We're running a Policy Server and an ODBC User Store, and we'd like to
know how can we get the SMAUTHREASON value based on Disabled
flags. If we have some Disabled flags with 1002 or 1001 or 3002 what
is the authreason value will return it ?

Policy Server all versions

The values 1002, 1001 or 3002 are unknown from SiteMinder as they
aren't generated by the Policy Server. As such, we have no code to
interprete those codes and the result is unpredictable.

For customized SM_disabled_flag there no way to calculate the correct
autheasons. The product works that way. You should let only the Policy
Server manage the value of the Disabled flag. In the following KD,
you'll get the values that Policy Server generates for the disable
flag, and how it calculates the smauthreason accordingly.

  Policy Server :: Disable Flag : SmAuthReason

  https://knowledge.broadcom.com/external/article?articleId=49509

  Policy Server :: Active Directory : SmAuthReason

  https://knowledge.broadcom.com/external/article?articleId=48804

  SMAUTHREASON reason code document
 

  https://knowledge.broadcom.com/external/article?articleId=54936

For Siteminder, 3002 and 1002 are unknown codes neither.

If you need to have the possibility of mapping custom disable flag
(which are not generated from SiteMinder) with smauthreason, we invite
you to submit an Enhancement Request (Idea) :

  1. Go to the "All Ideas" page :
     https://community.broadcom.com/ideation/allideas
  2. Click on the "Add" button.
  3. In the "Select categories...", select "Layer7 Access Management".
  4. Write a title in the "title" box.
  5. Write a complete description of the Enahcement Request or
     Certification you'd like to post.
  6. Click on "Save" to get the Idea submitted !