Show TOC

Disabling the Display of Last Logon for HTTP LogonsLocate this document in the navigation structure

Prerequisites

  • You have configured the AS ABAP to support logon with user ID and password.

  • Your system logon uses a logon layout and procedure supported by the last logon popup.

    For more information about system logon, see System Logon.

Context

SAP NetWeaver Application Server (AS) ABAP displays the last logon information as a popup after users successfully log on with user ID and password over HTTP. The system displays the following:

  • Date of last successful logon

    This enables users to confirm that they were indeed the last person to log into their user account. If the user sees a logon event, when the user knows that he or she did not logon, the user should alert the administrator of a security breach.

  • Number of failed logon attempts with user ID and password since the previous successful logon

    This enables users to detect a potential attack on their passwords. If the user sees an unusual number of failed logon attempts, that the user knows he or she did not make, the user should alert the administrator about the activity. The administrator can then refer to the appropriate logs and determine if there is unusual activity. You can configure the system to display only the failed logon attempts and not the successful logons.

    Example

    You see in the security audit logs a systematic attempt to guess passwords (many failed logon attempts) followed by a successful logons. This could indicate an attack on your users. You can then lock accounts that you suspect have been compromised. You can then consider other options, such as, increasing the strength of the password policy or blocking the source of the attacks.

Procedure


  1. Start Maintain Services (transaction SICF).

  2. Select a service or alias.

  3. Choose Display/Change.

  4. Choose Change.

  5. Choose the Error Pages tab.

  6. On the Logon Errors tab, choose the Configuration pushbutton.

  7. Determine which information you want to display.

    • To display on the failed logon attempts, select the Only Failed Logon Attempts checkbox.

      This reduces the number of popups your users must face when logging on to the system. This option is only available after you have enabled the Show Last Logon Attempt checkbox.

    • To stop showing the logon information popups, clear the Show Last Logon Attempt checkbox.

    Note

    If the checkboxes are disabled, the logon layout does not support the last logon popup.

  8. Save your entries.