Symantec Access Management

I want to display login error message when type in wrong username or password in the login page. I use a custom JSP page as login page and submit credentials to SiteMinder login.fcc. I defined the smerrorpage in login.fcc like:

@username=%USER%
@smretries=1
@smerrorpage=/sso/login.jsp

when key in wrong username or password the error message appears as it redirect to the login page with parameter reason=TooManyTries.

Then key in correct username and password, it won't go to the original URL instead it goes to the login page again. Not sure if i missing something.

So, on providing correct credential the user is not being authenticated ? Did you check the agent trace log?

I think you are loosing the target on redirection to the error page.

Can you try this :

@smerrorpage=/sso/login.jsp?target=%target%

The target parameter is inside the URL. When wrong username or password, actually it redirect to page with address like below:

http://mycompany.com/sso/login.jsp?reason=TooManyTries&TYPE=&DOMAIN=.mycompany.com&TARGET=http://mycompany.com/home/

I found the below in the trace log, when i key in correct username and password with reason=TooManyRetries

/][][Communication failure between SiteMinder policy server and web agent.]
[/home/][][LowLevelAgent returned SmFailure.]
[/home/][][AuthenticationManager returned SmFailure, end new request.]

Hi JinLong, 

For the login to be successful, you will need two mandatory attribute in the post smagentname/target etc. I think after the redirection to the error page (login.jsp) all of these are being lost, which is why you are getting the generic error related to communication failure.

Look at Custom Login Page for the list of attributes required for successful login and redirection.

Regards,

Ujwol

Thank you Ujwol,  i did the below changes and it works:

@smerrorpage=/sso/login.jsp?SMAGENTNAME=%smagentname%

Hi Jin Long,

Check if user account is locked out due to breach of max failed attempts.

The account is not locked.