XI USER STORE

Similar Messages

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• Non-Central Adapter User Store

  Hi,
  We have SAP PI 7.10 SP6 installed. We also installed a non-central adapter in the DMZ. We would like the non-central adapter to use/share the ABAP user store of the central adapter engine.
  To this end I have created 2 RFC destinations in NWA, I18NBackendConnection and UMEBackendConnection to point to the ABAP host and client of the integration server and the central adapter engine.
  Please can you advise if this is all that is required and what the port is that this is taking please on as to have that port opened on the FW.
  Any help is most appreciated.
  Regards
  Willie Hugo

  Hi Abhishek,
  Thanks for the prompt reply. I have tio stipulate that I have successfully connect the non-central adapter to the IS/Central adapter engine. I am able to see it as an additional adapter engine in RWB and in ID. I can also deploy an adapter to the non-central adapter engine. At this point it is a file adapter. We can drop files in the file adapter folder deployed on the non-central adapter engine and bring the transaction file into the IS. When it comes to monitoring the file adapter in the channel monitoring, I have to use a diffrent user name and password on the non-central adapter engine. This is where my problem lies. I would like to use the user store of the ABAP IS.
  I am not sure the note would help with that?
  Please can you confirm.
  Regards
  Willie Hugo

• OAM 11g throws error when user store is changed

  We have OAM 11g integrated with OIF 11g as the SP. We need to change the OAM User store from OID to OVD. I added a new User store in the OAM console and set that as the default store. In the OAM console, under System Configuration -> Common Configuration -> Data Stores -> User Identity Stores, I added the OVD repository we want to use and set it as the default store. When I make this change in OAM data stores, OAM throws an error.
  On the browser I see the error: System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
  In the OAM diagnostic logs, I see the following errors:
  [2012-08-11T08:37:27.016-04:00] [oam_server1] [ERROR] [OAMSSA-20005] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Error initializing User/Role API : null.
  [2012-08-11T08:37:27.021-04:00] [oam_server1] [WARNING] [OAMSSA-20007] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Unable to connect to the User Store. User Store may not be initialized : Error initializing User/Role API : null..
  [2012-08-11T08:37:27.021-04:00] [oam_server1] [ERROR] [OAMSSA-12126] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f,0] [APP: oam_server] Cannot assert the username from DAP token.
  The user exists in OVD and appropriate attributes have been set.
  Comparing the trace for the two, in the OID trace, I see a 302 for the URL at /oam/server/dap/cred_submit. In the OVD trace, I see a 200 for the same URL.
  Following is a successful request when OID is set as the default user store:
  GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMzBGMUJFRTdGRkM0NjQxREFFQn5GODdEQjFEMjczMjZCQjFCQTZEQTlDQTI5RDA3RTA0QTQ2OThEQzdEfjRCMDk0OUE1RjgyNjcwRkU2M0E3OTM5QjI1OTlCMzdEfmRiYzEzMDFiMWMxOTFiMDA5ZmM3YWM5MTFjNjM5MDhjNTgwMzZjMzYyZDZhZTQ3OTY5ZGRiNTllYmVlMTUwMjkxYTY4MzQwZjU2ZGEwMmNhMmE4YTM0YWUwNmUxMjY4MzE5NmFkNjM4YzIwOTliMWZmM2NmZTRhMjYyYmU2N2M1MDEwYWY5OWFmOWU1NTg5NGIyYTVjYWRkOGRlMDI5NjVjN2I2YzM5YTJjMDU1NmU5OTJkMzU4Y2RlYzAxNmU4MWZjMDRiYjFjM2RhYTAzYzliNDIwNjQzOTZlNzZlMzZhOTMwZjI4YTAyMzdmMTI1NjVjOTcwYTk1NzFkZDMzNzQ%3D HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
  Referer: http://hostname.idpdomain.com/fed/user/?refid=id-5RtbGMaw6NfaaPUgth-wxZwxY5Q-
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  Host: hostname.spdomain.com:14101
  Connection: Keep-Alive
  Cache-Control: no-cache
  HTTP/1.1 302 Moved Temporarily
  Connection: close
  Date: Sat, 11 Aug 2012 12:42:32 GMT
  Transfer-Encoding: chunked
  Location: https://www.google.com
  Set-Cookie: OAM_ID=VERSION_4~8u5oPtHwZW/uJbd8ybw87A==~I2VDurl3pyBxQdHBmwHXXu5AabtNgaGcQx1FJ6v3sVzuoU0WOvMyDi40pizUWNrSIUkCIrl7Fc6cumRyKUAU0yHSHEtzwtiGO3bmiC7rOXKglLnO9Iw0eNUATA1AuJ7m9a6JxE5fX2vDFDYzk/H9eK5/74mO9TKNP0HTcKF6NzEluuTT3sRlQH3dAzBhPouTCO6yMmd00SmQEhrQxCpUc+ec78GFQgfKrE+6mDNTFSO9gHEB0JQ+xzGzzsr34BDCTB2FC41d0Q3tTGXANSHHRg==; path=/; secure; HttpOnly
  Set-Cookie: OAM_REQ=invalid; path=/; secure; HttpOnly
  X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000042d
  X-Powered-By: Servlet/2.5 JSP/2.1
  Following is a failed request when OVD is set as the default user store:
  GET /oam/server/dap/cred_submit?osso_sassoToken=v1.0%7ENEVGMjRDREUyNUU4QTI1REUwMzVGM344MzRCNTU5RTNCREM1MjFBMjFBRDQ4MTBBNjMzMTI5QzM0MUU5RjI5fjA4ODY1M0JENjg1ODk1MTZDNUVGQjU0NTYwRjg5OEREfjYyMWE3NzhjMzUwMmVhODQ5MWRkMGIyYTBkYmM1MGU0ZDlmZTA0ZjE1NDBhMDVkOGM3ZWIwOGUzNGY3ZDhiNTBhMTNkMjY0MDliMGZmMmY2MzJjZGZjM2UzNzgzNzQ3YzM3OTIwYjlkMmNhZWY0ZDQ2M2MyYzE1NWM2MDkxMjI4MjU0NTEyZDIzODU3NTBlZjI4MjRlZTAzOWFkYmMxYTVmZWE3NTk5NTRlMGY3NTkyNjE5YTRkM2U3OTczZjZiMThmYzgxODg2MzM3ZDg5NzQ2NWUxYmZhNThjOGVmN2VhZmI5OGRiMDNiZmJmZGJjOWUzZmNjYTU1N2U5OWVjMDQ%3D HTTP/1.1
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
  Referer: http://hostname.idpdomain.com/fed/user/?refid=id-R5gYcX-W8o6-bQSR2IIYdkQLLKA-
  Accept-Language: en-us
  UA-CPU: x86
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
  Host: hostname.spdomain.com:14101
  Connection: Keep-Alive
  Cache-Control: no-cache
  HTTP/1.1 200 OK
  Cache-Control: no-cache, no-store
  Date: Sat, 11 Aug 2012 12:37:26 GMT
  Pragma: no-cache
  Content-Length: 2051
  Content-Type: text/html; charset=UTF-8
  Expires: 0
  Set-Cookie: OAM_JSESSIONID=0VksQmSHwhpr2vT33Kq1ZgqWgxrtk2BXxpr4PgmL1LwThMxYSlKQ!-450564370; path=/; HttpOnly
  X-ORACLE-DMS-ECID: 3480b637355d0d24:-ed7c663:13913246a02:-8000-000000000000040f
  X-Powered-By: Servlet/2.5 JSP/2.1

  Hi AV,
  we had the same problem
  the reason was a wrong definition in cutomizing
  Partner Processing -> Define Partner Determination Procedure -> User Interface Settings
  there for the relevant procedure we had to define this sequence of functions :
  1. Activity Partner
  2. Contact Partner
  3. Employee Responsible
  4. Sales Representative
  Regards
  Meinrad

• Using two User Stores for one relying party trust

  Hi all,
  We got a request to implement a trust with an external party. 
  Internal users should be able to make use of that application. But also external users, which have their account stored in a different user store (question is asked if its a SQL or LDAP kind of store).
  Is it possible to have a SSO effect for both internal and external users? 
  Somehow ADFS has to know if the user is internal or external. I can imagine an internal user being in the office will get a nice SSO feeling. From what i think this is not possible for external users. External users should still authenticate once on our sts
  (adfs). Lets say this is true, is it possible for ADFS to see if a user is external, and then use the User Store that belongs to that external user?
  You also must take in mind that an internal user could also be in a internet cafe, so SSO is not possible. Also this time the user should authenticate to the sts. But this time it has to use Active Directory as User Store.
  I know internal users have a username in a different format then external users. 
  Is it possible for ADFS to know which User Store to pick based on the format of the username?
  Thanks in advance for the reaction.

  Hi,
  Thank you for your posting!
  Since Active Directory Federation Service is not an extension of Active Directory schema, I suggest you refer to the following forum to get professional support:
  Claims based access platform (CBA), code-named Geneva Forum
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Thank you for your understanding and support.
  Best Regards,
  Amy Wang

• Best Practise of maintaining user stories in MTM

  Hi
  I have below questions.
  1.In MTM the best way to maintain the user stories can be which way
  User story1- Under this sprint1,sprint 2...
  User story2 - Under this sprint 2,sprint 3-...
  or
  Sprint 1- Under this User story1
  Sprint 2- Under this User story 1,User story 2
  Which is the best practice in the MTM. Any sample will be good

  Hi Santhu,
  Thank you for posting in MSDN forum.
  MTM is used to define and manage your test plans for manual and automated system tests. These test plans are stored in TFS, and are closely integrated with its build and application
  lifecycle management tools.
  As you said that about the best way to maintain the user stories, as far as I know that the user story is maintained
  by web access. So if you want to maintain the user story, I suggest you can maintain it by the TFS web access.
  Reference:http://msdn.microsoft.com/en-us/library/vstudio/ee523998(v=vs.120).aspx
  In addition, as you said that you want to the User story1- Under this sprint1,sprint 2.... or Sprint 1- Under this User story1. I know that the user story1 can not under this sprint1,sprint 2.... as the same time,
  it just can under one sprint.
  About this issue, since I am not the TFS experts, so I suggest you can ask this issue directly to the
  TFS forum,
  it will be better support.
  Thanks for your understanding.
  Best Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• User Store for Portal

  Hello,
  We are implementing a new portal, and having trouble deciding on the user store for the portal.
  Scenario:
  u2022     The main functionality of the Portal is dependent on the SAP Systems (ESS\MSS), and BW System.
  u2022     Currently there is no CUA or SAP Identity management Systems available. 
  u2022     The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP.
  From our preliminary brainstorming, we came up with following decision:
  u2022     Use the ECC ABAP Store for user Base (So we leverage all the ECC users, and their current role assignments in the portal)
  u2022     Later on, once weu2019re ready to install SAP IDM, and then Switch Portalu2019s User Store from ECC ABAP Store to IDM.
  QUESTIONS:
  1.     Is our approach here correct?
  2.     Would it possible to switch portalu2019s user store from ECC ABAP Store to IDM?
  3.     Should we consider installing CUA in the meantime until weu2019re ready to move to IDM?
  Any Help or opinions would be much appreciatedu2026
  Thanks,
  Harman

  Hi,
  Q1 You wrote: " The Usernames in our LDAP and SAP ECC systems are different, so we canu2019t use the LDAP."
  This is not 100% true... take a look at this help document as it explains some possibilities for you:
  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
  Q2 Not really, see Q1 and in addition IDM is a Management and Provisioning System/Tool. It isn't a userstore on itself.
  In other words IDM contains the single truth but it provisions it to systems (JAVA , ABAP, LDAP etc).
  So it won't be possible to connect your Portal from an ABAP user store to an IDM user store as it doens't exist.
  What theoretically could be possible is to now connect you Portal to an ABAP user store and later Back to its own UME and let this UME be under provisioning by the IDM system. But I can remember that it is not supported to go back from ABAP to UME. See also: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/f5/8fdc3fca21eb06e10000000a1550b0/frameset.htm
  Q3 Personally I think it is a first good step as it helps you to centralize and uniform your users and roles. But If you already decided to go for IDM (lets say next year) then it maybe the Return On Investment for implementing CUA now is nihil.
  Do not hesitate to ask if above answers are unclear.
  Good Luck,
  Benjamin

• Microsoft Lync Server 2013, Backup Service user store backup module detected items having pool ownership conflict during import.

  Dear Team,
  I have two Enterprise lync 2013 pools, abcPool and abcpool1. abcPool1 has got two servers, Server1 and server2. and abcpool has one FE server named "Server 3". and they have pool pairing.
  Replication was fine between them when i had only one FE server in each pool, one day FE service broke on one of the FE server on abcpool1 and failed to start so i had to do failover to another pool, at that time i introduced one more FE in abcPool1, that
  why now 2 FEs in abcPool2. Server1 FE service was resolved by reinstalling the binaries. However after that im unable to get the backupservice state to normal, i tried the below articles with no luck,
  http://social.technet.microsoft.com/Forums/lync/en-US/0403621e-26b6-4cd0-bbca-8534a20de665/backup-service-pool-ownership-conflict-during-import?forum=lyncdeploy 
  http://msucmenow.blogspot.in/2013/05/troubleshooting-lync-2013-pool-pairing.html
  "Event on Server 1"
  Log Name:      Lync Server
  Source:        LS Backup Service
  Date:          1/21/2014 8:02:33 AM
  Event ID:      4073
  Task Category: (4000)
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      ABC.net
  Description:
  Microsoft Lync Server 2013, Backup Service user store backup module detected items having pool ownership conflict during import.
  Items having pool ownership conflict: 
  ItemId: 1b3be172-b121-43cf-bd4e-b3d368eae6a9, DocId: 7972, DocName: urn:hcd:[email protected]
  ItemId: 1b3be172-b121-43cf-bd4e-b3d368eae6a9, DocId: 7973, DocName: urn:lcd:[email protected]
  ItemId: 1b3be172-b121-43cf-bd4e-b3d368eae6a9, DocId: 7974, DocName: urn:upc:[email protected]
  PS C:\Users\lyncadmin> Get-CsBackupServiceStatus -PoolFqdn pool1.net | fl
  ActiveMachineFqdn   : abc1.net
  OverallExportStatus : SteadyState
  OverallImportStatus : ErrorState
  BackupModules       : {UserServices.PresenceFocus:[SteadyState,ErrorState],
                        ConfServices.DataConf:[FinalState,NormalState],
                        CentralMgmt.CMSMaster:[FinalState,NotInitialized]}
  Following error in "Lync Server" logs on server3 on abcPool.
  Log Name:      Lync Server
  Source:        LS Backup Service
  Date:          1/21/2014 9:37:47 AM
  Event ID:      4069
  Task Category: (4000)
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:     SQL1.net
  Description:
  Microsoft Lync Server 2013, Backup Service user store backup module encountered an exception that was handled gracefully when importing document batch.
  Batch file: UserServices\PresenceFocus\1-UserServices-8\Data\488bc218-9954-4caf-a5da-89efdb7b85a7_0_1562.xml.
   Exception: System.Data.SqlClient.SqlException (0x80131904): Snapshot isolation transaction aborted due to update conflict. You cannot use snapshot isolation to access table 'dbo.Batch' directly or indirectly in database 'rtcxds' to update, delete, or
  insert the row that has been modified or deleted by another transaction. Retry the transaction or change the isolation level for the update/delete statement.
  Log Name:      Lync Server
  Source:        LS Backup Service
  Date:          1/21/2014 9:52:45 AM
  Event ID:      4064
  Task Category: (4000)
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:     SQL1.net
  Description:
  Microsoft Lync Server 2013, Backup Service user store backup module encountered an exception that was handled gracefully during export.
  Additional Message: 
   Exception: System.IO.IOException: The process cannot access the file '\\SQl1.net\LyncShare\1-BackupService-10\BackupStore\UserServices\PresenceFocus\Cookie\Cookie.zip' because it is being used by another process.
     at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
     at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath,
  Boolean checkHost)
     at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
  Praveen | MCSE Messaging 2003

  When you add a new FE in pool acdpool1, please check you have run the following:
  <system drive>\Program Files\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe
  For the details, check
  http://technet.microsoft.com/en-us/library/jj204773.aspx
  Lisa Zheng
  TechNet Community Support

• Adding LDAP User store to UME

  We need to authenticate users against an LDAP server.  This works fine from the workbench where the UME ContentSource is database_only.  However, the central WebAs (Netweaver 2004) was installed with ContentSource of r3_rw.  According to the documentation, a prerequisite to adding an LDAP user store is: "You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source."  Since our WebAS Java is not configured this way, is there any way, short of re-installing the server, to add an LDAP user store?  TIA,
  Steve

  Hi Steve,
  Once you choose an ABAP data source, there is no going back.
  You can however synchronize the ABAP with the LDAP server. Have the ABAP user management periodically import users from the LDAP server.
  -Michael

• Why must I set the AD as "default user store " when use Kerberos scheme ???

  Hi ,
  I am using kerberos scheme to authenticate user by OAM after user logged into the AD domain . It works well when there is only 1 AD domain ,for I can set that AD as the default identity store so that OAM can find user from the store and set the header .
  But when there are two totally different AD domains with different users , there will be a question. That is , I can only set one AD domain as the default identity store. So when I use the other AD domain to visit webgate protected resource, OAM notice me the the user/password error. But if the AD user exist in both AD domains, it will be OK, because the user mapping is finished correctly.
  logs here:
  [2011-07-26T22:19:18.599+08:00] [oam_server1] [ERROR] [OAMSSA-20040] [oracle.oam.user.identity.provider] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: cbefca7cded5e992:3fca7bfd:131657b3817:-8000-0000000000000c19,0] [APP: oam_server] Could not modify user attribute for user : sAMAccountName, attribute : smicer, value : {2} .
  [2011-07-26T22:19:18.600+08:00] [oam_server1] [ERROR] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: cbefca7cded5e992:3fca7bfd:131657b3817:-8000-0000000000000c19,0] [APP: oam_server] Failure getting users by attribute : sAMAccountName, value : smicer.[[
  oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20016: Failure getting users by attribute : sAMAccountName, value : smicer.
       at oracle.security.am.engines.common.identity.provider.impl.UserProviderImpl.getUsersByAttribute(UserProviderImpl.java:342)
       at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUsersByAttribute(IdentityProviderImpl.java:656)
       at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.getUsersByAttribute(OracleUserIdentityProvider.java:288)
       at oracle.security.am.engine.authn.internal.executor.KerberosModuleExecutor.execute(KerberosModuleExecutor.java:254)
       at oracle.security.am.engine.authn.internal.executor.AuthenticationSchemeExecutor.execute(AuthenticationSchemeExecutor.java:94)
       at oracle.security.am.engine.authn.internal.controller.AuthenticationEngineControllerImpl.validateUser(AuthenticationEngineControllerImpl.java:261)
       at oracle.security.am.engines.enginecontroller.AuthnEngineController.authenticateUser(AuthnEngineController.java:669)
       at oracle.security.am.engines.enginecontroller.AuthnEngineController.processEvent(AuthnEngineController.java:294)
       at oracle.security.am.controller.MasterController.processEvent(MasterController.java:354)
       at oracle.security.am.controller.MasterController.processRequest(MasterController.java:517)
       at oracle.security.am.controller.MasterController.process(MasterController.java:457)
       at oracle.security.am.pbl.PBLFlowManager.delegateToMasterController(PBLFlowManager.java:209)
       at oracle.security.am.pbl.PBLFlowManager.handleBaseEvent(PBLFlowManager.java:147)
       at oracle.security.am.pbl.PBLFlowManager.processRequest(PBLFlowManager.java:107)
       at oracle.security.am.pbl.transport.http.AMServlet.handleRequest(AMServlet.java:168)
       at oracle.security.am.pbl.transport.http.AMServlet.doPost(AMServlet.java:133)
       at oracle.security.am.pbl.transport.http.AMServlet.doGet(AMServlet.java:673)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
       at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:523)
       at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
       at oracle.security.am.pbl.transport.http.CredCollectServlet.getCredentials(CredCollectServlet.java:148)
       at oracle.security.am.pbl.transport.http.CredCollectServlet.doPost(CredCollectServlet.java:84)
       at oracle.security.am.pbl.transport.http.CredCollectServlet.doGet(CredCollectServlet.java:71)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.am.agent.wls.filters.OAMServletAuthenticationFilter.doFilter(OAMServletAuthenticationFilter.java:265)
       at oracle.security.am.agent.wls.filters.OAMValidationSystemFilter.doFilter(OAMValidationSystemFilter.java:133)
       at oracle.security.wls.oamagent.OAMAgentWrapperFilter.doFilter(OAMAgentWrapperFilter.java:120)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused by: oracle.security.idm.ObjectNotFoundException: No User found matching the criteria
       at oracle.security.idm.providers.stdldap.util.DirectSearchResponse.initSearch(DirectSearchResponse.java:174)
       at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:52)
       at oracle.security.idm.providers.stdldap.util.NonPagedSearchResponse.<init>(NonPagedSearchResponse.java:43)
       at oracle.security.idm.providers.stdldap.util.LDAPRealm.searchUsers(LDAPRealm.java:489)
       at oracle.security.idm.providers.stdldap.LDIdentityStore.search(LDIdentityStore.java:274)
       at oracle.security.idm.providers.stdldap.LDIdentityStore.searchUsers(LDIdentityStore.java:367)
       at oracle.security.am.engines.common.identity.provider.impl.UserProviderImpl.getUsersByAttribute(UserProviderImpl.java:314)
       ... 57 more
  It seems OAM must set the AD as "default user store " , and only if so , AD domain users can login to webgate protected resources by kerberos .
  So, how can I make 2 AD available together ? Can you kindly give some advice? It will be very appreciated.
  Thanks !!

  1) Should my setup be defaulting to 32-bit compilersYes. On Solaris compilers generate 32-bit code by default
  2) I have read that adding -m64 to the compile command will make it 64-bit, is this accurate?It will make compiler produce 64-bit binaries.
  Compiler itself will stay 32-bit ;-)
  3) Is there a way to set the compilers to default to 64-bit so that the user doesn't have to specify -m64?No. At least no compiler-specific way. Only UNIX general tricks (shell alias, shell script etc)
  4) Does everyone just use -m64 and forget about it?Yep. They have no choice

• Using a User Store different from LDAP to identify users

  Hello everybody,
  I've developed a couple of authentication classes in Access Manager and
  I found the constrain to use a LDAP user store very limitative.
  I have to develop a class that check the credential against a table in
  a database. I've no LDAP user store at all. I find all the relevant
  information in the db. So I can correctly authenticate the user but I
  can't "say" to the Identity Server that the user is also correctly
  identified. In the code I can create a new NIDPPrincipal object with a
  (null UserAuthority) setting its properties for the authenticated user.
  It works but anyway I've to add a "fake" LDAP User store to be able to
  check the "identify user" option in the method definition in the
  Administration Console. And I presume that the Identity Server can
  became unstable because it can not find the User in the user store.
  I've looked at the LDAP Plugin extesion, trying to create a "wrapper"
  to the db, but the documented API is only about the LDAP definition and
  does not expose any interface to catch ldap search or read (or whatever
  else the Indentity Server may ask to the User store) so I guess that the
  LDAP access is hard-wired in the Identity server code. This approach
  seems very strange because the modular architecture of the NAM solution
  could work very well with other type of user stores than LDAP. I
  expected to find an interface to abstract the User Authority.
  I'm missing something or my argumentations are very wrong?
  Thanks
  Giovanni
  cannata_g
  cannata_g's Profile: http://forums.novell.com/member.php?userid=17484
  View this thread: http://forums.novell.com/showthread.php?t=422784

  cannata g wrote:
  >
  > Hello everybody,
  > I've developed a couple of authentication classes in Access Manager
  > and I found the constrain to use a LDAP user store very limitative.
  >
  > I have to develop a class that check the credential against a table in
  > a database. I've no LDAP user store at all. I find all the relevant
  > information in the db. So I can correctly authenticate the user but I
  > can't "say" to the Identity Server that the user is also correctly
  > identified. In the code I can create a new NIDPPrincipal object with a
  > (null UserAuthority) setting its properties for the authenticated
  > user. It works but anyway I've to add a "fake" LDAP User store to be
  > able to check the "identify user" option in the method definition in
  > the Administration Console. And I presume that the Identity Server can
  > became unstable because it can not find the User in the user store.
  >
  > I've looked at the LDAP Plugin extesion, trying to create a "wrapper"
  > to the db, but the documented API is only about the LDAP definition
  > and does not expose any interface to catch ldap search or read (or
  > whatever else the Indentity Server may ask to the User store) so I
  > guess that the LDAP access is hard-wired in the Identity server code.
  > This approach seems very strange because the modular architecture of
  > the NAM solution could work very well with other type of user stores
  > than LDAP. I expected to find an interface to abstract the User
  > Authority.
  >
  > I'm missing something or my argumentations are very wrong?
  I'm probably not really the right person but the way I see it is that
  NAM supports LDAP userstores therefore it kinda makes why the LDAP code
  is so heavily embedded. Maybe log an enhancement request to see if JDBC
  can be supported as an authentication mechanism.
  Cheers,
  Edward

• User store for OAM

  I am setting OID as default User store for OAM 11gR2. And shall continue to use the internal UserIdentityStore1 as Security Store.
  Is this ok? What is best practice.

  This should be fine and is recommended way.
  When trying to set this up. I would recommend keep few things in mind. i.e. Make sure that you are having a new LDAP Authentication Module created for default User Identity Store. You don't want to create a mess out of your Authentication Modules and Authentication scheme configurations. Few of the OOTB Authentication Schemes use LDAP Authentication Module. If you change the User IdentityStore for it. Then your system store would be UserIdentityStore1 whereas the OAMConsoleScheme and other Authentication Schemes will be using LDAP Module which will be pointing to your OID's User Identity Store instead of your System Store.
  ~Yagnesh

• User Store

  Everything worked with Access Manager 6.0, but now I'm using AM 7.0. Not in legecy mode. New GUI.
  Creating a sub realm and policy with a referral at the root did not work for protecting multiple applications. I think referrals only give users permissions to manage policies in sub realms. I wanted to create a realm for each application, but that approach does not seem to work. Any suggestions?
  I've given up on sub realms and just created a user store and a normal policy at the root. When I try to authenticate, Access Manager keeps checking the policy server LDAP. I want the user authenticating against the user store I just added.
  In the policy I selected the new user store for the authentication scheme, but that did not seem to work.
  Any suggestions or ideas?

  Thank you for replying. I was wondering if anyone watches this forum.
  Yes, I created an LDAP Authentication Module for the new user store. In the policy I created an "Authentication Scheme" that refers to my new user store.
  No, I have not modied the chain. When tried changing "Default Authentication Chain", I was unable to login to the AM console using the amAdmin user id.
  I thought "Administrator Authentication Chain" applied to amAdmin and I could modify the "Default Authentication Chain" to use my new user store.
  Thanks again!

• Changing user store - what's the impact, what are the pitfalls?

  Dear all,
  we're thinking into moving the userstore from portal DB to ABAP backend (or maybe to LDAP). I could not find any valuable documentation regarding aspects like complexity, costs, required ressources, impacts, and pitfalls, regarding portal content.
  Now I got told that especially content managament (KM) could be a source of serious problems becaus of documents being linked with old unique user-ids, which after moving the user store wouldn't be valid any longer.
  Installed version is EP 7.0 w/ EHP4.
  Has anyone already tried this, or has other experience with this matter?
  Thanks in advance,
  Chris.

  Dear Christoph,
  About which change i would switch to ldap because if you change to abap then never return back, And besides, would have access to the portal synchronized with the network, and users only handle a username and password.
  With regard to the problems this can bring if you keep the user id equal you don't have problems, but if you change it you loose the reference to their things stores.
  Regards.

• Cannot load classes for custom user store

  I implemented a custom user store and deployed as sda library into NetWeaver preview SP16. NetWeaver is not able to load those classes when configuring that user store through Visual Administrator. Below is the error message I got,
  Unable to register user store!
  java.lang.SecurityException: com.sap.engine.services.security.exceptions.BaseSecurityException: Can not instantiate UserContext.
       at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:78)
       at com.sap.engine.services.security.server.UserStoreFactoryCache.registerUserStore(UserStoreFactoryCache.java:120)
       at com.sap.engine.services.security.server.UserStoreFactoryImpl.registerUserStore(UserStoreFactoryImpl.java:150)
       at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImpl.registerUserStore(RemoteUserStoreFactoryImpl.java:64)
       at com.sap.engine.services.security.userstore.RemoteUserStoreFactoryImplp4_Skel.dispatch(RemoteUserStoreFactoryImplp4_Skel.java:99)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Caused by: java.lang.ClassNotFoundException: mypackage.myusercontextimpl
  Found in negative cache
  Loader Info -
  ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore]
  Parent loader name: [Frame ClassLoader]
  References:
     library:com.sap.ip.basecomps
     library:core_lib
     common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
     library:servlet
     library:sapxmltoolkit
     library:com.sap.mw.jco
     library:com.sap.util.monitor.jarm
     library:j2eeca
     library:opensql
     interface:security
     interface:log
     interface:shell
     interface:keystore_api
     library:ejb20
     interface:webservices
     library:com.sap.guid
     interface:appcontext
     interface:endpoint_api
     interface:resourceset_api
     interface:resourcecontext_api
     common:service:iiop;service:naming;service:p4;service:ts
     interface:ejbcomponent
     interface:container
     interface:visual_administration
     interface:transactionext
     interface:dsr_ejbcontext_api
     service:timeout
     library:tc~jmx
     interface:cross
     service:file
     service:locking
     library:tcSLUTIL
     service:memory
     library:antlr
     library:jdbdictionary
     library:opensqlextensions
  Resources:
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\dbpool.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\basicadmin.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_compat.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\adminadapter\adminadapter.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\jstartupimpl.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx_notification\jmx_notification.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\security\security.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\com.sap.security.core.ume.service\com.sap.security.core.ume.service.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_userstore_lib.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\webservices_lib.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\basicadmin\jstartupapi.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas_test.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\sqljimpl.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.tpd.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.perm.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\connector\connectorimpl.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\saaj-api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\configuration\configuration.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_jaas.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_xmlbind.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_util.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_csi.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_toolkit_core.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_ssf.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\userstore\userstore.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_https.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_saml_service_api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\jaxrpc-api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\dbpool\opensqllib.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\deploy\deploy.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\security.class\tc_sec_jaas.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx\jmx_sec.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.api.sda\com.sap.security.api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\com.sap.security.core.sda\com.sap.security.core.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\jmx\jmx.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\ext\webservices_lib\jaxm-api.jar
     C:\usr\sap\J2E\JC00\j2ee\cluster\server0\bin\services\keystore\keystore.jar
  Loading model: {parent,local,references}
       at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:348)
       at com.sap.engine.services.security.server.UserStoreImpl.<init>(UserStoreImpl.java:75)
       ... 13 more
       at com.sap.engine.services.security.exceptions.BaseSecurityException.writeReplace(BaseSecurityException.java:349)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at java.io.ObjectStreamClass.invokeWriteReplace(ObjectStreamClass.java:896)
       at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1011)
       at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278)
       at com.sap.engine.services.rmi_p4.DispatchImpl.throwException(DispatchImpl.java:139)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:306)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

  Hi sheshu0022,
  Based on my research, the issue can be occurred due to something get corrupted in the script task. To fix this issue, please copy the code in the task, then rebuild the script task with the same code to test again.
  The following similar thread is for your reference:
  http://stackoverflow.com/questions/15165760/ssis-script-task-fails-on-server-with-error-cannot-load-script-for-execution
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support