SMUSRMSG does not have account locked message

book

Article ID: 199690

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Web Agent, and when user tries over the max of 4 login
attempt (Authreason=24), the SMUSRMSG cookies keeps returning :

  "Invalid credential. Please retry.."

How can we have a more specific message here as "Max login attempts
reached ..." ?

 

Resolution

 

At first glance, the behavior is the one you see out of the box. The
SMUSRMSG cookie will be produced on the following 2 use cases only :

  Introduction to SMUSRMSG Cookie

    I. User Password is expired. The cookie contains reason indicating
       why cookie expired.

    II. During Force Password change flow when the new password doesn't
        meet the password complexity requirement. The cookie contains
        reason that explains why the new password failed to be set against
        the password policy.

  https://knowledge.broadcom.com/external/article?articleId=13812

and from documentation :

  How Response Attributes Work with Web Agents
  https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/configuring/web-agent-configuration/web-application-protection/how-response-attributes-work-with-web-agents.html

So in order to get the specific message you need, you have to
implement SmAuthenticationContext.setUserText() API in the Custom
Authentication Scheme.