Hello Eric, On Thu, Mar 29, 2012 at 9:03 PM, Eric Pierce <[email protected]> wrote:
> It doesn't support ppolicy directly, since the warning messages aren't > exposed by the Spring-LDAP library. Yes, I know. I had to use (a slightly modified version of) spring-security-ldap-3.1.0 in order to get them. However, take a look at the LPPE feature branch ( > https://github.com/Jasig/cas/tree/feature-lppe) and search the list > archives for LPPE. It searches the directory for the time the password was > last changed, calculates when the password will expire and notifies the > user if the password will expire soon. It doesn't check for grace logins > remaining, but that could be added pretty easily. > I have already downloaded the LPPE feature branch from https://github.com/Jasig/cas/tree/feature-lppe and that's the base of my deployment. I have seen the relevant code, but I would like to get expirationTime directly from ldap, so that user can have the same experience when authenticating through CAS or any other non-SSO application. Using spring-security-ldap and rebinding again in a later step, did the "trick", but this could cause problems when graceAuthNsRemaining are limited, so that's why I wanted to use the warning messages that I get in authentication step. By the way is https://github.com/Jasig/cas/tree/feature-lppe really the "latest" code cause 1) I am keep getting Class Not Found Exception when deploying ( org.jasig.cas.web.flow.LdapPwdAuthenticationViaFormAction) and 2) I think that configuration options are missing (patterns to match against error codes). Thanks, Pavlos > > On Thu, Mar 29, 2012 at 12:07 PM, Pavlos Drandakis <[email protected]>wrote: > >> Hello all, >> >> When binding successfully to a ppolicy enabled ldap server, a warning >> message about timeBeforeExpiration or graceAuthNsRemaining might also be >> included in server's response. >> Is there a way to propagate this message (from >> authenticateUsernamePasswordInternal in BindLdapAuthenticationHandler) so >> that it will be available later (i.e for showing a relevant view)? >> >> Thanks, >> Pavlos >> >> -- >> You are currently subscribed to [email protected] as: [email protected] >> >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > > > -- > Eric Pierce > Identity Management Architect > Information Technology > University of South Florida > (813) 974-8868 -- [email protected] > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
