search cancel

Incorrect old password change redirects to login.fcc


Article ID: 214687


Updated On:


SITEMINDER CA Single Sign On Agents (SiteMinder)



When running Web Agent, if user gives wrong login password when trying
to change its password through a Custom Password Services Page, then
the browser comes back to the Login Page and not on the Custom Change
Password Page. The browser sends a valid SMSESSION cookie.

PWS.fcc is in use to submit the new password :






  Web Agent 12.52SP1CR09 on OHS 12.1.3 on OEL 7;
  Policy server 12.8 on OEL 6;




PWS.fcc is an old deprecated part of the password services which was
originally used by the deprecated smpwservicescgi (1).

Documentation mentions the DisallowForceLogin Registry Key that is
related to the above behavior (2).

Note that out of the box smpwservices.fcc is the default password
services, and DisallowForceLogin will only give precise message to the
smpwservices.fcc. By default, if the old password is wrong, the
browser will be redirected to smpwservices.fcc even without
DisallowForceLogin configured.




Set the DisallowForceLogin to 1 in the Policy Server to solve this


Additional Information



    In the Web Agent 12.52SP1CR01, I don't find smpwservicescgi.exe


    Incorrect Password Message Does Not Appear


 When a user submits a password change request that contains an invalid
 current password, the Password Change Information screen does not open
 with a message stating that the current password is incorrect. Rather,
 the Policy Server redirects the user to:

 - The login screen without the message if an On-Auth-Reject-Redirect
   response is not bound to the policy configured with the user

 - The URL associated with the On-Auth-Reject-Redirect response bound
   to the policy configured with the user directory


 Enable the DisallowForceLogin registry key, which is located at


 Redirects users to the Password Change Information screen to re-enter
 the current password when the change request contains an invalid
 current password.

 Value: 0 (disabled) or 1 (enabled)
 Default: 0 (disabled)