In 184.108.40.2060 version, I could see that siteminder is allowing authentication for the password expired user (but with Response Code/Reason as 1).
While testing the same user in 220.127.116.113, user is not getting authenticated with the response code 19.
Response Codes:Sm_Api_Reason_PwMustChange = 1Sm_Api_Reason_PwExpired = 19
Could you please let me know if any fix related to this issue (expired user able to login) has been provided (in 18.104.22.1683 or any CR after 22.214.171.1240)? I tried to find the known issues section of 12.52 CR1 but not able to find the exact link.
From the Defects Fixed in 12.52 SP1 CR06
Defects Fixed in 12.52 SP1 CR06 - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
User is not prompted for password change though the password is expired and locked out user credentials are accepted.
Thanks for your response but it seems to be a different fix as I could see the fix in 12.52 SP1 CR05 itself.
Check the below
AD Password Services problems after upgrading to R12.52 SP01 CR05 and CR06
Defects Fixed in 12.52 SP1 CR08 - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Policy Server fails to prompt for a password change though the password has expired, and it accepts the credentials of the locked out user.
Could you please check for the fixes prior to 12.52 SP1 CR05/known issues after R12.52 SP1 CR01?
Can I receive a confirmation/clarification from any of the CA associates?
I have addressed your questions in my blog:
Hope this clarifies your doubt.
On Wed, 11 Jul 2018 at 18:09, Dhi1ip <email@example.com>
Thanks for your response.