on 07-31-2014 9:18 AM
Hi Experts,
I am working with IdM 7.2 SP08.
I followed this procedure to install the sap logon help. This message error is
http://help.sap.com/saphelp_nwidmic_72/helpdata/en/0d/71c8bb0f744c308c7b5e91657ddcbf/frameset.htm
All the prerequirements are OK: SSL, HTTPS, my computer (Windows 7 Pro 64) is connected to domain, etc.
I import the logonHelp.adm and enaled the server and the port.
Questions and answers are OK and the user "AdminUser" can modify his password via the web url ...idm/pwdreset.
In my compter Win 7 if I run regedit:
HKEY_LOCAL_MACHINE--> SOFTWARE --> SAP --> logonhelp
I cannot find IDM entries(IdmServerHost and IdmServerPort)..? I tried to add them manually but no success
Question2:
After importing the logonHelp.adm in Group Policy Management should I modify the content of logonHelp.adm file also?
In the trace.xml: I can read: the retrieving of the sequrity questions for the user "AdminUser" returned empty response or the execution on one of the methods CwinHttpHelper::SendRequest or CLowCommon::ConvertAsciiToUnicode returned error.
Can you please help? any missing step?
Thanks,
Nina
Hello Nina,
I see that actually both your questions could be answered with almost the answer
In order to have the template in the Group Policy you should import this one (the file comes with the installation, I think) - IdM Logon Help Administrative template.
What I have done was:
1. Run gpedit.msc in Start Menu
2. Go to Local Computer Policy –> Computer Configuration –> right click on Administrative Templates
–> choose Add/Remove Templates… –> add LogonHelp.adm
3. Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> Classic Administrative Templates (ADM) –> SAP AG –> IdM Logon Help
4. Then modify here the IDM Server Settings
(actually this is the place used from the Logon help component to read the settings and to know to what IdM Server to the requests)
And as for question 2 - no, you do not need to modify the file logonHelp.adm.
I hope this helps.
Kind regards,
Rali
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Rali,
So as you mention, I installed the Logon Help on my computer, imported the logonHelo on the Local Computer Policy as you described, and enable the server and the port as bellow:
server: servertest.company.com
Port: 50001
and keep the other entries as default (not configured).
As information, If I connected to the computer and runs https://servertest.company.com:50001/idm/pwdreset , I can get the user form with the configured questions. But I am still getting the same error.
So these steps are done on the computer side, what should be done also in the server side?
Thank you for your help,
Nina
Hi Nina,
Actually the Logon Help component uses the REST API provided by the IDM Server - so the address that is requested should be constructed like this:
https://<server>:<port>/idmrest/v72alpha/entries/0/tasks/pwdreset/{MSKEYVALUE}
As a hint - you can look in the Logs of the Application Server - in the http logs to see if you have received any HTTP requests from the Logon Help client.
Also in the Log of the Logon Help component too.
You should have in mind this - as you will communicate through HTTPS you will need to:
1. You have configured and have access via SSL to the the IDM Server
2. Add the IdM Application Server Java Server SSL certificate to “Trusted Root Certification Authorities” in the client system
Kind Regards,
Rali
Hi Rali,
Thanks for your help, I didi all these stuf but still getting the same error.
I can run https://server:5xx01/idm and https://..../idm/pwdreset and from the cleint system it's works.
So I ckecked the log file in the server log viewer: and every time I run the Logon Help I get this warning:
in nwa:
Client certificate error.IP address
in server log:
"Attempting to create outgoing ssl connection without trusted certificates"
The server public certificate is imported in my client system. and the CA certificate is imported the trusted root certificates.
Thanks,
Nina
Hi Nina,
I think that this warning is coming from the fact that your server uses self-signed certificate - is this right?
Also - would you try to get the response exactly from the REST call to the IDM Server:
https://<server>:<port>/idmrest/v72alpha/entries/0/tasks/pwdreset/{MSKEYVALUE}
This should contain a JSON with the security questions for this user.
Kind Regards,
Rali
Hi Rali,
I really appreciate your following help to my problem.
Yes I am using a self signed certificate. and this certificate is imported as trusted certificate in the client system. Is that a problem to be self signed certificate even if I imported the CA certificate in the client system?
Yes I when I run the REST request for my user1234 and I am able to get a file starting with : MX_REST_SUCCESS:true and getting my 3 questions in the file result.
Regards,
Nina
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.