Are there ACF2 messages that should be added to the CA TPX SAMT that might be beneficial to return to the user at signon?

Document ID : KB000013014
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

The CA Security Action Message Table (SAMT) is used to determine the action that TPX should take when a message is returned from external security.  This table is easily customized by the CA TPX administrator.

Question:

To minimize the amount of information a userid/password response returns, we don't confirm that the userid entered is valid and return a generic "there is a problem with the userid/password". In certain instances though (when the userid/password combination is valid) there are messages that might be beneficial to return to the user, such as when a user attempts to change a password before it is allowed:

ACF00136  NEW PASSWORD NOT SET - CURRENT PASSWORD MUST BE KEPT FOR min DAYS

Is there a set of message ids we could add to the SAMT to provide useful feedback to the legitimate requestor while maintaining our general posture of not returning information about the condition/existence of a userid if the password is not valid?

Answer:

All of the ACF01xxx messages could be used.

The CA TPX administrator should work in conjunction with the CA ACF2 administrator to determine what actions are desired for your site then update your SAMT accordingly.