cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to access the IDM User Interface

Former Member
0 Kudos

Hello Experts,

I am installing IDM 7.2. Presently I am in the phase of configuring the IDM UI. According to the guide https://websmp205.sap-ag.de/~sapidb/011000358700001233082010E, I have installed and configured everything properly and have reached to the"General access to Identity Management User Interface" phase (Page No 35). I have skipped the "Access to Monitoring (Monitoring tab)" and "Configuring the language settings for the Identity Management User Interface" because I think these steps can be configured later.

         

          The issue is that when I try to access the IDM portal i.e http://<host>:<port>/idm,  two error messages are being displayed stating that Access is denied and Service is down. When searched on this I found that the solution was the SAP Note 1573750. According to this SAP Note everything is properly configured in the backend of IDM database. If someone has come across this issue or a similar one, please let me know how were you able to solve it thereby helping me to solve this issue.

As I have skipped "Access to Monitoring (Monitoring tab)" and "Configuring the language settings for the Identity Management User Interface"

phases, can this be the reason for this issue?

Please let me know if I have missed out something and help me to solve this issue.

Thanks and Regards,

Madhav J




Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hello Everyone,

The Issue is solved now. I am able to access the IDM UI. Thanks for everyone who has helped me out to check in this issue. There was some network issue between both the systems hence the AS Java Server was not able to access the server where IDM is installed. We checked in and resolved the issue.

Thanks and Regards,

Madhav J

Answers (5)

Answers (5)

Former Member
0 Kudos

Hello Everyone,

I think there is some issue with my server in which I have installed MS-SQL Server Database.

When I goto Netweaver Administrator of my Java system and select the IDM_DataSource(i.e a custom JDBC Data Source created for IDM) and ping the connection. I get an error message stating "Database access error. See logs for details". When I check for the logs the error message explains :

Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/sap.com/tc~sld~wd~main] web application.

[EXCEPTION]

com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to retrieve client for current request. Causing exception is  nested.

at com.sap.tc.webdynpro.clientserver.task.Task.getClient(Task.java:457)

  at com.sap.tc.webdynpro.serverimpl.wdc.um.ClientUserFactory.forceLoggedInClientUser(ClientUserFactory.java:106)

I have no idea what is this error related to? Is it such that  My SAP NW Java system is nogt able to access the DB on the server where IDM is configured??

Please suggest me some solutions for this problem.

Thanks and Regards,

Madhav J

Former Member
0 Kudos

Hello Madhav,

can you please check the tracefiles on the AS Java when you try to connect to IDM and provide the Output?

As a shot in the dark: To me this looks like wrong version of sca files deployed on the AS Java, but it is just a guess. What is the System configuration you are running? AS Java Version? Is the underlying database really SQL2102? What is the Java RT JDBC URL looking like in IDM? Which JRE is running on both the AS Java and the IDM machine? Is the DB installed on the same Server as IDM?

When you create or alter entries in the IDM Management console, are these changes reflected in the IDM database?

Regards

Former Member
0 Kudos

Hello Tobias,

Thanks for your response. Let me answer your questions first.

1) What is the System configuration you are running? and AS Java Version?

     A) On the Server where my SAP NW AS Java is installed, the Operating system used is                        Windows Server 2012 R2 and the AS Java Version is 7.40.

     B) On the Server where SAP IDM is installed, The Operating system used is Windows Server 2012          R2. The IDM version being installed is SAP IDM 7.2.

2) Is the underlying database really SQL2102?

     Yes, The underlying database is MS-SQL 2012.

3) Which JRE is running on both the AS Java and the IDM machine?

    On the IDM Machine, we have Java 1.6.0 installed and

    On the NW AS Java we have Java 1.8.0 installed.

4) Is the DB installed on the same Server as IDM?

    Yes, The DB is installed on the same server as IDM.

Sorry, I could not get this question "What is the Java RT JDBC URL looking like in IDM"?

I have not tried to create or alter entries in the IDM Management console.

I am posting a short part of the log file below. Please check the log content and help me to point out the actual issue and thereby to solve it.

<!--LOGHEADER[START]/-->

<!--HELP[Manual modification of the header may cause parsing problem!]/-->

<!--LOGGINGVERSION[2.0.7.1006]/-->

<!--NAME[./log/defaultTrace_00.trc]/-->

<!--PATTERN[defaultTrace_00.trc]/-->

<!--FORMATTER[com.sap.tc.logging.ListFormatter]/-->

<!--ENCODING[UTF8]/-->

<!--FILESET[0, 20, 10485760]/-->

<!--PREVIOUSFILE[defaultTrace_00.19.trc]/-->

<!--NEXTFILE[defaultTrace_00.1.trc]/-->

<!--ENGINEVERSION[7.40.3301.370071.20141031130932]/-->

<!--LOGHEADER[END]/-->

#2.0 #2015 10 25 15:17:03:601#0-400#Error#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#

com.sap.ASJ.web.000137#BC-CCM-SLD#sap.com/tc~sld~wd~main#C0000A9B0150694800000003000008C0#7025350000000004#sap.com/tc~sld~wd~main#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#Guest#0##DB5DB95A7B4B11E5A0400000006B32C6#db5db95a7b4b11e5a0400000006b32c6#db5db95a7b4b11e5a0400000006b32c6#0#Thread[HTTP Worker [@164502062],5,Dedicated_Application_Thread]#Plain##

Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/sap.com/tc~sld~wd~main] web application.

For more details on the problem please check traces searching by logId: C0000A9B0150694800000001000008C0#

#2.0 #2015 10 25 15:17:03:605#0-400#Error#com.sap.engine.services.servlets_jsp.ISE500#

com.sap.ASJ.web.000500#BC-CCM-SLD#sap.com/tc~sld~wd~main#C0000A9B0150694800000004000008C0#7025350000000004#sap.com/tc~sld~wd~main#com.sap.engine.services.servlets_jsp.ISE500#Guest#0##DB5DB95A7B4B11E5A0400000006B32C6#db5db95a7b4b11e5a0400000006b32c6#db5db95a7b4b11e5a0400000006b32c6#0#Thread[HTTP Worker [@164502062],5,Dedicated_Application_Thread]#Plain##

500 Internal Server Error is returned for HTTP request [http://<host>:<port>/webdynpro/resources/sap.com/tc~sld~wd~main/Main]:

  component [dispatcher],

  web module [webdynpro/resources/sap.com/tc~sld~wd~main],

  application [sap.com/tc~sld~wd~main],

  DC name [sap.com/tc~sld~wd~main],

  CSN component[BC-CCM-SLD],

  problem categorization [com.sap.ASJ.web.000137],

  internal categorization [1013893257].

[EXCEPTION]

com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to retrieve client for current request. Causing exception is  nested.

  at com.sap.tc.webdynpro.clientserver.task.Task.getClient(Task.java:457)

  at com.sap.tc.webdynpro.serverimpl.wdc.um.ClientUserFactory.forceLoggedInClientUser(ClientUserFactory.java:106)

  at com.sap.tc.webdynpro.serverimpl.wdc.um.ClientUserFactory.checkAuthentication(ClientUserFactory.java:291)

  at com.sap.tc.webdynpro.serverimpl.core.um.AbstractClientUserFactory$1.checkAuthentication(AbstractClientUserFactory.java:223)

  at com.sap.tc.webdynpro.services.sal.um.api.WDClientUser.checkAuthentication(WDClientUser.java:233)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.checkAuthentication(RequestManager.java:868)

  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:295)

  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)

  at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:101)

  at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doGet(AbstractDispatcherServlet.java:55)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)

  at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)

  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:466)

  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)

  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)

  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)

  at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)

  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

  at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)

  at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

  at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)

  at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)

  at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)

  at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)

  at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)

  at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)

Caused by: com.sap.tc.webdynpro.services.cal.core.exceptions.WDClientException: Found no client: clientNameReqParam=null, clientNameAppParam=null, useragent=null

  at com.sap.tc.webdynpro.clientserver.cal.ClientInspector.findClientContainer(ClientInspector.java:211)

  at com.sap.tc.webdynpro.clientserver.cal.ClientInspector.getClient(ClientInspector.java:103)

  at com.sap.tc.webdynpro.clientserver.task.Task.getClient(Task.java:455)

  ... 50 more

Former Member
0 Kudos

Hello Madhav,

You can find the JDBC RT URL when you open the top node in the IDM Management console (it should be the name of your IDM system). There is a tab called database where you can take a look. It is the last entry. But since you confirmed it is 2012 SQL that should probably be OK.

Two things though:

1. please make sure you use the same Java Version on both of the Systems. AS JAVA Server and the IDM Server. There might be a Problem with Version conflicts and the communication between these two.

2. To be honest I am not quite sure if IDM 7.2 actually supports AS JAVA 7.40. What SP level is your IDM 7.2? The product availability Matrix only lists UI content for SAP NW 7.1 and 7.2. 7.3 is supported as well though. So IDM 7.2 might work with 7.4 too, but I cannot confirm this. All IDM 7.2 Systems I know run on AS JAVA 7.3x however.

When you aligned the Java Version on both Systems and you still run into this error I think it makes sense to contact SAP and confirm that AS JAVA 7.40 actually runs with IDM 7.2. If they confirm we can go from there.

Regards

Ckumar
Contributor
0 Kudos

Hello Madhav,

As Simona and Jaisuryan already suggested, you need to create the same user IDMADMIN in Identity store also.

Just in case if you have not created please create the user in Identity store.

Steps need to follow-

1) Select your Identity Store

2) Click on Add user in the left pannel

3) Type IDMADMIN as UserName

4)Select the Add Manager/Administrator privilege

5) Click OK

Delete your browser cache and then again try to access the IDM UI using IDMADMIN user credential.

P.S - While creating user in Identity store please note that UserName should be same as the UserID of the user which you have created in SAP NW UI and assigned the IDM_Authenticated role.

Initially, I have faced the same issue and above solution worked for me perfectly.

Regards,

C Kumar

Former Member
0 Kudos

Hi C Kumar,

Thanks for your reply. I have created the user IDMADMIN in both i.e in SAP NW UI and Identity Store as well. I have cleared the browser cache and tried to access the IDM UI, but  still the issue exists.

Any other suggestions?

Thanks and Regards,

Madhav J

Former Member
0 Kudos

Hi Madhav,

have you tried to give IDM_Authenticated role to the user in NetWeaver Java.

I have been experimenting recently on 8.0 and could reproduce it when this role was not available.

Go to nwa>Configuration>Identity Management>Details of User> Tab Assigned Roles> Modify and add IDM_Authenticated Role.

Best Wishes,

Fedya

Former Member
0 Kudos

Hi Fedya,

Thanks for your reply. I have already assigned the Idm_Authenticated role to the user in Netweaver Java.

Regards,

Madhav J

jaisuryan
Active Contributor
0 Kudos

Hi Madhav,

Please verify if credentials of MXMC_prov correct?

Also, check the connection from your AS JAVA machine to DB server?

Usually host file in AS JAVA machine should be maintained with hostname-IP address of your database server for successful connection. This was an issue when I setup UI few weeks back.

Kind regards,

Jai

Former Member
0 Kudos

Hi Jai / Hi Everyone

I have checked the credentials of MXMC_prov. Everything is fine.

As, I was not working with VisuaI Admin, In the IDM UI configuration document https://websmp106.sap-ag.de/~sapidb/011000358700001233082010E   I found that there is some different procedure to configure IDM UI for Netweaver Portal. I have followed the complete procedure of importing the .EPA archives. The .EPA archive was imported successfully.

But, I am not able to access the IDM UI still. I am able to access the Identity Management tab but the Self services tab and the remaining administration tabs are not accessible. Even the access to  http://<>host:<port>/idm is not possible. It leads to error stating : Access is denied. Server is down.

Any more changes to be done?

Thanks,

Madhav J

former_member2987
Active Contributor
0 Kudos

Hi Madhav,

Some time ago several of us on the IDM space worked on this document: http://scn.sap.com/docs/DOC-45985, which might be helpful to you.

Regards,

Matt

Former Member
0 Kudos

Hi Matt,

Thanks for your reply.

I have properly configured everything related to JDBC drivers according to the specfied document. Initially I was using the username as MXMC_admin for the IDM Datasource but now I have changed to the mxmc_prov according this document and restarted all the Java applications but still the issue exists. Anything else needs to be changed?

Could you please let me know the procedure through which we can assign MX_PRIV:WD:TAB_* privs in the IDM database.

Regards,

Madhav J

former_member2987
Active Contributor
0 Kudos

Madhav,

You can also try creating an account in NetWeaver, giving it the IDM role and trying that.

Barring this, create a Job in IDM with a To IdentityStore pass designating the MSKEYVALUE and the MXREF_MX_PRIVILEGE for the MX_PRIV:WD:TAB_* privileges (as pipe delimited MSKEYs, which you can find from the MMC)

Hope this helps.  Sorry I can't post a screenshot at the moment.  No access to my test environment.

Regards,

Matt

jrondorf
Participant
0 Kudos

Check that all related Java Applications (e.g. JMX IdM) are started, and that the datasource connector is running.

NWA -> search for "start" -> Start and Stop Java Applications.

Former Member
0 Kudos

Hi Jannis,

Thanks for your reply. All the Java Applications are started and the Database connector is also running. But still the issue exists. Please find the attached screen shot of the running applications.

Anything else to be checked?

.

Regards,

Madhav J

jaisuryan
Active Contributor
0 Kudos

Hi Madhav,

Did you restart the idm related applications after changing the values? Can you please post the screenshot of your JDBC custom datasource for IDM?

Also the extended details for "tc~idm~jmx~app" application, just to check if you have maintained correct idstore id for "com.sap.idm.jmx.idstoreid"

Kind regards,

Jai

Message was edited by: Jai Suryan

Former Member
0 Kudos

Thanks Jai. I will have restart all the applications and let you know.

Regards,

Madhav J

Former Member
0 Kudos

HI Jai,

I have restarted all the applications. But still the issue exists. Which all  roles should be assigned from the backend (for ex: MX_*****)?

Thanks and Regards,

Madhav J

jaisuryan
Active Contributor
0 Kudos

Hi Madhav,

Please paste the screenshots of,

1) Custom JDBC datasource

2) Extended details for "tc~idm~jmx~app" application

The user you are trying to login should exist in IDM database and AS JAVA UME.

in IDM database: Assign MX_PRIV:WD:TAB_* privs

in AS JAVA UME: Create a role with "idm_authenticated" action in it and assign it to the user.

Kind regards,

Jai

Former Member
0 Kudos

Hi Jai,

Please find the screenshots of the Custom JDBC Datasource and Extended Details.

Custom JDBC datasource :


Extended Details :

My Store ID is 2 so I have set it to 2 in the extended details.

I have created the user named IDMADMIN.Could you please let me know where do I check the user in the UME as well as in the database and also the procedure to assign MX_PRIV:WD:TAB_* privs in the IC. I am unable to find the specified role in IC.

Thanks and Regards

Madhav J 

Former Member
0 Kudos

Hi Madhav,

1. First check the connection from the UI to IdM DB:

2. Then restart the idm~jmx - apps.

3. After that the user you use for the log in should be created in the UME and IdM.

BR,

Simona

Former Member
0 Kudos

Hi Simona,

Thanks for your reply, I have checked for the the connection from UI to database everything is properly configured. Please find the screenshot of the custom data source and let me know if any changes are required.

Best Regards,

Madhav J

Former Member
0 Kudos

Hi Madhav,


Try with MXMC_PROV user for the UI to DB connection.


BR,

Simona

Former Member
0 Kudos

Simona,

You mean to say I need to replace MXMC_admin to MXMC_PROV? Yeah I will do that. Is it case sensitive?

Thanks,

Madhav J

Former Member
0 Kudos

Hi,

Yes, change the MXMC_admin to MXMC_PROV, no it's not case sensitive.

BR,

Simona

Former Member
0 Kudos

Thanks Simona, I will do that. Could you please let me know the procedure through which we can assign MX_PRIV:WD:TAB_* privs in the IDM database.

Best Regards,

Madhav J

Former Member
0 Kudos

Hi Simona, I have changed the username from MXMC_admin to mxmc_prov and restarted all the services but still the issue exists.Any thing else needs to be changed?

Thanks,

Madhav J

Former Member
0 Kudos

Hi Madhav,

If the user is not yet created in IdM you can directly create him from here:

in case that the user is created you can create a task and manually add the privileges to him.

BR,

Simona

Former Member
0 Kudos

Hi Madhav,

The user you are using for the login needs to have the authenticated group in the UME. As well you can check the log in the NWA - Log Viewr then select show View - General/Default Trace.

BR,

Simona

jaisuryan
Active Contributor
0 Kudos

Madhav J wrote:

I have created the user named IDMADMIN.Could you please let me know where do I check the user in the UME as well as in the database and also the procedure to assign MX_PRIV:WD:TAB_* privs in the IC. I am unable to find the specified role in IC.

Hi Madhav,

How did you create the user IDMADMIN? As per Simona's screenshot above? If not, then input IDMADMIN as user name and create one.

And as for creating users in UME, the steps were covered in the document in page 27.

Kind regards,

Jai