[midPoint] Password Aging?
Pavol Mederly
mederly at evolveum.com
Wed Oct 9 09:07:01 CEST 2019
Hello,
what about a mapping that will compute this flag based on the
credentials/password in the user object?
Best regards,
Pavol Mederly
Software developer
evolveum.com
On 09.10.2019 8:37, Ivan Noris wrote:
>
> Hi,
>
> AFAIK there is no flag about the password being expired. The
> authentication simply compares the current timestamp with the
> last-modified timestamp of the password and uses this according to the
> policy.
>
> I'm not aware of any way how to propagate this with default midpoint.
> Maybe someone else is.
>
>
> Best regards,
>
> Ivan
>
> On 8. 10. 2019 14:24, JStanczak at vinu.edu wrote:
>> Yes. I'm talking about the maxAge. It does expire users from Midpoint
>> login... but I'm wanting to map that boolean condition to one of my
>> resources. This resource will trigger the user to update their
>> password when they attempt a login to CAS. I'm not using Midpoint for
>> login... just admin logins. I want both features working. I want to
>> expire admins using Midpoint and also expire regular users in another
>> system.
>>
>> Thanks.
>>
>>
>> -----"midPoint" <midpoint-bounces at lists.evolveum.com
>> <mailto:midpoint-bounces at lists.evolveum.com>> wrote: -----
>> To: "midPoint General Discussion" <midpoint at lists.evolveum.com
>> <mailto:midpoint at lists.evolveum.com>>
>> From: "Ivan Noris"
>> Sent by: "midPoint"
>> Date: 10/08/2019 02:15AM
>> Subject: Re: [midPoint] Password Aging?
>>
>> Hi,
>> if you are talking about password aging using maxAge in the security
>> policy, this works for midPoint authentication.
>> Users with passwords out of the maxAge (since the last password
>> change) are not allowed to login to midPoint.
>>
>> Best regards,
>> Ivan
>>
>> ------------------------------------------------------------------------
>> *From: *JStanczak at vinu.edu <mailto:JStanczak at vinu.edu>
>> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com
>> <mailto:midpoint at lists.evolveum.com>>
>> *Sent: *Monday, October 7, 2019 2:08:43 PM
>> *Subject: *[midPoint] Password Aging?
>>
>> I'm trying to age passwords that have not been changed in 180 days. I
>> can set a "valid to" and the expire works fine. But password aging
>> doesn't seem to change it. I'm not sure where I went wrong.
>>
>> <maxAge>P180D</maxAge>
>>
>>
>> <attribute id="4">
>> <c:ref>ri:expired</c:ref>
>> <tolerant>true</tolerant>
>> <exclusiveStrong>false</exclusiveStrong>
>> <outbound>
>> <authoritative>true</authoritative>
>> <exclusive>false</exclusive>
>> <strength>normal</strength>
>> <source>
>> <c:path>$focus/activation/effectiveStatus</c:path>
>> </source>
>> <expression>
>> <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:type="c:ScriptExpressionEvaluatorType">
>> <code>
>> import
>> com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
>> return effectiveStatus == ActivationStatusType.DISABLED;
>> </code>
>> </script>
>> </expression>
>> </outbound>
>> </attribute>
>>
>> Thanks.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> --
>> Ivan Noris
>> Senior Identity Engineer
>> evolveum.com
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> --
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20191009/c7e6332d/attachment.htm>
More information about the midPoint
mailing list