Handling expired/expiring users after upgrading from Shib 3 to Shib 4
Jeff Chapin
jeff.chapin at uni.edu
Wed Jun 28 19:45:58 UTC 2023
Ok, I think I may be using the wrong terminology.
Is it wrong of me to expect the ExpiringPasswordIntercept to function, even
if we are using LDAP authentication? I would have thought that the
authentication method would be independent.
Jeff
On Wed, Jun 28, 2023 at 2:40 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
> > Is there some way to get the ldap login flow to use the passwordExpiring
> IDP
> > Attribute? Or preferably to get the ExpiringPasswordIntercept to work
> with
> > Password auth?
>
> Login flows do not have any relationship to interceptors in that sense.
> The interceptors that run are based on the postAuthenticationFlows profile
> setting, which is something controlled based on relying party configuration
> and/or metadata, and has no connection back to how authentication is done
> in most cases. (*)
>
> -- Scott
>
> (*) An exotic Predicate could be coded up to examine authentication state
> to decide how to respond but that’s after the interceptor is running, not
> part of deciding whether to run.
>
>
--
Jeff Chapin,
Panther eSports Adviser
Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: Jeff.Chapin at uni.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20230628/e6e51ea4/attachment.htm>
More information about the users
mailing list