The TPX Security Action Message Table (SAMT) is used to determine the action that TPX should take when a message is returned from external security.  
This table is meant to be customized by the TPX administrator.

To minimize the amount of information a userid/password response returns, we don't confirm that the userid entered is valid and return a generic "Invalid credentials".
In certain instances though (when the userid/password combination is valid) there are messages that might be beneficial to return to the user, such as when;
a user attempts to change a password before it is allowed:

ACF00136  NEW PASSWORD NOT SET - CURRENT PASSWORD MUST BE KEPT FOR min DAYS

Is there a set of message ids we could add to the SAMT to provide useful feedback to the legitimate requestor while maintaining our general posture
of not returning information about the condition/existence of a userid if the password is not valid?

Release: 5.4
Component: TPX For Z/OS

TPX administrator should work in conjunction with the ACF2 administrator to identify what actions are desired for any specific ACF2 message, for your site, then update the ACF2 SAMT accordingly.
Best practice is to create a new SAMT copy of the ACF2 SAMT and not modify the default SAMT. This can be useful at some later stage if a comparison is needed.
All ACF01xxx type messages can be added to this new SAMT table with the appropriate Action to be performed.