Current File(s): conf/intercept/expiring-password-intercept-config.xml, views/intercept/expiring-password.vm
Format: Native Spring, Velocity
Table of Contents |
---|
Overview
The "expiring-password" interceptor flow is an example of how to use an interceptor to detect an expiring password and provide an advisory page to the user before completing the request. There are many ways to do this, and when LDAP is used there are some features available within the Password login flow for doing this kind of thing, but a more general approach is to track password expiration in a database or directory. This flow includes an example condition that examines such an attribute, and based on configurable policy, displays a template to the user.
...
The bean named shibboleth.expiring-password.Condition in conf/intercept/expiring-password-intercept-config.xml must be defined by you with the condition you want to apply. The bean must be of type Predicate<ProfileRequestContext>, but beyond that, it can do anything, and if the condition evaluates "false", then the view will be displayed.
The example provided uses a built-in class that can evaluate an IdPAttribute produced by the attribute resolver and parses its value into a timestamp to evaluate against a threshold. It can be configured with a format to use to parse out the timestamp and an offset to apply. The offset essentially determines how soon before the actual time that the condition will evaluate to false.
...
The other configurable feature is an anti-nag device, a cookie that tracks when the view is displayed and based on the value, prevents re-display of the view unless a configurable amount of time has elapsed.
Reference
Localtabgroup | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|