on 01-06-2011 6:54 PM
Hi All,
CUP Password Reset is requiring users to enter user ID and password before resetting the password. Basically, if a user forgets his password, he needs to enter his password to reset it (in other words, it doesn't work).
Anyone have thoughts on how to resolve this?
I'm running GRC AC 5.3 SP12.
CUP is only password reset functionality.
No LDAP is connected.
User Master Source is SAP UME.
Authentication Source is SAP UME.
Thanks,
Pete
turn off user authentication then no password will be required when using CUP.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Frank,
I understand your point but unfortunately LDAP isn't a viable option until I've exhausted all others.
Any thoughts?
- Pete
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Pete,
the basic premise is that it's probably a good idea to know that the person you're resetting the password for is who he/she claims to be.
Therefore you'll need to authenticate them one way or another - LDAP is good for that from the premise that if you're able to logon to the Windows domain it should be ok to reset the SAP password(s) for that user.
If you have no good way to authenticate a user I wouldn't recommend resetting their password.
Frank.
Why not?
You can configure CUP not to require login and use challenge response for resets.
In my opinion this is the least preferrable option, as it requires every user to register and will move support effort from resetting passwords to resetting password questions, which users tend to forget just as often.
It also leaves the possibility for imposters to register (as you don't require a login...) which allows you to reset any password if you're fast enough...
I'm sticking to my recommendation - LDAP authentication is the best option.
Frank.
Chinmaya,
Excellent question. LDAP isn't an option due to the cost. Password resets is the only CUP functionality in use therefore my client doesn't see enough benefit to move forward.
Two systems available for authentication are the SAP UME or SAP ECC production client. However, both of these have been unsuccessful in resolve my issue.
- Pete
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Peter,
Any specific reason why you dont want to connect the LDAP? People can authehticate with their network credentials that ways. You need atleast one system from ehich a user can authenticate.
Thanks,
Chinmaya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.