Portal User Locked Hourly ..

Similar Messages

• Continuous Portal User Locking

  Hi Experts
  We are experiencing a problem where the Portal Users are continuously locking themselves when accessing Travel Management.
  There doesn't seem to be any valid reason for this and we can't even replicate the problem consistently to try and determine where the problem may lie.
  Has anybody else experienced this?
  Is there maybe a SAP Note that I can't find which may fix the problem?
  Any help and advice will be appreciated, thanks.
  Anton

  Hi Anton
  Our developers corrected the application with OSS note 1466697 for WD ABAP with application of "dirty flag" but there were rendering corrections released for work protect mode  - "work protect JS" in the new UR library
  1543743
  1543744
  I'm not WD ABAP expert but I believe this works using wdr_test_portal_workprotect - I searched for similar issue and one other thing to check is the following as otherwise not adhering to following rules can cause issue with locking and navigation.
  - Both, the Portal URL and the Web Dynpro ABAP URL need to be URLs with
  a fully qualified domain name, ending with a common part of the fully
  qualified domain name.
  Fully Qualified Domain Names (FQDN): http://help.sap.
  com/saphelp_nw70/helpdata/EN/67/be9442572e1231e10000000a1550b0/frameset.
  htm
  - Web Dynpro ABAP is integrated in a Web Dynpro ABAP iView, and must not
  be integrated in a URL iView
  Creating Web Dynpro ABAP iViews: http://help.sap.
  com/saphelp_nw70/helpdata/EN/1d/e4a34273f60b31e10000000a1550b0/frameset.
  htm

• WAS Portal User locked - Due to bad logon

  Hi,
  Is it possible to adjust user's bad logon attemp in WAS portal 6.4?
  If a user enter wrong password more than three time, the system locked that user. It happened three times to admin user. We activated SAP* and unlocked the user.
  If any one knows like how to increase the number of wrong password attempt...it would be great. 
  Thanks,

  Hi,
  For increasing the logon attempts, you have to follow below steps:
  Step 1: Go to <Driver>:\usr\sap\<System ID>\JCxx\j2ee\configtool --> Configtool.bat
  ex: <b>C:\usr\sap\Y76\JC03\j2ee\configtool --> Configtool.bat</b>
  Step 2: <b>cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service</b>
  select property : "<b>ume.logon.security_policy.lock_after_invalid_attempts</b> = < <b>Enter Number</b>>"
  ex: ume.logon.security_policy.lock_after_invalid_attempts = 6
  Step 3: save
  Step 4: Restart the Engine.

• Portal User Locked

  Hi Paul,
  I have the same problem as reported by Vikas. I have a user called "test2" who is locked out due to login failures.
  When I click on the link you have provided to get more info, I get the "Server not found" message. Could you please forward me the information ?
  Thanks
  -Virinder.

  Hi Paul,
  Thanks for the input. I ran the ssounlck.sql script but I cannot still login. I get the message "Your username has been locked out from this IP address".
  Here are my settings from Login Server's Account Lock Policy:
  Global lockout duration: 1 days
  Lockout duration for one IP address: 15 mins
  Single Sign-On session duration: 24 hrs
  Do I have to change these settings to see the unlocking taking place today ? Also, what if I want the Global lockout duration to be less than 1 day ?
  Thanks for your help,
  -Virinder.

• Sync User Locks from LDAP(Microsoft AD) to Portal UME

  Hi All,
  Currently we have our Portal UME connected to LDAP (Microsoft AD) as our data source. I can bring up all Active Directory users in Portal, however the users that are locked and disabled in Active directory are still active in portal. To be more clear the expiration date of a userid in AD does not sync with Portal UME account expiration date. Is there a way to bring in the expiration value in to portal?
  Regards,
  Junaid

  Config tool may not have expiry date as mapping in Additional LDAP prop tab, you may need to look for configuration file where you can map the logical attribute to the LDAP.
  Licensing impact depends on your contract with SAP.
  However you can check portal users with USMM at the end of URL.
  E.g.
  remove 'irj/portal' from your initial portal link and add 'usmm'

• If user locked (backend) then from portal i m not able to send data

  If user locked (backend) then from portal i m not able to send data
  both user are same in front end and backend.
  But once user is unlocked i am able to send data from portal to backend...
  Regards
  Ruturaj

  Hi
  Since you are in CUA landscape(as u said portal and r3 user are same) unless and utill you unlock it data will not be process.
  [Help|What's the right user to access;
  BR
  Satish Kumar

• Method of fetching Account status and user locked date in Portal.

  Hi,
  Can anyone suggest me the method name  in UME API in Sap Ep for fetching User Account Status and Last User Locked Date. Or suggest a related code for it.
  user database is LDAP.
  Thanks

  Hi Abhai,
  The class (actually Interface) you're looking for is IUserAccount. You can get this from the IUser by using the method getUserAccounts().
  The IUserAccount provides all sort of methods like lockDate(), isLocked(), getLockReason().
  See more in https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/library/ep/_d-f/ep%206.0%20sp2%20usermanagement%20public%20api
  Best regards,
  Amit

• Users locks during portal application

  There are two back buttons on the portal application
    - one on the transaction
    - one in the top right corner of the screen.
  When the user is in the middle of a transaction and uses the back button located on the transaction level to back out of the transaction, any locks in SAP are correctly backed out; however, if they use the Back button located in top right of the portal screen, the users locks up within SAP.  Whenever this locking occurs, the only way we have found to get through it is to have their SAP sessions manually killed or they have to wait 30 minutes for the transaction to release in SAP - obviously, neither of these are acceptable solutions. 
  I'm hoping that there is a setting that we can use to force a cancel of the transaction in SAP when the user performs either of these scenarios.
  Can anyone propose a solution to address this issue?

  Hi,
  Pls check in the system Admin->Monitoring I think we can find in this.
  Or try to check in User Admin->Keystore admin
  Regards
  Lekha

• How to Restrict same portal user from other node

  Hi
  In my application, we charge customers for each portal user logins. But, i found that, they can share same user logins amongs number of people.
  I don't want to allow the same portal user login into the application if that user is already logged in and it's session is still active.
  Here is the Scenario :
  User A is logged in to the portal from terminal AA. Now, User A agin tries to logg in to the portal from terminal BB. I don't wnat to allow user A to log in from terminal BB bcuz user A has active session from terminal AA.
  Can anyone know how to implement this??
  thanks in advance.
  Srini

  Hi Srini!
  We have solved this problem with our own login portlet. Before the final login we've got to check (from the certain table) how many logins there are currently with that username.
  But there is a problem. If the user closes the browser without logoff, the session remains active. There is a cleanup job, which removes those session in some hours. Still it is not very elegant.
  Regards,
  Jari

• How to force logout of portal user

  Hi all,
  we're currently facing trouble with portal users being "locked" in the portal. They are not locked in the ume sense, but when trying to logon they are only able to see navigation framework, and no content. The only content we're using in the portal is MSS/ESS, so the content we're trying to load is from R/3.
  My idea is to manually log out the user in trubble from the portal.
  Now; I can see see active http_sessions using the telnet Administrator session, but I can't find a way to force logout a user. Can anyone please tell me how to?
  We're using Portal SP11, and ESS/MSS SP7.
  I'm thankful for all input! Points will be handed out of course.
  Kind regards,
  Andreas

  hi,
     Try this code.This might help you.
  IPortalComponentRequest request=(IPortalComponentRequest) this.getRequest();
            IAuthentication Authen = UMFactory.getAuthenticator();
  HttpServletRequest req = request.getServletRequest();
  HttpServletResponse res = request.getServletResponse(true);
  //logoff user from Portal
  Authen.forceLogoffUser(req, res,"");
  The third argument is a string which is the redirection URL.
  Regards,
  Srinath

• Unlock portal users

  hello,
  did anyone try to write a webservice to unlock portal users ?
  I'll explain my situation:
  I want to add a button or a link in the loggon page (sap netweaver portal) . This should call a webservice that will unlock the user who locked himself by passing wrong passwords too many times.
  Let's not be worried about the sap system behind. All I am interested in is the sap netweaver portal.
  How can we do that?
  pleaasse help !!

  Hi Kranthi/Jhansi,
  Thanks for your response, am able to resolve the issue. I've awarded the points.
  Guys, here's the correct code for future reference.
  Layout: An input field for user ID and a button
  Context: Attribute -> UserID type string for UserID bind to the input field
  Code: In Action Method of button, wrote the following code:
  import com.sap.security.api.IUserAccount;
  import com.sap.security.api.IUserAccountFactory;
  import com.sap.security.api.UMException;
  import com.sap.security.api.UMFactory;
  public void onActionulock(com.sap.tc.webdynpro.progmodel.api.IWDCustomEvent wdEvent )
      //@@begin onActionulock(ServerEvent)
      IWDMessageManager msgMgr = wdComponentAPI.getMessageManager();
      IUserAccountFactory accntFactory = UMFactory.getUserAccountFactory();
      try {
            IUserAccount accnt = accntFactory.getUserAccountByLogonId(wdContext.currentContextElement().getUserID());
            IUserAccount mAccnt = accntFactory.getMutableUserAccount(accnt.getUniqueID());
            if (mAccnt.isPasswordLocked())
                 mAccnt.setLocked(false, IUserAccount.LOCKED_BY_ADMIN);
                 mAccnt.save();
                 mAccnt.commit();
                 msgMgr.reportSuccess("ID Unlocked Successfully");
            }else{
                 msgMgr.reportException("ID not locked",false);
       } catch (UMException e) {
            msgMgr.reportException(e.getMessage(), false);
      //@@end

• User locking at login failure

  I have set for user locking 30 minutes after 6 fail attempts, in both password and question logins. Anyway, I realize that there are 2 different treatments as below:
  1. when user fails to login with password after n times, user is locked for 30 minutes. User is unlocked correctly after 30 minutes.
  2. when user fails to login with questions after n times, user is locked for good!
  I don't understand why IdM treats both cases differently. Does anyone know how to treat the 2nd case just like the 1st case above?

  Hi,
  // check whether the user belongs to particular role
  IWDClientUser wduser = WDClientUser.getCurrentUser();
    IUser user= wduser.getSAPUser();
       IUserAccount userAcc=usr.getUserAccounts()[0];
  if(userACC.isMemberOfRole("",true)){
  //check
  For ref:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/security-and-identity-management/p-r/protecting%20access%20to%20the%20web%20dynpro%20car%20rental%20application%20using%20ume%20permissions.pdf
  Regards,
  Naga

• How to find out portal user from sso cookie ?

  Hi,
  I want to find out the portal user id from Portal30_sso cookie. It is required for security in my java servlet.
  Thanks
  Vikas

  First of all, you can't get anything from the portal30_sso cookie or the portal30 cookie or the SSO_ID cookie. These are cookies established for (1) The login server session; (2) The Portal session; (3) The login server single sign-on cookie - visible only to the login server.
  When you want to know who the current user is, you need to establish the context. If your servlet is standalone and not a partner application to the login server and it's not a portlet, etc., then what context does it have? What concept of users does it have? If you are really asking what Portal is currently logged on, that is still a loaded question. The user's browser could be accessing several portal's at the same time, each with a different identity. What I am getting at is that your servlet needs to somehow be associated with a particular portal before it can even think of asking this question.
  The ways to associate your servlet with a portal would be
  [list=1]
  [*]Make it a partner application
  [*]Make it a portlet
  [*]Make it an external application
  [list]
  Hope that helps.

• Unable to get Portal User in a Remote DB

  Hello,
  We are developing an application with Portal on Instance A and the application tables on Instance B. We have DB triggers on the application tables in B and would like to capture the Portal USER using wwctx_api.get_user. Have created a DB link and PUBLIC SYNONYM in B to access the package in A. However, when we call the function in B, we get the following error -
  ORA-00164: autonomous transaction disallowed within distributed transaction.
  Has anyone tried something similar?
  Thanks.

  Hi,
  If you submit your form to a procedure in the portal instance you can get the portal user inside of this procedure.
  you can then send this value to the table in the other instance.
  Regards
  Michael

• How to get Portal User Context  in Web Dynpro application

  I have successfully integrate a web dynpro app into SAP Netweaver Portal.
  Within my web dynpro app, how can I get portal user context information such as first name, last name, job title or some newly created ume attibutes.
  Is there any programmatical approach to get portal user context in my web dynpro. I not sure whether I can use the following codes in web dynpro?
  IUserContext userContext = request.getUser();
  String firstName = userContext.getFirstName();
  String lastName = userContext.getLastName();
  If yes, can someone point me the name of the jar file I have to import.
  Note : The SAP Netweaver installation that runs my web dynpro app is same with the SAP Portal.

  Hi ,
  you can use the below code to get User details and  add com.sap.security_2.0.0 > lib > com.sap.security.api.jar
  try
            IWDClientUser clientUser = WDClientUser.getCurrentUser();
  String firstName = clientUser.getFirstName();
  String lastname = clientUser.getLastName();
  catch (WDUMException e) {
              wdComponentAPI.getMessageManager().reportException("Error Retrieving User"+e.toString(),true);
  Regards,
  Sunitha Hari