cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Can we restrict New GUI Session for POP Up window

former_member575324
Explorer

on ‎2020 Jan 02 11:19 AM

0 Kudos
2,400

We have a requirement of two step authentication for user login.

For that we have developed enhancement and pop up a window to enter one time password.

But user can bypass this screen by using option "New GUI Session" or Ctrl + N.

So, we want to restrict this function.

Please help to resolve this issue.

Thanks.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Sandra_Rossi
Active Contributor
‎2020 Jan 02 1:09 PM
0 Kudos

I don't understand, new GUI session (CTRL+N) just opens a window, it doesn't ask for user credentials.

former_member575324
Explorer
‎2020 Jan 02 2:13 PM

See below image. User can skip the OTP screen through "create new session" or Ctrl + N.

We want to restrict that . without OTP No one can open any session .

Sandra_Rossi
Active Contributor
‎2020 Jan 02 4:49 PM
0 Kudos

I see but I don't know any solution for that.

Maybe, instead of a dynpro, you can try to display a dialog box using CL_GUI_DIALOGBOX_CONTAINER because I think you can't open a new session from it, with a CL_GUI_HTML_VIEWER in it.

But you'll have to instantiate the dialog box from the PAI of the system login dynpro (SAPMSYST 0020), so it requires a modification of the standard (BE CAREFUL: before changing it, add the system program SAPMSYST to a non-local transport request and release it, so that the administrators can restore it in case you corrupt the program such a way that you can't login anymore!) As said in note 205487 - Own text on SAPGui logon screen: 

You must strictly refrain from making any change to the system program SAPMSYST,
since this could cause serious problems (for example, dialog logon no longer 
possible).
View Entire Topic
venkateswaran_k
Active Contributor
‎2022 May 31 8:32 AM
0 Kudos

Hi

I believe you are using exit - SUSR0001 and FM EXIT_SAPLSUSF_001 - to handle the logon.

At first step I believe users need not have to complete the second logon verification prompt successfully or unsuccessfully... they can simply open a new session.

However, Can you share the code - which FM you are using for the OTP window? Also make the OTP field as mandatory.

Regards,

Venkat

Show replies
Show replies
Ask a Question