It's a Database only datasource. The java AS was installed as standalone and we want to keep it like that.

In this case I don't see the difference between FI authentication and UME authentication in BD config, since FI authentication is using the UME anyway.

If I change my datasource to ABAP in UME then it is working, but then what is FI authentication?

I hoped that FI authentication meant to skip the java authentication by going directly to the backend the same way when I test the pool user connection test in the BD config.

So it is not possible to keep the Java AS with database only datasource?

Thansk,

Zoltan

Hi,

Firstly, If you are using the FI_Usermanagement and you have not changed the user store from your stand alone java stack to the

abap data base of your is-u system(abap) then you have to create the users on both the systems i.e your uces system and the abap system. After doing this you have to do the bp or contract account mapping ot the user in the backend system.

To do this mapping go to SU01-> select the user then navigate to Goto->refernces then map the business partner or the contract account.

Regards,

Vamshi.

I think I found out what the problem was:

Created the same user in the java as and logged in BD.

First it passed the logon screen then halted with:

A general problem has occurred within the logon. The error message is:

In the backend I got dumps with SIGNON_REJECTED with blank username.

The java log showed that the Jco client for user could not be constructed. That is becasue the is no user mapping for the webuser to the backend user.

I guess I need to use a portal and SSO.

Thanks,

Zoltan

hi,

this seems to be quite an interesting thread and maybe I finally found someone who can answer my following question.

Lets assume I have an abap datasource for my ume that points to an CUA (Central User Administration) abap system (eg. CUA). (This shouldn't bee my FI/ CO System!!!)

In my XCM I have set up an default Application Configuration with UME_UserManagement, connected to an FI/CO System running my FI-AR (eg. FI1).

Now I would assume that my webusers should only be maintained in CUA System (username, password, RefUser, account assignments). In my FI1 System I would only set up the RefUser with appropriate application rights and the pooluser.

When the webuser logs in, he is authenticated against UME (=> CUA) (using username+pwd) . Then BD fetches the RefUser and the account assignments set up in the CUA and establishes an Jco connection to FI1 with my pooluser to read FI data.

Please tell me if I am wrong and what I am wrong with!!

THX a lot!!

Best Regards

hi,

I think you're right. Since your CUA is your external user management.

However, I am not sure about where you need to maintain the account assignment and refuser.

The manual says that if you use UME then the users are managed using the UME. BD will not fetch the RefUser and account info from the CUA, but from the UME, from the 'BillerDirect' tab.

I think there is no relationship between the account assignment in UME and the references in the ABAP user master. If you were using LDAP/AD as an external user management then I don't think you'd be able to extend the AD schema with these information, hence it is stored in the UME.

Unfortunately, I cannot test this scenario, I am merely speculating.

Cheers

mmmh...

are you sure that the RefUser and acc. assignments cannot be fetched from the ABAP Datasource?

"BD will not fetch the RefUser and account info from the CUA, but from the UME, from the 'BillerDirect' tab. "

As far as I understand the config guide (see attached part form confGuide), it should be possible to import users with refuser and accountassignments into UME as well as extend the LDAP interface to external LDAP Systems.

It would be realy odd if you could have a UME ABAP backend and still need to maintain refuser and account assignment in the ume.

asd

Hi,

I am not sure , my (old) config guide doesn't go into details about external authentication.

It can only be verified by testing it, but I cannot change my system's config right now.

Again, it's only my assumption is that the CUA is a similar external system as and LDAP/AD.

If I had mu UME connected to AD, then where would be the customer account info stored? or any other system that could be connected to UME?

For all these systems the common area is the UME and I guess that's why the UME is extended with the BillerDirect tab for the users.

Maybe next week I can do some testing in my sandbox.

Cheers,

Zoltan

Hi,

For using biller direct tab, you need to deploy the FSCM component. You should create a referecne user in your UCES system and the same in your ABAP system. In UCES as it is java stack system only you have to create it as internal service user. Then in your biller direct tab you can use this user as profile.

Regards,

Vamshi.