Hi Karthick,
Please find my answers below :
- Does SMTRYNO cookie set default by Siteminder?
Ujwol => Yes, this is set by CA SSO web agent automatically If , the login page (login.fcc) has @smretries directive set to a value >0
Reference : Configure HTML Forms Authentication - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
smretries
Indicates the number of times a browser can try to log in. This directive acts as a counter; it is not a security mechanism. If you set this directive to 0, the number of log-in attempts is unlimited. If you set the number to 1 or greater, that indicates the number of log-in retries allowed. After you reach the limit, the browser displays the DynamicRetry.unauth page. This page can display a configured message explaining why the login failed. For smretries to be useful, configure this unauthorized file.
You can use smretries to improve the user experience, for example:
After a failed log-in attempt, you can display a message in the browser instructing the user what action to take.
After a specific number is reached, display an invalid login message and redirect the user back to the login page to try again.
Note: If users log in using a POST to an .fcc form, it appears that the user is given more attempts to log in beyond the value of the smretries directive. However, the user is allowed access only if they enter valid credentials within the number of attempts allowed by smretries.
If you use the smretries directive in the login.fcc file, the Web Agent updates the SMTRYNO cookie in the browser for each failed login attempt. This cookie tracks the current number of failed login attempts. You can make your login.fcc form intelligent by adding javascript that looks for the SMTRYNO cookie then displays a message in the login screen itself.
@username=%USER%
@smretries=1
<html>
<head><title>Sample Login Form</title><head>
<body>
<h3> Please enter your login credentials</h3>
<form method=post><table>
<tr>
<td>User Name</td>
<td><input type=text name=USER></td>
</tr>
<tr>
<td>Password</td>
<td><input type=password name=PASSWORD></td>
</tr>
<input type=hidden name=target value="$$target$$">
<input type=hidden name=smauthreason value="$$smauthreason$$">
<tr><td><input type=submit></td></tr>
</table></form></body>
</html>
- Does this SMTRYNO won't be set, if we would change the FCCCompatMode=YES in ACO?
Ujwol => It will still set the SMTRYNO cookie , as long as you have @smretries directive in login.fcc
- Does SMTRYNO is set for all type of authentication scheme or only for HTML form based authentication scheme?
Ujwol => It is set only for HTLM form based authentication scheme.
- Is there any section in Siteminder documentation to check on this SMTRYNO or other cookies to understand it? It would be helpful for me.
Ujwol => For SMTRYNO refer : Configure HTML Forms Authentication - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation For any other cookies please refer to documentation. If you couldn't find details of any specific cookie , let me know.
Regards,
Ujwol