bypassing some authN fails?

Daniel Fisher dfisher at vt.edu
Thu May 25 16:07:50 EDT 2017


On Thu, May 25, 2017 at 2:23 PM, IAM David Bantz <dabantz at alaska.edu> wrote:

> Is it feasible in IdP 3.3 to intercept an authN failure against AD LDAP
> due to expired account (error 49, data 701) and treat as though successful
> authN? ("701" data is supposed to be returned ONLY if the supplied
> credentials were otherwise valid, so this does not bypass expired password,
> locked account, or bad password, but only those attempts that would have
> been successful but for the account being marked expired.)
>

So do you want to ignore this particular account state or will you be
sending these users somewhere to unexpire their account in a self-service
fashion?

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170525/da6b0a4f/attachment.html>


More information about the users mailing list