on 05-07-2013 5:43 PM
Hello Team,
I am using Single sign on with logon tickets option for user login into NAKISA through portal.
I have mapped portal ID ans password to an head position of an org unit already.
Still it doesn't pickup the employee from the system.
Below information i get after debugging :
Nakisa Roles | ROLE_Manager |
Source Roles | |
User Population | null |
I don;t have any clue why user is not getting populated even when i have mapped USER ID for the employee in infortype 105 subtype 0001.
I didn't change the settings in Employee Source also:
Pleas help.
Can you confirm that the URL you have in the portal iView is fully qualified and that the portal sits on the same domain as the NW server hosting the Nakisa application?
If so ... my suggestion would be to remove (backup if you wish) any files below:
..{your build}\.delta\Authentication\
and then re-load the AdminConsole. This will reset to the standard configuration for Authentication.
Then go through the steps of setting up Authentication for SSO again in the AdminConsole ... you should only need to select it as the type in the first step and specify the SAP system you are authenticating against in the Authentication Source. Leave all other settings as standard.
Finish, Submit and then Publish.
Then please re-test.
If it fails, please supply CDS log of logging in as well as result of debugging (see this Wiki article - http://wiki.sdn.sap.com/wiki/display/ERPHCM/Debugging+User+and+Session+Information)
Stephen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is ROLE_Manager set to be the default role?
This is unusual but would explain why you are getting the role but not the User Population info (looking at your debug screen).
In your .delta folder ... under AppResources/dataelementconfiguration, do you have a file called UserPopulationInfo.xml?
If so, have you chosen to customise this at all?
Can you supply the version info (as Luke suggested) and the CDS log showing the login logging as per my previous reply?
Stephen
Hi Luke,
Version is NAKISA 4.0 and please find the log generated as below:
1. 08 May 2013 06:26:58 INFO com.nakisa.Logger - [Admin console] admin user 'admin' successfully logged in
2. 08 May 2013 06:27:22 INFO com.nakisa.Logger - ManagerInit: Time took to setup Build: 3192 ms
3. 08 May 2013 06:27:25 INFO com.nakisa.Logger - ManagerInit: Time took to load settingsResources: 422 ms
4. 08 May 2013 06:27:29 INFO com.nakisa.Logger - ManagerInit: Time took to load appResources: 1095 ms
5. 08 May 2013 06:27:50 INFO com.nakisa.Logger - ManagerInit: Time took to load extractorSchema: 41 ms
6. 08 May 2013 06:27:50 INFO com.nakisa.Logger - ManagerInit: Time took to load OTFSchema: 358 ms
7. 08 May 2013 06:27:50 INFO com.nakisa.Logger - ManagerInit: Time took to load Role Mapping: 3 ms
8. 08 May 2013 06:27:50 INFO com.nakisa.Logger - ManagerInit: Time took to load Roles: 2 ms
9. 08 May 2013 06:29:08 INFO com.nakisa.Logger - Tenant ID: 000
10. 08 May 2013 06:29:08 INFO com.nakisa.Logger - LoginSettingsObject Load: 13
11. 08 May 2013 06:29:08 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Credential provider SapSso
12. 08 May 2013 06:29:08 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Ticket is: null
13. 08 May 2013 06:29:08 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : Information extracted: TicketDecoder [backendUser=null, portalUser=null]
14. 08 May 2013 06:29:08 INFO com.nakisa.Logger - com.nakisa.framework.login.Credentials_SapSso : com.nakisa.framework.login.Credentials_SapSso.getCredentialsBase64Decode(HttpServletRequest, HttpServletResponse) : Name: null, Paassword: *, ID: null
15. 08 May 2013 06:29:08 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : User to authenticate null
16. 08 May 2013 06:29:08 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Authentication provider SapSso
17. 08 May 2013 06:29:08 INFO com.nakisa.Logger - com.nakisa.framework.login.Main : LogIn : Login process finished with errors
18. 08 May 2013 06:29:11 INFO com.nakisa.Logger - ManagerSave: Time took to save AppResources: 9848 ms
19. 08 May 2013 06:29:16 INFO com.nakisa.Logger - ManagerSave: Time took to save Roles and RoleMapping: 71 ms
20. 08 May 2013 06:29:17 INFO com.nakisa.Logger - ManagerSave: Time took to save LanguageDB: 701 ms
21. 08 May 2013 06:29:17 INFO com.nakisa.Logger - ManagerSave: Time took to save ExtractorSchema: 86 ms
22. 08 May 2013 06:29:17 INFO com.nakisa.Logger - ManagerSave: Time took to save OTFSchema: 398 ms
23. 08 May 2013 06:29:18 INFO com.nakisa.Logger - ManagerPublish: Time took to move Tenant Deltas: 833 ms
24. 08 May 2013 06:29:18 INFO com.nakisa.Logger - ManagerPublish: Time took to move Configs: 366 ms
Hi Luke,
Build number is 0901012500.
Regarding authentication, I have made the below settings only.
After removing user ID and password from data connection string, i went into security settings--> Authentication settings:
1. Selected option "Single Sign-On with Logon Tickets (Required Portal integration)"
2. In authetication source i have put the server and client details.
3. again in role mapping , i have removed user id and password from connection string.
These all are the changes i have done.
regarding last question, I am not much clear "How are you accessing the application?".
I am accessing it through portal only.
Thanks
Ishaan
Hello Luke,
I have moved the same build to quality and changed, connection strings.
Connection strings has been tested and they are successful.
Still User is not getting populated:
DEBUG INFORMATION:
Nakisa Roles | ROLE_Everyone |
Source Roles | ZMM_C_STORE_GR_CLZHYD2,ZDMS_O&M_0102,ZDMS_RC_0102,ZMMPOWER_DISPLAY,ZBASIS_ROLE,ZCO-CTM-TRANS,ZMM_C_STORE_GR_CLZPYRO,ZMM_C_STORE_GR_RAM,ZFI_CTM_TRANS,ZFI_ACCTS_PAYABLE,Z:CORE_TEAM_PROFILE_1,ZMM_C_PO_REL_CLZPYRO,ZFI_ZTRANS,Z:S_TABU_DIS,ZFI-CTM-TRANS,ZMM-CTM-TRANS,ZMMPOWER,ZALL_CTM_COMMON_REPORTS,ZASM12,ZDMS_CUSTOMER_0102,ZDMS_DMSALES_0102,ZMM_PO_CREATION,Z_WF_DEVELOP,Z_ZY_ALL_TCODES,Z:SE38,Z:S_BDC_MONI,ZLSMW,ZPP-CTM-TRANS,ZPP_COR6_MOVETY_261,ZPP_COR6_MOVETY_262,ZPP_MB31-MOVE-TY101,ZPP_STO_CHANGE,ZPP_STO_CREATION,ZPP_STO_RELEASE,ZPR_RELEASE_3,ZQM-CTM-TRANS,ZSALES_DESPATCH,ZSAPCONSULTANTS_MMTCODE,ZSD-CTM-TRANS,ZSD_ALL_EXPORTDOC,ZSD_AUTHGROUP_ASD,ZSD_CORE_TEAM_PROFILE,ZSD_CUSTOMER_BLOCK,ZSD_DELIVERY_BLOCK_CHANGE,ZSD_DISPATCH_PROFILE_CLZS,ZSD_DISPATCH_PROFILE_RAM,ZSD_EXCISEIVL_BOND,ZSD_EXCISEIVL_CUSTOMIZATION,ZSD_EXCISEIVL_DOCUMENATION,ZSD_EXCISEIVL_REPORTS,ZSD_REPORT_EXEC,ZSD_RO_COMMON_FIN_MUM,ZSD_RO_COMMON_TRANSACTION_BAN,ZSD_RO_COMMON_TRANSACTION_DEL,ZSD_RO_COMMON_TRANSACTION_KOL,ZSD_RO_COMMON_TRANSACTION_MUM,ZSD_S_H_TRANS,ZSD_TNPT_INVOICECYCLE,ZSD_TNPT_PRICEMAINT,ZSD_WEIGHBRIDGE_RAM,ZSD_ZTRANS,Z_I_SOGEN,Z_MIGO_TRANSACTION_DISPLAY,Z_RFC,Z_RFCACL,Z_SD_COMMON_TRANSACTION,Z_SD_COMMON_TRANSACTION_CLZS,Z_SD_COMMON_TRANSACTION_RAM,Z_SD_CSA_E,Z_SD_HEAD_RAM,Z_SPRO_DISPLAY_PROFILE,Z_SU01_DISPLAY_ONLY,Z_SWU3,ZMM_C_STORE_GR_CLZCOMMON,ZMM_C_STORE_GR_CLZHYD1,ZHR_ACCENTURE,ZFI_CTM_YEAREND_TRANS,Z:COMMON_TRANSACTIONS,ZDMS_VENDOR_0102,ZDMS_EXPSALES_0102,ZFI_ASSETS_TRANS,Z_S_ADMI_FCD,Z_S_DEVELOP,Z:CORE_TEAM_PROFILE_2,ZMM_P_PHINV_DOC,ZMM_P_VENDOR_ANLY,ZMM_QUALITY_CLEAR,ZOB52,ZPM-CTM-TRANS |
User Population | null |
User Authentication Row | {SapSsoTicket=AjExMDAgABBwb3J0YWw6QUNDSFJGVU5DiAATYmFzaWNhdXRoZW50aWNhdGlvbgEACUFDQ0hSRlVOQwIAAzAwMAMAA0hFUQQADDIwMTMwNTIzMDYwNAUABAAAAAgKAAlBQ0NIUkZVTkP%2FAQQwggEABgkqhkiG9w0BBwKggfIwge8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGBzzCBzAIBATAiMB0xDDAKBgNVBAMTA0hFUDENMAsGA1UECxMESjJFRQIBADAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwNTIzMDYwNDIxWjAjBgkqhkiG9w0BCQQxFgQUJochGADqHNuk0h%2F19q7pDjRdBZYwCQYHKoZIzjgEAwQuMCwCFCL5fDcM2cUc1j2CdsqK5tkpYNpFAhQP7b1nGhdmcSwyFeABgbETXYU9gA%3D%3D} |
Display Name | ACCHRFUNC |
ID | ACCHRFUNC |
Name | ACCHRFUNC |
Language | English |
Accessibility Mode | false |
Flex Mode | true |
Panel Mode | |
Date Formate | |
Theme | |
User Variables | null |
Name | Value |
---|---|
HAS_RESTRICTED_ACCESS_SESSIONID | |
ADMIN_CONSOLE_USER_OBJECT | |
ExpertSeekLinkedInSessionInfo | |
Admin_AdminAppResources | |
AllStates | |
Admin_Counts | |
Admin_Logger | |
RoleMappingXML_Lite | |
originalAppResources | |
SettingsLite | |
Nakisa.SAP.Custom.OTFProcessorNakisa.SAP.Custom.OTFProcessor.BAPI_SAP_OTFProcessor_ReportSAP_UserPopulation(Userid='ACCHRFUNC')dd-MM-yyyy | |
CDSPanelMode | |
ModuleControlState | |
OrgChartSessionCurrentRootValue | |
com.sun.faces.logicalViewMap | |
LangCacheBackup | |
IS_LOGGEDIN_SESSIONID | |
SAPOTFDownloadSchemaXML | |
CDSDateFormat | |
Admin_SettingsResources | |
com.sun.faces.application.StateManagerImpl.SerialId | |
Admin_Language | |
AppLite | |
RolesXML_Lite | |
Admin_BuidInfo | |
CountLite | |
NOMSLoginErrorMessageCaptionKey | |
SAPLANGKEYS | |
Tenants | |
Admin_authentication | |
RoleMappingXML | |
OrgChartState | |
CDSUserObject | |
javax.faces.request.charset | |
CDSRegisteredSessions | |
SAPExtractorDownloadSchemaXML | |
Admin_interMed | |
DCEncryptionPassword | |
CDSLanguageValue | |
Admin_UserControlResources | |
Admin_Authentication_MainUC | |
RolesXML | |
CurrentProfile | |
Admin_LOADEDBUILD | |
Admin_LangCache | |
Admin_PresentationResources |
LOG:
Please help.
Thanks
Ishaan
Hi Ishaan,
I don't see any relevant errors. Does your role mapping user have sufficient authorizations? Have you tried with a user that has SAP_ALL?
Also, is a user in the connection string for the orgchart? It should only be in the connection string for the role mapping connection.
Best regards,
Luke
Hi Luke,
I have done the role mapping. and correct role is getting populated as per mapping.
Still No user is getting populated.
As suggested earlier, I have set external debugger to FM /NAKISA/RFC_REPORT and it is getting triggered.
In fact user ID is getting populated till this point in debug mode:
still in Nakisa debug page i don't see any user populated.
Please suggest.
Thanks
Ishaan
Hi Luke,
I have checked the same.
field ORGUNIT_ID doesn't have any value in this case. this field is passed to FM as input.
whereas for the successful case(which i debugged in another server), this same field has the value for ORGUNIT_ID field.
Could you please let me know , from which FM we get this field ORGUNIT_ID, is it from /NAKISA/RFC_REPORT ?
Every information is getting populated correctly from FM /NAKISA/RFC_REPORT.
Please suggest.
Thanks
Ishaan
Hi Ishaan,
I would export your configuration from the 2 environments and compare the configuration in the Authentication folder. A great tool to use is DiffMerge, which I believe is freeware.
Can you be 100% sure that the user in your role mapping connection string has sufficient authorizations? If they don't have SAP_ALL can you try adding it for testing? Also check in SU53 for that user and run a trace in ST01.
Best regards,
Luke
Hi Luke,
I compared config and checked SU53 also. but didn't get any help.
I have raised OSS note to SAP and below is their response. can you please suggest me something as per SAP reply:
Resolution to this is usually not a Nakisa setting but a missing portal
setting.
If this is only occurring on one system I would advise you to compare
portal settings (that dela with Nakisa) with that of users in your
Dev system.
Also, as another test to narrow down location of problem, I like to
ask you to point your affected system towards your dev backend
to double check it's not a setting sin the backend.
After these two checks
In order to troubleshoot this issue, please provide a diagtool report
according to SAP note #1045019 (if any problem occur, please use the
offline diagtool on note #982127). It's really important to reproduce
the error during the diagtool execution.
Follow these steps: Open the Diagtool page -> Click on 'Go' -> Click
on 'Add All' -> Click on 'Start' -> Reproduce the issue -> Click on
'Stop' -> Attach the results on SAP message.
Besides this tool output, please also provide following files:
- /usr/sap/<SID>/<InstanceID>/j2ee/cluster/serverX/log/* (latest file
after error reproduction from all server nodes)
- /usr/sap/<SID>/<InstanceID>/j2ee/cluster/serverX/log/system/*
- /usr/sap/<SID>/<InstanceID>/j2ee/admin/*
Please capture a screenshot of the screen received including the
URL field.
Also, please include the corresponding default trace.
Default trace file is located at:
/usr/sap/<SID>/<instance_dir>/j2ee/cluster/server<server_number>/log
Thanks
Ishaan
Hi Ishaan,
I would first point your QA Nakisa to your DEV SAP to see if the error still occurs. This would prove if it is indeed the Nakisa side or the SAP/Portal side that is causing the problem.
The best way to solve this might be to get a specialist to look at your environment.
Best regards,
Luke
Hi Luke,
I connected quality build with Development system and found it is still not working.
Also, When i connected my Development NAKSIA to quality SAP then also it didn't work.
which is working perfect if i connect it to development system.
I am not able to understand from which side is the problem .
Also, I am not getting any issues in log
Thanks
Ishaan
Hi Ishaan,
I would delete your configuration, reset the build, export your configuration from Dev Nakisa, import the configuration, set the connection strings and publish. This will tell you if it's the configuration or the build/SAP.
Are you sure that you have the ABAP Add-on and Nakisa Transport Package in SAP?
Best regards,
Luke
User | Count |
---|---|
104 | |
12 | |
11 | |
6 | |
6 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.