After 6 login attempt, web agent returns error 500

book

Article ID: 117185

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction


We're running Web Agent and have configured password policies, so 

that after 6 wrong password login attempts, then the user should get 
a page saying that the account is locked. Instead, the browser 
receives error 500. 

How can we fix this ?

Cause


The custom login.fcc has @smretries parameter. 


login.fcc 

@smretries=6 

The Web Agent fails to process completely the request because of the 
missing .unauth file. 

WebAgentTrace.log :

1. [31633/3816777472][Thu Sep 27 2018 
   14:48:11][CSmFormTemplateObj.cpp:226][ERROR][sm-HTTPAgent-00370] 
   Error opening form template 
   '/opt/CA/webagent/samples/forms/login.unauth': 
   No such file or directory. 
2. [31633/3816777472][Thu Sep 27 2018 
   14:48:11][CSmResponseManager.cpp:222][ERROR][sm-AgentFramework-00460] 
   HLA: Analyzer from module 'SM_WAF_HTTP_PLUGIN' returned unknown 
   response code '-1' for component 'Response Manager'. 

As the login.fcc uses smretries, then you should define a .unauth 
page. 

  Authentication and a Centralized Login Server 

  Stand–Alone Login Page 

  In this use case, CA Single Sign-On directs users to a stand–alone 
  login page when they request a protected resource. Specifically: 

  The login FCC file is configured with an @directive (@smretries) to 
  redirect users to a failed authentication page (login.unauth) after 
  two failed authentication attempts. 

  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-52-01/implementing/implementing-ca-single-sign-on/authentication-and-a-centralized-login-server.html

Environment


Web Agent 12.52SP1CR09 on Apache 2.4 on RedHat 6

Resolution


- Check how to configure the login.unauth following the tips from this page : 


  Tech Tip : CA Single Sign-On : Display a Message in FCC After a Wrong Login Attempt 
  https://community.broadcom.com/communities/community-home/librarydocuments/viewdocument?DocumentKey=7d969b06-fc43-41c7-8ed0-798b272e3ac0