Get LDAP return code in login page

book

Article ID: 52679

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

I would like to know how to retrieve the real LDAP error code or message returned by the user directory during an authentication step and be able display it in a login page. How could I do it?

Solution:

LDAP return code is not sent to the webagent. It is limited to policy server and thus, webagent won't be able to retrieve those values. Policy server only returns different smauthreason values which can be captured at the webagent side.

  • A way you could get the true directory return code would be by redirecting the user to a custom page which then bypasses SiteMinder and makes a direct calls;

  • You can also take a look at OnAuthAttempt events to send a response url redirects, http responses or smauthreason variable, even fcc can get the reason from one of these sources and show it;

  • If you only need to display a username/password invalid type of message then you could do so by checking the SMTRYNO cookie by scripting.

Environment

Release:
Component: SMPLC