Handling expired/expiring users after upgrading from Shib 3 to Shib 4

Cantor, Scott cantor.2 at osu.edu
Wed Jun 21 16:07:21 UTC 2023

> I can't seem to find documentation for Shib 4.3 for how to set up expiring
> passwords -- any ideas what I seem to be missing?

There are no real changes in this regard, only additional features. You'd have to highlight something specific you don't think works.

Fundamentally, if you want to block people in these cases, that's always been the context-check interceptor.

If you want to "warn but let them on", then that is either the expiring-password interceptor or, more flexibly so probably a better option, the warning interceptor.

Also, don't confuse issues with date formatting with the IdP. V4 uses Java's library, V3 used joda-time. To a limited degree joda-time is still usable if you include it, but getting formatting strings right is a black art and is really a matter of reading javadoc and playing around. My strings were wrong for years even though they mostly worked. They're very hard to get right.

-- Scott

More information about the users mailing list