expiring-password intercept triggering unexpectedly
Brian Biggs
biggsb at sonoma.edu
Mon Jul 22 14:55:26 EDT 2019
Just as an example, this is what I ended up with:
<bean id="shibboleth.expiring-password.Condition"
class="net.shibboleth.idp.profile.logic.DateAttributePredicate"
c:attribute="passwordExpiration"
c:formatString="yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'"
p:resultIfMissing="false" p:offset="-P10D" />
It does work, even if it's not pretty.
-Brian
On Mon, Jul 22, 2019 at 11:20 AM Liam Hoekenga <liamr at umich.edu> wrote:
> It doesn't log anything really, so debugging it requires Java hands on, or
>> writing some scripting to try and apply the condition to known inputs and
>> test the formatting string to see what it's doing.
>>
>
> About the most informative thing I've seen is this..
> 2019-07-22 12:01:37,293 - 141.213.171.202 - DEBUG
> [org.springframework.webflow.engine.Transition:214] - Executing
> [Transition at 29f72fb4 on = T(java.lang.System).currentTimeMillis() -
> T(java.lang.Long).parseLong(ExpiringPasswordCookieManager.getCookieValue(ExpiringPasswordCookieName,
> '0')) > ExpiringPasswordNotifyInterval, to = DisplayExpiringPasswordView]
>
> I'm presuming all of this stuff is exposable in nashorn? Rather than
> having to edit / recompile the actual java?
>
>
>> The Z may be causing issues because of its status as a time zone
>> signifier, and the parsing can be very tricky.
>>
>
> The Z is in single quotes, which does seem to be the way to embed string
> literals..
>
> https://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html
>
> There was this thread from February about date parsing..
> https://marc.info/?l=shibboleth-users&m=154963902909739&w=2
>
> Lastly one always needs to sanity check the value itself being parsed, and
>> the attribute resolver can log that on DEBUG.
>>
> Doing that. It looks like what I expect (but maybe my expectations are
> off).
>
> LIam
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
Lead Identity Mgmt/Systems Integration
Information Technology
Sonoma State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190722/6069024b/attachment.html>
More information about the users
mailing list