<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi,</p>
<p>AFAIK there is no flag about the password being expired. The
authentication simply compares the current timestamp with the
last-modified timestamp of the password and uses this according to
the policy.</p>
<p>I'm not aware of any way how to propagate this with default
midpoint. Maybe someone else is.</p>
<p><br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 8. 10. 2019 14:24,
<a class="moz-txt-link-abbreviated" href="mailto:JStanczak@vinu.edu">JStanczak@vinu.edu</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OFACDE9DE9.DC3396AD-ON8525848D.00441AAC-8525848D.00442808@vinu.edu">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<font size="2" face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif">
<div>Yes. I'm talking about the maxAge. It does expire users
from Midpoint login... but I'm wanting to map that boolean
condition to one of my resources. This resource will trigger
the user to update their password when they attempt a login to
CAS. I'm not using Midpoint for login... just admin logins. I
want both features working. I want to expire admins using
Midpoint and also expire regular users in another system. </div>
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
<br>
<font color="#990099">-----"midPoint" <<a
href="mailto:midpoint-bounces@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint-bounces@lists.evolveum.com</a>>
wrote: -----</font>
<div class="iNotesHistory" style="padding-left:5px;">
<div
style="padding-right:0px;padding-left:5px;border-left:solid
black 2px;">To: "midPoint General Discussion" <<a
href="mailto:midpoint@lists.evolveum.com" target="_blank"
moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
From: "Ivan Noris" <ivan.noris@evolveum.com><br>
Sent by: "midPoint" <midpoint-bounces@lists.evolveum.com><br>
Date: 10/08/2019 02:15AM<br>
Subject: Re: [midPoint] Password Aging?<br>
<br>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 12pt;"><font color="#000000">
<div>Hi,</div>
<div>if you are talking about password aging using
maxAge in the security policy, this works for
midPoint authentication.</div>
<div>Users with passwords out of the maxAge (since
the last password change) are not allowed to login
to midPoint.</div>
<div><br data-mce-bogus="1">
</div>
<div>Best regards,</div>
<div>Ivan</div>
<div><br>
</div>
<hr id="zwchr" data-marker="__DIVIDER__">
<div data-marker="__HEADERS__"><b>From: </b><a
href="mailto:JStanczak@vinu.edu" target="_blank"
moz-do-not-send="true">JStanczak@vinu.edu</a><br>
<b>To: </b>"midPoint General Discussion" <<a
href="mailto:midpoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
<b>Sent: </b>Monday, October 7, 2019 2:08:43 PM<br>
<b>Subject: </b>[midPoint] Password Aging?<br>
</div>
<div><br>
</div>
<div data-marker="__QUOTED_TEXT__"><font size="2"
face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif">
<div style="">
<div style="">
<div>I'm trying to age passwords that have
not been changed in 180 days. I can set a
"valid to" and the expire works fine. But
password aging doesn't seem to change it.
I'm not sure where I went wrong. </div>
<div><span style="font-size: 12.8px;"><br>
</span></div>
<div><span style="font-size: 12.8px;"><maxAge>P180D</maxAge></span><br>
</div>
<br>
<br>
<div><attribute id="4"></div>
<div><c:ref>ri:expired</c:ref></div>
<div><tolerant>true</tolerant></div>
<div><exclusiveStrong>false</exclusiveStrong></div>
<div><outbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <source></div>
<div>
<c:path>$focus/activation/effectiveStatus</c:path></div>
<div> </source></div>
<div> <expression></div>
<div> <script xmlns:xsi="<a
href="http://www.w3.org/2001/XMLSchema-instance"
target="_blank" moz-do-not-send="true">http://www.w3.org/2001/XMLSchema-instance</a>"
xsi:type="c:ScriptExpressionEvaluatorType"></div>
<div> <code></div>
<div>import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;</div>
<div>return effectiveStatus ==
ActivationStatusType.DISABLED;</div>
<div></code></div>
<div> </script></div>
<div> </expression></div>
<div></outbound></div>
<div></attribute></div>
<br>
<div>Thanks.</div>
</div>
</div>
</font>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
<div><br>
</div>
<div data-marker="__SIG_POST__">-- <br>
</div>
<div>Ivan Noris<br>
Senior Identity Engineer<br>
evolveum.com</div>
</font></div>
<div><font size="2" face="Courier New,Courier,monospace">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</font></div>
</midpoint-bounces@lists.evolveum.com></ivan.noris@evolveum.com></div>
</div>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
</body>
</html>