Highlighted
jlrodriguez Super Contributor.
Super Contributor.
356 views

Identity Server login page and password expiration time

Hi,
We want to customize the IDS login page to add a check to verify if the user password is near to expiration. One option would be to read the pwdExpirationTime attribute through LDAP, but I’d like to know if is there a better way to do it.
Now, we have the check to forward the user to SSPR if the password is expired. We want something similar but to show the user a message letting him know his password is expiring in 15 days (for instance).

Any idea?

Regards
José Luis
0 Likes
2 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Identity Server login page and password expiration time

On 28-03-2019 8:44 PM, jlrodriguez wrote:
>
> Hi,
> We want to customize the IDS login page to add a check to verify if the
> user password is near to expiration. One option would be to read the
> pwdExpirationTime attribute through LDAP, but I�d like to know if is
> there a better way to do it.
> Now, we have the check to forward the user to SSPR if the password is
> expired. We want something similar but to show the user a message
> letting him know his password is expiring in 15 days (for instance).


Not easy to do due to security reasons to be honest. The only idea that comes to mind is to build a custom class and add it as a second method in the
contract you are using. This class would look up the user and read the expiration time and its within 15 days, show a page to inform the user.


--
Cheers,
Edward
0 Likes
slongholio Absent Member.
Absent Member.

Re: Identity Server login page and password expiration time

Found this becuase I had the same question.

To the OP, I found this in my searches, https://www.novell.com/coolsolutions/tools/14772.html

We've added an app that users authenticate via SAML and their workstations are not part of our domain (mergers and acquisitions), so there isn't anything telling them their password will expire soon. Would be nice if they would be notified after they authenticate, via popup with a link to SSPR or skip, and when it is fully expired, force them to SSPR.

But was wondering why it is a security issue as well.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.