cancel
Showing results for 
Search instead for 
Did you mean: 

SAP IDM - AS JAVA (Portal) User provisioning - Unknown Security Policy Setting

Former Member
0 Kudos

Hi IDM experts,

Came across a strange issue today, when trying to provision a AS Java User to Enterprise Portal; even though the default values within "MX_USERTYPE" clearly states the expected values as:

User type. Legal values:

A: Dialog = Java type "default"

B: System = Java type "technical"

C: Communication

L: Reference (login not impossible)

So, one would think that setting "MX_USERTYPE" to "B" would create a System user in an ABAP system and a "Technical" user in a JAVA system, like EP; but for some strange reason I get the following error when trying to create the Java user (portal_security_policy.png😞

Any ideas why? Is there something blatantly wrong that I'm overlooking? Do you have to do some sort of pre-processing before sending the MX_USERTYPE value to a JAVA system?

Thanks a ton in advance!

Best regards,
Sandeep

Accepted Solutions (1)

Accepted Solutions (1)

terovirta
Active Contributor
0 Kudos

I think the quickest fix would be writing a small script that returns the AS Java value based on the passed AS ABAP value.. Really surprised it is not shipped with Provisioning Framework??

But did it work before for you if you came across it today?

Here's a script that I found from my notes, cannot remember any recent usage for the script as that originates from 7.0-based project.

function custom_mapPortalABAPUserType(Par){
// From MX_USERTYPE-attribute documention
// User type. Legal values:
// A: Dialog = Java type "default"
// B: System = Java type "technical"

if (Par.toLowerCase() == "a") return "default";

if (Par.toLowerCase() == "b") return "technical";

}

regards, Tero

Former Member
0 Kudos

Thanks a lot Matt / Tero!

This was the first time I was testing the creation of a technical user within this environment, and it did not work on the first attempt.

But after using your script Tero, it worked; thanks a lot!

Tero, is your "custom_mapPortalABAPUserType" script supposed to have come standard as part of the SAP Provisioning framework? Is it by default supposed to be used within the "CreateJavaUser" pass, on the "MX_USERTYPE" attribute being passed to the "securitypolicy" JAVA attribute? If this is the case, and it is supposed to have worked out of the box, with the default "CreateJavaUser" task, can I consider my version of the SAP provisioning framework to be corrupt (as it is missing certain scripts)?

Thanks a ton for your quick responses!

Best,
Sandeep

terovirta
Active Contributor
0 Kudos

Sandeep J wrote:

  

Tero, is your "custom_mapPortalABAPUserType" script supposed to have come standard as part of the SAP Provisioning framework? Is it by default supposed to be used within the "CreateJavaUser" pass, on the "MX_USERTYPE" attribute being passed to the "securitypolicy" JAVA attribute? If this is the case, and it is supposed to have worked out of the box, with the default "CreateJavaUser" task, can I consider my version of the SAP provisioning framework to be corrupt (as it is missing certain scripts)?

That's a custom-script and not shipped with the product. If I remember correctly the securitypolicy is commented out by default in the toSPML pass. So it does not work out of the box.

regards, Tero

Former Member
0 Kudos

Ahh ok Tero! Thank you for the clarification and the script!


Best regards,
Sandeep

Answers (1)

Answers (1)

former_member2987
Active Contributor
0 Kudos

Hi Sandeep,

My guess is that there's something in the framework that needs to be set to do this.  I'd open an OSS note to see what the connection is going to expect.

I'm thinking your logic is right, but this wasn't fully implemented.

Cheers,

Matt