Clarification LPPE and AD on CAS 5
142 views
Skip to first unread message
Andrew Tillinghast
May 8, 2017, 10:34:20 AM5/8/17
to cas-...@apereo.org
Hi everyone I'n coming back to CAS after a long break and looking to implement CAS 5 in our environment but I need clarification on some properties.
I'm setting
cas.authn.ldap[0].type=AD
But I see two Properties that both seem to enable LPPE
cas.authn.ldap[0].usePasswordPolicy=true
cas.authn.ldap[0].passwordPolicy.enabled=true
Is there a reason it's enabled twice?
with the LPPE properties:
#Password Policy enforcement
cas.authn.ldap[0].passwordPolicy.enabled=true
cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
cas.authn.ldap[0].passwordPolicy.loginFailures=5
cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
cas.authn.ldap[0].passwordPolicy.warningAttributeName=
cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
cas.authn.ldap[0].passwordPolicy.warnAll=true
cas.authn.ldap[0].passwordPolicy.warningDays=300
cas.authn.ldap[0].passwordPolicy.url=https://password.conncoll.edu
I expected to see two attribute values, one for the attribute to check for password age and one to check for not displaying the warning (aka attribute that indicates an account's password doesn't expire) Taking a quick look at the code it looks like warningAttributeName is the attribute to check for not displaying a warning, what property sets the attribute to check for the password age?
Andrew Tillinghast
Sr. Web Developer
270 Mohegan Avenue
New London, CT 06320-4196
Ph:860 439-5265 Fax: 860 439-2871
P Think before you print
CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system.
CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system.
Rafa
Jun 19, 2017, 9:26:06 AM6/19/17
to CAS Community
Hi,
Did you manage to set up the password policy?
Did you manage to set up the password policy?
Andrew Tillinghast
Jun 19, 2017, 2:49:13 PM6/19/17
to cas-...@apereo.org
Sort of, the warnAll is not working but with the setting above if I lock or disable the account I get back that status.
On Mon, Jun 19, 2017 at 9:26 AM, Rafa <rafael....@beabloo.com> wrote:
Hi,
Did you manage to set up the password policy?
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9527ce9-6067-427f-8f6e-ffd93ac7346c%40apereo.org.
Reply all
Reply to author
Forward
0 new messages