I would also suggest starting with LPPE, although I have found a couple things here… I’m using 3.5.2 with cas-server-core, cas-server-support-ldap and cas-server-webapp built from git (the other modules are 3.5.2 off the maven shelf).
LPPE has a configurable default value. You tell it which field in LDAP is the password expiration time (for us it is shadowLastChange) and the field for password expiration/warning. You also configure the default value if none exists. The issue here was that if one user comes along with no value, they get the default. Another user enters with a value in their attributes, and that one is used. If the first user logs in again, they will then inherit the values for the previous user (the one with values present) I don’t know if a fix for this has been included in the v4 or v3.5.x branches (or if there is even a bug report on this), but I fixed this in the LPPE module by creating two new variables: useExpireDays and useWarnDays. These values are the ones calculated on, and the configured defaults are never overwritten. We also have a new user flag that we use to send the user to our identity system the first time they log in. I was using the conn college interrupts library but after some other inspection (among other issues like tomcat being a pain and load concerns) I moved that logic into LPPE as well – gathering the new user attribute at the same time that LPPE goes to get the warn and expire attributes. If the user is new, I and returning a value of -1000 back to LPPE, which will then send back to the webflow a result(“newUser”). From here I can then direct that user to a different end-state, which is another jsp file that is defined in WEB-INF/classes/default_views.properties Hope I’m making sense, and hope this helps. -Michael. From: Stefan Holodnick [mailto:[email protected]] Sent: Friday, March 22, 2013 10:59 AM To: [email protected] Cc: [email protected]; [email protected] Subject: Re:[cas-user] Redirect to Intermediary Page After Login I'm using LDAP. Thanks for the suggestions, guys. I'll take a look at it. On Friday, March 15, 2013 3:18:30 PM UTC-4, Stefan Holodnick wrote: Hello, We are considering options for getting our students to update their password and security questions through our password management system. One thought was to have CAS redirect to an intermediary page where students can reset their passwords before they are directed to their desired service. Has anyone accomplished something like this? Does anyone have any suggestions on how to accomplish such a thing? I'm not seeing it in the CAS documentation, but if there is such information, I'd be interested in it. Thanks in advance. Stefan Holodnick -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:jasig-cas-user%[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
