on 12-06-2007 12:02 PM
Hi All,
when i am trying to open Identitymanagement in user administration, the iview is not opening and displaying the following error msg.
1) A check if users can be created failed. The UME configuration might be inconsistent. Check your Persistence configuration.
2) An error occurred when initializing a backend service; contact your system administrator
and nothing is displaying in the page except these two lines....
how to solve the problem? reply soon its very urgent...
Regards,
Vila.
Hi Vila,
I am getting the same error. is your problem is resolved? if yes please let me know how you have resolved this.
Regards,
Srinivas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Try following Below steps:
In order to enable (default) or disable the UME WD UIs:
Start the Config Tool.
Navigate to cluster-data -> global server configuration -> services
-> com.sap.security.core.ume.service.
Change the property ume.admin.wdactive to true (enable)
Restart the whole system.
Check SAP Note :869852
In the above note they have mentioned ur error (got0 5. Trouble shooting)
An error message in the WD UI ("The initialisation of an
Backend-Service failed" or "A required service for the identity
management user interface is not available. Contact your system
administrator.").
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kishore,
Thankyou very much for you quick reply.
i have checked in config tool. ume.admin.wdactive is enabled(true)... eventhough it is displaying the same error.
how to resolve this?
one more thing is i don't have access to market place to see the SAP note.
will you pls provide me that information too. can you pls tell me how can i get access to the service market place?
Thanks,
Vila.
Below is the note u can contact ur manager for creating S User id
Any how Change the property ume.admin.wdactive to true again and save and restart ur portal server just a guess
Note 869852 - Central Note For UME Web Dynpro UIs
Symptom
User Management UIs based on Web Dynpro on SAP NetWeaver 04s
More Terms
UME, NW04s, WD, Limitations, UMEADMIN, UmeAdminApp
Cause and Prerequisites
You are using Web Dynpro (WD) based User Management (UME) UIs
Solution
This note is a central note for the UME WD based UIs introduced with NW04s
SPS5.
This note covers the following topics:
1) Enabling / disabling of UME WD UIs in standalone mode
2) Re enabling the old UME UIs in SAP NetWeaver Portal
3) Limitations and Unsupported Functionality
4) Business user permissions for profile self-management and
self-registration
5) Troubleshooting
6) Patches
=======================================================================
1) Enabling / disabling of UME WD UIs
In order to enable (default) or disable the UME WD UIs:
o Start the Config Tool.
o Navigate to cluster-data -> global server configuration -> services
-> com.sap.security.core.ume.service.
o Change the property ume.admin.wdactive to true (enable) or
false (disable).
o Restart the whole system.
After disabling the UME WD UIs, you can use the commonly known UME UIs
shipped with NW04.
=======================================================================
2) Re enabling the old UME UIs in SAP NetWeaver Portal
To enable the old UME UIs in the SAP NetWeaver Portal, do the following:
a) Create two portal roles with a Content Administrator (Navigate to
Content Administration -> Portal Content):
o One role for "User Administration"
o One role for "Delegated User Administration"
b) Copy the "Standard User Role " (also known as "Every User Role") to:
o A new "Standard User Role"
21.08.2007 Page 2 of 8
Note 869852 - Central Note For UME Web Dynpro UIs
c) Copy the "Every User Core Role" to:
o A new "Every User Core Role"
d) Assign the following worksets to the roles as delta link (all from
Portal Content -> Content Provided by SAP -> Admin Content -> User
Administrators -> Worksets):
o For "User Administration":
User Administration (ID:
pcd:portal_content/com.sap.pct/administrator/us
er_admin/worksets/com.sap.portal.user_admin_ws)
o For "Delegated User Administration":
Delegated User Administration (ID:
pcd:portal_content/com.sap.pct/admini
strator/user_admin/worksets/com.sap.portal.delegated_user_admin_ws)
o For "Standard User Role":
- Remove the "User Profile" page from the "Portal
Personalization" workset
- Add following pages as delta link to the "Portal
Personalization" workset (all from Portal Content -> Content
Provided by SAP -> End User Content -> Standard Portal Users ->
Pages):
Portal Language (ID:
pcd:portal_content/com.sap.pct/every_user/general/p
ages/com.sap.portal.persoPortalLanguage)
User Password (ID:
pcd:portal_content/com.sap.pct/every_user/general/pag
es/com.sap.portal.persoUserPassword)
User Profile (ID:
pcd:portal_content/com.sap.pct/every_user/general/page
s/com.sap.portal.persoUserProfile)
User Mapping (ID:
pcd:portal_content/com.sap.pct/every_user/general/page
s/com.sap.portal.persoUserMapping)
o For "Every User Core Role":
- Remove the "User Profile" page from the "Portal
Personalization" workset
- Add the following pages as delta link to the "Portal
Personalization" workset (all from Portal Content -> Content
Provided by SAP -> End User Content -> Standard Portal Users ->
Pages):
Portal Language (ID:
pcd:portal_content/com.sap.pct/every_user/general/p
21.08.2007 Page 3 of 8
Note 869852 - Central Note For UME Web Dynpro UIs
ages/com.sap.portal.persoPortalLanguage)
User Password (ID:
pcd:portal_content/com.sap.pct/every_user/general/pag
es/com.sap.portal.persoUserPassword)
User Profile (ID:
pcd:portal_content/com.sap.pct/every_user/general/page
s/com.sap.portal.persoUserProfile)
User Mapping (ID:
pcd:portal_content/com.sap.pct/every_user/general/page
s/com.sap.portal.persoUserMapping)
e) Assign the following UME actions to the roles with a User Administrator
tool (Navigate to User Administration -> Identity Management, search for
the created roles, select the appropriate role and choose tab Actions in
modify mode):
o For "User Administration": UME.Manage_All
o For "Delegated User Administration": UME.Manage_Users
o For "Every User Role" or "Every User Core Role": No additional UME
actions are needed. The copied "Standard User Role" or "Every User
Core Role" should already have the UME action UME.Manage_My_Profile
f) Assign appropriate users to the newly created roles.
g) Disable the UME WD UIs (See paragraph "Enabling / disabling of UME WD
UIs")
=======================================================================
3) Limitations and Unsupported Functionality
At the moment, following limitations appear in the new UME WD UIs compared
to the old UME UIs :
o The number of additional attributes is limited to 30.
o If using ume.admin.self.addattrs, an <empty> value does not
result in using ume.admin.addattrs. No attributes are used at
all. To display these attributes, copy the value from
ume.admin.addattrs to ume.admin.self.addattrs.
o Replication is not supported.
- To use this function, disable the UME WD UIs (see (1) ).
=======================================================================
4) End user permissions for profile self-management and self-registration
You must assign one of the following UME actions to business users via a
role to enable them to view or change their profiles. You must perform this
assignment manually after installation.
o UME.Manage_My_Profile: View and change all profile parameters
21.08.2007 Page 4 of 8
Note 869852 - Central Note For UME Web Dynpro UIs
o UME.Manage_My_Password: View all profile parameters, but change
password only
o UME.Read_My_Profile: View all profile parameters
This assignment can be done with the UME Everyone role (which itself is
assigned to the Everyone group) or by any other User - (Group) - Role -
action assignment.
You must set the property
ume.logon.security_policy.password_change_allowed to true in
order to enable business users to change their passwords in the UME WD UIs.
For NW04s SP9, a new self-registration UI based on WD was introduced. To
use this new self-registration UI, you must add a new UME action
("UME.Selfregister_User") to a new UME role. This new role add to the
built-in anonymous users group.
=======================================================================
5) Troubleshooting
Instance of UMEADMIN model provider (JMX Server) provider cannot be found
on the J2EE Instance. This can be noticed by an error message in the trace
file:
o "Caused by: javax.management.InstanceNotFoundException:
com.sap.default:name=IJmxServer,j2eeType=UmeJmxServer,SAP_J2EEClust
er=<SID> not in repository")
o An error message in the WD UI ("The initialisation of an
Backend-Service failed" or "A required service for the identity
management user interface is not available. Contact your system
administrator.").
o For NW04s SP8 and higher, an error message is written into the log
file if the UMEADMIN model provider (JMX Server) cannot be
registered. Please check the default trace file, for the error that
caused the problem.
o Sometimes, classloading problems appear on a system and no error
message is written into the log or trace file. In order to check
why the UMEADMIN model provider (JMX Server) cannot be registered,
please perform following steps:
- Log into the visual admininistrator with an administrator user.
- On the left side, navigate to server - services - Log
Configuration
- Raise the severity of location
"com.sap.engine.services.servlets_jsp.Deploy" to "ALL".
- On the left side, navigate to server - services - deploy.
- On the right side, choose applications.
- Stop the application "com.sap.security.core.admin" and start it
again. The start should finish successfully.
21.08.2007 Page 5 of 8
Note 869852 - Central Note For UME Web Dynpro UIs
- On the bottom right side, you can find an info button (see
attached screenshot). Press this button, and an info pop up
screen will be displayed. If UMEADMIN model provider (JMX
Server) does not start, a warning message appears there.
- Have a look into the default trace file, the warning message
and the cause of the problem should be found there.
After upgrading your system to a newer SP, you get one of the following
exceptions when executing the UME WD application:
o java.lang.NoSuchMethodError:
com.sap.security.core.wd.umeuifactory.wdp.I
ExternalUmeUiFactoryCompInterface.hasSimplePermission(Ljava/lang/St
ring;
Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/St
ring;Ljava/lang/String;)Z at
com.sap.security.core.wd.maintaingroup.MaintainGroupComp.afterModel
Init(MaintainGroupComp.java:787)
o
com.sap.tc.webdynpro.progmodel.context.ContextConfigurationExceptio
n:
MappedAttributeInfo(UmeAdminComp.UmeProperties.UME_ADMIN_WD_COMPO
NENTS_UMEADMINAPP): mapped attribute
UME_ADMIN_WD_COMPONENTS_UMEADMINAPP not found
o In order to avoid this error, perform following steps:
- Open the SDM tool and undeploy all components starting with
"tc/sec/ume/wd/..."
- Go to your downloaded SP archives and find the UMEADMIN*.SDA.
Redeploy it.
=======================================================================
6) Bugfixes and Patches
Symptom: When using the company concept, you cannot set the company
attribute directly for a user.
Solution for NW04s SPS05 and SPS06: As workaround, you can set the company
group for the user. Therefore, modify the user, navigate to assigned
groups, search for the new company group and add this group to the user.
Solution for NW04s SPS07: You can set the company attribute for a user
directly.
Symptom: When having company concept enabled, it is not possible to search
for unapproved users.
Solution for NW04s SPS09: Download SAPJTECHS09P patch #1 SCA from SAP
service marketplace so that you are able to search for unapproved users
again.
Support Packages and Patches
SAP JAVA TECH SERVICES 7.00
OSINDEP
SAPJTECHS09P patch #1
21.08.2007 Page 6 of 8
Note 869852 - Central Note For UME Web Dynpro UIs
Symptom: When having created a UME role with action "UME.Manage_All" and a
user within this role without being in the "Administrators" group, you are
getting an error while executing the UME configuration UI or UME
consistency check UI.
Solution for NW04s SPS09: Download SAPJEE09P patch #1 from SAP service
marketplace in order to be able to execute the UME UIs again.
Support Packages and Patches
SAP J2EE ENGINE 7.00
OSINDEP
SAPJEE09P patch #1
Symptom: Role / Group / User / Action assignment cannot be done:
Solution for NW04s SPS10: The UIs for assigning one ore more principals to
another principal have exchanged. In modify modus, the available principals
are available on the left side, the assigned principals are available on
the right side.
Symptom: You have an LDAP configuration, where you specified an own unique
user attribute (UME property ume.ldap.unique_user_attribute). When
opening UME WD UIs, you get a message that user cannot be created and the
Create User button is disabled.
Solution for NW04s SPS10: Download SAPJEECOR10P patch #5 and
SAPJTECHS10P patch #5 from SAP service marketplace in order to be able
to create users.
Support Packages and Patches
SAP J2EE ENGINE CORE 7.00
OSINDEP
SAPJEECOR10P patch #5
SAP JAVA TECH SERVICES 7.00
OSINDEP
SAPJTECHS10P patch #5
Symptom: A check for user creation is done when starting UME WD UIs even if
ABAP readonly persistence is used. This leads to a warning message in the
UI and an error message in security.log and defaulttrace file, because the
user creation is not possible:
Solution for NW04s SPS11: These warning and error messages are changed to
an info message on the UI and an info message in the defaulttrace file.
Solution for NW04s SPS12: This check will only be done when pressing the
Create User Button, so that the info message will not be displayed when
entering the End User Profile or Selfregister Application.
Symptom: The general functionality of sorting UME principals (Users,
Groups, Roles, Actions) is not working.
Solution for NW04s SPS11: The sorting functionality is working again.
Symptom: A business user assigned to a role with the UME action
"Manage_My_Profile" is able to set his or her security policy from
"Default" to "Technical User" and with this, disable the "Password Change
Required" functionality.
Solution for MW04s SPS11: Download SAPJEECOR11P patch #5 from SAP
service marketplace so that the business user is not able to modify his or
her security policy any more.
Support Packages and Patches
SAP J2EE ENGINE CORE 7.00
21.08.2007 Page 7 of 8
Note 869852 - Central Note For UME Web Dynpro UIs
OSINDEP
SAPJEECOR11P patch #5
Solution for MW04s SPS12: Download SAPJEECOR12P patch #3 from SAP
service marketplace so that the business user is not able to modify his or
her security policy any more.
Support Packages and Patches
SAP J2EE ENGINE CORE 7.00
OSINDEP
SAPJEECOR12P patch #3
Symptom: A business user is not able to login to FPN consumer portal
because the producer roles he is assigned to are no longer available. In
the UME UI, these role assignments are not able to be removed, because the
roles are inconsistent.
Solution for MW04s SPS11: Download SAPJTECHS11P patch #8 from SAP
service marketplace in order to be able to remove the role assignments to
the inconsistent role.
Support Packages and Patches
SAP JAVA TECH SERVICES 7.00
OSINDEP
SAPJTECHS11P patch #8
Solution for MW04s SPS12: Download SAPJTECHS12P patch #3 from SAP
service marketplace in order to be able to remove the role assignments to
the inconsistent role.
Support Packages and Patches
SAP JAVA TECH SERVICES 7.00
OSINDEP
SAPJTECHS12P patch #3
Symptom: When displaying the detailed information of assigned users, groups
or roles, which have a blank (" ") or special character (e.g. "+") in their
unique name, an error message occurs
("com.sap.tc.webdynpro.services.exceptions.InvalidUrlRuntimeException" or
"com.sap.security.core.wd.exception.UmeUiNoSuchPrincipalException")
Solution for NW04s SPS12: The assigned users, groups or roles can also
contain a blank in their unique name in order to display their detailed
information.
Symptom: A delegated user administrator (with the UME Action
Manage_Role_Assignments) is not able to assign remote FPN roles of a
producer portal on the consuming portal. An error message occurs that the
user has not the appropriate permissions even if the role assigner
permission is correctly set on the producing system for the delegated user
administrator or the related role.
Solution for MW04s SPS12: Download SAPJTECHS12P patch #4 from SAP
service marketplace in order to be able to assign the remote FPN roles.
Support Packages and Patches
SAP JAVA TECH SERVICES 7.00
OSINDEP
SAPJTECHS12P patch #4
Symptom: A password administrator (with the UME Action
Manage_All_User_Passwords or Manage_User_Passwords) is able to create
users.
21.08.2007 Page 8 of 8
Note 869852 - Central Note For UME Web Dynpro UIs
Solution for MW04s SPS12: Download SAPJTECHS12P patch #4 from SAP
service marketplace in order to prohibit the creation of users for the
password administrator.
Support Packages and Patches
SAP JAVA TECH SERVICES 7.00
OSINDEP
SAPJTECHS12P patch #4
Header Data
Release Status: Released for Customer
Released on: 03.08.2007 06:28:59
Priority: Recommendations/additional info
Category: FAQ
Main Component BC-JAS-SEC-UME User Management Engine
Valid Releases
Software Component Release From
Release
To Release and Following
SAP-JEE 7.00 7.00 7.00
UMEADMIN 7.00 7.00 7.00
Related Notes
Number Short Text
1013521 Configuration of supported languages within the portal
979479 Inconsistent StyleSheets after upgrade to 7.0 SP 8
917946 Biller Direct Company Admin and UME Web Dynpro (WD)
883131 NW04s SP4/SP5 Limitations for Security&Identity Management
836946 BP Supplier Collaboration 2.0 : installation information
720590 User Management Engine (UME) on WAS 6.30 and higher
Attachments
File Type File Name Language Size
ZIP visual_admin_deploy_view.zip E 86 KB
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.