I took a closer look at the impl of the Glassfish form authenticator.
if you protect the login page with a confidential transport guarantee, it looks like
our impl will forward (as apposed to redirect) to the form error page.
Can you give that a try and see if the attributes Jan mentioned previously
are available to the form error page.
ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=265568