I can uncheck the "End session if authentication against this server fails" option in realm definition. I think that the behaviour of this option chnged from version 6.5. to 7.1.
in 6.5. when you dont type any password, SA will log you in, but you will have a bad login on secondary auth server.
in 7.1. when you dont type any password, SA will not log you in with an error: Secondary auth failed but I dont have any bad login on secundary auth server. That is because i have a password lenght restriction to 4 digits. The same I have on 6.5. as well.
So what I want, and what I think should be the best: when I enter zero secondary password, there will be no communication to the auth server (password restriction), but I should be able to login beceause I have not checked the "End session if authentication against this server fails" option.
am I right? or wrong? please respond.
I need this funkcionality to be able to deploy only one sign-in page for 2 types of users. with and without secondary authentication....
When you enter zero password in second authentication and minimum password length is 4, then the authentication fail. But you don't want to "End session if authentication against this server fails". The session should continue...
Yes... finally someone else who thinks the same way as me on this one.
I had to give up in the end and resort to two realms which i didnt want to do!
Nice to know im not alone
I think this is working as expected; I'm not sure how it was working in 6.5.
Even if you don't pass authentication, you should be providing some attempt to login.....but you should open a JTAC case for further investigation with policy trace and snapshots for each scenario (6.5, 7.1 with the option enabled, and 7.1 with the option disabled). It is possible there was an unexpected change and those are the minimum logs needed for investigation.