Login Reason Parameter Name
When Enable Custom Login Mode is true
, this property specifies the name of a parameter included in calls to the custom login URL, to indicate why authentication is required. The parameter value can be used in a custom login page to provide additional feedback to the authenticating user.
If this property is specified, the agent includes a parameter named with the property value, and including one of the following values:
-
NO_TOKEN
: No token present in the original request. -
TOKEN_EXPIRED
: Expiry time of the JWT was in the past. -
EXCEPTION
: An unknown exception occurred, either while parsing the JWT or at some other stage of authentication.
To reduce the risk of leaking useful information, use the property Login Reason Value Map to change the strings for the above values.
For example, specifying org.forgerock.agents.login.reason.parameter.name=auth_reason
can cause the agent to redirect authentication to the following URL: https://custom.example.com:8443/…./login_endpoint?…&auth_reason=TOKEN_EXPIRED&…
Do not enter a value that clashes with other parameters used for authentication; for example, realm
or goto
.
Property name |
|
Aliases |
|
Type |
String |
Bootstrap property |
No |
Required property |
No |
Restart required |
No |
Local configuration file |
|
AM console |
Tab: Title: |