User initiated password change not working as expected

Document ID : KB000054098
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When a user initiates a password change and enters their wrong current password , this results in the user being presented with the login page again, instead of being presented with page explaining that they have entered the incorrect current password.

When a user does enter a incorrect current password, this results in a SMAUTHREASON=22 being generated, which represents Sm_Api_Reason_BadPWChange from SMAUTHREASON codes.

Solution:

In the SM.REGISRTY, there is under HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer, a setting "DisallowForceLogin". When this key is enabled by setting the value to 0x1, the Policy Server will display the wrong old password error message rather then re-directing users back the login page.

If the key value is other than 0x1 or it does not exist, this feature will be disabled.
Note: This key is disabled by default. There are three cases affected by the DisallowForceLogin value.

  • Force password change or password expired.
  • Self Password change.
  • Optional password change.