Actually i read that flag after check username and password.
When the user post a correct username and correct password but the
flag is "on" i throw an appropriate exception and the user see the
message in loginView (you must change password before authenticate).
Correct.
To allow the user to change his password, you must provide a link to
some application where you handle the password change.
I'm not sure if CAS itself is the right one to provide such a
functionality.
I for myself provide a link to a customer management application,
where the user is able to change his pw.
Robert
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
