Single Sign On (Siteminder) Server - 12.52 SP1
We have setup two password policies so that user can choose anything from username or email to login with. On both the password policies, the value of 'Account disabled after successive incorrect password' is set to 5. So the user account should lock out when smapsFailureCount value becomes 5.
When both username and email are same and password is incorrect, the smapsFailureCount value increases twice because it queried the user directory twice for two password policies. So for the 3rd such attempt, the smapsFailureCount value becomes 6.
However, for the above users, the account is not getting locked on 3rd attempt, but the siteminder allows the smapsFailureCount value to grow and locks the user on his 5th incorrect attempt.