[midPoint] Password Aging?

Ivan Noris ivan.noris at evolveum.com
Tue Oct 8 06:14:57 UTC 2019


Hi, 
if you are talking about password aging using maxAge in the security policy, this works for midPoint authentication. 
Users with passwords out of the maxAge (since the last password change) are not allowed to login to midPoint. 

Best regards, 
Ivan 


From: JStanczak at vinu.edu 
To: "midPoint General Discussion" <midpoint at lists.evolveum.com> 
Sent: Monday, October 7, 2019 2:08:43 PM 
Subject: [midPoint] Password Aging? 

I'm trying to age passwords that have not been changed in 180 days. I can set a "valid to" and the expire works fine. But password aging doesn't seem to change it. I'm not sure where I went wrong. 

<maxAge>P180D</maxAge> 


<attribute id="4"> 
<c:ref>ri:expired</c:ref> 
<tolerant>true</tolerant> 
<exclusiveStrong>false</exclusiveStrong> 
<outbound> 
<authoritative>true</authoritative> 
<exclusive>false</exclusive> 
<strength>normal</strength> 
<source> 
<c:path>$focus/activation/effectiveStatus</c:path> 
</source> 
<expression> 
<script xmlns:xsi=" [ http://www.w3.org/2001/XMLSchema-instance | http://www.w3.org/2001/XMLSchema-instance ] " xsi:type="c:ScriptExpressionEvaluatorType"> 
<code> 
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType; 
return effectiveStatus == ActivationStatusType.DISABLED; 
</code> 
</script> 
</expression> 
</outbound> 
</attribute> 

Thanks. 

_______________________________________________ 
midPoint mailing list 
midPoint at lists.evolveum.com 
http://lists.evolveum.com/mailman/listinfo/midpoint 

-- 
Ivan Noris 
Senior Identity Engineer 
evolveum.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20191008/a20633fc/attachment.html>


More information about the midPoint mailing list