CA Single Sign-On Tech Tip by Sau Lai Wong, Senior Support Engineer for 7th May 2016
INTRODUCTION:
With Siteminder in the picture, when user account status invokes the password services (native or Siteminder password policy), user is redirected to the smpwservices.fcc page by default.
QUESTION:
How to redirect user to a customized error page when password services is invoked?
Use case:
1) Siteminder Password Policy is disabled
2) Active Directory as user directory
3) Defined user directory with LDAP namespace in Siteminder
User account status (change password by next login/ user account is disabled) invokes password services and Policy Server redirects user to the default password services page – smpwervices.fcc.
ENVIRONMENT:
Policy Server: R12.52 SP1 CR1
Webagent: R12.52 SP1 CR1 on IIS 7.5
ANSWER:
If Password Services is invoked and there is no SM password policy configured, set the environment variable NETE_PWSERVICES_REDIRECT at Policy Server, to a relative path for smpwservices.fcc or relative path for customized error page e.g: /siteminderagent/forms/smpwservices.fcc. If the error page is hosted on a specific server, define the full URL e.g: http://support.ca.com/index.asp.
Policy Server will redirect user to the defined page according to the NETE_PWSERVICES_REDIRECT environment variable, if either criteria is fulfilled:
- Redirect URL in SM password policy is blank OR
- No SM password policy is defined
If SM password policy is configured, specify the error page at the Redirect URL column or clear the column if you want it to default to the value associated with NETE_PWSERVICES_REDIRECT environment variable.
NOTES:
If you have SM password policy defined and you are relying on NETE_PWSERVICES_REDIRECT environment variable, Redirect URL needs to be cleared every time before you define/ redefine value for NETE_PWSERVICES_REDIRECT environment variable.