[midPoint] Password Aging?

Pavol Mederly mederly at evolveum.com
Wed Oct 9 07:07:01 UTC 2019


Hello,

what about a mapping that will compute this flag based on the 
credentials/password in the user object?

Best regards,

Pavol Mederly
Software developer
evolveum.com

On 09.10.2019 8:37, Ivan Noris wrote:
>
> Hi,
>
> AFAIK there is no flag about the password being expired. The 
> authentication simply compares the current timestamp with the 
> last-modified timestamp of the password and uses this according to the 
> policy.
>
> I'm not aware of any way how to propagate this with default midpoint. 
> Maybe someone else is.
>
>
> Best regards,
>
> Ivan
>
> On 8. 10. 2019 14:24, JStanczak at vinu.edu wrote:
>> Yes. I'm talking about the maxAge. It does expire users from Midpoint 
>> login... but I'm wanting to map that boolean condition to one of my 
>> resources. This resource will trigger the user to update their 
>> password when they attempt a login to CAS. I'm not using Midpoint for 
>> login... just admin logins. I want both features working. I want to 
>> expire admins using Midpoint and also expire regular users in another 
>> system.
>>
>> Thanks.
>>
>>
>> -----"midPoint" <midpoint-bounces at lists.evolveum.com 
>> <mailto:midpoint-bounces at lists.evolveum.com>> wrote: -----
>> To: "midPoint General Discussion" <midpoint at lists.evolveum.com 
>> <mailto:midpoint at lists.evolveum.com>>
>> From: "Ivan Noris"
>> Sent by: "midPoint"
>> Date: 10/08/2019 02:15AM
>> Subject: Re: [midPoint] Password Aging?
>>
>> Hi,
>> if you are talking about password aging using maxAge in the security 
>> policy, this works for midPoint authentication.
>> Users with passwords out of the maxAge (since the last password 
>> change) are not allowed to login to midPoint.
>>
>> Best regards,
>> Ivan
>>
>> ------------------------------------------------------------------------
>> *From: *JStanczak at vinu.edu <mailto:JStanczak at vinu.edu>
>> *To: *"midPoint General Discussion" <midpoint at lists.evolveum.com 
>> <mailto:midpoint at lists.evolveum.com>>
>> *Sent: *Monday, October 7, 2019 2:08:43 PM
>> *Subject: *[midPoint] Password Aging?
>>
>> I'm trying to age passwords that have not been changed in 180 days. I 
>> can set a "valid to" and the expire works fine. But password aging 
>> doesn't seem to change it. I'm not sure where I went wrong.
>>
>> <maxAge>P180D</maxAge>
>>
>>
>> <attribute id="4">
>> <c:ref>ri:expired</c:ref>
>> <tolerant>true</tolerant>
>> <exclusiveStrong>false</exclusiveStrong>
>> <outbound>
>> <authoritative>true</authoritative>
>> <exclusive>false</exclusive>
>> <strength>normal</strength>
>>     <source>
>> <c:path>$focus/activation/effectiveStatus</c:path>
>>     </source>
>>     <expression>
>>         <script xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
>> xsi:type="c:ScriptExpressionEvaluatorType">
>>             <code>
>> import 
>> com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
>> return effectiveStatus == ActivationStatusType.DISABLED;
>> </code>
>>         </script>
>>     </expression>
>> </outbound>
>> </attribute>
>>
>> Thanks.
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> -- 
>> Ivan Noris
>> Senior Identity Engineer
>> evolveum.com
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> -- 
> Ivan Noris
> Senior Identity Engineer
> evolveum.com
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20191009/c7e6332d/attachment.html>


More information about the midPoint mailing list