Disabled Flag 1 redirects to default Password Services in Federation

book

Article ID: 242763

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When running CA Access Gateway (SPS), if the user's account is locked (Disable Flag = 1), then the browser gets redirected to the default smpwservices.fcc and not to the custom Password Policy Redirect URL page defined.

 

Environment

 

  CA Access Gateway (SPS) 12.8SP5 on RedHat 8;
  Policy Server 12.8SP5 on RedHat 7;

 

Resolution

 

As a Service Provider (SP), the Policy Server doesn't process the user's password as it trusts the authentication occurs at the Identity Provider side (IdP).

However, the SP side still checks the account status given by the Disabled Flag value. When the account is disabled, the Policy Server (from version 12.8SP7) redirects to the default Password Services page instead of giving back a 500 error.