[midPoint] Password Aging?
Ivan Noris
ivan.noris at evolveum.com
Tue Oct 8 08:14:57 CEST 2019
Hi,
if you are talking about password aging using maxAge in the security policy, this works for midPoint authentication.
Users with passwords out of the maxAge (since the last password change) are not allowed to login to midPoint.
Best regards,
Ivan
From: JStanczak at vinu.edu
To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
Sent: Monday, October 7, 2019 2:08:43 PM
Subject: [midPoint] Password Aging?
I'm trying to age passwords that have not been changed in 180 days. I can set a "valid to" and the expire works fine. But password aging doesn't seem to change it. I'm not sure where I went wrong.
<maxAge>P180D</maxAge>
<attribute id="4">
<c:ref>ri:expired</c:ref>
<tolerant>true</tolerant>
<exclusiveStrong>false</exclusiveStrong>
<outbound>
<authoritative>true</authoritative>
<exclusive>false</exclusive>
<strength>normal</strength>
<source>
<c:path>$focus/activation/effectiveStatus</c:path>
</source>
<expression>
<script xmlns:xsi=" [ http://www.w3.org/2001/XMLSchema-instance | http://www.w3.org/2001/XMLSchema-instance ] " xsi:type="c:ScriptExpressionEvaluatorType">
<code>
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
return effectiveStatus == ActivationStatusType.DISABLED;
</code>
</script>
</expression>
</outbound>
</attribute>
Thanks.
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20191008/a20633fc/attachment.htm>
More information about the midPoint
mailing list