cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CUP Password Reset funtionality requires users to login using password

Former Member

on ‎01-06-2011 6:54 PM

0 Kudos

Hi All,

CUP Password Reset is requiring users to enter user ID and password before resetting the password. Basically, if a user forgets his password, he needs to enter his password to reset it (in other words, it doesn't work).

Anyone have thoughts on how to resolve this?

I'm running GRC AC 5.3 SP12.

CUP is only password reset functionality.

No LDAP is connected.

User Master Source is SAP UME.

Authentication Source is SAP UME.

Thanks,

Pete

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎01-07-2011 11:43 AM
0 Kudos

turn off user authentication then no password will be required when using CUP.

Show replies
Show replies
Former Member
‎01-06-2011 7:59 PM
0 Kudos

Hey Frank,

I understand your point but unfortunately LDAP isn't a viable option until I've exhausted all others.

Any thoughts?

- Pete

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎01-10-2011 7:42 AM
0 Kudos

Pete,

the basic premise is that it's probably a good idea to know that the person you're resetting the password for is who he/she claims to be.

Therefore you'll need to authenticate them one way or another - LDAP is good for that from the premise that if you're able to logon to the Windows domain it should be ok to reset the SAP password(s) for that user.

If you have no good way to authenticate a user I wouldn't recommend resetting their password.

Frank.

Former Member
‎01-11-2011 10:11 AM
0 Kudos

That's what the response challenge should be used for. The way the passwort reset function is designed doesn't make much sense to me too.

koehntopp
Product and Topic Expert
Product and Topic Expert
‎01-11-2011 11:02 AM
0 Kudos

Why not?

You can configure CUP not to require login and use challenge response for resets.

In my opinion this is the least preferrable option, as it requires every user to register and will move support effort from resetting passwords to resetting password questions, which users tend to forget just as often.

It also leaves the possibility for imposters to register (as you don't require a login...) which allows you to reset any password if you're fast enough...

I'm sticking to my recommendation - LDAP authentication is the best option.

Frank.

Former Member
‎01-06-2011 7:33 PM
0 Kudos

Chinmaya,

Excellent question. LDAP isn't an option due to the cost. Password resets is the only CUP functionality in use therefore my client doesn't see enough benefit to move forward.

Two systems available for authentication are the SAP UME or SAP ECC production client. However, both of these have been unsuccessful in resolve my issue.

- Pete

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎01-06-2011 7:55 PM
0 Kudos

How exactly is LDAP not an option "due to the cost"?

I assume your users logon to their PCs via ActiveDirectory. This can be connected to CUP and used for authentication at no cost at all.

Frank.

Former Member
‎01-06-2011 7:14 PM
0 Kudos

Hi Peter,

Any specific reason why you dont want to connect the LDAP? People can authehticate with their network credentials that ways. You need atleast one system from ehich a user can authenticate.

Thanks,

Chinmaya

Show replies
Show replies
Ask a Question