Hello, we want to force a user to change his password if it is expired. So the user can't use any CAS-Clients before changing his password.
We have no central application for changing that password so we want to include that functionality in CAS. So I think we have to create a change-password-screen where the current user is redirected to and forced to change his password. This has to happen before generating the TGT-Cookie, of course. Searching the web I've only found two sites with the same problem (other sites just offered a link to a password-change-application): 1. http://jasig.275507.n4.nabble.com/force-password-change-td255185.html 2. https://wiki.jasig.org/display/CASUM/Change+Password+Integration+With+Jasig+CAS+3.4.7 Both are a bit outdated or empty so I'm asking: - Can anyone point out different sites where this is dicussed, too? - Can anyone provide hints where to create new states in the login-flow and what parameters I shoud set when in order not to create security holes. Regards Jonathan Strampp -- NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone! Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
