Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dont want password change with SSO login ?

Go to solution
Former Member

‎10-30-2009 10:39 AM

0 Kudos

Hello,

i have following problem.

We have an portal and jump with SSO ticket to the backend system BW (ABAP + JAVA).

Login with SSO works fine.

The mainly users are portal user and we dont want that password change screen comes wenn expire after 90 days.

For sapgui user it is ok.

So we put the paramter login/password_change_for_SSO= 0 into ABAP instanz and after password expire SSO login for example to ICM works fine without complaining to change passwor.

The portal users are jumping to the java instance of BW backend. User management of java is in the abap instance.

When passwor expire the user become screen to change password.

We dont want that like !!!

I thought that the parameter login/password_change_for_SSO= 0 works also vor java because they have same

user management ihn abap.

Does anybody head same problem ?

Solution ?

Regards. H.Thauer

1 ACCEPTED SOLUTION

Go to solution
tim_alsop
Active Contributor

‎10-30-2009 10:56 AM

0 Kudos

Have you tried changing the UME property called ume.logon.force_password_change_on_sso. The default for this property is true, so you could try changing it to false.

Thanks,

Tim

4 REPLIES 4

Go to solution
tim_alsop
Active Contributor

‎10-30-2009 10:56 AM

0 Kudos

Have you tried changing the UME property called ume.logon.force_password_change_on_sso. The default for this property is true, so you could try changing it to false.

Thanks,

Tim

Go to solution
Former Member

‎11-02-2009 7:15 PM

0 Kudos

Hello,

i changed the parameter ume.logon.force_password_change_on_sso to fales an now it is working.

But now i have some other side effect. Wenn i create an new account ihn the backend BW system with

initial Password, the system does not prompt to change initial password !

I want that when i come from portal with SSO system only ask to change passwor if initial ?

If there is no solution i will open an oss call.

Thanks and regard H.Thauer

Go to solution
tim_alsop
Active Contributor
In response to Former Member

‎11-02-2009 7:19 PM

0 Kudos

Heinrich,

Surely if you are using SSO (e.g. external authentication) then you don't want a user to be able to change their password in the back-end BW system ? Instead, the users password which they use to authenticate with before logging on to portal will be all that is needed - the backend system needs to recognise SSO2 ticket only and not userid+password.

Thanks,

Tim

Go to solution
Former Member
In response to Former Member

‎11-02-2009 10:12 PM

0 Kudos

Have you seen SAP Note 869218 and the discussions here around this SSO from Java systems to backend ABAP user stores?

The same note number is a good search term and check your release and SP levels.

If you give the users this option, then it might be advisable to still delete an idle productive password at some point... this is however a global setting for all users in all clients.

Cheers,

Julius