PasswordMustChange flag is reset even if the SiteMinder Password Services password change fails with AD integration turned on.

book

Article ID: 53236

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

With SiteMinder Policy Server 6.0-Sp5-CR-22 on Windows Server 2003 and Active Directory 2003 (AD namespace) as User Store and Enhanced Active Directory Integration turned on; During a user's password change - User Must Change password at Next Login, if the new password does not meet the complexity requirements of the directory, the password change fails. But, the "User Must Change Password at next logon" (pwdLastSet attribute) flag is reset, Allowing the user to successfully authenticate using the old password next time login.

NOTE: The same problem is also encountered when password is expired and password change fails.

Solution:

The issue has been fixed in SiteMinder policy server Version 6.0-SP5-CR25 via CQ- 79852.

Environment

Release:
Component: SMPLC