SAP  Portal  unable to recognize  AD requirement to change initial password

Hi,
We configured Active Directory server (2008 R2) as UME for SAP Portal (Netweaver 7.01  SP7).  We matched as many of the security parameters as possible* (ex.  minimum password length, require one number in password, etc.).  The AD parameter "User must change password at Next logon" is set ON.  However, upon attempt to login to SAP Portal with the initial password that was set in AD we are not prompted to change the password.  Rather, the SAP Portal logon attempt fails with message:  "Authentication Denied"
Has anyone dealt with this problem before?
Other information: 
*Our MarketPlace researched indicated that the SAP Portal parameter "ume.ldap.security_policy.password_change_required" (which would correspond to the AD parameter mentioned above) is no longer an available parameter for our SAP Portal version (Netweaver 7.01  SP7).
In our version of SAP Portal, the AD parameter "User must change password at Next logon" has one parameter which is similar, but does not directly correspond.  The SAP Portal parameter which we do have is "No password change required".  Notice this is the logical opposite of the AD parameter:  AD says to require the password, whereas SAP Portal says it's NOT required.  Therefore, when the AD parameter is set to ON, this results in the Portal parameter being set to OFF.  Even still, we face the login failure.

You have to note here that implementing SAP IDM is only ONE of the possible options you have. The implementation of IDM in itself is a huge undertaking because of the number of systems and the decision making process involved with it.
In one of my previous implementations, when SAP IDM was not around, we had Tivoli Access Management tools which took care of the password problems.
even though we implement IDM and deploy IDM UI on Portal , still user should change password before it expires on AD right ?
Even with IDM in place, user will not be able to login to SAP portal with an expired AD password. However, in our case, we provide a link on the logon page of SAP portal to the IDM password self service application which will allow the user to change the password.
Does IDM has any feature like sending notifications before password expiration period ?
I don't think it does - however I have not explored this option in IDM since most of our users do not have email addresses and we cannot send a reminder. You should be able to create a task (with some customization) in IDM to achieve this.
Also will the IDM implementation help us in creating users with option "User should change password at next logon" on AD ?
Yes - IDM does create users with option "User should change password at next logon" in AD.
With IDM in place and tied to AD, it should be the central place of creating users. It is recommended NOT to create or manipulate the users in any target systems (SAP, AD, etc). IDM should be taking care of all the user provisioning activities.
is this like a work around to allow users to change password from Portal before it gets expired on Active Directory(AD) ?
This is not a work around - it is rather a full blown identity management solution for all your company needs.
You will get a lot of your IDM specific questions answered in the Identity Management forum.
Thanks,
Shanti

Similar Messages

  • I changed my email address on my Apple ID and was required to change my password - now IM doesnt work despite showing as available - suggestions?

    I changed my email address on my Apple ID and was required to change my password - now IM doesnt work despite showing as available - suggestions?

    Good day ESL1016,
    If you change the email address associated with your Apple ID there are a number of places that have settings that need to be changed. One is in the Messages application. This article explains how to make those changes -
    What to do after you change your Apple ID email address or password - Apple Support
    Look for the section titled Messages and under it Mac with OS X Mountain Lion or later. 
    Open the Messages app, select Messages > Preferences, then click the Accounts icon.
    If you're signed out, click Accounts and sign in with your updated Apple ID or password.
    If you're signed in with your previous Apple ID, click Accounts, then select your Apple ID from the list of accounts. Click Sign Out, then click Sign Out again when asked to confirm. Sign in with your updated Apple ID or password.
    Thanks for using Apple Support Communities.
    Safe computing,
    Brett L 

  • Unable to sign into iMessage after changing my password

    I know,the password is correct but it says it isn't when trying to sign into,imessaging on my iPad air

    1. Make sure software is up to date
    2. Make sure Messages is enabled; Settings>Messages
    3. Make sure Date and Time is correctly set; Settings>General>Date and Time>Set Automatically>On
    4. Make sure Push Notification is enabled
    5. Make sure phone number or email address is correct
    6. Hold the Sleep and Home button down (together) until you see the Apple Logo

  • How to disable right click on SAP portal login page

    Hi,
    How to disable right click on SAP portal login page. Our requirement is one should not be able to right click -
    >view source. on the portal login page.
    Best Regars,
    Tushar

    Hi Tchanvan,
    If you search google with "javascript disable right click" you will get loads of javascript code. This will also help you to gain knowledge.
    @Explanation to last post : You need to import standard logon par file in NWDS. Create javascript file to disable right click and then include this file in your logon page. i think login page name is portalLogin.jsp and then deploy this new PAR file.
    regards,
    Jigar Oza

  • SAP ABAP/BOBJ Infoview initial password change

    Hi all,
    We are using BOBJ Crystal Repors and BI for reporting. All authentication and data security is working great including user/role sync from ABAP stack.
    My problem is as follows - Say I reset the initial password in the ABAP side for a user id. I log into BOBJ Infoview and the new inital password syncs as expected. However.....the infoview does not promt for the user to change the initial password as the ABAP side or portal would. Now the user maintains the initial password the admin set. Again, our portal or ABAP system forces the user to change the initial password but I can't seem to have the infoview do the same.
    Any guidance would be greatly appreciated.
    Thanks!
    SAP BI - Netweaver 2004 S
    BOBJ Enterprise XI 3.1 
    SAP Integration Kit
    Crystal 2008 (12.2.0.29)

    I believe this note pertains to your issue:
    1319430 - SAP Users not prompted to change their passwords    
    Version   1     Validity: 03/18/2009 - active   
    Language   English 
    Edit Show change log 
    Content:    Summary   |   Header Data   |   References   |   Product
    Symptom
    When the SAP system has a new user set to change their password on the initial login and the user attempts to log into Infoview using the SAP integration kit the user is not prompted to change their password.
    Reproducing the Issue
    When SAP system has a new user set to change password on initial login and user attempts to log into Infoview using SAP integration kit the user is not prompted to change password.
    Cause
    This occurs because, as with other 3rd party integration solutions, we do not write to the authentication system but only read the information that is there. Thus we are unable to "CHANGE" an SAP password.
    Resolution
    Have a new user access the SAP GUI or another SAP utility before accessing InfoView for the first time.
    Keywords
    SAP PASSWORD RESET NEW USER

  • Unable to view HCM adobe forms for one employee in sap portal

    Dear Sap Gurus,
    we are Unable to view HCM adobe forms for one employee in sap portal.
    Regards
    Srinivas

    Hi,
    What error you getting? Did the user has the authorisation? Is his system has Adobe installed?
    Please perform normal checks.

  • Unable to replicate SRM users in SAP Portal

    Dear All,
    We've followed the below link to auto replicate the SRM Users in SAP Portal:
    http://help.sap.com/saphelp_srm70/helpdata/en/08/bae789ee8743d5b4cb2fbf93a9831b/content.htm?frameset=/en/08/bae789ee8743d5b4cb2fbf93a9831b/frameset.htm
    But after doing all the configuration steps, we are yet not able to replicate the SRM users in Portal.
    SPML Destination Connection test is successful and all other configurations are done and cross checked.
    Is there any report program that we have to run / schedule for the user replication.
    Please suggest.
    Regards,
    Anurag

    Dear Carl,
    The above link that you've shared talks about replicating user accounts from UME to the SAP System.
    However in our scenario, we want the replication from SAP system to UME. So, it's a reverse scenario.
    The link that I've shared above in my thread talks about my scenario and in fact we've done all the configuration steps also.
    But it is not working at the moment and I believe that there must be some additional setting / trigger point that would initiate the replication.
    If somebody has already come across such scenario, please advice.
    Regards,
    Anurag Gwari

  • Looks like adobe messed up.  Unable to install the 'required" upgrade  required because it won't let you view any videos until you upgrade. Doesn't recognize new password that I changed because it didn't recognize my old one!

    I have been trying to install the new Adobe Flash upgrade 17 for most of the day, it didn't want to recognize my password so I went to the web page changed the password and now it still dosen't like the new password.  Anyone have solutions?

    I have decided to dedicate this thread to the wonderful errors of Lion OSX. Each time I find a huge problem with Lion I will make note of it here.
    Today I discovered a new treasure of doggie poop in Lion. No Save As......
    I repeat. No Save As. In text editor I couldn't save the file with a new extension. I finally accomplished this oh so majorly difficult task (because we all know how difficult it should be to save a file with a new extension) by pressing duplicate and then saving a copy of the file with a new extension. Yet then I had to delete the first copy and send it to trash. And of course then I have to secure empty trash because if I have to do this the rest of my mac's life I will be taking up a quarter of percentage of space with duplicate files. So this is the real reason they got rid of Save As: so that it would garble up some extra GB on the ole hard disk.
    So about 20 minutes of my time were wasted while doing my homework and studying for an exam because I had to look up "how to save a file with a new extension in  mac Lion" and then wasted time sitting here and ranting on this forum until someone over at Apple wakes up from their OSX-coma.
    are you freaking kidding me Apple? I mean REALLY?!!!! who the heck designed this?!!! I want to know. I want his or her name and I want to sit down with them and have a long chat. and then I'd probably splash cold water on their face to wake them up.
    I am starting to believe that Apple is Satan.

  • Calling GRC NWBC in SAP Portal

    I have a requirement where current GRC users are required to use SAP Portal for GRC requests.
    I tried to create URL iView calling NWBC but have been facing layout issues. Layout is very short and unable to change even if I use FULL PAGE layout.
    I have already tried creating NWBC launch iView but it shows a blank screen along with NWBC screen.
    Please guys help me out with this situation.
    Please do remember that our Portal is on HTTP while NWBC is one HTTPS.

    I'm trying to call GRC v10 NWBC with the help of "Launch NWBC" standard iView.
    What currently happens is like the moment I click on the NWBC icon in the Portal, it opens a window within portal which BLANK and actually GRC screen (attached screenshot) and at the same time it opens another window that has NWBC and works absolutely fine.
    If someway we can stop showing GRC main screen in the Portal which is blank. It will help me solve the problem.

  • How to access Sap portal login user in ejb web service

    Hi,
    I wnt to access SAP Portal login user in my ejb application which resides on the same server.
    I am using following code
    try {
         IUser user =null;                         IWDClientUser wdUser = WDClientUser.getCurrentUser();
                                  user = wdUser.getSAPUser();
                             } catch (WDUMException e) {
                                  // TODO Auto-generated catch block
                                  e.printStackTrace();
    Some additional jar files are required for this?
    The same code works fine with webDynpro but not with ejb.
    Thanks in advance     
    Best regards,
    Nilesh

    Thanks for reply.
    I have already added com.sap.security.api in my EJB module project classpath. How to add the same in EJB application Project (application-j2ee-engine.xml)?
    Best regards,
    Nilesh

  • SSO from Microsoft wabsite to SAP Portal

    Hi
    My client wants SSO from .net based Microsoft website to SAP Portals. Requirement is that when customer enters the website e.g. www.mysite.com , he will be automatically gain access (SSO) to  SAP Portal .
    How it can be done ?
    Please help
    Thanks in advance

    Hi Ananda,
    This link answers your query.
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/interoperability/dotnet/_web%20services%20and%20a2a%20interoperability%20center/sample%20application%3a%20sso%20with%20a%20.net-based%20web%20service%20client%20using%20sap%20logon%20tickets.pdf
    Reward points if handy!
    Regards,
    Sandeep Tudumu

  • Organization announcements Using CRM and SAP portal

    Dear Gurus,
    I am trying to build functionality for an organization to do their announcements using CRM 7.0, Once the announcement is published it should be visible on the SAP Portal. I am planning to do like this:
    1) Create a campaign using mail form (Announcement content) and target group
    2) Select the communication method as e-mail and I have done settings in SPRO to create the activity for an outgoing mail
    3) Release the campaign and execute the campaign
    4) Upon execution the CRM system will create the activity for an outgoing email (announcement)
    4) Create an iView in portal
    5) Pull the activities created on CRM and display on the portal iView
    My questions are:
    1) Is there any standard iView to do this
    2) Is there any other standard functionality available to do this announcement using CRM and Portal
    3) What are the lining table between Campaign activity and mail forms (e-mail content for announcement) - When I go activity search on CRM WEB UI I can see these activities and also I can see these activities on CRMD_orderadm_h, but unable to get the link tables between this activity and outgoing mail forms.
    Thank you in advance and appreciate your help.
    Regards,
    Reddy

    Dear Gurus,
    I am trying to build functionality for an organization to do their announcements using CRM 7.0, Once the announcement is published it should be visible on the SAP Portal. I am planning to do like this:
    1) Create a campaign using mail form (Announcement content) and target group
    2) Select the communication method as e-mail and I have done settings in SPRO to create the activity for an outgoing mail
    3) Release the campaign and execute the campaign
    4) Upon execution the CRM system will create the activity for an outgoing email (announcement)
    4) Create an iView in portal
    5) Pull the activities created on CRM and display on the portal iView
    My questions are:
    1) Is there any standard iView to do this
    2) Is there any other standard functionality available to do this announcement using CRM and Portal
    3) What are the lining table between Campaign activity and mail forms (e-mail content for announcement) - When I go activity search on CRM WEB UI I can see these activities and also I can see these activities on CRMD_orderadm_h, but unable to get the link tables between this activity and outgoing mail forms.
    Thank you in advance and appreciate your help.
    Regards,
    Reddy

  • Error while creating user in LDAP (MS ADS) from SAP Portal 7.0

    Hi,
    Is it obliged to use SSL connection to create new user in LDAP (MS ADS) from SAP Portal 7.0 ?
    I've configured the UME with ldap server adress and port 389. And use configuration file "dataSourceConfiguration_ads_writeable_db.xml"
    I succeed to view users existing in LDAP but when I try to create new user I've the following error message:
    LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0)
    Thanks and regards

    check this link
    http://help.sap.com/saphelp_nw70/helpdata/EN/37/cfd93f130f9115e10000000a155106/frameset.htm
    and at the end of the page there is a qoute "We strongly recommend that you configure SSL between the UME and the LDAP directory. Some LDAP directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the LDAP directory"
    hence follow this link to configure SSL
    http://help.sap.com/saphelp_nw70/helpdata/EN/7d/77fa735e5f47a2a50b5336fd1b5a61/frameset.htm
    hope this helps..
    [Rahul|http://rahulursportal.blogspot.com/]

  • I have error while testing the system created from a sap business objects template in SAP portal

    I have error while testing the system created from a sap business objects template in SAP portal. Error text:
    com.sapportals.connector.connection.ConnectionFailedException: Connection Failed: A nested exception occurred. Could not initialize physical connection. Connection Failed: A nested exception occurred. Could not initialize physical connection. Connection Failed: A nested exception occurred. Could not create JCO connection. 'mshost' missing
    I configure integration SAP portal and SAP BW system. All system requirements are complied.
    Environment
    SAP Business Objects 4.0
    SAP BW 7.31
    1.     I configure SSSO between SAP BW and SAP Business Objects Enterprise 4.0
    2.     Next I setting integration SAP PORTAL with SAP BW system
    3.     I download certificate from portal. Select Certificates and key (http://sapserver:port/nwa) – See scren_
    4.     In next window selected Ticketkeystore and Saplogonticketpair-cert( near part window form)
    5. Select Export entry button and binary format file certificate for download. Press download.
    6.     Save certificate file in local PC folder
    In next step need export certificate file to SAP system. Sequence of step:
    1.       Run STRUSTSS02 transaction .
    2.       Chose certificate ->import.
    3.       Select downloaded certificate file
    4.       Select Add to certificate list button and Add to ACL button
    5.       Inter System ID and Client(000)
    6.       In next I download iview sap business objects template into sap portal: System administration->transport->Import. And select and download sap business Objects iview template in .epa format into sap portal.
    7.       Result – downloaded iview.
    8.       In next step I create system from template. System administration->system landscape.
    9. In next step I input parameters for my system in Connector category, Sap business objects and user management categories: See screen _2
    10.   When I created the system and test the connection error occurred: See screen_3
    This issue is important enough. I would be grateful for opinions and ideas. Thanks in advance.

    Did you find a solution?

  • How to move files from one folder to another folder in webdynpro java for sap portal

    Dear Experts,
    I wan to move files from one folder to another folder in SAP portal 7.3 programmatically in webdynpro java.
    My requirement is in my portal 1000 transport packages is their. Now i want to move 1 to 200 TP's into Archive folder.
    Can you please help me how to do in through portal or wd java ...
    Regards
    Chakri

    Hello,
    Do you know what the difference between copying a file this way :
    ** Fast & simple file copy. */
    public static void copy(File source, File dest) throws IOException {
    FileChannel in = null, out = null;
    try {         
    in = new FileInputStream(source).getChannel();
    out = new FileOutputStream(dest).getChannel();
    long size = in.size();
    MappedByteBuffer buf = in.map(FileChannel.MapMode.READ_ONLY, 0, size);
    out.write(buf);
    } finally {
    if (in != null) in.close();
    if (out != null) out.close();
    ================SECOND WAY============
    AND THIS WAY:
    // Move file (src) to File/directory dest.
    public static synchronized void move(File src, File dest) throws FileNotFoundException, IOException {
    copy(src, dest);
    src.delete();
    // Copy file (src) to File/directory dest.
    public static synchronized void copy(File src, File dest) throws IOException {
    InputStream in = new FileInputStream(src);
    OutputStream out = new FileOutputStream(dest);
    // Transfer bytes from in to out
    byte[] buf = new byte[1024];
    int len;
    while ((len = in.read(buf)) > 0) {
    out.write(buf, 0, len);
    in.close();
    out.close();
    And which is better? I read up on what each kind of does but still a bit unclear as to when it is good to use which.
    Thanks in advance,
    JavaGirl

Maybe you are looking for

  • Automatic TO creation for Mvt 311

    Hi, I am facing issue while doing Stock transfer between 2 Sloc. TO is not automatically getting created once i do stock transfer in MB1B for mvt 311. I checked Tcode OMKX,OMKY,OMKZ, in all of them "A" is maintained in Automatic TO field. Kindly let

  • Freight charges should not add to Material Cost

    Dear All, We are maintaining the Freight Charges condition in Pricing Procedure for Stock Transport Order process, as per SAP standard the Freight charges will add to the Material Cost for receiving Plant. But we dont want to add the Freight Charges

  • Can't install Photoshop CS3 on Windows XP SP3

    Hello, I recently have reformated my machine and installed XP SP3 sadly now, I can't install Photoshop CS3, when I double-click on Setup.exe, it show me a small bar/dialog which tells me it's extracting files, but after that, NOTHING HAPPENS I left i

  • How to show a negative value in diffenet color in af:inputText inlineStyle

    Hi Friends, i am facing a problem with <af:inputText /> in Jheadstart. i want to show a value in red color, if that value get's into the negative value in <af:inputText />. I was tyring with following code using inlineStyle attribute in af:inputText

  • Unable to connect to essbase server with Smart View

    Hi, I'm having trobules connecting Smart View in order to make some adhoc analysis, however I could perfectly establish connection with Planning and navigate through web forms in excel. The address I'm using to connect to Essbase is: http://<server>: