Replace SSO Authentication form

There are a few ways to do this:

1) Customize the login form for all CRS applications
(httproot/framework/secured/crs/ex/ex_crs_form_auth.jsp). This has the
main negative side effect of preventing anyone from creating an SSO for any managed application from the CRS web form authorisation method. This works for scenarios that require a centralized control of
managed passwords - i.e. from the administration GUI.

2) Add the attribute formJsp="some custom jsp relative to the application root"
to the appropriate AuthException tag in the resolver file. This will run that JSP when that action is hit.

3) Remove the AuthException tag and replace it with something similar to the below:
<CRSHandler requestMode="pass"
onfailure="java.lang.NullPointerException"
onsuccess="java.lang.NullPointerException">
<!--Throws an exception to discontinue processing -->
<OutputProcess id="outputCustomMessage"
onsuccess="java.lang.NullPointerException"
onfailure="java.lang.NullPointerException">
<!-- sets the mime type for the final response -->
<HandleMime order="a" findValue=".*"
replaceValue="text/html"/>
<!-- Removes all cookies from the response -->
<HandleCookie order="a2" name=".*" findValue=".*" replaceValue=""/>
<!-- Sets the response code -->
<HandleResponseCode order="a2" findValue=".*" replaceValue="200"/>
<!-- Removes the location header if any to prevent redirection -->
<HandleHttpResponse order="a2" name="location" matchCase="false"
findValue=".*" replaceValue=""/>
<!-- Output all the HTTP headers to the response -->
<CRSHandler order="a3"
className="com.edgetech.eportal.redirection.handlers.crsoutputhandlers.
ttpHeaderOutputHandler"/>

<!-- Output a custom message -->
<HandleText order="b">
<![CDATA[

<HTML>
<HEAD>
<TITLE>Title</TITLE>
<BODY >
Some custom message.
</BODY>
</HTML>



]]>
</HandleText>
</OutputProcess>
</CRSHandler>

Webtop actually uses this method within its resolver file for expired
sessions. Alternatively HandleFile or HandleJSP can be substituted for
HandleText if you want to output from a physical file or JSP respectively.

For version 2.1.2+ of Netcool Portal, a feature has been added to prevent the user from entering in any
login information if the authentication is scoped to either the domain or the role. In this case, if a login fails, the user gets a message simply saying that they are not authorized edit that information. The action presents /httproot/framework/secured/crs/ex/ex_crs_secauth.jsp). This method is recommended as probably the best means to solve the problem - assign the username/password to either the domain or role and all users will display that page when/if the authentication fails.