cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password for backend is deactivated for user

Former Member

on ‎07-31-2009 11:50 AM

0 Kudos

Hi

A mail is sent to the approver for approving the request. When user clicks a webdynpro application called up and RFC is executed which approves the request. We are using SSO based JCOs for the same.

Now my question is what will happen

1) if the backend user is locked

2) if the password for the user is deactivated

Will my SSO jcos work or will it thorw an error?

Abhinav

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎08-02-2009 1:03 AM
0 Kudos

HI Abhinav,

The SSO you are using should be a Logon Ticket SSO. Here, only the user id is encrypted (as a cookie) from EP and sent to ECC for validation. Password is not sent. There is already a trust which is established between EP and ECC, hence password is irrelevant.

Hope this answers your question

Srini

Show replies
Show replies
former_member197348
Active Contributor
‎07-31-2009 12:41 PM
0 Kudos

Hi Abhinav,

If the backend user is locked or deactivated or expired you will get exception. But by seeing the message you can understand the problem that user is locked or password expired or incorrect password in JCO

e.g. the exception is like this if user is locked: 

Caused by: com.sap.mw.jco.JCO$Exception: (103) RFC_ERROR_LOGON_FAILURE: User is locked. Please notify the person responsible

Regards,

Siva

Show replies
Show replies
Abhinav_Sharma
Contributor
‎07-31-2009 12:47 PM
0 Kudos

Thanks all..

In my case SSO is working even when password is deactivated and I am still not clear why it is happening?

Abhinav

Former Member
‎07-31-2009 1:23 PM
0 Kudos

Hi,

The SSO is working fine even your password is deactivated because in SSO it will check with the user id mapping in portal and R/3 system but it has nothing to do with the password.

In this case it will check wether the user id of both portal and R/3 system are unique or not.

Hope this gives you some idea..

Regards,

Saleem

Former Member
‎07-31-2009 1:52 PM
0 Kudos

Hi,

Check the parameter login/password_change_for_SSO value in RZ11 of R/3.

And below documentation:

http://help.sap.com/erp2005_ehp_04/helpdata/EN/6a/3faf42ede3b911e10000000a1550b0/content.htm

Regards,

Charan

Former Member
‎08-04-2009 3:43 PM
0 Kudos

hi

SSO still work,even if you deactivate password if you use SSO with Logon Ticket.

There are basically two types in SSO.

SSO with SAP Logon Ticket

SSO with User ID and password (User Mapping)

For Logon Ticket ..

Users need to have same userids but not passwords.

Logon ticket contains following properties.

Highest Authentication Scheme

Validity

Issuing System

Digital Signature

One Mapped ABAP User ID

User ID

It doesn't contain the password

Regards

sowmya

Former Member
‎07-31-2009 11:59 AM
0 Kudos

Hi Abhinav,

I think in your first case i,e

1) If the backend user is locked

Yes in this case SSO will not work and Obvioiusly the JCO destination will not work. We faced this problem in my project.

2) I dont have idea on your second case but i think SSO will work, and if SSO works JCO destination should work

if the password for the user is deactivated.

You can test wether the SSO configuration is working or not in both the cases by running a sap transaction in System Administration -- > System configuration --> Support --> SAP appplication

This is just as per my thinking....

Regards,

Saleem

Show replies
Show replies
Ask a Question