To encode the redirection URL, the handler will use some Apache environment variables and also configuration settings:

• HTTPS: use https as protocol
• Port: port of the application (by default, 80 for http, 443 for https)

These parameters can be configured in Manager, in General Parameters > Advanced parameters > Handler redirections.

Handler use the default Apache error code for the following cases:

• User has no access authorization: FORBIDDEN (403)
• An error occurs on server side: SERVER_ERROR (500)
• The application is in maintenance: HTTP_SERVICE_UNAVAILABLE (503)

These errors can be catch trough Apache ErrorDocument directive, to redirect user on a specific page:

# Common error page and security parameters
ErrorDocument 403 http://auth.example.com/?lmError=403
ErrorDocument 500 http://auth.example.com/?lmError=500
ErrorDocument 503 http://auth.example.com/?lmError=503

It is also possible to redirect the user without using ErrorDocument: the Handler will not return 403, 500, 503 code, but code 302 (REDIRECT).

The user will be redirected on portal URL with error in the lmError URL parameter.

These parameters can be configured in Manager, in General Parameters > Advanced parameters > Handler redirections:

• Redirect on forbidden: use 302 instead 403
• Redirect on error: use 302 instead 500 or 503

The redirection from portal can be done either with code 303 (See Other), or with a JavaScript redirection.

Often the redirection takes some time because it is user's first access to the protected app, so a new app session has to be created : JavaScript redirection improves user experience by informing that authentication is performed, and by preventing from clicking again on the button because it is too slow.