Policy Server Guides › Policy Server Configuration Guide › Strong Authentication › Manage Unsuccessful Authentication Attempts

Manage Unsuccessful Authentication Attempts

If the user is rejected by an authentication scheme, the user is redirected to the URL specified in that authentication scheme's Target parameter, if that parameter is available for that scheme.

Configure the following behaviors that best suits your situation:

• Have the user prompted to resubmit his credentials for the same authentication scheme, instead of being presented with a choice of authentication schemes again.
• Allow the user to return to the original login screen to repeat the selection. To do this, the selectlogin.fcc must be configured as each authentication scheme's Target parameter, if applicable.

If a particular choice of credentials requires posting the credentials to an FCC file other than the selectlogin.fcc file, then set the HTML form's action parameter in the selectlogin.fcc to the desired FCC file's URL. For example, this command sets the action parameter to the safeword.fcc file:

document.Login.action = "safeword.fcc";

If you are using a scheme that does not have a Target parameter, such as the basic authentication scheme, the user experience is the same for a successful authentication. However, if the user has to be re-challenged, the re-challenge is based on basic authentication scheme, that is, with a prompt dialog instead of an HTML form.

Note: The SafeWord basic scheme does not support two-step authentication and multiple authenticators, unlike the SafeWord HTML forms scheme.