Symantec Access Management

  • Private Community

  • 1.  Siteminder Password Policy

    Posted Feb 23, 2018 08:52 AM

    Hello All, 

     

    Greetings !!

     

    Need explanation on this ? when does the disable flag changes to 1, 16777217 & 16777218. Account is disabled for all the cases and the SMAUTHREASON code is 7 for all the cases. 

     

    Disable Flag = 0 (User profile is active)

               = 1 ( Disabled by Administrator)

               = 2 (Account locked out)

         = 4 (Expired due to inactivity)

               = 8 (Expired due to inactivity)

               = 16777216 (force change password mode)

    =16777217 (Account is disabled and user must change their PW)

    16777216+2 = 16777218   (force change password mode + Account locked out)

     

     

    Can you please elloborate on this ?



  • 2.  Re: Siteminder Password Policy

    Posted Feb 26, 2018 05:59 AM

    Can anyone answer my question ? 



  • 3.  Re: Siteminder Password Policy

    Posted Feb 26, 2018 07:41 AM

    Dont think of the the siteminder disabled flag as an integer.  Think of it as a bitmask.   If the value of the first bit is 0, the user is "enabled" if the first bit is 1 the user is disabled.   If the second bit is 0 user is not locked out, if the second bit is 1 the user is locked out, and so on.  16777216 I believe is the 8th bit   it will be either enabled (1) or not(0) 

     

    you can have multiple values enabled inside of a single bitmask.



  • 4.  Re: Siteminder Password Policy

    Posted Feb 27, 2018 02:48 AM

    Hi Sandeep,

     

    Refer : Policy Server :: Disable Flag : SmAuthReason - CA Knowledge 

     

    Regards,

    Leo Joseph.