cancel
Showing results for 
Search instead for 
Did you mean: 

SAP RDS - Reset Password

Former Member
0 Kudos

Hi experts,

I've imported SAP RDS and it, for the moment, seems to work properly.

I just have one issue by the Reset Password task.

When I try to reset the password with the task provided by RDS I get this screen.

The Attribute exist and seems correct.

When I deactivate the script it works except of course with the list that should show the values :

Do I have to do something ?

Is the script correct ?

SELECT SUBSTRING(attrname,8,30) AS repositories FROM idmv_value_basic WHERE attrname LIKE 'ACCOUNT%' AND mskey = %USERMSKEY% ORDER BY attrname

Thanks for your help,

Nicolas.

Accepted Solutions (1)

Accepted Solutions (1)

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Nicolas,

I think it should be SUBSTR and not SUBSTRING.

Regards,

Steffi.

Former Member
0 Kudos

That Was Fast !!!

Congrat to you and to SAP for a mistake in their Own Script in SAP RDS !

Thanks a lot Steffi.

You deserve 1000 points.

Steffi_Warnecke
Active Contributor
0 Kudos

Thank you, Nicolas. I'm always glad when I can help with IdM-stuff. ^^

Former Member
0 Kudos

Now I see the table but when I reset the password for one system I get this error and the password is reset on all repositories 😞

When I imported the 0256_IDM72_Provisioning_Folder.mcc or 0256_IDM72_Identity_Store_Schema.mcc I haven't checked, update repositories attribute.

Do I have to do that ?

Steffi_Warnecke
Active Contributor
0 Kudos

Gotta love IDM... *sigh*

Could you show a screenshot of the pass you use to call up the backend systems?

Former Member
0 Kudos

Here is the pass that causes the error :

Here is the call to abap :

Even when I do I reset in with Web Task Change Identity, this pass also starts :  HandleSystemSpecificAttribute

In the regular Change Identity there is no Repository Choice, so it shouldn't start.

Steffi_Warnecke
Active Contributor
0 Kudos

The second one looks normal to me (mine looks pretty much the same).

But I wasn't precise enough, sorry. I meant the pass that should be part of the UI mask for the password reset. The taskname is something like "ISV 72 8. Exec Plugin - Call Reset ABAP PW Reset (for each Rep)" and mine looks like this:

And this should be the one that triggers just the backend systems you selected in your mask, because this pass calls the second (the ChangePasswordOfABAPUser) for every repository that was selected.

But I bet, can shed some more light. ^^

former_member2987
Active Contributor
0 Kudos

Hmmm.... So what exactly is the problem? I'm not too familiar with the RDS.  If you are engaging a Hook task then it should fire for all connected repositories provided that you have an Account attribute for them. Unless you've hard coded things to work only on specific repositories.

Matt

Former Member
0 Kudos

Hi Nicholas,

From your error screenshot, the error is being caught at the job "SAPC Event: HandleSystemSpecificAttribute"
I have examined the script "sapc_handleSystemSpecificAttr". In the script there are lines as in below screenshot where it is throwing error.

Can you change the code to print the values of the fileds userMskey, idStore, attrNameRep , attrValue,  taskID to job log to know what values are coming. Insert a line to print the values to the log. Something like...


uErrMsg(1, script + "User mskey: ["             + userMskey
                                          + "] ; user idStore["    + idStore,
                                          + "] ; attrname: ["  + attrNameRep
                                          + "] ; attrValue: ["    + attrValue, 
                                          + "] ; taksID[" + taskID+ "]");

I believe definitely there is something wrong in one of the above parameters to script !!! which is throwing the error.


I assume that you have configured the Hook task (MX_HOOK8_TASK) for the repositories for which you are trying to reset the password.

Regards,
Krishna.

Former Member
0 Kudos

I'm not too familiar with the RDS solution, but Oracle uses substr while SQL server uses substring so its correct SQL for atleast one of the databases, but not both... You should report the issue to the RDS team so they can correct it.

Br,

Per Christian

(IdM developer)

Former Member
0 Kudos

I have the impression two jobs are started at the same time.

When I perform the task to reset the password for 1 repository the MX_ENCRYPTED_PASSWORD launches the job 103532 / SAPC HandleSystemSpecificAttribute and in the error Message I see All the repositories.

In this pass which I think analyses the repository to reset the log is correct, only one repository in mentionned.

Here are the logs when I want to change the password on 1 repository.

Here is my Exec Pluging - Set Password

Former Member
0 Kudos

Hello,

Here is the log :

sapc_handleSystemSpecificAttr::User mskey: [103102] ; user idStore[1] ; attrname: [SAPC_IDEN_REP_ENCRYPTED_PASSWORD_GS5200] ; attrValue: [{DES3CBC}1:41abe2c239ba5d67-907ed323873a7618098ba3b238692371] ; taksID[6111]

Former Member
0 Kudos

Per,

Maybe there is 2 versions of RDS and I have the wrong one ?

I don't know as I've not downloaded the pack, but received from someone.

We indeed have ORACLE.

Nicolas.

Former Member
0 Kudos

Hi Nicolas,

I am quite interested in this RDS feature, but unfortunately I don't have a RDS system to access.

Based on my understanding, the RDS reset password should behave differently than standard reset passwords tasks.

For stand reset password task, you need only one password for all systems. Whenever this password changes, the password will be updated on all backends.

For RDS one, since you can reset password on individual system, you must store separate passwords (either permanently or temporarily) for each backend system. That's why you must have custom attributes for that purpose. For  instance, SAPC_IDEN_REP_ENCRYPTED_PASSWORD_TESTGS5. TESTGS5 i assume is one of your backend systems.

Back to your issue, you have noticed that the password has been changed on all backend system in parallel. This is incorrect, you need to confirm MX_PASSWORD should not be updated in this UI task.

You also got some error messages saying

"SAPC_IDEN_REP_ENCRYPTED_PASSWORD_TESTGS5 has not been updated successfully with value [{DES3CBC}XSFDSFAFDADFA]"

You need to check whether these attributes are created for MX_PERSON already and these attributes accept encrypted values?

Best Regards

Jack Xiong

Answers (0)