When running CA Access Gateway (SPS), if the user's account is locked (Disable Flag = 1), then the browser gets redirected to the default smpwservices.fcc and not to the custom Password Policy Redirect URL page defined.
CA Access Gateway (SPS) 12.8SP5 on RedHat 8;
Policy Server 12.8SP5 on RedHat 7;
As a Service Provider (SP), the Policy Server doesn't process the user's password as it trusts the authentication occurs at the Identity Provider side (IdP).
However, the SP side still checks the account status given by the Disabled Flag value. When the account is disabled, the Policy Server (from version 12.8SP7) redirects to the default Password Services page instead of giving back a 500 error.