We are trying to consume GRC AC webservices, inside the package GRAC_DIRECTORY_SERVICES->Enterprise Services->Service Provider ( se80)  by http using VDS,  and the Exception message bellow appeared.

We try to test these webservices wsdl by soap UI 4.5.2 tool and the
Exception is the same.

Exception: (GRC Select Applications:1:Exception in GRC WS API
call:Virtual Interface not found) VDS complete error message
: Thread[21,3,LDAP Sessions:main_listener_99**] Wed Jul 10 15:48:56
BRT
2013 Exception: (GRC Select Applications:1:Exception in GRC WS API
call:Virtual Interface not found) WARN Java true
{0}#1#com.sap.idm.vds.MVDException at com.sap.idm.vds.operations.MVDSearchOperation.FetchResultCode
(MVDSearchOperation.java:908) at
com.sap.idm.vds.operations.SearchOperation.mxperform
(SearchOperation.java:49) at
com.sap.idm.vds.Engine.answerRequest(Engine.java:261) at
com.sap.idm.vds.protocols.ldap.MxLdapSession.run
(MxLdapSession.java:193)

When we are testing these GRAC* webservices by transaction sicf, we get a blank page on webbrowser.

When we are testing by se80 transaction the Exception message bellow appeared.

" Successful with empty result - commit may be required
Message no. SPRX286

Diagnosis
Data was transfered successful. For complete processing you may need to trigger a commit work.

Procedure
If commit work is required use the menu entry "Extras -> Trigger COMMIT WORK". "
  .
Let´s chose the webservice GRAC_SELECT_APPL_WS as paradigm

We already apply  the 1790739 note to activate these webservices.

Would anyone help us ?

Cheers,
Rodrigo

Hello,

This time I don’t have a technical issue, I’ve just finished to implement the self-reset and it works fine !

I just want to confirm few things.

To be able to make a “self service - reset password” the user :

- Must exist in UME & IDM

- Must have the role : idm_authenticated in UME

- Must receive a password for IDM

What annoys me is that we thought to implement this self service to allow the users to reset and unlock themselves through IDM to SAP but former we first must do the steps I've listed above ?!

I can enable the password provisioning in the Identity Store but then the new IDM password will be sent to all sap systems of the user not only to the needed one ! (I just want to specify that we do not have single sign on for SAP Systems)

Is there a way, that we can allow the users to chose the sap system for which they need a reset ?

I was thinking about creating a new self service task which would allow the user when connected to IDM, let them reset their own SAP password by selecting the system they need.

Any advice ?

Thx,

Hi,

I have a doubt why when we configure the job initial load or write to sap master, not all the data stored on the IS is writed on the backend system?

For instance when we extract dates of an employee of the HCM, why when I check on t-code SU01 not all the fields all fill?

such as department, company, function and others

Is there one script that can do this?

Does anyone know if IDM 7.2 on either SP7 or 8 is compatible with Portal 7.3. Having a real hard time finding that in the release notes.

Thanks,

Curtis

Hi Experts,

  The User ID is getting deleted Repeatedly in IdM. This is happening with only one Employee. All the other employees are fine. I even checked the value of the attribute 'MX_FS_EMPLOYMENT_STATUS_ID'  for that Employee, and its 3(Active) and not 0(Withdrown). Dont know what is gone wrong.

select aValue from mxiv_sentries where MSKEY = 227669 and AttrName =

'MX_FS_EMPLOYMENT_STATUS_ID'

PFB the Job screen shot FYR.Please do Help.

Regards,

Mohamed Fazil

Hi Guys,

I am experiencing a strange behavior or perhaps a default functionality when working with Approvals in IdM 7.2 SP8.

I have a business role with just 1 approver  (MX_APPROVERS) defined as we started testing the Approval Workflow Processes.

The manager approval is of type assignment and retrieves approvers from PVO. I know If you set an approver on a role/privilege the approvers are copied to the PVO in this scenario.

The issue occurs when the manager is the same as the approver, for example the manager is the person who triggers the role assignment and the next step is the manager approval where we retrieve the manager using the MX_MANAGER value of the provisioned user.

I see the pre-processing of manager approval is retrieving the correct value for the manager but the approval is declined because of insufficient approvers.

This issue doesn't occur If the requestor is not the same as the manager/approver.

I have tried to modify the approvers using the operators (E,M,R) before the approval task but nothing seems to help.

#Edit: Behavior occurs when retrying a declined business role assignment.

Any tips or idea's are more then welcome.

Thanks very much!

Regards,

Ridouan

Message was edited by: Ridouan Taibi

Dears,

I 'm searching for a tutorial or blog for creating a approval workflow. In my little scenario a customer apply for a account and roles. The IdM has to send a mail to his boss and he approve or refuse the call. In the postive case the system create the account.

Do you know any tutorial or howto?

Best regards,

Hans

Hi

We are trying to configure VDS for IDM 7.2 with SQL 2008.When we are configuring data-sources as sample HR table given in the db schema MXMC_DB.

For this we deployed latest JDBC driver i.e JDBC 4.0 for SQL 2008.But when we are trying to map the database sample table as data source we are not able to connect to db schema it just says "Trying to Connect"  As shown below in the screenshots.

Regards

Pradeep

We have a a couple of similarly configured privileges which appear to be being deleted by the system.  The deletions are always occurring at 2am or shortly thereafter.  I have searched our configuration and I can't find any job running at 2am that might account for this.  Equally if I check the audit table the audit ID of the deprovision task (triggered by the privilege delete) has a REFAUDIT entry that relates right back to the original provision event a number of days prior.  I'm 99% sure there is no pending value object at play here, not least because the provision process (it's attached to the repository) completes as expected.

Does anyone have a suggestion of how I can deprovision event back to its trigger point?

Interestingly I don't believe this was not an issue in 7.1, we've only started to see this issue since we moved to 7.2 sp7 a couple of months ago.

Thanks!

As part of IDM implementation we have executed ABAP Initial Load to fetch the data from the back end Systems . Privileges are sync back to IDM as part of this Initial Load .So after this initial load when we assigned certain privileges to the same user , roles which are updated to the user as part of ABAP Initial Load or Back end Sync are wiped out from Back end System . Can you explain why this is happening & how we can fix this issue ?

Example below :  

1) ABAP Initial Load executed for System GTS

2) User A roles (Priv 1 , Priv 2 ) in GTS system was sync to IDM System.

3) Approval workflow Testing we initiated PRIV 3 assignment to User A .

4) IDM Provision workflow group only PRIV 3 to User in backend system & removes PRIV 1 , PRIV 2 from users backend system.

Can any one explain why this is happening ?

Ok, so thanks to some help here on the forum, I can get JSPM to start so that I cam try to install the SCA files for SP8.  However, now I get this message when I try to install them:

Can't verify package

and the log says

Could not establish connection to AS Java on [nw73:50004]. Cannot authenticate the user, wrong or missing security credentials (password) for principal [test]

and then another one for [administrator]

What gives?

Never let it be said that BASIS is not important for IDM! 

Hi,

we are loading 2000 user roles as a batch(1job) from IDM to all child systems ECC, SRM,APO, Portal, BW and it is taking close to 3 hours to load the users(is this normal?). we need to load 150K users and we are running out of time to load all the users.

I looked at system/database performance and did not find any resource contention issues. we have total 4 dispatchers (on 2 systems) and looking if we need to activate any parameters to increase performance.

Thanks,

Venkat.

Hello everyone,

we are running idm 7.2 sp8 and we are trying to provide an LDAP view of our productive identity store through the VDS so that a third party product can read our data (especially assignments data).

We also want the third party product to be able to send data to our staging area so we first used the standard VDS Template HCM LDAP EXTRACT for IDM 72 and then completed it (creating another datasource and another "branch" in our vitual tree), to reach our productive area.

We are now able to see every attribute of the user but we still have one problem, as you can see, we put a validity date on one assignment :

In my LDAP view, i am not able to retrieve it:

Do you know if it possible to do so or not?

Thanks a lot,

BR,

Clotilde Martinez

Ok, I've been able to get the SCA files to import and configured the roles for IDM but when I try to go to http://localhost:50000/idmui5 I get:

Cannot process an HTTP request to servlet [default] in [idmui5] web application.

[EXCEPTION]

com.sap.engine.services.servlets_jsp.server.exceptions.WebServletException: Cannot load filter [null]. Error is: [java.lang.ClassNotFoundException: com.sap.ui5.resource.CacheControlFilter

------------------------- Loader Info -------------------------

ClassLoader name: [sap.com/tc~idm~ui5~ear]

Loader hash code: 3583246e

Living status: alive

Direct parent loaders:

   [system:Frame]

   [interface:webservices]

   [interface:cross]

   [interface:security]

   [interface:transactionext]

   [library:webservices_lib]

   [library:opensql]

   [library:jms]

   [library:ejb20]

   [service:p4]

   [service:ejb]

   [service:servlet_jsp]

   [sap.com/tc~idm~rest~ear]

Resources:

   C:\usr\sap\ZZZ\J00\j2ee\cluster\apps\sap.com\tc~idm~ui5~ear\servlet_jsp\idmui5\root\WEB-INF\classes

---------------------------------------------------------------]

at com.sap.engine.services.servlets_jsp.server.application.WebComponents.reinstantiateFilter(WebComponents.java:1270)

at com.sap.engine.services.servlets_jsp.server.application.WebComponents.getFilter(WebComponents.java:1204)

at com.sap.engine.services.servlets_jsp.server.application.ApplicationContext.instantiateFilterChain(ApplicationContext.java:1159)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:412)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)

at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)

at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)

at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Caused by: java.lang.ClassNotFoundException: com.sap.ui5.resource.CacheControlFilter

------------------------- Loader Info -------------------------

ClassLoader name: [sap.com/tc~idm~ui5~ear]

Loader hash code: 3583246e

Living status: alive

Direct parent loaders:

   [system:Frame]

   [interface:webservices]

   [interface:cross]

   [interface:security]

   [interface:transactionext]

   [library:webservices_lib]

   [library:opensql]

   [library:jms]

   [library:ejb20]

   [service:p4]

   [service:ejb]

   [service:servlet_jsp]

   [sap.com/tc~idm~rest~ear]

Resources:

   C:\usr\sap\ZZZ\J00\j2ee\cluster\apps\sap.com\tc~idm~ui5~ear\servlet_jsp\idmui5\root\WEB-INF\classes

---------------------------------------------------------------

at com.sap.engine.boot.loader.MultiParentClassLoader.loadClass(MultiParentClassLoader.java:278)

at com.sap.engine.boot.loader.MultiParentClassLoader.loadClass(MultiParentClassLoader.java:247)

at com.sap.engine.services.servlets_jsp.server.application.WebComponents.getResourceClass(WebComponents.java:1902)

at com.sap.engine.services.servlets_jsp.server.application.WebComponents.reinstantiateFilter(WebComponents.java:1263)

... 39 more

The only thing I can think of is that my idm.authenticated role has both rest and non rest actions defined:

J2EE tc~idm~jmx~app $SAP_J2EE_Engine_Upload

J2EE tc~idm~jmx~rest~app $SAP_J2EE_Engine_Upload

UME tc~idm~jmx~ump idm_authenticated

J2EE tc~idm~rest~ear idm_authenticated_restapi

J2EE tc~idm~rest~ear $SAP_J2EE_Engine_Upload

J2EE tc~idm~rest~ear all

J2EE tc~idm~ui5~ear idm_authenticated_ui5

J2EE tc~idm~ui5~ear $SAP_J2EE_Engine_Upload

J2EE tc~idm~ui5~ear all

J2EE tc~idm~uwl $SAP_J2EE_Engine_Upload

Any thoughts?

When accessing the assign privilege task in the self services tab in the NW IDM UI, I can assign a privilege to a user. But I can't save this role assignment, there is only a refresh button present. Normally it should have the save button.

Anyone who knows what's going on ?

thanks in advance !

Hi,

I'm putting togethera newVirtual MachinefortestingtheSP8ofIdM, but I'mintending toinstallNetweaver7.4.

My questionwould be:

-I can doan installation ofNetWeaver7.4to work withSAPIdM7.2 oronly workwith the version ofNetWeaver7.3?

-Is there amedia packavailable fordownloadon the SAP sitefor the installationofNetWeaver7.4withKernel?

-WhatNetWeaverminimumso that I canupgrade toSP8ofIdM?

Thanks. I'mawaitinga answer.

Hello Experts,

Can anyone please let me know that how can we integrate SAP IDM with SAP NW PI (Process Integration)?

And which protocol SAP IDM supports to send/receive data?

Thanks

Amit Srivastava

Hi Experts,

     I was looking for a method to maintain Communication method in SU01 through SAP NetWeaver Identity Management (SAP IdM) . But I was not sure what is the corresponding attribute for Comm Method in SU01. Can anyone please comment on this?

     Also I wanted to know if there is any other configuration I am supposed to maintain inorder to make the above functionality work?

Regards,

Mohamed Fazil

I have a new install of IDM 7.2 sp7, everything looks correct but I'm not sure about the Java levels. I've checked the mxmc_admin password and created a job to ensure the dispatcher and mxmc users have the right passwords (tested in sql studio). I'm kinda at a loss where to look next. Here is the log from the error. Any help would be greatly appreciated.

Curtis

24.07.2013 00:10:11 :I:Parsing arguments to syncutility

24.07.2013 00:10:11 :D:Operation type is IMPORT_TO_GROUP

24.07.2013 00:10:11 :D:Loading driver com.microsoft.sqlserver.jdbc.SQLServerDriver

24.07.2013 00:10:11 :X:Found items in classpath:

24.07.2013 00:10:11 :X:- ".

24.07.2013 00:10:11 :X:- C:\Program Files\sqljdbc_3.0\enu\sqljdbc.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\logging.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\imXport.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\transportation.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\jh.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\MIC-impexp.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\xerces.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\xalan.jar

24.07.2013 00:10:11 :X:- D:\IdM\Identity Center\Java\xml-apis.jar

24.07.2013 00:10:11 :X:- C:\Users\a82334\Desktop\Microsoft JDBC Driver 4.0 for SQL Server\sqljdbc_4.0\enu\sqljdbc4.jar

24.07.2013 00:10:11 :X:- "

24.07.2013 00:10:12 :D:Loaded JDBC Driver class: com.microsoft.sqlserver.jdbc.SQLServerDriver Version: 3.0

24.07.2013 00:10:12 :I:Creating connection to jdbc:sqlserver://cnaw08v712:1433;databasename=mxmc_db;user=mxmc_admin;password=****@ne

24.07.2013 00:10:12 :I:Could not create connection to the database jdbc:sqlserver://cnaw08v712:1433;databasename=mxmc_db;user=mxmc_admin;password=*****

24.07.2013 00:10:12 :X:Initialized log for com.sap.idm.ic.syncutil.utilities.ShowLogFileDlg. Log level is eXtended

Hello IDM folks,

Has anyone implemented SP8 utilising the new functions around attribute validity on reference attributes.  The reason I ask is to determine if this will allow the creation of PVO on role to role structural references, which I have not been able to achieve thus far as previously no validity has been possible.

On review of the post 'SP 8 for SAP NetWeaver ID Mgmt 7.2 Now Available' by Regine Schimmer, I came accross the following point in the new features (New Features and Functions in Support Package 8 for SAP NetWeaver Identity Management 7.2):

Page 15;

"With SAP NetWeaver Identity Management 7.2 SP8, it is possible to specify validity for all types of reference attributes.   This makes it possible to add validity to structural attributes like role-to-role references."

Cheers,

Andrew