LPPE Update

I've completed the merge of LPPE into the feature branch on
https://source.jasig.org/cas3/branches/cas-server-3.4.10-lppe/ such
that I can build and install CAS 3.4.10-LPPE-SNAPSHOT in my local mvn
repo.  This allows me to build a cas server with the feature via
simple local maven overlay.  To get it to work you need to pull in the
configuration files in the resources directory of
https://source.jasig.org/sandbox/cas-password-policy/branches/cas-server-support-ldap-pwd-expiration-3.4.x/

I have it working Active Directory and could induce the PasswordWarning screen.

I still need to spend some more time with the code and exercising
features.  I'd like to arrive at a maintainable approach for this
feature for CAS3 in the near term.  Would love some collaboration,
thoughts, comments on how best to improve on this and help identifying
any blockers for inclusion in CAS 3.5.

This work is being driven by requirements at Lamar University.

Best,
Bill


On Thu, Aug 25, 2011 at 9:11 PM, William G. Thompson, Jr.
<[email protected]> wrote:
> Folks,
>
> I've started a feature branch off of 3.4.10 to investigate
> incorporating LPPE into the baseline here:
> https://source.jasig.org/cas3/branches/cas-server-3.4.10-lppe/
>
> The lppe module (cas-server-support-ldap-ppolicy) is mostly additions,
> and it looks like they can be easily bypassed via a comment switch in
> login-flow.xml.  However, the module does carry forks of CASImpl,
> BindAuthNHandler, and AuthenticationViaFormAction to plug in the ldap
> error handling code.  These will have to reconciled somehow.
>
> For now, I'm just using the forked code to get it to work plus a maven
> overlay with the enabling configuration in:
> * login-webflow.xml
> * deployerConfigContext.xml
> * applicationContext.xml
> * cas-servlet.xml
>
> It's building and login/logout is working.  Hopefully tomorrow I can
> get ppolicy behavior working.
>
> Bill
>
>
> On Wed, Aug 24, 2011 at 5:27 PM, William G. Thompson, Jr.
> <[email protected]> wrote:
>> LPPE status update...
>>
>> 3.4.8 patch applied and tagged:
>> https://source.jasig.org/sandbox/cas-password-policy/tags/cas-server-support-ldap-pwd-expiration-3.4.8/
>>
>> CAS 3.4.10 changes pulled into LPPE and tagged:
>> https://source.jasig.org/sandbox/cas-password-policy/tags/cas-server-support-ldap-pwd-expiration-3.4.10/
>>
>> https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enforcement
>> updated with the current status.
>>
>> I have *not* run this code and have no idea if it is functional yet.
>> I plan to do that next.
>>
>> Generally it looks this module is mostly additions with very few
>> modifications.  At first glance it seems like it could be incorporated
>> into the core with modest evolution.    Check out the merge notes
>> here:
>> https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enformcement+3.4.10+Upgrade+Notes
>>
>> Perhaps LPPE is a reasonable candidate for CAS 3.5.
>>
>> Also looks like it might be possible to split this out into a module
>> (jars), plus a maven overlay.  Would appreciate feedback from folks on
>> how they are incorporating this code today.
>>
>> Best,
>> Bill
>>
>>
>>
>> On Tue, Aug 23, 2011 at 10:24 AM, William G. Thompson, Jr.
>> <[email protected]> wrote:
>>> Folks,
>>>
>>> I'm working on a new CAS deployment based on 3.4.10.  We have a
>>> requirement to implement LDAP Password Policy Enforcement.
>>> https://wiki.jasig.org/display/CASUM/LDAP+Password+Policy+Enforcement
>>>
>>> The wiki page describes the state of the module.  SVN is here:
>>> https://source.jasig.org/sandbox/cas-password-policy/ and the latest
>>> tag is for CAS 3.4.7.  There's also a patch file on the wiki for 3.4.8
>>> that's not in SVN.
>>>
>>> I started a branch to track CAS 3.4.x here:
>>> https://source.jasig.org/sandbox/cas-password-policy/branches/cas-server-support-ldap-pwd-expiration-3.4.x/
>>>
>>> I intend to apply the 3.4.8 patch, cut a tag, and then bring the 3.4.x
>>> branch up to 3.4.10, and cut another tag.  I'd like to get to a
>>> sustainable process and possibly figure out how to get this into the
>>> core at some point if that makes sense.
>>>
>>> Appreciate any feedback, help, etc.
>>>
>>> Best,
>>> Bill
>>>
>>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to