Configuration of the behavior for authentication failure

When an unauthenticated user has an unsuccessful login at the MAS (for example, provides an incorrect password), the MAS generates a vouch-for token containing the error and, in the default configuration, redirects the Web browser back to the requesting host. When the requesting host encounters the error in the vouch-for token, it typically requests a local login. The handle-auth-failure-at-mas option in the e-community-sso stanza of the WebSEAL configuration file allows administrators to configure the behavior for authentication failure. If handle-auth-failure-at-mas is set to yes , the MAS handles login failures directly without redirecting the Web browser back to the requesting host; in this case, the MAS does not generate a vouch-for token until a successful authentication occurs.

Parent topic: Configuration of e-community single sign-on