Skip to Content
avatar image
Former Member

Federation Between Portals, J2ee_Guest Permission Problem

We have 2 portals, Netweaver 2004s Ver 7.

Producer is patch 11

Consumer is patch 12

If we give the j2ee_guest super admin priviledges then we can see content from the producer, otherwise if we take the priviledge away we get an error message in the logs complaining about permissions.

The err msg in the SSO Trace tool is:

<b>The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.Bridge or the service was not found.</b>

I can't find that service in my portal so thats wierd.

Any help is appreciated.

Mike

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

12 Answers

  • Best Answer
    avatar image
    Former Member
    Aug 21, 2007 at 04:45 PM

    Hi Mike,

    By default, in a newly installed portal only 'Super Administrator' has all permissions for PCD folder and all content therein. That is why j2ee_guest can see all content when assigned 'Super Administrator' role. You should modify the permissions on objects in producer Portal that you want to share with the consumer portal to match the permissions of j2ee_guest. On all objects that you want to share with consumer portal, at least grant j2ee-guest the 'End User' permission.

    Hope this helps.

    Vishwas.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 21, 2007 at 08:41 PM

    Mike,

    There is a possibility that the service 'com.sap.portal.prt.soap.Bridge' is in a restricted security zone that users from Consumer portal are not able to access.

    Find service 'com.sap.portal.prt.soap.Bridge' in Producer portal in System Administration --> Permissions --> Portal Permission --> Security Zones --> and try to assign it to a less restrictive security zone. That should help.

    Vishwas.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 23, 2007 at 04:16 PM

    Mike,

    There is a workaround which I do not use normally, but when everything else does not work, this solves the issue.

    Follow Content Administration->Portal Content->Portal Administrators->Super administrator role and open permissions. Assign your user just the 'End User' permissions on both sides and test.

    This works most of the times.

    Vishwas.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 21, 2007 at 05:25 PM

    Vishwas, Thanks for your response.

    I get that my object should have permission by j2ee_guest. The object or service that the portal is complaining about is com.sap.portal.prt.soap.Bridge and I can't find that service.

    My j2ee_guest in the producer portal has these permissions:

    roles: none

    group: Everyone, Anonymous Users, SAP_J2EE_GUEST, SAP_BC_JSF_COMMUNICATION

    Hope this helps.

    Mike

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Mike,

      isn't it correct that when you give j2ee_guest user super admin privileges, the content is visible.

      <i>'If we give the j2ee_guest super admin priviledges then we can see content from the producer, otherwise if we take the priviledge away we get an error message in the logs complaining about permissions.'

      The err msg in the SSO Trace tool is:</i>

      So, the issue is primarily of permissions.

      Follow this and you should be in good shape.

      Inside the producer portal, modify the permissions of content that you want to display in consumer portal to include any group containing j2ee_guest user have 'End User' permission. It should make the content visible in consumer portal.

      Let me know if this does not help.

      Vishwas.

  • avatar image
    Former Member
    Aug 21, 2007 at 07:05 PM

    Vishwas,

    No, it didnt help any. On the producer portal I added the j2ee_guest to my role BI_test_user and the role had specific permission to content. When the user logged in the content was not there.

    <b>In producer portal</b> I am thinking that there is some SOAP admin role or something that I need to give to j2ee_guest.

    <b>In the consumer portal</b> i need to assign a role like BI_test_user to some user in my system. When some user logs in to the consumer portal they should see the content.

    Make more sence?

    Mike

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 21, 2007 at 10:14 PM

    Vishwas,

    I looked there and I don't see that service. I see com.sap.portal with folders "high_safety", "low_safety", and "no_safety"

    Even a search of objects using bridge does not produce and object.

    You think I need to get the object form somewhere?

    Mike

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 21, 2007 at 11:55 PM

    Hi Mike,

    You can see the service 'com.sap.portal.prt.soap.Bridge'. in System Administration-> Support->Portal Runtime->Soap Admin->Web Services.

    If you do a search on bridge in System Administration-> Support->Portal Runtime->Soap Admin->Custom Types you can make out that this service is part of com.sap.portal.ivs.global.bridge folder. This folder can be found in following path.

    System Admin->permissions->Security Zones->sap.com->NetWeaver Portal->High_safety->com.sap.portal.ivs.global.bridge. Open this folder and you will see that only administrators have permissions for this folder. Add your user in permissions but don't grant any administrator permissions, just assign End User permission. That should do the trick.

    Hope this helps.

    Vishwas.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 23, 2007 at 02:41 PM

    Vishwas,

    That was an awesome answer. I didn't find that service initially, but I did a "deep init" and it got installed. It has a green ck next to it.

    Also, I went into the permissions and added J2ee_guest there as an end user.

    Bad news is it still didnt work. I felt pretty good about it working, but there must be some other problem.

    Mike

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 23, 2007 at 03:04 PM

    Mike,

    Did you grant permission to J2ee_guest on both the portals?

    Vishwas.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 23, 2007 at 03:27 PM

    In the producer portal j2ee_guest has the *.global.bridge end user permission

    In the consumer portal a user has a role BI_User that exists in the producer portal.

    Add comment
    10|10000 characters needed characters exceeded