search cancel

Web Agent SMTRYNO cookie being reset on browser change

book

Article ID: 76512

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

When looking to implement a message with the number of login attempts
left on the login.fcc page by using smretries & SMTRYNO cookie. The
message is being displayed fine when the user is in the same browser
but the SMTRYNO value is being reset when they close and reopen the
browser again, or switch to a different browser, which causes to show
the wrong message. How can the remaining login attempts be get to show
the message properly ?

 

Environment

 

CA Access Gateway (SPS) all versions
Web Agent all versions

 

Resolution

 

Note that smretries and SMTRYNO is like a counter browser-based, which
purpose is to limit the amount of authentication attempts that can be
done on the browser. Then, the SMTRYNO cookie is set in the browser
headers, so when you switch or reopen the browser the count is not
taken into account anymore, as the cookie does not exist in the new
browser opened. This is as per design (1).

Therefore to achieve this implement custom code or find another way to
show the remaining attempts properly.

 

Additional Information

 

(1)

    Configure HTML Forms Authentication

      If you use the smretries directive in the login.fcc file, the Web
      Agent updates the SMTRYNO cookie in the browser for each failed
      login attempt. This cookie tracks the current number of failed login
      attempts. You can make your login.fcc form intelligent by adding
      javascript that looks for the SMTRYNO cookie then displays a message
      in the login screen itself.

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-52-01/configuring/policy-server-configuration/authentication-schemes/configure-html-forms-authentication.html