Impossible to create a password policy with AD userDir in AD namespace
search cancel

Impossible to create a password policy with AD userDir in AD namespace

book

Article ID: 187442

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction


We're running a Policy Server with AdminUI and we'd like to create
Password Policies in the AdminUI, when the Active Directory already
manage its own Password Policies.

To achieve this, we haven't set a User Directory attribute to handle
the Password Blob, and as such, the AdminUI reports error :

  Error: [General] The chosen "User Directory" is not configured to
  setup password policies. It should have a valid "Blob attribute".

How can we fix this ?

Environment


Policy Server all versions

Cause


At first glance, you can't mix both Password Policies when integrating
SiteMinder with Active Directory. As per the following KD :

Policy Server :: Active Directory : Password Policies

  "The directory server's own account status takes precedence over
  anything SiteMinder might configure. Therefore, if the user is
  disabled in Active Directory, no amount of SiteMinderconfiguration
  can fix that."

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=48927

Resolution


Set no SiteMinder Password Policy and configure the Policy Server
environment variable NETE_PWSERVICES_REDIRECT to a path for the Custom
page hold on Active Directory.
Powered by Wolken Software