cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO with SAP Work Manager 6.0

Go to solution
Former Member

on ‎12-17-2014 1:41 PM

0 Kudos

Dear SCN,

I have been browsing SCN for any posts regarding SSO and Work Manager 6.0, but could not find any solution or answer specifically related to the following issue.

In principle SSO works in the existing SAP landscape, in that users can logon to ERP using SSO via the SAP Portal, even when their ERP password has expired (USR02-PWDSTATE = 2).

We have developed a custom Agentry app (although we found the same applies to standard SAP WM 6.0) on SMP 2.3 with SSO authentication against a SAP Portal (as maintained in the JavaBE.ini file).

However, using SAP WM 6.0 or the custom Agentry app, when the ERP password has expired they are prompted to change their ERP password.

1. In our environment users are never logging on to ERP directly, if at all, they always logon via the SAP Portal, hence they should not be prompted to change their ERP password via the Agentry client.

2. If they do get prompted to change their password, it should be their SAP Portal password, not their ERP password.

I tried applying SAP note 2043172 (SSO login fails at login check), but this note either does not apply to this specific scenario, or does not apply to SAP WM 6.0 on SMP 2.3.

How does one configure SSO with Agentry apps that prevents the users being prompted to change their ERP password when using SSO against the SAP Portal?

Regards,

Edwin

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎12-17-2014 3:15 PM
0 Kudos

Agentry users must enter a valid username and password to login to the Agentry client, this information is then used to validate their account when communicating with the backend systems.

In an SSO configuration I believe the user / pwd will be passed to the portal to validate and in turn return the SSO token to continue the communication with the backend.  If their password is expired, the login "handshake" appears to behave exactly as I would expect by prompting them to change their password.

--Bill


Show replies
Show replies
Former Member
‎12-18-2014 2:15 PM
0 Kudos

Hi Bill,

The behaviour I experience seems slightly different to what you explained.

If the user logs on to the portal and from their logs on to ERP they are never prompted to change their (expired) ERP password, the only time they are prompted is when their portal password expires.

That same user now also uses the Agentry client that prompts them to change their ERP password.

Using SSO within Agentry, shouldn't the users be promted to change their portal password rather than their ERP password?

Regards,
Edwin

Answers (1)

Answers (1)

Former Member
‎12-18-2014 1:57 PM
0 Kudos

I implemented SAP note 2043172 again:

- copied SPS-373.jar into the Java folder of the Agentry app

- adjusted the classpath in Agentry.ini accordingly

- added parameter "BYPASS_USERID_CHECK=true" under "[USER_AUTH_SSO]" in the JavaBE.ini file

To conform with the SAP note I deactivated the user's password (USR02-CODVN = 'X'). In the Agentry client the error now is 'Error validation user password'.

During debugging of /SYCLO/CORE_SUSR_LOGIN_CHECK it returns exception = 6 (no_check_for_this_user) and subsequently raises the error.

What am I doing wrong here?

Regards,
Edwin

Show replies
Show replies
Marçal_Oliveras
Active Contributor
‎02-24-2015 4:09 PM
0 Kudos

Hi Edwin,

I don't know if you managed to solve this. I had more or less the same issue and implementing the note worked for me.

Just in case, I let you know that I added the BYPASS_USERID_CHECK=true exactly after the PORTAL_URL parameter under the [USER_AUTH_SSO] section. I'm not sure if the order is relevant here.

Ask a Question