Skip to Content
avatar image
Former Member

NW ABAP change password (from initial) working in SAP GUI but not web?

Good day,

We've just noticed something on some of our DevTest SAP systems (AS ABAP, but different versions) which we hadn't noticed before and were wondering whether or not it was normal.

If we create a user (using "SU01") and assign them an initial password, when they log in through SAP GUI then they are prompted to change their password and the new password is set.  This is perfectly fine, exactly what we'd expect.

However, if a user with an initial password logs in to any web service (E.g. "/sap/bc/gui/its/webgui"), they're prompted to change the password but the new password is not accepted.  There's a message, something like "New password not allowed", and a "Continue" button; if the user clicks "Continue", they're taken to the web service page, logged in, as usual; however their password will have been deactivated, so once they've logged off, they cannot log back in.

That doesn't seem right ...  For a start, it's inconsistent with using SAP GUI ...

Is this expected behavior (E.g., a bug, something addressed by a SAP note, some configuration parameter we've forgotten to set somewhere, ...)?

Many thanks, and regards,

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 18, 2015 at 05:16 PM

    Hey Tristram,

    No that definitely isn't expected behavior.  The WEBGUI should do the same as the SAP PC GUI.

    At least that's how ours works.  We've been on versions 7.31 and 7.40 for our various abap systems, and I've never seen the behavior you are talking about.  Also, when we were on 7.02 I never noticed the webgui perform like that.

    What versions are you running?  that would help to know that.  and screenshots showing every you described.

    NICK

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 01, 2015 at 07:41 PM

    Hi Tristam,

    You can use the SM50 logon trace, as mentioned in SAP note 495911, to verify what is happening when you try to change the password via WEBGUI.

    Regards,

    Cris

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 02, 2015 at 05:24 AM
    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jul 02, 2015 at 08:29 AM

    Many thanks for the helpful replies everybody.

    As soon as I get a chance, I'll snapshot the error and include some version information.  I'll also try using the SM50 logon trace, and check out that other SCN thread.  Unfortunately I'm completely tied up in other things at the moment, and this (while mildly irritating) isn't top priority, so it may be a little while before I have the chance to do so though.

    But again, many thanks everyone, and I'll update this thread as soon as I've had a chance to try your helpful suggestions.

    Cheers,

    Tris.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      please check the value of parameter login/password_hash_algorithm as well. Indefinite behaviour at password changing may happen, if an incorrect value is used.....


      Trap here:

      the value of saltsize must be divisable  by 8.

      Example for a vlaid value:

      login/password_hash_algorithm = encoding=RFC2307, algorithm=iSSHA-384, iterations=7500, saltsize=96

      Example for an invalid value:

      login/password_hash_algorithm = encoding=RFC2307, algorithm=iSSHA-384, iterations=7500, saltsize=97



      Reference notes: 2076925 , 991968

      b.rgds, Bernhard

  • Jul 07, 2015 at 09:17 AM

    Hi,

    It looks like the issue described in note 2112577.

    Thanks.

    Jim

    Add comment
    10|10000 characters needed characters exceeded