Password Self Service does not work when SiteMinder is integrated with CA Advanced Authentication.
search cancel

Password Self Service does not work when SiteMinder is integrated with CA Advanced Authentication.

book

Article ID: 268084

calendar_today

Updated On:

Products

SITEMINDER CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort) CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

Use case:

User password expired and tries to logon to MFA protected realm.

User gets prompted for username/password and OTP.

Then user is redirected for Password Changed but the password change does not succeed and goes into loop of changing password page.

 

Environment

Release : 12.8.06 (Applicable to all the supported releases)
Release: 9.x (Applicable to all the supported releases)
Component: Policy Server (SMPLC) Integrated with the CA Advanced Authentication.

Cause

adaptershim.ini file had the optional configuration to load other authentication scheme.

AuthSchemeLib=smauthhtml
AuthSchemeParam=https://www.<host name>.<Your domain>/siteminderagent/forms/login.fcc?;ACS=0;REL=1

This overrides the default /arcotlogin/shim.fcc and able to login the user but breaks the password change.

 

Resolution

The configuration worked fine once the above mentioned optional configuration was commented out and when using the default /arcotlogin/shim.fcc