There are 'N' no of ways to achieve this in Siteminder.
Option#1 : To Display invalid credentials error message on the login.fcc :
You can achieve this using "SMTRYNO" cookie and display the error messages on the login.fcc in case of invalid credentails
@smretries=4
SMTRYNO: Contains number of failed login attempts. Note that when using the DynamicRetry pair of .fcc files, you cannot count user login attempts based on the SMTRYNO cookie.
Refer the below links for further details:
https://communities.ca.com/message/99700614?commentID=99700614#comment-99700614
https://communities.ca.com/message/101156898?commentID=101156898#comment-101156898
https://communities.ca.com/message/241731097?commentID=241731097#comment-241731097
Option#2: To display message about account locked out/disabled or asking them to contact helpdesk on account suspend/disable.
SiteMinder Password Policy should able to handle this automatically. Configure your password policy with the OOTB smpwservices.fcc as shown below:
Fcc page has got inbuilt logic to display message to user as below: (you can customize this page/message/look and feel as per your need, similar to login.fcc)
***************smpwservices_en-US.fcc****************
//Auth Reason 7 - Account disabled
else if ($$smauthreason$$ == 7)
{
document.write("<TR>");
document.write("<TD NOWRAP WIDTH='100%' BGCOLOR='#FFEFD5' height='26'>");
document.write("<font face='Arial, Helvetica'><B>$$username$$</B> you cannot access your account at this time.<p>Please contact your Security Administrator or Help Desk.</font>");
document.write(" </TD>");
document.write("</TR>");
} //Auth Reason - 7
I believe you might have configured the below parameter already to lock/suspend the user.
Password Policies > Expiration:
Note: Make sure that @smretries=4 value on the login.fcc should be one higher than the Password policy incorrect attempt value.