Password change behavior when FCCCOMPATMODE is set to Yes

search cancel

Password change behavior when FCCCOMPATMODE is set to Yes

book

Article ID: 8386

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We experienced the following behavior, testing the Password Policy when fcccompatmode=yes:

1) we set the user status to change the password at next login;

2) we login using the standard login.fcc, using the user credentials;

3) after login the browser is redirected to the smpwservices.fcc;

4) we post the WRONG password in the old password field;

Instead of remaining on the smpwservices.fcc page, the browser is redirected to the login.fcc without any message;

In terms of user experience, the user does not know if the password was changed or not.

This only happens when fcccompatmode=yes

How can we change that behavior to make the user to remain on smpwservices.fcc page ?

Environment

PS 12.6.1 - Policy Store & User Store on CA directory - on Red Hat CA Gateway 12.6.1

Cause

On a POST to an FCC the FCC will generate a number of cookies. This includes the FORMSCRED cookie which is created when FCCCompatMode is set to the value YES.

This cookie represents the old way of doing forms login and should be considered deprecated. The functionality only exists today to provide backwards compatibility with older SiteMinder installations.

Resolution

The credential collector should be set to a different Web Agent where FCCCOMPAT MODE=NO

Feedback

thumb_up Yes

thumb_down No