Issue:
We're running Web Agent and have configured password policies, so
that after 6 wrong password login attempts, then the user should get
a page saying that the account is locked. Instead, the browser
receives error 500.
How can we fix this ?
Cause:
The custom login.fcc has @smretries parameter.
login.fcc
@smretries=6
The Web Agent fails to process completely the request because of the
missing .unauth file.
smps.log :
1. [31633/3816777472][Thu Sep 27 2018
14:48:11][CSmFormTemplateObj.cpp:226][ERROR][sm-HTTPAgent-00370]
Error opening form template
'/opt/CA/webagent/samples/forms/login.unauth':
No such file or directory.
2. [31633/3816777472][Thu Sep 27 2018
14:48:11][CSmResponseManager.cpp:222][ERROR][sm-AgentFramework-00460]
HLA: Analyzer from module 'SM_WAF_HTTP_PLUGIN' returned unknown
response code '-1' for component 'Response Manager'.
As the login.fcc uses smretries, then you should define a .unauth
page.
Authentication and a Centralized Login Server
Stand–Alone Login Page
In this use case, CA Single Sign-On directs users to a stand–alone
login page when they request a protected resource. Specifically:
The login FCC file is configured with an @directive (@smretries) to
redirect users to a failed authentication page (login.unauth) after
two failed authentication attempts.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/implementing/implementing-ca-single-sign-on/authentication-and-a-centralized-login-server
Resolution:
- Check how to configure the login.unauth following the tips from this page :
Tech Tip : CA Single Sign-On : Display a Message in FCC After a Wrong Login Attempt
https://communities.ca.com/docs/DOC-231183210-tech-tip-ca-single-sign-on-display-a-message-in-fcc-after-a-wrong-login-attempt
KB : KB000117185