cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC10 SP10 >> LDAP Connection

former_member274402
Participant

on ‎02-20-2013 10:40 AM

0 Kudos

Hi,

We have connected GRC10 SP10 to LDAP. We have found that
the behaviour logging onto the END USER LOGON screen is a problem. Our scenario
is as follow:

When we have a web session open for normal GRC AC
functionality via link (http://<Server>.<HOST>:8000/nwbc/),
and then open link to the link END USER LOGON screen via link - (http://<Server>.<HOST>:8000/sap/bc/webdynpro/sap/grac_uibb_end_user_login?sap-client=600&SAP)
the rendering page is prompted and I am able to login with my AD credentials.
But when I have no GRC sessions open and try and open the link to the END USER LOGON
screen I get a host of warnings such as

>> Protocol cannot be switched to HTPPS; HTPPS is not configured /active

>>> SSO Logon not possible; browser logon ticket cannot be accepted

Attached screen shot.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member220726
Explorer
‎02-21-2013 2:53 PM
0 Kudos

  Hi ,

    Please ask your basis team to make following two entries in default profile/Instance Profile , that will solve your issue ,

login/create_sso2_ticket =  2

login/accept_sso2_ticket =  1

Process --> Go to RZ10 -->  Default /Instance Profile -->  Extended Maintenance --> Change .

Thanks & Regards

Uma Shankar T

SAP GRC Consultant

Show replies
Show replies
former_member704195
Participant
‎02-21-2013 6:58 AM
0 Kudos

Dear Melvin,

User might not be maintained in SICF. Please check.

Regards,

Nidhi Mahajan.

Show replies
Show replies
former_member274402
Participant
‎02-21-2013 11:36 AM
0 Kudos

Hi,

Thanks, it works.

Would you be able to point me in the right direction in where I
can source permissions that we need to add to this user? As we currently using system
users this is at risk by being misused. Please let me know.

Thanks for the previous advice.

Regards, Melvin

former_member704195
Participant
‎02-21-2013 11:45 AM
0 Kudos

IMG->GRC->Accesscontrol->user provisioning->Actuvate end user logon-> Maintain service-. double click at end user logon.. Under logon data maintain the system user. and save it

Colleen
Advisor
Advisor
‎02-22-2013 12:01 AM
0 Kudos

consider reviewing the following roles

SAP_GRAC_ACCESS_REQUESTER    Role for End user

SAP_GRAC_BASE            Base Role for all Access Control Users

SAP_GRAC_END_USER        End User as a GRC Guest User

SAP_GRC_WEBSERVICE        GRC Base Netweaver authorizations

If not, run the trace and identify the authorizations

Colleen
Advisor
Advisor
‎02-20-2013 11:23 PM
0 Kudos

What logon settings have you applied in SICF for the end user logon? Have you put this against a system user and stored its password?

Show replies
Show replies
Ask a Question