure logon in communication channel resp in SM59 destination. For IDocs communication it is more complex.
Regards,
Udo
Similar Messages
-
Hi,
in the SAP Library (topic: User Store Configuration) the
configuration file of a new user store is described:
<user-class-name>
com.my_package.MyUserContextImpl
</user-class-name>
<group-class-name>
com.my_package.MyGroupContextImpl
</group-class-name>
But where do i have to place the package "my_package"?
If i deploy it as a library, the Visual Administrator can not find my classes.
I got the following exception:
Unable to register user store!
java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Can not instantiate UserContext.
at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:78)
at com.sap.engine.services.security.server.UserStoreFactoryCache.registerUserStore(UserStoreFactoryCache.java:103)
at com.sap.engine.services.security.server.UserStoreFactoryImpl.registerUserStore(UserStoreFactoryImpl.java:143)
at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImpl.registerUserStore(RemoteUserStoreFactoryImpl.java:64)
at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImplp4_Skel.dispatch(RemoteUserStoreFactoryImplp4_Skel.java:99)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:268)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:165)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:102)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:140)
Caused by: java.lang.ClassNotFoundException: com.dcx.sein.userstore.UcmUserStore
Found in negative cache
Loader Info -
ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;service:com.sap.security.core.ume.service;service:connector;service:dbpool;service:keystore;service:security;service:userstore]
Parent loader name: [Frame ClassLoader]
References:
library:core_lib
common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
library:opensql
library:com.sap.util.monitor.jarm
library:sapxmltoolkit
library:j2eeca
library:webservices_lib
library:servlet
library:com.sap.ip.basecomps
library:com.sap.mw.jco
interface:security
interface:log
interface:shell
interface:keystore_api
service:timeout
interface:resourceset_api
interface:resourcecontext_api
interface:endpoint_api
interface:ejbcomponent
interface:container
interface:visual_administration
common:service:iiop;service:naming;service:p4;service:ts
interface:appcontext
interface:transactionext
library:antlr
service:memory
library:jdbdictionary
library:opensqlextensions
service:deploy
interface:cross
service:adminadapter
Resources:
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_util.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_xmlbind.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\dbpool.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_core.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_ssf.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_compat.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\userstore\userstore.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_service_api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_https.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\security\security.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\com.sap.security.core.ume.service\com.sap.security.core.ume.service.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_userstore_lib.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\opensqllib.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas_test.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\sqljimpl.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.tpd.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\connector\connectorimpl.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.perm.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\keystore\keystore.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_jaas.jar
Loading model: {parent,local,references}
at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:296)
at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:75)
... 13 more
at com.sap.engine.services.security.exceptions.BaseSecurityException.writeReplace(BaseSecurityException.java:340)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at java.io.ObjectStreamClass.invokeWriteReplace(ObjectStreamClass.java:896)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1011)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
at com.sap.engine.services.rmi_p4.DispatchImpl.throwException(DispatchImpl.java:120)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:270)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:165)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:102)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:37)
at com.sap.engine.core.cluster.impl6.session.UnorderedChannel$MessageRunner.run(UnorderedChannel.java:71)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:94)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:140)Alexandar.
Di you find any solutions ? -
Error while configuring external LDAP user store with weblogic
Hi,
I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
To do this, I have configured authentication provider and provided all the required details to connect to ldap.
For example:
Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
User DN: ou=People,dc=test,dc=com
Group DN: ou=Groups,dc=test,dc=com
This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
password=xxxxxxx
username=admin
Now while starting the admin weblogic server, I am getting the below error:
<Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
<Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Truncated. see log file for complete stacktrace
>
<Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
Regards,
Neeraj Tati.Hi,
Please refer the below content that I found for Oracle 11g in the docs.
"If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
Here not sure what to do.
Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
Regards,
Neeraj Tati. -
Solman_Setup, J2EE Configuration, start J2EE Config points at old server
Hi,
I have recently performed a system copy on my solution manager server. As far as I'm aware I have followed the correct procedure and performed all post installation tasks.
Since the copy I have a problem with my SLD which is in my solution manager system. I think it may be one of two problems.
Firstly
When I run SOLMAN_SETUP initial configuration step 3 - Start J2EE Configuration the url launched points at my old server name rather than the new one.
I have raised a call with SAP and have so far done the following things
Notes : 1297849 & 805344 - Everything pointed to new server
Notes 1301106 & 669669 - I have patched ABAB & JAVA AND updated the Content in the SLD
Note 624282 : Transaction LCRSERVADDR contains no entries and the SLDCHECK launches the correct SLD info.
None of these notes resolved my issue
Secondly
In transaction SMSY my solution manager settings are not correct - The ABAP stack is correct the message server points to the new message server, however the JAVA stack message server still points to the old system. I have tried to delete but I am unable to as I get the message system in use in Groups / Landscapes. SAP have done work on my server as part of the SURGEN programme and I'm sure this is something they have done that I am not able to remove.
Please help.
Regards
Tracey Smith. (John Beard - Corporate account for Kelda Group)You are using client 100 for example. It seems so that the UME store from the Java stack still points to the 001 client (probably you made a client copy on ABAP side from 001 to 100????). The CTC want to check SOLMAN_ADMIN user in the system where the UME destination is set (in this case 001).
So basically you got now 2 options: redirect your Java UME to client 100 or you simply create the required user SOLMAN_ADMIN in 001 client. -
We need to authenticate users against an LDAP server. This works fine from the workbench where the UME ContentSource is database_only. However, the central WebAs (Netweaver 2004) was installed with ContentSource of r3_rw. According to the documentation, a prerequisite to adding an LDAP user store is: "You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source." Since our WebAS Java is not configured this way, is there any way, short of re-installing the server, to add an LDAP user store? TIA,
SteveHi Steve,
Once you choose an ABAP data source, there is no going back.
You can however synchronize the ABAP with the LDAP server. Have the ABAP user management periodically import users from the LDAP server.
-Michael -
Cannot load classes for custom user store
I implemented a custom user store and deployed as sda library into NetWeaver preview SP16. NetWeaver is not able to load those classes when configuring that user store through Visual Administrator. Below is the error message I got,
Unable to register user store!
java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Can not instantiate UserContext.
at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:78)
at com.sap.engine.services.security.server.UserStoreFactoryCache.registerUserStore(UserStoreFactoryCache.java:120)
at com.sap.engine.services.security.server.UserStoreFactoryImpl.registerUserStore(UserStoreFactoryImpl.java:150)
at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImpl.registerUserStore(RemoteUserStoreFactoryImpl.java:64)
at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImplp4_Skel.dispatch(RemoteUserStoreFactoryImplp4_Skel.java:99)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Caused by: java.lang.ClassNotFoundException: mypackage.myusercontextimpl
Found in negative cache
Loader Info -
ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore]
Parent loader name: [Frame ClassLoader]
References:
library:com.sap.ip.basecomps
library:core_lib
common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
library:servlet
library:sapxmltoolkit
library:com.sap.mw.jco
library:com.sap.util.monitor.jarm
library:j2eeca
library:opensql
interface:security
interface:log
interface:shell
interface:keystore_api
library:ejb20
interface:webservices
library:com.sap.guid
interface:appcontext
interface:endpoint_api
interface:resourceset_api
interface:resourcecontext_api
common:service:iiop;service:naming;service:p4;service:ts
interface:ejbcomponent
interface:container
interface:visual_administration
interface:transactionext
interface:dsr_ejbcontext_api
service:timeout
library:tc~jmx
interface:cross
service:file
service:locking
library:tcSLUTIL
service:memory
library:antlr
library:jdbdictionary
library:opensqlextensions
Resources:
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\dbpool.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\basicadmin.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_compat.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\adminadapter\adminadapter.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\jstartupimpl.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx_notification\jmx_notification.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\security\security.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\com.sap.security.core.ume.service\com.sap.security.core.ume.service.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_userstore_lib.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\webservices_lib.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\jstartupapi.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas_test.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\sqljimpl.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.tpd.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.perm.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\connector\connectorimpl.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\saaj-api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\configuration\configuration.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_jaas.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_xmlbind.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_util.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_csi.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_core.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_ssf.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\userstore\userstore.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_https.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_service_api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\jaxrpc-api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\opensqllib.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\deploy\deploy.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx\jmx_sec.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx\jmx.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\jaxm-api.jar
C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\keystore\keystore.jar
Loading model: {parent,local,references}
at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:348)
at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:75)
... 13 more
at com.sap.engine.services.security.exceptions.BaseSecurityException.writeReplace(BaseSecurityException.java:349)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at java.io.ObjectStreamClass.invokeWriteReplace(ObjectStreamClass.java:896)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1011)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
at com.sap.engine.services.rmi_p4.DispatchImpl.throwException(DispatchImpl.java:139)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:306)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)Hi sheshu0022,
Based on my research, the issue can be occurred due to something get corrupted in the script task. To fix this issue, please copy the code in the task, then rebuild the script task with the same code to test again.
The following similar thread is for your reference:
http://stackoverflow.com/questions/15165760/ssis-script-task-fails-on-server-with-error-cannot-load-script-for-execution
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
OAM 11g throws error when user store is changed
We have OAM 11g integrated with OIF 11g as the SP. We need to change the OAM User store from OID to OVD. I added a new User store in the OAM console and set that as the default store. In the OAM console, under System Configuration -> Common Configuration -> Data Stores -> User Identity Stores, I added the OVD repository we want to use and set it as the default store. When I make this change in OAM data stores, OAM throws an error.
On the browser I see the error: System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
In the OAM diagnostic logs, I see the following errors:
[2012-08-11T08:37:27.016-04:00] [oam_server1] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Error initializing User/Role API : null.
[2012-08-11T08:37:27.021-04:00] [oam_server1] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
[2012-08-11T08:37:27.021-04:00] [oam_server1] [ERROR] [OAMSSA-12126] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Cannot assert the username from DAP token.
The user exists in OVD and appropriate attributes have been set.
Comparing the trace for the two, in the OID trace, I see a 302 for the URL at /oam/server/dap/cred_submit. In the OVD trace, I see a 200 for the same URL.
Following is a successful request when OID is set as the default user store:
GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMzBGMUJFRTdGRkM0NjQxREFFQn5GODdEQjFEMjczMjZCQjFCQTZEQTlDQTI5RDA3RTA0QTQ2OThEQzdEfjRCMDk0OUE1RjgyNjcwRkU2M0E3OTM5QjI1OTlCMzdEfmRiYzEzMDFiMWMxOTFiMDA5ZmM3YWM5MTFjNjM5MDhjNTgwMzZjMzYyZDZhZTQ3OTY5ZGRiNTllYmVlMTUwMjkxYTY4MzQwZjU2ZGEwMmNhMmE4YTM0YWUwNmUxMjY4MzE5NmFkNjM4YzIwOTliMWZmM2NmZTRhMjYyYmU2N2M1MDEwYWY5OWFmOWU1NTg5NGIyYTVjYWRkOGRlMDI5NjVjN2I2YzM5YTJjMDU1NmU5OTJkMzU4Y2RlYzAxNmU4MWZjMDRiYjFjM2RhYTAzYzliNDIwNjQzOTZlNzZlMzZhOTMwZjI4YTAyMzdmMTI1NjVjOTcwYTk1NzFkZDMzNzQ%3D HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://hostname.idpdomain.com/fed/user/?refid=id-5RtbGMaw6NfaaPUgth-wxZwxY5Q-
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: hostname.spdomain.com:14101
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 11 Aug 2012 12:42:32 GMT
Transfer-Encoding: chunked
Location: https://www.google.com
Set-Cookie: OAM_ID=VERSION_4~8u5oPtHwZW/uJbd8ybw87A==~I2VDurl3pyBxQdHBmwHXXu5AabtNgaGcQx1FJ6v3sVzuoU0WOvMyDi40pizUWNrSIUkCIrl7Fc6cumRyKUAU0yHSHEtzwtiGO3bmiC7rOXKglLnO9Iw0eNUATA1AuJ7m9a6JxE5fX2vDFDYzk/H9eK5/74mO9TKNP0HTcKF6NzEluuTT3sRlQH3dAzBhPouTCO6yMmd00SmQEhrQxCpUc+ec78GFQgfKrE+6mDNTFSO9gHEB0JQ+xzGzzsr34BDCTB2FC41d0Q3tTGXANSHHRg==; path=/; secure; HttpOnly
Set-Cookie: OAM_REQ=invalid; path=/; secure; HttpOnly
X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000042d
X-Powered-By: Servlet/2.5 JSP/2.1
Following is a failed request when OVD is set as the default user store:
GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMjRDREUyNUU4QTI1REUwMzVGM344MzRCNTU5RTNCREM1MjFBMjFBRDQ4MTBBNjMzMTI5QzM0MUU5RjI5fjA4ODY1M0JENjg1ODk1MTZDNUVGQjU0NTYwRjg5OEREfjYyMWE3NzhjMzUwMmVhODQ5MWRkMGIyYTBkYmM1MGU0ZDlmZTA0ZjE1NDBhMDVkOGM3ZWIwOGUzNGY3ZDhiNTBhMTNkMjY0MDliMGZmMmY2MzJjZGZjM2UzNzgzNzQ3YzM3OTIwYjlkMmNhZWY0ZDQ2M2MyYzE1NWM2MDkxMjI4MjU0NTEyZDIzODU3NTBlZjI4MjRlZTAzOWFkYmMxYTVmZWE3NTk5NTRlMGY3NTkyNjE5YTRkM2U3OTczZjZiMThmYzgxODg2MzM3ZDg5NzQ2NWUxYmZhNThjOGVmN2VhZmI5OGRiMDNiZmJmZGJjOWUzZmNjYTU1N2U5OWVjMDQ%3D HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://hostname.idpdomain.com/fed/user/?refid=id-R5gYcX-W8o6-bQSR2IIYdkQLLKA-
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: hostname.spdomain.com:14101
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Sat, 11 Aug 2012 12:37:26 GMT
Pragma: no-cache
Content-Length: 2051
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: OAM_JSESSIONID=0VksQmSHwhpr2vT33Kq1ZgqWgxrtk2BXxpr4PgmL1LwThMxYSlKQ!-450564370; path=/; HttpOnly
X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f
X-Powered-By: Servlet/2.5 JSP/2.1Hi AV,
we had the same problem
the reason was a wrong definition in cutomizing
Partner Processing -> Define Partner Determination Procedure -> User Interface Settings
there for the relevant procedure we had to define this sequence of functions :
1. Activity Partner
2. Contact Partner
3. Employee Responsible
4. Sales Representative
Regards
Meinrad -
ERROR: user is not configured for keystore 'service_ssl'
hi experts:
System environment:
pi7.0 j2ee sp09
ECC6.0 patch level11
Here is my scenarios..
ECC6.0-->(IDOC)XI(CIDX)--
>External system.
External system-->(CIDX)XI(IDOC)--
>ECC6.0
1.we have got there certificates from external system (rootCA.DER,intermedia.DER,Server.DER), imported the 3 certs files to TrustedCAs view using VA tool after we configured the SSL enable.
2.We generated the CSR file and got the response from CA. we import the CSR response to SERVICE_SSL service
3.I have assigned the role(keystoreadministrator) to user(PIAFUSER,PIAPPLUSER) in security provide service.
4.I configured the IR and ID for the first sceniro. I Selected the "service_ssl" view and "TrustedCAs" view in received agreement in ID, and selected the "service_ssl" view in comunication channeland. actived all of them.
issue :
as soon I trigger the message to external. It is OK in monitor for processed XML Message.
BUT I got the error message in runtime workbench/adapter engine/communication channel mornitoring.
Channel Name: Buyer_Send_OrderChange
Receiver Agreement: |com_sap_abap_r3_200|Sell_elemic|CIDX_E45_20_seller|OrderChange
Security Settings > Current certificate configured for signing:
ERROR: user is not configured for keystore 'service_ssl'
Security Settings > Partner certificate configured for signing:
ERROR: user is not configured for keystore 'TrustedCAs'
Thanks!!.The question have been solved ..
thanks!
xixi -
Edit XLIFF file in J2EE Configuration Browser
HI ,
I am trying to do internationalization in VC 7.1. In one of the steps. i have to edit XLIFF file in J2EE configuration Browser (under developmentserver->ClientWorspaces-> User Name -> sap.com._UWSoftwareComponent->model folder)
I donot have the edit option to upload the changed XLF file .
How do i edit and upload the file back
Thanks and Regards,
Priyatharini.Hi Priyatharini,
Please refer to Internationalization thread in this forum. I am also busy with it. Can you email me? so I could forward you things relating it. May be Internationalization works for you...
Best regards,
Dharmi -
OpenSSO 8.0 - Windows Server 2003 User Store
The following is taken from the installation guide - does this mean that Windows Server 2003 Forest Functional Level must be at 2003. If not, what does it mean?
Requirements For ActiveDirectory as theUser Data Store
To configure and use Active Directory as the user data store, your deployment must meet these requirements:
■ OpenSSO Enterprise 8.0 is installed on a supported web container.
■ Active Directory 2003 is installed on Windows Server 2003 R2 with Windows Server forest
functional level enabled. For more information, see:
http://support.microsoft.com/?id=322692#4
■ You have not made any changes to the OpenSSO Enterprise schema, attributes, or XML
files.I have installed 9i successfully on machines with AMD64 cpus and 64bit Xeons without any problems.
Cheers,
R -
I am setting OID as default User store for OAM 11gR2. And shall continue to use the internal UserIdentityStore1 as Security Store.
Is this ok? What is best practice.This should be fine and is recommended way.
When trying to set this up. I would recommend keep few things in mind. i.e. Make sure that you are having a new LDAP Authentication Module created for default User Identity Store. You don't want to create a mess out of your Authentication Modules and Authentication scheme configurations. Few of the OOTB Authentication Schemes use LDAP Authentication Module. If you change the User IdentityStore for it. Then your system store would be UserIdentityStore1 whereas the OAMConsoleScheme and other Authentication Schemes will be using LDAP Module which will be pointing to your OID's User Identity Store instead of your System Store.
~Yagnesh -
Currently our XI system points at a client 180 for our user store on the ABAP side.
Is it possible to change this to another client such as 200 ?
Many thanks
jamesHi James,
yes, of course. What to do depends on your scenario. Do you use IDoc RFC or ABAP proxy? Usually you have to delete and create a business system in SLD with the same name, delete the old business in IB directory and import again. Then configure logon in communication channel resp in SM59 destination. For IDocs communication it is more complex.
Regards,
Udo -
CF Installations :Key differnces between Multiserver configuration and J2EE Configuration
Hi,
Can anyone give the important differences between Multiserver
configuration and J2EE Configuration installations?..Hello Dalibor,
While the service account user object has Use DES selected it would appear your user session is still sending the AS Java an RC4 service ticket. This might occur if your user had requested a service ticket before Use DES was selected, or before that setting had replicated to the appropriate domain controller. The fix might be as simple and logging out and logging back in now that some time has passed.
You could also download the Microsoft kerbtray utility and inspect the service ticket enc type to validate this. kerbtray can also be used to clear old tickets and is generally useful for troubleshooting this kind of thing.
Thanks!
Kyle -
Creation of user in J2EE ?
Dear all experts
We are implementing SAP BI 7.0 SP11 and the portal and are trying to get these two 100% connected with the BI template installer etc. But when I run the "BI support tool (com.sap.ip.bi.supportdesk.default) I get an error saying :
"Create the J2EE user DDIC and map it to an ABAP user other than DDIC - see note 945055 for details"
And the note 945055 is saying that:
"To correct the problem, create user DDIC also in J2EE or in the LDAP (Lightweight Directory Access Protocol) connected to WebAS Java. You can create this user as a technical user. User DDIC is only used for SSO (Single Sign-On) communication."
So how do I "create user DDIC also in J2EE" - since we aint using any LDAP ??
Please help us - points will be given to any surgestions
Best regards
LarsHi,
You can create user in J2EE through useradmin application. access user admin through http://<ipaddress:port>/useradmin
ex: http://localhost:50000/useradmin
Log-in to the system as admin and create the user.
Thanks
R.Murali -
Non-Central Adapter User Store
Hi,
We have SAP PI 7.10 SP6 installed. We also installed a non-central adapter in the DMZ. We would like the non-central adapter to use/share the ABAP user store of the central adapter engine.
To this end I have created 2 RFC destinations in NWA, I18NBackendConnection and UMEBackendConnection to point to the ABAP host and client of the integration server and the central adapter engine.
Please can you advise if this is all that is required and what the port is that this is taking please on as to have that port opened on the FW.
Any help is most appreciated.
Regards
Willie HugoHi Abhishek,
Thanks for the prompt reply. I have tio stipulate that I have successfully connect the non-central adapter to the IS/Central adapter engine. I am able to see it as an additional adapter engine in RWB and in ID. I can also deploy an adapter to the non-central adapter engine. At this point it is a file adapter. We can drop files in the file adapter folder deployed on the non-central adapter engine and bring the transaction file into the IS. When it comes to monitoring the file adapter in the channel monitoring, I have to use a diffrent user name and password on the non-central adapter engine. This is where my problem lies. I would like to use the user store of the ABAP IS.
I am not sure the note would help with that?
Please can you confirm.
Regards
Willie Hugo
Maybe you are looking for
-
How to submit the values in the ztable to the line items
Hi everybody Please give me the code to my task I am having a Z Table with one field and with some certain records and i am having an unique value . This unique value should be submitted in all the line items which are having the Z table records
-
Migrate MS SQL Server procedure to Oracle
Can any one suggest me any user friendly tool to Migrate MS SQL Server procedure to Oracle. I think using OMWB we can migrate schemas, as i could not find any interface to migrate a single procedure
-
Web service username and password problems
Hi, I am trying to create a client to consume webservices exposed on a secure .net platform that is SSL protected (https). I am using netbeans 6 with WSIT support. When I create the web service and add the WSDL file - it comes up with the certificate
-
Oracle 10g BPEL developers guide
Hi, I am new to thw world of oracle 10g.I urgently need the developer's guide for BPEL 10g. Please provide me the links for Oracle 10g BPEL developers guide. You can also send me it, if you have it, to my email id: [email protected] Thanks & Regards
-
Reg. OBYC configuration
Dear Experts In OBYC,I have created and assigned G/ account for Stock of material and for Jobwork charges,but in FI document,only the GR/IR clg and WIP account only listing. Where to assign the above two (Jobwork and Stock account). Pls advise Thanks