UserID & Password Validation

Similar Messages

• Use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature?

  Dear all,
  I am looking to setup the use of active directory userid/password authentication instead of SAP R/3 User/Password for digital signature. We SSO to the backened ABAP AS via an SAP NW Portal to which SPNEgo kerberos authentication is setup. Today we specify R3 user id/password to digitally approvae a lot release. The idea is to have users maintain one AD password and don't have to remember the R/3 password anymore and also our Security team to avoid password maintenance.
  I know there are 3 options for digital signature and
  System signature with authorization by user ID and password (We use this currently)
  Digital User signature with verification - (We would like to use this with AD userid/password, so the system still ask the users their AD userid/password for the authentication when they try to "sign" a document.)
  User signature without verification
  Do you think there is a way to configure the system in order to ask and check the active directory userid/password instead of SAP R/3 password? Where can I found documentation about it ?
  I have several different versions of AS ABAP starting from NW 7.02 to NW 7.31.
  My active directory is based on Windows 2008.
  Thanks in advance!!
  Dhee

  Actually enabling Kerberos for SSO purposes and enabling Kerberos for digital signatures are two different topics although the latter is because of the former. I'm interested in the topic as well and I'm currently looking at different options. SAP provides a BAdI for the digital signature API which can be used for external authentication but they do not provide the solution to invoke Kerberos authentication based on username and password. SAP provides a semi solution with NWSSO 2.0 SP2 which works only on Windows with classic dynpros meaning SAP GUI for Windows is assumed. The solution is based on an ActiveX component which does the actual Kerberos authentication using the Secure Login Client which is part of the NWSSO suite. Extending that implementation to non-Windows and non-GUI applications would require some sort of web enabled service that could be used to authenticate the user with username and password. In case authentication is successful, a Kerberos token would be returned to SAP which would then be validated. All the required pieces are there since SAP has Kerberos support now in both stacks of the NetWeaver Application Server, some bits are still missing though which leaves customers looking at 3rd party or custom solutions.

• Convert a web service which has userid/password hard coded......

  Hi,
  We have created a web service in our ECC 5.0 abap system. In SICF we hardcoded the userid/password, the web service works fine and can be called successfully to read the required data from SAP.
  Now we wish to change the process so that the users calling the web service have to pass their userid/password, now things don't work!!
  How do we change things around to the new format?
  Options we are considering are as follows:
  1) Change the function module so that it has import parameters of userid and password (don't think this will work!)
  2) Somehow update the wsdl file so that it includes userid/password, is this possible?
  3) SICF/wsconfig/wsadmin config, but don't know what to do though!!
  Any ideas anyone?
  Thanks.

  > Now we wish to change the process so that the users calling the web service have to pass their userid/password
  1. Do you want to have authorize access to webservice or,
  2. do you want to user supply user/password as a parameter within service.
  for 1st you don't have to do anything just goto SOAMANAGER transaction and select basic http authentication for service endpoint. Every user who want to access (even url of wsdl) need to supply user/password.
  for 2nd option you can integrate user/password field in FM but you need to include code which check and confirm if they are valid credential.
  Regards,
  gourav

• How to hide Dynamic Parameter userid/password prompts on infoview

  Hi,
  I want to hide Userid/password for each dynamic parameter, which gets prompts while refreshing or scheduling a report
  I do enter userid and password at CMC->database level but when report has dynamic parameter it still does prompts for each parameter.
  Please advise.
  Megha

  I tried what you suggested..
  Well I run into different error now while refreshing report suing dynamic prompt.
  Error says 'List of Values failure: fail to get values.[Cause of error:Failed to the connetion.ProductName]
  ProductName is my dynamic Parameter.
  Please advise.
  thanks
  Megha

• What are the userid,password, and host name for oracle 9i?

  HI Guys.
  I am a research student at the University and the I recently downloaded Oracle 9i for my research. But the problems is also with seting it up. Please could you show me the userid, password, and host name for oracle 9i.
  Thanks in advance for your cooperations.
  Malinga R
  [email protected]

  I believe that starting with 9.2, you have to specify different passwords when you install (can't be the default).
  Justin

• Dynamic UserID/Password for file Adapter

  Hi,
  How to use dynamic UserId/Password for file adapter ?
  (Sender/Receiver)
  In our case the Id/Pwd of FTP Site changes freguently.
  Can anyone help.
  Thanks in Advance
  Regards
  Chemmanz

  Hi Chemmanz,
  >>>>In our case the Id/Pwd of FTP Site changes freguently.
  but do you have those passwords in the message payload?
  if not then you will still have to fill it somewhere right?
  BTW
  the only way would be to use java proxies and write a simple ftp adapter inside it (or your own adapter)
  but this is not possible in standard I believe
  Regards,
  michal

• How can we hide userid & password from browser

  How can we hide the userid,password and connectionstring from the address bar of explorer when we run 9i forms on browser

  Ok - I have 9.0.4 and I want to disable this hiding of password, as I have the follwing problem: Forms creates a temporary local file which contains javascript. Per default in xp service pack 2 it is not allowed to run javascript from local file. Is there any parameter in webforms.cfg to disabel the creation of this temporary file?

• UserId/Password Not Given-expected to run SQL Plus

  So that we may better diagnose DOWNLOAD problems, please provide the following information.
  I downloaded Oracle 9i and I'm trying to run SQL Plus and its asking me for a userid, password and a host string. I don't know what the userid, password or host string would be. I wanted to see how I like Oracle for a database and just wanted to enter some SQL.
  How will I know what the userid, password, host string would be?
  - Server name = none
  - Filename = none
  - Date/Time 2/8/02
  - Browser + Version = Internet Explorer
  - O/S + Version = Windows 20000
  - Error Msg = invalid userid/password

  could you please suggest what could be the reasonYou are running Oracle on an unsupported operating system (Vista Home premium). You either need to change the OS or use the package meant for Windows Vista.
  http://www.oracle.com/technology/software/products/database/oracle10g/htdocs/10203vista.html

• Why are errors for password validation in struts 1.2.4 not being displayed

  I have the following in my validation.xml file
  <field property="passwordconfirm"
  depends="required">
  <arg0 key="registration.passwordconfirm"/>
  </field>
  In my jsp I have the following
  Password Confirm<html:password property="passwordconfirm" size="10" />
       <html:errors property="passwordconfirm"/>
  In my ApplicationResources.properties file I have the following
  errors.required={0} is required.
  registration.firstname = First name
  registration.passwordconfim= Password
  Other text fields work fine i.e. the errors are shown

  sorry this should read why no errors shown for password validation in struts 1.2.4.

• Userid/password in a popup dialog box?

  When I sign on to the forums today either on an iPhone or Firefox in windows, I'm getting a popup box to enter userid/password instead of the usual Oracle single sign on page.
  Is this something new?

  Seems to be a feature :-) Has happened many times before - it is typically corrected within a few hours
  Where's my handle?
  Handle not working
  HTH
  Srini

• Custom password validation

  hi,
  I am trying to write a custom java file for password validation. when we load it and compile using adadmin the class file is not getting generated.
  also, i would like to know how to customize the message that appears.
  example PASSWORD-INVALID. I would like to use explanatory message. Where do i define these strings.
  package oracle.apps.fnd.security;
  import oracle.apps.fnd.common.VersionInfo;
  // Referenced classes of package oracle.apps.fnd.security:
  // PasswordValidation
  public class AppsPasswordValidationCUS
  implements PasswordValidation
  public String getErrorStackApplicationName()
  return "FND";
  public String getErrorStackMessageName()
  return m_errorStackMessageName;
  public boolean validate(String username, String password)
  if(password ==null || password.length() == 0 || username == null || username.length() == 0)
  m_errorStackMessageName = "PASSWORD-INVALID";
  return false;
  if(password.length() < 6)
  m_errorStackMessageName = "PASSWORD-INVALID-LENGTH";
  return false;
  if(!validateLettersAndDigits(password))
  m_errorStackMessageName = "PASSWORD-INVALID-LETTER-NUMBER";
  return false;
  if(!validateNoUsername(username, password))
  m_errorStackMessageName = "PASSWORD-INVALID-USERNAME";
  return false;
  if(!validateNoRepeats(password))
  m_errorStackMessageName = "PASSWORD-INVALID-REPEATS";
  return false;
  return true;
  private boolean validateLettersAndDigits(String p_password)
  boolean flag = false;
  boolean flag1 = false;
  for(int i = 0; i < p_password.length(); i++)
  if(Character.isLetter(p_password.charAt(i)))
  flag = true;
  if(Character.isDigit(p_password.charAt(i)))
  flag1 = true;
  return flag && flag1;
  private boolean validateNoUsername(String p_username, String p_password)
  return p_password.toUpperCase().indexOf(p_username.toUpperCase()) == -1;
  private boolean validateNoRepeats(String p_password)
  for(int i = 1; i < p_password.length(); i++)
  if(p_password.charAt(i) == p_password.charAt(i - 1))
  return false;
  return true;
  private String m_errorStackMessageName;
  }

  Hi Colin,
  We are able to update the password in OIM user profile now. However, after the process is done in java code, it is not redirecting to OAM Password change success page which will have a Back button. Also, we are seeing a Bug Report form page with the content given below:
  Bug Report Form
  An error has occurred while executing the application.
  Your browser doesn't support sending mail automatically!
  Please send E-Mail to <a =""></a> with the following information:
  Your Name
  Organization
  E-Mail Address
  Phone Number
  Comment
  Make sure to append the following traceback in the mail.
  Traceback Traceback is unavailable.
  Product Lost Password ManagementVersion
  Platform Linux
  Any clue as when we will witness this?
  -Mahendra.

• Bringing back an old password validation rule

  Good afternoon
  On our old 4.6C system, there was a password validation rule that stated the first three characters of the password cannot occur in the same order in the user ID. This rule was removed when we upgraded to ECC 6.0
  While the users hated that rule, that rule was a SOX requirement at our company and I would like to have it back. Before I resort to programming user exits, is there a way to reactivate or at least simulate that rule? I cannot use USR40 because not only does it effect all users on the system, it only works on the second logon and not at validation time.
  If programming user exits like EXIT_SAPLSUSF_001 is my only option, where can I get the password at logon time? From my understanding, SAP does not store this in a system value or even a global variable or table to prevent the recording of passwords. While this is a valid security reason, it would solve the resurrection of this password role through programming.
  Please advise.
  Kind Regards
  Moggie

  Hi Moggie,
  > Pending the result of the contract programmer's research, placing a 3 character prefix of each new user ID in table USR40 is looking like the best option, though I do hate to place that kind of check for all user IDS when only one ID really needs that validation rule.
  A problem with that will soon arise when you have for example 10000 user ID's and want the users to have the opportunity to use strong pass-phrases (not just pass-words). Additionally, the passwords are now case-sensitive but the user ID is not. A pass-phrase for users such as "The_D0g_&_Cat_r_FAT" would go undetected even if you have any "THERON's" in the system, but why should it not be allowed? It's a good one!
  Users will soon notice that only passwords which are very cryptic can be used, and they will start writing them down on Post-It's.
  While that is going on... the "real sinners" who dish out weak or the same initial / reset passwords (like "INIT1234") or administrate the users for whom passwords don't change (like "RFC4PROD") will not have any further "idiot-proof" controls as it is only a warning, which is intentional.
  > If the passwords are cycled regularly, adhere to profile values in the instance that encourage strict password rules, and are kept private and secure, it is not a compliance issue to the auditors.
  There you have it. 
  Tell them that. Even if they do use the first 3 bname characters as the first 3 CAPS_ON password characters, they won't be able to do it for long anyway if the password rules are appropriate...
  Incase you are not aware of it, please also take a look at (and search here and SAP notes for) infos about instance parameter login/password_compliance_to_current_policy (e.g. SAP Note 862989). With appropriate minimum password rules (not overkilled - because the system must still be able to generate compliant wizard-passwords!), you will catch the bigger risks than any one 'BSM?????'s in there somewhere....
  Cheers,
  Julius

• Extend WL Authentication Provider Password Validation

  Hi folks
  I'm looking for any advice on how to extend the OOB password validation that is available and documented here:
  http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/atn.html#wp1212100
  Specifically we'd like to test whether the desired password has been used in the last 8 they've used and also to enforce that it expire after x days. Any pointers would be much appreciated.
  Thanks,
  Paul

  1- How can an authentication provider supports password validation providers ?
  We decided to make our own authentication provider so I doubt we support it
  Yes, your custom authentication provider will not support it.
  2- How it is suppose to work ?
  Now, when a user change his password (or any of his attributes), we call a stored procedure (DB) which updates the user table ...
  The way I see it, the web application should call the password validation provider before (or instead and then the provider will call the stored procedure)
  Have u configured the a databse authenticator? Looks like you are modifying the password in the database directly ( using stored procedures) so Password Validator will not come in picture at all.

• Anybody done USERID/PASSWORD authentication against aWindows NT Domain

  I think I'll have to write a C++ Program to the WinNT API to do it
  (LogonUser). Then I'll wrap it with a service object for authentication. Has
  it been done before? Or something similar? We want to validate users against
  a WindowsNT Server DOMAIN.
  -martin ([email protected])

  Hi Martin & All,
  Yes you are right, wrap the API in C++/C then write a PEX file for interface to Fort&eacute; and use the method to invoke the WinNT API authentication. Do not forget to validate the return values from the methods. They are very crucial in handling exceptions etc., in forte.
  I've done the same to provide the mail user authentication in MAPI API wrapper for Fort&eacute;.
  Is this what you looking for????
  Regards,
  Sivaram S Ghorakavi mailto:[email protected]
  International Business Corporation http://www.ibcweb.com/
  From: Martin G Nystrom
  Sent: Wednesday, November 26, 1997 1:53 PM
  To: [email protected]
  Subject: Anybody done USERID/PASSWORD authentication against a Windows NTDomain?
  I think I'll have to write a C++ Program to the WinNT API to do it
  (LogonUser). Then I'll wrap it with a service object for authentication. Has
  it been done before? Or something similar? We want to validate users against
  a WindowsNT Server DOMAIN.
  -martin ([email protected])

• Chang system userid/password for another server instance

  It it possible to change the system userid/password for another server
  instance. If so , how ?
  I would like to allow certain groups to be able to start and stop ONLY their
  server without giving out the system account.
  Thanks in advance!

  the relationship between the infrastructure nodes and the application server nodes is a one to many relationship. The infrastructure home should be the only home that the EMWebsite service has been started for.
  the user to log in to em console is ias_admin/<password> if it does not accept the password that you set for this user then try it with caps lock on as you may have had it one when setting the password.
  As 9ias release 2 has been designed with a multiple machine install in mind, if you install more than one instance (multiple oracle homes) on the server then you will end up with multiple apache processes and oc4j processes. This means you will be able to connect to 2 apache server homepages under different ports. That is why you get the same page.