For the Basic/NTLM/file - prompt via form Results Authorization
method, the user is directly prompted for a login by the Search Appliance.
Since authentication is handled by another server, when search results
are denied access, the Search Appliance cannot know if the denial is URL-based
(lack of access by the user), or login-based (mistyped/wrong
password).
To differentiate the two and give users a chance to correct mistyped
passwords, a Login Verification URL may be set. This should be
a URL that all users have access to, but that is still protected
(i.e. anonymous users are denied). It should be an actual file (not
a directory), preferably small (a few KB), and permanent (not likely
to move, be renamed or have perms changed).
If Login Verification URL is set, the Search Appliance will
verify a user's prompted-for login by accessing this page. Since all
users have access to it, a denial is assumed to mean the login was
incorrect, and the user will be re-prompted for their credentials.
Without a Login Verification URL set, a mistyped password will
result in no search results, but the user will not know if they do not
have access to the results, or they merely mistyped their password.
Login Verification URL can also be useful with the Forward Login
Cookies Results Authorization method, when used in conjunction with an
Authorization Target of Login Verification URL Only, as described
below.
