search cancel

Issue with force change password feature


Article ID: 134422


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)



When running a Policy Server, whenever the user is shown force change
password feature, user's employee ID is not getting fetched. The
employee ID is handled by the Identity Manager server.

In some occasions, the password policy redirection to an
Identity Manager password services page fails to the browser with a
"Page Not Found" error and an "Invalid SMTOKEN value" in the smps.log
on the Policy Server.




20 Policy Servers 12.6;
Web Agents 12.52SP1CR09;
IM 12.5 CP11 on WebLogic in cluster mode;




We've seen that the -SM- tag in the SMTOKEN value causes the IM server
not to be able to handle the request.

The addition of the -SM- part in the SMTOKEN in Web Agent 12.52SP1 is
about to be compliant on the security aspect with RFC 3986 around the
presence of {} character in URLs.




To solve this issue and make the IM server to be compliant to that,
you need to upgrade the IM server to version 14.3 and later version.