Symantec Access Management

All,
Does anyone out there know how to get siteminder to read when a users password has expired? Is this best done with SMWALKER and if so does anyone know or seen any best practices around this issue.

B

You should be able to determine that based on the SMAUTHRESON Code. Take a look this list of smauthreason code.
If the SMReason_PwExpired =19 have some logic to handle the change password process within your code.

Sm_Api_Reason_None = 0
Sm_Api_Reason_PwMustChange = 1
Sm_Api_Reason_InvalidSession = 2
Sm_Api_Reason_RevokedSession = 3
Sm_Api_Reason_ExpiredSession = 4
Sm_Api_Reason_AuthLevelTooLow = 5
Sm_Api_Reason_UnknownUser = 6
Sm_Api_Reason_UserDisabled = 7
Sm_Api_Reason_InvalidSessionId = 8
Sm_Api_Reason_InvalidSessionIp = 9
Sm_Api_Reason_CertificateRevoked = 10
Sm_Api_Reason_CRLOutOfDate = 11
Sm_Api_Reason_CertRevokedKeyCompromised = 12
Sm_Api_Reason_CertRevokedAffiliationChange = 13
Sm_Api_Reason_CertOnHold = 14
Sm_Api_Reason_TokenCardChallenge = 15
Sm_Api_Reason_ImpersonatedUserNotInDir = 16
Sm_Api_Reason_Anonymous = 17
Sm_Api_Reason_PwWillExpire = 18
Sm_Api_Reason_PwExpired = 19
Sm_Api_Reason_ImmedPWChangeRequired = 20
Sm_Api_Reason_PWChangeFailed = 21
Sm_Api_Reason_BadPWChange = 22
Sm_Api_Reason_PWChangeAccepted = 23
Sm_Api_Reason_ExcessiveFailedLoginAttempts = 24
Sm_Api_Reason_AccountInactivity = 25
Sm_Api_Reason_NoRedirectConfigured = 26
Sm_Api_Reason_ErrorMessageIsRedirect = 27
Sm_Api_Reason_Next_Tokencode = 28
Sm_Api_Reason_New_PIN_Select = 29
Sm_Api_Reason_New_PIN_Sys_Tokencode = 30
Sm_Api_Reason_New_User_PIN_Tokencode =
31Sm_Api_Reason_New_PIN_Accepted = 32
Sm_Api_Reason_Guest = 33
Sm_Api_Reason_PWSelfChange = 34
Sm_Api_Reason_ServerException = 35
Sm_Api_Reason_UnknownScheme = 36
Sm_Api_Reason_UnsupportedScheme = 37
Sm_Api_Reason_Misconfigured = 38
Sm_Api_Reason_BufferOverflow = 39

Thanks very much for the quick reply! Should theses code be available to the smauthreason directive in the fcc login page and if so do you have a example of how to extract them.