search cancel

Issue with force change password feature

book

Article ID: 134422

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Agents (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When running a Policy Server, whenever the user is shown force change
password feature, user's employee ID is not getting fetched. The
employee ID is handled by the Identity Manager server.

In some occasions, the password policy redirection to an
Identity Manager password services page fails to the browser with a
"Page Not Found" error and an "Invalid SMTOKEN value" in the smps.log
on the Policy Server.

 

Cause

 

We've seen that the -SM- tag in the SMTOKEN value causes the IM server
not to be able to handle the request.

The addition of the -SM- part in the SMTOKEN in Web Agent 12.52SP1 is
about to be compliant on the security aspect with RFC 3986 around the
presence of {} character in URLs.

 

Environment

 

20 Policy Servers 12.6;
Web Agents 12.52SP1CR09;
IM 12.5 CP11 on WebLogic in cluster mode;

 

Resolution

 

To solve this issue and make the IM server to be compliant to that,
you need to upgrade the IM server to version 14.3 and later version.