on 07-01-2009 11:25 AM
Hi,
I'm working on SAP NW IDM 7.1
I'm trying to create a user from web interface but when i provide the unique name and password i get following error :"Could not set value for attribute MX_ENCRYPTED_PASSWORD" I have enabled the password provisioning.
without the password enabling it works fine but doesnt set any value in MX_ENCRYPTED_PASSWORD.
any encrption key problem???
Thanks,
Sunil
Hi Sunil,
do you have the right path to the keys.ini-file, located within your identity center installation directory? Your J2EE engine must have access to this file, and the path has to be entered within the "Visual Admin".
May be that helps
kind regards,
Achim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
>
> Hi Sunil,
>
> do you have the right path to the keys.ini-file, located within your identity center installation directory? Your J2EE engine must have access to this file, and the path has to be entered within the "Visual Admin".
>
> May be that helps
>
> kind regards,
> Achim
Hi Sunil
This post from Achim was the solution for us when we hit this error.
1. Establish first that keys.ini was stored in <installation directory>\KEY\keys.ini , as per IdM Security Guide
2. Follow installation UI guide (Installing and configuring the Identity
Management User Interface) "Configuring the JMX layer":
To alter the configuration, you do the following:
1. Start the Visual Administrator.
2. Select the "Cluster" tab.
3. Go to Server\Services\Configuration Adapter.and enter Editing mode
4. In the right pane, go to apps\sap.com\tcidmjmx~app\appcfg and open
Propertysheet application.global.properties.
In the Custom Field add in the path to your keys.ini file, then choose "Apply Custom"
Above instructions are for AS Java as of 7.0, looks slightly different in EHP1 for CE 7.1, but same concept
Cheers,
Gents,
Sorry to bring this back up but I'm having the same issue. The link provided might have been a solution to some but I had already gone over those settings.
In any case, I used the Task from the Custom Web Enabled Tasks, Create Identity. I turned on the MX_PASSWORD (otherwise it didn't pop up) and for all I can see the encryption only happens in the Add Password job using a script: $FUNCTION.sap_encryptPasswordMD5()$$. But the task doesn't even get there (no logs created on prior jobs or that one).
Anyone have any ideas?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In the Create User UI Task, add an action task which sets the MX_PASSWORD and MX_ENCRYPTED_PASSWORD attributes
In the To Identity Store Pass use the following mappings
mskeyvalue %mskeyvalue%
MX_ENCRYPTED_PASSWORD $FUNCTION.sap_encryptPassword()$$
MX_PASSWORD $FUNCTION.sap_encryptPasswordMD5()$$
changeType modify
This causes the system to generate a password. Note we haven't got the MX_PASSWORD field in our Create User UI Task
For Password Reset adding the MX_PASSWORD to the UI is all that's required. When set from the UI the password policy is invoked and the appropriate tasks mapped on the Password Policy Tab of the Identity Store Configuration are triggered. You need to tick Enable password provisioning.
From the Help file:
Select this check box to specify that a two-way encrypted version of the password (MX_ENCRYPTED_PASSWORD) should be stored separately to be used for password provisioning. This is in addition to the hashed password (MX_PASSWORD), which is used for authentication.
Under the section General - Event Handling there is no documentation describing these three event fields - but I think they are linked to the MX_PASSWORD attribute events. We're not currently using the other two Event Handling tasks for Change Password and Disable Account.
We've linked out AD password change tasks to the General - Event Handling - Modify task.
I hope this helps.
Hello,
If you want to use the password provisioning for IC then you have to use the MX_PASSWORD.
For provisioning the password to AD or Sun One Directory, use the MX_ENCRYPTED_PASSWORD as shown below.
userpassword $FUNCTION.Getpwd(%MX_ENCRYPTED_PASSWORD%)$$
where the function can be :
function Getpwd(Par){
if (Par.length < 1) {
return "pwd";
} else {
return UserFunc.uDESDecrypt("",Par);
}
}
Hi,
Please check the folllowing "Password Policy"
http://help.sap.com/saphelp_nwidmic71/en/dse.htm#mc/dse_enable_password_provisioning.htm
Thanks,
Sridhar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.