on 06-04-2015 11:29 AM
Good day,
We've just noticed something on some of our DevTest SAP systems (AS ABAP, but different versions) which we hadn't noticed before and were wondering whether or not it was normal.
If we create a user (using "SU01") and assign them an initial password, when they log in through SAP GUI then they are prompted to change their password and the new password is set. This is perfectly fine, exactly what we'd expect.
However, if a user with an initial password logs in to any web service (E.g. "/sap/bc/gui/its/webgui"), they're prompted to change the password but the new password is not accepted. There's a message, something like "New password not allowed", and a "Continue" button; if the user clicks "Continue", they're taken to the web service page, logged in, as usual; however their password will have been deactivated, so once they've logged off, they cannot log back in.
That doesn't seem right ... For a start, it's inconsistent with using SAP GUI ...
Is this expected behavior (E.g., a bug, something addressed by a SAP note, some configuration parameter we've forgotten to set somewhere, ...)?
Many thanks, and regards,
Hey Tristram,
No that definitely isn't expected behavior. The WEBGUI should do the same as the SAP PC GUI.
At least that's how ours works. We've been on versions 7.31 and 7.40 for our various abap systems, and I've never seen the behavior you are talking about. Also, when we were on 7.02 I never noticed the webgui perform like that.
What versions are you running? that would help to know that. and screenshots showing every you described.
NICK
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
It looks like the issue described in note 2112577.
Thanks.
Jim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Many thanks for the helpful replies everybody.
As soon as I get a chance, I'll snapshot the error and include some version information. I'll also try using the SM50 logon trace, and check out that other SCN thread. Unfortunately I'm completely tied up in other things at the moment, and this (while mildly irritating) isn't top priority, so it may be a little while before I have the chance to do so though.
But again, many thanks everyone, and I'll update this thread as soon as I've had a chance to try your helpful suggestions.
Cheers,
Tris.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
please check the value of parameter login/password_hash_algorithm as well. Indefinite behaviour at password changing may happen, if an incorrect value is used.....
Trap here:
the value of saltsize must be divisable by 8.
Example for a vlaid value:
login/password_hash_algorithm = encoding=RFC2307, algorithm=iSSHA-384, iterations=7500, saltsize=96
Example for an invalid value:
login/password_hash_algorithm = encoding=RFC2307, algorithm=iSSHA-384, iterations=7500, saltsize=97
Reference notes: 2076925 , 991968
b.rgds, Bernhard
See if this helps:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tristam,
You can use the SM50 logon trace, as mentioned in SAP note 495911, to verify what is happening when you try to change the password via WEBGUI.
Regards,
Cris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.