cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issues with IDM Implementation

Go to solution
Former Member

on ‎02-22-2012 9:21 PM

0 Kudos

Hi All,

We have implemented Netweaver IDM for Password self service. As part of this we hooked up multiple systems including portal. The user master for portal is AD (one for internal and one for external). There are couple of ways users can reset their passwords.,

1. Forgot password link in portal logon page (this will initialize IDM guided procedure for the reset)

2. Administrative reset in AD directly (there is a tool called password hook which intercepts the password send it to IDM and sync it back to target systems)

3. CtrlAltDel (same as the second)

When we use the first method password gets changes successfully and also it changes the field value ""Date of Last Password Change"" to current date so portal knows when to enforce the password expiration security policy.

But for the methods 2 & 3, the password gets changed successfully but the field value ""Date of Last Password Change"" in portal is not being changed. So the portal works with the new password but try to enforce the password expiration policy (90 days) when the policy expires even though you have just changed the password using methods 2 or 3.

So every 90 days though the password is reset using AD, portal didn't recognize it and it prompts password expiration again which creates confusion for the user.

SAP came back saying this is not supported at this point of time. What's surprising is IDM is SAP, portal is SAP and password hook is SAP then why this cannot be achieved (remember it works in the first method).

So we are trying to script in IDM to do this manually. What we want to know is the field name of """Date of Last Password Change"" and the format in which the data is stored. Right now we wrote a java function which returns the epic time and pass the epic time to portal to update the field ""Date of Last Password Change"" but nothing happens. the job completes successfully but the update is not happening.

""

The other issues we have are.,

- Password not sync'ing to the repositories (mostly SAP systems but few occasions in AD as well)

- AD Domain controller going down periodically (any DC which IDM points to goes down frequently because of lot of open tcp/ip connections, this happens only in internal AD)

Any help in this is appreciated.

Thanks.

Regards,

Muthu Kumaran KG

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-26-2012 2:46 PM
0 Kudos

We struggled with this as well and our workaround was to disable password changes in NW portal and put a link on the front page of the portal to direct the user to the IDM interface. In order to have users change password before it expires we send out notification emails and also supply reset link on the portal page. Not really a satisfying solution but it works.

Show replies
Show replies
Former Member
‎02-27-2012 8:09 PM
0 Kudos

Dean,

Thanks for your response.

Regards,

Muthu Kumaran KG

Answers (0)

Ask a Question