Skip to Content

IAS: Provisioned User cannot login

Hi,

I used the SCP Identity Provisioning Service to copy the users from an SAP ABAP to the SCP Identity Authentication Service. The user was created correctly, but he is not able to login.

I created an initial password in the IAS, but it did not help, no login possible.

If i enter an incorrect password in the login form, the counter for failed login attempts does not increase.

If i us the "forgot password" button, i receive an email with the reset-password-link. When i enter my new password and press send (in the password-reset-form) i am logged in and i can see the IAS-user detail screen. When i log off and try to log in again, its again not possible to login.

I could not see any differences to an manually created IAS-user, but this user could login normally (including the "set first password" form).

I don´t know what could be wrong.

For the Provisioning service i used the standard transformations without changing anything.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Mar 14 at 01:17 PM

    Hello,

    can you check if the transformation of the target system (IAS) contains the following section:

    {
    "constant": "39",
    "targetPath": "$.sourceSystem",
    "scope": "createEntity"
    },

    If yes, remove the section and try provisioning again.

    Kind regards

    Add comment
    10|10000 characters needed characters exceeded

    • Hi experts,

      I'm a newbie in this.

      As I understand when you provision users in the IAS , the password must be stored in the IAS otherwise it's not possible to logon right?

      It's not possible to authenticate the user with password from the backend (ECC) ?

      Kinds regards,

      Vo

  • avatar image
    Former Member
    Mar 30 at 11:36 AM

    Hello Tim,

    For user type “employee” we could change the password source – AD or IAS.

    This code in transformation set AD as a source for the password. If the password for the user is stored in AD, this code must exist

    { 
      "constant": "39", 
      "targetPath": "$.sourceSystem", 
      "cope": "createEntity"  
    }

    If the password for the user is stored in IAS, this code must be removed from transformation or "Corporate User Store" must be configured in IAS to reuse/check the password in AD.

    If the user type is “public” then IAS is used as password store by default.

    The IPS documentation will be updated as well.

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 30 at 03:29 PM

    Hello colleagues,

    Thanks for the answers! The IPS documentation for the IAS scenario is now updated. See: SAP Cloud Platform Identity Authentication => section Remember in the end. You may need to expand the page width to see all the 4 cases (columns).

    Kind regards, Gergana

    Add comment
    10|10000 characters needed characters exceeded