Handling expired/expiring users after upgrading from Shib 3 to Shib 4
jeff.chapin at uni.edu
Wed Jun 28 19:45:58 UTC 2023
Ok, I think I may be using the wrong terminology.
Is it wrong of me to expect the ExpiringPasswordIntercept to function, even
if we are using LDAP authentication? I would have thought that the
authentication method would be independent.
On Wed, Jun 28, 2023 at 2:40 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
> > Is there some way to get the ldap login flow to use the passwordExpiring
> > Attribute? Or preferably to get the ExpiringPasswordIntercept to work
> > Password auth?
> Login flows do not have any relationship to interceptors in that sense.
> The interceptors that run are based on the postAuthenticationFlows profile
> setting, which is something controlled based on relying party configuration
> and/or metadata, and has no connection back to how authentication is done
> in most cases. (*)
> -- Scott
> (*) An exotic Predicate could be coded up to examine authentication state
> to decide how to respond but that’s after the interceptor is running, not
> part of deciding whether to run.
Panther eSports Adviser
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: Jeff.Chapin at uni.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users