Hi everyone.
I am looking to create a custom user store for Active Directory that uses the
User Account Control field to reflect whether a user is requiring a password
change based on an expired password. I was also looking to implement the
"force change password on first login" here as well.
I had initially looked into implementing this by changing/extending the
following:
https://docs.wso2.com/display/ISCONNECTORS/Configuring+Password+Policy+Authenticator
but due to the fact that in order to even get passed the initial step to even
invoke this code, the user must bind from the initial active directory user
store from the main plugin, this will not work with proper Active Directory
controls. When a user tries to bind when their UserAccountControl states their
password is expired, it will throw an exception.
My main question here is:
Is there a way to throw a custom exception from my new user store
implementation and catch it and direct the user to a different page (jsp or
context view) that I could then present the change password view to them. Or
is there ability to direct within the code to a different page somehow driven
from the User Store code?
Essentially my User Store code will override the doAuthenticate (I believe this
is the function) and if the user bind fails due to (but not with a bad
credentials exception), I will query the ldap entry and check the User Account
Control field, and if it has the flag set for expired password, I would like to
direct the user to a page asking for current password, and new password
(twice), much like the ISCONNECTOR code referenced above.
Any assistance pointing me in the right direction as to how this might be
possible would be appreciated (or simply telling me it's not possible).
Thanks
Ken McDonald | Security Consultant| Symcor Inc.
400-1 Robert Speck Parkway, Mississauga, Ontario, L4Z 4E7
Office: 905.273.1306 | Cell: 647.888.6548
CONFIDENTIALITY WARNING
This communication, including any attachments, is for the exclusive use of
addressee and may contain proprietary and/or confidential information. If you
are not the intended recipient, any use, copying, disclosure, dissemination or
distribution is strictly prohibited. If you are not the intended recipient,
please notify the sender immediately by return e-mail, delete this
communication and destroy all copies.
Symcor 1 Robert Speck Parkway, Suite 400, Mississauga, Ontario, Canada L4Z 4E7
www.symcor.com To unsubscribe from receiving promotional messages from Symcor,
email “unsubscribe” to [email protected] You will continue to receive regular
business communications from Symcor.
AVERTISSEMENT RELATIF À LA CONFIDENTIALITÉ
Ce message, ainsi que les pièces qui y sont jointes, est destiné à l’usage
exclusif de la personne à laquelle il s’adresse et peut contenir de
l’information personnelle ou confidentielle. Si le lecteur de ce message n’en
est pas le destinataire, nous l’avisons par la présente que toute diffusion,
distribution, reproduction ou utilisation de son contenu est strictement
interdite. Veuillez avertir sur-le-champ l’expéditeur par retour de courrier
électronique et supprimez ce message ainsi que toutes les pièces jointes.
Symcor, 1 Robert Speck Parkway, bureau 400, Mississauga, Ontario, Canada L4Z
4E7 www.symcor.com – Pour cesser de recevoir les messages promotionnels de
Symcor, veuillez envoyer un courriel portant la mention « Désinscription » à
[email protected]. Vous continuerez de recevoir les messages d’affaires
courants de Symcor.
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
