on 07-20-2011 2:44 PM
Hello,
I apologize for the possibly silly question about to follow but I'm having a rather basic problem and I just can't figure it out; I would greatly appreciate your expert advice.
Using version 7.1 I have created a UI task that creates an SAP IDM user through a basic 'To Identity Store' Pass; I am passing in the mandatory fields (or at least I think so) needed to create a usable account, namely, SAP ID / MSKEYVALUE, First Name, Last Name, DisplayName, MX_PASSWORD, MX_ENCRYPTED_PASSWORD along with an IDM.Authenticated role so that the new user can login to the UI.
In spite of adding these fields in while creating the new ID I still get an "Authentication Failed" error message when trying to login from the IDM UI; What other fields need to be passed on to the Identity Store when creating a new IDM user? What fields/flags/values am I missing? I would greatly appreciate any help I can get from you experts!
Thanks in advance!
Hi Sandeep,
how are you creating the User in the AS Java UME? You need to make sure that the user is provisioned to AS Java using the provisioning framework. The UME password is used for the authentication and not the one in the identity store.
Which password are you passing to the AS Java for provisioning? And what is displayed in UME of the AS Java?
Best regards
Holger
Edited by: Holger Flocken on Jul 21, 2011 9:48 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Sandeep!
Couple of quick things:
1. Are you assigning MX_PERSON?
2. If you're going against UME did you add the proper roles (idm.authenticated)?
3. If you're going against AD/LDAP is the user enabled?
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Martin, Holger & Matt,
Thanks a ton for your quick responses!
There seemed to be something wrong with one of the UME Identity Provisioning job templates I used initially.....on a whim, I tried using the Create AS JAVA Identity (as Holger had also suggested) from the provisioning framework instead and it worked!
not too sure what exactly might've been the problem with the previous template...because as Martin and Matt had suggested I had added the idm.authenticated role as well, so still don't know what the issue was with the other template I used or might've just been a stupid environmental / connectivity problem.
Thanks so much for your expert advice!
Cheers!
Hi,
how do you pass value to MX_ENCRYPTED_PASSWORD? It's gotta be encrypted using function uDESEncrypt. MX_ASSWORD should have hashed value of the password.
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Martin!
Thank you for your quick response!
For the MX_ENCRYPTED_PASSWORD attribute I am encrypting MX_PASSWORD using the Global Script:
$FUNCTION.sap_encryptPassword
- which uses uDESEncrypt internally
and for the MX_PASSWORD attribute I am encrypting it using the Global Script:
$FUNCTION.sap_encryptPasswordMD5
- which uses uMD5 internally
Is that the right usage?
Cheers!
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.