search cancel

User initiated password change not working as expected


Article ID: 54098


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



When a user initiates a password change and enters their wrong current password , this results in the user being presented with the login page again, instead of being presented with page explaining that they have entered the incorrect current password.

When a user does enter a incorrect current password, this results in a SMAUTHREASON=22 being generated, which represents Sm_Api_Reason_BadPWChange from SMAUTHREASON codes.


In the SM.REGISRTY, there is under HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer, a setting "DisallowForceLogin". When this key is enabled by setting the value to 0x1, the Policy Server will display the wrong old password error message rather then re-directing users back the login page.

If the key value is other than 0x1 or it does not exist, this feature will be disabled.
Note: This key is disabled by default. There are three cases affected by the DisallowForceLogin value.

  • Force password change or password expired.
  • Self Password change.
  • Optional password change.


Component: SMPLC