<font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2"><div style="font-family: Verdana, Arial, Helvetica, sans-serif;">I think this might be the final. Thanks.</div><div style="font-family: Verdana, Arial, Helvetica, sans-serif;"><br></div><div style="font-family: Verdana, Arial, Helvetica, sans-serif;"><b><br></b></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b><attribute id="4"></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <c:ref>ri:expired</c:ref></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <tolerant>true</tolerant></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <exclusiveStrong>false</exclusiveStrong></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <outbound></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <authoritative>true</authoritative></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <exclusive>false</exclusive></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <strength>strong</strength></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <source></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <c:path>$user/credentials/password/metadata/modifyTimestamp</c:path></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </source></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <expression></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>" xsi:type="c:ScriptExpressionEvaluatorType"></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> <code></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> import java.time.Duration;</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> import java.time.LocalDateTime;</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> import java.time.ZoneId;</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> Date mod = modifyTimestamp.toGregorianCalendar().getTime();</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> LocalDateTime newDate = LocalDateTime.now();</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> LocalDateTime oldDate = mod.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime();</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> Duration duration = Duration.between(oldDate, newDate);</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> return duration.toDays() > 180;</b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </code></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </script></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </expression></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </outbound></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><b> </attribute></b></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><br></font></div><div style=""><font face="Verdana, Arial, Helvetica, sans-serif"><br></font></div><div class="iNotesHistory" style="font-family: Verdana, Arial, Helvetica, sans-serif; padding-left: 5px;"><div style="padding-right:0px;padding-left:5px;border-left:solid black 2px;"><midpoint-bounces@lists.evolveum.com><font face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" size="2"><br><font color="#990099" style="font-family: Verdana, Arial, Helvetica, sans-serif;">-----"midPoint" <<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank">midpoint-bounces@lists.evolveum.com</a>> wrote: -----</font><div class="iNotesHistory" style="font-family: Verdana, Arial, Helvetica, sans-serif; padding-left: 5px;"><div style="padding-right:0px;padding-left:5px;border-left:solid black 2px;">To: <a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><br>From: "Pavol Mederly" <!--Notes ACF
<mederly@evolveum.com>--><br>Sent by: "midPoint" <!--Notes ACF
<midpoint-bounces@lists.evolveum.com>--><br>Date: 10/09/2019 03:07AM<br>Subject: Re: [midPoint] Password Aging?<br><br>
<!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">-->
<p>Hello,</p>
<p>what about a mapping that will compute this flag based on the
credentials/password in the user object?</p>
<p>Best regards,<br>
</p>
<div><font face="Courier New,Courier,monospace" size="2">Pavol Mederly<br>Software developer<br>evolveum.com<br></font></div>
<div class="moz-cite-prefix">On 09.10.2019 8:37, Ivan Noris wrote:<br>
</div>
<blockquote type="cite" cite="mid:bb133ef2-6c44-97ef-1d4f-a135fd99ee1e@evolveum.com">
<!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">-->
<p>Hi,</p>
<p>AFAIK there is no flag about the password being expired. The
authentication simply compares the current timestamp with the
last-modified timestamp of the password and uses this according
to the policy.</p>
<p>I'm not aware of any way how to propagate this with default
midpoint. Maybe someone else is.</p>
<p><br>
</p>
<p>Best regards,</p>
<p>Ivan<br>
</p>
<div class="moz-cite-prefix">On 8. 10. 2019 14:24, <a class="moz-txt-link-abbreviated" href="mailto:JStanczak@vinu.edu" moz-do-not-send="true">JStanczak@vinu.edu</a>
wrote:<br>
</div>
<blockquote type="cite" cite="mid:OFACDE9DE9.DC3396AD-ON8525848D.00441AAC-8525848D.00442808@vinu.edu">
<!--Notes ACF
<meta http-equiv="content-type" content="text/html; charset=UTF-8">-->
<font size="2" face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif">
<div>Yes. I'm talking about the maxAge. It does expire users
from Midpoint login... but I'm wanting to map that boolean
condition to one of my resources. This resource will trigger
the user to update their password when they attempt a login
to CAS. I'm not using Midpoint for login... just admin
logins. I want both features working. I want to expire
admins using Midpoint and also expire regular users in
another system. </div>
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
<br>
<font color="#990099">-----"midPoint" <<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank" moz-do-not-send="true">midpoint-bounces@lists.evolveum.com</a>>
wrote: -----</font>
<div class="iNotesHistory" style="padding-left:5px;">
<div style="padding-right:0px;padding-left:5px;border-left:solid black 2px;">To: "midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
From: "Ivan Noris" <!--Notes ACF
<ivan.noris@evolveum.com>--><br>
Sent by: "midPoint" <!--Notes ACF
<midpoint-bounces@lists.evolveum.com>--><br>
Date: 10/08/2019 02:15AM<br>
Subject: Re: [midPoint] Password Aging?<br>
<br>
<div style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><font color="#000000">
<div>Hi,</div>
<div>if you are talking about password aging using
maxAge in the security policy, this works for
midPoint authentication.</div>
<div>Users with passwords out of the maxAge (since
the last password change) are not allowed to
login to midPoint.</div>
<div><br data-mce-bogus="1">
</div>
<div>Best regards,</div>
<div>Ivan</div>
<div><br>
</div>
<hr id="zwchr" data-marker="__DIVIDER__">
<div data-marker="__HEADERS__"><b>From: </b><a href="mailto:JStanczak@vinu.edu" target="_blank" moz-do-not-send="true">JStanczak@vinu.edu</a><br>
<b>To: </b>"midPoint General Discussion" <<a href="mailto:midpoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midpoint@lists.evolveum.com</a>><br>
<b>Sent: </b>Monday, October 7, 2019 2:08:43 PM<br>
<b>Subject: </b>[midPoint] Password Aging?<br>
</div>
<div><br>
</div>
<div data-marker="__QUOTED_TEXT__"><font size="2" face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif">
<div style="">
<div style="">
<div>I'm trying to age passwords that have
not been changed in 180 days. I can set
a "valid to" and the expire works fine.
But password aging doesn't seem to
change it. I'm not sure where I went
wrong. </div>
<div><span style="font-size: 12.8px;"><br>
</span></div>
<div><span style="font-size: 12.8px;"><maxAge>P180D</maxAge></span><br>
</div>
<br>
<br>
<div><attribute id="4"></div>
<div><c:ref>ri:expired</c:ref></div>
<div><tolerant>true</tolerant></div>
<div><exclusiveStrong>false</exclusiveStrong></div>
<div><outbound></div>
<div>
<authoritative>true</authoritative></div>
<div>
<exclusive>false</exclusive></div>
<div>
<strength>normal</strength></div>
<div> <source></div>
<div>
<c:path>$focus/activation/effectiveStatus</c:path></div>
<div> </source></div>
<div> <expression></div>
<div> <script xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/XMLSchema-instance</a>"
xsi:type="c:ScriptExpressionEvaluatorType"></div>
<div> <code></div>
<div>import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;</div>
<div>return effectiveStatus ==
ActivationStatusType.DISABLED;</div>
<div></code></div>
<div> </script></div>
<div> </expression></div>
<div></outbound></div>
<div></attribute></div>
<br>
<div>Thanks.</div>
</div>
</div>
</font> <br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div>
<div><br>
</div>
<div data-marker="__SIG_POST__">-- <br>
</div>
<div>Ivan Noris<br>
Senior Identity Engineer<br>
evolveum.com</div>
</font></div>
<div><font size="2" face="Courier New,Courier,monospace">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</font></div>
<!--Notes ACF
</midpoint-bounces@lists.evolveum.com>--><!--Notes ACF
</ivan.noris@evolveum.com>--></div>
</div>
</font> <br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<div><font face="Courier New,Courier,monospace" size="2">_______________________________________________<br>midPoint mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br><a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" moz-do-not-send="true">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></font></div>
</blockquote>
<div><font face="Courier New,Courier,monospace" size="2">-- <br>Ivan Noris<br>Senior Identity Engineer<br>evolveum.com<br></font></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<div><font face="Courier New,Courier,monospace" size="2">_______________________________________________<br>midPoint mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br><a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></font></div>
</blockquote>
<div><font face="Courier New,Courier,monospace" size="2">_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></font></div><!--Notes ACF
</midpoint-bounces@lists.evolveum.com>--><!--Notes ACF
</mederly@evolveum.com>--></div></div></font>
<div><font face="Courier New,Courier,monospace" size="2">_______________________________________________<br>midPoint mailing list<br><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br></font></div></midpoint-bounces@lists.evolveum.com></div></div></font>