Policy Server authenticate user in Active Directory even if the User must change its password. No redirection happens.
search cancel

Policy Server authenticate user in Active Directory even if the User must change its password. No redirection happens.

book

Article ID: 7349

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Running Policy Server, when user has Password Expired, then Policy Server authenticate the user.

 

By trouble shooting this issue, we've observed that the Policy Server gets the right code from Active Directory, but the Policy Server authenticate and authorize the user.

 

[12/02/2015][08:00:52][4532][s626/r15][Sm_Auth_Message.cpp:4629][CSm_Auth_Message::SendReply][badal][][][test.one][][][][** Status: Not Authenticated. Password must change. 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 532, v1db1][Badal Root][][][BadalTest][badalagent][Password must change. 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 532, v1db1][eTenet Form Auth-Siteminder][test.one][][]

 

As per the code data 532

HEX: 0x532 - password expired

 

Environment

Policy Server 12.52SP1CR02User Directory Microsoft Active Directory 2008 R2

Resolution

Fix in 12.52 SP1 CR05 

 

00250192 DE101595 The Authreason codes from Policy Server are not same as the AD response irrespective of the status of isADEnhanced.

defects fixed in 1252sp1cr05

Powered by Wolken Software