Symantec Access Management

  • Private Community

  • 1.  Display error message on invalid credentials

    Posted Jan 09, 2015 02:06 AM
      |   view attached

    Hi Team,

     

    I'm using Custom Login page which loads from Application, (ex: https://application/login.html) and it posts to login.fcc for authentication. This works fine.

     

    Here, I need to display an error message, if the user enters invalid credentials, some thing like our community login does.

     

    Can any one share their thoughts here?



  • 2.  Re: Display error message on invalid credentials
    Best Answer

    Posted Jan 12, 2015 11:33 AM

    Sandeep

     

    One of the ways would be to set HTTP_COOKIE response (HTTP_TIP = 1) and associate that with OnAuthAttempt and OnAuthReject. This would ensure that on the scenario wherein the username is incorrect OR password is incorrect a Cookie would be set as "TIP = 1" (CookieName is TIP and value is 1). One can configured the login.html on page load to read cookie value and present a generic message (Which is not obvious as to what really happened i.e. was it a wrong username or was it a correct username but wrong password).

     

    The key point here is you want to remove OR reset the cookie value to something else on successful authentication. If you don't do this. the user may end up seeing the error message always after his 1st unsuccessful attempt, until he clears his cookies off.

     

    REJECT_RESPONSE : HTTP_COOKIE_RESPONSE : TIP = 1.

    ACCEPT_RESPONSE : HTTP_COOKIE_RESPONSE : TIP = 0.

     

    REJECT POLICY : Add OnAuthAttempt and OnAuthReject Rule : Associate with REJECT_RESPONSE.

    ACCEPT POLICY : Add GET,POST and OnAuthAccept Rule : Associate with ACCEPT_RESPONSE.

     

     

    Regards

     

    Hubert.



  • 3.  Re: Display error message on invalid credentials

    Posted Jan 12, 2015 12:10 PM

    Hi Hubert,

     

    Thanks for your inputs.

     

    Yes, after all the hard work, we have fixed this today in the evening with similar approach as you said.

     

    I have assigned Reject response for OnAuthReject rule for Invalid Password case. And, for User not found case I have used OnAuthAttempt rule and a response associated with it. Both are Cookie variables and our Application team pulled the cookies and displayed the error message respectively.

     

    Regards,

    Sandeep.



  • 4.  Re: Display error message on invalid credentials

    Posted Jan 12, 2015 05:19 PM

    I believe there is an OOTB Cookie called "SMTRYNO".  The login form could contain javascript to look for this cookie and if it is >=1, show an error message.

     

    No additional reject rules or global policies needed.



  • 5.  Re: Display error message on invalid credentials

    Posted Jan 12, 2015 11:19 PM

    That is correct, Ideally if we are using a login.fcc directly then SMTRYNO works OOB. However if we are using a custom form which posts to login.fcc, then we need to be careful about certain other factors. There have been a few support cases around this.

     

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec569193.aspx

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec537507.aspx

     

    Even the SMTRYNO approach could be used with considerations from above cases.

     

     

    Regards

     

    Hubert