Home Forums CA Single Sign-On [RESOLVED] CA SSO: 12.52.101.640 – Expired user able to login

This topic contains 2 replies, has 2 voices, and was last updated by  Dhilip 7 months, 2 weeks ago.

  • Author
    Posts
  • #923

    Dhilip
    Participant

    Hi Ujwol,

    In 12.52.101.640 version, I could see that siteminder is allowing authentication for the password expired user (but with Response Code/Reason as 1).

    While testing the same user in 12.52.105.2113, user is not getting authenticated with the response code 19.

    Response Codes:
    Sm_Api_Reason_PwMustChange = 1
    Sm_Api_Reason_PwExpired = 19

    Could you please let me know if any fix related to this issue (expired user able to login) has been provided (in 12.52.105.2113 or any CR after 12.52.101.640)?

    Thanks,
    Dhilip

    • This topic was modified 7 months, 2 weeks ago by  ujwols.
  • #926

    ujwols
    Keymaster

    Hi Dilip,

    Yes, there has been some changes around this in CR5/CR6 in an attempt to fix this password expired use case but the changes were NOT complete.

    The expected result for password expired use case (AD error code : data 532) is :

    1. If Enhance AD Enabled:
    smauthreason=19 , redirection to smpwservices.fcc for forcing the user to change password.

    2. If Enhanced AD Disabled:
    smauthreason=0, redirection to login.fcc (failed login)

    Please note this expired password fix is finally delivered(complete) in 12.52SP1CR8

    Regards,
    Ujwol

    • This reply was modified 7 months, 2 weeks ago by  ujwols.
  • #929

    Dhilip
    Participant

    Hi Ujwol,

    Thanks for your response.

    Regards,
    Dhilip

You must be logged in to reply to this topic.