Hi Marco,
There is an additional setting need to be done to achieve this use case, in your adaptershim.ini file you have to populate this attribute PasswdSvcUserAtt under the active section e.g. if your profile is siteminder , add the attribute under this section
[arcot/integrations/smadapter/siteminder]
#
# One-Page login scenario
#
PasswdSvcUserAtt=co
......
.....
The attribute 'co' which is just an example should have R+W access and it is important that no other application is updating this attribute but only used for the profile. This attribute has to be to unique and no other application should update this attribute but only the application protected by the siteminder example in this case.
Once this is updated you can wait for 5 minutes for the properties file to reload or if Policy server can be restarted that should be fine as well.
Please test and let us know.
-Namish
Original Message:
Sent: 06-08-2020 09:15 AM
From: Marco Trucillo
Subject: Siteminder + Advanced Authentication + Active Directroy + Mandatory Change Password
I integrated Advanced Authentication with SSO.
The users backend is on Active Directory.
Both Siteminder and AA see the same Active Directory directory.
What I want is that if a user has the "mandatory password change" in AD (or Expired Passwords), entering on AA protected resource, after authentication, he is forced to change password.
I have Password Service enabled: , if I access a resource protected by Siteminder (without AA) with a user who has the mandatory password change, I am correctly redirected to passwordservices.fcc to change my password.
Instead If I access a resource protected by AA, after authentication the process goes on (AA asks me for the second factor, in my case a PUSH). Note that in the authentication scheme I have enabled the management of password services.
Where am I doing wrong ?
Thanks in advance!