Quantcast
Channel: SCN: Message List - SAP Identity Management
Viewing all 5016 articles
Browse latest View live

SAP IdM 8.0 backend and AS Java on the same Server

$
0
0

Hi All,

 

I got in a very interesting discussions lately about the SAP NW IdM 8.0 and NW AS Java landscape.

A customer who is planning to implement SAP NW IdM was told that both SAP NW IdM 8.0 and AS Java can share the same server in Production.

I know it's a best practice to separate SAP NW IdM backend application and SAP NW AS Java, but how do you convince a customer?

Technically it's possible to have both on the same server but from a practical point of view this is bad design.

 

The customer doesn't have any other SAP applications, so the AS Java will be used for SAP NW IdM only.

 

What are the cons and pros for having SAP NW IdM and NW AS Java on the same server?

 

I am looking forward hearing your thoughts?

 

Regards,

Ridouan


Re: SAP IdM 8.0 backend and AS Java on the same Server

$
0
0

Hello Ridouan,

 

I do not see any real reason why you should not run the AS JAVA for the IDM WebUI on the same server as IDM is running on. Sure, when you integrate IDM into an already set up AS JAVA that is handling other applications as well, this might tamper your overall system performance but if the AS JAVA is solely set up for IDM purposes I would even recommend to install it on the same server. Less cross configuration effort, no chances of getting mixed up with different JAVA versions, no potential connection problems due to firewall settings etc. You can even use a local certificate for the SSL connection between the AS JAVA and the eclipse environment.

 

But maybe there are really cons to this, so lets hear other oppinions.

 

Regards

Tobias

Re: Getting Error in To Custom Pass

$
0
0

Hi Dominik,

 

 

I have read your article on custom Java connectors. I have just started to write my own custom connector.

 

I have been unable to find any Javadocs that describe the classes in DSE.jar, specifically the FromCustom class. I can see you have described the class methods in the article. Do you know if there exists official Javadoc for this class and if so, where can I find it ?

 

Regards

Thomas Christensen

Re: Getting Error in To Custom Pass

$
0
0

Thomas,

 

You used to be able to get it from the Development team.  You might need to open an OSS Note.

 

Matt

Re: SAP IdM 8.0 backend and AS Java on the same Server

$
0
0

I can't say that I see any real issues with this either. The IDM components don't take up a whole lot or resources, and there are some latency/response benefits to having the applications "close" to each other. Odds are they share the same database as well.

 

To be fair, this is entirely based on my experience with IDM 7.X, but from what I have read and experienced with 8.0, I don't see any real reason that would change.

 

Fedya, do you have any thoughts on this?

 

Matt

Re: Is MS Exchange 2013 supported on SAP IdM

$
0
0

Hi Patrick,

 

Just upvoted!

 

Matt

Re: SAP IdM 8.0 backend and AS Java on the same Server

$
0
0

Hi Ridouan,

 

I think the earlier "recommendation" of not having IdM on same server that has other SAP components was related to the thing that IdM is not installed with sapinst and the default installation directory is the /usr/ where other SAP software is installed.

 

Since I don't work in basis area so no idea about the real risk.

 

regards, Tero

Re: SAP IdM 8.0 backend and AS Java on the same Server

$
0
0

Hi,

I agree with Matt. In 8.0 there are no changes that would require to be on different machines. Also most of our test environments, which run about midsized company, NW and IDM are on the same machine. Especially in your case where NetWeaver is used only for IDM it is also cost effective.

Best wishes,

Fedya Toslev


Re: SAP IdM 8.0 backend and AS Java on the same Server

$
0
0

Hi Tero,

 

Interesting, since that is where I've always installed IDM and I don't think I've ever had a significant issue. Even my couple of attempts at 8.0 have used this setup and I don't know that I have ever had any "coexistence" issues. However, I can certainly see how it could concern people.  However IDM people know that the real interaction occurs in the configuration of the DataSource and the application of the SCA files, which go right to NetWeaver anyway.

 

Matt

Re: SAP IdM 8.0 backend and AS Java on the same Server

$
0
0

Thanks, Fedya. At some point will SAP come out with some official guidance on this?

 

Thanks,

Matt

how to remove the roles assigned to user with status as 1536/1025

$
0
0

Hello experts,

 

Warm Greetings!!

 

I have encountered an situation where the user requested for assignment of the role and immediately requested for deassignment of the same role.

 

Actions perfromed:

  • I have tried removing the role from IDM Standard UI and even from Console using the attribute operator {e} but still the roles is not deleted.
  • Add the same role to the user as {Direct_reference=1}, but getting overlapping error as the role is already assigned to the user
  • Checked for orphan privileges and no orphan priv's available for that user
  • Check for the mcexecstate value for the user, then i found the status is in 1536.

 

Please find the below screen shot regarding the role assignment status for the user

inconsistent privs.PNG

 

In some earlier posts i believe i have seen some one suggesting to change the mcexexstate to 1 and then reconcile the user assignments and then remove the role.

 

If the above solutions needs to be implemented then which record i need to update in the mxi_link table. is it only record with status with 1536?

 

Can you kindly help me in this scenario.

 

thanks in advance.

Re: how to remove the roles assigned to user with status as 1536/1025

$
0
0

Hi DP,

 

Have you tried to remove using the linkid?

 

1) Get the link ID if the assignment from view idmv_linkaudit_basic

2) In toIdentityStore pass, it should be like {d}{linkid=xxxx}<priv or role name>

 

Kind regards,

Jai

Re: Getting Error in To Custom Pass

Re: how to remove the roles assigned to user with status as 1536/1025

$
0
0

Hi DP,

 

Did you reconcile the Role  in IDM ?

Normally role with status as 1536/1025 , if reconciled it would get removed automatically.

Before and after reconciliation of role, check if mcorphan = 1 or 0 if role does not get removed from the user.

 

If this does not work, then run below query and see if it works.

update mxi_link set mcdelaudit=NULL,mcchecklink=sysdate,mcexecstate in (1536,1025) where mcthismskey=<usermskey> and mclinktype=2 and mclinkstate<2 and mcothermskey=<rolemskey> ..

 

 

Regards,

Pradeep

How to stop/start dispatcher on Linux command line

$
0
0

Hello,

 

We have installed IDM8.0 on a Linux envirnoment, now I want to start/stop the dispatchers from command line and automatic via the profiles.

The IDM7.2 syntax doesn't seem to work, and when executing the Dispatcher_Service_xxx scripts there  are only a few options (runonce|checkconfig|test)

I can't find the right syntax in the manuals, pls advice

 

Best regards,

Rob


Re: How to stop/start dispatcher on Linux command line

Re: Could not execute task Create Identity for entry null

$
0
0

Hi Jai,

 

I was having the same issue and we found out that some of the tables, procedures and columns were missing in the database. We have upgraded the IDM to a new patch and didn't run the update script "mxmc-update" which is located in the Core -> DatabaseScheme folder. After we run the script, everything works fine now. Please check the update-mxmc log file to see if everything run successfully. I hope it will help you as well.

 

Warm regards

Oktay

Re: Unable to set value for attribute Assigned Privileges. Entry does not exist: SAP IDM 7.2 SP8

$
0
0

Hi Deepak ,

 

What was the solution for the error "Unable to set value for attribute assigned privileges. Detailed information(may not be translated): Entry does not exist mentioned your point 2.

 

I also get same error for same action.

 

Thank you.

 

Kind Regards,

Pradeep

Re: Could not execute task Create Identity for entry null

$
0
0

Hi Oktay,

 

Awesome!

Thanks for sharing. I will see if we are still getting this error and apply mxmc-update.

 

Kind regards,

Jai

Apply entrytype filter to Data Source in Virtual Directory Server (VDS)

$
0
0

Hi guys,

 

I'm trying to create a VDS configuration that will expose certain attributes to another application.  As part of this I wanted to apply a filter on the Data Source so that only entries of type MX_PERSON are available to search.  Currently when doing an LDAP query on the base node it's possible to see all entries including privileges, groups etc.  I know it's possible to filter in the LDAP query, but this isn't what I'm after.

 

I created the configuration using the 'IDM Identity Center 72.xml' template and then have tried applying applying the filter by maintaining the 'Additional filter' field on the 'Database' tab of the Data Source.  I have tried several different combinations such as:

mcEntryType=MX_PERSON

mcEntryType='MX_PERSON'

mx_entrytype=MX_PERSON

mx_entrytype='MX_PERSON'

objectclass=MX_PERSON

objectclass='MX_PERSON'

and updated the configuration each time before re-attempting the search.  Nothing seems to work.  Based on the VDS help documentation it is my understanding that whatever information entered here should be included in the SQL WHERE clause.  Based on that understanding 2 or 4 from the above should work on an Oracle database.  I can't find any information anywhere on the data structure used for this template so am not sure what table/view it might be pulling from.

 

The connector is using MxIDStoreFlat72.

 

Anyone any ideas?  Is there anything that I'm missing?

 

Many thanks in advance.

Pat

Viewing all 5016 articles
Browse latest View live