on 03-04-2015 4:12 AM
Hello every one.
We are using sap net weaver 7.0 EHP2 with oracle 11.2 and UME is ABAP( ERP 6.0 EHP5).
When user try to change his password from portal he gets below error:
This is happening to few users only and other users able to change his password.
I traced the issue and got below information:
Missing new password
[EXCEPTION]
com.sap.engine.services.security.exceptions.BaseLoginException: Missing new password
at com.sap.engine.services.security.server.jaas.CheckAction.changePasswordIfNeeded(CheckAction.java:216)
missing
[EXCEPTION]
com.sap.engine.services.security.server.jaas.PasswordChangeException: missing
at com.sap.engine.services.security.server.jaas.CheckAction.changePasswordIfNeeded(CheckAction.java:240)
at com.sap.engine.services.security.server.jaas.CheckAction.run(CheckAction.java:66)
LOGIN.FAILED
User: 2095
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false true
#1 trustediss1 = CN=PP1
#2 trustedn1 = CN=PP1
#3 trustedsys1 = PP1,700
#4 ume.configuration.active = true
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok true true true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true true true
#1 trsustediss1 = CN=PP1
#2 trsutedsys1 = PP1,700
#3 trustedn1 = CN=PP1
#4 ume.configuration.active = true
Central Checks exception Missing new password
Please suggest how can in resolve it?
Regards,
Tarun
Hi Tarun,
Can you also check below-
1672785 - NullPointerException in the UME Policy provider during login
It shows server node restart as temporary workaround.
Also check account validity details for those users.
Best Regards,
Rupali
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tarun,
Pls. apply: https://css.wdf.sap.corp/sap/support/notes/1826557 on the concerned ABAP backend.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Tarun,
What is your current version of Java(Portal)?
Are these users, who are facing issue with password change from portal, able to change the password while logging to ABAP system directly?
From the logs posted by you I understand that SSO is configured for this system , please confirm if my understanding is correct?
Please refer the below SAP note with details on similar error(not the same)
891614 - Login problems / Expired password
Also, please check if the initial password for these users has expired in the back-end system?
Regards,
Pradeep
HI Pradeep,
We are using NW 7.0 EH2. From abap side they are able to change password. We reset his password from r3 and give him initial password.
When user login to portal, first time system accept the password but when user enters old password, new password and confirm password system gives error missing.
hi Tarun,
Just to check have you implemented any password policy in the ECC system as some of the occasions the change in password is not permitted again.
do refer below help.sap.com links may be there might policy enforced like Allow Users to Change Their Own Passwords & Allow Old Password as Part of New Password might impact the change of password.
Configuring the Security Policy for User ID and Passwords - Identity Management - SAP Library
Also Do validate the validity and failed attempts made by User.
Let us know the details.
Regards,
Ram
Hi Tarun,
Were you able find the root cause for this issue?
If no, I would suggest you to check the below steps:
* Is this issue happening on your QA and DEV systems as well? if not, please compare the Java UME settings between the system without issue with the system where the issue is happening.
* As you said this is happening with certain user ids only, check the Backend system and compare the user ids with the one where the password reset is working.
* If possible try deleting the user id in the backend system and recreate it to see if the issue still occurs
* If the issue is happening in all systems(DEV, QA and PRD) please try applying latest Support Packs on Java side.
* I believe you would have already done this, but please raise a OSS message to SAP while you investigate this from your end.
Provide us the more trace from Java default trace file so that we could see if there is anything we are missing here.
Regards,
Pradeep
Hi Tarun,
Few things apart from what pradeep suggested. Can you try to reset the password of those user in both Backend and portal and ask them to re-try again. As we have seen that there is a SSO settings which deactivate the user id when it is not reset on time.
Also apart from this I can see from your log below is the method used for Authentication:-
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false true
#1 trustediss1 = CN=PP1
#2 trustedn1 = CN=PP1
#3 trustedsys1 = PP1,700
#4 ume.configuration.active = true
2. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok true true true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true true true
#1 trsustediss1 = CN=PP1
#2 trsutedsys1 = PP1,700
#3 trustedn1 = CN=PP1
#4 ume.configuration.active = true
Can you change the order as below:-
1. .BasicPasswordLoginModule
2.EvaluateTicketLoginModule
3.CreateTicketLoginModule
and try to take a quick restart of your portal. and ask the user to change password again.
I hope this is not a production system cause sometimes outages is not easily avilable .
Let us know the update.
Thanks in advance.
Regards,
Ram
User | Count |
---|---|
78 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.