Layer7 Access Management

Tech Tip : CA Single Sign-On : AD Old Password Still Accepted

  • 1.  Tech Tip : CA Single Sign-On : AD Old Password Still Accepted

    Posted 01-02-2017 04:43 AM

    Issue:

     

    We have recently implemented a change password mechanism using smpwservices.fcc for a new application. It is working as expected and if I logoff and logon with new credentials everything seem to work fine.

     

    The problem is that (for a certain period of time) I'm able to login with old credentials too. Why is this possible? Is it a caching issue? How can I force Siteminder to accept only the new credentials?


    Cause:

     

    This is expected as AD will keep old password valid for some time:

     

    https://support.microsoft.com/en-us/kb/906305


    Resolution:

     

    Product is working as designed.

     

    Delay is in 'new password' propagation in AD infrastructure

     

    KB : TEC1080524