Customizing logon error messages
I've putting a MFA logon process and am trying to figure out how to customize the error messages a person sees when they are inputting OTP values.
I started off with the default workflow AD Query auth by OTP email and resources template. I setup the workflow and tested it out and it works great creating, emailing and validating an OTP response. Me being a results oriented person thought it was GREAT as it seems to work flawlessly.
I am obviously ill informed as my QA team determined it was a show stopper failure because if you enter the wrong response you get back "Incorrect username or password" and the error message has nothing to do with the entry of the OTP response. Their thoughts were that our customers would think they put in the wrong PW at the first logon screen and that the OTP response was fine, thus would generate a service call.
I logged onto the site here today and used email as my OTP and intentionally entered the wrong OTP code and it came back with an entry stating that the value didn't match records. It seems like messages can be customized and I've found videos on where to go look under general customization and AAA Errors.
I've been tearing through the customization and found under my policy and error message\AAA Errors there is an entry which corresponds with the message "Incorrect username or password" but it seems to me that it is also the error message when you enter an incorrect PW. I quickly tested and if I modify the message under AAA errors, it impacts regular logon screens as well as the OTP response.
I have looked at the advanced customization code for the logon screen and there are references there to error code numbers but there is nothing that maps out to which AAA error message which would be displayed, so I am at a loss as to how specific messages are called via the code.
I am looking for the easiest way to customize this, how can I put a specific error code message for that logon screen and only that logon screen?
thanks in advance