ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Impossible to create a password policy with AD userDir in AD namespace

book

Article ID: 187442

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction


We're running a Policy Server with AdminUI and we'd like to create

Password Policies in the AdminUI, when the Active Directory already
manage its own Password Policies.

To achieve this, we haven't set a User Directory attribute to handle
the Password Blob, and as such, the AdminUI reports error :

  Error: [General] The chosen "User Directory" is not configured to
  setup password policies. It should have a valid "Blob attribute".

How can we fix this ?

Cause


At first glance, you can't mix both Password Policies when integrating

SiteMinder with Active Directory. As per the following KD :

Policy Server :: Active Directory : Password Policies

  "The directory server's own account status takes precedence over
  anything SiteMinder might configure. Therefore, if the user is
  disabled in Active Directory, no amount of SiteMinderconfiguration
  can fix that."

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=48927

Environment


Policy Server all versions

Resolution


Set no SiteMinder Password Policy and configure the Policy Server

environment variable NETE_PWSERVICES_REDIRECT to a path for the Custom
page hold on Active Directory.