Java Policy Agents 2023.3

Login Reason Parameter Name

When Enable Custom Login Mode is true, this property specifies the name of a parameter included in calls to the custom login URL, to indicate why authentication is required. The parameter value can be used in a custom login page to provide additional feedback to the authenticating user.

If this property is specified, the agent includes a parameter named with the property value, and including one of the following values:

  • NO_TOKEN: No token present in the original request.

  • TOKEN_EXPIRED: Expiry time of the JWT was in the past.

  • EXCEPTION: An unknown exception occurred, either while parsing the JWT or at some other stage of authentication.

To reduce the risk of leaking useful information, use the property Login Reason Value Map to change the strings for the above values.

For example, specifying org.forgerock.agents.login.reason.parameter.name=auth_reason can cause the agent to redirect authentication to the following URL: https://custom.example.com:8443/…​./login_endpoint?…​&auth_reason=TOKEN_EXPIRED&…​

Do not enter a value that clashes with other parameters used for authentication; for example, realm or goto.

Property name

org.forgerock.agents.login.reason.parameter.name

Aliases

org.forgerock.agents.login.reason.parameter.name
  Introduced in Java Agent 5.7

Type

String

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: Miscellaneous (from AM 7)

Title: Login Reason Parameter Name
Copyright © 2010-2023 ForgeRock, all rights reserved.