During monitoring of logs, I am coming across this authreasoncode: ErrorMessageIsRedirect a lot of times. I am looking for some help to understand this code better.
Also I have the list of siteminder authreason codes but don't have the exact details as to what that means and why it occurs though some of them are obvious by their names. Is there any documentation for the same?
SiteMinder returns reason codes for failed authentication
The basic control flow relating to the Disabled Flag attribute during user authentication is:
Note that certain system errors during the above processing would cause Sm_Api_Reason_UnknownUser to be returned.
It should be apparent from the above sequence that the Sm_Api_Disabled_PWMustChange status bit might be set during an authentication attempt and a subsequent attempt could cause a disabled bit to then be set as well. Also, the Admin UI can be used to set/clear the Sm_Api_Disabled_PWMustChange status bit for a user independently of the state of any of the other bits.
When Directory Mapping is used then during user's authorization phase the Disabled Flag attribute for the user is refetched/recalculated. If any of the disabled bits covered by Sm_Api_Disabled_DisabledMask are set, authorization fails with the reason code Sm_Api_Reason_UserDisabled (7).
Appendix : SmAuthReason:
Sm_Api_Reason_None = 0 Sm_Api_Reason_PwMustChange = 1 Sm_Api_Reason_InvalidSession = 2 Sm_Api_Reason_RevokedSession = 3 Sm_Api_Reason_ExpiredSession = 4 Sm_Api_Reason_AuthLevelTooLow = 5 Sm_Api_Reason_UnknownUser = 6 Sm_Api_Reason_UserDisabled = 7 Sm_Api_Reason_InvalidSessionId = 8 Sm_Api_Reason_InvalidSessionIp = 9 Sm_Api_Reason_CertificateRevoked = 10 Sm_Api_Reason_CRLOutOfDate = 11 Sm_Api_Reason_CertRevokedKeyCompromised = 12 Sm_Api_Reason_CertRevokedAffiliationChange = 13 Sm_Api_Reason_CertOnHold = 14 Sm_Api_Reason_TokenCardChallenge = 15 Sm_Api_Reason_ImpersonatedUserNotInDir = 16 Sm_Api_Reason_Anonymous = 17 Sm_Api_Reason_PwWillExpire = 18 Sm_Api_Reason_PwExpired = 19 Sm_Api_Reason_ImmedPWChangeRequired = 20 Sm_Api_Reason_PWChangeFailed = 21 Sm_Api_Reason_BadPWChange = 22 Sm_Api_Reason_PWChangeAccepted = 23 Sm_Api_Reason_ExcessiveFailedLoginAttempts = 24 Sm_Api_Reason_AccountInactivity = 25 Sm_Api_Reason_NoRedirectConfigured = 26 Sm_Api_Reason_ErrorMessageIsRedirect = 27 Sm_Api_Reason_Next_Tokencode = 28 Sm_Api_Reason_New_PIN_Select = 29 Sm_Api_Reason_New_PIN_Sys_Tokencode = 30 Sm_Api_Reason_New_User_PIN_Tokencode = 31 Sm_Api_Reason_New_PIN_Accepted = 32 Sm_Api_Reason_Guest = 33 Sm_Api_Reason_PWSelfChange = 34 Sm_Api_Reason_ServerException = 35 Sm_Api_Reason_UnknownScheme = 36 Sm_Api_Reason_UnsupportedScheme = 37 Sm_Api_Reason_Misconfigured = 38 Sm_Api_Reason_BufferOverflow = 39 Sm_Api_Reason_SetPersistentSessionFailed = 40 Sm_Api_Reason_UserLogout = 41 Sm_Api_Reason_IdleSession = 42 Sm_Api_Reason_PolicyServerEnforcedTimeout = 43 Sm_Api_Reason_PolicyServerEnforcedIdle = 44 Sm_Api_Reason_ImpersonationNotAllowed = 45 Sm_Api_Reason_ImpersonationNotAllowedUser = 46 Sm_Api_Reason_FederationNoLoginID = 47 Sm_Api_Reason_FederationUserNotInDir = 48 Sm_Api_Reason_FederationInvalidMessage = 49 Sm_Api_Reason_FederationUnacceptedMessage = 50 Sm_Api_Reason_ADnativeUserDisabled = 51Thanks,Shankar
Thank you so much Shankar.