authenticator behavior with AD security context errors
Kevin Foote
kpfoote at uoregon.edu
Mon Mar 10 16:11:36 EDT 2014
You can at least handle UX in JSP to some degree..
Under the “Handling Login Errors” on this page I scibed some notes on AD responses
<https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPassLoginPage>
--------
thanks
kevin.foote
On Mar 10, 2014, at 12:54 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 3/10/14, 3:41 PM, "David Bantz" <dabantz at alaska.edu> wrote:
>
>> How does the IdP¹s authentication handler, configured to query AD, react
>> to Œsecurity context errors¹ from AD that indicate the submitted password
>> did match that in the target record but the account is marked as ³not
>> permitted to login² or ³expired² (and other possible conditions)?
>
> It doesn't. You'd need a custom login handler for that (mine uses message
> string matching to report that).
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list