<div dir="ltr"><div dir="ltr">Hello:<div><br></div><div>I am configuring the password expiry workflow to fit the business rules we have --- basically to trigger password-recovery when user is memberOf a group.</div><div><br></div><div>I am, to be perfectly frank, not certain how to configure in '/intercept/expiring-password-intercept-config.xml'  -- below are the 'ORINAL' & 'WHAT I HAVE SO FAR'..</div><div><br></div><div>The 'WHAT I HAVE SO FAR' triggers the password-expiry, irrespective of whether user is in the memberOf <span style="color:rgb(57,51,255);font-family:Monaco;font-size:13px">ou=foo,dc=example,dc=edu.</span></div><div><br></div><div>Any tips on where to look for? I know I am missing something obvious but been prattling on this for quite a while.</div><div><br><div>ORIGINAL</div><div>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco;color:rgb(57,51,255)"><span class="gmail-s1" style="color:rgb(0,145,147)"><</span><span class="gmail-s2" style="color:rgb(78,145,146)">bean</span><span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">id</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"shibboleth.expiring-password.Condition"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">class</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"net.shibboleth.idp.profile.logic.DateAttributePredicate"</p>
<p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco;color:rgb(147,33,146)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">            </span></span>c:attribute<span class="gmail-s3" style="color:rgb(0,0,0)">=</span><span class="gmail-s5" style="color:rgb(57,51,255)">"passwordExpiration"</span><span class="gmail-s3" style="color:rgb(0,0,0)"> </span>p:resultIfMissing<span class="gmail-s3" style="color:rgb(0,0,0)">=</span><span class="gmail-s5" style="color:rgb(57,51,255)">"true"</span><span class="gmail-s1" style="color:rgb(0,145,147)">></span></p>
<p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco;color:rgb(78,145,146)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">        </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"><</span>constructor-arg<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">name</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span><span class="gmail-s5" style="color:rgb(57,51,255)">"formatter"</span><span class="gmail-s1" style="color:rgb(0,145,147)">></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco;color:rgb(57,51,255)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">            </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"><</span><span class="gmail-s2" style="color:rgb(78,145,146)">bean</span><span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">class</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"org.joda.time.format.DateTimeFormat"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">factory-method</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"forPattern"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">c:_0</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"yyyyMMddHHmmss'T'"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s1" style="color:rgb(0,145,147)">/></span></p>
<p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco;color:rgb(78,145,146)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">        </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"></</span>constructor-arg<span class="gmail-s1" style="color:rgb(0,145,147)">></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco;color:rgb(57,51,255)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">        </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"><</span><span class="gmail-s2" style="color:rgb(78,145,146)">property</span><span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">name</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"systemTimeOffset"<span class="gmail-s1" style="color:rgb(0,145,147)">></span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco;color:rgb(57,51,255)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">            </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"><</span><span class="gmail-s2" style="color:rgb(78,145,146)">bean</span><span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">class</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"org.joda.time.Duration"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">factory-method</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"standardDays"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">c:_0</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"-14"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s1" style="color:rgb(0,145,147)">/></span></p>
<p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco"><span class="gmail-Apple-converted-space">        </span><span class="gmail-s1" style="color:rgb(0,145,147)"></</span><span class="gmail-s2" style="color:rgb(78,145,146)">property</span><span class="gmail-s1" style="color:rgb(0,145,147)">></span></p>
<p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco"><span class="gmail-Apple-converted-space">    </span><span class="gmail-s1" style="color:rgb(0,145,147)"></</span><span class="gmail-s2" style="color:rgb(78,145,146)">bean</span><span class="gmail-s1" style="color:rgb(0,145,147)">></span></p><p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco"><span class="gmail-s1" style="color:rgb(0,145,147)"><br></span></p><p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco"><span class="gmail-s1" style="color:rgb(0,145,147)"><br></span></p><p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco"><span style="font-family:Arial,Helvetica,sans-serif;font-size:small">WHAT I HAVE SO FAR</span><br></p><p class="gmail-p1" style="margin:0px;font:13px Monaco;color:rgb(57,51,255)"><span class="gmail-s1" style="color:rgb(0,145,147)"><</span><span class="gmail-s2" style="color:rgb(78,145,146)">bean</span><span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">id</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"shibboleth.expiring-password.Condition"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">parent</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"shibboleth.Conditions.AND"<span class="gmail-s1" style="color:rgb(0,145,147)">></span></p><p class="gmail-p2" style="margin:0px;font:13px Monaco;color:rgb(78,145,146)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">        </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"><</span>constructor-arg<span class="gmail-s1" style="color:rgb(0,145,147)">></span></p><p class="gmail-p3" style="margin:0px;font:13px Monaco"><span class="gmail-Apple-converted-space">             </span><span class="gmail-s1" style="color:rgb(0,145,147)"><</span><span class="gmail-s2" style="color:rgb(78,145,146)">list</span><span class="gmail-s1" style="color:rgb(0,145,147)">></span></p><p class="gmail-p1" style="margin:0px;font:13px Monaco;color:rgb(57,51,255)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">                 </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"><</span><span class="gmail-s2" style="color:rgb(78,145,146)">bean</span><span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s4" style="color:rgb(147,33,146)">class</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"net.shibboleth.idp.profile.logic.RegexAttributePredicate"</p><p class="gmail-p3" style="margin:0px;font:13px Monaco"><span class="gmail-Apple-converted-space">                         </span><span class="gmail-s4" style="color:rgb(147,33,146)">p:useUnfilteredAttributes</span>=<span class="gmail-s5" style="color:rgb(57,51,255)">"true"</span></p><p class="gmail-p3" style="margin:0px;font:13px Monaco"><span class="gmail-Apple-converted-space">                         </span><span class="gmail-s4" style="color:rgb(147,33,146)">p:attributeId</span>=<span class="gmail-s5" style="color:rgb(57,51,255)">"memberOf"</span></p><p class="gmail-p1" style="margin:0px;font:13px Monaco;color:rgb(57,51,255)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space">                         </span></span><span class="gmail-s4" style="color:rgb(147,33,146)">p:pattern</span><span class="gmail-s3" style="color:rgb(0,0,0)">=</span>"^ou=foo,dc=example,dc=edu.*$"<span class="gmail-s3" style="color:rgb(0,0,0)"> </span><span class="gmail-s1" style="color:rgb(0,145,147)">/></span></p><p class="gmail-p3" style="margin:0px;font:13px Monaco"><span class="gmail-Apple-converted-space">             </span><span class="gmail-s1" style="color:rgb(0,145,147)"></</span><span class="gmail-s2" style="color:rgb(78,145,146)">list</span><span class="gmail-s1" style="color:rgb(0,145,147)">></span></p><p class="gmail-p2" style="margin:0px;font:13px Monaco;color:rgb(78,145,146)"><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre">    </span><span class="gmail-Apple-tab-span" style="white-space:pre">      </span></span><span class="gmail-s1" style="color:rgb(0,145,147)"></</span>constructor-arg<span class="gmail-s1" style="color:rgb(0,145,147)">></span><span class="gmail-s3" style="color:rgb(0,0,0)"><span class="gmail-Apple-converted-space"> </span></span></p><p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco"><span class="gmail-s1" style="color:rgb(0,145,147)">














</span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Monaco"><span class="gmail-Apple-converted-space">    </span><span class="gmail-s1" style="color:rgb(0,145,147)"></</span><span class="gmail-s2" style="color:rgb(78,145,146)">bean</span><span class="gmail-s1" style="color:rgb(0,145,147)">></span></p></div></div></div></div>