A users wants to present a customized exception page if a user does not enter valid credentials.

Some large institutions, such as a university, want to present a customized exception page if the user does not enter valid logon credentials.   The exception page will instruct the user enter valid credentials. 

The solution uses the following:

1. A sequence realm that consists of a LDAP realm and a Policy substitution realm.

2. A LDAP realm, this realm is contains all the users accounts.

3. A Policy substitution realm, this realm is used when invalid credentials are entered.

4. A customized exception page, used when invalid credentials are entered.

A. First configure an LDAP realm for all the users in the institution.

B. Next configure a substitution realm that substitutes the user's IP address as his credentials.

C. Next configure a sequence realm, make the LDAP realm first than the Policy Substitution realm second.

D. In the web authentication layer add a rule that does authentication using the sequence realm.

E. In a web access layer add a rule to test if the username is part of the LDAP realm, if it is not than return the customized exception page.

F. If a users receives a logon pop-up and does not enter a username or password and instead clicks on the cancel button, the browser is going to display the standard exception page for the error:

Your credentials could not be authenticated: $(quot)$(sc-auth-status)$(quot).

You will want to replace the standard error page with the customized exception page.  This will allow the browser to display the customized exception page if the user choose to click the cancel button on the pop-up.

At this point any authentication error will cause a customized exception page to be displayed.