We recently switched to Single Sign-On and is leveraging the authentication on the MVS(RACF). Users login thru the MRE and the RACF password rule is to change passwords every 35days. To change the password thru MRE they enter:

Password box:
(oldpassword,newpassword)

Once they changed the password they are able to login to MRE. The issue is when they launch a report it prompts them to reenter userid and password.

Reporting Server - MVS
Client Server - Windows

Authentication Parameter
IBIMR_user
IBIMR_pass

Authentication Setting:
Authentication - External WFRS (MVS TSOID)
Authorization - Internal

Admin Console --> Configuration --> Reporting Server
IBI_REPORT_USER - blank
IBI_REPORT_PASS - blank
IBI_REPORT_SERVER - EDASERVE

MRE Change password:
Change Password: (old password,new password)

edaprint.log
09/05/2011 15:42:41 password,changed,(u=userid)
09/05/2011 15:42:41 connecting cmrpip000018 tscomid=1,sesid=16
09/05/2011 15:42:42 processing cmrpip000018 u=userid,g=group,l=USR
-*********** After changing password then launching report it
-*********** prompt edaserve credential again. Could the password failure below indicate its not passing new password??
-************
09/05/2011 15:43:01 rejected cmrpip000019 u=userid (password failure)

2 questions:
1. Does anyone in the community have the same setting as we do?
Single Signon Authenticating thru MVS(RACF) and is experiencing this issue after change password.

2. Does anyone signon in MRE have the capability for when password expire open a Change Password box to change password instead of (oldpassword,newpassword)?

This message has been edited. Last edited by: Kerry,

quote:

1. Does anyone in the community have the same setting as we do?
Single Signon Authenticating thru MVS(RACF) and is experiencing this issue after change password.

I've done this for clients int he past with the same or similar arch. I would make this a two step process. a) change the password, b) logon to the MRE. You can easily do this be creating your own password change screen, and perform the change password through an Ajax request. If the results of the request are ok, then force a logon to the MRE application (using Javascript). If you try to do this in one step, then the cookie's will see the "oldpassword,newpassword" as the whole password and continue to force a logon for the subsequent requests.

quote:

2. Does anyone signon in MRE have the capability for when password expire open a Change Password box to change password instead of (oldpassword,newpassword)?

This might be in violation of your companies security policy. In 99.9% of the places I've done work for, you are to tell the user as little as possible when they are trying to log in to a system ... especially on a MF. Verify that you are allowed to do this and then open a problem ticket with CSS. This was possible - with version 7.6 - and I did this for a customer a few years ago. However, I do not remember the necessary steps. CSS helped me back then, so they should be able to help you now.

I had the customer sign a waiver before I put the code in production. They had to assume all responsibility for giving away too much information for an invalid logon.

Thanks Dhagen!!

I'll talk to our Infrastructure group about your solutions.

Always appreciate your help.