Labels
Hot Topics

Common Support Questions

Fear not, help is a click away. Search, ask Community, or view an article below.

Ask the Community
or
Introduction The new Anaplan APIs and integration connectors leverage Certificate Authority (CA) issued certificates.  These certificates can be obtained through your company's intermediary CA (typically issued by IT or Security group) or by purchasing it from a trusted Certificate Authority. Anaplan clients leveraging REST API v2.0 use both basic authentication and CA certificate-based authentication. Examples of these clients include Anaplan Connect 1.4.x, Informatica Anaplan Connector, and Mulesoft 2.0.1. If you are migrating your Anaplan Connector scripts from v1.3.x to v1.4.x, your available options for authentication will be basic authentication or CA certificate-based authentication. This article outlines steps to perform in preparation for CA certificate authentication. Steps to Prepare for CA Certificate Authentication Obtain a certificate from a CA authority Convert CA certificate to either a p12 or pfx file Import CA certificate into Internet Explorer/Mozilla Firefox to convert to a p12/pfx file Export CA certificate from Internet Explorer/Mozilla Firefox to convert to a p12/pfx file Optional: Install OpenSSL tool Convert the p12/pfx file into a Java Keystore Manage CA certificates in Anaplan Tenant Administrator Validate CA certificate authentication via Anaplan Connect 1.4 script. Obtain a Certificate From a CA Authority You can obtain a certificate from CA authority by submitting a request or submit a request with a certificate signing request (CSR) containing your private key.  Contact your IT or Security Operations organization to determine if your company already has an existing relationship with a CA or intermediary CA. If your organization has an existing relationship with a CA or Intermediate CA you can request a client certificate be issued for your integration user. If your organization does not have an existing CA relationship, you should contact a valid CA to procure a client certificate. The type of certificate needed is a TLS Web Client Authentication or an E-mail protection certificate.  The OID can help your IT/Security request the correct type of certificate. The OIDs for this theses type of certificate are: TLS Web Client Authentication (1.3.6.1.5.5.7.3.2) E-mail protection (1.3.6.1.5.5.7.3.4) Convert CA Certificate to Either a p12 or pfx File Import CA certificate into IE/Firefox to convert to a p12/pfx file. This section presents steps to import CA certificate into Internet Explorer and Mozilla Firefox. CA certificate will be exported in the next section to either a p12 or pfx format. CA certificates may have .crt or .cer as file extensions. Internet Explorer Within Internet Explorer, click on the Settings icon and select Internet option. Navigate to the Content tab and then click on Certificates. Click Import to launch the Certificate Import Wizard. Click Browse to search & select the CA Certificate file. This file may have a file extension of .crt or .cer. If a password was used when requesting the Certificate, enter it in this screen. Ensure that the “Mark this key as exportable” option is selected and click Next. Select the certificate store in which to import the certificate and click Next.  Review the setting and click Finish.  The certificate should appear in the certificate store selected. Mozilla Firefox Within Firefox, select Options from the settings menu. In the Options window, click Privacy & Security from the navigation pane on the left. Scroll to the very bottom and click on the View Certificates… button. In the Certificate Manager, click the Import… button and select the certificate to convert and click Open. If a password was provided when the certificate was requested, enter that password and click OK. The certificate should now show up in the Certificate Manager. Export CA Certificate From IE/Firefox to Convert to a p12/pfx File This section presents steps to export CA certificate from Internet Explorer (pfx) and Mozilla Firefox (p12). Internet Explorer (pfx) Select the certificate imported above and click the Export… button to initiate the Certificate Export Wizard.    Select the option “Yes, export the private key” and click Next. Select the option for Personal Informatica Exchange – PCKS #12 (.PFX) and click Next. Create a password, enter it and confirm it in the following screen.  This password will be used later on in the process. Click Next to continue. Select a location to export the file and click Save. Verify the file location and click Next. Review the export settings, ensure that the Export Keys settings says “Yes”, if not start the export over. If all looks good, click Next. A message will appear when the export is successful.    Mozilla Firefox (p12) To export the certificate from Firefox, click the Backup… button in the Certificate Manager.  Select a location and a name for the file.  Ensure that the Save as type: is “PKCS12 Files (*.p12)”. Click the Save button to continue. Enter a password to be used later when exporting the public and private keys. Click the OK button to finish. Install OpenSSL Tool (Optional) If you haven't done so already, install the OpenSSL tool for your operating system.  List of third party binary distributions may be found on www.openssl.org or here. Examples in this article are shown for Windows platform. Export the Keys From the p12/pfx File Execute the following to export the public and private keys exported above. In the commands listed below, the values that are customer-specific are in Bold Italics. There is a screen shot at the end of this section that shows all of the commands run in sequence and it shows how the passwords relate between the steps. Examples in this article assume the location of the certificate as the working directory. If you are executing these commands from a different directory (ex: ...\openssl\bin), then ensure you provide absolute directory path to all the files. Export the Public Key Public key will be exported from the certificate (p12/pfx) using OpenSSL tool. The result is a .pem (public_key.pem) file that will be imported into Anaplan using Anaplan's Tenant Administrator client. NOTE: The command below will prompt for a password. This password was created in steps above during export. openssl pkcs12 -clcerts -nokeys -in <path to p12/pfx file> -out <path to public key file> Edit the Public Key File Remove everything before ---Begin Certificate --- (section highlighted in yellow). Ensure that the emailAddress value is populated with the user that will run the integrations. Export the Private Key The private key can be exported in two methods, one that will encrypt the private key and one that will leave the key non-encrypted.  NonEncrypted: This command will prompt for a password. This password is the password created in the export above. It will not prompt for a password for the output file. openssl pkcs12 -nocerts -in <path to p12/pfx file> -out <path to unencrypted private key file> -nodes Encrypted: This command will prompt for a password. This password is the password created in the export above. It will the prompt for a new password for the Private Key. It will also ask to confirm that password.  openssl pkcs12 -nocerts -in <path to p12/pfx file> -out <path to encrypted private key file> When using the private key directly in an Anaplan Connect script, the file must be converted to PKCS8 format. The command below will convert that file. openssl pkcs8 -inform PEM -in <path to encrypted private key file> -outform PEM -out <path to pkcs8 formatted private key file> -passout pass:<pkcs8 file password> Creating a Java Keystore  Create P12 Bundle This command will prompt for the private key password from the step above. It will the prompt for a new password for the Bundle. It will also ask to confirm that password. openssl pkcs12 -export -in <path to public key file> -inkey <path to encrypted private key file> -out <path to bundle file> -name <alias name for the entry> In the command above,  public_key.pem is the file that was created in the step "Export the Public Key".  This is the file that will be registered with Anaplan using Anaplan Tenant Administrator.  private_key.pem is the file that was created in the step "Export the Private Key". bundle.p12  is the output file from this command, which will be used in the next step to create Java Keystore. Scott is the keystore alias. Add to Java Keystore (jks) Using keytool (typically found in <Java8>/bin), create a .jks file. This file will be referenced in Anaplan Connect 1.4 scripts for authentication. The Command below will prompt for a new password for the entry into the keystore. It will also ask to confirm that password.  It will, then, prompt for the Bundle password from the step above. keytool -importkeystore -destkeystore <path to java keystore file> -srckeystore <path to bundle file> -srcstoretype PKCS12 In the command above: my_keystore.jks is the keystore file that will be referenced in your Anaplan Connect 1.4.x scripts. bundle.p12 is the P12 bundle that was created in the last step. Manage CA Certificates in Anaplan Tenant Administrator In this step, you will add public_key.pem file to list of certificates in Anaplan Tenant Administrator. This file was created & edited in the first two steps of the last section. Log on to Anaplan Tenant Administrator. Navigate to Administration --> Security --> Certificates --> Add Certificate. Validate CA Certificate Authentication via Anaplan Connect 1.4.x script. Since you will be migrating to CA Certificate-based authentication, you will need to upgrade your Anaplan Connect and associated scripts from v1.3.x to v1.4.x. Community article, Migrating from Anaplan Connect 1.3.x.x to Anaplan Connect 1.4.x will guide you through necessary steps. Follow the steps outlined in the article to edit & execute your Anaplan Connect 1.4 script. Examples provided (Windows & Linux) at the end of the article will validate authentication to Anaplan using CA Certificates.
View full article
If you are having difficulty with importing, this guide will walk you through some steps to help you identify and resolve your issue. Start with Option 1, and only proceed to Option 2 and then Option 3 if the preceding steps do not resolve your issue. If you continue to experience difficulty with your import, please  contact Customer Support  via email, phone, or chat.  Option 1 Remove the original source model data source from your target model, and try importing again. You will need to delete the mapping to the original model before remapping and reconnecting to this copy of the model. Go to Settings, and select Actions. Click Manage Import Data Sources. Look for the source model or source of the problem import. Click it, then press Remove. Now you can re-attempt your import, but you will need to re-build/re-map it. Option 2 You may have experienced this error if you import the model to another workspace than when your import was set up. The following scenario may describe how this occured: Source model A on Core 1  Target model B on Core 1 On the target model, import from source model A to your list  Import target model A to core 2  On the target model, select your list and import from source This produces the error "Failed to locate model (source model)." To fix this, remove your original source model data source from your target model, and try again.  Option 3 Close all tasks in the problem workspace and try to import again. To do this, click on your name on the top right of your workspace. Click Manage models. Click Manage tasks. Click on each task and end it. Open the desired import(s). Delete the source file from the model. Attempt to upload the desired import(s) again.
View full article
These are some common questions regarding data importing and exporting. Please review the information below and follow the instructions to troubleshoot your issue. If after doing so you still have questions or experience difficulties, please contact Support. I have attempted to run an export action but it did not create a file to download. This happens when the file for export becomes unavailable on the server. Read this article to help resolve this issue: Importing and Exporting your data While running a model-to-model import process this message displays: Import Connector: Failed to retrieve data from remote server (caused by : HTTP/1.1 500 Internal Server Error) This may occur when there is no response from the source model for the import. Retry the import action. If it isn’t successful, create a case by emailing support@anaplan.com . Please include the following information: a screenshot of the error the names of the source and target models the process/action name the time the process failed An import process is stuck at X% and is still processing. Wait for the action to finish or, if it is taking longer than usual, note the duration when the import was started. Open a support case by emailing support@anaplan.com. Please include the following information: Describe the type of process (is it a model to model, module to module, or list to module process?). The names of the model, module, and process. Whether the action/process is run from a dashboard. The purpose of the action (is it deleting records, updating data, or adding data?). Whether a specific action or all the actions in the model are affected.
View full article
Actions are required by Anaplan workspace administrators to update your Anaplan environment to support TLS versions 1.1 or 1.2. Why is this change necessary? Transport Layer Security (TLS) is a security protocol that provides privacy and security to applications that communicate with each other over a network. This protocol ensures that connections are made between the intended end points using encryption and identity verification. As an older version, TLS 1.0 has several security vulnerabilities that are fixed in TLS 1.1 and 1.2. As a result, it is now considered standard security practice to disable TLS 1.0 for websites, web applications, and APIs and only support TLS 1.1 and TLS 1.2. We are confident the improved security provided by transitioning support solely to TLS 1.1 and 1.2 is worth the minor inconvenience created by this change. Actions required to avoid any disruptions to your Anaplan experience. This change is effective as of October 7, 2017. If you have not carried out these steps, please do so as soon as possible to ensure that your organization is not affected. Note that after this change, devices that run on iOS 8 or older and Android 5 or older are no longer supported. Upgrade Anaplan Connect to Java 8 if your organization uses Java 6.x or 7.x with Anaplan Connect. Test clients such as Anaplan Connect or custom integrations against the API URI with TLS 1.0 disabled.  Upgrade browsers that do not support TLS 1.1 or higher. Upgrade Anaplan Add-ins for Microsoft Office. Below you’ll find additional details for each action item: Step 1: Upgrade Anaplan Connect to Java 8  Upgrade to Java 8 using one of these options if your organization uses Java 6.x or 7.x with Anaplan Connect:  Option 1: Write a shell script that sets the JAVA_HOME environment variable to the location of the Java 8 Runtime Environment you want to use.  Option 2: Contact Anaplan Support for a script to replace AnaplanConnect.bat or AnaplanConnect.sh. The replacement script ensures that you are using a supported version of Java for Anaplan Connect. Option 3: If you have already installed Anaplan Connect, create your own replacement script: Navigate to the Anaplan Connect directory. For example, on Windows the directory might be C:\anaplan-connect-1-3-3-3. Make a backup copy of the script that calls Anaplan Connect: Windows: Make a copy of bat and name that backup copy AnaplanClient.bat-OLD. Linux/UNIX/MacOS: Make a copy of sh and name the backup copy AnaplanClient.sh-OLD. Edit the script that calls Anaplan Connect: Windows:In bat replace "%JAVA%" with the version directory of Java 8 to use for Anaplan Connect. Linux/UNIX/MacOS:In sh to replace "${java}" with the version directory of Java 8 to use for Anaplan Connect.   Windows .bat file Linux/UNIX/MacOS .sh file Original: rem Start the Java virtual machine "%JAVA%" %JAVA_OPTS% -classpath "%CP%" com.anaplan.client.Program %* # Start the Java virtual machine exec "${java}" ${JAVA_OPTS} -classpath "${classpath}" com.anaplan.client.Program "$@" Change to Java 8: rem Start the Java virtual machine "C:\Program Files\Java\jre1.8.0_66\bin\java" %JAVA_OPTS% -classpath "%CP%" com.anaplan.client.Program %* # Start the Java virtual machine for MacOS involves /Library exec "/Library/Java/JavaVirtualMachines /jdk1.8.0_60.jdk/Contents/Home/bin /java" ${JAVA_OPTS} -classpath "${classpath}" com.anaplan.client.Program "$@" The directory name on your computer might differ from these examples. For more information, see Data Integration on Anaplan Community. Step 2: Test Clients You can test clients such as Anaplan Connect or custom integrations by changing the API URI in your scripts to a URI that has TLS 1.0 disabled. This verifies whether your clients work with TLS 1.1 or higher. To test your custom scripts: Replace the API URIs in your custom scripts with the API test URI. For instance: -service https://api2.anaplan.com. Run the scripts and confirm whether they ran successfully. (Note that because the test API server is used to verify if your client works on TLS 1.1+, you only need to send basic API requests from their client and not large volumes of data.) Step 3: Upgrade Browsers Upgrade browsers that do not support TLS 1.1 or higher. We recommend using the latest versions of Internet Explorer, Mozilla Firefox, Google Chrome, or Apple Safari. Step 4: Upgrade Anaplan Add-ins for Microsoft Office We have released a new version of both the Excel and Powerpoint Add-ins. Previous versions that use TLS 1.0 are no longer able to access Anaplan. If you still have previous versions, please follow the prompts to automatically download and update to the new version the next time you open Excel or Powerpoint. If you don't receive prompts or you prefer to download the latest versions manually, you can do so from the Anaplan Downloads form. Questions, Comments, or Concerns? Feel free to contact us at support@anaplan.com for further assistance.
View full article
Still need help?