13 Enabling Long Passwords in EnterpriseOne

This chapter contains the following topics:

Note:

In EnterpriseOne Tools 9.2, in addition to the feature for enabling long passwords, Oracle provides an option to enable the creation of long user IDs up to 254 characters in length. The Long Password and Long User features are autonomous, that is, you can enable one without enabling the other. For more information about enabling long user ID support in EnterpriseOne, see Chapter 10, "Setting Up Long User IDs in EnterpriseOne."

13.1 Understanding the Long Password Feature

As with releases prior to EnterpriseOne Tools 9.2, out of the box, EnterpriseOne passwords are limited to a maximum of 10 characters (referred to as "short" passwords in this chapter). With EnterpriseOne Tools 9.2, administrators have the OPTION to enable the Long Password feature, which enables users to create case sensitive passwords up to a maximum of 40 characters.

To create and revise short passwords, you use P98OWSEC. To enable the Long Password feature and create long passwords, you use P98LPSEC. When the Long Password feature is enabled, P98OWSEC is no longer accessible in EnterpriseOne; users and administrators must access P98LPSEC to change their long passwords.

13.1.1 Understanding Password Policy Rules When the Long Password Feature is Enabled

If the Long Password feature is not enabled, password policy rules for short passwords are defined in the P98OWSEC processing options. For User Profile Self-Service application (P0092SS) users, the password policy rules are defined in the Global Password Policy form.

As part of enabling the Long Password feature, EnterpriseOne detects if there are existing password policy rules defined in the P98OWSEC processing options and migrates these rules into the Global Password Policy form. The system then uses the rules defined in the Global Password Policy form for all EnterpriseOne users, including P0092SS users. This establishes a single set of password policy rules for passwords for easier maintenance.

You can define the following rules for long passwords in the Global Password Policy form:

  • Minimum Password Length

  • Minimum Number of Numerics

  • Maximum Consecutive Characters

  • Minimum Number of Characters

  • Minimum Number of Special Characters

Caution:

Remember that long passwords are case sensitive. EnterpriseOne checks the case of password characters when the Long Password feature is enabled.

13.1.2 EnterpriseOne Systems and Integrations that Support Long Passwords

When the Long Password feature is enabled, most EnterpriseOne systems that require EnterpriseOne credentials for access or for processing will accept long passwords. This includes but is not limited to the following features and functionality:

  • EnterpriseOne web client and EnterpriseOne Windows client.

  • Server Manager Console.

    The Server Manager Console supports long passwords, but it does not support long user IDs. If the Long User feature is enabled, Server Manager users must continue to use a short user ID.

  • Transactions and reports that require credentials for processing.

  • EnterpriseOne auditing features including the auditing of security records and 21 CFR auditing.

  • Single sign-on configurations, including single sign-on with Oracle Access Manager (OAM).

  • EnterpriseOne configurations with LDAP systems for managing users. An LDAP configuration does require specific settings for supporting long passwords. See Chapter 14, "Enabling LDAP Support in JD Edwards EnterpriseOne" for details.

  • Other EnterpriseOne systems or components that requires user credentials for access or processing, such as the Scheduler application, the Configuration Assistant and Change Assistant, RUNUBE and RUNUBEXML, the wizard for developing business services, EnterpriseOne mobile clients and supported tablet clients, and so forth.

13.1.2.1 Considerations for an EnterpriseOne Multiple Foundation Configuration

If you plan to enable both the Long User feature and Long Password feature in a multiple foundation configuration, you must perform additional configuration steps before enabling the Long Password feature.

13.2 Prerequisites for a Multiple Foundation Setup

Before you enable the Long Password feature, you must perform the steps in this section depending on your configuration scenario:

Scenario 1

If you have enabled the Long Password feature and if you have more than one EnterpriseOne Enterprise Server sharing the same F98OWSEC table, you must update all Enterprise Servers to EnterpriseOne Tools 9.2 to support both long user IDs and long passwords.

Scenario 2

If you want to enable the Long Password feature and you do not update all EnterpriseOne Enterprise Servers to EnterpriseOne Tools 9.2, then you need to create two Security Server data sources: one for Enterprise Servers on Tools 9.2 and one for Enterprise Servers on a release prior to EnterpriseOne Tools 9.2. In this multiple foundation setup, only the Enterprise Servers on EnterpriseOne Tools 9.2 will support long user IDs and long passwords. For this type of configuration, you must perform the following steps before enabling the Long Password feature:

  1. Create an additional (new) system data source, for example:

    SYSTEM - 900MF or SYSTEM - 910MF or SYSTEM - 920MF

  2. Copy the following security tables to this new data source:

    F0092, F00921, F00927, F0093, F00941, F9312, F98OWPU, F98OWSEC, F0092L

  3. Change the SYSTEM and Server Map in all environments with EnterpriseOne Tools 9.2 and above so that the following tables are pointed to the newly created data source (SYSTEM - 900MF or SYSTEM - 910MF or SYSTEM - 920MF):

    F98OWSEC, F00921, F98OWPU, F0092, F00927

    Caution:

    Do not create any OCM mappings (client or server) that point to the newly created data source. Only change the records for the preceding tables to point to new data source in existing SYSTEM and Server Maps.
  4. On the Security Server on EnterpriseOne Tools 9.2 or above, change the Boot Strap Data Source to point to the newly created data source. To do so, use Server Manager to locate and update the following setting, which is a setting in the jde.ini file on the Security Server.

    [SECURITY]

    DataSource=<new data source name>

13.3 Enabling the Long Password Feature

Enabling the Long Password feature allows users to create passwords up to a maximum of 40 characters. After the Long Password feature is enabled:

  • P98OWSEC is disabled and EnterpriseOne directs you to P98LPSEC to create and manage user sign-in security records.

    P98LPSEC contains the same features and functionality as P98OWSEC. Therefore, when working with user sign-in security in P98LPSEC, you can refer to the steps in Chapter 12, "Setting Up User Sign-in Security" in this guide.

  • Users can continue to use their existing "short" passwords for sign-in, as long as their passwords meet the criteria defined in the password policies.

  • After this feature is enabled, an administrator must use the Global Password Policy form to modify password policies.

To enable the long password feature:

  1. Access P98LPSEC.

  2. On Enable Long Password, select the Enable Long Password check box.

  3. Click Submit.

  4. On the Confirmation dialog box, click Yes if you want to continue and enable the Long Password feature.

    The Confirmation box informs you that the feature cannot be disabled after it is enabled.

    It also displays a notice if it detects that password rules have been set up for P0092SS, and informs you that these password rules will be overridden with password rules defined in the processing options in P98OWSEC.

    EnterpriseOne displays the Global Password Policy form with the values automatically migrated from the password policy processing options in P98OWSEC.

  5. On Global Password Policy, define the password rules for long passwords by completing the following fields:

    • Minimum Password Length. The minimum password length that the system allows when a user changes his or her password.

    • Minimum Number of Numerics. The minimum number of numeric characters that each password must contain. For example, if you enter 3 in this field, the system allows the passwords h584htnuud and h584htn6ud, but does not allow the password h5h4htnuud.

    • Maximum Consecutive Characters. A value that indicates the maximum number of identical, consecutive characters that the system allows users to include in their passwords. For example, if you set this value to 2, the system allows Tops or Tools but not Bosss.

    • Minimum Number of Characters. The minimum number of characters that the system allows in a password.

    • Minimum Number of Special Characters. The minimum number of special characters that the system allows in a password. If you leave this blank, users have the option to include special characters, but are not required to do so.

      Caution:

      If you update a password rule that prevents users from using an existing password, then you must use the "Force Immediate Password Change" option to force users to change their passwords during the next sign on. See Revising All User Sign-in Security.
  6. Click OK to save the password policy rules.

  7. Access Server Manager and restart the EnterpriseOne Enterprise Server and the EnterpriseOne HTML Server for the changes to take effect.

To verify that the Long Password feature has been enabled:

  1. On an EnterpriseOne Windows client, access the Universal Table Browser.

  2. On Table and Data Source Selection, select Open Table from the File menu.

  3. On Table and Data Source Selection, complete these fields:

    • Table. Enter F98OWSEC.

    • Data Source. Enter the data source in which you enabled the Long Password feature.

  4. In the F98OWSEC table, verify that the first record contains a value of *LPENABLE, which indicates that the Long Password feature is enabled.

    Also, if the second row contains a *POLICY record, this indicates that global password policies have been migrated from the processing options in P98OWSEC.

13.4 Changing Long Passwords

After the Long Password feature is enabled, administrators and users are directed to P98LPSEC application instead of P98OWSEC to update long passwords. Users and administrators can update long passwords according to the rules defined in the Global Password Policy form.

To update a long password:

  1. On Work With User Security (P98LPSEC), to change the password of a user, enter the user ID of the user in the User ID/Role field and click the Find button.

    You can also enter a long user ID if the system has been enabled for long user IDs.

  2. On the tree in the left area, select the user ID.

  3. From the Form menu, select Admin Passwords Rev.

  4. On Administration Password Revisions, complete the following items:

    • User ID. This field contains the user ID selected on the Work With User Security form.

    • New Password. Enter a new password.

    • New Password - Verify. Enter the password again to verify it.

    • Force Immediate Password Change. Click this check box to force the user to change the password during the next sign-in.

    • Change Password in Scheduler Table. This check box is selected by default. This ensures that the new password is accepted by the Scheduler application.

  5. Click OK.

13.5 Modifying Password Rules for Long Passwords

When the Long Password feature is enabled, use the Global Password Policy form to create password rules for all users in EnterpriseOne including User Profile Self-Service application (P0092SS) users.

Note:

If the Long Password feature is not enabled, than the rules defined in this application apply only to User Profile Self-Service application users.

To modify or customize password rules:

  1. Access P98OWSEC.

  2. On With User Security, select the Form menu, GlobalPasswordPolic.

  3. On Global Password Policy, complete the following fields to set up password rules:

    • Minimum Password Length

    • Minimum Number of Numerics

    • Maximum Consecutive Characters

    • Minimum Number of Characters

    • Minimum Number of Special Characters

  4. Click OK.