cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO and initial password

Former Member

on ‎01-04-2009 4:23 PM

0 Kudos

Hi all,

how can I allow a user with initial password in SU01 to logon on to portal without getting the login prompt screen ?

I've set the parameter login/password_change_for_SSO=0 but then I read that this parameter is relevant only to abap side.

I've read several notes 441452, 869218 but non of them to my version. I'm using BI SP16.

Please advice,

Dimitry Haritonov

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-04-2009 7:29 PM
0 Kudos

When is the logon prompt happening? The portal will ask you for a password everytime you logon unless you setup something like Kerberos based authentication, which will use the Windows logon details.

Show replies
Show replies
Former Member
‎01-11-2009 3:36 PM
0 Kudos

Dear Michael,

we have configured SSO between BW and portal that is working correctly. The only problem is with the new DIALOG users, when we create new users in ABAP side they get initial password. When they have initial password the SSO to the portal doesn't work, It asks them to change the password ONLY FOR THE FIRST TIME. After the password is "productive" (not initial) the SSO works perfectly.

We want to get rid of the "first time logon problem", do you familiar with the symptom ?

Please advice,

Dimitry Haritonov

Former Member
‎01-11-2009 7:17 PM
0 Kudos

In the ABAP system, disable the password (not the user!) and they will not be prompted...

Former Member
‎01-13-2009 7:17 AM
0 Kudos

thanks it is original way, is this an official way to prevent the initial password change ? (is there a note ?)

Former Member
‎01-13-2009 7:32 AM
0 Kudos

Fully supported! Check help.sap.com for password disable...

Former Member
‎01-13-2009 9:19 AM
0 Kudos

I'll consider this solution ...

is there something else that we can do? (it will be hard to us to deactivate the password and change our way of work ...0

Former Member
‎01-13-2009 11:18 AM
0 Kudos

You could write an ABAP program that sets the flag that fools ABAP into thinking the user has changed their password. Completely undocumented!

Former Member
‎01-15-2009 12:03 PM
0 Kudos

I've found more elegant way:

enter configtool and navigate to: Global Server Config -> services -> com.sap.security.core.ume.service

and set ume.logon_force_password_change_on_sso = FALSE and restart J2EE.

this will disable the prompt for changing password while your DIALOG user has initial password in SU01 !!!

Former Member
‎01-15-2009 12:17 PM
0 Kudos

I'm not sure if this parameter relates to a backend system. The doco says that it relates to the requiremnt to change the portal password...

When TRUE, the system always forces users to change their passwords (when the passwords expire or are reset). 
When FALSE, the system only forces password changes during password authentication. When using other authentication methods the system never forces a password change.

Former Member
‎01-15-2009 12:28 PM
0 Kudos

I've implemented and tested this option. It works for me.

Former Member
‎01-15-2009 12:39 PM
0 Kudos

Interesting! I'm not sure how an ABAP system knows that this flag has been set when the UME is not ABAP...

Former Member
‎01-15-2009 12:53 PM
0 Kudos

our UME in portal is ABAP.

we use SPNEGO to SSO with portal

Ask a Question