on 11-19-2013 6:01 PM
Hi all,
does anybody know how to disable the Secure Login Server feature "Secure Login Authentication Profile Lock" (A Secure Login authentication profile locks itself when it detects a serious problem)? Is it possible to turn this "security feature" off?
Best Regards
Kai
Problem solved by using SAP NW SSO 2.0 SP2.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Kai.
We are using:
Version: 2.0
Support Package: 3
Patch Level: 2
And still getting profile "Locks" whenever a user has a corrupted UPN data. It's a problem because affects all the other users trying to use that profile.
Which Service Pack has resolved this or provides a feature to disable it?
Thanks
Sebastian,
there is no way to turn off profile locking. But such locks should only occur if the configuration of SLS is corrupted somehow, not if user data don´t fit during enrollment.
Could you explain what "corrupted UPN data" means? Did you configure LDAP/ADS based user name mapping, and you don´t get a value for userPrincipalName?
-- Stephan
Hi Stephan!
Our Certificates X.509 are granted via SLWC using LDAP authentication against AD.
Certificate CN is UPN (user principalname) in this format "id@domain.corp"
We have encountered AD users were the UPN returns without .corp, or using ,corp (comma instead of a dot).
When this users try to authenticate, the profile gets lock.
Error Message
Cannot send an HTTP error response [500 com.sap.securelogin.library.core.ProfileConfigException: The user variable : (AUTH:UPN) can not be resolved but is used. (details: )].
We know is an AD user problem, but we are looking for avoid the profile lock while reviewing and fixing more than 20.000 AD accounts...
thanks!
Hi,
yes, we exported and deleted all signed SNC and SSL certificates in SLAC (of course not the SUB CAs) and we're now using a different SSO server (this one is only for signing) for signing.
The issue was affecting all Secure Login Clients, not only the SLWC. We had a lot of them in our cert store, so i guess there was a performance / timeout issue in combination with a ldap service (for additional attributes).
Best regards
Kai
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.