Skip to Content

IAS: Provisioned User cannot login

Hi,

I used the SCP Identity Provisioning Service to copy the users from an SAP ABAP to the SCP Identity Authentication Service. The user was created correctly, but he is not able to login.

I created an initial password in the IAS, but it did not help, no login possible.

If i enter an incorrect password in the login form, the counter for failed login attempts does not increase.

If i us the "forgot password" button, i receive an email with the reset-password-link. When i enter my new password and press send (in the password-reset-form) i am logged in and i can see the IAS-user detail screen. When i log off and try to log in again, its again not possible to login.

I could not see any differences to an manually created IAS-user, but this user could login normally (including the "set first password" form).

I don´t know what could be wrong.

For the Provisioning service i used the standard transformations without changing anything.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Mar 14, 2018 at 01:17 PM

    Hello,

    can you check if the transformation of the target system (IAS) contains the following section:

    {
    "constant": "39",
    "targetPath": "$.sourceSystem",
    "scope": "createEntity"
    },

    If yes, remove the section and try provisioning again.

    Kind regards

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Apr 30, 2018 at 03:29 PM

    Hello colleagues,

    Thanks for the answers! The IPS documentation for the IAS scenario is now updated. See: SAP Cloud Platform Identity Authentication => section Remember in the end.

    Or go straight to the relevant Troubleshooting page: Identity Authentication: Provisioned Users Can't Log On

    Kind regards,

    Gergana

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Gergana,

      I read in documentation this:

      "If you set $.userType to "public", all passwords will be written by default in the Identity Authentication. Thus, all provisioned users will successfully log in to Identity Authentication target system."

      Does it mean that if I have the user "PIPPO" with password "12345678" in ABAP server and I provision this user to IAS, than I have a corresponding user "PIPPO" with the same password "12345678" already setted so I can access IAS/SCP without setting or resetting the password?

      Thanks and Regards

  • author's profile photo Former Member
    Former Member
    Posted on Mar 30, 2018 at 11:36 AM

    Hello Tim,

    For user type “employee” we could change the password source – AD or IAS.

    This code in transformation set AD as a source for the password. If the password for the user is stored in AD, this code must exist

    { 
      "constant": "39", 
      "targetPath": "$.sourceSystem", 
      "cope": "createEntity"  
    }

    If the password for the user is stored in IAS, this code must be removed from transformation or "Corporate User Store" must be configured in IAS to reuse/check the password in AD.

    If the user type is “public” then IAS is used as password store by default.

    The IPS documentation will be updated as well.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.