AnsweredAssumed Answered

Siteminder  the SMTRYNO Cookid and @smretries directory

Question asked by greytower on Aug 15, 2013
Latest reply on Aug 21, 2013 by mjeanjacques
All,
I have been looking into the functionality provided by the siteminder password management features and the SMTRYNO cookies.

Environment
Sitminder 12.5 No Service Pack
Currently have our @SMTRIES directive in out .fcc file set to 1 .
Lockout events are set to occur after 5 invalid password attempts.

Behavior
[list]
[*]When a make 5 invalid authentication attempst it does set your SMTRYNO cookie to 1 and redirects you the lockout page. (This would be for new brand new authorization request)
[*]The SMTRYNO cookie does not get updated during the intial login attempt sequence.

[list]

Question
I would have expected that when you make an invalid password attempt for authentication that the system would update you SMTRYNO cookie for each authenticaiton attempt. however it does not increment your SMTRYNO cookie unless you
have already been authenticated.

The system also seems to not clear your SMTRYNO cookie after your session times out. i have been seeing some issues where the user has different password in the various back end directories that siteminder it will increment the smtryno
cookie when it hits and directory where the currently presented credentials are invalid. Is the the correct behavior because this seems a bit counter productive as when the users session times out they could be left stuck at the login page until
their SMTRYNO cookie is cleared.

How should you determine the value of the SMTRYNO directive.

Outcomes