Solution : https://service.sap.com/sap/support/notes/454962 (SAP Service marketplace login required)
Summary :
To ensure security integrity, SAP advises setting the “icf/reject_expired_passwd” profile parameter to "1" to block logon attempts using initial or expired user accounts. This setting is effective from kernel 610 patch level 332 and by default in kernel 620. For systems without this patch, the alternative “rfc/reject_expired_passwd” parameter should be configured to the same value, also affecting RFC logons. Refer to SAP Note 19466 for patch transfer details.
Key words :
default logon occurs successfully, expired user account, expired user accounts, http frame work, logon reason, terms http, avoid logging, icf/reject_expired_passwd, profile parameter, icf/reject_expired_passwd = 1
Related Notes :
| 1042274 | Handling initial/expired passwords in ICF |
| 945133 | BSP System Login: Initial/Expired password handling |
| 764908 | ICF: Initial passwords in the ICF framework |
| 622464 | |
| 517860 | Logging on to BSP applications |
| 320991 |