ExpiringPasswordInterceptConfiguration -- expiring-password-intercept-config.xml
Hugo Slavia
hugoslavia101 at gmail.com
Sun Sep 16 19:55:50 EDT 2018
For expiring-password-intercept-config.xml .... the out of the box setting
is as below......
<bean id="shibboleth.expiring-password.Condition" class=
"net.shibboleth.idp.profile.logic.DateAttributePredicate"
c:attribute="passwordExpiration" p:resultIfMissing="true">
<constructor-arg name="formatter">
<bean class="org.joda.time.format.DateTimeFormat" factory-method
="forPattern" c:_0="yyyyMMddHHmmss'T'" />
</constructor-arg>
<property name="systemTimeOffset">
<bean class="org.joda.time.Duration" factory-method=
"standardDays" c:_0="-14" />
</property>
</bean>
Can I do something like below (which I have for an authorization workflow):
<bean id="ContextCheckPredicate" parent="shibboleth.Conditions.AND">
<constructor-arg>
<list>
<bean class=
"net.shibboleth.idp.profile.logic.RegexAttributePredicate"
p:useUnfilteredAttributes="true"
p:attributeId="groupMembership"
p:pattern="^(.*?)ou=foo,dc=example,dc=edu" />
</list>
</constructor-arg>
</bean>
For example .... Will something like below work?
<bean id="shibboleth.expiring-password.Condition" class=
"net.shibboleth.idp.profile.logic.DateAttributePredicate"
c:attribute="passwordExpiration" p:resultIfMissing="true">
<bean id="ContextCheckPredicate" parent="shibboleth.Conditions.AND">
<constructor-arg>
<list>
<bean class=
"net.shibboleth.idp.profile.logic.RegexAttributePredicate"
p:useUnfilteredAttributes="true"
p:attributeId="groupMembership"
p:pattern="^(.*?)ou=foo,dc=example,dc=edu" />
</list>
</constructor-arg>
</bean>
</bean>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180916/bcd3d465/attachment.html>
More information about the users
mailing list