I developed a Custom Authentication scheme receiving user and password fields in basic format (the query method contains the instruction response.setResponseCode(SmAuthQueryResponse.SMAUTH_CRED_BASIC); )
It works correctly.
In case of failure the page returns a 401 http code, but even if I defined the statement setUserText(); the SMUSRMSG cookie is not created.
Is there some way I can pass back a string containing the error message?