Symantec Access Management

Expand all | Collapse all

CA SSO: 12.52.101.640 - Expired user able to login

Jump to Best Answer
  • 1.  CA SSO: 12.52.101.640 - Expired user able to login

    Posted 07-10-2018 01:23 AM

    Hi,

     

    In 12.52.101.640 version, I could see that siteminder is allowing authentication for the password expired user (but with Response Code/Reason as 1).

     

    While testing the same user in 12.52.105.2113, user is not getting authenticated with the response code 19.

     

    Response Codes:
    Sm_Api_Reason_PwMustChange = 1
    Sm_Api_Reason_PwExpired = 19

     

    Could you please let me know if any fix related to this issue (expired user able to login) has been provided (in 12.52.105.2113 or any CR after 12.52.101.640)? I tried to find the known issues section of 12.52 CR1 but not able to find the exact link.

     

    Thanks,
    Dhilip



  • 2.  Re: CA SSO: 12.52.101.640 - Expired user able to login

    Posted 07-10-2018 01:31 AM

    Hi Dhilip,

     

    From the Defects Fixed in 12.52 SP1 CR06

     

    Defects Fixed in 12.52 SP1 CR06 - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

     

    00474687

    DE237816

    User is not prompted for password change though the password is expired and locked out user credentials are accepted.

    Regards,

    Leo Joseph.



  • 3.  Re: CA SSO: 12.52.101.640 - Expired user able to login

    Posted 07-10-2018 01:44 AM

    Hi Leo,

     

    Thanks for your response but it seems to be a different fix as I could see the fix in 12.52 SP1 CR05 itself.

     

    Regards,

    Dhilip



  • 4.  Re: CA SSO: 12.52.101.640 - Expired user able to login

    Posted 07-10-2018 01:50 AM

    Hi Dhilip,

     

    Check the below 

    AD Password Services problems after upgrading to R12.52 SP01 CR05 and CR06 

     

    Defects Fixed in 12.52 SP1 CR08 - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

     

    00474687

    00597575

    DE205706

    DE237817

    Policy Server fails to prompt for a password change though the password has expired, and it accepts the credentials of the locked out user.

    Regards,

    Leo Joseph.



  • 5.  Re: CA SSO: 12.52.101.640 - Expired user able to login

    Posted 07-10-2018 02:03 AM

    Leo,

     

    Could you please check for the fixes prior to 12.52 SP1 CR05/known issues after R12.52 SP1 CR01?

    Thanks.



  • 6.  Re: CA SSO: 12.52.101.640 - Expired user able to login

    Posted 07-11-2018 04:09 AM

    Hello All,

     

    Can I receive a confirmation/clarification from any of the CA associates?

    Thanks.

     

    Regards,

    Dhilip



  • 7.  Re: CA SSO: 12.52.101.640 - Expired user able to login
    Best Answer

    Posted 07-11-2018 07:02 AM

    Hi Dhilip,

     

    I have addressed your questions in my blog:

     

    https://iamtechtips.com/forums/topic/ca-sso-12-52-101-640-expired-user-able-to-login/#post-926

     

    Hope this clarifies your doubt.

     

    Cheers,

    Ujwol

    On Wed, 11 Jul 2018 at 18:09, Dhi1ip <communityadmin@communities-mail.ca.com>



  • 8.  Re: CA SSO: 12.52.101.640 - Expired user able to login

    Posted 07-11-2018 08:36 AM

    Hi Ujwol,

     

    Thanks for your response.


    Regards,

    Dhilip