SAP ABAP/BOBJ Infoview initial password change

Similar Messages

• Initial password change requested with SSO

  Hi all,
  we have well working SSO with EP6 SP2 and standalone ITS. SSO is based on SAP logon ticket. Only one annoying thing appears.
  If a new user is created in SAP R/3, ITS asks for changing of password.
  Does it mean that the user must initially (and later again according to password policy) change the password although we do not use direct access to R/3? If no password change should be required with SSO, how to solve this issue?
  EP6 SP2 P4 HF8
  ITS 6.2 PL14
  R/3 4.7
  Thanks in advance for any good idea.
  Pavol

  Hello,
  We are on a very similar setup as above:
  EP 6.0 SP12 with ITS.
  What we are seeing is that the initial password dialog comes up but there is only the input fields but no "Submit" or "Change" buttons. In summary, new users are not able to change their password through the Portal.
  Any ideas why this might be happening?
  Thanks,
  Siva.

• Initial password change.. Urgent Please?

  Hi All,
      We have an Ep6.0 SP12 installation and CUA as user base for the portal. In the CUA, I added the role SAP_BC_JSF_COMMUNIATION for user sapjsf and the xml file used is dataSourceConfiguration_r3_rw.xml.
     now i create a user using portal, i.e. UserAdmin -> create user and am logging in with this userid and password. In the next screen it asks for new password. IT works as expected and thats fine.
    but, if I create a user in CUA and when I login into portal with this userid and password. It doesnt ask for password change. Y is it so?
  Please help me in this regard.
  Thank you

  Still some more input, i just went and checked the account history in portal of the two users, created through portal and also in CUA
  The user created in CUA has the folling history
  Date                          Description
  Not Available                 New account created
  - Dec 31, 2500 12:00:00 AM   Account Valid Date
  Aug 30, 2005 8:04:45 PM Last  Successful Logon
  Dec 31, 9999 12:00:00 AM Last Password Change
  please see the last password change field, is it restricting me to change the password ?
  where as the user created from Portal has the following account history
  Date                       Description
  Aug 30, 2005 6:50:17 PM    New account created
  Aug 30, 2005 12:00:00 AM - Dec 31, 2500 12:00:00 AM   Account Valid Date
  Aug 30, 2005 6:53:53 PM     Last Failed Logon
  Aug 30, 2005 6:50:17 PM     Last Password Change
  as we see the last password change field here, it is pretty much the same as new account created date, so the password is getting expired.
  Could you please have a look at SAP NOTE "858469"
  Could some one please help me in this regard?
  Thank you

• SAP  Portal  unable to recognize  AD requirement to change initial password

  Hi,
  We configured Active Directory server (2008 R2) as UME for SAP Portal (Netweaver 7.01  SP7).  We matched as many of the security parameters as possible* (ex.  minimum password length, require one number in password, etc.).  The AD parameter "User must change password at Next logon" is set ON.  However, upon attempt to login to SAP Portal with the initial password that was set in AD we are not prompted to change the password.  Rather, the SAP Portal logon attempt fails with message:  "Authentication Denied"
  Has anyone dealt with this problem before?
  Other information: 
  *Our MarketPlace researched indicated that the SAP Portal parameter "ume.ldap.security_policy.password_change_required" (which would correspond to the AD parameter mentioned above) is no longer an available parameter for our SAP Portal version (Netweaver 7.01  SP7).
  In our version of SAP Portal, the AD parameter "User must change password at Next logon" has one parameter which is similar, but does not directly correspond.  The SAP Portal parameter which we do have is "No password change required".  Notice this is the logical opposite of the AD parameter:  AD says to require the password, whereas SAP Portal says it's NOT required.  Therefore, when the AD parameter is set to ON, this results in the Portal parameter being set to OFF.  Even still, we face the login failure.

  You have to note here that implementing SAP IDM is only ONE of the possible options you have. The implementation of IDM in itself is a huge undertaking because of the number of systems and the decision making process involved with it.
  In one of my previous implementations, when SAP IDM was not around, we had Tivoli Access Management tools which took care of the password problems.
  even though we implement IDM and deploy IDM UI on Portal , still user should change password before it expires on AD right ?
  Even with IDM in place, user will not be able to login to SAP portal with an expired AD password. However, in our case, we provide a link on the logon page of SAP portal to the IDM password self service application which will allow the user to change the password.
  Does IDM has any feature like sending notifications before password expiration period ?
  I don't think it does - however I have not explored this option in IDM since most of our users do not have email addresses and we cannot send a reminder. You should be able to create a task (with some customization) in IDM to achieve this.
  Also will the IDM implementation help us in creating users with option "User should change password at next logon" on AD ?
  Yes - IDM does create users with option "User should change password at next logon" in AD.
  With IDM in place and tied to AD, it should be the central place of creating users. It is recommended NOT to create or manipulate the users in any target systems (SAP, AD, etc). IDM should be taking care of all the user provisioning activities.
  is this like a work around to allow users to change password from Portal before it gets expired on Active Directory(AD) ?
  This is not a work around - it is rather a full blown identity management solution for all your company needs.
  You will get a lot of your IDM specific questions answered in the Identity Management forum.
  Thanks,
  Shanti

• Initial password when LDAP user created i SAP?

  Hi,
  I'm about to configure LDAP integration with SAP, where users that exist only on the LDAP server are created in SAP.
  Are any initial passwords automatically set for these users in SAP, or will an administrator have to go in and set an initial password for all created users?
  Thanks, Oscar

  Hi,
  I assume you will use the LDAP synchronization in an ABAP system. Here you have to maintain the fields to be synchronized. The password field is typically not synchronized but you can fill in the logondata hashvalue. I never tried to get the hashvalue out of LDAP because LDAP and SAP may use different hash algorithms. The better way is to set a fixed value in the mapping. You can use SAP functions to maintain the hashvalue.
  Transaction for maintaining the mapping: LDAPMAP.
  Regards
  Rainer

• How to discable password change in SAP ERP (or any ABAP system)

  Hello,
  We have password synchronization between Sun Identity Management system and SAP ABAP systems. This ensures that the password is identical between the network ID and SAP ID. In order to avoid any issues, we would like to disable the ability of the users to change their password in the SAP system directly (on the initial logon page). This forces the users to go through Sun Identify Management system for resetting the password (desired behavior). Can you please suggest if there is a way to do this. I remember seeing an OSS note that meets the requirement a couple of years ago but now I can't find it.
  Thanks
  Sri

  Hi Sri Vandan,
  Please check note number: 379081 if it helps for you.

• Initial password for SAP* in SAP NetWeaver 2004s ABAP Edition

  Hello,
  I have just installed the SAP NetWeaver 2004s ABAP Edition on my PC and I want to setup some new clients to simulate an ALE model.
  Does anyone know the initial password for SAP* ?
  I have already tried PASS and pass because I know it is case -sensitive now but it did not work.
  Thanks a lot.
  Wim Van den Wyngaert

  Hi,
  initial SAP* password is 06071992 
  DDIC is 19920706

• Problems in Changing LDAP (AD) Initial Password from Portal

  Hello ,
  We are using EP 7.01 SP 05 with Microsoft AD as our user data store (flat structure).
  For newly created users on AD, we are wanting them to be able to change their initial passwords from portal (on their first logon).
  SSL is set up between EP and AD.
  The user we are using to access LDAP has write privileges.
  We are using a standard configuration file (writeable version) (dataSourceConfiguration_ads_writeable_db.xml)
  We are able to modify users from User Administration console (including password change) without any problem.
  However, there are two problems we are facing:
  1. If the flag "User must change password at first logon" is set on AD/LDAP, then on Portal the user is not getting prompted for changing password - and User authentication failed
  2. If the flag "User must change password at first logon" is NOT set on AD/LDAP, then - User is getting prompted to change the password" - however password change is not going through successfully - Error says - "Missing".
  From logs I can see the following error:
  #1.5#0050568767DE006B0000000700005D7C00048EC433D5B0FC#1282873241046#com.sap.security.core.persistence#sap.com/irj#com.sap.security.core.persistence.[cf=com.sap.security.core.persistence.datasource.imp.LDAPPersistence][md=changePassword][cl=64495]#Guest#0#SAP J2EE Engine JTA Transaction : [044ffffffd35700451]#n/a##19ae55e0b17c11dfb0d00050568767de#SAPEngine_Application_Thread[impl:3]_23##0#0#Error##Java###Can not change password
  [EXCEPTION]
  {0}#1#javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03190F00, \#1:
  0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)
  ]; remaining name 'cn=portal test'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3010)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2943)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2749)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1449)
  at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
  at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:161)
  Can any one pls suggest what is this error about and what I am missing.
  Thanks ,
  Shanti

  Hello All,
  Thank you for your time and valuable replies.
  I got rid of the "Missing" error and now I am one step away from the solution.
  Now I am at a stage where: (for a user with initial password on LDAP)
  1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
  2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
  I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
  However, when and administrator can change passwords from UME successfully without any problem - it means that:
  - Security policy is being met
  - Service user used to communicate to LDAP has all the required access
  The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
  According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
  Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
  So, I have tried setting the following without any success:
  <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
  <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
  Thanks,
  Shanti

• SAP initial password expired... how to renew it?

  SAP initial password expired... how to renew it?

  hi there
  check with your basis team to renew the password,, or get the help from your team lead( he may have authorization for the SU01) there you can change the Initial password
  Thanks
  Senthil

• Prompt to change initial password

  Do you know if it is possible to have a prompt to change initial password on GDS console login?
  How can it be implemented?
  Thank you

  Hi,
  I think,  it is possible to prompt User to change initial password on login.
  Please go through [this link|http://help.sap.com/saphelp_gds20/helpdata/EN/45/1104685aa66cbfe10000000a114a6b/frameset.htm] for more details about User Management in GDS (in the "adding a new User" Section it is clearly mentioned that new user is required to change the password at first login. )
  Hope this helps.
  Regards,
  Shiv

• CUA environment - changing the initial password of a user.

  Hi Gurus,
  I've encounter a perculiar issue when I assign an initial password to a user.
  My system setup is based on CUA where my Central admin is client 100, with child client 200.
  - I create an ID in client 100, set it to system 200, set initial password as "passW0rd". Save
  - The ID was created in 200
  - Logged in Client 100 using ID and "passW0rd", prompted for new password (i canceled the login)
  - When back to client 100 CUA, in SU01 I select ID and click "EDIT", under the logon data I retype the initial password to "P4ssword"
  - checked SCUL, it's green and user change
  - Logged in Client 100 using ID and "P4ssword", error in password
  - tried the old "passW0rd", prompted for new password.
  I puzzled why the CUA did not redistribute the changed initial password to client 200, another can any ideas?
  I also tried SU01 and click "reset password" button instead of "edit", the changed password was able to distributed to client 200.
  By password change is ok this way or not ok if change within edit mode?
  Thanks,
  Jansen

  Hi Sergo, 
  Yes I realise the "change password" works but for my case I cannot use that function. Any other suggestions. Cos by right even if I were to change in the logon data it should work right?
  Hi Juan,
  Yes I've checked, the IDOCs are in and successful.

• Filter on SAP ABAP Initial Loads

  Hi all,
  I'm trying to put a filter on the pass "ReadABAPuser" of an ABAP Initial Load. My SAP ABAP System has over 10000 users and I need only part of them.
  I tried so to add "FILTER" entry (as on ReadABAProle for example) on Source tab of the pass "ReadABAPuser" with value "A*".
  But seems the pass does not make attention of this FILTER and still request the full user list.
  Do you have met this issue ?
  Thanks for your help,
  Benjamin

  Hi Benjamin,
  well, I've never worked with the pass attribute FILTER for the pass type "FromSAP". Therefore, I'm not sure about the following -  but maybe it's a starting point for further investigation... 
  I believe that it works differently for different data types:
  Roles: simple filter value which filters for the role name (you can use *)
  Roles, if you connect to a CUA central system: not supported
  Users: it seems to work with a multivalue name=value syntax.
  Conclusion: I guess it is easier to filter users in the source tab of the ToPass "WriteABAPUsers".
  Kind regards
  Frank Buchholz

• Changing initial password on CompanyPortal

  Hi experts,
  User calls the reports on the Intranet-Portal.
  I created a user just new.
  I thought by first login, system should ask to change Initial Password.
  If user make his/her first login over the Intranet portal, it does not ask to change the initial password.
  Do you know how to set up this ?
  Thanks.

  I think you would be using the same userid for all the applications in the intranet.
  if you are resetting the password, then you have to follow the same password in other applications in the intranet...
  i think, this is not practice to change/reset the password always in the intranet portal.
  I am not sure, how much feasible it is..
  Hope this would help you.

• HT204409 How do I change or reset my password for my wifi? I have forgotten my initial password when I setup the wifi and now cant use it with my iPod but it still works with my iPad as the password option doesn't come up like the iPod.

  How do I change or reset my password for my wifi? I have forgotten my initial password when I setup the wifi and now cant use it with my iPod but it still works with my iPad as the password option doesn't come up like the iPod.

  If you are saying that the iPod asks for the password for the network and you do not know it, what may work is to turn on iCloud keychain for the iPod and iPad., Thet may sync the password from the iPad to the iPod
  http://9to5mac.com/2013/10/26/how-to-setup-and-use-icloud-keychain-for-mavericks -and-ios-7/
  Otherwise you will have to go into the router settings and reset the wifi password in the router

• Initial password must be reinitialized

  Hi,
  When we reinitialized SAP password to our users and they didn't have change it because to change it they have to enter into SAP and answer the popup window asking to set a new one, then when they use InfoView with type of authentication=SAP in order to access BOE an error arise:
  "Initial password must be reinitialized"
  Does anyone know how to avoid this error?
  Thanks in advance,
  Carlos Castrilló

  Hi,
  error is coming because in sap bw you have set the password as  "change on next logon".
  You can resolve by two ways.
  1)if password is set as "change on next logon " then users have to first change password in the BW system.
  2)  set the new password and unchecked the option in BW  to" change on next login".in this case users have to use the same password for every-time to login on info-view.
  Thanks,
  Amit