on 07-21-2009 7:59 PM
Hi,
We are configuring GRC User Provisioning to all our Backend systems. We are able to do the provisioning for ECC and APO, but not for Enterprise Portal. I have done all the configuration as mentioned in "SAP GRC How-to Guide: Provisioning Roles in Enterprise Portal through SAP GRC".
But, as per the GRC Access Enforcer Configuration Guide (Page No. 93), I am not able to do the Field Mapping. While I try to create Field Mapping under Configuration->Field Mapping->Provisioning, I am getting the below error message:
Data retrieval from system SAP_EP failed : com.virsa.ae.service.ServiceException: com.sap.engine.services.webservices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source.
Also, I am not able to import roles form Enterprise Portal. While I try to do that, I am getting the below error message"
"Action Failed"
I have done all the parameter mapping in the Connector as per the guide. Also, while I try to do the Provisioning, I am getting the below errore message: "Error processing your request, Request no: 33 in stage : CROSSROADS SECU"
Can anyone help me and let me know what is the problem with my configuration. Appreciate your reply asap.
As you are able to connect but having problems with only the roles.
Recheck these parameters for the EP Connection:
ROLESEARCH_URI
ROLESEARCH_URI_PASSWORD
ROLESEARCH_URI_USERNAME
ROLE_DATA_SOURCE
Regards,
Ajesh Raju.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The below are the parameter setting that I have it in CUP for Enetprise Portal
ROLESEARCH_URI - http://jd00psu.na.jnj.com:50000/UserRoleSearchForAEService_5_3/Config1?wsdl&style=document
ROLESEARCH_URI_PASSWORD - Password
ROLESEARCH_URI_USERNAME - User ID
ROLE_DATA_SOURCE - ROLE:UME_ROLE_PERSISTENCE.un:
Please remeber that we are not using local UME. But, we are connecting our Enterprise portal directly to novell directory via LDAP.
Hi,
Yes, I have checked all the parameter and SPML Service, all of them it works fine. But, still I am getting the error
"Data retrieval from system P1U PORTAL Sandbox failed: com.virsa.ae.service.ServiceException: com.sap.engine.services.webserices.jaxm.soap.accessor.NestedSOAPException: Unable to create message from source"
The parameter list configured in our system given below:
ASSIGN_GROUPS:OC - sapgroup
ASSIGN_ROLES:OC - saprole
CHANGE_USER:OC - sapuser
Email Address - email
ROLESEARCH_URI - http://jd54p1u.na.jnj.com:55400/spml/spmlservice
ROLESEARCH_URI_PASSWORD - *************
ROLESEARCH_URI_USERNAME - CPIC
ROLE_DATA_SOURCE - ROLE:UME_ROLE_PERSISTENCE.un:
SCHEMA_ID - SAPprincipals
USER_DATA_SOURCE - USER.CORP_LDAP
Please remeber that we are running GRC 5.3 with SP 5. Would that be any problem? Also would like to highlight here is that we are configuring our SAP Enterprise Portal to Novell directory, so that we will get the user id information automatically from Novell Directory (We are not creating any users directly in Portal).
Also
To test the portal connector I tried to import some roles from the backend to CUP and this is the error message
Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://jd54p1u.na.jnj.com:55400/spml/spmlservice"
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:986)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1438)
at com.sap.grc.ae.service.wsclient.userrolesearch.Config1BindingStub.getRolesWithDetails(Config1BindingStub.java:460)
... 23 more
Appreciate your help!
Regards
Anandm
You have to check the roles of your user and the attached actions to the role (please use recursive search):
If the user doesn't have the assigned Java action "Spml_Write_Action", you won't be able to have a writing access. There is also a "Spml_Read_Action".
See a overview over the available actions here:
[Standard UME Actions|http://help.sap.com/saphelp_nw70/helpdata/en/49/8b4659c793355ae10000000a42189b/content.htm]
Regards,
Martin
Hi,
regarding your question on the SP-level. There is a fix in AC 5.3 SP6 Fix 1 on Portal on LDAP:
Provisioning of Roles in Enterprise portal is not working when it is configured to LDAP.
See SAP Note [1168508|https://service.sap.com/sap/support/notes/1168508]
Also, it's always a good idea to install the latest SP (currently AC SP09) especially in case of issues!
Cheers,
Dominic
Hi,
well - I cannot guarantee that the issue will go away in your landscape/setup when going to SP9...
But as I wrote there were a lot of fixes on the EPRTA since SP5!
We also had an issue provisioning to the local UME (only ABAP UME worked) and that was also fixed in SP9 - I remember they also tested provisioning to an LDAP UME, but I haven't tested that myself yet.
Cheers,
Dominic
Hi,
Please make sure that all the parameter name and value are filled correctly in EP connector as given in the Configuration guide of AC 5.3.
If the parameter are not filles correctly, the provisioning and role import will not work. the connectior can still be tested successfully even if these parameters are wrong.
So verify all the parameters once again.
Regards,
Shweta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello amunuswa,
Please check the SPML service you have configured while defining the connector for EP. Check the following URL:
http://<server-name>:<port>/spml/spmlservice
If everything is correct the you must be getting the message " SPML Provider successfully installed and configured"
Make sure that the connector is being correctly configured and do TEST the connection. Make sure that the URI in the connector is of the above mentioned format.
Regards,
Varun
Edited by: Thakur Varun on Jul 22, 2009 5:28 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Does the connection to EP work? Click on 'Test connection' button. Have you installed necessary EP Java RTA (eRTA) on the Enterprise portal?
It seems it has to be from one of the above two issues.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I have verified the RTA has been installed properly in EP. And also the test connection works perfectly fine.
Also tested the SPML service and I am getting successfuly message. But, still not able to provision the user access.
And important thing is that, I am not able to download any roles from EP not I am able to upload roles using role template file.
Please let me know whether any one of you have steps on installing RTA on EP and what needs to be checked to verify whether RTA has been installed successfully.
Regards
Anandm
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.