000036217 - Incorrect password error during SAP login using the SAP account created through the RSA Identity Governance & Lifecycle's AFX SAP Connector

Document created by RSA Customer Support Employee on Apr 9, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036217
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.0.2
IssueIn RSA Identity Governance and Lifecycle, the Create an Account capability of the AFX SAP Connector does not generate a working password to log in to SAP.
  1. On the Create an Account tab of the AFX SAP Connector, the SAP account to be created is configured with a default password.

AFX SAP Connector Capabilities

  1. Create an SAP account using AFX SAP Connector's Test Capabilities.

AFX SAP Connector Test Capability

  1. The SAP account has been created by the SAP AFX Connector.

AFX SAP Connector Test Capability Result

  1. The user logs in to SAP using the SAP account credential (default password) created by the AFX SAP Connector.  However, the user is unable to log in due to incorrect password even though correct default password was used.

SAP login - Incorrect password
CauseThe password was not decrypted before executing Create an Account.
ResolutionThis defect has been resolved in RSA Identity Governance & Lifecycle 7.0.2 P05 and 7.1.0.

The steps below must performed as a workaround for AFX SAP Connector to generate the decrypted password during SAP account creation:

  1. Export the SAP connector template and make a copy as a backup.  To export,

    1. Navigate to AFX Export
    2. Select SAP from the Connector Templates
  2. Using the downloaded SAP Connector template zip, make the following changes:
    1. Unzip it. 
    2. Navigate to <directory with the unzipped folder>/SAP/TRANSPORT_TYPE
    3. Open the SAP-transport.xml file and locate the string <field name="BAPIPWD" sapDesc="New password">.
    4. Modify its value as follows:
      1. The original field value for BAPIPWD on SAP-transport.xml is:

<structure name="PASSWORD">
     <field name="BAPIPWD" sapDesc="New password">#[header:Password]</field>

  1. The new field value for BAPIPWD on SAP-transport.xml:

<structure name="PASSWORD">
     <field name="BAPIPWD" sapDesc="New password">#[groovy:com.aveksa.AFX.server.runtime.esb.core.AfxPropertyMgr.getInstance().getPropertyValue(message, 'Password')]</field>

  1. Zip the <UnzippedFolder> again.
  2. Import it back into the system.  To import,
    1. Navigate to AFX Import
    2. Choose the recently zipped file from your local folder

  1. Create a new SAP connector.  To create,
    1. Navigate to AFX > Connectors > Create Connector
  2. Execute the Create an Account command.  To execute the command,
    1. Navigate to  AFX > Connectors.
    2. Choose the newly created SAP connector  > Capabilities tab > select Create an Account capability
  3. Log in to SAP using the newly created SAP account credential via the AFX SAP Connector.
    You should be able to successfully log in and not get the message that the name or password is incorrect.