Skip to Content
avatar image
Former Member

Random Passwords at initial load

Hi IdM Gurus,

I have a custom script to genrate random passwords at initial load from AD. I'm storing the random password to MX_PASSWORD and MX_ENCRYPTED_PASSWORD. When I tried to log into IdM UI for self-service tab using that random password it is failing, how ever if I define a global constant a DEFAULT_PASSWORD and set that value to MX_PASSWORD and MX_ENCRYPTED_PASSWORD it is working. Why does it fail when I call the password string from the script.

MX_PASSWORD $FUNCTION.custom_initializePassword()$$

MX_ENCRYPTED_PASSWORD $FUNCTION.sap_core_encryptPassword(%MX_PASSWORD%)

Not sure if I'm calling it the right way.

Thanks,

Joe.P

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 20, 2011 at 03:05 PM

    Try to see the value of the password before it is written to DB by placing something like

    uErrMsg(1, "my pwd=" + the_pwd_variable_you_are_using)

    to your custom_initializePassword script and then check job log.

    And if you create an user from the UI, are you able to log-on with that user? So the encrypting the password works correctly? (Just trying to understand/limit the scope of the issue.)

    Edited by: pasikuikka on Oct 20, 2011 5:06 PM

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Matt,

      Yes; very true! Like you said, checking the Keys.ini file might be the best bet, or even just regenerating the scripts or recreating the task; Yes, those things can often fix strange behavior within IDM.

      Joe,

      Like Matt sugested, you might want to try validating your keys.ini file to see that everything is in order and that the same key entry is being used; apart from that just try recreating the task from scratch or removing and re-adding the SAP Provisioning framework, so as to regenerate the supplied scripts.

      Thanks and Best regards,

      Sandeep

  • avatar image
    Former Member
    Oct 20, 2011 at 08:24 AM

    Hi Joe,

    Try doing it this way: Create a To Identity Store Pass prior to the one where you set MX_PASSWORD and MX_ENCRYPTED_PASSWORD and within the pass write the random password to an attribute for temporary storage, like:

    TEMP_PWD  $FUNCTION.custom_initializePassword()$$
    

    and in your original pass, change it to this:

    MX_PASSWORD %TEMP_PWD%
    MX_ENCRYPTED_PASSWORD %TEMP_PWD%
    

    There can sometimes be problems when trying to read from an attribute you wrote to within the same pass.

    Let me know if that works!

    Cheers,

    Sandeep

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Joe,

      OK; just as a sanity check try changing the main pass to this:

      MX_PASSWORD      testpassword
      MX_ENCRYPTED_PASSWORD      testpassword
      

      then try logging in with "testpassword"; if that works then the problem lies with your random password generator script.

      Cheers,

      Sandeep

  • avatar image
    Former Member
    Oct 20, 2011 at 05:03 PM

    not able to read the attribute set in the previous pass. how do I store the password before it's encrypted.

    Thanks,

    Joe.P

    Edited by: Joe Padidham on Oct 20, 2011 7:04 PM

    Add comment
    10|10000 characters needed characters exceeded