Adding forced password reset?
kwessel at illinois.edu
Thu Apr 17 12:18:04 EDT 2014
Looking for some advice and possible direction.
I've been approached with the concept of sending users to our password reset page after a successful Shib authentication if their password is too old.
The first thing that came to mind was the code in place at Wisconsin for redirecting students to a Google Apps sign-up page if they try to log into Google Apps without signing up first. I know this kind of flow will be easier in V3, but that it's doable in V2.
Is that going to be my best option? Or is there a better way to go? Keep in mind that our password reset page is, in fact, Shibboleth-protected. So, whatever I do would need to not stop the user if the service requesting authentication was the password reset page.
Any advice would be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users