cancel
Showing results for 
Search instead for 
Did you mean: 

New IDM User - Authentication Failed

Former Member
0 Kudos

Hello,

I apologize for the possibly silly question about to follow but I'm having a rather basic problem and I just can't figure it out; I would greatly appreciate your expert advice.

Using version 7.1 I have created a UI task that creates an SAP IDM user through a basic 'To Identity Store' Pass; I am passing in the mandatory fields (or at least I think so) needed to create a usable account, namely, SAP ID / MSKEYVALUE, First Name, Last Name, DisplayName, MX_PASSWORD, MX_ENCRYPTED_PASSWORD along with an IDM.Authenticated role so that the new user can login to the UI.

In spite of adding these fields in while creating the new ID I still get an "Authentication Failed" error message when trying to login from the IDM UI; What other fields need to be passed on to the Identity Store when creating a new IDM user? What fields/flags/values am I missing? I would greatly appreciate any help I can get from you experts!

Thanks in advance!

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Sandeep,

how are you creating the User in the AS Java UME? You need to make sure that the user is provisioned to AS Java using the provisioning framework. The UME password is used for the authentication and not the one in the identity store.

Which password are you passing to the AS Java for provisioning? And what is displayed in UME of the AS Java?

Best regards

Holger

Edited by: Holger Flocken on Jul 21, 2011 9:48 AM

Answers (2)

Answers (2)

former_member2987
Active Contributor
0 Kudos

Hey Sandeep!

Couple of quick things:

1. Are you assigning MX_PERSON?

2. If you're going against UME did you add the proper roles (idm.authenticated)?

3. If you're going against AD/LDAP is the user enabled?

Matt

Former Member
0 Kudos

Hi Martin, Holger & Matt,

Thanks a ton for your quick responses!

There seemed to be something wrong with one of the UME Identity Provisioning job templates I used initially.....on a whim, I tried using the Create AS JAVA Identity (as Holger had also suggested) from the provisioning framework instead and it worked!

not too sure what exactly might've been the problem with the previous template...because as Martin and Matt had suggested I had added the idm.authenticated role as well, so still don't know what the issue was with the other template I used or might've just been a stupid environmental / connectivity problem.

Thanks so much for your expert advice!

Cheers!

martin_voros
Active Contributor
0 Kudos

Hi,

how do you pass value to MX_ENCRYPTED_PASSWORD? It's gotta be encrypted using function uDESEncrypt. MX_ASSWORD should have hashed value of the password.

Cheers

Former Member
0 Kudos

Hi Martin!

Thank you for your quick response!

For the MX_ENCRYPTED_PASSWORD attribute I am encrypting MX_PASSWORD using the Global Script:

$FUNCTION.sap_encryptPassword

- which uses uDESEncrypt internally

and for the MX_PASSWORD attribute I am encrypting it using the Global Script:

$FUNCTION.sap_encryptPasswordMD5

- which uses uMD5 internally

Is that the right usage?

Cheers!

martin_voros
Active Contributor
0 Kudos

It seem OK. I was just guessing.

So if you log on to Java AS and checks users in UME can you see that user there? What role/privilege do you assign to a user? What provisioning tasks did you assign to that role/privilege?

Cheers