I have a situation in my landscape that recently, after patching the system to NW700 SPS23, some users would enter their logon and password correctly and then get confronted with an additional security screen requesting their firstname, lastname, email address and a message for the administrator (as if they were trying to perform self registration). They would kindly enter the requested information and it would pop up again and again, preventing use of the system. This doesn't happen to everyone though and appears to be in some way related to the URL the user was using.

I set logging to debug and could not find any trace of an error in the java logs when this occured. Ultimately, I provded a cleaner URL string (http://<server>:<port>/useradmin for example), had the user clear their browser cache, restart IE, and then it went away for them, even when using the old dirty URL. I am 100% positive it was not password related as I could log in fine on my machine, but not on another with my own and other admin accounts.

My question is: is anyone aware of any new security features implemented in NW700 SPS22 or 23 that could be causing this problem on some front-ends? Our users use Windows 7 and IE 8. It also occured on a calling java application server running IBM Websphere and an older OS and browser. This is what has me so suspicious about the patches themeselves.

The SAP app that is running on the NW700 machine is XMII 12.0.21. Though the symptom also occurs with calls to NWA, UME, SLD, etc. I also run a 701 webdispatcher on the machine which does some url translations, but again, it works fine on most front-ends.

Regards,

Phillip