Quantcast
Channel: SCN : Discussion List - SAP Identity Management
Viewing all 1754 articles
Browse latest View live

Role reconcilation not happening any more

March 24, 2016, 1:59 am
$
0
0

Dear Experts

We are in IdM 7.2 SP09. All of a sudden the role reconciliation stopped working. For most of the entries I can see the error 'mcProcUserReconcile for Mskey=<>failed with Status=13'

in the system log

If I use uIS_PrivReconcile for the dirty entries, I get error ' !ERROR: Referenced value does not exist ' and it is the same error when I use 'uIS_RepairEntry' as well

House Keeping configuration to reconcile dirty entries is for every hour. But now none of the role changes are getting reconciled. Please help BR Shiju

Search

SAP IDM on Solution Manager with Change Request Management

October 5, 2009, 2:26 am
$
0
0

Hi Experts,

 

I'm facing a question. Does SAP Identity Management manage association between user in Solution Manager and links in PPOMA_CRM tree for Ticket validation on Change Request Management project ?

 

It seems that it could be done using Compliant User Provisioning from GRC Access Control application.

 

Thanks for your help,

Ben

MX_PERSON Entry type deleted - SAP IDM 8.0

January 14, 2016, 7:11 pm
$
0
0

Hi Experts,

 

MX_PERSON entry type is deleted accidentally from our Identity store schema of IDM 8.0, created manually MX_PERSON again.

Our Initial load job is giving errors and not able to open Passes from Processes and getting error that "Retrieving Pass  failed".

Not able to see the employees details from UI admin.

 

How can we recover retrieve deleted MX_PERSON or passes?

 

 

 

Thanks

Purna

HCM Ldap Mapping.xml file missing in IDM 8.0

June 9, 2015, 10:00 pm
$
0
0

Hi Experts,

 

I just downloaded IDM 8.0 installation package from Market place specifically looking for HCM Ldap Mapping.xml file as per below screenshot from IDM 8.0 documentation for HCM integration. But there is not "Misc" folder or HCM Ldap Mapping.xml file in the installation folder.

 

Capture.PNG

 

 

How did others go about it? As a last resort, I will use the file from 7.2 installation folder.

 

Kind regards,

Jai

Error while user email creation in exchange server in SAP IDM 7.2

March 28, 2016, 4:30 am
$
0
0

Hi Team,

 

We are getting few errors while creation of email account in exchange server. We are using To custom pass to create user email in exchange server.

 

Please find below error logs:

 

1> Exception: com.sap.idm.ic.ToPassException: ERROR: Cannot process argument transformation on parameter 'PrimarySmtpAddress'. Canno

t convert value "undefined" to type "Microsoft.Exchange.Data.SmtpAddress". Erro

r: ""undefined" is not a valid SMTP address"

 

2> Exception: com.sap.idm.ic.ToPassException: ERROR: This task does not support recipients of this type. The specified recipient mod

elo.gmodelo.com.mx/Fabricas/Usuarios/Mazatlan/Yemil Aviles De Leon is of type U

serMailbox. Please make sure that this recipient matches the required recipient

type for this task.

 

Regards,

Saurabh Kumar

FIREDATE in IDM_LDAP_QUERY

March 29, 2016, 6:43 am
$
0
0

Hi experts,

 

I've received the requirement to use the firedate from HR system as valid_to value in IDM and push this info into the connected systems.

As far as I know the firedate/leaving date is calculated dynamically when executing the LDAP query (function HR_LEAVING_DATE). So, as long as the employee is in status 3 I will receive the value 31.12.9999. When the employee now gets into status 0 a new leaving date is relevant - it's the begin date of the last personnel action minus 1 day, e.g. 31.12.2015.

 

Within the current setup all employees with status <> 3 are filtered out within the HCM integration process (logged as not relevant).

 

Of course, I could enhance the integration checks to process also the employees with status 0 (in case a corresponding entry exists in IDM) and further set MX_VALIDTO. But I am not sure if that's the recommended way...

 

What are your experiences with the firedate?

 

Regards, Richard

Logon Help: Could not connect to IDM server

July 31, 2014, 1:18 am
$
0
0

Hi Experts,

 

I am working with IdM 7.2 SP08.

 

I followed this procedure to install the sap logon help. This message error is

 

http://help.sap.com/saphelp_nwidmic_72/helpdata/en/0d/71c8bb0f744c308c7b5e91657ddcbf/frameset.htm

 

All the prerequirements are OK: SSL, HTTPS, my computer (Windows 7 Pro 64) is connected to domain, etc.

I import the logonHelp.adm and enaled the server and the port.

 

Questions and answers are OK and the user "AdminUser" can modify his password via the web url ...idm/pwdreset.

 

In my compter Win 7 if I run regedit:

HKEY_LOCAL_MACHINE--> SOFTWARE --> SAP --> logonhelp

 

I cannot find IDM entries(IdmServerHost and IdmServerPort)..? I tried to add them manually but no success

 

Question2:

After importing the logonHelp.adm in Group Policy Management should I modify the content of logonHelp.adm file also?

 

In the trace.xml: I can read: the retrieving of the sequrity questions for the user "AdminUser" returned empty response or the execution on one of the methods CwinHttpHelper::SendRequest or CLowCommon::ConvertAsciiToUnicode returned error.

 

Can you please help? any missing step?

 

Thanks,

 

Nina

Logon Help: "Could not connect to IDM server" Message

March 30, 2016, 6:05 am
$
0
0

Hi all,

 

I'm implementing Logon Help with IdM 7.2 and I'm experiencing the message "Could not connect to IDM Server".

 

In the backend is everything set (also group policy) and connecting as well as through https.

 

I'm guessing that this could be a Windows Problem (here we have with w7) or certificate.

 

Do you guys have any thougts about it?

 

Thanks!

RG

Search

IDM Attestation Implementation Issues

March 31, 2016, 9:48 am
$
0
0

We are using IDM 7.2 SP 10 (7.20.10-ORA-2016-01-24) in a Sandbox environment. All components have been upgraded to this level by our Basis team. We have been trying unsuccessfully to implement Attestation for IDM Roles/Privs for almost a year now.  I have followed this blog post from Rosen Katsarov with some success, but we are still missing some pieces.

 

SAP Identity Management Attestation Demo Web UI .

 

We have created the Attestation Task and configured as described in the blog.  We also created a job that initiates the task for a single role.  This all appears to work exactly as intended.  When I run the attestation job the following appears in the mxi_attestation table.  I believe this is what is to be expected.

 

 

This is where the problem comes in.  The blog mentions a custom .SCA file that can be downloaded and deployed.  This .SCA file adds a 'My Attestation' tab to the SAPUI5 Inbox.  The problem is the .SCA file is no longer available for download on this blog.  The blog appears to be locked because I can't post a comment nor have I found a way to contact Rosen directly to get the .SCA file.  So I have not been able to pursue that option for the UI.

 

One thing I find peculiar is that when I run the job the Attestation task it actually pops up in the My Approvals tab of the SAPUI5 as seen below.  It shows an error when you try to open it:  "Unable to launch execution UI 2x28; Not Found" or click Attest: "Attest Action for "Role/Privilege IDM Test 5 Attestation" task has failed".

 

 

We have had a note open with SAP for almost a year now where we keep going back and forth and they have been less than helpful.  This was SAP's response concerning the error on the My Approvals tab:

 

SAP Identity Management User Interface for HTML5 does not support attestations.  Therefore, you cannot Attest or Request Attestation from our SAPUI5 Application. You can use attestation functionality only from our REST API". 

 

My question is, why would it appear on the My Approvals tab if it is not expected to work?  Is this something that was added to the SAPUI5 functionality and the person who answered this question was unaware?  Or do they just expect that errors will be seen any time an Attestation task is initiated?  I still haven't gotten an answer from SAP on that.

 

The way I see it, we have 3 options to continue our POC for Attestation.

 

  1. Obtain the .SCA file from Rosen's blog that will show the My Attestations tab on the SAPUI5 screen
  2. Resolve the error on the My Approvals tab of the standard SAPUI5 screen such that attestations can be completed there.
  3. Develop Custom REST API that allows us to do Attestation.  '

a. I have experimented with this approach as well.  I have attempted to use a custom REST interface deployed from my Local Workstation but I'm running into issues with Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource.  Neither my Basis Team, Developers, or SAP has been able to help me with this problem.  I can provide more details on this if it is my only option.  But it seems like the least desirable of the 3 and the one that requires the most work.

 

 

Can anyone out there provide some input on any or all of these options?  Has anyone actually successfully implemented Attestation that could provide some guidance?  It feels like we are so close, but I'm not sure where else to go from here.

IDM 8.0: Package Constants modified after "Transport"

March 31, 2016, 11:35 am
$
0
0

Hello Everyone,

 

I find that package constants' values in QA are getting updated after import of DEV configuration in IDM 8.

 

In 7.2 the Global Constant values would not get updated by a transport if they already existed.

 

Is there something I'm missing or is this expected behavior for package constants?

 

I was thinking that perhaps setting the values in the provisioning package might work as a permanent settings place holder as the provisioning package won't be edited normally and shouldn't need to be repeatedly transported. But editing the provisioning package is 'not allowed' and has its own consequences and so not advisable.

 

I can't seem to find a way to set a constant value in IDM-PRD that will not get changed with future imports. Any ideas?

 

Thank you.

 

Best regards,

 

Ashok Azhagiri

IdM 8 - Provisioning queue issues

March 31, 2016, 8:41 pm
$
0
0

Hi guys,

 

Having some issues with a job being stuck in the provisioning queue.  I'm struggling to find information on IdM 8.0 and have already tried the workaround suggested in this blog IDM 8.0 Provisioning Job in Error : how do we restart it?

 

Provisioning_queue.png

Job_status.png

Any suggestions on how to clear this item out of the provisioning queue would be appreciated.

 

This is in Development and it doesn't matter if the identity in question becomes corrupt.

 

Thanks,

Pat

SAP IDM 7.2 with ORACLE DB and Linux

April 1, 2016, 3:59 am
$
0
0

Hi, Experts

 

I installed SAP IDM 7.2  with oracle Database "11", on linux OS

 

The problem is when i open the Identity center to create a new indetity,

 

So i give the correct information for the ORACLE OLDEB connector

 

The databaseName / USER / PASSWORD etc....,

 

But there a message error :

ORA-12154: TNS: could not resolve the connect identifier specified

i also installed the ORACLE ODAC for ORACLE DB 11, JV, when i check my DB i fount the mxmc_oper  !

 

It seems also my tnsnames.ora file's good! i made sur the correct information in the file

any advice or help will be appreciated !



Regards,

Elmehdi

SAP IDM Tables/Views Info.

April 1, 2016, 12:59 am
$
0
0

Hi Experts,

 

We are on IDM 7.2 SP6 patch 9

 

We need to create a report from IDM, which needs to have below information.

 

Please help to know tables/views which has below information in IDM.

 

1.User
2.FullName
3.EmailAddress
4.DefaultCurrency.UniqueName
5.LocaleID.UniqueName
6.TimeZoneID
7.Phone
8.Fax
9.Supervisor.UniqueName
10.Supervisor.PasswordAdapter
11.ImportCtrl

12.Location

 

Regards

Aman

User reconciliation removes user's privileges

April 2, 2016, 2:38 am
$
0
0

Hi IdM colleagues,

 

This is a IdM 7.1 sp6 system. We realized for some of the user entries, if we trigger the reconciliation by uISPrivReconcile (). It removes the user's privileges, but keeps the business role assignment.

 

Suppose this user has two business role assignments, Role1 and Role2. After reconciliation, the user loses all the privileges from both Role1 and Role2.

 

If I remove Role1 from IdM UI and add it back to the user. All the privileges from Role1 are assigned to the user. Then I remove Role2 and add Role2 back, the privileges of Role1 are removed, but the privileges from Role2 are assigned.

 

The reconciliation is not working properly for these user entries. What could be the cause of the issue and how I can fix it?

 

Thanks,

Chenyang

SAP IDM 8.0 - REST API - How to CREATE a new MX_PERSON or any other ENTRYTYPE?

April 2, 2016, 12:52 pm
$
0
0

Hi IDM Experts!

 

I have set up the IDM REST API v2 successfully, and I have even been able to update a user successfully; the methods used to create a new user via the REST API v1, does not seem to be same way one would create a new user via the REST API v2; I can't seem to find anything within the documentation (maybe I have missed something?) that clearly explains the process to create a new user (MX_PERSON) or any other new entry of an entrytype using the REST API V2.


Would greatly appreciate your advice on how one can create a new user using IDM 8.0 REST API.

 

Thanks a ton in advance!

 

Best regards,

Sandeep


Search

SAP IDM 8.0 SP02 : Package transport failed while importing package from DEV system to production

April 4, 2016, 3:16 am
$
0
0

Hi IDM Gurus,

 

I have done my configuration in IDM DEV environment and now preparing for production.

 

I have exported all packages to PRD but facing a problem while importing Active Directory package from DEV to PRD.

Also I have tried to import the Standard SAP delivered package which is absolutely fine.

 

1.JPG

Please look at the logs below :

2.png

 

Please suggest how this can be resolved.

 

Thanks

Peter Wong

Could not execute task Create Identity for entry null

October 9, 2015, 2:54 am
$
0
0

Hello Experts,

 

Version: 8.0 on Oracle 11g

 

While creating an user using standard "Create Identity" form, I get the error as below,

 

Capture.PNG

 

I have filled in all mandatory attribute. This error was already reported in our community for 7.2 Error on IDM UI

 

I tried all solutions mentioned in that thread. Also i tried to create a custom form for creating identities with only 4 attributes (MSKEYVALUE, DISPLAYNAME, FIRST NAME, LAST NAME) and it threw the same error.

 

When I checked the link in the address bar, I see

 

https://XXXXdev:00000/webdynpro/dispatcher/sap.com/tc~idm~wd~workflow/EditTask?EntryId=0&TaskId=928

 

May be the error is due to EntryId=0?

 

Anyone else faced this issue and rectified? Any possible cause for this error? Also it would be very helpful if you can open "Create Identity" in your system and check if EntryId=0 for you as well.

 

Kind regards,

Jai

How to install SAP IDM?

April 5, 2016, 9:25 pm
$
0
0

Hi expert,

 

We want install fresh SAP IDM in our landscape so what is the need.

 

Anybody knows, how to install SAP IDM 8.0 ? what is prerequisite and Source details.

 

And also suggest me that sap netweaver 7.4 is required for SAP IDM or not.

 

What is the process of SAP identity management installation.

 

Please suggest me and have any docs so please give me.

 

Regards,

Ankit Patel

SAP IDM 7.2 Transport Erreur 0RA-00942 table or view does not exist

April 5, 2016, 6:17 am
$
0
0

Hi Experts,

 

 

 

I'm on SAP IDM 7.2 SP08 i tried the transport function from the prod system to the Dev. nothing was wrong.
And when we import the configuration everything work. there's only one problem it's when we try to check the task the ERROR " 0RA-00942 table or view does not exist " appears

 

 

 

SCN.PNG


BR.

IDM 8.0 Dispatcher Program not able to find Keys.ini

October 9, 2015, 4:58 am
$
0
0

Hi Friends,

 

One more issue after upgrade.

 

i have copied Kyes file into Runtime Java Folder and also in /usr/sap/idm/Keys/

 

but Dispatcher Program not able to find it.

 

showing this following error.

erro2.PNG

Viewing all 1754 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>