Java Policy Agents 5.9.1

Login Reason Parameter Name

When Enable Custom Login Mode is true, this property specifies the name of a parameter included in calls to the custom login URL, to indicate why authentication is required. The parameter value can be used in a custom login page to provide additional feedback to the authenticating user.

If this property is specified, the agent includes a parameter named with the property value, and including one of the following values:

  • NO_TOKEN: No token present in the original request.

  • TOKEN_EXPIRED: Expiry time of the JWT was in the past.

  • EXCEPTION: An unknown exception occurred, either while parsing the JWT or at some other stage of authentication.

To reduce the risk of leaking useful information, use the property Login Reason Value Map to change the strings for the above values.

For example, specifying can cause the agent to redirect authentication to the following URL:…​./login_endpoint?…​&auth_reason=TOKEN_EXPIRED&…​

Do not enter a value that clashes with other parameters used for authentication; for example, realm or goto.

Property name

Property aliases (since 5.7)



Bootstrap property


Required property


Restart required


Local configuration file

AM console tab


Copyright © 2010-2023 ForgeRock, all rights reserved.