Initial password change.. Urgent Please?

Similar Messages

• SAP ABAP/BOBJ Infoview initial password change

  Hi all,
  We are using BOBJ Crystal Repors and BI for reporting. All authentication and data security is working great including user/role sync from ABAP stack.
  My problem is as follows - Say I reset the initial password in the ABAP side for a user id. I log into BOBJ Infoview and the new inital password syncs as expected. However.....the infoview does not promt for the user to change the initial password as the ABAP side or portal would. Now the user maintains the initial password the admin set. Again, our portal or ABAP system forces the user to change the initial password but I can't seem to have the infoview do the same.
  Any guidance would be greatly appreciated.
  Thanks!
  SAP BI - Netweaver 2004 S
  BOBJ Enterprise XI 3.1 
  SAP Integration Kit
  Crystal 2008 (12.2.0.29)

  I believe this note pertains to your issue:
  1319430 - SAP Users not prompted to change their passwords    
  Version   1     Validity: 03/18/2009 - active   
  Language   English 
  Edit Show change log 
  Content:    Summary   |   Header Data   |   References   |   Product
  Symptom
  When the SAP system has a new user set to change their password on the initial login and the user attempts to log into Infoview using the SAP integration kit the user is not prompted to change their password.
  Reproducing the Issue
  When SAP system has a new user set to change password on initial login and user attempts to log into Infoview using SAP integration kit the user is not prompted to change password.
  Cause
  This occurs because, as with other 3rd party integration solutions, we do not write to the authentication system but only read the information that is there. Thus we are unable to "CHANGE" an SAP password.
  Resolution
  Have a new user access the SAP GUI or another SAP utility before accessing InfoView for the first time.
  Keywords
  SAP PASSWORD RESET NEW USER

• Initial password change requested with SSO

  Hi all,
  we have well working SSO with EP6 SP2 and standalone ITS. SSO is based on SAP logon ticket. Only one annoying thing appears.
  If a new user is created in SAP R/3, ITS asks for changing of password.
  Does it mean that the user must initially (and later again according to password policy) change the password although we do not use direct access to R/3? If no password change should be required with SSO, how to solve this issue?
  EP6 SP2 P4 HF8
  ITS 6.2 PL14
  R/3 4.7
  Thanks in advance for any good idea.
  Pavol

  Hello,
  We are on a very similar setup as above:
  EP 6.0 SP12 with ITS.
  What we are seeing is that the initial password dialog comes up but there is only the input fields but no "Submit" or "Change" buttons. In summary, new users are not able to change their password through the Portal.
  Any ideas why this might be happening?
  Thanks,
  Siva.

• Problem with a user-password request, urgent please!!

  Hi all!!
  I´m consuming a WS on XI with a Web Dynpro ABAP. When I execute the proccess I get an error, because is necessary to introduce an user and password in a popup to access XI.
  How can I avoid this request??

  In addition to SSO to connect to XI,
  you can also look at PROXies.
  See transaction SPROXY.
  Proxies to Interfaces on XI can be generated on the ABAP stack. Using SPROXY.
  The genrated ABAP classes can be called from your WDA application.
  System users are registered for the connection between stacks.
  See XI post installation Guide for more details.
  So you have a couple of alternatives.
  But we strongly recommend you dont use URLs to pass passwords.
  If the password must be sent with the SOAP call, speak to you XI consultant about
  passwords inside the payload / message header and use HTTPS to do the SOAP call.
  regards
  Phil

• Prompt to change initial password

  Do you know if it is possible to have a prompt to change initial password on GDS console login?
  How can it be implemented?
  Thank you

  Hi,
  I think,  it is possible to prompt User to change initial password on login.
  Please go through [this link|http://help.sap.com/saphelp_gds20/helpdata/EN/45/1104685aa66cbfe10000000a114a6b/frameset.htm] for more details about User Management in GDS (in the "adding a new User" Section it is clearly mentioned that new user is required to change the password at first login. )
  Hope this helps.
  Regards,
  Shiv

• CUA environment - changing the initial password of a user.

  Hi Gurus,
  I've encounter a perculiar issue when I assign an initial password to a user.
  My system setup is based on CUA where my Central admin is client 100, with child client 200.
  - I create an ID in client 100, set it to system 200, set initial password as "passW0rd". Save
  - The ID was created in 200
  - Logged in Client 100 using ID and "passW0rd", prompted for new password (i canceled the login)
  - When back to client 100 CUA, in SU01 I select ID and click "EDIT", under the logon data I retype the initial password to "P4ssword"
  - checked SCUL, it's green and user change
  - Logged in Client 100 using ID and "P4ssword", error in password
  - tried the old "passW0rd", prompted for new password.
  I puzzled why the CUA did not redistribute the changed initial password to client 200, another can any ideas?
  I also tried SU01 and click "reset password" button instead of "edit", the changed password was able to distributed to client 200.
  By password change is ok this way or not ok if change within edit mode?
  Thanks,
  Jansen

  Hi Sergo, 
  Yes I realise the "change password" works but for my case I cannot use that function. Any other suggestions. Cos by right even if I were to change in the logon data it should work right?
  Hi Juan,
  Yes I've checked, the IDOCs are in and successful.

• SAP  Portal  unable to recognize  AD requirement to change initial password

  Hi,
  We configured Active Directory server (2008 R2) as UME for SAP Portal (Netweaver 7.01  SP7).  We matched as many of the security parameters as possible* (ex.  minimum password length, require one number in password, etc.).  The AD parameter "User must change password at Next logon" is set ON.  However, upon attempt to login to SAP Portal with the initial password that was set in AD we are not prompted to change the password.  Rather, the SAP Portal logon attempt fails with message:  "Authentication Denied"
  Has anyone dealt with this problem before?
  Other information: 
  *Our MarketPlace researched indicated that the SAP Portal parameter "ume.ldap.security_policy.password_change_required" (which would correspond to the AD parameter mentioned above) is no longer an available parameter for our SAP Portal version (Netweaver 7.01  SP7).
  In our version of SAP Portal, the AD parameter "User must change password at Next logon" has one parameter which is similar, but does not directly correspond.  The SAP Portal parameter which we do have is "No password change required".  Notice this is the logical opposite of the AD parameter:  AD says to require the password, whereas SAP Portal says it's NOT required.  Therefore, when the AD parameter is set to ON, this results in the Portal parameter being set to OFF.  Even still, we face the login failure.

  You have to note here that implementing SAP IDM is only ONE of the possible options you have. The implementation of IDM in itself is a huge undertaking because of the number of systems and the decision making process involved with it.
  In one of my previous implementations, when SAP IDM was not around, we had Tivoli Access Management tools which took care of the password problems.
  even though we implement IDM and deploy IDM UI on Portal , still user should change password before it expires on AD right ?
  Even with IDM in place, user will not be able to login to SAP portal with an expired AD password. However, in our case, we provide a link on the logon page of SAP portal to the IDM password self service application which will allow the user to change the password.
  Does IDM has any feature like sending notifications before password expiration period ?
  I don't think it does - however I have not explored this option in IDM since most of our users do not have email addresses and we cannot send a reminder. You should be able to create a task (with some customization) in IDM to achieve this.
  Also will the IDM implementation help us in creating users with option "User should change password at next logon" on AD ?
  Yes - IDM does create users with option "User should change password at next logon" in AD.
  With IDM in place and tied to AD, it should be the central place of creating users. It is recommended NOT to create or manipulate the users in any target systems (SAP, AD, etc). IDM should be taking care of all the user provisioning activities.
  is this like a work around to allow users to change password from Portal before it gets expired on Active Directory(AD) ?
  This is not a work around - it is rather a full blown identity management solution for all your company needs.
  You will get a lot of your IDM specific questions answered in the Identity Management forum.
  Thanks,
  Shanti

• Problems in Changing LDAP (AD) Initial Password from Portal

  Hello ,
  We are using EP 7.01 SP 05 with Microsoft AD as our user data store (flat structure).
  For newly created users on AD, we are wanting them to be able to change their initial passwords from portal (on their first logon).
  SSL is set up between EP and AD.
  The user we are using to access LDAP has write privileges.
  We are using a standard configuration file (writeable version) (dataSourceConfiguration_ads_writeable_db.xml)
  We are able to modify users from User Administration console (including password change) without any problem.
  However, there are two problems we are facing:
  1. If the flag "User must change password at first logon" is set on AD/LDAP, then on Portal the user is not getting prompted for changing password - and User authentication failed
  2. If the flag "User must change password at first logon" is NOT set on AD/LDAP, then - User is getting prompted to change the password" - however password change is not going through successfully - Error says - "Missing".
  From logs I can see the following error:
  #1.5#0050568767DE006B0000000700005D7C00048EC433D5B0FC#1282873241046#com.sap.security.core.persistence#sap.com/irj#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=64495]#Guest#0#SAP J2EE Engine JTA Transaction : [044ffffffd35700451]#n/a##19ae55e0b17c11dfb0d00050568767de#SAPEngine_Application_Thread[impl:3]_23##0#0#Error##Java###Can not change password
  [EXCEPTION]
  {0}#1#javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, \#1:
  0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
  ]; remaining name 'cn=portal test'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2943)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2749)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1449)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
  Can any one pls suggest what is this error about and what I am missing.
  Thanks ,
  Shanti

  Hello All,
  Thank you for your time and valuable replies.
  I got rid of the "Missing" error and now I am one step away from the solution.
  Now I am at a stage where: (for a user with initial password on LDAP)
  1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
  2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
  I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
  However, when and administrator can change passwords from UME successfully without any problem - it means that:
  - Security policy is being met
  - Service user used to communicate to LDAP has all the required access
  The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
  According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
  Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
  So, I have tried setting the following without any success:
  <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
  <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
  Thanks,
  Shanti

• Dear Friends...... I have an ipad 2 32gb with wifi and 3g enabled sim..... i bought it second hand .... and now if am going to download any games it is showing me an email id and asking for its password... please guide me how can i change this setting

  Dear Friends...... I have an ipad 2 32gb with wifi and 3g enabled sim..... i bought it second hand .... and now if am going to download any games it is showing me an email id and asking for its password... please guide me how can i change this setting to my email id and password

  Tap on the id in Settings > Store and log out of it and then login with your id. Any content already on the iPad will be tied to the previous owner's id and it can't be copied or transferred to your id - so it's probably best to do restore the iPad back to factory defaults and start as from new with it : Settings > General > Reset > Erase All Contents And Settings

• Changing initial password on CompanyPortal

  Hi experts,
  User calls the reports on the Intranet-Portal.
  I created a user just new.
  I thought by first login, system should ask to change Initial Password.
  If user make his/her first login over the Intranet portal, it does not ask to change the initial password.
  Do you know how to set up this ?
  Thanks.

  I think you would be using the same userid for all the applications in the intranet.
  if you are resetting the password, then you have to follow the same password in other applications in the intranet...
  i think, this is not practice to change/reset the password always in the intranet portal.
  I am not sure, how much feasible it is..
  Hope this would help you.

• HT204409 How do I change or reset my password for my wifi? I have forgotten my initial password when I setup the wifi and now cant use it with my iPod but it still works with my iPad as the password option doesn't come up like the iPod.

  How do I change or reset my password for my wifi? I have forgotten my initial password when I setup the wifi and now cant use it with my iPod but it still works with my iPad as the password option doesn't come up like the iPod.

  If you are saying that the iPod asks for the password for the network and you do not know it, what may work is to turn on iCloud keychain for the iPod and iPad., Thet may sync the password from the iPad to the iPod
  http://9to5mac.com/2013/10/26/how-to-setup-and-use-icloud-keychain-for-mavericks -and-ios-7/
  Otherwise you will have to go into the router settings and reset the wifi password in the router

• When I boot into Win7 I see the windows boot up logo, the. I see my mouse and the screen goes black! It goes black in the login screen, I type my password and I hear the login sound but when I press F2 the brightness won't change! Please help!!!

  When I boot into Win7 I see the windows boot up logo, the. I see my mouse and the screen goes black! It goes black in the login screen, I type my password and I hear the login sound but when I press F2 the brightness won't change! Please help!!!

  Hi Emma,
  Thank you for using Apple Support Communities. 
  I understand that your Thunderbolt display is just showing a black screen when you boot your computer. The following article should be of help in troubleshooting your display. 
  Apple computers: Troubleshooting issues with video on internal or external displays - Apple Support
  Cheers, 
  Jeff D. 

• TMSADM: Initial password expired

  Dear community,
  I've a urgent question, because the SAP support hasn't answered yet and I have got to fix the problem.
  Because of security reasons we changed the following instance Parameters:
  login/password_max_new_valid = 1 (The initial password of new users is only valid on the day of creation)
  login/password_max_reset_valid = 1 (The initial password of an reseted user account is only valid on the day of change)
  Now we have an problem with our Transport Management System (STMS) and the used communication user TMSADM. One day after the change of the parmters we always got an login prompt when we wanted to see the import queue of the systems in transaction STMS. When I start a authority-check in transaction SM59 for the RFC [email protected]_SID Iget the error "The initial password has expired; request a new one".
  Now comes my question. Does anyone know how to fix the problem? I havn't found any solution in the SAP Service Marketplace and the SAP Support only wrote me that I should check the note 761637 and 713622, which don't fit exactly to my problem.
  I'm searching now for an possibility to set an password for an communication or CPIC user. When I set an password in SU01 I can only set an initial password. So does anyone knows how to do? E.g.: when I have an dialog user i can change the password at startup, but how can I change it at an communication user?
  Another posibilty is to run the check of the initialpassword not for the user TMSADM. Is this possible and if yes who can me tell how?
  Please help me, I'm in urgent trouble, because me colleagues are angry about this result of changement.
  Many thanks in advance.
  Michael

  I don't think that it is an good idea to change the password on the database. The values are only saved as hash-values and so it is not possible.
  Further I found a solution on my own to fix the problem. I changed the user type from communiction to dialog and so I set the password in the dialog screen at login.
  After that I changed the user type to communication aggain.
  It works. I've just tested it and the next days I will take the change for our productive system.
  Bye

• How to implement Force password change during authentication

  Description of problem
  Our client requires web applications to support its internal security policy beyond
  normal authentication. This includes:
  - force password change periodically. This should be performed at logon time.
  - maintain password history so that a new password would not repeat any of its
  previous 15 changes.
  We already have an authentication server that satisfy these requirements. However,
  we would also like to base our solution on WebLogic security framework so that
  we can leverage the benefit of the container-managed declarative security (e.g.
  we don't need to use our special cookie to check whether a user is authenticated
  for every web page in the application). So the best scenario for us is to wrap
  up this authentication server using WLS 7.0 authentication SSPI.
  My initial investigation of WLS 7.0 security framework (based on edocs and the
  sample customer security provider codes) convinced me that overall, this is achievable.
  However, I am still left with quite a few questions, which I would like to get
  your help.
  Questions:
  1. (web container) The J2EE-standard container-based authentication is to specify
  <login-config> element. My understanding is that only FORM based authentication
  is applicable. The specified form elements:
  <form method="post" action="j_security_check">
  <INPUT TYPE="TEXT" NAME="j_username">
  <INPUT TYPE= "password" NAME="j_password">
  </form>
  is adequate for authentication. However, if the authentication service provider
  indicates that password change is needed, what would be the most appropriate way
  within WebLogic for the authentication service provider to pass such a flag to
  the web container know so that our application can access it? I guess, a simpler
  question, would be, using the standard <login-config>, webapp knows only about
  authentication fails or succeeds. Can it possibly know more information provided
  by the authentication service provider right after authentication?
  2) If we don't use standard FORM-based authentication, we will code up our own
  authentication control, which could give us a lot more flexibility, but can we
  then bind our Subject obtained through our authentication control to the WebLogic
  Subject that is running the webapp.
  3) (Authentication service provider) Our design is for the custom LoginModule
  to delegate login calls to the authentication server, and throws more refined
  exceptions such as: FailedLoginException, PasswordExpiredException, UserAccountLockedException
  (all subclassed from LoginException). Another approach is to provide detailed
  information such as password expired in callbacks. Either way, when Authentication
  service provider returns, how our web application can access this refined flag
  of authentication result.
  4) Can our customer authentication service provider use DataSource defined in
  a weblogic server? I ask this question because DataSource itself is a protected
  resource of WebLogic. Will referencing it during authentication initiate another
  authentication cycle?
  Can anyone who has experienced similar requirements and worked solutions please
  give me a hint? I appreciate your guidance.
  regards
  Licheng

  "Licheng" == Licheng <[email protected]> writes:
  Licheng> Description of problem
  Licheng> Our client requires web applications to support its internal security policy beyond
  Licheng> normal authentication. This includes:
  Licheng> - force password change periodically. This should be performed at logon time.
  Licheng> - maintain password history so that a new password would not repeat any of its
  Licheng> previous 15 changes.
  Licheng> ..
  Licheng> We already have an authentication server that satisfy these requirements. However,
  Licheng> we would also like to base our solution on WebLogic security framework so that
  Licheng> we can leverage the benefit of the container-managed declarative security (e.g.
  Licheng> we don't need to use our special cookie to check whether a user is authenticated
  Licheng> for every web page in the application). So the best scenario for us is to wrap
  Licheng> up this authentication server using WLS 7.0 authentication SSPI.
  I believe it's impractical to fit the requirement of forcing a password change
  into the standard JAAS interface.
  I think the only practical way to do this is to implement a servlet filter that
  reads the persistent record of the logged-in user to check for a "force change
  password flag". If it finds this, the servlet filter will forward to a page to
  change your password. Note that the servlet filter may be hit again when
  trying to get to the change password page, so it needs to know to not do the
  check in that case.
  If you implement this, I would strongly urge you to softcode the "change
  password" page URL in your system configuration, and not hardcode it in the
  servlet filter.
  ===================================================================
  David M. Karr ; Java/J2EE/XML/Unix/C++
  [email protected] ; SCJP; SCWCD

• [Initial Password] CUA vs IdM

  Hi,
  Please correct me if I am wrong: when the CUA cha,ges to password in the child systems, they are set as initial. It means that, on the first logon, the user has to change it.
  Is there a possibility for IdM to set "definitive" password. It seems so to me after reading
  |                     |        CUA        |  Identity Management       |
  | Password management | Initial passwords | yes incl. workflow support |
  in https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/7037d982-40aa-2a10-e283-a76a9dfc93ab, page 29
  Thanks in advance.
  Best regards,
  Guillaume

  IdM can only do what SAP permits.  Depending on how one is authenticating determines the password policy.  An initial password, an expired password and a password reset by an administrator all set the same flag.  The user must change their password on next logon.  The only way around this to write directly to the db with SAP's hash.  A terrible idea and a big security risk. 
  UME uses a delegated model so the password policy depends on what you are authenticating against.  This question is normally asked because a company wants to do password synchronization; one is better off doing SSO.