cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting productive password for AS Java

michaelfranke
Participant

on ‎03-18-2016 11:53 AM

0 Kudos

Hello together,

I want to change the flag "passwordchangerequired" of AS Java user. Therefore I found several information already here.

Following points are checked/done:

- certificates are stored in cacerts

- communication over https between IdM 7.2 and AS Java is possible (port 50001 and 443 over WebDispatcher)

- other parameters like "lastpasswordchange" are working fine (SPML was modified like written down in SAP Note 1598491)

Only parameter "passwordchangerequired" can not be modified. There is no error message.

Any idea?

Thanks in advance and best wishes

Michael

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

jaisuryan
Active Contributor
‎03-22-2016 12:33 AM
0 Kudos

Hi Michael,

Have you changed repository constant HTTP_PROTOCOL to "https" which I believe you have done?

Please post the screenshot of your AS JAVA repository constants as well.

Kind regards,

Jai

Show replies
Show replies
michaelfranke
Participant
‎03-22-2016 7:29 AM
0 Kudos

Hi Jai,

attached the screenshot.

AS Java has AD as backend system. The idea is to synchronize user status of AS Java (attributes "lastpasswordchange" & "passwordchangerequired") and AD (attribute "pwdlastset").

I have tested the toSPML path with

- user which is stored in UME

- user which is stored in AD and status attributes are in UME

Thanks in advance

Michael

Chenyang
Contributor
‎03-20-2016 9:02 PM
0 Kudos

Michael,

passwordchangerequired should be a standard parameter that you can use. Which IdM version are you running on?


I think SSL connection and certificate import are required for setting JAVA productive password, but you've already done it. Did you set the value of passwordchagnerequired to "false" instead of "0"?


Have you got any error message?



Provisioning Productive Instead of Initial Passwords - SAP NetWeaver Identity Management for SAP Sys...


Cheers,

Chenyang

Show replies
Show replies
michaelfranke
Participant
‎03-21-2016 8:10 AM
0 Kudos

Hi Chenyang,

we are using IdM 7.2 SP9. SMPL was modified because of "lastpasswordchange". You are right that "passwordchangerequired" is possible with standard.

I used "false" and "true" as parameter.

Connection tested over 443 (with WebDispatcher) and 50001 (direct to server node).

Attached you can find some pictures. No error will be written down ...

Thanks!

former_member2987
Active Contributor
‎03-21-2016 12:18 PM
0 Kudos

Michael,

I seem to recall that the service account user needed some SPML write permission.  Do you have this?  When I get my test system up, I will get the exact entitlement.

Matt

michaelfranke
Participant
‎03-21-2016 12:39 PM
0 Kudos

Matt,

service user has own created role "SPML" with two actions:

- Spml_Read_Action

- Spml_Write_Action

Is there any other permission necessary?

Thanks for your help.

Michael

former_member2987
Active Contributor
‎03-21-2016 6:02 PM
0 Kudos

Hi Michael,

Yes, that's what my admin user has.

Matt

Chenyang
Contributor
‎03-21-2016 10:16 PM
0 Kudos

Hi Michael,

I tested on my system and it works as expected. You just provide true/false for the parameter to enable/disable password change for JAVA users. SSL is not mandatory for setting productive JAVA password.

The system I am using is 7.1 sp6. I think there isn't much difference than your system.

Cheers

Chenyang

former_member2987
Active Contributor
‎03-18-2016 12:19 PM
0 Kudos

Hi Michael,

Are you trying to do this via IDM or some other SAP module?

Thanks,

Matt

Show replies
Show replies
michaelfranke
Participant
‎03-21-2016 8:04 AM
0 Kudos

Hi Matt,

We are using the standard IdM connector for AS java systems.

Thanks!

Ask a Question