Policy Server Guides › Policy Server Configuration Guide › Strong Authentication › Manage Unsuccessful Authentication Attempts

Manage Unsuccessful Authentication Attempts

If an authentication scheme rejects a user, the user is redirected to the URL specified in the Target parameter that is specified for the authentication scheme.

Configure the following behaviors that best suits your situation:

• Have the user prompted to resubmit their credentials for the same authentication scheme, instead of being presented with a choice of authentication schemes again.
• Allow the user to return to the original login screen to repeat the selection. To configure this behavior, specify selectlogin.fcc as the Target parameter for each authentication scheme, if applicable.

If a particular choice of credentials requires posting the credentials to an FCC file other than the selectlogin.fcc file, set the action parameter for the HTML form in the selectlogin.fcc to the desired FCC file URL. For example, this command sets the action parameter to the safeword.fcc file:

document.Login.action = "safeword.fcc";

If you are using a scheme that does not have a Target parameter (such as the basic authentication scheme) the user experience is the same for a successful authentication. However, if the user has to be rechallenged, the rechallenge is based on basic authentication scheme. That is, with a prompt dialog instead of an HTML form.

Note: The SafeWord basic scheme does not support two-step authentication and multiple authenticators, unlike the SafeWord HTML forms scheme.