Adding forced password reset?

Wessel, Keith kwessel at
Thu Apr 17 12:18:04 EDT 2014

Hi, all,

Looking for some advice and possible direction.

I've been approached with the concept of sending users to our password reset page after a successful Shib authentication if their password is too old.

The first thing that came to mind was the code in place at Wisconsin for redirecting students to a Google Apps sign-up page if they try to log into Google Apps without signing up first. I know this kind of flow will be easier in V3, but that it's doable in V2.

Is that going to be my best option? Or is there a better way to go? Keep in mind that our password reset page is, in fact, Shibboleth-protected. So, whatever I do would need to not stop the user if the service requesting authentication was the password reset page.

Any advice would be appreciated.


-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list