shibboleth.expiring-password.Condition
Hugo Slavia
hugoslavia101 at gmail.com
Fri Sep 21 14:29:12 EDT 2018
Hello:
I am configuring the password expiry workflow to fit the business rules we
have --- basically to trigger password-recovery when user is memberOf a
group.
I am, to be perfectly frank, not certain how to configure in
'/intercept/expiring-password-intercept-config.xml' -- below are the
'ORINAL' & 'WHAT I HAVE SO FAR'..
The 'WHAT I HAVE SO FAR' triggers the password-expiry, irrespective of
whether user is in the memberOf ou=foo,dc=example,dc=edu.
Any tips on where to look for? I know I am missing something obvious but
been prattling on this for quite a while.
ORIGINAL
<bean id="shibboleth.expiring-password.Condition" class=
"net.shibboleth.idp.profile.logic.DateAttributePredicate"
c:attribute="passwordExpiration" p:resultIfMissing="true">
<constructor-arg name="formatter">
<bean class="org.joda.time.format.DateTimeFormat" factory-method
="forPattern" c:_0="yyyyMMddHHmmss'T'" />
</constructor-arg>
<property name="systemTimeOffset">
<bean class="org.joda.time.Duration" factory-method=
"standardDays" c:_0="-14" />
</property>
</bean>
WHAT I HAVE SO FAR
<bean id="shibboleth.expiring-password.Condition" parent=
"shibboleth.Conditions.AND">
<constructor-arg>
<list>
<bean class=
"net.shibboleth.idp.profile.logic.RegexAttributePredicate"
p:useUnfilteredAttributes="true"
p:attributeId="memberOf"
p:pattern="^ou=foo,dc=example,dc=edu.*$" />
</list>
</constructor-arg>
</bean>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180921/09746992/attachment.html>
More information about the users
mailing list