SMTRYNO not working with shim - 2
search cancel

SMTRYNO not working with shim - 2


Article ID: 204142


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Web Agent and we'd like to know why the cookie SMTRYNO
is getting updated on each AuthChallenge call ?

We'd like also to know why the smauthreason 27 is set for all
AuthChallenge ?

Finally, we'd like also to know if there's any other way the number of
attempts remaining/number of failed attempts ?




1. SMTRYNO cookie get updated as it is considered that the full
   authentication hasn't been fully completed yet.

   By returning smauthreason 27, that means that the Policy Server
   hasn't authenticated the user;

2. smauthreason 27 is used in the Advanced Authentication scheme to
   ask the Policy Server and Web Agent to do a redirect.


     The authentication scheme can tell the Policy Server to instruct the
     agent to perform a redirect. To build an authentication scheme that
     provides redirection capabilities, place the URL in the lpszErrMsg
     parameter and return a status code that includes reason code

     For example:

     strcpy (lpszErrMsg, "");

     strcat (lpszErrMsg, lpUserContext->lpszUserName);

     return SM_MAKEAUTH_STATUSVALUE (Sm_AuthApi_Accept,


     This functionality is useful when customizing the workflow of a Web
     application using a standard Agent. However, configuring redirection
     is also useful when using custom agents.

3. There are several ways to retrieve bad password count as stated by this KD :

   Retrieve bad password count