Prompt to change initial password

Similar Messages

• SAP  Portal  unable to recognize  AD requirement to change initial password

  Hi,
  We configured Active Directory server (2008 R2) as UME for SAP Portal (Netweaver 7.01  SP7).  We matched as many of the security parameters as possible* (ex.  minimum password length, require one number in password, etc.).  The AD parameter "User must change password at Next logon" is set ON.  However, upon attempt to login to SAP Portal with the initial password that was set in AD we are not prompted to change the password.  Rather, the SAP Portal logon attempt fails with message:  "Authentication Denied"
  Has anyone dealt with this problem before?
  Other information: 
  *Our MarketPlace researched indicated that the SAP Portal parameter "ume.ldap.security_policy.password_change_required" (which would correspond to the AD parameter mentioned above) is no longer an available parameter for our SAP Portal version (Netweaver 7.01  SP7).
  In our version of SAP Portal, the AD parameter "User must change password at Next logon" has one parameter which is similar, but does not directly correspond.  The SAP Portal parameter which we do have is "No password change required".  Notice this is the logical opposite of the AD parameter:  AD says to require the password, whereas SAP Portal says it's NOT required.  Therefore, when the AD parameter is set to ON, this results in the Portal parameter being set to OFF.  Even still, we face the login failure.

  You have to note here that implementing SAP IDM is only ONE of the possible options you have. The implementation of IDM in itself is a huge undertaking because of the number of systems and the decision making process involved with it.
  In one of my previous implementations, when SAP IDM was not around, we had Tivoli Access Management tools which took care of the password problems.
  even though we implement IDM and deploy IDM UI on Portal , still user should change password before it expires on AD right ?
  Even with IDM in place, user will not be able to login to SAP portal with an expired AD password. However, in our case, we provide a link on the logon page of SAP portal to the IDM password self service application which will allow the user to change the password.
  Does IDM has any feature like sending notifications before password expiration period ?
  I don't think it does - however I have not explored this option in IDM since most of our users do not have email addresses and we cannot send a reminder. You should be able to create a task (with some customization) in IDM to achieve this.
  Also will the IDM implementation help us in creating users with option "User should change password at next logon" on AD ?
  Yes - IDM does create users with option "User should change password at next logon" in AD.
  With IDM in place and tied to AD, it should be the central place of creating users. It is recommended NOT to create or manipulate the users in any target systems (SAP, AD, etc). IDM should be taking care of all the user provisioning activities.
  is this like a work around to allow users to change password from Portal before it gets expired on Active Directory(AD) ?
  This is not a work around - it is rather a full blown identity management solution for all your company needs.
  You will get a lot of your IDM specific questions answered in the Identity Management forum.
  Thanks,
  Shanti

• Changing initial password on CompanyPortal

  Hi experts,
  User calls the reports on the Intranet-Portal.
  I created a user just new.
  I thought by first login, system should ask to change Initial Password.
  If user make his/her first login over the Intranet portal, it does not ask to change the initial password.
  Do you know how to set up this ?
  Thanks.

  I think you would be using the same userid for all the applications in the intranet.
  if you are resetting the password, then you have to follow the same password in other applications in the intranet...
  i think, this is not practice to change/reset the password always in the intranet portal.
  I am not sure, how much feasible it is..
  Hope this would help you.

• CUA environment - changing the initial password of a user.

  Hi Gurus,
  I've encounter a perculiar issue when I assign an initial password to a user.
  My system setup is based on CUA where my Central admin is client 100, with child client 200.
  - I create an ID in client 100, set it to system 200, set initial password as "passW0rd". Save
  - The ID was created in 200
  - Logged in Client 100 using ID and "passW0rd", prompted for new password (i canceled the login)
  - When back to client 100 CUA, in SU01 I select ID and click "EDIT", under the logon data I retype the initial password to "P4ssword"
  - checked SCUL, it's green and user change
  - Logged in Client 100 using ID and "P4ssword", error in password
  - tried the old "passW0rd", prompted for new password.
  I puzzled why the CUA did not redistribute the changed initial password to client 200, another can any ideas?
  I also tried SU01 and click "reset password" button instead of "edit", the changed password was able to distributed to client 200.
  By password change is ok this way or not ok if change within edit mode?
  Thanks,
  Jansen

  Hi Sergo, 
  Yes I realise the "change password" works but for my case I cannot use that function. Any other suggestions. Cos by right even if I were to change in the logon data it should work right?
  Hi Juan,
  Yes I've checked, the IDOCs are in and successful.

• SAP ABAP/BOBJ Infoview initial password change

  Hi all,
  We are using BOBJ Crystal Repors and BI for reporting. All authentication and data security is working great including user/role sync from ABAP stack.
  My problem is as follows - Say I reset the initial password in the ABAP side for a user id. I log into BOBJ Infoview and the new inital password syncs as expected. However.....the infoview does not promt for the user to change the initial password as the ABAP side or portal would. Now the user maintains the initial password the admin set. Again, our portal or ABAP system forces the user to change the initial password but I can't seem to have the infoview do the same.
  Any guidance would be greatly appreciated.
  Thanks!
  SAP BI - Netweaver 2004 S
  BOBJ Enterprise XI 3.1 
  SAP Integration Kit
  Crystal 2008 (12.2.0.29)

  I believe this note pertains to your issue:
  1319430 - SAP Users not prompted to change their passwords    
  Version   1     Validity: 03/18/2009 - active   
  Language   English 
  Edit Show change log 
  Content:    Summary   |   Header Data   |   References   |   Product
  Symptom
  When the SAP system has a new user set to change their password on the initial login and the user attempts to log into Infoview using the SAP integration kit the user is not prompted to change their password.
  Reproducing the Issue
  When SAP system has a new user set to change password on initial login and user attempts to log into Infoview using SAP integration kit the user is not prompted to change password.
  Cause
  This occurs because, as with other 3rd party integration solutions, we do not write to the authentication system but only read the information that is there. Thus we are unable to "CHANGE" an SAP password.
  Resolution
  Have a new user access the SAP GUI or another SAP utility before accessing InfoView for the first time.
  Keywords
  SAP PASSWORD RESET NEW USER

• Problems in Changing LDAP (AD) Initial Password from Portal

  Hello ,
  We are using EP 7.01 SP 05 with Microsoft AD as our user data store (flat structure).
  For newly created users on AD, we are wanting them to be able to change their initial passwords from portal (on their first logon).
  SSL is set up between EP and AD.
  The user we are using to access LDAP has write privileges.
  We are using a standard configuration file (writeable version) (dataSourceConfiguration_ads_writeable_db.xml)
  We are able to modify users from User Administration console (including password change) without any problem.
  However, there are two problems we are facing:
  1. If the flag "User must change password at first logon" is set on AD/LDAP, then on Portal the user is not getting prompted for changing password - and User authentication failed
  2. If the flag "User must change password at first logon" is NOT set on AD/LDAP, then - User is getting prompted to change the password" - however password change is not going through successfully - Error says - "Missing".
  From logs I can see the following error:
  #1.5#0050568767DE006B0000000700005D7C00048EC433D5B0FC#1282873241046#com.sap.security.core.persistence#sap.com/irj#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=64495]#Guest#0#SAP J2EE Engine JTA Transaction : [044ffffffd35700451]#n/a##19ae55e0b17c11dfb0d00050568767de#SAPEngine_Application_Thread[impl:3]_23##0#0#Error##Java###Can not change password
  [EXCEPTION]
  {0}#1#javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, \#1:
  0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
  ]; remaining name 'cn=portal test'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2943)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2749)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1449)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
  Can any one pls suggest what is this error about and what I am missing.
  Thanks ,
  Shanti

  Hello All,
  Thank you for your time and valuable replies.
  I got rid of the "Missing" error and now I am one step away from the solution.
  Now I am at a stage where: (for a user with initial password on LDAP)
  1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
  2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
  I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
  However, when and administrator can change passwords from UME successfully without any problem - it means that:
  - Security policy is being met
  - Service user used to communicate to LDAP has all the required access
  The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
  According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
  Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
  So, I have tried setting the following without any success:
  <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
  <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
  Thanks,
  Shanti

• Open Directory users prompted to change password after 10.8 to 10.9 server upgrade

  I just upgraded our 10.8.5 server to 10.9.3. I also upgraded Server.app to the most recent version (3.1.2). I made a complete backup first as a precaution.
  Existing non-admin users are being prompted to change their password when logging in. I've narrowed the problem down to a checkbox in the "Global Password Policy" settings in Server.app, specifically this checkbox: "Passwords must: be reset on first user login". I had that box checked in 10.8 so that new users would be prompted to create a password the first time they logged into a bound computer. It worked great and I'd like to continue using this feature in 10.9.
  If I uncheck this box in Server.app in 10.9.3, existing users can log in just fine with their existing passwords. If I re-check the box, non-admin users are suddenly prompted to change their password when logging in, even though they've logged in countless times in the past.
  Here are some things I've tried:
  * stopping and restarting the Open Directory service in Server.app
  * restarting the server
  * disabling and re-enabling an existing user account
  * inspecting user records in Directory Utility for any peculiar attributes
  * I used the mkpassdb -dump command to verify that the correct "last login time" is present for a particular user, but I'm not enough of an Open Directory expert to know if this is the attribute that the Global Password Policy relies on.
  Does anyone have any other ideas or suggestions?

  UPDATE: It looks like this issue applies to new (post-upgrade) accounts, too, suggesting that this has nothing to do with the upgrade process. Can anyone confirm this behavior? It's easy to test:
  1) Make sure the "Passwords must: be reset on first user login" box is unchecked.
  2) Create a new user in Open Directory.
  3) Log in once. No problem.
  4) Now check the "Passwords must: be reset on first user login" box.
  5) Try to log in again. Were you prompted to change your password? Logically, you shouldn't have been prompted, but users on my server are being prompted.

• Why can't I login into my Apple account without being forced to change my password.

  I received an email from Apple:
  "The following changes to your Apple ID (xxxxxxxxxxxx) were made on 01 January 2015 at 17:52:54 (GMT):
  Shipping and/or billing address.
  When I log on to check my Shipping and Billing address I am prompted to change my password, which I do NOT want to do.
  I cannot go any further than the forced password change screen.
  How do I check my account details without changing my password?
  I am not happy with being forced to change my password. it almost makes me wonder if I have been redirected to a 'scam' site.

  How are you trying to log into your account ? You can log into an account :
  - via the 'manage your apple id' button on http://appleid.apple.com
  - Store > View Account menu option on a computer's iTunes
  - tapping on the id in Settings > iTunes & App Store on an iOS device
  All three let you view and/or change your billing address, though only the last you let you view payment details. You could try one of the other methods and see if they let you login without requesting a password change.
  This page lists the current requirements for passwords : Security and your Apple ID.
  If you want to check your account's purchase history then you can do so via the Store > View Account menu option on your computer's iTunes, or you can view the last 90 days purchases via http://reportaproblem.apple.com

• Changing expired password in forms 6.0

  I'm trying to offer a possibility to users to change their passwords.
  in forms they user is prompt to change is password, but after changes an validation the message FRM-10201 Impossible de changer le mot de passe (unable to change the password)
  When i try it on sql plus i got this :
  SQL> connect ntci/ntci@post
  ERREUR:
  ORA-28001: le mot de passe est expiré
  Modification de mot de passe pour ntci
  Ancien mot de passe : *****
  Erreur du système d'exploitation (Operating system error, password not modified)
  Mot de passe non modifié
  I dont know what is happening.
  Would you mind helping me

  Thank you for replying to my message.
  I've read in doc 52718.1 that from forms release 6.0 it is possible to handle this situation.
  After expiring the password an trying a connection, the system first prompt that the password is expired and ask for a password replacement but this never reach (the operating system error is raised).
  I'm using Forms 6.0 against Database 9.0.2..on windows XP client
  Maybe this could explain moore
  thank you once again

• TS3899 I was asked to change my password as I had been hacked.  Now, I cannot get my mail on my ipad.  I have deleted the acct. and readded it. But It will not recognice the new password. Please help!!

  I was prompted to change my password as I had been hacked.  Now, my ipad won't recognize the new password.  I have deleted and readded the account.  It still won't accept the new password.  PLEASE HELP!!!

  It was through Gmail.  They blocked an attempt to log in to my acct from Bankok or some place like that.  So...I created  a new password but now cannot get email for my ipad.  Cannot get my ical to recognize my email acct etc. 

• Update my Apple ID information without changing my Password

  i need to update some expired  information in my Apple ID. My password contains upper and lower case letters, symbols and numerals. However, when I log on to the apple id page, I'm accosted with a form that is forcing me to change my password. I DONT WANT TO CHANGE IT. How in the world do I bypass that page and continue on to my Apple ID information?

  If you are getting a prompt to change the password then it's unlikely that you will be able to do so - depending upon what info that you are trying to change, then you've tried logging in via a different way e.g. by tapping on your id in Settings > iTunes & App Store on your phone, the Store > View Account menu option on your computer's iTunes, and the 'manage your apple id' button on http://appleid.apple.com (you can't change payment details via that site)

• TS2446 I can't sign into iMessage after I changed my password

  I was prompted to change my password for security reasons, after I did so I can still access iTunes and the App Store with the new password but it won't let me sign into iMessage, anyone have any ideas?

  Reset all settings
  Settings>General>Reset>Reset All Settings
  Note: Data will not be affected but settings will be reset.

• System does not prompt to change the initial passwd

  hi,
  While trying to login to the SAP system with my initial password, the system does not prompt me to change my initial passwd and lets me in, could anyone let me know how can i change the system to force change the initial passwd.
  thank you
  Jonu

  Please provide more details about "your system".
  Typically causes:
  - Your user ID is either of type SERVICE for which password changes are not required and they cannot change their own passwords either. So you are "consuming" a service and prior authentication does not have anything to do with the authentication of the SAP system.
  - You are logging on from an external client system which is calling RFC's to logon to the SAP system. By default, this only prompts for password change or rejects the logon attempt if you instruct the system to do so.
  Please provide more details.
  Cheers,
  Julius

• My iPhone 5S prompts me for my password to an Apple ID email that no longer exists as an account.  How do I change my Apple ID address without having to change the primary address to a non-existent email account?

  I cannot sign into icloud on my phone because the Apple ID is an email account that has been deactivated and deleted.  How can I change my Apple ID without having to change the primary email address to this non-existent account? If I did so, I wouldn't be able to access the account to receive the verification email. Please help!

  To change the iCloud ID you have to go to Settings>iCloud, tap Delete Account, provide the password for the old ID when prompted to turn off Find My iDevice, then sign back in with the ID you wish to use.  When you do this you may find that the password for your old ID isn't accepted.  If this should happen, and if your old ID is an earlier version of your current ID, you need to temporarily recreate your old ID by going to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You should not need to verify the old email address.  You can now use your current password to turn off Find My iDevice on your device, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll.  When finished go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

• How do I change my iCloud Account email?  I keep getting prompted to enter a password associated with an old email account I no longer use. I do not have the password for it.  How do I change my iCloud Account?

  How do I change my iCloud Account email?  I keep getting prompted to enter a password associated with an old email account I no longer use. I do not have the password for it.  How do I change my iCloud Account?

  You can't delete an existing account, you can only choose to stop using it.  It will still be there should you decide to use it again in the future.