The 'blank page' has the following content:
Halogen Software
Here are the responses from the back-end server from the following HTTP POST:
POST /Halogen/eAppraisal/workflow/security HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://agtsthalo.altagas.ca/Halogen/welcome/login.jsp
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; InfoPath.3; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: agtsthalo.altagas.ca
Content-Length: 92
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: f5_cspm=1234; JSESSIONID=D09979723FE0DFB6601674B3E1C5327B; bbbbbbbbbbbbbbb=NEEIMBEIKDAJONJDGJKOMKEICNNGHOBHCGFEPHIMBMBDEPLGFKJKJJEKOPEAHBFJNGHIFDCLEPCGEPHNJJAFCEDAKJHPKIEHPCLHLHCJFBIMMPEGGNFOLOKDJFLBPPDO; f5_cspm=1234; __utma=224565450.1383843014.1418246750.1422040049.1430250792.7; __utmz=224565450.1418246750.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); aaaaaaaaaaaaaaa=NMEAJBPFHFANLDLOKBMBHMJEBILLDMBGMAINABGCMIPCNHIPFAEOIMMKKDCAGGFEAIANFKPBKNMIDDHKAFLCHNHKIPOHOHEECPBFHIGHHILAJHNOEPLMKMKNOHMJEKBK
halogenLoginID=XXXXXXXX&halogenLoginPassword=XXXXXXXX&halogenLoginPassword-text=Password
Failed logon (VS x.x.x.x:443 w/ SSL Client Profile):
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
X-UA-Compatible: IE=EmulateIE8
Content-Length: 0
Date: Fri, 29 May 2015 17:42:09 GMT
Successful logon (VS x.x.x.x:80 w/o SSL Client Profile):
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
X-UA-Compatible: IE=EmulateIE8
Set-Cookie: JSESSIONID=E5C7BBAF8B90AB619472E7594BBDC79B; Path=/Halogen/; HttpOnly
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 29 May 2015 17:42:56 GMT
1402
...
The obvious differences are the Set-Cookie, Content-Type, and Transfer-Encoding headers received on a successful logon which are not present on a failed logon.