topic Re: Java-administrator password keeps getting locked in Application Development and Automation Discussions

Java-administrator password keeps getting locked

Former Member — Tue, 22 Jul 2014 11:05:37 GMT

Hi,

We have a portal 7.3 in which the Java-administrator password keeps getting locked. I can't see anything in the log traces in NWA. The only thing I've found is in security_audit logfile which doesn't really say much:

#2.0 #2014 07 17 05:47:03:913#+0200#Info#/System/Security/Audit/PrincipalModification#

#BC-JAS-SEC-UME#com.sap.security.core.sda#C000AC142D1F08D90000000000003284#52888950000000002#tc~bl~txmanager~plb#com.sap.security.core.util.SecurityAudit#Guest#0#JTA Transaction : 127261#040FAA9B0D6511E4C5A4000003270576#040faa9b0d6511e4c5a4000003270576#040faa9b0d6511e4c5a4000003270576#0#Thread[RMI/IIOP Worker [0],5,Dedicated_Application_Thread]#Plain##

User account modified | USERACCOUNT.MODIFY | UACC.PRIVATE_DATASOURCE.un:Administrator | | SET_ATTRIBUTE: islocked=[true], SET_ATTRIBUTE: lockreason=[1]#

Please advice,

Thanks.

Re: Java-administrator password keeps getting locked

Former Member — Tue, 22 Jul 2014 15:58:32 GMT

This message was moderated.

Re: Java-administrator password keeps getting locked

davefitzgibbon — Wed, 23 Jul 2014 12:32:07 GMT

Hi,

there exists a trace location that should provide useful information for such cases. It is described in SAP note:

1493272 - A user gets locked automatically

My suggestion is add the location com.sap.security.core.userlocking as

specified in the attachment to the note and once it is added, set that

location to DEBUG and wait for the user to be locked again. Hopefully additional information concerning the origin of the bad credentials will be written to traces.

Exactly how you capture the traces depends on the frequency in which

the user becomes locked. For example if the user becomes locked every

few minutes, after adding the location in the configtool and

restarting the system, I suggest using the Security Troubleshooting

Wizard to do so. Refer to note 1332726 - Troubleshooting Wizard and

its attachments. Create a custom incident that is a copy of the

Authentication incident and add this location

com.sap.security.core.userlocking to the newly created incident

Set the wizard to use this new incident for trace collection and wait

for the user to become locked. Then immediately stop the wizard's

trace collection

f the locking occurs less frequently than every few minutes, it is

preferable to use the NWA to adjust the severity of these locations

and their sublocations to DEBUG and wait for the issue to reoccur

com.sap.security.core.userlocking

com.sap.engine.interfaces.security

com.sap.engine.services.httpserver.HttpTraceRequest.traceRaw

com.sap.engine.services.httpserver.HttpTraceResponse.traceHeaders

com.sap.engine.services.security.authentication

com.sap.security.core.logon

com.sap.security.core.ticket

com.sap.security.core.util

com.sap.security.core.server.jaas

See Log Configuration with SAP NetWeaver Administrator

http://help.sap.com/saphelp_nw73/helpdata/en/47/af551efa711503e10000000a42189c/content.htm

Don't forgot to change these back to default severity levels after the

issue has captured in the traces

Regards,

David