Tech Tip : CA Single Sign On : Expired AD User password redirect customm fcc

Document created by Osarobo_Idehen Employee on Oct 14, 2016Last modified by kristen.palazzolo on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

Issue: 

Active Directory Users with expired password are being redirected to the out of the box smpwservices.fcc instead of our custom .fcc while being redirected to change their password.

We have configured Enhanced Active Directory Integration which means that AD is handling the password policy, and so we cannot define the redirection URL in Siteminder Password Policy

Environment:  

Siteminder 12.52 SP1

Cause: 

If Password Services is invoked and there is no password policy configured, the CA Single Sign-On Administrator at the Policy Server should set the environment variable

NETE_PWSERVICES_REDIRECT to a relative path for smpwservices.fcc.

Resolution/Workaround:

  1. If Password Services is invoked and there is no password policy configured, the CA Single Sign-On Administrator at the Policy Server should set the environment variable

NETE_PWSERVICES_REDIRECT to a relative path for smpwservices.fcc.

The path is:

/siteminderagent/forms/smpwservices.fcc

You will have to set the above environment variable to point to the custom .fcc

  1. Then restart your Policy server

 

Additional Information:

 

https://docops.ca.com/ca-single-sign-on/12-52-sp2/en/configuring/web-agent-configuration/agents-and-password-services

 

 

KD : TEC1942727##

Attachments

    Outcomes