Getting SMAUTHREASON 7 for SMDISABLE_FALG value 4 for inactive user status
search cancel

Getting SMAUTHREASON 7 for SMDISABLE_FALG value 4 for inactive user status

book

Article ID: 116826

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're running a Policy Server, this one set SMAUTHREASON value to 7 when 
SMDISABLE_FLAG is set to 4. As per your understanding, Policy Server 
should instead return SMAUTHREASON value to 25 instead. 

We want to  know why we get this. 

Environment

Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:

Resolution

Use the correct use case to get the smauthreason 25 and disable flag
set to 4.

Don't modify manually the disable flag value outside the use of
AdminUI.

Configure the password policies as :

  Password expires from inactivity.
  After days    1 
  Disable user 

Then 

1. Using the AdminUI, enable the user "[email protected]";
   insure you have the right password;

2. Insure that the User Store has an attribute for password data;

3. Implement a password policy that will disable the user when the
   user exceed 1 day of inactivity;

4. Log once successfully into the application with the user
   "[email protected]";

5. Wait for more than 24 hours and simulate it by setting the 
   Policy Server date to 2 days ahead; 

6. Log again with the expected password into the application with the 
   user "[email protected]" and then the browser gets the 
   message as the account is disabled for inactivity and the 
   SMAUTHREASON in the browser url is set to 25. The user's disable 
   flag is then set to 4. 

   The "disable for inactivity" function of the 
   Password Policy needs a first successful login.