Symantec Access Management

  • 1.  CA SiteMinder: 24 hours password reset

    Posted Mar 10, 2017 04:05 AM

    Hi,

     

    For an application, users are invited to change their passwords, after 24 hours, these passwords are unknown.

    It is problematic as I need to reset passwords each 24 hours.

     

    As I know, password policy issues are configured in SiteMinder Console. I can't any explanation to this problem.

    can you advice me please and help if there is anything else to verify ?

     

    Thanks a lot.



  • 2.  Re: CA SiteMinder: 24 hours password reset

    Posted Mar 10, 2017 04:36 AM

    As per my understanding, There is some issue in change password for the users and you dont know where to check the reason for the failure. Please correct me if I'm wrong.

    Kindly check policy server trace logs to find the reason for the failure.

     

    Below is the screenshot for the password policy configuration. You can verify from adminui under password policies.

     

    Thanks,

    Sharan



  • 3.  Re: CA SiteMinder: 24 hours password reset

    Posted Mar 10, 2017 08:51 AM

    Hi,

     

    Thanks for your answers.

    I think that I did not explain very well.

    Actually, a user resetted his password on the day N. He can Normally connect the application protected by SiteMinder.

    On the day N+1, when trying to connect, the user has authentication error. the password is not known anymore. So the administrator needs to reset it again.

    I can't find an explanation for that.



  • 4.  Re: CA SiteMinder: 24 hours password reset

    Posted Mar 10, 2017 09:56 AM

    Hi,

     

    If you want to know the reason for Authentication error on N+1 day, You would need to check policy server logs.

    Kindly check both smaccess.log and smtracedefault log for failed user and trace the request completely in smtrace logs then you will find the reason for the failure.

     

    Also please check when the user reset the password successfully, is the disable flag is updating properly or not?

     

    Thanks,

    Sharan



  • 5.  Re: CA SiteMinder: 24 hours password reset

    Posted Mar 10, 2017 04:56 AM

    Hi ,

     

    Are you looking Siteminder to restrict the number of Password Changes within a period or minimum age (ex. cannot change a password within 1 hr., 1 day, etc. of last password change or a maximum number of password changes within (ex. 1 hr., 1 day, etc.)?

     

    Refer : https://communities.ca.com/ideas/235729639

     

    But this can be set at the Database level .

    Minimum password age
    If an administrator sets a password for a user and wants that user to change the administrator-defined password, the administrator must select the User must change password at next logon check box. Otherwise, the user will not be able to change the password until the number of days specified by Minimum password age.

    https://technet.microsoft.com/en-us/library/hh994570(v=ws.11).aspx

     

    Regards,

    Leo Joseph.



  • 6.  Re: CA SiteMinder: 24 hours password reset

    Posted Mar 10, 2017 08:50 AM

    Hi,

     

    Thanks for your answers.

    I think that I did not explain very well.

    Actually, a user resetted his password on the day N. He can Normally connect the application protected by SiteMinder.

    On the day N+1, when trying to connect, the user has authentication error. the password is not known anymore. So the administrator needs to reset it again.

    I can't find an explanation for that.



  • 7.  Re: CA SiteMinder: 24 hours password reset

    Posted Mar 10, 2017 08:56 AM

    Hi , 

     

     

    The Manage User Accounts pane in the Administrative UI enables you to force password changes for users, or change user passwords to new values.

     

    Refer below link for more information : 

     Manage User Passwords - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

     

    Regards,

    Leo Joseph.



  • 8.  Re: CA SiteMinder: 24 hours password reset
    Best Answer

    Posted Mar 12, 2017 06:12 PM

    Hello,

     

    So what you are saying is user is not able to authenticate with the new password after 1 day of change.

     

    My guess is that, the password expiry is set to 1 day :

     

     

    But, if this is not the case, best is to check the policy server trace logs and also capture the smauthreason from the URL when the user is not authenticated.

     

    Regards,

    Ujwol Shrestha



  • 9.  Re: CA SiteMinder: 24 hours password reset

    Posted Mar 15, 2017 05:36 AM

    Thanks for your answer Ujwol,

     

    It is not the case. I verified this "Password expires if not changed" configuration and it is not the reason behind this incident.

    I will check the logs.