cancel
Showing results for 
Search instead for 
Did you mean: 

Not able to open the User Interface for IDM

Former Member
0 Kudos

Hi All

We are trying to open the User Interface for SAP IDM via url http(s)://<host>:<port>/idm bu we get an error "Access Denied" not sure how to resolve this issue and what UMe Roles or groups needs to be assigned.

Please find the attached screenshot and help us.

Regards

Pradeep

Accepted Solutions (1)

Accepted Solutions (1)

normann
Advisor
Advisor
0 Kudos

Hello Pradeep,

what Service pack is your J2EE running on? There is problems with the web dynpro runtime of the initial shipment stack of some versions (e.g. 7.1), it does not always consider all the settings properly.

Regards

Norman

Former Member
0 Kudos

Hi Norman

I am not sure on that please help me to check that which service we are using.Also we are on 7.3 version on SP5.

Regards

Pradeep

Former Member
0 Kudos

Hi All

Problem has been resolved now.The JDBC driver was not deployed in NW so we deployed the same and then created the JDBC Datasource " IDM_DataSoruce" which resolved the problem and post that we added the UME user in Identity store which resolved all our issues.

Thanks all for the help.Especially Matt and Steffi 🙂

Regards

Pradeep

Steffi_Warnecke
Active Contributor
0 Kudos

You're Welcome! Glad the problem is solved. And thank you for posting the solution, too. This will help others.

former_member2987
Active Contributor
0 Kudos

Always happy to help.  As the IDM / NW integration has matured it's gotten easier to manage, but there are still details that can confound a person!

I had a related experience once, but it happened later in the install process. 

Answers (2)

Answers (2)

Former Member
0 Kudos

Pradeep,

You find this information in this document: http://service.sap.com/~sapidb/011000358700001233082010E

Available from here:

http://wiki.sdn.sap.com/wiki/display/Security/Planning+%28Release+7.2%29

Regards,

Rannveig Østevik

Former Member
0 Kudos

Hi Rannveig

I am following this document only but still I have this issue.

Regards

Pradeep

former_member2987
Active Contributor
0 Kudos

  Specifically, take a look at the setup of the connection string and data source.  Note that the login is for mxmc_prov, which is not an account that most IDM administrators use that often.

Former Member
0 Kudos

Hi Matt

So what should be done in that case?? As we are not using mxmc_prov userid to login to user interface.

Regards

Pradeep

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Pradeep,

I think Matt means, that you need that account for the connection to the backend. Please check the configuration and the correct name of your data source like Matt suggested. Note 1573750 hightlights this problem, though this is explained for portal 7.0. You're on 7.3?

For 7.3 you'll find the configuration in the NWA:

Configuration > Infrastructure > Application Resources > Resource Name "IDM_DataSource"

There you can check the settings and if you're using the correct user (mxmc_prov).

Regards,

Steffi.

EDIT: Forgot a step... ^^

former_member2987
Active Contributor
0 Kudos

Steffi, you are correct, this is the configuration in NW Administrator. 

Thanks for the catch!

Steffi_Warnecke
Active Contributor
0 Kudos

You're welcome! ^^

That question and your post made me look (more like HUNT) for it, since I knew what it should look like, but not where the thing was hiding in the NWA. Now I wrote it down in our wiki, so next time I'll find it faster. *g*

Answering questions is so great for digging up knowledge.

I don't know what portal version is needed here, so I better provided two. ^^

Former Member
0 Kudos

Hi Steffi

To my surprise there is no IDM_DATASOURCE in our system.So shall I create it ?? what will be the resource type for this?.Can you help me in creating this with all the details required for it to be created.

Regards

Pradeep

Former Member
0 Kudos

Pradeep,

This should be described in the document you said you were following 🙂 If you read from the start, everything should be covered there.

Regards,

Rannveig/.

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Pradeep,

should you create the data source? Umm... yeah? ^^

The ressource type is JDBC Custom DataSource (that's what we use at least). But I can't really give you the information you need to fill that out, because I don't know, what data base etc. you use. Maybe this would be a thing for your basis team?

EDIT:

Aaaand what says.

Regards,

Steffi.

former_member2987
Active Contributor
0 Kudos

, the UI will not come up unless you've specified

Driver

DataSource

Connection

As others have mentioned, please review the document , indicated.  You'll probably need to engage your BASIS team for additional support.

Hope this gives you a clear understanding of the issue! 

Matt

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Pradeep,

please check in NWA, if the service is running. The message says, it's down. The path is:

NWA > Operations > Start & Stop (right side) > Java Applications-tab > tc~idm~jmx~app

If you start it, the access should work, if you have assigned the correct roles (and actions).

Regards,

Steffi.

Former Member
0 Kudos

Hi Steffi

I have activated all the services related to IDM in the path mentioned by you.Also provided the necessary actions in UME still I am getting the same issue still.

Regards

Pradeep

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Pradeep,

hmm, so your user (or a group, your user is a part of) has a role "idm.authenticated" assigned, which has the action "idm_authenticated" assigned? Just to make sure.

Do you have the same problem with the path http(s)://<host>:<port>/idm/admin?

Regards,

Steffi.

jaisuryan
Active Contributor
0 Kudos

Hi Pradeep,

Strange..!!

I get this error every week but it would work when I restart the application as Steffi suggested.

Please try restarting the application "sap.com/tc~idm~jmx~app" using visual admin once more.

Kind regards,

Jaisuryan

Former Member
0 Kudos

Hi Steffi

I tried to find the role name IDM_AUTHENTICATED but there doesn't exists any.

So I have created a Z Portal Role with assignment of actions IDM_AUTHENTICATED and other actions required to access Self Service Tabs and Manager Tabs as mentioned in the Security Guide.But still it gives us the same error again and again 😞

Regards

Pradeep

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Pradeep,

"idm_authenticated" is the action, not the role. ^^ But as you said, you did that and assigned that role to your user and it doesn't work.

Hmm... hm hm hmmm. What could it be, what could it be? oO

Can you create a ume-user for testing? Assign him your z_role with the idm_authenticated-action. Then login with that account and try the url.

I had the problem, that my user was kind of faulty. Or at least with the version, we ran back then. So I got the same error you mentioned, but for http://<host>:<port>/idm/admin.

Did you try that url? Do you get the same error?

Regards,

Steffi.

Former Member
0 Kudos

Hi Steffi

For path http(s)://<host>:<port>/idm/admin

The issue is more peculiar it is  giving a below java error screen .

Regards

Pradeep

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Jaisuryan,

does your portal instance get rebooted every week by any chance? ^^ The IdM service won't restart by itself after that (sadly). Someone described it as a "lazy" service, that needs some convincing. ^^

But since IdM 7.2 SP 7 (I think, it was 7), it's enough to call the url http(s)://<host>:<port>/idm to get it back up. You don't need to go the way over the NWA for this anymore.

That won't help Pradeep now, but maybe you with your weekly duty to restart it. ^^

Regards,

Steffi.