Dear security experts,
in my current project we have a challenge to set up redirect url for failed logon attempt. The scenario is as below:
- there are 2 applications in the landscape: a Hybris application and a SAP IDP hosted on AS JAVA
- Hybris is exposed to end user directly and SAP IDP is hidden in background
- User logon form is hosted on Hybris. But when user clicks on logon button, Hybris actually sends a HTTP GET request to IDP with the username and password for authentication.
- After successful logon to IDP, IDP triggers the IDP initiated SSO and redirect the user back to Hybris with a SAML token. After Hybris validates the SAML token, it authenticates the end user.
- Again, the requirement is that the IDP should be hidden in background and end user should not see any IDP page.
The scenarios works so far fine with successful logon attempt. Our challenge is at failed logon attempt. In this case, the end user will get a logon page from NW JAVA directly and ask him to authenticate again. Is there anyway we could set up a redirect algorithms on IDP (NW AS JAVA) so that after a failed logon attempt the IDP should redirect the user back to Hybris for re-logon instead of showing the default IDP logon page?
I think it should be more related to the NW JAVA authentication module rather than a IDP specific configuration because upon failed login the end user does not have access to IDP yet. Thus none of the IDP settings will take effect at this point.
Any help is much appreciated.
Thanks a million in advance and best regards
Xuan