Skip to Content

Insert Button on SAP GUI Logon Screen

Hello,

is it possible to insert a button on the SAP GUI logon screen like the "new password" button?

We want to insert a button, with which the user can generate a new initial password, if he has forgotten his password.

Thanks for answers

regards

Christian

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

8 Answers

  • Oct 16, 2008 at 01:20 PM

    if my understanding is right, this would simply mean, that anyone could logon with anyone else's userid...

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 16, 2008 at 01:21 PM

    Hi,

    This is possible only when you design you own Login screen...and interface the same with SAPGUI in backend....

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      > This is possible only when you design you own Login screen...

      I would be interested in this one as well... as I am fairly sure (like as in 99,99999% sure) that there is no intended way to do this and the system will react very badly to such a modification...

  • Oct 16, 2008 at 01:46 PM

    @Eric

    after pushing the "reset password" button the user will get an email with a confirmation link.

    @AJAY

    Thank you.

    How can I do that?

    Is therefore a "how to" or a SAP help available?

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 16, 2008 at 03:46 PM

    Moved to the security forum...

    I would recommend abandoning this approach and rather investigating a password reset service as an external application which is calling a service or a user BAPI on the inside to reset passwords of selected user groups (you would for example not want the service to change it's own password, which would then subsequently stop the service...).

    You should also ensure that this application and the communication with the backend system is secured and restricted.

    Cheers,

    Julius

    Edited by: Julius Bussche on Oct 16, 2008 5:47 PM

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 16, 2008 at 04:06 PM

    >

    > Hello,

    >

    > is it possible to insert a button on the SAP GUI logon screen like the "new password" button?

    > Christian

    Please refrain from attempting to modify that dynpro.

    The module pool is intentionally marked as "system program" - it is not released for customer modifications. The risk is quite high that you (accidentially) cause a severe problem (i.e. being unable to logon to the system afterwards) - notice: it did happen, already.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 16, 2008 at 04:10 PM

    >

    > We want to insert a button, with which the user can generate a new initial password, if he has forgotten his password.

    Such "password self-services" are offered by various Identity Management solutions. Before you consider to develop your own solution (which you'll then have to maintain) you might take a look on what's available on the market ...

    Maybe a posting in the SDN group "[SAP NetWeaver Identity Management|SAP Identity Management;" makes sense.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 19, 2008 at 09:13 AM

    Hi,

    I very strictly advice to avoid of providing "Reset password" button to user, this will make any user to reset the password of other users. This is one of the security violation.

    If you want to provide option for reseting the passwords to user, you can make a custom program which can be executed by user and can reset the password for their own user, but not for others.

    Regards

    Anandm

    Add comment
    10|10000 characters needed characters exceeded

    • >

      > Hi,

      >

      > I very strictly advice to avoid of providing "Reset password" button to user, this will make any user to reset the password of other users. This is one of the security violation.

      I fully agree.

      > If you want to provide option for reseting the passwords to user, you can make a custom program which can be executed by user and can reset the password for their own user, but not for others.

      >

      > Regards

      > Anandm

      Well, I'd propose to leave the SAPGUI screen untouched but only place a comment on the logon screen (see [note 205487|https://service.sap.com/sap/support/notes/205487]) which informs the user on a URL to a web application (BSP) which provides the desired "forgotten password" self-service functionality.

      In the internet you find many examples of such "forgotten password" self-services - good ones and not so good ones. What all of them have in common is the requirement that the user has provided a valid email address or mobile number (during the account registration) which can be used for the required off-band communication. However they differentiate in the way they try to mitigate misuse: some prompt for a so-called passphrase (in most cases: the user has entered a free-text answer to a question chosen from a fixed set of predefined questions, during accoutn registration) before sending a newly created password to the email address retrieved from the user account; others generate a (random) "password change token" which they send to the email address and prompt the user to enter this "password change token" on the webpage (the account remains untouched until the correct "password change token" was entered, in most cases this is also time-restricted). I prefer the latter one.

      Cheers, Wolfgang

  • Oct 21, 2008 at 06:52 AM

    Thank you for answers!

    Can you give me some good tools (self-services) that make this possible?

    regards

    Christian

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi there,

      depends what you are looking for. NetWeaver Identity Management provides a functionality called "Password Hook" working with Microsoft Active Directory and the Netweaver Identity Center. The product provides much more you can use.

      There are also loads of dedicated non-SAP password reset and synchronization products out there on the market, I don't know if there are SAP certified ones.

      Kind regards,

      Richard