Hi Friends,

when I am adding any roles or privileges in IDM, system is not executing  but when I am deleting user it will executed also  I checked dispatcher is running fine (screenshot attached) , also when I am saving anything under IDM is showing me following error .

error :

dispatcher :

job :

Please help I have updated it to latest available 8.1 but still same issue.

Regards,

Mohinder

Hi,

we are facing a problem while trying to get a connection from idm to lotus notes.

The problem occurs at the jobs to read something out of the domino directory. (for example  “load certifiers from Notes” or “System load”).

The following error message appears in the job log:

Script error: Automation error The object invoked has disconnected from its clients. :Function - OpenListNotes:Param

I used the uWarning-function to localize the line where the error occurs, it seems to be the following line:

ret = NotesDB.DbOpen(vbNullString, Server, Database)

MXVBNotes.dll is registered.

While registering MXNotes.dll an error occurs: The module “MXNotes.dll” failed to load. (could this be the reason for the issue? )

(the dll-files are located in the windows folder)

Does anyone have an idea how to solve the problem?

Thanks & Regards

Benjamin

Not what you want to see when logging in.

Based on Todor's mention, I've bypassed SSL on my IDM 8 setup.  However when I login, I get this message:

I've checked the login that I used, and first it seemed that I had set an non productive password, so I reset it and tried again.  Still failed.  I then verified that I had the correct password by logging into the UME with these credentials.  No problem there.

Here's my com.sap.idm.dev-studio-userinterface.prefs file

CLIENT_LOG_LEVEL=Info

EMSCONFIG=<?xml version\="1.0" encoding\="UTF-8" standalone\="no"?>\r\n<mx\:EMS xmlns\:mx\="http\://www.maxware.com/EMS">\r\n<mx\:EMSDEFS>\r\n<mx\:EMSDB Name\="LocalTest2008">\r\n<ConnectionString/>\r\n<AppServerIp>localhost</AppServerIp>\r\n<AppServerPort>50001</AppServerPort>\r\n<AppName>idmdevstudio</AppName>\r\n<DbAlias>jdbc/IDM_DataSource_DevStudio</DbAlias>\r\n</mx\:EMSDB>\r\n<mx\:EMSDB Name\="Test">\r\n<ConnectionString/>\r\n<AppServerIp>localhost</AppServerIp>\r\n<AppServerPort>50000</AppServerPort>\r\n<AppName>idmdevstudio</AppName>\r\n<DbAlias>jdbc/IDM_DataSource_DevStudio</DbAlias>\r\n</mx\:EMSDB>\r\n</mx\:EMSDEFS>\r\n</mx\:EMS>\r\n

ENABLE_PACKAGE_DIFF=true

ENABLE_PACKAGE_DIFF_JQUERY_LIB=C\:\\jQuery\\jquery-1.11.2.min.js

ENABLE_PACKAGE_VIEW=true

GET_GUID_FUNCTION=true

RESET_LOG_ON_RESTART=true

IS_HTTPS=false

eclipse.preferences.version=1

Any ideas on this?

Thanks,

Matt

Hello Everyone,

I have just installed SAP IDM 7.2 SP8 on one of my test system and after the installation when I tried to create dispatcher got the below error.

and when I click on close the program it closed my identity center too. I have restarted my server and SAP instances too but still getting the same error.

Please help me to fix this error.

Regards,

C Kumar

Hi,

We are trying to connect IDM 7.2 with GRC AC 10.0. I found various services provided by SAP and found they were pre-activated.

Also found a SAP Note which talks about registering services in SOA Manager to be able to call the web services. My doubt is if I need to register these services in SOAMANAGER for integrating with another SAP system(which is SAP IDM in this case) or it is only needed for non-SAP systems

Will just activating the services in SICF would be sufficient?

Regards,

Silver

We are currently facing issue logging into IDM Dev Studio client. Any suggestions? Thank you

• The user MXMC_ADMIN is created in UME is not locked either in database or UME
• The SSL connection is configured between client and server
• Two users get different errors while logging to IDM studio (MXMC_ADMIN and mxmc_admin)

Connection details:

Java used by client:

SSL configuration on server:

The SSL certficates import to client:

C:\Program Files\Java\jre6\lib\security>"c:\program files\java\jre6\bin\keytool"

-import -alias my_ssl_cert -file ssl-credentials-cert1.crt -keystore cacerts

Enter keystore password:

Certificate already exists in keystore under alias <my_ssl_certificate>

Do you still want to add it? [no]:  yes

Certificate was added to keystore

Hi all,

I'm finding myself struggling with searching for and handling jobs which need additional attention like state error.

During development I often need to check if jobs have state Error, Timeout, Stopping or Running, as far as I know only two standard options are currently available for this.

1) the job status monitoring from the xx/idm/admin webinterface.

The only way I can find these jobs is to sort on column State and then scroll for it...

2) the joblog from developer studio also shows Running and Stopping states, but not the other job states as far as I've seen.

3) investigating view mcv_alljobinfo or other (sub)tables/views.

First two standard provided options have not been very effective for all scenarios for me...

From option (1) there is no way of taking action at all.

From option (2) you can locate, stop and restart a Running or Stopping job, to disable/reanable/change a job you can jump to it from there but nothing for jobs with state Error or Timeout...

Does anyone know of other ways to find these jobs with those states and more importantly to easily take action?

just stating this to hopefully prevent misenterpretation: job state Error is something different from a job that has finished with resulting errors present in the joblog.

R, Wim.

Hi,

I am trying to load IDM data to BW and i am experiencing below error. I checked and tested the web services in SICF and everything seems ok.

I can see data updating in PSA of 0IDM_ENTRY_ATTR data source so i think connections are also ok.

What could be the problem here?

VDS LOG;

Time:Tue Nov 24 13:53:03 CET 2015  Level:Error  Thread:Thread[878,3,LDAP Sessions:main_listener_389]

Logger:/Applications/none

Message: 

Error while triggering BW process chain via web service call. Used URL: http://xx.xxx.x.xx:8000/sap/bc/srt/rfc/sap/rs_bct_idm_chain_start/100/rs_bct_idm_chain_start/default
Exception:

 {0}#1#AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (500)SRT
faultActor:
faultNode:
faultDetail:
{}:return code: 500
{http://xml.apache.org/axis/}HttpErrorCode:500 (500)SRT
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sap.idm.vds.wsclient.bw.procchain.BindingStub.idmBctChainStart(BindingStub.java:199)
at BWConnector.startChain(BWConnector.java:832)
at BWConnector.add(BWConnector.java:1217)
at com.sap.idm.vds.operations.MVDCommonAMDOperation.CarryOutMVDNodeOperation(MVDCommonAMDOperation.java:552)
at com.sap.idm.vds.operations.MVDAddOperation.CarryOutMVDAdd(MVDAddOperation.java:240)
at com.sap.idm.vds.operations.AddOperation.mxperform(AddOperation.java:105)
at com.sap.idm.vds.Engine.answerRequest(Engine.java:330)
at com.sap.idm.vds.protocols.ldap.MxLdapSession.run(MxLdapSession.java:193)

Hello,

I am experiencing an issue with IdM dispatcher on Linux. The DB is DB2. The dispatcher was working fine, and is modeled after other working dispatchers; however, the dispatcher will no longer start. I have attached the debug log.

Any help is appreciated.

Thanks,

Michael

Here is the end of the attached log (showing the error message):

[23.11.2015 19:21:27-360] - 101 - UNORDERED   - Execution starts

[23.11.2015 19:21:27-361] - 101 - UNORDERED   - Executing clear old semas

[23.11.2015 19:21:27-372] - 101 - UNORDERED   - Started execution of 'listSuitableTasks'

[23.11.2015 19:21:27-372] - 101 - STATEMENT PREPARED: SELECT   * FROM MXPV_GROUPTASKS_UNORDERED

[23.11.2015 19:21:27-374] - 101 - UNORDERED   - No unordered groups found, nothing to do

[23.11.2015 19:21:27-374] - 101 - UNORDERED   - Nr. of unordered groups:0

[23.11.2015 19:21:27-378] - 101 - Thread:IDS_DispThread_UNORDERED  _<server_name> - Sleeping:2

[23.11.2015 19:21:27-466] - 101 - Waiting for successful start-up of the thread:CFG_RELOAD

[23.11.2015 19:21:27-687] - 101 - JOBEXECUTE  - Execution starts

[23.11.2015 19:21:27-688] - 101 - JOBEXECUTE  - Runtime count mode (0=process):0

[23.11.2015 19:21:27-688] - 101 - STATEMENT PREPARED: SELECT count(jobid) as COUNT from mc_jobs where state = 2

[23.11.2015 19:21:27-690] - 101 - STATEMENT PREPARED: SELECT count(jobid) as COUNT from mc_jobs where state = 2 and current_machine = ? PARAMETERS: <server_name>

[23.11.2015 19:21:27-692] - 101 - JOBEXECUTE  - This dispatcher has started: 0 runtimes

[23.11.2015 19:21:27-692] - 101 - JOBEXECUTE  - Started execution of 'getWaitingjobs'

[23.11.2015 19:21:27-699] - 101 - JOBEXECUTE  - No action tasks found - nothing to do

[23.11.2015 19:21:27-699] - 101 - JOBEXECUTE  - Nr. of executions:0

[23.11.2015 19:21:27-699] - 101 - Thread:IDS_DispThread_JOBEXECUTE _<server_name> - Sleeping:5

[23.11.2015 19:21:28-217] - 101 - EVAL_APPR.  - Execution starts

[23.11.2015 19:21:28-218] - 101 - EVAL_APPR.  - Executing clear old semas

[23.11.2015 19:21:29-344] - 101 - ORDERED     - Execution starts

[23.11.2015 19:21:29-344] - 101 - ORDERED     - Executing clear old semas

[23.11.2015 19:21:29-379] - 101 - UNORDERED   - Execution starts

[23.11.2015 19:21:29-379] - 101 - UNORDERED   - Executing clear old semas

RELOAD Thread didn't start, exiting ...

[23.11.2015 19:21:29-467] - 101 - RELOAD Thread didn't start, exiting ...

[1]    Done                          ./Dispatcher_Service_<server_name>dev.sh

Hi experts

I would like to synchroznize my users from IDM Identity Store to UME Java, I read this document "User management for the Identity

Management User Interface" but it is only for version 7.1, I use IDM 7.2 Sp8. I can't find job templates to ume.

I would like to provide users able to access portal:5000/idm, now only administrator can logon to the portal.

I looking forward for your reply

Hello Experts,

8.0.0-ORA-2014-11-28

Anyone have successfully integrated IDM 8.0 and GRC10?

I have performed initial load from one ABAP system

Configured VDS to GRC template (Web services were activated) and tested successfully.

then, ran GRC commons and centralized scenario load jobs.

GRC10 repository type has below validate tasks (no custom changes done in grc10 package)

Issue 1: UI is not working and we have raised an Incident with SAP already. So I tried to assign a privilege to user using a job. I see no AC Validation task triggered (nothing in job log or provisioning queue). Hence there was nothing in VDS side too. I checked the role in database and was in pending status (MCEXECSTATE as 512). After sometime, privs are in failed status (MCEXECSTATE as 4)

Is it a known issue for 8.0? Not sure why AC validation task is getting triggered. Anything else I should check?

The issue seems to be closely related to below note however it is valid for 7.2 SP9 and I can see WAIT_TASKID and WAIT_AUDITID in IDS schema.

1994592 - GRC 10.0 PF V2: Issues with execution of AC Validation due to missing attributes

Issue 2: I see AC_Validation_Add process as type "Add Member Process". Is it correct? I was in assumption this should be "Validate add process"

If I change Validate add to some other task e.g. AC_Validation_Risk_Analysis_Only_Add, I couldn't select back to AC_Validation_Add.

Kind regards,

Jai

Hi Gurus,

I am trying to install IDM 7.2 sp8 on a Windows 2012 SR2 server. As per IDM PAM suggested, Windows 2012 is on the supported list, but not for Windows 2012 SR2.  I am having a small problem the IDM runtime installer (have to use the compatibility mode).

I wan to confirm if Windows 2012 SR2 is officially supported? Am I going to run into some other issues if I continue?

Thanks,

Chenyang Xiong

Hello Experts,

Version: 8.0 on Oracle 11g

While creating an user using standard "Create Identity" form, I get the error as below,

I have filled in all mandatory attribute. This error was already reported in our community for 7.2 Error on IDM UI

I tried all solutions mentioned in that thread. Also i tried to create a custom form for creating identities with only 4 attributes (MSKEYVALUE, DISPLAYNAME, FIRST NAME, LAST NAME) and it threw the same error.

When I checked the link in the address bar, I see

https://XXXXdev:00000/webdynpro/dispatcher/sap.com/tc~idm~wd~workflow/EditTask?EntryId=0&TaskId=928

May be the error is due to EntryId=0?

Anyone else faced this issue and rectified? Any possible cause for this error? Also it would be very helpful if you can open "Create Identity" in your system and check if EntryId=0 for you as well.

Kind regards,

Jai

Hi everybody,

in our company we implementing aSAPIDMSP9with an OracleDB.Fortestanddevelopment environmentswe had always used theOracleOLE DBand forJDBCConnectiontheOracleThinDriver.

For theproduction environment, we have now built anOracleDBwithDataGuard. For this connection,theOracleThinDriveris unsuitable, since an explicit hostname is required.

Hence my question:Can wealsouse theOracleOCI8Driver? I couldn’t find anything to the OCI8 driver in the documentary.

Thanks for the help.

Mathias

Hi all,

In my previous question I asked how to connect non-sap-application to IDM as a target system.

And Matt give me quite nice answer with screen shots of his demo.

In his demo JOB WIZARD plays quite important role.

But Matt showed it in IDM 7.2 and my installation is IDM 8.0.

And it looks like that JOB WIZARD is not in IDM8.0.

There is also a quite nice video clip about connecting NONSAP application to IDM as a identity source by Valentina.

In her demo, there are only 3 passes and I can follow up. It works.

But in Matt's demo,  there are 2 repository types and 2 repositories and 15 passes in Initial Load Job.

and there are quite complex constants in repository types and passes.

Here, can anyone help me more?

Should I try with 7.2?

or find job wizard somewhere else?

or edit each constants and passes one by one?

Thanks in advance,

dongsu

(below is screen shot captured after imported Matt's mcc file)

Hi All -

I am trying to login to IDM developer studio in Eclipse for the first time it was giving below error.

Login Failed: Unrecognized SSL Message

If I check the Eclipse Error log it was showing below error in the screenshot.

If you see the versions of the DevStudio Service on java server and DevStudio PlugIn in Eclipse:

As per my understanding version mismatch of 8.1.13 and 8.1.11 the error was showing up.

Now my question was how to match the either of the version to other version? Since we don't have choice to select the version to download.

So how do we match these two versions in order to login successfully.

Your help highly appreciated.

Thanks in advance,

Hi all,

I noticed that for some reason, when I delete an entry (whether with the Delete Identity task or a To IS pass with changetype:delete) it replaces the mskeyvalue to MX_<mskey> and the entrystate is changed to 2.

So far, in other IDM installations, this was not happening. The entry was simply deleted.

Currently running DesignTime 7.2 sp10 patch8 // RT sp10 patch3

Any ideas on how to change this ?

Thank you!

Marco

Hi all

I have a brand new IDM 8 installation at hand and imported the provisiong framework / the different packages.

Now I'd like to customize a few things and don't know what's the best approach. Btw, where is this kind of framework customization documented?

In IdM 7.2

* you created Job folders for every single Repository, because you had to customize each Initial Load pass (e.g. "Write only when adding entry") separatly.

* you made a copy of the Create/ModifyABAPUser Task, added/removed Attributes you did'nt need and _linked_ this Task into the source task in the provisoning framework.

How is this handled in IDM8?

Regards

Michael

Hi Experts,

Recently I am facing an issue with privilege assignment though IDM UI.

We assign roles to user which in turn assigns privilege. When we assign a role, the privilege within are indicated as indirect assignment.

However after initial load job is run, the privilege within role are also shown as direct, inherited assignment.

Meaning a privilege appears twice on IDM UI, one through the role as indirect and one as direct, inherited assignment.

The issue is when there is a request for role removal, the entry disappears from UI and we believe privileges will be deleted as well from ABAP system.

However because these privileges are also inherited, user access is not affected. This is against our compliance as user should not be assigned with the privileges.

Our expected screen should be privilege to be displayed as coming from Role only unless assigned explicitly.

Kindly advise why privileges are duplicated?

Thanks & Regards,

V!

Hi,

We are currently implementing context-based assignments on business roles and privileges.

The customers require that we use profit centers and profit center groups as contexts.

My question is:

How do we import the profit center hierarchy from ERP to IDM? We have not found a

connector that allows us to do this directly. We have looked into the fromSAP connector, but it

does not allow profit center as an entrytype parameter.

We know that the parameter "Table" can be used to import a given SAP table, for example

"CEPC" (Profit centers), "SETNODE" and "SETHEADER" (Profit center group). This is not

a feasible solution as the amount of data transferred exceeds the system memory capacity

because no filtering is allowed as far as we know.

We are using IDM 7.2 SP9, Windows Server, MS SQL Server.

Any ideas?