Upon a successful or failed service-based authentication, Access Manager looks for information on where to redirect the user. Following is the order of precedence in which the application will look for this information.
The redirection URL for successful service-based authentication is determined by checking the following places in the following order:
A URL set by the authentication module.
A URL set by a goto Login URL parameter.
A URL set in the clientType custom files for the iplanet-am-user-success-url attribute of the user’s profile ( amUser.xml).
A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the service to which the user has authenticated.
A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the user’s role entry.
A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute of the user’s realm entry.
A URL set in the clientType custom files for the iplanet-am-auth-login-success-url attribute as a global default.
A URL set in the iplanet-am-user-success-url attribute of the user’s profile (amUser.xml).
A URL set in the iplanet-am-auth-login-success-url attribute of the service to which the user has authenticated.
A URL set in the iplanet-am-auth-login-success-url attribute of the user’s role entry.
A URL set in the iplanet-am-auth-login-success-url attribute of the user’s realm entry.
A URL set in the iplanet-am-auth-login-success-url attribute as a global default.
The redirection URL for failed service-based authentication is determined by checking the following places in the following order:
A URL set by the authentication module.
A URL set by a goto Login URL parameter.
A URL set in the clientType custom files for the iplanet-am-user-failure-url attribute of the user’s profile ( amUser.xml).
A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the service to which the user has authenticated.
A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the user’s role entry.
A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute of the user’s realm entry.
A URL set in the clientType custom files for the iplanet-am-auth-login-failure-url attribute as a global default.
A URL set in the iplanet-am-user-failure-url attribute of the user’s profile (amUser.xml).
A URL set in the iplanet-am-auth-login-failure-url attribute of the service to which the user has authenticated.
A URL set in the iplanet-am-auth-login-failure-url attribute of the user’s role entry.
A URL set in the iplanet-am-auth-login-failure-url attribute of the user’s realm entry.
A URL set in the iplanet-am-auth-login-failure-url attribute as a global default.
Authentication modules are set for services after adding the Authentication Configuration service. To do so:
Chose the realm to which you wish to configure service-based authentication.
Click the Authentication tab.
Create the authentication module instances.
Create the authentication chains.
Click Save.
To access service-based authentication for the realm, enter the following address:
http://server_name.domain_name:port/amserver/UI/Login?realm=realm_name&service=auth-chain-name