Question about ExpiringPassword Interceptor
Ignacio Amoeiro Bosch
ignacio.amoeiro at extern.ibsalut.es
Mon Jun 7 16:05:21 UTC 2021
Hello everyone,
Which attribute should I configure in the DateAttributePredicate (shibboleth.expiring-password.Condition) ? The date when the password expires, right? For example the msDS-UserPasswordExpiryTimeComputed from Active Directory?
I'm testing it, and i'm unable to get it working. I have configured it with an offset of -P15D (I want the user be warned 15 days before the password expires).
I have check the logic in the DateAttributePredicate class implementation:
if (Instant.from(dateTimeFormatter.parse(dateString)).plus(systemTimeOffset).isAfter(now)) {
return true;
}
Shouldn't it be isBefore instead of isAfter? Or I'm missing something?
Because (passwordExpired - 15) won't be after currentdate if current date is, for example, 5 days before password expires.
current date: 10/08/2021
password expiration date: 16/08/2021
password expiration date minus offset (15): 01/08/2021
01/08/2021 is not after 10/08/2021
What I'm missing?
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210607/72a36a2a/attachment.htm>
More information about the users
mailing list