cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.0: Login problem using End User Logon Page???

Go to solution
former_member184114
Active Contributor

on ‎07-08-2012 1:53 PM

0 Kudos

Hi,

I was configuring PSS. I had written in another thread of mine asking for the role(s) needed to access PSS service only (now it is closed). However, I found that "End User Logon Page" can be used for accessing such end user services.

I found that when I access the "End User Logon Page" link in a new browser, freshly, it is asking for user id and password! This is how end users will be accessing this link for resetting the passwords for their ids in the backend systems.

But when I log into GRC AC system and access NWBC (via NWBC tcode from ABAP system) with my user id and password, then access "End User Logon Page", then it gives me the page correctly (without asking for user id and password) where I simply have enter the user id to reset the password for. But end users will not be logging into GRC AC system directly and they need not have their IDs in the GRC AC system.

Can anybody tell me what is the problem?

Regards,

Faisal

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-09-2012 8:49 AM
0 Kudos

Hi Faisal,

Please review the following SAP notes-

1636613

1692504

1628387

1613084

Best Regards,

Nandita

Show replies
Show replies
former_member184114
Active Contributor
‎07-09-2012 10:42 AM
0 Kudos

Nandita,

Thanks for sharing these notes.

Let me tell you about each note status at my end and its understanding.

1636613: This note is informative and this settings for "End User Verification" is set to "YES"

1692504: Here basically the end user is trying to access the request status "after" logging into the end user application. However, my problem is that, as soon as end user accesses the URL of End User Application, it is asking for the logon credentials. Please see the screen below:

1628387: This note is aksing me to create a new method in class 'CL_GRAC_ACCESS_REQUEST_UTIL'. Then asking me to maintain the logon details in SICF services for some of the services. I am not sure of this, whether I should act upon.

1613084: This is asking to creates some of the Web Dynpro applications. When I treid to create them, I found that alreay they are available. Therefore, dont know what should I do next.

May you help me on this, further?

Regards,

Faisal

kevin_tucholke1
Contributor
‎07-09-2012 5:43 PM
0 Kudos

Faisal:

You are probably getting the screen because you have not configured the USER on the End User Services.  You need to make sure that the guest user in configured in each of hte 10 services in SICF for the EU Logon Pages to work.

Thanks.

former_member184114
Active Contributor
‎07-10-2012 6:59 AM
0 Kudos

Kevin,

Thanks for  your reply.

I was trying to follow your suggestion. However, I do not know the "10" services for which I need to maintain the "GUEST" user. From SPRO I can get one service name "GRAC_UIBB_END_USER_LOGIN" and I did fill up the guest user details here. I have given "SAP_ALL" to this user and it is a "SERVICE" user. Please let me know if any specific authorizations need to be given.

May I know other remaining services where I need to maintain this guest user details?

Regards,

Faisal

former_member184114
Active Contributor
‎07-10-2012 7:12 AM
0 Kudos

Kevin,

I got the list of services from note#1628387.

I maintained the "Guest User" for all these 10 services. However, still I am getting the Logon Page when I access End User Logon Page!

Any suggestions please?

Regards,

Faisal

former_member184114
Active Contributor
‎07-10-2012 9:19 AM
0 Kudos

Kevin,

Thanks for your help. I have maintained the user credentials for all the services. This solved my problem.

Thanks again

Faisal

Former Member
‎07-17-2012 7:59 AM
0 Kudos

Hi Faisal,

Could you ple tell me what magic you did to resolve this Issue?

In case you maintained the Guest user, share with me the things around the guest user.

Thanks & Regards

NAG

Former Member
‎09-22-2013 7:32 PM
0 Kudos

Hi Nag,

 

To activate the End User Logon screen, To maintain the logon information, do the following: -

 

  1. Execute transaction SICF.
  2. In the Service Name,enter the name of the service mentioned above.
  3. Click the Execute button.
  4. Under the Virtual Hosts / Services column you will see the service selected service. Double click
    on this service name.
  5. Click on the Logon Data tab.
  6. Click on the Pencil icon to go to change mode.
  7. Enter the information for the client, shared user, language and password and select Internet type User.

  Note: Create Service type user with below  roles in GRC System

SAP_GRAC_SUPER_USER_MGMT_USER

SAP_GRAC_ACCESS_REQUESTER

SAP_GRAC_BASE

SAP_GRAC_END_USER

SAP_GRAC_NWBC

SAP_GRAC_SPM_FFID

SAP_GRC_FN_BASE

SAP_GRC_FN_BUSINESS_USER

8. Click save.

 

Do the same procedure for all the services mentioned below. Maintain same user details in all the services and the user should be select Internet type User in LOGON DATA OF SICF SCREEN

Maintain logon information for following services in SICF:

  1. GRAC_OIF_MY_PROFILE_EU
  2. GRAC_GAF_NAME_CHANGE_SERV_EU
  3. GRAC_POWL_REQUEST_STATUS_EU
  4. GRAC_GAF_PWD_SELFSERVICE_EU
  5. GRAC_OIF_USER_REGISTER_EU
  6. GRAC_GAF_ACCREQ_WITH_REQREF_EU
  7. GRAC_OIF_REQUEST_SUBMISSION_EU
  8. GRAC_GAF_ACCREQ_WITH_TEMPL_EU
  9. GRAC_GAF_ACCREQ_WITH_USEREF_EU
  10. GRAC_UIBB_END_USER_LOGIN

  1. Save the entry and navigate back to the Maintain Service screen.
  2. Right-click GRAC_UIBB_END_USERLOGIN, and then choose Test Service.
  3. The End User Logon screen appears. The http URL displayed in the browser's address window is the End User Logon URL.
  4. To set the links the application displays on the End User Logon screen, continue with the following steps:
  5. In the URL window of the browser (from step 4), append this to the end of the URL: &SAP-CONFIG-MODE=X&OBJECT_ID=ACCREQ/123 and press Enter. The Logon screen appears.
  6. Enter your username and password, and log onto the system. The End User screen appears.

If you getting any Login errors like user ID does not exist, then you need to maintain

 

“User Authentication Data Sources is SU01(If you have HR System then you select HR) and

set NO in End User Verification” in Maintain Data Sources Configuration.

8. To make a link invisible, right-click the link and select Settings for Current Configuration.

9. Select Invisible, Save the entry, and then close the browser.

Thanks,

Rajesh Srisailapu.

Former Member
‎10-10-2013 9:10 AM
0 Kudos

Hi Rajesh,

For me everything is working fine, but when i receive email with the link and when i click on the link,

It asks for the username and password for the GRC system. But i have set authentication as LDAP.

End user doesnt have user id in GRC system. how would they login to the same.

Could you please assist me with the same.

Thanks and Regards

Ankit sharma

Former Member
‎10-19-2013 12:23 PM
0 Kudos

Dear Ankit,

Please set SU01 (User should have access in Back end ECC
System) for User Authentication Data Sources and NO for End User Verification
in Maintain Data Sources Configuration of SPRO.

Path : SPRO-->GRC-->Access Control-->Maintain Data Sources Configuration

User Authentication Data Sources = SU01

(User should have access in Back end ECC System)

End User Verification = NO

Trinetra_Bhusha
Active Participant
‎04-01-2015 7:43 PM
0 Kudos

Hi Ankit,

You have to set User AUthentication as LDAP and need to have LDAP connector estlabished between your GRC and LDAP system.

I have done that and its working fine.

Thanks,
Trinetra

santosh_krishnan2
Participant
‎09-24-2015 8:43 PM
0 Kudos

This message was moderated.

Trinetra_Bhusha
Active Participant
‎09-24-2015 8:54 PM
0 Kudos

This message was moderated.

Answers (2)

Answers (2)

Former Member
‎06-04-2014 12:39 PM
0 Kudos

Hi there,

I'm facing another login issue at the enduser logon:

On the logon screen I'm able to enter any password and the system grants me access!

So it seems the system does not really check the passwords.

My Data Source Configurations:

LDAP (Sequence 2)

PRD ERP (Sequence 3; SU01)

End User Verification > Authentication=YES

the guest user for all 10 services is set correctly.

What could be the issue?

Thanks in advance

Edgar

Show replies
Show replies
Former Member
‎06-10-2014 12:28 PM
0 Kudos

Does nobody have a clue?

I still fail at this point

regards

Edgar

mamoonr
Active Participant
‎06-10-2014 3:03 PM
0 Kudos

Hi Edgar,

I had  this similar issue..I made a workaround by removing the password field .

However there is one sap note for this which ask for some code correction..I donot remember it but will let you know.

Thanks,

Mamoon

Former Member
‎06-10-2014 3:23 PM
0 Kudos

Hi Mamoon,

removing the Password field is not an Option for us, because every user would be to use the PSS for any other users by entering simply an different user name.

so we need the password field...

regards

Edgar

mamoonr
Active Participant
‎06-10-2014 6:09 PM
0 Kudos

Hi Edar,

Look into SAP note:1628387

Former Member
‎06-11-2014 9:35 AM
0 Kudos

Hi Mamoon,

that notes describes another issue (re-logon required).

My issue is, that i can login with any random Password which means the only correct password wont be checked.

any suggestions?

mamoonr
Active Participant
‎06-11-2014 3:13 PM
0 Kudos

Hi Edgar,

Will look into it.But do let me know if you find any solution.

Thanks,

mamoon

Former Member
‎06-18-2014 8:06 AM
0 Kudos

Hi Edgar,

try setting the parameter 2052 as YES... and try after that.

Thanks and Regards

Ankit sharma

Former Member
‎02-10-2015 2:57 AM
0 Kudos

Hi Edgar,

I know this is an old thread, however, there is a setting in SPRO whcih needs to be changed,  Go to SPRO, Governance, Risk and Compliance, Access Control and Maintain Data Source Configuration
End user Verification needs to be set to No.  This removes the password field automatically.


Cheers,
Sonia

Former Member
‎07-09-2012 8:24 AM
0 Kudos

Hi Faisal,

Kindly follow the thread: http://scn.sap.com/thread/3160892.

Here you can find the query related to the minimum authorizations and related SAP Notes detailing about re-logon.

Let us know if it helps.

Best Regards,

Akhil Chopra

Show replies
Show replies
Ask a Question