Has anyone ever overridden their site's default "failed credentials" message when using WF_Signon for authentication?

This is a self-service reporting application. I have coded an HTML logon page similar to the example in Ch 4 of WebFOCUS Security and Administration V7 Rel 1.3. The form posts to WFServlet with parameters for IBIWF_action (set to WF_SIGNON through a hidden input field), IBIC_user, and IBIC_pass (both valued from input fields to which they are bound). WF_SIGNON_MESSAGE is used to submit a FEX on successful authentication to do further checks for authorization.

The logon technique works fine. Unfortunately, if the user enters invalid credentials, a default web page is returned with a plain white background, title set to "WebFOCUS Message: Security Violation", and the text "Invalid Credentials" surrounded by H2 tags. I presume this is coming from a JSP out of the box.

My customer would like something a little more use-friendly, at least with a link to take them back to the logon page. I am deploying this to a distributed environment shared by multiple departments, so server-level configuration changes are out.

I know this can be done for MR signon by setting "SIGNON_INCORRECT" to a custom link. Is there an equivelent method for a web application?

Any suggestions?

This message has been edited. Last edited by: Kerry,

You will find the standard message in enib00e.html.

You can replace it with whatever HTML code you want.

I have done it successfully in the past.

Thank you, OPALTOSH. Unfortunately, I will not have much luck requesting changes to the file. Other departments, both in our business unit and other business units, are using this installation. Some Java interfaces parse error messages returned from WebFOCUS to drive error handling (a fine example of the dangers of tight integration). I am also concerned about losing the changes when a patch is applied.

Ideally, I'd like to limit scope of custom handling of this error to my application.

Is this an instance where one would code a WebFOCUS servlet WFEXT plug-in?

Sean, I suggest you send dhagen a private message - he's an expert at this kind of thing.

Regards,

If you have access to modify the logon page just for your application you can use something like this:

http://techsupport.information...om/sps/42882556.html

In reading that document though, I thought I remembered it as:
SIGNON_INCORRECT not SIGNOFF, so there could be a typo in that technique.

In any case if you run a WFServlet trace of a logon and search for "incorrect", near the end of the file you should find the proper variable.

I'm pretty sure this all existed in 71x, I know its in 76x.

Oh, and you can also set those variables via WFS Scripting and site.wfs.

As a result if you have any other way to identify your application, you can set logic in there to do it.

All,

First, I apologize for not posting to this thread since March. I did read everyone's responses and suggestions - thank you all. I was under the gun and had to develop something fast. What I came up with is ugly, but effective. Although this topic is closed, I'm posting how I handled my scenario in case someone else needs it.

At my installation, enib00e.html contains HTML for invalid credentials with the TITLE text:

WebFOCUS Message: Security Violation

I already handle basic edits (no user ID, no password, invalid characters, etc) through screen edits, before the form is submitted. I only need to deal with invalid credentials, which will always return the above.

From the above thread, you see my constraints were as follows:
1) cannot modify enib00e.html without impacting other applications,
2) cannot change which HTML file is sent back for failed credentials without impacting other applications. (Messing with this is dangerous anyway, as the enib00e file contains HTML for many error messages.)

Constrained to getting back the generic invalid credentials entry from enib00e.html, exactly as it was installed, my last option was a REDIRECT.

Ok, I said it was ugly.

Here's how it works:
1) Create a static HTML container (either a framset or HTML page with an iFrame to contain the application content)
2) Set an onload event on the "body" frame (or iFrame)
3) Script event to look for a title tag element containing the WebFOCUS security violation error message, and redirect if found.

function app_onload() {
/* Check for bad login screen returned from WebFOCUS API and redirect to user friendly
page with link back to logon page.
*/
var bodyFrame = document.getElementById("myBodyFrame");
var titleTag = bodyFrame.contentWindow.document.getElementsByTagName("Title")[0]; // Only one Title tag, always index 0

if (titleTag.text == "WebFOCUS Message: Security Violation") {
parent.myBodyFrame.location.href = '/approot/myapp/invalid.htm';
clearCookie();
return;
}

/* Custom error page has a span with a unique ID myappErr1234. If found, the body now contains our custom error page.
A separate script can now wipe out any cookie you may have dropped and clean up. */

var deniedPage = bodyFrame.contentWindow.document.getElementById("myappErr1234");
if (deniedPage != null) {
clearCookie();
}
/* Insert code to check for valid cookie. Good place to handle other events, such as user having clicked a "logoff" link. */
}

This message has been edited. Last edited by: Sean P Murphy,