AnsweredAssumed Answered

Account does not get locked when smapsFailureCount >5

Question asked by OneNRG on Sep 25, 2017
Latest reply on Oct 17, 2017 by Ujwol Shrestha

Single Sign On (Siteminder) Server - 12.52 SP1

 

We have setup two password policies so that user can choose anything from username or email to login with. On both the password policies, the value of 'Account disabled after successive incorrect password' is set to 5. So the user account should lock out when smapsFailureCount value becomes 5.

 

When both username and email are same and password is incorrect, the smapsFailureCount value increases twice because it queried the user directory twice for two password policies. So for the 3rd such attempt, the smapsFailureCount value becomes 6.

 

However, for the above users, the account is not getting locked on 3rd attempt, but the siteminder allows the smapsFailureCount value to grow and locks the user on his 5th incorrect attempt.

Attachments

Outcomes