cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Could not set value for attribute MX_ENCRYPTED_PASSWORD

Former Member

on ‎07-01-2009 11:25 AM

0 Kudos

Hi,

I'm working on SAP NW IDM 7.1

I'm trying to create a user from web interface but when i provide the unique name and password i get following error :"Could not set value for attribute MX_ENCRYPTED_PASSWORD" I have enabled the password provisioning.

without the password enabling it works fine but doesnt set any value in MX_ENCRYPTED_PASSWORD.

any encrption key problem???

Thanks,

Sunil

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎12-07-2010 4:23 PM
0 Kudos

Hi Sunil,

do you have the right path to the keys.ini-file, located within your identity center installation directory? Your J2EE engine must have access to this file, and the path has to be entered within the "Visual Admin".

May be that helps

kind regards,

Achim

Show replies
Show replies
Former Member
‎01-12-2011 1:48 AM
0 Kudos

> 

> Hi Sunil,
> 
> do you have the right path to the keys.ini-file, located within your identity center installation directory? Your J2EE engine must have access to this file, and the path has to be entered within the "Visual Admin".
> 
> May be that helps
> 
> kind regards,
> Achim

Hi Sunil

This post from Achim was the solution for us when we hit this error.

1. Establish first that keys.ini was stored in <installation directory>\KEY\keys.ini , as per IdM Security Guide

2. Follow installation UI guide (Installing and configuring the Identity

Management User Interface) "Configuring the JMX layer":

To alter the configuration, you do the following:

1. Start the Visual Administrator.

2. Select the "Cluster" tab.

3. Go to Server\Services\Configuration Adapter.and enter Editing mode

4. In the right pane, go to apps\sap.com\tcidmjmx~app\appcfg and open

Propertysheet application.global.properties.

In the Custom Field add in the path to your keys.ini file, then choose "Apply Custom"

Above instructions are for AS Java as of 7.0, looks slightly different in EHP1 for CE 7.1, but same concept

Cheers,

former_member283791
Participant
‎11-26-2010 1:01 PM
0 Kudos

Gents,

Sorry to bring this back up but I'm having the same issue. The link provided might have been a solution to some but I had already gone over those settings.

In any case, I used the Task from the Custom Web Enabled Tasks, Create Identity. I turned on the MX_PASSWORD (otherwise it didn't pop up) and for all I can see the encryption only happens in the Add Password job using a script: $FUNCTION.sap_encryptPasswordMD5()$$. But the task doesn't even get there (no logs created on prior jobs or that one).

Anyone have any ideas?

Show replies
Show replies
paul_abrahamson_sap
Active Participant
‎11-26-2010 1:24 PM
0 Kudos

In the Create User UI Task, add an action task which sets the MX_PASSWORD and MX_ENCRYPTED_PASSWORD attributes

In the To Identity Store Pass use the following mappings

mskeyvalue %mskeyvalue%

MX_ENCRYPTED_PASSWORD $FUNCTION.sap_encryptPassword()$$

MX_PASSWORD $FUNCTION.sap_encryptPasswordMD5()$$

changeType modify

This causes the system to generate a password. Note we haven't got the MX_PASSWORD field in our Create User UI Task

For Password Reset adding the MX_PASSWORD to the UI is all that's required. When set from the UI the password policy is invoked and the appropriate tasks mapped on the Password Policy Tab of the Identity Store Configuration are triggered. You need to tick Enable password provisioning.

From the Help file:

Select this check box to specify that a two-way encrypted version of the password (MX_ENCRYPTED_PASSWORD) should be stored separately to be used for password provisioning. This is in addition to the hashed password (MX_PASSWORD), which is used for authentication.

Under the section General - Event Handling there is no documentation describing these three event fields - but I think they are linked to the MX_PASSWORD attribute events. We're not currently using the other two Event Handling tasks for Change Password and Disable Account.

We've linked out AD password change tasks to the General - Event Handling - Modify task.

I hope this helps.

Former Member
‎12-01-2010 9:46 AM
0 Kudos

Hello,

If you want to use the password provisioning for IC then you have to use the MX_PASSWORD.

For provisioning the password to AD or Sun One Directory, use the MX_ENCRYPTED_PASSWORD as shown below.

userpassword $FUNCTION.Getpwd(%MX_ENCRYPTED_PASSWORD%)$$

where the function can be :

function Getpwd(Par){

if (Par.length < 1) {

return "pwd";

} else {

return UserFunc.uDESDecrypt("",Par);

}

}

Former Member
‎07-02-2009 1:17 AM
0 Kudos

Hi,

Please check the folllowing "Password Policy"

http://help.sap.com/saphelp_nwidmic71/en/dse.htm#mc/dse_enable_password_provisioning.htm

Thanks,

Sridhar

Show replies
Show replies
Ask a Question