We have protected the WAM UI using Siteminder.

The document used for reference is under

https://support.ca.com/irj/portal/anonymous/kbtech?searchID=TEC569112&docid=569112&bypass=yes&fromscreen=kbresults 

But after entering the password incorrectly 3 times - the WAM UI redirects the user to a error screen.

But it does not lock out the user: if the user tries with the correct password the user will be able to login again.

When Administrative Authentication is configured for WAMUI, WAMUI creates a User Directory object along with Domain for protecting the WAMUI for performing authentication and authorization. WAMUI hides this User Directory object from displaying by verifying if description has * Please do not edit this - used by SM Auth domain * text. Hence we will not be able to apply password polices for his User Directory which is causing auditing issues.

This issue is resolved in SiteMinder 12.51 CR05 and in 12.52SP1CR01

Release notes :

https://docops.ca.com/ca-single-sign-on/12-51/en/release-notes/cumulative-releases-for-12-51/defects-fixed-in-ca-siteminder-12-51-cr05#DefectsFixedinCASiteMinder12.51CR05-PolicyServer

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr01#DefectsFixedin12.52SP1CR01-PolicyServer