Expiring password conundrum

Lipscomb, Gary glipscomb at csu.edu.au
Wed Oct 9 23:35:40 EDT 2019

Hi all,

We have configured Shibboleth IdP (v3.4.6) to check for expiring passwords triggered by our openLDAP password policy.
All works as planned. The user is warned that their password is expiring and given the options to

1. click on the link to change their password
2. clink on the link to continue to the original site
3. wait 20 seconds before being sent to the original site.

The issue we are seeing is that if a user clicks on the change password link they are presented with another IdP login page since our change password page is protected by Shibboleth and also the original request hasn't completed (its waiting 20 seconds before meta-refresh). If they enter their credentials again they get the expiring password message scenario.

Is there a way to complete the original IdP login process when clicking on the link to change password so the user doesn't have to re-enter their credentials.

If they have an expired, or locked password due to login failures we provide a link to another site not protected via Shibboleth.



Gary Lipscomb
Technical Officer, Systems(Infrastructure) | Infrastructure & Client Services | Division of Information Technology
Charles Sturt University
Panorama Avenue
Bathurst NSW 2795
Tel: +61 2 6338 6533
Email: glipscomb at csu.edu.au |www.csu.edu.au


This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with Charles Sturt University may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at Charles Sturt University. The views expressed in this email are not necessarily those of Charles Sturt University.
Charles Sturt University in Australia The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number: PV12018
Consider the environment before printing this email.

More information about the users mailing list