CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
SiteMinder in our environment is not enabled for password management and we are seeing a behavior that we would like to avoid. When the user AD password is reset/forced to change on next login or the password has expired, and the user tries to authenticate through SiteMinder, they are redirected to the SiteMinder password change page. Is this an expected behavior? Is there a way to avoid this change password page (since SiteMinder is not enabled for password management) and just throw some error indidcating user password has expired?
Release: Component: SMPLC
This behavior is driven by a combination of the authentication attempt return code from the user store and the default password services redirect. The Policy Server is hard-coded with a default password services redirect to /siteminderagent/forms/smpwservices.fcc. In order to change this location, create the following environment variable on the Policy Server and set the value to the relative path to the page you want displayed for users who are not subject to password policies but who receive any type of password change required return code from a failed authentication attempt:
In order to pick up this change, the policy server service must be restarted as the environment variables are only read at startup.