CA SiteMinder’s “DisallowForceLogin” registry key demystified

Warning: This page deals with one of the vague Policy Server flags and assumes certain level of familiarity with the dark soul of CA SiteMinder.

Is is pretty hard to understand the meaning of the DisallowForceLogin registry key for SiteMinder Policy Server from the official documentation, even when you have plenty of time and manuals. This page pretends to summarize all that you may need to know about it, should you have to deal with this functionality some day.

History and Functionality

In a pre-R6 environment, when a user submits a password change request that contains an invalid current password, the Password Change Information screen appears with a message stating that the old password is incorrect. The user can provide the correct credential and change the password.

In R6 and R12, the Policy Server redirects the user to the login screen without the message (that is, ”forces login screen”). Enabling the DisallowForceLogin registry key allows the old behavior in a new environment. When enabled, the Policy Server properly redirects users who have submitted a password change request that contains an invalid current password to the Password Change Information screen. This screen displays the invalid current password message. When disabled, the Policy Server redirects users to:

  • The login page that does not display the invalid current password message. This redirect occurs if an On-Auth-Reject-Redirect response is not bound to the policy configured with the user directory.
  • The URL associated with the On-Auth-Reject-Redirect response bound to the policy configured with the user directory

According to R6SP5 README, there are three cases affected by the DisallowForceLogin value:

  • Force password change or password expired.
  • Self Password change.
  • Optional password change.

Continue reading “CA SiteMinder’s “DisallowForceLogin” registry key demystified”

How to find desired patches (aka CRs) on CA support site

Among the big software vendors I have to deal with, CA support site is definitely the winner in the bizarre competition – how hard is to find the relevant downloadable. Well, it is pretty easy to locate the Download Center itself in the menu on the left, but all that you get there is latest service pack of the product. Despite that, CA support always want you to be on the latest patch level (“cumulative release” aka CR) to be able to help you – and it is not so clear where to find it. Long time ago I got the direct link to the list of all released CRs for SiteMinder family and used it since then instead of the Download Center.

Now, after almost three years working with CA SiteMinder, I accidentally discovered were the list of all CRs is actually located:

  • Go to “Support by Product” in the left side menu
  • Select your favorite product in the very long drop-down list
  • Click on “Recommended Reading”
  • Scroll down to the bottom of the frame with the links

And – voila! – here is the desired “CA SiteMinder Hotfix/Cumulative Release Index” link. (Obviously, you have to be logged in to CA support site to get access to the link I post here…)