Update, the accountstatus policy works. Example : accountState=[org.ldaptive.auth.ext.ActiveDirectoryAccountState@1069687705::accountWarnings=null, accountErrors=[ACCOUNT_DISABLED]], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903CF, comment: AcceptSecurityContext error, data 533, v2580], controls=null]> 2015-09-30 15:48:35,255 DEBUG [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - <Handling ACCOUNT_DISABLED>
Then, the cas shows the warning page. The problem is just on expiration policy : accountWarnings is null. I'm using the 'Active Directory Authentication' method. I'm not sure but i suppose an AD user can't read the MaxPwdAge attribute (not enought privilege maybe). Does someone have the accountWarning policy working ? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user