After 6 login attempt, web agent returns error 500


Article ID: 117185


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We're running Web Agent and have configured password policies, so 

that after 6 wrong password login attempts, then the user should get 
a page saying that the account is locked. Instead, the browser 
receives error 500. 

How can we fix this ?


The custom login.fcc has @smretries parameter. 



The Web Agent fails to process completely the request because of the 
missing .unauth file. 

WebAgentTrace.log :

1. [31633/3816777472][Thu Sep 27 2018 
   Error opening form template 
   No such file or directory. 
2. [31633/3816777472][Thu Sep 27 2018 
   HLA: Analyzer from module 'SM_WAF_HTTP_PLUGIN' returned unknown 
   response code '-1' for component 'Response Manager'. 

As the login.fcc uses smretries, then you should define a .unauth 

  Authentication and a Centralized Login Server 

  Stand–Alone Login Page 

  In this use case, CA Single Sign-On directs users to a stand–alone 
  login page when they request a protected resource. Specifically: 

  The login FCC file is configured with an @directive (@smretries) to 
  redirect users to a failed authentication page (login.unauth) after 
  two failed authentication attempts.


Web Agent 12.52SP1CR09 on Apache 2.4 on RedHat 6


- Check how to configure the login.unauth following the tips from this page : 

  Tech Tip : CA Single Sign-On : Display a Message in FCC After a Wrong Login Attempt