authenticator behavior with AD security context errors

Kevin Foote kpfoote at uoregon.edu
Mon Mar 10 16:11:36 EDT 2014


You can at least handle UX in JSP to some degree.. 

Under the “Handling Login Errors” on this page I scibed some notes on AD responses

<https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPassLoginPage>

--------
thanks
 kevin.foote

On Mar 10, 2014, at 12:54 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 3/10/14, 3:41 PM, "David Bantz" <dabantz at alaska.edu> wrote:
> 
>> How does the IdP¹s authentication handler, configured to query AD, react
>> to Œsecurity context errors¹ from AD that indicate the submitted password
>> did match that in the target record but the account is marked as ³not
>> permitted to login² or ³expired² (and other possible conditions)?
> 
> It doesn't. You'd need a custom login handler for that (mine uses message
> string matching to report that).
> 
> -- Scott
> 
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



More information about the users mailing list