** Policy server Side
The purpose of the "WebAgent-OnReject-Text" is to return a text message to the user in case of a Unsuccessful Authentication or Authorization. To configure it, please follow the below steps
1) Create an "Allow Access" rule with "Authentication events" and an "OnAuthReject" as an Action (This also can be used with "Authorization events" and an "OnAccessReject"
2) Link the Rule created in Step 1 to your Policy and click on "Add Response"
3) create a new Response which contains the "WebAgent-OnReject-Text" Response Attribute
4) within the "WebAgent-OnReject-Text" Response Attribute, Choose "static" under the Attribute Kind and set a Variable Value which will carry the Text that you want to pass to the users upon Auth Reject. Save the Changes
5) Under the same Response, add another Response Attribute this time with "WebAgent-OnReject-Redirect" and set it to be redirected to the page that you want the user to be redirected to upon failed Authentication. Save the changes
On the Policy server side, upon Failed Authentication, The OnAuthReject rule will apply and the response will fire returning attribute 228 (the Denied Test from the "WebAgent-OnReject-Text" Response Attribute) and Attribute
227 (the Denied Redirect from the "WebAgent-OnReject-Redirect" Response Attribute) with Status: Not Authenticated as shown below
[Send response attribute 228, data size is 6]
[http://your_failed_auth_redirect_url][Send response attribute 227, data size is 46]
[** Status: Not Authenticated. 8009030C: LdapErr: DSID-0C0904DB, comment: AcceptSecurityContext error, data 52e, v1db1]
[CSm_Auth_Message::SendReply][Leave function CSm_Auth_Message::SendReply]
** Agent Side
On the agent side, the agent will receive the Attributes returned above 228 and 227 and will perform the below 2 actions
1) Issue a 302 Redirect to the URL returned in attribute 227
2) set a cookie SMTEXT which will contain the value in clear text of the returned Attribute 228 based on the static text set in the "WebAgent-OnReject-Text" Response Attribute.
The onAuthReject Redirect page can be customized to read the SMTEXT cookie and display the message to the users