ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Password Services Default Redirect

book

Article ID: 111841

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

SiteMinder in our environment is not enabled for password management and we are seeing a behavior that we would like to avoid. When the user AD password is reset/forced to change on next login or the password has expired, and the user tries to authenticate through SiteMinder, they are redirected to the SiteMinder password change page. Is this an expected behavior? Is there a way to avoid this change password page (since SiteMinder is not enabled for password management) and just throw some error indidcating user password has expired?

Environment

Release:
Component: SMPLC

Resolution

This behavior is driven by a combination of the authentication attempt return code from the user store and the default password services redirect. The Policy Server is hard-coded with a default password services redirect to /siteminderagent/forms/smpwservices.fcc.  In order to change this location, create the following environment variable on the Policy Server and set the value to the relative path to the page you want displayed for users who are not subject to password policies but who receive any type of password change required return code from a failed authentication attempt:

NETE_PWSERVICES_REDIRECT

In order to pick up this change, the policy server service must be restarted as the environment variables are only read at startup.