SAP Knowledge Base Article - Preview

3043999 - Different Behavior When SSO Logon to AS ABAP System With User Locked Status

Symptom

Different results when a locked user tries to log in an ABAP system via SSO (i.e. SPnego, X.509 certificate, SAML):

  • A user whose password is locked succeeds to authenticate via SSO.
  • A user whose account is locked fails to authenticate via SSO.

*Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.*


Read more...

Environment

  • SAP NetWeaver
  • SAP NetWeaver Application Server for SAP S/4HANA
  • ABAP PLATFORM - Application Server ABAP
  • S4HANA ON PREMISE
  • SAP Business Technology Platform

Product

ABAP platform all versions ; SAP Business Technology Platform all versions ; SAP NetWeaver Application Server for SAP S/4HANA all versions ; SAP NetWeaver all versions ; SAP S/4HANA all versions

Keywords

SSO, SAML, SAML2, SPNego, client certificate, kerberos, X.509, lock, user lock, account lock, administrator lock, incorrect logon lock, 128, 64, USR02, UFLAG, SUIM, SU01, Change Documents, Users by Complex Selection Criteria, password deactivated, production password, too many failed attempts, SNC, logon, login/fails_to_user_lock , KBA , BC-SEC-LGN , Authentication , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.