I got the problem. The behavior is correct. As soon as a modify of attributes (or a sync) occurs, the status is also synchronized. The modification made by siteminder is directly on LDAP and therefore IME does not know it (yet).
Original Message:
Sent: Jan 19, 2022 03:31 AM
From: Marco Trucillo
Subject: %ENABLED_STATES% propagation on Bad Bassword with Siteminder SSO
Hi to all!
I have in my Identity Manager an attribute imEnabledStates well-know-name %ENABLED_STATES%
This attribute is used in Siteminder SSO as Disabled Flag (RW).
In IM Management Console, I have this mapping %ENABLED_STATES% --> %ENABLED_STATES% so my imEnabledStates is mapped on eTIMEnabledState of Global User. And this work: If I disable a user by a IM Modify User Task, eTiMEnabledState change as well (and vice versa).
Now when ad user user use wrong password 3 times, he is disabled and this work. But it seems that in this case eTiMEnabledState is not updated. Where am I doing wrong ?