Description:

When a user initiates a password change and enters their wrong current password , this results in the user being presented with the login page again, instead of being presented with page explaining that they have entered the incorrect current password.

When a user does enter a incorrect current password, this results in a SMAUTHREASON=22 being generated, which represents Sm_Api_Reason_BadPWChange from SMAUTHREASON codes.

Solution:

In the SM.REGISRTY, there is under HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer, a setting "DisallowForceLogin". When this key is enabled by setting the value to 0x1, the Policy Server will display the wrong old password error message rather then re-directing users back the login page.

If the key value is other than 0x1 or it does not exist, this feature will be disabled.
Note: This key is disabled by default. There are three cases affected by the DisallowForceLogin value.

• Force password change or password expired.
• Self Password change.
• Optional password change.