03-18-2011 4:38 PM
Our buyers' user IDs get locked in SRM SAPgui production system but they can still use single sign on to logon to SRM in the Portal. What could they be doing to lock their passwords for multiple incorrect attempts since they are logged on automatically to SRM system with their network ID? I find out about it when the buyer cannot be added as an additional approver in a shopping cart.
Thank you,
Cynthia
03-21-2011 9:34 AM
Hi,
Did you set a mandatory password change each x months or weeks ?
We had this setup and the users got locked because of this.
Our solution was to disable the users passwords. They use spnego/Kerberos SSO for HTML access and snc SSO for sapgui access.
Regards,
Olivier
03-21-2011 9:34 AM
Hi,
Did you set a mandatory password change each x months or weeks ?
We had this setup and the users got locked because of this.
Our solution was to disable the users passwords. They use spnego/Kerberos SSO for HTML access and snc SSO for sapgui access.
Regards,
Olivier
03-22-2011 6:01 PM
We will be disabling passwords for the end users in the SAPgui.
Thank you all for your input.
Best regards,
Cynthia
03-31-2011 6:54 AM
Hi Cynthia,
I am also facing a similar issue in my system (users who existed on the system prior to SSO implementation gets password change prompt even after SSO is up and running). For these users as well, I need to disable passwords.
1.Can you help me with how you disbaled passwords for many users at one go in GUI?
2. Where did you check the password state (active/de-active) of the users in general?
(I saw USR02-->PWDSTATE but not very sure if that is the right field to check).
Soumya
03-31-2011 5:20 PM
03-21-2011 10:32 AM
Hello,
Just check user attribute and and details.. it it locked what kind of lock9Admin or incorrect log on lock..
Thanks,
PKP
Edited by: Prasant Ku Paichha on Mar 21, 2011 12:22 PM
03-21-2011 10:54 AM
Cynthia Servais wrote:
Our buyers' user IDs get locked in SRM SAPgui production system but they can still use single sign on to logon to SRM in the Portal.
HI Cynthia,
are you sure, that the users get locked (wrong passwords would cause a usr02-uflag value of 128), or are their passwords deactivated only?
Have a look at the parameter login/password_change_for_SSO (note 441452). Maybe its set to '3'....
b.rgds, Bernhard
03-21-2011 4:20 PM
Thank you all for your suggestions. I have forwarded this info to our security analyst and will let you know ASAP what the solution is. By the way, the usr02-uflag value is 128 for the locked users.
Best regards,
Cynthia
03-22-2011 10:34 AM