So I'm trying to figure out the best way to handle this in CAS. Seems like there are a couple of option that would work.
We want to expire out certain accounts. We plan to do this if the had a hard password reset from the Help Desk. The user would then need to go back into our password management system and change their password to something only they know. We also may use it if we audit the sAM and find known bad credentials. We do AD / LDAP authentication. We would want to sent them over to our account management system to change their password their. To get into there, they need to auth via CAS. They may also need to MFA in CAS, and then MFA again in the management application. Is there a good way to do this with the password policy? My knowledge when it comes to that is pretty much zero. How does the warning part works? Does the redirection of the flow contain the CAS ticket? Does it happen post MFA? The other idea we had was to use the AUP. We don't normally use it, so it is available for use to use. We could trigger the AUP based off of something in AD, and tell the user that they need to change their credentials. That would allow them to finish the task they logged in with. So it looks like there are a couple of options for notification to the user and getting them over to another system. What isn't clear to me is what the best path would be. Oh, we're on 5.1, but really should go to 5.3. So I'm looking for the modern options. Thanks, Richard -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b0013d44-0061-2036-4166-02d7cc680a54%40ndsu.edu.
