Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The OpenID and Form Based Authentication handler currently set the j_reason request attribute to convey to the login form why authentication has failed.
It would make sense to "officialize" this back channel by defining this attribute can be returned by the AuthenticationHandler if credential extraction fails or by the AuthenticationFeedbackHandler if it can provide more information on the failed authentication.
Attachments
Issue Links
- relates to
-
SLING-1196 Sling Authentication - SlingAuthenticator hides LoginFailure reason
- Resolved