Not only is the AppAuthenticateFailure HTML rule marked as 'Final' but i'm not sure if the change should be applied here as at this point the error message is already set (correct me if i'm wrong). There isn't a lot of transparency as to how this is implemented. There doesn't seem to be an easy way to customize the conditions prompting a given error or a means for the message itself to be changed. Has anyone succeeded in sorting through and customizing validations for basic authentication? It would be nice if someone from the PEGA engineer team should shed some light on the subject.