Just a quick question since I can't tell exactly how it works from the doc and code:
If I have set up the above-mentioned URL, does that mean that the user gets wisked away when they enter principal and credentials that are incorrect? The behavior I'd prefer is to return them to the login page and let them try again. In that case, would my failure URL be the same as my login form URL?
Thanks hopefully for a quick off-the-top-of-someone's-head answer.