Handling password workflow
45 views
Skip to first unread message
Richard Frovarp
Dec 10, 2018, 4:46:02 PM12/10/18
to CAS Community
So I'm trying to figure out the best way to handle this in CAS. Seems
like there are a couple of option that would work.
We want to expire out certain accounts. We plan to do this if the had a
hard password reset from the Help Desk. The user would then need to go
back into our password management system and change their password to
something only they know. We also may use it if we audit the sAM and
find known bad credentials.
We do AD / LDAP authentication. We would want to sent them over to our
account management system to change their password their. To get into
there, they need to auth via CAS. They may also need to MFA in CAS, and
then MFA again in the management application. Is there a good way to do
this with the password policy? My knowledge when it comes to that is
pretty much zero. How does the warning part works? Does the redirection
of the flow contain the CAS ticket? Does it happen post MFA?
The other idea we had was to use the AUP. We don't normally use it, so
it is available for use to use. We could trigger the AUP based off of
something in AD, and tell the user that they need to change their
credentials. That would allow them to finish the task they logged in with.
So it looks like there are a couple of options for notification to the
user and getting them over to another system. What isn't clear to me is
what the best path would be. Oh, we're on 5.1, but really should go to
5.3. So I'm looking for the modern options.
Thanks,
Richard
like there are a couple of option that would work.
We want to expire out certain accounts. We plan to do this if the had a
hard password reset from the Help Desk. The user would then need to go
back into our password management system and change their password to
something only they know. We also may use it if we audit the sAM and
find known bad credentials.
We do AD / LDAP authentication. We would want to sent them over to our
account management system to change their password their. To get into
there, they need to auth via CAS. They may also need to MFA in CAS, and
then MFA again in the management application. Is there a good way to do
this with the password policy? My knowledge when it comes to that is
pretty much zero. How does the warning part works? Does the redirection
of the flow contain the CAS ticket? Does it happen post MFA?
The other idea we had was to use the AUP. We don't normally use it, so
it is available for use to use. We could trigger the AUP based off of
something in AD, and tell the user that they need to change their
credentials. That would allow them to finish the task they logged in with.
So it looks like there are a couple of options for notification to the
user and getting them over to another system. What isn't clear to me is
what the best path would be. Oh, we're on 5.1, but really should go to
5.3. So I'm looking for the modern options.
Thanks,
Richard
Reply all
Reply to author
Forward
0 new messages