ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Admin DISABLED STATE // Password Policy
Article ID: 132212
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
We're running a Policy Server and we'd like to know which uses cases bring the user to be administratively disabled after login.
Sm_Api_Disabled_AdminDisabled= 0x00000001 = 1
Policy Server all versions
At first glance, the AdminDisabled is set when an operator disabled manually the user in the AdminUI :
Policy Server :: Disable Flag : SmAuthReason The Sm_Api_Disabled_AdminDisabled bit is usually set by using the Admin UI's disable user button; the Policy Server does not set or clear it during normal operations.
But this value can be added to another value for specific reason.
To illustrate :
User with DisableFlag = 0. User can login. User with DisableFlag = 1. User cannot login because the administrator disabled it manually from the AdminUI. User with DisableFlag = 3. User tried x times to login with incorrect credentials, and it has been disabled.
Looking at the screenshots, you've configured the user to be disabled if it tries 5 times to login without the expected credentials.