Symantec Access Management

  • Private Community
 View Only
Back to Library

Tech Tip : CA Single Sign-On : After unlocking a user account, Policy Server fails to allow the user to log in to the application in the first attempt 

Dec 01, 2017 03:39 AM

Issue:


I have configured Password Policy as below:

1. User should be disabled after 3 successive incorrect password.

2. User should be re-enabled after 3 minutes of it being disabled.

After 3 minutes when I try to login, authentication gets failed on the first attempt but succeeds from next request.

This is observed only when “Enhanced AD integration” is ENABLED

 

How can I solve this problem?


Environment:

SiteMinder policy Server 12.52 SP1 CR04 Active Directory on Windows 2008 R2

 


Cause:


With "Enhanced Active Directory Integration" enabled, the user gets disabled on the Active Directory side too.

This behavior happened because, in the Product code, the Policy Server tries to authenticate the user before checking the timeout elapsed. This has been corrected. Now the Policy Server checks first if the timeout has elapsed and then if elapsed, does the authentication. The result is that the User gets in at the first tentative after the timeout elapsed.



Resolution:


Upgrade the Policy Server to 12.52SP1CR08 and above to solve the issue.

 

https://docops.ca.com/ca-single-sign-on/12-52-sp2/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr08

 

 

KD : TEC1769287

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.