Hello experts,
I have implemented the approval workflow which was working smooth. But today when I have done an assignment, it went for approval and after the approver has approved the assignment request, it triggered a mail saying assignment has approve( as we configured). But the status of the assignment is Failed. I am confused here. This happened in production. Can you please tell me were to check the root cause of this assignment failure. Please find below the relavant screenshots.
Hello,
We are unable to reset password of users in SAP Backend System through IDM UI.
The moment we enter new password and submit, we are getting below dump.
Any idea???
java.lang.NullPointerException
at com.sap.idm.wd.wf.task.TaskCompView.onActionSave(TaskCompView.java:172)
at com.sap.idm.wd.wf.task.wdp.InternalTaskCompView.wdInvokeEventHandler(InternalTaskCompView.java:223)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Thanks
Aditi
Hi All,
I am trying to update an existing IdM installation running on Oracle 11 and RedHat linux.
I am using the default scripts (.sh) available with SP09 but nothing is happening.
I have amended include.sql to meet the database configuration but the script will connect and disconnect immediately.
Do I need to amend the standard scripts (.sh)?
Anyone an idea why this is happening?
Many thanks!
Regards,
Ridouan
I have a question for the group mind...
I'm looking at the 7.2 initial load job for ABAP and I see a reference for the MX_GROUP_INHERITANCE attribute. I looked it up in the Schema document and I see a reference that this is replaced by MX_INHERIT.
It's not a big deal to just make the update, but I'm wondering what I'm missing by not having this populated?
Thanks,
Matt
Hello,
we are using the VDS with two data sources, both are databases with the scope to a single table.
One table contains company addresses while the other one contains data of persons.
If we use one virtual tree and only one node for e.g. the company data source we receive the attribute schema of this table by viewing it with external LDAP browsers like LDAP Admin. So this works for both data sources used in single mode (single data source and single virtual tree).
When we configure another virtual tree for the other data source (persons) as well as another user (only one user per tree) to connect to each tree by different username and password, we only receive the schema of the data source which is selected in the first tree.
Here are a few information about what's happening when we using LDAP Browser LDP.EXE to get the schema.
We used LDP.EXE because it is showing the schema naming context right after binding.
Connecting to LDAP Browser with the corresponding user of tree1 (tree1,o=db,*):
Schema naming context schows up: cn=schema,o=db
Accessing the schema works fine and we receive all attributes.
There is all ok.
Connectiong to LDAP Browser with the corresponding user of tree2 (tree2,o=db2,*):
Schema naming context: cn=schema,o=db
Accessing this schema returns: Server error: Couldn't perform DN to Data source mapping
Shouldn't be the schema of this binding cn=schema,o=db2?
This is even the correct path in the tree2.
Yes, the schemas of both tables are different, but we need to access them.
Is there any possibility or do we have any logical issue here?
Do you have any idea how this could work?
Maybe there is an even better solution where we only need one tree and one single user - that would be even more perfect 
Thank you in advance.
Kind regards,
Bastian
Hello Experts,
Currenlty we are on IDM 7.2 SP8 and we have setup the IDM approval task on Validate Add Event for repositories.
Privileges are grouped on Application, so all the privileges for the same system should be grouped in the same request. When two or more privileges are assigned to user, one approval request gets created. In the approval view, the approver only sees one privilege available for approval. However when the request is approved all the privileges are getting assigned to user.
We would like have all the privileges displayed in the approval request for the approver. Any suggestions please for this issue. Why the request is not showing all the details ?
Thanks
Rashmi
Hi,
I am trying to do SP upgrade from 7 to 9 on the IDM 7.2 system. However I get an error saying stack definition contains no applicable stacks.
The stack.xml was generated by the maintenance optimizer in solution manager and my system too is added to the solution manager system.
Please do let me should if I am missing any thing.
Thank you,
Regards,
Praman
Hi All,
We are getting below error in job log while resetting password of users through IDM UI in IDM 7.1.
Please note that user has been created in backend through IDM only and we are putting 7 character long password only.
Also, password reset task has been maintained in Password Policy Tab.
The attribute values maintained in Pass for password reset are:
logonuid %MSKEYVALUE%
password $FUNCTION.sap_getPassword(%MX_ENCRYPTED_PASSWORD%)$$
changetype modify
Also, scripts maintained are: sap_encryptPassword and sap_getPassword
Could you please help!!!
Job log:
putNextEntry failed storing90000004
Exception from Modify operation:com.sap.idm.ic.ToPassException: User 90000004 does not exist Password is not long enough (minimum length: 7 characters) Internal error: FM SUSR_USER_READ, exception: 1 Inconsistency with address
Thanks
Aditi
Hi Experts,
we've setup IDM 7.2 Landscape.
Now we would like to export our configuration of development system.
When we call transport-function of UI
<server>:<port>/idm/admin -> transport -> configuration export -> generate exportfile
we get following error:
Error creating export: Method IdMConfigExport.createConfigAsString delivered no result.
Anyone who has a solution?!
Thanks
Simon
Hi all,
Can SAP IDM support custom application?
The application uses Oracle tables to store IDs, Roles, Passwords etc.
I am new to SAP IDM.
But I do have some experiences with Oracle IDM and IBM Tivoli IDM.
Thanks in advance,
dongsu.
Hi All,
I am having an issue with a new installation of SAP IdM 7.2 SP09 DT.
I am able to perform almost every activity in IdM ecxept when I try to create a new dispatcher.
The dispatcher will be created but nothing will be filled-in and I am not able to change anything.
Error:
Overflow
Method: EmcDispatcher.ShowDispatcher
Error: 6h
Description: Overflow
Anyone an idea?
Thanks very much.
Regards,
Ridouan
Hello Guys,
We have a customer with 2 separate independant entities, but who is running a single instance of SAP Access Control on top of their ECC. They want to implement SAP IDM for users provisoning, but for internal reason each entity wants its own install, and to manage its own subset of identities.
We have several times recommended a single IDM, but it seems that this is not an option for them. So in order for the project to proceed, we've been asked to investigate if we can deploy 2 separate IDMs but both interfaced with a single Access Control for Segreation of Duties audit.
Is that something doable?
Has anyone already encountered such a situation?
Thanks in advance,
Arnaud
Hi Experts,
I am working with IdM 7.2 SP08.
I followed this procedure to install the sap logon help. This message error is
http://help.sap.com/saphelp_nwidmic_72/helpdata/en/0d/71c8bb0f744c308c7b5e91657ddcbf/frameset.htm
All the prerequirements are OK: SSL, HTTPS, my computer (Windows 7 Pro 64) is connected to domain, etc.
I import the logonHelp.adm and enaled the server and the port.
Questions and answers are OK and the user "AdminUser" can modify his password via the web url ...idm/pwdreset.
In my compter Win 7 if I run regedit:
HKEY_LOCAL_MACHINE--> SOFTWARE --> SAP --> logonhelp
I cannot find IDM entries(IdmServerHost and IdmServerPort)..? I tried to add them manually but no success
Question2:
After importing the logonHelp.adm in Group Policy Management should I modify the content of logonHelp.adm file also?
In the trace.xml: I can read: the retrieving of the sequrity questions for the user "AdminUser" returned empty response or the execution on one of the methods CwinHttpHelper::SendRequest or CLowCommon::ConvertAsciiToUnicode returned error.
Can you please help? any missing step?
Thanks,
Nina
Hi,
During the Initial Load from SAP i get the following error:
The specified "Valid to" date is in the past:Attribute: MXREF_MX_PRIVILEGE
Is it possible anyway to assign the invalid role to an user? Or is it a must to clean the SAP data with program PRGN_COMPRESS_TIMES?
Thanks and regards
Florian
Hi Idm gurus,
We have just started IDM project and have a fresh Idm 7.2 SP09 sandbox installation on Windows 2008 and Oracle 11g database. We have installed Identity Center and IDM UI. The users, created in UME and added to the Identity Store can't see the Self Service tab, when they log into IDM UI. Instead, they only see the message "Could not find existing values for attribute #MX_MXREF_MX_PRIVILEGE_DN for entry [USER NAME]".
The role idm.authenticated is created in UME, is assigned to the test users, to the group 'Authenticated Users' and contains the following actions:
tc~idm~jmx~ump.idm_authenticated and
tc~idm~jmx~ump.idm_monitoring_support.
The test users are added to the Identity store with Manager and Administrator privileges. What could be a cause of this problem? Would you recommend to use one of the earlier Service Packs or switch from Oracle to MS SQL?
Thanks in advance for your help!
Yuri
Hi all
I'm setting up IdM7.2SP6 to talk to GRC 10. Finally got the web services set up and talking and most of the jobs came through fine. However, I'm getting the following error reading roles from GRC through the GRC 10 Initial Load.
fromDSA.doSearch got exception, returning false
javax.naming.NamingException: [LDAP: error code 1 - (GRC Search Roles:1:msgcode=4;msgdescription=Invalid input or no data present for the given input;msgtype=ERROR)]; remaining name ''
I haven't done any modifications to the job - straight out of the box.
I've been assured that there are roles to find (I don't actually have GRC access).
A trace on the GRC server for the connecting user revealed no errors and authorisations are good.
Has anyone seen this one before?
Thanks
Peter
Hi Everyone,
Our company is implementing BPC 10.0 and we have a specific team managing security in BPC. Once the security is assigned to a user in BPC then BPC is assigning the relevant BPC roles to users in SU01 in the backend (BW).
However we have connected BW to IdM and all the provisioning and de-provisioning in BW takes place via IdM.
Upon any changes to user in IdM, IdM is going into BW and wiping out the BPC roles which causing the users to lose access in BPC.
Has anyone faced this issue? Is there a work around?
Can we have IdM not touch the BPC roles in BW?
Please Help!
Thank you,
KV
Hallo All,
I encounter an issue on my IDM development system which I have been trying to solve for a couple of days.
It seems that the passes part of the initial load job are not able to write or read on my identity store anymore.
This is the error message I receive.
There is probably a parameter somewhere that I missed and need to change.
Can someone please advice on this issue?
Thx by advance,
Laurent
Hi Everyone!
I had implemented an Identity Center 7.2 for internal training, linking both abap and java satellite systems and all works fine.
However after performing initial load and the creation of edit authentication questions task, users aren't able to connect ad https:\\hostname:port\idm to edit their authentication questions.
Have I missed some configuration step?
Cindy
Hello All,
It seems to be a recurrent question how to apply mass user updates or creations in IDM. But till now I' have not found a solution that would fit my requirements.
I would like to create a mass user creation page or job.
My first “choice” would go to a custom UI page where a file can be uploaded and saved, from there the users would be created in mass on my Identity store.
Till now I've tried several possibilities but am struggling a bit with the step between file upload and user creation. Where can I retrieve the uploaded file? As I don't know where to find the uploaded file I can read it and write it to my custom tables to treat the user creation.
The page looks like this:
The used attribute named "Z_FILE_UPLOAD_LINK" has been configured as follow.
Has anyone already made this kind of page ?
Thanks a lot by advance,
Laurent