on 04-03-2012 9:46 PM
Hi folks,
Trying to set up the connection between IDM and GRC using IDM 7.2 SP3 and GRC 10 SP5. I have created the EAR/SCA and posted it, and created the IDM/GRC configuration based on the IDM template GRC AC 10 Integration.xml and tested it using the internal LDAP Browser.
However when I go to run the GRC initial load job I get the following Error:
|
We are using an Oracle Database and a RHEL server.the VDS User is grcuser with a password of grcuser, I believe that I am getting through since I can browse to see the o=grc and the ous underneath, but I cannot see any deeper than that.
Any ideas?
Thanks,
Matt
Hi Matt,
I've not done this on IdM 7.2/ GRC 10 I'm afraid - but what do your repository constants look like on the GRC repository in IdM?
Cheers,
Ian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We were able to get past the credentials issue. It seems we had an issue with how VDS was talking to GRC. Now I get this error:
Pass: Get Priorities From VDS
Error | fromDSA.doSearch got exception, returning false javax.naming.NamingException: [LDAP: error code 1 - (GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden)]; remaining name '' |
Error | Init failed |
The other interesting thing I see in the log is a warning at the end:
Pass: Get Roles From VDS
Warning | FromDSA.init. The Query select id from sapGRC10applications returned no entries! |
Warning | Failed reading next page (Maybe server did not support it? java.lang.NullPointerException |
It would seem that there is something from GRC that IDM is expecting to see, but it's not there. Any ideas?
The Error is occuring for all of the from LDAP passes...
Matt
Some more information from VDS log when I try to execute the GRC Initial Load Commons:
XML sent: |
--------------------------------------------------- |
Enter: SOAPPart::saveChanges |
POST /sap/bc/srt/rfc/sap/grac_lookup_ws/200/grac_lookup_ws/grac_lookup_ws HTTP/1.0 |
Content-Type: text/xml; charset=utf-8 |
Accept: application/soap+xml, application/dime, multipart/related, text/* |
User-Agent: Axis/1.4 |
Host: acd-kiecore.kiewit.com:8000 |
Cache-Control: no-cache |
Pragma: no-cache |
SOAPAction: "" |
Content-Length: 342 |
Authorization: Basic bWF0dC5wb2xsaWNvOjFxMnchUUBX |
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><GracIdmLookupServices xmlns="urn:sap-com:document:sap:soap:functions:mc-style"/></soapenv:Body></soapenv:Envelope> |
HTTP/1.0 403 Forbidden |
content-type text/html; charset=utf-8 |
content-length 2435 |
server SAP NetWeaver Application Server / ABAP 702 |
org.apache.axis.i18n.resource::handleGetObject(return01) |
(403)Forbidden |
Enter: SOAPPart ctor(FORM_FAULT) |
org.apache.axis.i18n.resource::handleGetObject(setMsgForm) |
Setting current message form to: FORM_FAULT (currentMessage is now org.apache.axis.AxisFault) |
Exit: SOAPPart ctor() |
org.apache.axis.i18n.resource::handleGetObject(toAxisFault00) |
Mapping Exception to AxisFault |
Exception in GRC WS API call:(403)Forbidden |
*** Starting post processing phase *** |
(Node:o=grc,ou=lookupservice,*): Failed |
*** Fetch result code *** |
Exception: (GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden) |
Java |
{0}#1#com.sap.idm.vds.MVDException |
at com.sap.idm.vds.operations.MVDSearchOperation.FetchResultCode(MVDSearchOperation.java:908) |
at com.sap.idm.vds.operations.SearchOperation.mxperform(SearchOperation.java:49) |
at com.sap.idm.vds.Engine.answerRequest(Engine.java:261) |
at com.sap.idm.vds.protocols.ldap.MxLdapSession.run(MxLdapSession.java:193) |
Returning: opResult:1,info: ((GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden)) |
Finished search operation |
Sending operation result |
Sending response to socket: 65497 |
LDAP Session continues ... |
The entry:
Exception: (GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden)
concerns me greatly. Any idea why this might be happening?
M
Hello Mat,
I previously having our AD on 389 port using LDAP .now during migration we are going to use VDS instead of AD on port 636 and LDAPS protocol. DUring authentication with VDS my application is failing with error
javax.naming.AuthenticationException: [LDAP: error code 49 - Explicit authentication failed]
Could you please help me in this issue. I tried username i.e.Context.SECURITY_PRINCIPAL
by various ways but still fails with same.
previously i was getting error
javax.naming.CommunicationException: simple bind failed: vds-xxx.xx.com:636[Root exception is javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:No trusted certificate found]
But i installed all the certificates manually using mmc command and its removed. But above error just frustrating me from last 2 days.
Please help me in this.
My application code is in java...
Kalpesh,
Not sure why you are using LDAPS for GRC, the communication should all be through the internal network so there should be no real reason for this.
LDAP 49 is a credentials error. Please check your login ID / Password to VDS. It also looks like your certificate was not installed correctly. I believe there's a tutorial for using LDAPS in VDS but it is centered on working with a directory service, not GRC.
Matt
Hello Mat,
i appreciated for your help.
Still hanging with same issue.....
The reason of using LDAPS is our CITS team who develop VDS for us suggests that the current version of the VDS will support only SSL connections. Any application will therefore need to have the internal root CA trusted.and The port is the standard LDAPS port 636.
Yes,i also agree with you that the issue is with the username & password to VDS but didnt figure out how to solve this issue as a naive users of AD/VDS.
So could you please suggest how to solve this issue?
if u suggest not to use ldaps then what should be there instead of LDAPS?
See my java code is(for reference):
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://vds-us.xxx.com:636");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "svc_appadquery");
env.put(Context.SECURITY_CREDENTIALS, "zqHw2re$");
"svc_appadquery" is service account created under pharma domain and values for dc are: dc=vds,dc=enterprise
Any inputs from you is valueble for us so please help.
Regards,
Kalpesh.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.