cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Provisioning fails for Enterprise Portal

Former Member

on ‎07-21-2009 7:59 PM

0 Kudos

Hi,

We are configuring GRC User Provisioning to all our Backend systems. We are able to do the provisioning for ECC and APO, but not for Enterprise Portal. I have done all the configuration as mentioned in "SAP GRC How-to Guide: Provisioning Roles in Enterprise Portal through SAP GRC".

But, as per the GRC Access Enforcer Configuration Guide (Page No. 93), I am not able to do the Field Mapping. While I try to create Field Mapping under Configuration->Field Mapping->Provisioning, I am getting the below error message:

Data retrieval from system SAP_EP failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.

Also, I am not able to import roles form Enterprise Portal. While I try to do that, I am getting the below error message"

"Action Failed"

I have done all the parameter mapping in the Connector as per the guide. Also, while I try to do the Provisioning, I am getting the below errore message: "Error processing your request, Request no: 33 in stage : CROSSROADS SECU"

Can anyone help me and let me know what is the problem with my configuration. Appreciate your reply asap.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎07-30-2009 1:39 PM
0 Kudos

As you are able to connect but having problems with only the roles.

Recheck these parameters for the EP Connection:

ROLESEARCH_URI

ROLESEARCH_URI_PASSWORD

ROLESEARCH_URI_USERNAME

ROLE_DATA_SOURCE

Regards,

Ajesh Raju.

Show replies
Show replies
former_member247081
Explorer
‎07-30-2009 6:56 PM
0 Kudos

What error messages do you see when you check the log direclty after trying to import the EP Roles?

Former Member
‎08-04-2009 5:11 AM
0 Kudos

The below are the parameter setting that I have it in CUP for Enetprise Portal

ROLESEARCH_URI - http://jd00psu.na.jnj.com:50000/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document

ROLESEARCH_URI_PASSWORD - Password

ROLESEARCH_URI_USERNAME - User ID

ROLE_DATA_SOURCE - ROLE:UME_ROLE_PERSISTENCE.un:

Please remeber that we are not using local UME. But, we are connecting our Enterprise portal directly to novell directory via LDAP.

Former Member
‎08-06-2009 10:36 AM
0 Kudos

Try changing the the value to :

ROLE_DATA_SOURCE = ROLE.UME_ROLE_PERSISTENCE.un:

See if this works.

Hope you have supplied UME userID and Password for ROLESEARCH_URI_USERNAME & ROLESEARCH_URI_PASSWORD respectively and is unlocked.

Regards,

Ajesh Raju.

Former Member
‎10-07-2009 5:32 PM
0 Kudos

Hi,

Yes, I have checked all the parameter and SPML Service, all of them it works fine. But, still I am getting the error

"Data retrieval from system P1U PORTAL Sandbox failed: com.virsa.ae.service.ServiceException: com.sap.engine.services.webserices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source"

The parameter list configured in our system given below:

ASSIGN_GROUPS:OC - sapgroup

ASSIGN_ROLES:OC - saprole

CHANGE_USER:OC - sapuser

Email Address - email

ROLESEARCH_URI - http://jd54p1u.na.jnj.com:55400/spml/spmlservice

ROLESEARCH_URI_PASSWORD - *************

ROLESEARCH_URI_USERNAME - CPIC

ROLE_DATA_SOURCE - ROLE:UME_ROLE_PERSISTENCE.un:

SCHEMA_ID - SAPprincipals

USER_DATA_SOURCE - USER.CORP_LDAP

Please remeber that we are running GRC 5.3 with SP 5. Would that be any problem? Also would like to highlight here is that we are configuring our SAP Enterprise Portal to Novell directory, so that we will get the user id information automatically from Novell Directory (We are not creating any users directly in Portal).

Also

To test the portal connector I tried to import some roles from the backend to CUP and this is the error message

Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://jd54p1u.na.jnj.com:55400/spml/spmlservice"

at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:986)

at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1438)

at com.sap.grc.ae.service.wsclient.userrolesearch.Config1BindingStub.getRolesWithDetails(Config1BindingStub.java:460)

... 23 more

Appreciate your help!

Regards

Anandm

Former Member
‎10-08-2009 11:09 AM
0 Kudos

Hi Anand,

what kind of user do you use for accessing the SPML service on portal side? Does he have the SPML authorization?

Regards,

Martin

Former Member
‎10-09-2009 1:58 AM
0 Kudos

Hi Martin,

Please let me know what kind of accss this use shoudl have and how to check that?

Former Member
‎10-09-2009 9:14 AM
0 Kudos

You have to check the roles of your user and the attached actions to the role (please use recursive search):

If the user doesn't have the assigned Java action "Spml_Write_Action", you won't be able to have a writing access. There is also a "Spml_Read_Action".

See a overview over the available actions here:

[Standard UME Actions|http://help.sap.com/saphelp_nw70/helpdata/en/49/8b4659c793355ae10000000a42189b/content.htm]

Regards,

Martin

dominic_yow-sin-cheung
Participant
‎10-09-2009 12:05 PM
0 Kudos

Hi,

regarding your question on the SP-level. There is a fix in AC 5.3 SP6 Fix 1 on Portal on LDAP:

Provisioning of Roles in Enterprise portal is not working when it is configured to LDAP.

See SAP Note [1168508|https://service.sap.com/sap/support/notes/1168508]

Also, it's always a good idea to install the latest SP (currently AC SP09) especially in case of issues!

Cheers,

Dominic

Former Member
‎11-06-2009 4:24 AM
0 Kudos

Hi,

Currently, we are running with SP5. Are you sure that portal user provisioning issue will be sorted out if we go for SP9

Former Member
‎11-06-2009 4:25 AM
0 Kudos

Which user should have this access

dominic_yow-sin-cheung
Participant
‎11-06-2009 9:30 AM
0 Kudos

Hi,

well - I cannot guarantee that the issue will go away in your landscape/setup when going to SP9...

But as I wrote there were a lot of fixes on the EPRTA since SP5!

We also had an issue provisioning to the local UME (only ABAP UME worked) and that was also fixed in SP9 - I remember they also tested provisioning to an LDAP UME, but I haven't tested that myself yet.

Cheers,

Dominic

dominic_yow-sin-cheung
Participant
‎11-06-2009 9:31 AM
0 Kudos

Regarding the user question: if the issue is on the SPML and role search then it would be your

ROLESEARCH_URI_USERNAME - CPIC

user, i.e. CPIC

Former Member
‎07-30-2009 7:27 AM
0 Kudos

Hi,

Please make sure that all the parameter name and value are filled correctly in EP connector as given in the Configuration guide of AC 5.3.

If the parameter are not filles correctly, the provisioning and role import will not work. the connectior can still be tested successfully even if these parameters are wrong.

So verify all the parameters once again.

Regards,

Shweta

Show replies
Show replies
Former Member
‎07-22-2009 4:27 AM
0 Kudos

Hello amunuswa,

Please check the SPML service you have configured while defining the connector for EP. Check the following URL:

http://<server-name>:<port>/spml/spmlservice

If everything is correct the you must be getting the message " SPML Provider successfully installed and configured"

Make sure that the connector is being correctly configured and do TEST the connection. Make sure that the URI in the connector is of the above mentioned format.

Regards,

Varun

Edited by: Thakur Varun on Jul 22, 2009 5:28 AM

Show replies
Show replies
Former Member
‎07-21-2009 8:27 PM
0 Kudos

Hi,

Does the connection to EP work? Click on 'Test connection' button. Have you installed necessary EP Java RTA (eRTA) on the Enterprise portal?

It seems it has to be from one of the above two issues.

Regards,

Alpesh

Show replies
Show replies
Former Member
‎07-29-2009 9:48 PM
0 Kudos

Hi,

I have verified the RTA has been installed properly in EP. And also the test connection works perfectly fine.

Also tested the SPML service and I am getting successfuly message. But, still not able to provision the user access.

And important thing is that, I am not able to download any roles from EP not I am able to upload roles using role template file.

Please let me know whether any one of you have steps on installing RTA on EP and what needs to be checked to verify whether RTA has been installed successfully.

Regards

Anandm

Ask a Question