cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fiori-Style Analytics Dashboard: 'Invalid Username/Password' Error for Non-Manager Users

Sisira
Explorer

on ‎2025 Apr 02 5:44 AM

0 Kudos
502

After logging into SAP Business One, our system automatically loads the Fiori-style Analytics dashboard (Pervasive Analytics). While the Manager user has no issues accessing the dashboard, other users consistently receive an "Invalid Username/Password" error when the dashboard loads.

Details:

  • SAP Business One Version: Sap Business One 10 FP 2502
  • Database: SAP HANA (SLD connection user is SYSTEM)  - version Hana 2.00.059
  • Issue: After successful login to SAP Business One, the Fiori-style dashboard attempts to load and fails for non-manager users with the error "Invalid Username/Password".
  • Manager User: Works perfectly without any errors.
  • Other Users: Despite having the required permissions for analytics, they are facing authentication issues only with the dashboard.

What I've Checked/Done:

  • User Permissions: Verified that all affected users have the necessary authorizations for Analytics and Pervasive Analytics.
  • SLD & Database Connection: Confirmed that the SLD database connection user is SYSTEM, which has all required privileges.

My Questions:

  1. What could cause the "Invalid Username/Password" error for non-manager users when accessing the Fiori-style dashboard, given that the Manager user works fine??
  2. Are there any known configuration settings or workarounds for ensuring that all users benefit from the SYSTEM user's privileges (like PAL_ROLE and AFL execution rights) when accessing Analytics?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

ArunJacob
Active Participant
‎2025 Apr 02 7:53 AM

Hi Sisira,

Yes, PAL_ROLE and AFL execution rights required for non-manager users as well.

GRANT PAL_ROLE TO "<USER>";
GRANT AFL__SYS_AFL_AFLPAL_EXECUTE TO "<USER>";

Non-manager users may not have the required database privileges, while the Manager user does.

Thanks,

Jakes

 

Show replies
Show replies
jbwoodoo
Discoverer
‎2025 Apr 09 1:55 PM
0 Kudos
Hi ArunJacob Thank you for your advice on database privileges. We are using SAP B1 internal authentication for the SB1 Hana users. On database level we see users like SYTEM, TECH-USER, B1ADMIN etc. But we do not see our internal users. There are some users like B1_4d4c535F502443230323341_RO B1_4d4c535F502443230323341_RW B1_4d4c535F5024432303233_RW B1_4d4c535F5024432303233_RO but the number of this dbs users is much lower than the number off SB1 system users. We did the permission update via Studio. But It did not solved the problem. Kindly could indicate where I could find the internal users in the DBS or how they are mapped to DBS users. We had this problem before in FP 2305 see https://me.sap.com/notes/3314556. In FP 2305HF1 and FP 2411 this was working. For some reason SAP B1 team has ask to urgently update to 2502 w/o testing. Best Regards, Boris
maenmustafa
Explorer
3 weeks ago
0 Kudos

hello agian , 

the problem happened because the keycloak (authentication service) by default enforce all users to lowercase , so when you are login with sap b1 user with mixed cases or upper case this problem will show due to the above reason , the cockpit will not accept the login because the username passed is in lower case , i have figured out what is the issue ,   i have recompiled jar files that in charge of username and post them .. here is the complete guide for best results : 

download my new compiled keycloak_tolowercase.tar.gz from here : 

https://github.com/maenmustafa/keycloak/blob/main/keycloak_tolowercase.tar.gz

place it in any folder .. 

then extract it .. 
tar -xvf keycloak_tolowercase.tar.gz
go to the original folder and  backup the original jar files : 
cd /usr/sap/SAPBusinessOne/Common/keycloak/lib/lib/main

 

cp     org.keycloak.keycloak-crypto-default-24.0.4.jar    org.keycloak.keycloak-crypto-default-24.0.4.jar.bak
cp     org.keycloak.keycloak-model-jpa-24.0.4.jar    org.keycloak.keycloak-model-jpa-24.0.4.jar.bak
cp     org.keycloak.keycloak-model-storage-24.0.4.jar    org.keycloak.keycloak-model-storage-24.0.4.jar.bak
cp     org.keycloak.keycloak-model-storage-private-24.0.4.jar    org.keycloak.keycloak-model-storage-private-24.0.4.jar.bak
cp     org.keycloak.keycloak-server-spi-24.0.4.jar    org.keycloak.keycloak-server-spi-24.0.4.jar.bak
cp     org.keycloak.keycloak-server-spi-private-24.0.4.jar    org.keycloak.keycloak-server-spi-private-24.0.4.jar.bak
cp     org.keycloak.keycloak-services-24.0.4.jar    org.keycloak.keycloak-services-24.0.4.jar.bak

then back to the orignal folder where the jar files exist 


cp org.keycloak* /usr/sap/SAPBusinessOne/Common/keycloak/lib/lib/main

back to keycloak directory : 
cd /usr/sap/SAPBusinessOne/Common/keycloak/lib/lib/main
 
 
 
chmod 775     org.keycloak.keycloak-crypto-default-24.0.4.jar
chmod 775      org.keycloak.keycloak-model-jpa-24.0.4.jar
chmod 775      org.keycloak.keycloak-model-storage-24.0.4.jar
chmod 775      org.keycloak.keycloak-model-storage-private-24.0.4.jar
chmod 775      org.keycloak.keycloak-server-spi-24.0.4.jar
chmod 775      org.keycloak.keycloak-server-spi-private-24.0.4.jar
chmod 775      org.keycloak.keycloak-services-24.0.4.jar


chown b1service0:b1service0     org.keycloak.keycloak-crypto-default-24.0.4.jar
chown b1service0:b1service0      org.keycloak.keycloak-model-jpa-24.0.4.jar
chown b1service0:b1service0      org.keycloak.keycloak-model-storage-24.0.4.jar
chown b1service0:b1service0      org.keycloak.keycloak-model-storage-private-24.0.4.jar
chown b1service0:b1service0      org.keycloak.keycloak-server-spi-24.0.4.jar
chown b1service0:b1service0      org.keycloak.keycloak-server-spi-private-24.0.4.jar
chown b1service0:b1service0      org.keycloak.keycloak-services-24.0.4.jar

 

Login to Authentication Service

https://ServerIP_Or_Name:40020/auth/admin/sapb1/console/ 

login with B1SiteUser and password and then go to users 

.. delete all users EXCEPT b1siteuser

 

now restart the services

service sapb1servertools-authentication restart


the login to sap business one and the problem is solved.

 

Regards

Maen

 

 

Show replies
Show replies
ArunJacob
Active Participant
‎2025 Apr 10 5:21 AM
0 Kudos

Hi Boris,

B1_4d4c535F502443230323341_RO and other B1_* users are shared technical users (runtime generated, hence less in number also). Basically, internal SB1 users are not directly mapped. 

Please see 'PAL_USER_MAPPING' 

SELECT * FROM "PAL_USER_MAPPING";

to see technical users to role

Thanks,

Arun

 

Show replies
Show replies
prudhvi_ravipati
Explorer
Monday
0 Kudos

Hi Arun,

Where should we execute the following command, As we are also facing similar error randomly for some users.

Can you provide detailed steps to resolve this issue

Thanks,
Prudhvi.

Ask a Question