Question about ExpiringPassword Interceptor
Ignacio Amoeiro Bosch
ignacio.amoeiro at extern.ibsalut.es
Mon Jun 7 20:17:32 UTC 2021
Thanks scott, understood the logic.
But for some reason the interceptor is not being called.
I have the module enabled:
Module: idp.intercept.ExpiringPassword [ENABLED]
And also configured the bean shibboleth.expiring-password.Condition at conf/intercept/expiring-password-intercept-config.xml
I don't see any traces in the logs with the DateAttributePredicate.class logger.
I also tried remote debuging the jvm, and put some breakpoints at net.shibboleth.idp.profile.logic.DateAttributePredicate hasMatch method and program doesn't stop.
What can I check?
De: users <users-bounces at shibboleth.net> En nombre de Cantor, Scott
Enviado el: lunes, 7 de junio de 2021 18:12
Para: Shib Users <users at shibboleth.net>
Asunto: DMARC ErrorRe: Question about ExpiringPassword Interceptor
On 6/7/21, 12:05 PM, "users on behalf of Ignacio Amoeiro Bosch" <users-bounces at shibboleth.net on behalf of ignacio.amoeiro at extern.ibsalut.es> wrote:
> Shouldn’t it be isBefore instead of isAfter? Or I’m missing something?
The check is reversed in the flow from what you think it is. Don't overthink that part, the docs are explicit about how it works. The warning flow notes that it operates in reverse for exactly this reason, it gives me a headache.
As for it working, that's trial and error and a lot of screwing around, and having Java code to run as a test to trial out format strings and such as very useful.
For Consortium Member technical support, see https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwiki.shibboleth.net%2fconfluence%2fx%2fcoFAAg&umid=5fe24447-aabd-46c7-9bf6-3b2883d0871d&auth=1c980b950b810d2ebe959a136e6fc6796ec23183-cc25fc8860963981cf6573b5be62def64f0da275
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users