In some circumstances HTTP error responses need to be returned to the client including:
In the case of a 401 response, an additional WWW-Authenticate header is added to the response in the following format:
WWW-Authenticate: OAuth realm = <realm-name>The HTML component of the responses are pre-loaded from files that have been specified in the EAS configuration. Namely the [bad-request-rsp-file],[unauthorized-rsp-file] and [bad-gateway-rsp-file] configuration entries in the [oauth-eas] stanza. For more information about the [oauth-eas] stanza, see the IBM Security Web Gateway appliance: Web Reverse Proxy Stanza Reference.