Home Forums CA Single Sign-On how Authentication status and value of SmAuthReason will be decided?

This topic contains 1 reply, has 1 voice, and was last updated by  Dhilip 7 months, 2 weeks ago.

  • Author
    Posts
  • #937

    Dhilip
    Participant

    Hi Ujwol,

    Could you please let me know how Authentication status and value of SmAuthReason will be decided?

    I have two accounts which are expired and are present in different user directory and below are the behavior.

    Case 1:
    User 1 – UD1 – R12.52 SP1 CR01 – Not Authenticated – Response Code : 20
    User 2 – UD2 – R12.52 SP1 CR01 – Authenticated – Response Code : 1

    Case 2:
    User 1 – UD1 – R12.52 SP1 CR05 – Not Authenticated – Response Code : 19
    User 2 – UD2 – R12.52 SP1 CR05 – Not Authenticated – Response Code : 19

    SmAuthReason:
    Sm_Api_Reason_PwMustChange = 1
    Sm_Api_Reason_PwExpired = 19
    Sm_Api_Reason_ImmedPWChangeRequired = 20

    I thought SmAuthReason might depend on LDAP error code. But, when I try to directly bind these two accounts(using ApacheDirectotyStudio), I am getting the same error code(532). Could you please elaborate the reason for the case 1?

    Thanks,
    Dhilip

  • #938

    Dhilip
    Participant

    Hi Ujwol,

    PFB the difference between two directories.

    User Attributes configured in UD1:
    Universal ID
    Disabled Flag
    Password

    User Attributes configured in UD2:
    Universal ID
    Email

    Note : The value of attribute which is configured as Disabled Flag in UD1 is 512, the value of same attribute in UD2 is 512.

    Thanks,
    Dhilip

You must be logged in to reply to this topic.