search cancel

OnReject Redirect does not work with Windows Authentication


Article ID: 4067


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We are observing a use case where unauthenticated users are getting a "Page cannot be displayed" error, instead of being redirected to the configured custom error page.

1. User logs in to their Desktop with their Windows domain credentials.
2. Next, the user accesses resources protected by Windows Authentication Scheme.
3. This user does not exist in the user store, and as such cannot be authenticated.
4. This triggers an OnReject-Redirect response to redirect the user to a custom error page.
5. User is supposed to be redirected to error page BUT instead gets "Page cannot be displayed"

How can we solve this issue?


Component: SMPLC


The IIS web server, not the Policy Server, performs authentication based on the credentials it receives from the Internet Explorer web browser. Therefore, you cannot use the OnAuthAttempt authentication event to redirect users who does not exist in the user store.

Additional Information

Please refer to Policy Server Configuration Guide for further information: