Symantec Access Management

Hi,

We are having some issues regarding configuration of CA SSO Password Services and using Custom Authentication Forms, where we experience different kind of problems in corner cases. 

We pretty much try to use the functionality from both html forms and password services forms out of the box, with same parameters and settings, but we will then customize look and feel. 

Some of the problems that we encounter is e.g. around SMTRYNO cookie. When a user has failed to login for a number of times with incorrect password, then this will be set in browser - and prevent all other users from actually logging in. Also affecting other users, which aren't locked because the cookie is set in browser. This cookie can of course be deleted, but it is just not very user friendly - and this can also be fixed by setting fcccompatmode=yes in ACO. 

So in general, then I am just curious to know, how you actually make the default settings for customized forms, when making HTML Based Authentication forms work with Siteminder Password Services and Password Policies ?? 

Br,

Michael

Try setting @smretries = 0 in your FCC file.

From the Policy Server Config doc:

smretries

Specifies the maximum number of login attempts allowed. If you set this directive to 0, the number of retries is unlimited. If you set the number to 1 or greater, that is the number of retries allowed.

Note: If users log in using a POST to an .fcc form, it appears that the user is given more attempts to log in beyond the value of the smretries directive. However, the user is allowed access only if valid credentials are entered in the number of attempts that smretries specifies.