Hi gurus,
I set up sso for my Netweaver 7.3 Portal system using spnego and kerberos with an ABAP UME. sso is working fine, except when a user has a pending password change on the ABAP side in which case we see this message in the Authentication Trace.
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false true
#1 trusteddn1 = CN=xxx [deleted]
#2 trusteddn2 = CN=xxx [deleted]
#3 trustediss1 = CN=xxx [deleted]
#4 trustediss2 = CN=xxx [deleted]
#5 trustedsys1 = PAD,010
#6 trustedsys2 = PAD,000
#7 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok true true true
3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok true true true
4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUIRED ok true true
5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUIRED ok false true
Central Checks exception Missing Password
Getting message to be displayed to the user for exception cause 22
The localized message to be dispalyed to the user is Password missing
Entering method
Handle javax.security.auth.callback.TextOutputCallback@xxxx
Set error message from TextOutputCallback: Password missing
Exiting method
Entering method
Handle com.sap.engine.interfaces.security.auth.AuthStateCallback:[PASSWORD_CHANGE_FAILED]
Original Page URL Cookie is currently stored as : http://ccmdra31:50100/irj/portal
Original Page URL Cookie will not be changed. It is equal to current URL.
We have sso already from the sapgui into the ABAP system (PAD) that is the UME datasource for this Java system. Most users don't know what their password is in the PAD system because they use sso to login there so it is a problem that the Portal instance prompts them to enter their old and new password rather than letting them through. Does anyone know a workaround to this?
Warm Regards,
Clifton