CirrusWould there be a way to incorporate the error codes and their explanations found in errormap.inc into the access policy deny messages? The default is that it just gives you the session ID. The user has no clue WHY. So I want to be able to provide the users insight as to why they received the message.
EmployeeThe best way I have accomplished this in the past is to create multiple deny endings and customize the text on the ending to what the error message should be.
Instead of the default message of
Access was denied by the access policy. This may be due to a failure to meet access policy requirements.
If you are an administrator, please go to Access Policy >> Reports : All Sessions page and look
up the session reference number displayed above.
You could update it to say
You failed to authenticate please contact the helpdesk if you forgot your password.
Will this work for you?
-Seth
CirrusThis is one way but since there's about 100 different error codes and I have about 12 access policies, you can see that's a lot of deny endings. I was hoping to find a more dynamic solution. I thought about the possibility of using the session variables in the messages. Has anyone tried it? If so, how does it work for you?
CirrusThis is one way but since there's about 100 different error codes and I have about 12 access policies, you can see that's a lot of deny endings. I was hoping to find a more dynamic solution. I thought about the possibility of using the session variables in the messages. Has anyone tried it? If so, how does it work for you?
NacreousHave a look at session.logon.page.errorcode. However it will just give you a code which may not be much more informative. You could however implement an iRule to lookup a message for the code, that is if they correlate to errormap.inc. Let me work up something and get back to you.
CirrusThat'll be great Kevin!