on 08-01-2015 7:52 AM
Hello Experts,
I am installing IDM 7.2. Presently I am in the phase of configuring the IDM UI. According to the guide https://websmp205.sap-ag.de/~sapidb/011000358700001233082010E, I have installed and configured everything properly and have reached to the"General access to Identity Management User Interface" phase (Page No 35). I have skipped the "Access to Monitoring (Monitoring tab)" and "Configuring the language settings for the Identity Management User Interface" because I think these steps can be configured later.
The issue is that when I try to access the IDM portal i.e http://<host>:<port>/idm, two error messages are being displayed stating that Access is denied and Service is down. When searched on this I found that the solution was the SAP Note 1573750. According to this SAP Note everything is properly configured in the backend of IDM database. If someone has come across this issue or a similar one, please let me know how were you able to solve it thereby helping me to solve this issue.
As I have skipped "Access to Monitoring (Monitoring tab)" and "Configuring the language settings for the Identity Management User Interface"
phases, can this be the reason for this issue?
Please let me know if I have missed out something and help me to solve this issue.
Thanks and Regards,
Madhav J
Hello Everyone,
The Issue is solved now. I am able to access the IDM UI. Thanks for everyone who has helped me out to check in this issue. There was some network issue between both the systems hence the AS Java Server was not able to access the server where IDM is installed. We checked in and resolved the issue.
Thanks and Regards,
Madhav J
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Everyone,
I think there is some issue with my server in which I have installed MS-SQL Server Database.
When I goto Netweaver Administrator of my Java system and select the IDM_DataSource(i.e a custom JDBC Data Source created for IDM) and ping the connection. I get an error message stating "Database access error. See logs for details". When I check for the logs the error message explains :
Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/sap.com/tc~sld~wd~main] web application.
[EXCEPTION]
com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to retrieve client for current request. Causing exception is nested.
at com.sap.tc.webdynpro.clientserver.task.Task.getClient(Task.java:457)
at com.sap.tc.webdynpro.serverimpl.wdc.um.ClientUserFactory.forceLoggedInClientUser(ClientUserFactory.java:106)
I have no idea what is this error related to? Is it such that My SAP NW Java system is nogt able to access the DB on the server where IDM is configured??
Please suggest me some solutions for this problem.
Thanks and Regards,
Madhav J
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Madhav,
can you please check the tracefiles on the AS Java when you try to connect to IDM and provide the Output?
As a shot in the dark: To me this looks like wrong version of sca files deployed on the AS Java, but it is just a guess. What is the System configuration you are running? AS Java Version? Is the underlying database really SQL2102? What is the Java RT JDBC URL looking like in IDM? Which JRE is running on both the AS Java and the IDM machine? Is the DB installed on the same Server as IDM?
When you create or alter entries in the IDM Management console, are these changes reflected in the IDM database?
Regards
Hello Tobias,
Thanks for your response. Let me answer your questions first.
1) What is the System configuration you are running? and AS Java Version?
A) On the Server where my SAP NW AS Java is installed, the Operating system used is Windows Server 2012 R2 and the AS Java Version is 7.40.
B) On the Server where SAP IDM is installed, The Operating system used is Windows Server 2012 R2. The IDM version being installed is SAP IDM 7.2.
2) Is the underlying database really SQL2102?
Yes, The underlying database is MS-SQL 2012.
3) Which JRE is running on both the AS Java and the IDM machine?
On the IDM Machine, we have Java 1.6.0 installed and
On the NW AS Java we have Java 1.8.0 installed.
4) Is the DB installed on the same Server as IDM?
Yes, The DB is installed on the same server as IDM.
Sorry, I could not get this question "What is the Java RT JDBC URL looking like in IDM"?
I have not tried to create or alter entries in the IDM Management console.
I am posting a short part of the log file below. Please check the log content and help me to point out the actual issue and thereby to solve it.
<!--LOGHEADER[START]/-->
<!--HELP[Manual modification of the header may cause parsing problem!]/-->
<!--LOGGINGVERSION[2.0.7.1006]/-->
<!--NAME[./log/defaultTrace_00.trc]/-->
<!--PATTERN[defaultTrace_00.trc]/-->
<!--FORMATTER[com.sap.tc.logging.ListFormatter]/-->
<!--ENCODING[UTF8]/-->
<!--FILESET[0, 20, 10485760]/-->
<!--PREVIOUSFILE[defaultTrace_00.19.trc]/-->
<!--NEXTFILE[defaultTrace_00.1.trc]/-->
<!--ENGINEVERSION[7.40.3301.370071.20141031130932]/-->
<!--LOGHEADER[END]/-->
#2.0 #2015 10 25 15:17:03:601#0-400#Error#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#
com.sap.ASJ.web.000137#BC-CCM-SLD#sap.com/tc~sld~wd~main#C0000A9B0150694800000003000008C0#7025350000000004#sap.com/tc~sld~wd~main#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#Guest#0##DB5DB95A7B4B11E5A0400000006B32C6#db5db95a7b4b11e5a0400000006b32c6#db5db95a7b4b11e5a0400000006b32c6#0#Thread[HTTP Worker [@164502062],5,Dedicated_Application_Thread]#Plain##
Cannot process an HTTP request to servlet [dispatcher] in [webdynpro/resources/sap.com/tc~sld~wd~main] web application.
For more details on the problem please check traces searching by logId: C0000A9B0150694800000001000008C0#
#2.0 #2015 10 25 15:17:03:605#0-400#Error#com.sap.engine.services.servlets_jsp.ISE500#
com.sap.ASJ.web.000500#BC-CCM-SLD#sap.com/tc~sld~wd~main#C0000A9B0150694800000004000008C0#7025350000000004#sap.com/tc~sld~wd~main#com.sap.engine.services.servlets_jsp.ISE500#Guest#0##DB5DB95A7B4B11E5A0400000006B32C6#db5db95a7b4b11e5a0400000006b32c6#db5db95a7b4b11e5a0400000006b32c6#0#Thread[HTTP Worker [@164502062],5,Dedicated_Application_Thread]#Plain##
500 Internal Server Error is returned for HTTP request [http://<host>:<port>/webdynpro/resources/sap.com/tc~sld~wd~main/Main]:
component [dispatcher],
web module [webdynpro/resources/sap.com/tc~sld~wd~main],
application [sap.com/tc~sld~wd~main],
DC name [sap.com/tc~sld~wd~main],
CSN component[BC-CCM-SLD],
problem categorization [com.sap.ASJ.web.000137],
internal categorization [1013893257].
[EXCEPTION]
com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to retrieve client for current request. Causing exception is nested.
at com.sap.tc.webdynpro.clientserver.task.Task.getClient(Task.java:457)
at com.sap.tc.webdynpro.serverimpl.wdc.um.ClientUserFactory.forceLoggedInClientUser(ClientUserFactory.java:106)
at com.sap.tc.webdynpro.serverimpl.wdc.um.ClientUserFactory.checkAuthentication(ClientUserFactory.java:291)
at com.sap.tc.webdynpro.serverimpl.core.um.AbstractClientUserFactory$1.checkAuthentication(AbstractClientUserFactory.java:223)
at com.sap.tc.webdynpro.services.sal.um.api.WDClientUser.checkAuthentication(WDClientUser.java:233)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.checkAuthentication(RequestManager.java:868)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:295)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doContent(AbstractDispatcherServlet.java:87)
at com.sap.tc.webdynpro.serverimpl.wdc.DispatcherServlet.doContent(DispatcherServlet.java:101)
at com.sap.tc.webdynpro.serverimpl.core.AbstractDispatcherServlet.doGet(AbstractDispatcherServlet.java:55)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:734)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:38)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:466)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
Caused by: com.sap.tc.webdynpro.services.cal.core.exceptions.WDClientException: Found no client: clientNameReqParam=null, clientNameAppParam=null, useragent=null
at com.sap.tc.webdynpro.clientserver.cal.ClientInspector.findClientContainer(ClientInspector.java:211)
at com.sap.tc.webdynpro.clientserver.cal.ClientInspector.getClient(ClientInspector.java:103)
at com.sap.tc.webdynpro.clientserver.task.Task.getClient(Task.java:455)
... 50 more
Hello Madhav,
You can find the JDBC RT URL when you open the top node in the IDM Management console (it should be the name of your IDM system). There is a tab called database where you can take a look. It is the last entry. But since you confirmed it is 2012 SQL that should probably be OK.
Two things though:
1. please make sure you use the same Java Version on both of the Systems. AS JAVA Server and the IDM Server. There might be a Problem with Version conflicts and the communication between these two.
2. To be honest I am not quite sure if IDM 7.2 actually supports AS JAVA 7.40. What SP level is your IDM 7.2? The product availability Matrix only lists UI content for SAP NW 7.1 and 7.2. 7.3 is supported as well though. So IDM 7.2 might work with 7.4 too, but I cannot confirm this. All IDM 7.2 Systems I know run on AS JAVA 7.3x however.
When you aligned the Java Version on both Systems and you still run into this error I think it makes sense to contact SAP and confirm that AS JAVA 7.40 actually runs with IDM 7.2. If they confirm we can go from there.
Regards
Hello Madhav,
As Simona and Jaisuryan already suggested, you need to create the same user IDMADMIN in Identity store also.
Just in case if you have not created please create the user in Identity store.
Steps need to follow-
1) Select your Identity Store
2) Click on Add user in the left pannel
3) Type IDMADMIN as UserName
4)Select the Add Manager/Administrator privilege
5) Click OK
Delete your browser cache and then again try to access the IDM UI using IDMADMIN user credential.
P.S - While creating user in Identity store please note that UserName should be same as the UserID of the user which you have created in SAP NW UI and assigned the IDM_Authenticated role.
Initially, I have faced the same issue and above solution worked for me perfectly.
Regards,
C Kumar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Madhav,
have you tried to give IDM_Authenticated role to the user in NetWeaver Java.
I have been experimenting recently on 8.0 and could reproduce it when this role was not available.
Go to nwa>Configuration>Identity Management>Details of User> Tab Assigned Roles> Modify and add IDM_Authenticated Role.
Best Wishes,
Fedya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Madhav,
Please verify if credentials of MXMC_prov correct?
Also, check the connection from your AS JAVA machine to DB server?
Usually host file in AS JAVA machine should be maintained with hostname-IP address of your database server for successful connection. This was an issue when I setup UI few weeks back.
Kind regards,
Jai
Hi Jai / Hi Everyone
I have checked the credentials of MXMC_prov. Everything is fine.
As, I was not working with VisuaI Admin, In the IDM UI configuration document https://websmp106.sap-ag.de/~sapidb/011000358700001233082010E I found that there is some different procedure to configure IDM UI for Netweaver Portal. I have followed the complete procedure of importing the .EPA archives. The .EPA archive was imported successfully.
But, I am not able to access the IDM UI still. I am able to access the Identity Management tab but the Self services tab and the remaining administration tabs are not accessible. Even the access to http://<>host:<port>/idm is not possible. It leads to error stating : Access is denied. Server is down.
Any more changes to be done?
Thanks,
Madhav J
Hi Madhav,
Some time ago several of us on the IDM space worked on this document: http://scn.sap.com/docs/DOC-45985, which might be helpful to you.
Regards,
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
Thanks for your reply.
I have properly configured everything related to JDBC drivers according to the specfied document. Initially I was using the username as MXMC_admin for the IDM Datasource but now I have changed to the mxmc_prov according this document and restarted all the Java applications but still the issue exists. Anything else needs to be changed?
Could you please let me know the procedure through which we can assign MX_PRIV:WD:TAB_* privs in the IDM database.
Regards,
Madhav J
Madhav,
You can also try creating an account in NetWeaver, giving it the IDM role and trying that.
Barring this, create a Job in IDM with a To IdentityStore pass designating the MSKEYVALUE and the MXREF_MX_PRIVILEGE for the MX_PRIV:WD:TAB_* privileges (as pipe delimited MSKEYs, which you can find from the MMC)
Hope this helps. Sorry I can't post a screenshot at the moment. No access to my test environment.
Regards,
Matt
Check that all related Java Applications (e.g. JMX IdM) are started, and that the datasource connector is running.
NWA -> search for "start" -> Start and Stop Java Applications.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Madhav,
Did you restart the idm related applications after changing the values? Can you please post the screenshot of your JDBC custom datasource for IDM?
Also the extended details for "tc~idm~jmx~app" application, just to check if you have maintained correct idstore id for "com.sap.idm.jmx.idstoreid"
Kind regards,
Jai
Message was edited by: Jai Suryan
Hi Madhav,
Please paste the screenshots of,
1) Custom JDBC datasource
2) Extended details for "tc~idm~jmx~app" application
The user you are trying to login should exist in IDM database and AS JAVA UME.
in IDM database: Assign MX_PRIV:WD:TAB_* privs
in AS JAVA UME: Create a role with "idm_authenticated" action in it and assign it to the user.
Kind regards,
Jai
Hi Jai,
Please find the screenshots of the Custom JDBC Datasource and Extended Details.
Custom JDBC datasource :
Extended Details :
My Store ID is 2 so I have set it to 2 in the extended details.
I have created the user named IDMADMIN.Could you please let me know where do I check the user in the UME as well as in the database and also the procedure to assign MX_PRIV:WD:TAB_* privs in the IC. I am unable to find the specified role in IC.
Thanks and Regards
Madhav J
Madhav J wrote:
I have created the user named IDMADMIN.Could you please let me know where do I check the user in the UME as well as in the database and also the procedure to assign MX_PRIV:WD:TAB_* privs in the IC. I am unable to find the specified role in IC.
Hi Madhav,
How did you create the user IDMADMIN? As per Simona's screenshot above? If not, then input IDMADMIN as user name and create one.
And as for creating users in UME, the steps were covered in the document in page 27.
Kind regards,
Jai
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.