Symantec Access Management

Tech Tip : CA Single Sign-On : After 6 login attempt, web agent returns error 500

  • 1.  Tech Tip : CA Single Sign-On : After 6 login attempt, web agent returns error 500

    Posted 10-09-2018 10:18 AM

    Issue:

     

    We're running Web Agent and have configured password policies, so
    that after 6 wrong password login attempts, then the user should get
    a page saying that the account is locked. Instead, the browser
    receives error 500.

     

    How can we fix this ?

     

    Cause:

     

    The custom login.fcc has @smretries parameter.

    login.fcc

    @smretries=6

    The Web Agent fails to process completely the request because of the
    missing .unauth file.

     

    smps.log :

     

    1. [31633/3816777472][Thu Sep 27 2018
    14:48:11][CSmFormTemplateObj.cpp:226][ERROR][sm-HTTPAgent-00370]
    Error opening form template
    '/opt/CA/webagent/samples/forms/login.unauth':
    No such file or directory.

     

    2. [31633/3816777472][Thu Sep 27 2018
    14:48:11][CSmResponseManager.cpp:222][ERROR][sm-AgentFramework-00460]
    HLA: Analyzer from module 'SM_WAF_HTTP_PLUGIN' returned unknown
    response code '-1' for component 'Response Manager'.

     

    As the login.fcc uses smretries, then you should define a .unauth 

    page.

     

    Authentication and a Centralized Login Server

    Stand–Alone Login Page

    In this use case, CA Single Sign-On directs users to a stand–alone
    login page when they request a protected resource. Specifically:

    The login FCC file is configured with an @directive (@smretries) to
    redirect users to a failed authentication page (login.unauth) after
    two failed authentication attempts.

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/implementing/implementing-ca-single-sign-on/authentication-and-a-centralized-login-server

     

    Resolution:

     

    - Check how to configure the login.unauth following the tips from this page :

    Tech Tip : CA Single Sign-On : Display a Message in FCC After a Wrong Login Attempt
    https://communities.ca.com/docs/DOC-231183210-tech-tip-ca-single-sign-on-display-a-message-in-fcc-after-a-wrong-login-attempt

     

    KB : KB000117185