Hi Hubert, I also tried doing the same. But after rolling out the policy as suggested by you, the applications were also enabling access to unauthorized users, Since, under the users tab I selected [Add ALL].
What I have done till now is as follows :
Two applications on two different servers, one one IIS, the other one on OHS.
1) Initially I had two policies:
i) In the policy for IIS - one realm containing the rule on web action[GET, POST] , I didn't have any rule set for redirect on Accept under Authentication or Authorization actions.
ii) Similarly for OHS, one realm containing the rule on web action[GET, POST], I didn't have any rule set for the redirection on Accept condition for Authorization/Authentication..just as above.
Now as you suggested to have a different policy set for rejection, I created the policy and in the policy I created two rules : web Actions..as I did before.. and OnAuthReject...both for Authentication and Authorization... and also created a response.. The response page remains the same for both the actions.. But the result I got is highly disappointing..
I don't understand the reason that why you asked me create a different policy for the same domain.
Can't two different set of rules remain under the same policy?
Is it necessary to have active rules/responses set up for the OnRejectRedirect thing to happen, wouldn't response containing static attribute type could work?
Also, can a global response be mapped to any rule..from any domain..so that the response could just be used anywhere?
Please try to clarify my queries.