Expiring password conundrum

Cantor, Scott cantor.2 at osu.edu
Thu Oct 10 17:49:29 EDT 2019

On 10/10/19, 5:37 PM, "users on behalf of Lipscomb, Gary" <users-bounces at shibboleth.net on behalf of glipscomb at csu.edu.au> wrote:

> When they click on the "create a new password now" link they are asked to authenticate again. This is the bit I'm failing
> to understand. They have already authenticated when trying to access the original site, but the IdP hasn't proceeded to
> complete the process and redirect to it. Its waiting for the 20 second meta-refresh.

The interceptor runs after it's saved the authentication results off into the user's session, but client sessions don't get updated until the very end, so a request to a different server and the creation of a new container session will end up without knowledge that the authentication happened.

However, use of the LDAP account state approach to detecting these conditions has nothing to do with the interceptor and is a different mechanism. You said you were using account state. You probably aren't using both, or shouldn't be, anyway.
-- Scott

More information about the users mailing list