is there any connector available for the integration from sap ariba? or has anyone any experience with the sap ariba integration?!

we want create,change and archive the ariba user with sap idm 7.2.

Hi Experts

While provisioning roles in IDM 7.2, I see this error in the Job logs:

Failed running function in string "$FUNCTION.sap_abap_getNameOfAssignedPendingPrivileges(mskey!!repname!!role!!true)$$". Marking entry as failed. Exception was: undefined: "sap_abap_convertToABAPValidFromDate" is not defined.

I am getting this error only if I provision the existing SAP users. Assigning any role to a new user works fine. Went through both the above mentioned scripts, but don't see any Problem there.

What am I missing here?

Best regards

Annapurna

We have several entries in the provisioning queue where we are trying to understand why they are not being processed or cleared from the queue successfully for specific mskey #'s.  I have read Steffi's blog post SAP IDM: Provisioning is stuck (yet again) - My checklist.  In particular, we executed step 3 'Check for waiting tasks via the SQL developer' with no success.

I'll try to explain the scenario here.  I want to get a 2nd opinion to see if this would negatively impact the mskey #/system that I'm not aware of before executing in production?  Or, are there other areas to investigate that I'm missing? We are on IdM 7.2 SP8 (one of the earlier patch levels) with DB2.

The entry is active within IdM (MX_INACTIVE = NULL). Here's the provisioning queue for the specific MSKEY # that I changed (i blocked out the MSKEYVALUE from MSG):

This has been in the provisioning queue for several months with nothing being done.  Here's a screenshot of the provisioning status of the auditid that it's waiting for (1100 = OK):

I continue to look at the REFAUDIT to see if I can see anything there.

The auditref has a status of 20 (Pending), which is the parent ordered task that started the chain of events.  However, not all of the tasks/jobs have finished as one of the tasks has a status of 5 (Waiting).  For some reason, the entry in the provisioning queue with a state of 24 is not finishing to kick off the task that has a status of 5.

At this point, I tried a few things since I'm working in a non production system.  This is where I landed by executing the following SQL statement.

update mxp_provision set state = '2' where mskey = 2282651 and actionid = 1003557

This updated the state from 24 (Wait for event task status) to 2 (Ready to Run).  This cleared the provisioning queue for the mskey #.  Looking at table MXP_AUDIT PROVSTATUS changed from 20 to 1101 for the parent ordered task.

MSG: Error in expanding linked tasks (3): -803:SQL0803N  One or more values in the INSERT statement, UPDATE statement, or foreign key update caused by a DELETE statement are not valid because the primary key, unique constraint  Task:1003557

This accomplished my goal of cleaning up the provisioning queue for that specific MSKEY #. The attributes for the MSKEY # did not change (which was what I wanted as well).  And, nothing showed up in the system/dispatcher/job logs.

In addition, I tried variety of other direct database updates to mxp_provision, but didn't go as far as deleting anything.  Example, I changed the sate to 21 (Expanded OK), whic didn't do anything.

We are using a To Identity store pass to add the MX_INACTIVE attribute to a user id that is a MX_PERSON entry type.

We get the following error:

Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed modifying entry 't_employee22'. IDStore returned error message: " Not possible to inactivate entries of this entry type. Only identities can be set inactive:Attribute: MX_INACTIVE" when storing attribute 'MX_INACTIVE=1'

We can see in the DB that the user is a MX_PERSON entry type.

Any suggestions would help.

Regards,

Jon Sells

NOTE: We are on IDM 7.2 SPS 8 on DB2 10.1

Hello Experts,

We have a custom UI from which we would be changing users would be requesting for roles,pwd reset, identity creation.

For this purpose we have created a new entry type which would be triggered whenever user requests for role,pwd reset etc.

Requirement: Generate Reports based on the request type raised by the user.

I have created a new report entry type. there are four types of reports which user can request from the custom ui. So based on the report type selected from the custom ui, the new report entry type task would be triggered.

Whenever this task is triggered, at first it stores the users requested details in its related attributes and temporary attributes.

i have created a switch task, to generate the report file based on the report type selected.

Problem: How to create a task which generates a file which all the request entry type attributes details based on the date ranges.

Can you kindly please help me with this.

Does the below idea works:

1 . Pass the values to a script and return the distinct mskey values via query through as task and then create a pass To Ascii file and provide the file location and attributes which needs to be stored in the destination tab.

2. Is there any way to provide the source details via an sql query for the provisioning job and destination would be an ascii file.

Look forward for your valuable suggestions.

Regards,

DP

Hi Experts,

Need your help in understanding one of the errors in dispatcher logs.

Our dispatcher logs are filled with this error "Interrupted due to invalid semaphore". Now we would like to know if anyone else have got this error and if they have resolved. Our dispatchers are working fine so its not a show stopper. I found a thread on this where Chris suggested to check if there is other dispatcher in same name.

MxDispatcher - EVAL LINKS  - Interrupted due to invalid semaphore"

I checked it and we don't have two dispatchers in same name however we have two run times, one for windows and one for java for each dispatcher.

Is that causing the issue? Any info would be helpful.

Kind regards,

Jaisuryan

Hi,

We are trying to connect IDM 7.2 with GRC AC 10.0. I found various services provided by SAP and found they were pre-activated.

Also found a SAP Note which talks about registering services in SOA Manager to be able to call the web services. My doubt is if I need to register these services in SOAMANAGER for integrating with another SAP system(which is SAP IDM in this case) or it is only needed for non-SAP systems

Will just activating the services in SICF would be sufficient?

Regards,

Silver

Hi Experts,

I need some guidance on how to connect IDM to GRC 10.1 from a GRC standpoint. We use IDM to provision and need GRC to run the risk analysis for the request submitted and send the information back to IDM. IDM should then take action by approving or rejecting the request.

Please can you anyone guide me on how to do this in GRC? I am very familiar with how to do this in 5.3 but a little confused on how to do this with GRC 10.1

Any information will be greatly appreciated.

Thank you.

Regards,

Kiran

Dear All,

I am encountering this issue when logging in using the mxmc_admin user in my Identity Center. Please see errror below:

I was able to login and seeing no error in the status of the IC, I also tried running the dispatcher and it successfully run.

Is this something I need to worry about, or is this some kind of product bug?

By the way, I am running this system:

OS: Windows 2008 R2

Database: MS SQL 2012 R2

IDM Version: 7.2

SP Level: 0 (base release).

Appreciate any help you can provide.

Thank you!

Regards,

Santi

hi ,

We have an IDM 8.0 server installed and now have been asked to Install the IDM 8 on portal(740) as an add on and we are trying to get a list of components which should be installed on the portal, from the following list would anyone advice which all components should be installed on the portal .

• IDENTITY CENTER CORE 8.0
• IDENTITY CENTER REST API 8.0
• IDENTITY CENTER RUNTIME 8.0
• IDM 8.0 PORTAL CNT FOR NW 7.3
• IDM CONFIG LM REST API 8.0
• IDM FEDERATION 7.2
• LOGON HELP 8.0
• NW IDM 8.0 UIS FOR NW 7.30
• NW IDM UI FOR HTML5 8.0
• VIRTUAL DIRECTORY SERVER 8.0
• 
  

   regards

   Jonu Joy

Hi Experts

In IDM 7.2 SP8+ I'm developing my custom provisioning tasks. I have a repository with the account privilege (plus technical privilege as well). And I have assigned the following member event tasks:

• The Validate Add task which does my own custom validation.
• The Add Member task which does my own custom provisioning to external system.

At the moment my custom Validate Add task checks the given user and rejects the assignment always (just for testing purpose). To reject the assignment I set MX_ATTR_STATE attribute of the PVO to state = "3" which means Rejected status according to IDM documentation.

At runtime I see that the Validate Add task is executed as I expected. And the Add Member task is not executed (skipped) - this is also goes as I expected.

However, I can't understand the final status of my assignment. When I check the assignment after the validate add task is finished I see the following attributes in the IDMV_LINK_...:

• mcAddAudit is NULL. It looks Ok as the Add Member task was not executed.
• mcExecState = 512 (Running). This is what I do not understand. Why is it so if my assignment was rejected ?? It shall be set to 2 (Rejected) or something is wrong here ?
• mcLinkState = 1 (Inactive link).
• mcValidateAddAudit contains audit ID of the Validate Add task with task status = Task OK.

So it looks like my assignment is still pending (running). Shall I finalize it somehow manually to Rejected status ? Shall I invoke anything else in the Validate Add task to finalize my assignment in the Rejected status ??

I am asking cause in my scenario the assignment sticks in the pending state. And IDM does not process the assignment second time anymore as it thinks that it's still in the progress.

Many thanks for your help.

The issue really blocks me.

Regards, Siarhei

All,

When trying to read the help values from a NW AS ABAP is get the following error in the IDM job log:

And this in the ST22 view of the system log in the ABAP system:

How does one fix this? I did the original role assignment (SAP_BC_SEC_IDM_COMMUNICATION) and then I did the update of it according to OSS note 1557803.

Hi All,

We have this requirement in our project wherein a sepcific Parameter should be added to User's master record when a particular role is assigned.

I explored quite a few options but was not able to find any way out.

I tried to assign Parameter value while raising IDM request for that particular role:

Settings tab : Parameter ID

However the changes are not reflecting in SU01 record.

I also couldnt find a option in IDM which can display already assigned parameters in IDM UI.

Is there any way this can be achieved?

Thanks & Regards,

V!

Hi,

I am trying to install and configure IdM8.0. I have been following the installation guide and some of the discussions in the community. As part of the installation, I have configured 2 data sources in netweaver with name - IDM_DevelopeStudio and IDM_DataSource. I also deployed jdbc driver. I also created SSL certificate.

When I try to login with admin user in developer studio, I get the attached error.

Please let me know your suggestions/comments.

Regards,

Krishna.

Hi Friends,

i have created Password reset form in IDM 8.0 , now i am able to reset password in systems but when i am resetting password IDM will reset password in ALL Connected server where his id is present.

now i need that user can able to select system where he want to reset password through password reset form.

Thanks,

Mohinder

Hi,

I am running through an issue in SAP IDM. I raised a user to business role assignmnet which goes through approval workflow.

As soon as approver approves the request, the workflow ends and role is assigned to user.

I am able to update the text for link reason at the time of requesting the assignment and when approver approves the request.

But I want to pull the data from pending value which is stored in a pending value attribute and update those values also as part of link reason, when role gets assigned to user.

Consider : User 1 is requested for role1.

One of the pending value attribute (TEST attribute) is updated with  some  text values.

Role 1 went for approval and approver approved the role.

User1 got assigned with role1.

Requirement : Update the (TEST attribute) as part of  linkreason when role1 is assigned to user1.

Please guide further on how this can be done.

I tried to configure a task after approver approves the request and use set value function in script to update the reason with parent, although the task got executed but the link reason was not updated.

hello all,

i am trying to run initial loads on AS java database repository, the user i use in repository is and admin user for NW 7.3 and has full administrator rights.

still initial loads were not successful  from the configuration guides i came to know Spml_Write_Action role is only for NW 7.0 and below for 7.3 is not using smpl connection i believe.

this is the only warning in the job log

Search request failed! <<user>> is not allowed to perform search request.

default trace log.

UME#sap.com/tc~sec~ume~wd~kit#C0000A17206800A800000002000021A8#23640950000000004#sap.com/tc~sec~ume~wd~umeadmin#com.sap.security.core.wd.maintainuser.MaintainUserComp.public void saveModifications( )#idm_admin#11##B1AC9AC0EC9211E3C1DF00000168BB76#b9612f91ec9511e38cec00000168bb76#b9612f91ec9511e38cec00000168bb76#0#Thread[HTTP Worker [@186066399],5,Dedicated_Application_Thread]#Plain##

Error adding roles

[EXCEPTION]

com.sap.security.core.wd.exception.UmeUiSecurityException: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

  at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.handleThrowable(UmeUiFactoryCompInterface.java:2977)

  at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1272)

  at com.sap.security.core.wd.umeuifactory.wdp.InternalUmeUiFactoryCompInterface.wdInvokeMethod(InternalUmeUiFactoryCompInterface.java:1034)

  at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)

  at com.sun.proxy.$Proxy780.modifyEntityMappings(Unknown Source)

  at com.sap.security.core.wd.maintainuser.MaintainUserComp.saveModifications(MaintainUserComp.java:1334)

  at com.sap.security.core.wd.maintainuser.wdp.InternalMaintainUserComp.saveModifications(InternalMaintainUserComp.java:709)

  at com.sap.security.core.wd.maintainuser.ModifyUserView.onActionSave(ModifyUserView.java:630)

  at com.sap.security.core.wd.maintainuser.wdp.InternalModifyUserView.wdInvokeEventHandler(InternalModifyUserView.java:579)

  at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:142)

  at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:75)

  at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.doHandleActionEvent(ProcessingEventPhase.java:159)

  at com.sap.tc.webdynpro.clientserver.phases.ProcessingEventPhase.execute(ProcessingEventPhase.java:94)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)

  at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)

  at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingEmbedded(ApplicationSession.java:919)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:878)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)

  at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.delegateToRequestManager(AbstractExecutionContextDispatcher.java:62)

  at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:39)

  at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.DispatchHandlerForRequestManager.service(DispatchHandlerForRequestManager.java:46)

  at com.sap.engine.services.servlets_jsp.server.deploy.impl.module.IRequestDispatcherImpl.dispatch(IRequestDispatcherImpl.java:270)

  at com.sap.tc.webdynpro.serverimpl.wdc.sessionctx.ExecutionContextDispatcher.dispatchToAppContext(ExecutionContextDispatcher.java:68)

  at com.sap.tc.webdynpro.serverimpl.core.sessionctx.AbstractExecutionContextDispatcher.dispatch(AbstractExecutionContextDispatcher.java:53)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:244)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callRequestManager(JavaApplicationProxy.java:1244)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.callEmbeddedApplication(JavaApplicationProxy.java:1122)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$SendDataAndProcessActionCommand.doExecute(JavaApplicationProxy.java:1605)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$AbstractCommand.execute(JavaApplicationProxy.java:1488)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy$Runner.execute(JavaApplicationProxy.java:1028)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.execute(JavaApplicationProxy.java:859)

  at com.sap.tc.webdynpro.clientserver.embedding.JavaApplicationProxy.sendDataAndProcessAction(JavaApplicationProxy.java:468)

  at com.sap.tc.webdynpro.portal.pb.impl.JavaApplicationProxyAdapter.sendDataAndProcessAction(JavaApplicationProxyAdapter.java:191)

  at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1668)

  at com.sap.portal.pb.PageBuilder.SendDataAndProcessAction(PageBuilder.java:366)

  at com.sap.portal.pb.PageBuilder$PhaseListenerImpl.doPhase(PageBuilder.java:2094)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processPhaseListener(WindowPhaseModel.java:251)

  at com.sap.tc.webdynpro.clientserver.phases.PortalDispatchPhase.execute(PortalDispatchPhase.java:50)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequestPartly(WindowPhaseModel.java:162)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doProcessRequest(WindowPhaseModel.java:110)

  at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:97)

  at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:515)

  at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:58)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doExecute(ClientApplication.java:1671)

  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.doProcessing(ClientApplication.java:1485)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessingStandalone(ApplicationSession.java:908)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doApplicationProcessing(ApplicationSession.java:880)

  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:357)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:325)

  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)

  at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:89)

  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doPost(AbstractDispatcherServlet.java:62)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)

  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)

  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:457)

  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)

  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)

  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)

  at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)

  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)

  at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)

  at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

  at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Caused by: com.sap.engine.services.jmx.exception.JmxSecurityException: Caller idm_admin not authorized, required permission missing (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

  at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:100)

  at com.sap.engine.services.jmx.JmxServerFrame.checkMBeanPermission(JmxServerFrame.java:101)

  at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.checkMBeanPermission(MBeanServerSecurityWrapper.java:438)

  at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:288)

  at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:813)

  at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:367)

  at com.sap.security.core.jmx._gen.IJmxServer$Impl.modifyEntityAssignments(IJmxServer.java:3050)

  at com.sap.security.core.wd.jmxmodel.JmxModelCompInterface.modifyEntityMappings(JmxModelCompInterface.java:569)

  at com.sap.security.core.wd.jmxmodel.wdp.InternalJmxModelCompInterface.wdInvokeMethod(InternalJmxModelCompInterface.java:862)

  at com.sap.tc.webdynpro.progmodel.generation.ExternalControllerPI$ExternalInterfaceInvocationHandler.invoke(ExternalControllerPI.java:339)

  at com.sun.proxy.$Proxy779.modifyEntityMappings(Unknown Source)

  at com.sap.security.core.wd.umeuifactory.UmeUiFactoryCompInterface.modifyEntityMappings(UmeUiFactoryCompInterface.java:1266)

  ... 97 more

Caused by: java.security.AccessControlException: access denied (javax.management.MBeanPermission -\#modifyEntityAssignments[:SAP_J2EECluster="",j2eeType=UmeJmxServer,name=IJmxServer] invoke)

  at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)

  at java.security.AccessController.checkPermission(AccessController.java:549)

  at com.sap.engine.services.jmx.auth.UmeAuthorization.checkMBeanPermission(UmeAuthorization.java:84)

  ... 108 more

Hi IDM Expert

We are on IDM SP7.2 SP9, recently I have issue regarding
resolving dynamic group.

There is dynamic group which is assigned to the users.  When I execute calculate dynamic group in test mode , the
dynamic group returns memberships result, however when I attempt to resolve the
membership using recalculation in real mode  ( test mode is unticked). The IDM pups up error
message” recalculation failed with error code Dynamic group XXXXXX expansion
already in progress”.  I have waited a day and tried again, it ended up same error message.

Any idea how to fix this Dynamic group reconciliation issue?

Hi Experts,

I am installing IDM 8.0. According to the Installation Guide in SAP Identity Management Installation Guide - SAP Library . I have reached to the Adding the Initial Identity store phase.  I have created the user as Idmadmin in the NWA/Identity portal. The issue is, I find the Identity store option disabled in the IDM developer studio and when I try to Login into the Identity management Developer studio with the same user Idmadmin and the required password. Even though the username and password entries are correct I'm unable to login, instead I'm getting a error message stating "Login Failed" . I cannot proceed further with the addition of the identity store without logging in. Could anyone please let me know whether there are any changes need to be done or if there is any different procedure to accomplish this task.

Thanks

Madhav J         

Hello Everyone,

I am using the Extension Framework to validate Data on a UI Task via the OnSubmit method. If the validation is wrong, it will throw a exception with the specific error. Until this point the Extension Framework class works fine.

However, I want to count how often a User is trying to change data without a correct validation. This counter attribute is saved as an Entry attribute to ensure that every user has its own counter. The idea is before the class throws an exception it should increment the counter of the Entry by one. I tried to implement this step with the addValue method of an Entry:

IdMFactory.getInstance().getEntryFactory().getEntry(locale, subjectMSKEY).addValue("COUNTER", counter++);

Unfortunately the code line (mentioned above) doesn't do anything at all. It doesn't throw an error or write a value to the attribute of the Entry.

Has someone an idea why the addValue method doesn't work?

Thanks for your help and Regards,

Erik