cancel
Showing results for 
Search instead for 
Did you mean: 

Create AS ABAP Users trough IdM Webinterface

Former Member
0 Kudos

Hi,

i want to create AS ABAP users trough the IdM Webinterface.

When I assign a privilege of the target system to a user in the Identity store,

the user should be created in the target system, am I right?

The job log of CreateABAPUser from SAP Provisioning Framework shows the following:

Error putNextEntry failed storing

Exception from Add operation:com.sap.idm.ic.ToPassException: Must specify user password for MX_13080

Exception from Modify operation:com.sap.idm.ic.ToPassException: No matching user found
 
MSKEY 13080 
MSKEYVALUE MX_13080 
Warning Constant CREATE_TECHUSER was not defined in the repository (6)
 
Warning MX_ENCRYPTED_PASSWORD not set:

Help would be much appreciated

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hello,

you need to set the password before the user is provisioned. When you set the privilege (in the add MX_PERSON event task or whereever you do this) to the user also add MX_PASSWORD and MX_ENCRYPTED attributes.

How this works can you copy from the SAP Provisioning Framework -> Web Enabled Tasks -> Identity Management -> Create Identity.

Best regards

Dominik Trui

Former Member
0 Kudos

Hello Dominik,

I'm not sure where exactly to do this.

What I do is:

- at Manage tab of IdM UI choose the task "Assign/Unassign Identity to Business Role" and assign to the identity a role of the target system

- this sould start the CreateABAPUser task (SAP Provisioning Framework --> Systemtype specific tasks --> AS ABAP Tasks --> CreateABAPUser)

Is this the right way to create a user on a AS ABAP system?

I'm not sure where to add MX_PASSWORD and MX_ENCRYPTED attributes?

Would be nice to get this working for my bachelor thesis

Thanks for your help.

Former Member
0 Kudos

Time to do some basic work, you need this:

- If not already existing, create your own Provisioning Folder, parallel to the SAP Provisioning Framework

- Add an Ordered Task group, name could be "Add Event MX_PERSON". A good idea is: Put it in some subfolder if you want to create more own tasks/processes

- Link in this task: SAP Provisioning Framework -> Web Enabled Tasks -> Identity Management -> Create Identity -> Verify Identity and add password -> Add password

Link the "Add event MX_PERSON" to MX_PERSON: Identity Stores -> "Name ofd your IS" -> IS Schema -> Entry type -> MX_PERSON -> Event tasks. There link the Ordered task as add event

This ensures that every new person will get a password. If there are more mandatory attributes needed in the future. You can add a task to that Oredered taskgroup and add the attributes in a ToIdenttiyStore pass (or in a script of a ToGeneric pass).

To add passwords to all persons which have no password:

- Copy the Job (not Task!) of the Add password task to the Job folder.

- Fill in the Source Tab SQL query to select every MX_PERSON which has no password

- Execute the job

Former Member
0 Kudos

Okay I performed the steps.

Screenshot of the config:

http://imageshack.us/photo/my-images/32/screenshotato.png/

But I get the same error.

Former Member
0 Kudos

Maybe these questions may help you:

- Have you tried this with a new user or an existing user?

- Does the provisioned user have the attributes MX_PASSWORD and MX_ENCRYPTED_PASSWORD?

- Is the ABAP provisionign still the same? Or better question: Is the password attribute active and with what value?

- Is the user only updated?

Best regards

Dominik

Former Member
0 Kudos

I got it to work.

The attribute ACCOUNT<System> (Identity Stores --> <Identity store> --> Identity Store Schema --> Attributes) wasn't configured corryctly. The error message had nothing to do with the error =/

Thanks for your effort Dominik.

Probalby I'll need your help for further steps again