Nice branch compare on github: https://github.com/Jasig/cas/compare/master...feature-lppe
On Thu, May 3, 2012 at 8:53 PM, William G. Thompson, Jr. <wgt...@gmail.com> wrote: > Thanks Misagh. The changes have been pulled into the feature-lppe > branch. It would be great to some feedback on this prior to merge to > master. > > We're now just about 7 days from RC1 freeze. > > Bill > > > On Thu, May 3, 2012 at 7:09 PM, Misagh Moayyed <mmoay...@unicon.net> wrote: >> Folks, >> >> I have been working on CAS LPPE support for the past week or so locally and >> have made a number of adjustments and enhancements to further better the >> feature. I will attempt to submit a pull request later today but would like >> to summarize the current changeset here as much as possible: >> >> >> >> - LPPE supports a number of scenarios. Namely, they are: >> >> 1. Account is disabled >> >> 2. Account is expired >> >> 3. Account is attempting to login at an unaccepted time >> >> 4. Account is attempting to login from an unaccepted workstation >> >> 5. Account must change the password on login >> >> 6. Account password will expire soon. >> >> >> >> Scenarios from #1 to #5 automatically occur during authentication where >> LDAP/AD would reject the account by throwing in specific errors code. LPPE >> attempts to look for the returned error code and redirect the user to the >> relevant view. #6 is slightly different because password warning >> calculations will occur after the user has passed the authentication step. >> >> >> >> - LPPE is currently off by default. To enable the entire feature >> set using perhaps the maven overlay method, a deployer would have to do the >> following: >> >> o Relevant LPPE settings (including LDAP urls, etc) need to be defined in >> the cas.properties file, including the URL that user would have to go for >> password maintenance. >> >> o To enable #1 to #5, error definitions must be described by the relevant >> authentication handler in the config file. I have included a sample in the >> commits that shows what they may be. Codes that go unhandled will simply >> prevent the user from logging in, just like before. >> >> o To enable #6. The ‘enabled’ property (currently set to false) would need >> to be set in the cas.properties file. >> >> >> >> - LPPE uses the JodaTime library to calculate expiration dates, >> etc. >> >> - Almost all changes are contained inside the ldap module, with the >> exception of login flow and a few other config files (messages, properties, >> etc). >> >> >> >> I have tested all said scenarios with a local AD account, with/without the >> service parameter and with a valid account whose password is set to never >> expire. All checks out. >> >> >> >> When time permits, please review. Feedback is much appreciated. >> >> >> >> Regards, >> >> -Misagh >> >> >> >> >> >> >> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: wgt...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
