<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>what about a mapping that will compute this flag based on the
credentials/password in the user object?</p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 09.10.2019 8:37, Ivan Noris wrote:<br>
</div>
<blockquote type="cite"
cite="mid:bb133ef2-6c44-97ef-1d4f-a135fd99ee1e@evolveum.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi,</p>
<p>AFAIK there is no flag about the password being expired. The
authentication simply compares the current timestamp with the
last-modified timestamp of the password and uses this according
to the policy.</p>
<p>I'm not aware of any way how to propagate this with default
midpoint. Maybe someone else is.</p>
<p><br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 8. 10. 2019 14:24, <a
class="moz-txt-link-abbreviated"
href="mailto:JStanczak@vinu.edu" moz-do-not-send="true">JStanczak@vinu.edu</a>
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OFACDE9DE9.DC3396AD-ON8525848D.00441AAC-8525848D.00442808@vinu.edu">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<font size="2" face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif">
<div>Yes. I'm talking about the maxAge. It does expire users
from Midpoint login... but I'm wanting to map that boolean
condition to one of my resources. This resource will trigger
the user to update their password when they attempt a login
to CAS. I'm not using Midpoint for login... just admin
logins. I want both features working. I want to expire
admins using Midpoint and also expire regular users in
another system. </div>
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
<br>
<font color="#990099">-----"midPoint" <<a
href="mailto:midpoint-bounces@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint-bounces@lists.evolveum.com</a>>
wrote: -----</font>
<div class="iNotesHistory" style="padding-left:5px;">
<div
style="padding-right:0px;padding-left:5px;border-left:solid
black 2px;">To: "midPoint General Discussion" <<a
href="mailto:midpoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
From: "Ivan Noris" <ivan.noris@evolveum.com><br>
Sent by: "midPoint" <midpoint-bounces@lists.evolveum.com><br>
Date: 10/08/2019 02:15AM<br>
Subject: Re: [midPoint] Password Aging?<br>
<br>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 12pt;"><font color="#000000">
<div>Hi,</div>
<div>if you are talking about password aging using
maxAge in the security policy, this works for
midPoint authentication.</div>
<div>Users with passwords out of the maxAge (since
the last password change) are not allowed to
login to midPoint.</div>
<div><br data-mce-bogus="1">
</div>
<div>Best regards,</div>
<div>Ivan</div>
<div><br>
</div>
<hr id="zwchr" data-marker="__DIVIDER__">
<div data-marker="__HEADERS__"><b>From: </b><a
href="mailto:JStanczak@vinu.edu"
target="_blank" moz-do-not-send="true">JStanczak@vinu.edu</a><br>
<b>To: </b>"midPoint General Discussion" <<a
href="mailto:midpoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
<b>Sent: </b>Monday, October 7, 2019 2:08:43 PM<br>
<b>Subject: </b>[midPoint] Password Aging?<br>
</div>
<div><br>
</div>
<div data-marker="__QUOTED_TEXT__"><font size="2"
face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif">
<div style="">
<div style="">
<div>I'm trying to age passwords that have
not been changed in 180 days. I can set
a "valid to" and the expire works fine.
But password aging doesn't seem to
change it. I'm not sure where I went
wrong. </div>
<div><span style="font-size: 12.8px;"><br>
</span></div>
<div><span style="font-size: 12.8px;"><maxAge>P180D</maxAge></span><br>
</div>
<br>
<br>
<div><attribute id="4"></div>
<div><c:ref>ri:expired</c:ref></div>
<div><tolerant>true</tolerant></div>
<div><exclusiveStrong>false</exclusiveStrong></div>
<div><outbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <source></div>
<div>
<c:path>$focus/activation/effectiveStatus</c:path></div>
<div> </source></div>
<div> <expression></div>
<div> <script xmlns:xsi="<a
href="http://www.w3.org/2001/XMLSchema-instance"
target="_blank" moz-do-not-send="true">http://www.w3.org/2001/XMLSchema-instance</a>"
xsi:type="c:ScriptExpressionEvaluatorType"></div>
<div> <code></div>
<div>import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;</div>
<div>return effectiveStatus ==
ActivationStatusType.DISABLED;</div>
<div></code></div>
<div> </script></div>
<div> </expression></div>
<div></outbound></div>
<div></attribute></div>
<br>
<div>Thanks.</div>
</div>
</div>
</font> <br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
<div><br>
</div>
<div data-marker="__SIG_POST__">-- <br>
</div>
<div>Ivan Noris<br>
Senior Identity Engineer<br>
evolveum.com</div>
</font></div>
<div><font size="2" face="Courier
New,Courier,monospace">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</font></div>
</midpoint-bounces@lists.evolveum.com></ivan.noris@evolveum.com></div>
</div>
</font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
evolveum.com
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>