...
| Code Block |
|---|
<%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginHandler" %>
<% if (request.getAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY) != null) { %>
<p><font color="red">Authentication Failed</font></p>
<% } %>
|
Creating a more detailed response when using ActiveDirectory
If you are using Microsoft ActiveDirectory as your authentication realm, you can make use of the sub error codes that MSAD sends along with the LDAP failure code of 49.. details here.
Direct Login Page Access
Another common error comes from the misuse of the IdP. The login page can not be accessed directly, it can only be accessed after the IdP has done some initial processing of a valid authentication request. However, some users will mistakenly access the login page because they bookmarked it, found it in their browser's history, or by means of the back button. The best way to detect this is to look for the presence of the LoginContext and, if not available, display an appropriate error message.
...