Incorrect passcode under certain conditions from CA Siteminder to RSA Authentication Manager 8.x
Originally Published: 2015-04-30
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
- User lockout is set to four incorrect passcodes.
- If testing with the CA Siteminder and three bad tokencodes are given, the user is now set to Next Tokencode Mode.
- The CA Siteminder does not relay that the user is in Next Tokencode Mode to the user.
- The next time the user tries to login and gives the correct passcode, the CA Siteminder sends an incorrect passcode message to Authentication Manager and gives the user the message that they are in Next Tokencode Mode and to input the next tokencode.
- Because the site was set up for four incorrect passcodes to lock a user, the user is now locked.
- This works as documented for various RSA Authentication Agents (Windows, PAM, etc.)
- It is only the CA Siteminder that appears to do this.
Cause
Resolution
Workaround
Related Articles
How to prevent DLP Endpoint from monitoring certain files Number of Views Immediate Action Recommended for Certain SSO Agent Deployments to Handle Google Chrome 80 Changes Number of Views Upgrade from Microsoft Windows 10 to Windows 11 fails with certain versions of the RSA MFA Agent for Windows installed Number of Views How does Remote Desktop handle Smart card and NLA? Number of Views Account reviews do not create change requests to revoke items when certain configuration options are defined in RSA Identi… Number of Views
Trending Articles
An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8
Don't see what you're looking for?
