-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Won't Do
-
Affects Version/s: 5.5.1
-
Fix Version/s: None
-
Component/s: authentication, XUI
-
Labels:
Custom Auth Failed message in AMAuthHOTP.properties is not displayed when user fails login in HOTP.
Procedure is described in this KB:
https://backstage.forgerock.com/knowledge/kb/article/a89677376
Error message from AMAuth.properties is displayed instead of the module specific one.
Here is the Java code for this part of the authentication in HOTP.java:
if (enteredHOTPCode == null || enteredHOTPCode.length() == 0) { if (++attempt >= hotpRetryMaxAttempts) { if (debug.messageEnabled()) { debug.message("HOTP.process() : " + "invalid HOTP code"); } setFailureID(userName); throw new InvalidPasswordException("amAuth", "invalidPasswd", null); } substituteHeader(state, MODULE_NAME + " Attempt " + (attempt + 1) + " of " + hotpRetryMaxAttempts); return currentState; }
I can see the invalid password error message in the logs but the message displayed for the user is " Authentication Failed" no matter what we put in the amAuthHOTP.properties.
This Jira would be to give the option so the admin can customize the error message according to the module the user is in. For instance, if the user failed the LDAP module, display "Invalid username/password combination". If the user failed in the HOTP, display the error message "Invalid OTP" and so on.