I'm running a Web Agent, and when a given user is requested to change its password, it gets in the browser the result of the login.unauth instead of getting the Password Change page.

Article Id: 7206
Status: Published
Updated On: 14-02-2018 08:13
Legacy Id: TEC1288394
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On
Issue/Introduction:

I'm running a Web Agent, and when a given user is requested to change its password, it gets in the browser the result of the login.unauth instead of getting the Password Change page. 

The browser requests the test.html and then the browser gets redirected to the login.fcc:

 

  GET http://myserver.mydomain.com/test.html

 

  HTTP/1.1 302 HTTP/1.1 302 Object Moved 

  Location: /siteminderagent/forms/login.fcc?TYPE=33554433 

  &REALMOID=06-1d15881a-59ea-432e-99fb-7a3a183889b9&GUID=&SMAUTHREASON=0&METHOD=GET 

  &SMAGENTNAME=-SM-UN5B9%2b%2bUaODsdH7xRrVd4Siof%2fvudzKh2fbWK90tNhY0h26hSuC9UPFart 

  ua94SX&TARGET=-SM-http%3a%2f%2fmyserver%2emydomain%2ecom%2ftest%2ehtml

  Date: Fri, 03 Mar 2017 09:10:59 GMT 

 

Then the browser POST the credentials to that page, and the browser receives 2 SMTRYNO cookie:

 

  POST /siteminderagent/forms/login.fcc?TYPE=33554433&REALMOID=06-1d15881a-59ea-432e-99fb 

  -7a3a183889b9&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-UN5B9%2b%2bUaODsdH7xRrVd4Sio 

  f%2fvudzKh2fbWK90tNhY0h26hSuC9UPFartua94SX&TARGET=

  -SM-http%3a%2f%2fmyserver%2emydomain%2ecom%2ftest%2ehtml HTTP/1.1 

 

  set-cookie: SMTRYNO=1; path=/; domain=.mydomain.com 

  set-cookie: SMTRYNO=; expires=Sun, 04 Sep 2016 09:11:10 GMT; path=/; domain=.mydomain.com 

  X-Powered-By: ASP.NET 

 

  Account Information 

  Your credentials are not valid for http://myserver.mydomain.com/test.html

  Please contact your Security Administrator or Help Desk.

 

The Web Agent reports an error handling the tryno count and exiting with a failure. 

 

  [4424/5108][Fri Mar 03 2017 10:11:10][CSmHighLevelAgent.cpp:1270][ERROR] 

  [sm-AgentFramework-00420] HLA: Component reported fatal error: 'Authentication Manager'. 

 

Why does the user gets redirected to the password change page? How can I solve this issue?

 

Environment:

Policy Server 12.6SP1CR00 on Windows 2012; Policy Server JDK jdk1.8.0_102 64bit; Web Agent 12.52SP1CR06 on Windows 2012; User Store on Active Directory;

Resolution:

  Upgrade Policy Server to 12.6.02 to fix this issue; 

 

  00474687 DE250284 COMPONENT fails to prompt user to change the 

  password though it expired, and accepts the expired 

  login credentials 

 

Documentation - Defects fixed in R12.6.02