Symantec Access Management

 View Only

Tech Tip : CA Single Sign-On : SMAUTHREASON reason code document

  • 1.  Tech Tip : CA Single Sign-On : SMAUTHREASON reason code document

    Broadcom Employee
    Posted Oct 04, 2018 02:46 AM

    Introduction:

     

    This document lists all the reason codes stored in SMAUTHREASON and the meaning for each code.

     

    Instructions:

     

    From the API:


    Sm_Api_Reason_None = 0
    Sm_Api_Reason_PwMustChange = 1
    Sm_Api_Reason_InvalidSession = 2
    Sm_Api_Reason_RevokedSession = 3
    Sm_Api_Reason_ExpiredSession = 4
    Sm_Api_Reason_AuthLevelTooLow = 5
    Sm_Api_Reason_UnknownUser = 6
    Sm_Api_Reason_UserDisabled = 7
    Sm_Api_Reason_InvalidSessionId = 8
    Sm_Api_Reason_InvalidSessionIp = 9
    Sm_Api_Reason_CertificateRevoked = 10
    Sm_Api_Reason_CRLOutOfDate = 11
    Sm_Api_Reason_CertRevokedKeyCompromised = 12
    Sm_Api_Reason_CertRevokedAffiliationChange = 13
    Sm_Api_Reason_CertOnHold = 14
    Sm_Api_Reason_TokenCardChallenge = 15
    Sm_Api_Reason_ImpersonatedUserNotInDir = 16
    Sm_Api_Reason_Anonymous = 17
    Sm_Api_Reason_PwWillExpire = 18
    Sm_Api_Reason_PwExpired = 19
    Sm_Api_Reason_ImmedPWChangeRequired = 20
    Sm_Api_Reason_PWChangeFailed = 21
    Sm_Api_Reason_BadPWChange = 22
    Sm_Api_Reason_PWChangeAccepted = 23
    Sm_Api_Reason_ExcessiveFailedLoginAttempts = 24
    Sm_Api_Reason_AccountInactivity = 25
    Sm_Api_Reason_NoRedirectConfigured = 26
    Sm_Api_Reason_ErrorMessageIsRedirect = 27
    Sm_Api_Reason_Next_Tokencode = 28
    Sm_Api_Reason_New_PIN_Select = 29
    Sm_Api_Reason_New_PIN_Sys_Tokencode = 30
    Sm_Api_Reason_New_User_PIN_Tokencode = 31
    Sm_Api_Reason_New_PIN_Accepted = 32
    Sm_Api_Reason_Guest = 33
    Sm_Api_Reason_PWSelfChange = 34
    Sm_Api_Reason_ServerException = 35
    Sm_Api_Reason_UnknownScheme = 36
    Sm_Api_Reason_UnsupportedScheme = 37
    Sm_Api_Reason_Misconfigured = 38
    Sm_Api_Reason_BufferOverflow = 39
    Sm_Api_Reason_SetPersistentSessionFailed = 40
    Sm_Api_Reason_UserLogout = 41
    Sm_Api_Reason_IdleSession = 42
    Sm_Api_Reason_PolicyServerEnforcedTimeout = 43
    Sm_Api_Reason_PolicyServerEnforcedIdle = 44
    Sm_Api_Reason_ImpersonationNotAllowed = 45
    Sm_Api_Reason_ImpersonationNotAllowedUser = 46
    Sm_Api_Reason_FederationNoLoginID = 47
    Sm_Api_Reason_FederationUserNotInDir = 48
    Sm_Api_Reason_FederationInvalidMessage = 49
    Sm_Api_Reason_FederationUnacceptedMessage = 50
    Sm_Api_Reason_ADnativeUserDisabled = 51

     

    Note: This reason code is a duplicate of Sm_Api_Reason_UserDisabled.

    It is used only in the case where the registry key "IgnoreDefaultRedirectOnADnativeDisabled" is set, and an AD native disabled reason is found.

     

    Since this value duplicates Sm_Api_Reason_UserDisabled, whenever that value is checked, this should probably be checked as well.

     

    This value is only returned by SnDsLdapProvider::AuthenticateUser.

     

    Additional Information:

     

    This has been incorporated into the documentation. Please visit
    docops.ca.com for your version for updated information

     

    KB : KB000054936