Patrick-Dussault

Tech Tip : CA Single Sign-On : Getting SMAUTHREASON 7 for SMDISABLE_FALG value 4 for inactive user status

Discussion created by Patrick-Dussault Employee on Oct 3, 2018

Issue:

 

We're running a Policy Server, this one set SMAUTHREASON value to 7 when
SMDISABLE_FLAG is set to 4. As per your understanding, Policy Server
should instead return SMAUTHREASON value to 25 instead.

 

We want to know why we get this.

 

Resolution:

 

Use the correct use case to get the smauthreason 25 and disable flag
set to 4.

 

Don't modify manually the disable flag value outside the use of
AdminUI.

 

Configure the password policies as :

 

Password expires from inactivity.
After days 1
Disable user

 

Then

 

1. Using the AdminUI, enable the user "myuser@mymail.com";
insure you have the right password;

 

2. Insure that the User Store has an attribute for password data;

 

3. Implement a password policy that will disable the user when the
user exceed 1 day of inactivity;

 

4. Log once successfully into the application with the user
"myuser@mymail.com";

 

5. Wait for more than 24 hours and simulate it by setting the
Policy Server date to 2 days ahead;

 

6. Log again with the expected password into the application with the
user "myuser@mymail.com" and then the browser gets the
message as the account is disabled for inactivity and the
SMAUTHREASON in the browser url is set to 25. The user's disable
flag is then set to 4.

 

The "disable for inactivity" function of the
Password Policy needs a first successful login.

 

KB : KB000116826

Outcomes