cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password Provisioning

Go to solution
Former Member

on ‎01-25-2011 4:52 PM

0 Kudos

Hi,

i activated "Enable password provisioning" in the identity store.

How to find out which password was created for a new identity?

Users can´t get it by e-mail. This is not defined yet.

My second problem contains to the "Password reset task"

When i try to reset an userpassword with the task create like described in "Implementation Guide - Self-service password reset" i get an error message "Could not set value for attribute MX_ENCRYPTED_PASSWORD".

I found this thread but it didn´t help me a lot.

Bg,

Philip

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-26-2011 9:46 AM
0 Kudos

Did you set the path to your keys.ini in the Visual Admin?

Show replies
Show replies
Former Member
‎01-26-2011 10:12 AM
0 Kudos

Hi,

And we found this "path" to the keys.ini should include the file name keys.ini

Hope this is helpful?

Ian

Former Member
‎01-26-2011 11:18 AM
0 Kudos

I think it isn´t solved yet.

We use NW 7.2.

In NWA i just can type in a user defined value for com.sap.idm.jmx.crypt.keyfile --> "D:Keys.ini" (coppied the file to this location of course)

What iam doing wrong? Should we restart the AS Java?

Former Member
‎01-26-2011 4:16 PM
0 Kudos

Restarting the IDM App should be enough.

Former Member
‎01-31-2011 4:49 PM
0 Kudos

Problem solved i think.

Copied the "Keys.ini" from my local machine where the ic and the dispatcher is running to the server and corrected the path in NWA.

Thank you for replies!

Answers (3)

Answers (3)

Former Member
‎09-27-2011 12:38 PM
0 Kudos

Hi,

Where you able to fix this problem? If so what was the problem on your end.

Thanks,

Joe.P

Show replies
Show replies
Former Member
‎02-08-2011 9:52 AM
0 Kudos

Problem not solved yet

Show replies
Show replies
Former Member
‎02-08-2011 9:59 AM
0 Kudos

Hi again,

now IC runs on my server directly, created a new keys.ini file and linked it in nwa to the path.

So no more errors coming up with MX_ENCRYPTED_PASSWORD.

My next problem now is, when i create a new user and get the mail with username and password, the password which is shown in the e-mail does not work --> "User authentication failed".

The same problem when i reset the password of an existing user.

Any idea whats wrong?

Br,

Philip

former_member2987
Active Contributor
‎02-08-2011 12:51 PM
0 Kudos

Philip,

When you write the password to MX_ENCRYPTED_PASSWORD are you encrypting the password via the uDESEncrypt function?

Matt

Former Member
‎02-08-2011 1:03 PM
0 Kudos

Hi Matt,

on "Create Identity" task in the "Add Password" pass, MX_ENCRYPTED_PASSWORD got the value "$FUNCTION.sap_encryptPassword()$$" and MX_PASSWORD "$FUNCTION.sap_encryptPasswordMD5()$$"

In jscript sap_encryptPassword "pwd = UserFunc.uDESEncrypt("", password);

In jscript sap_encryptPasswordMD5 "pwd = UserFunc.uMD5(password)

So i think it is used

In the "Reset task" i can´t really find the definition. I implemented the task like described in "Implementation Guide

- Self-service password reset"

Br,

Philip

former_member2987
Active Contributor
‎02-08-2011 1:29 PM
0 Kudos

Philip,

I'm wondering if you are comparing like values in your workflow.

If you are comparing the password using: 

UserFunc.uMD5(password)

You need to similarly hash the value you are comparing, otherwise you're comparing something like P@$$W0rD to $#!3r1r31WS which of, course, would not work.

The same thing needs to happen in you use: 

UserFunc.uDESEncrypt("", password)

Either compare both in the encrypted state or unencrypted.

Matt

Former Member
‎02-08-2011 2:05 PM
0 Kudos

Matt,

this was of course not the full coding:

// Main function: sap_encryptPassword
// use global variable which is set in initialization script
//	in sap_initializePassword()
var password;
var passwordDisabled;
function sap_encryptPassword(Par){
	var pwd;
	if (passwordDisabled == 1)
	{
		pwd = "";
	}
	else
	{
	  	pwd = UserFunc.uDESEncrypt("", password);
	  	//UserFunc.uErrMsg(1, "EncryptPassword: " + password + " 2: " + pwd );
	}
	return pwd;
}

// Main function: sap_encryptPasswordMD5
// use global variable which is set in initialization script
//	in sap_initializePassword()
var password;
var passwordDisabled;
function sap_encryptPasswordMD5(Par){
	var pwd;
	if (passwordDisabled == 1)
	{
		pwd = "";
	}
	else
	{
	  	pwd = UserFunc.uMD5(password)
	  	//UserFunc.uErrMsg(1, "MD5EncryptPassword: " + password + " 2: " + pwd );
	}
	return pwd;
}

Former Member
‎01-26-2011 9:01 AM
0 Kudos

Hi Philip,

The standard solution is on Identity creation the user is emailed the password. If this is no good for you, you have a couple of options.

1) Set all the passwords the same by hardcoding a value in the custom_Initializepassword script - ok for testing

2) Get IdM to create a file of new users and their passwords so you can then distribute it - better for production

Hope this is helpful?

Cheers,

Ian

Show replies
Show replies
Ask a Question