Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13730

Passthrough Authentication does not honor PasswordExpiredException

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 6.5.0
    • Fix Version/s: None
    • Labels:
    • Environment:
      IdM OOTB with passthrough authentication against LDAP with behera-support for password policy. Password policy is configured with force-change-on-add set to be True.
    • Target Version/s:
    • Story Points:
      3
    • Sprint:
      2020.03 - IDM
    • Support Ticket IDs:
    • Zendesk ID:
      39990

      Description

      Under the described conditions, adding a user into the LDAP server results in the inability for the user to log into IdM because of the PasswordExpiredException from LDAP connector, which is not handled correctly. 

       

      Additional info from Gael:
      Gael Allioux _ 17:24
       
      _@here Question about how PASSTHROUGH module works.... My understanding is that it calls ICF authenticate() method.
      This method returns the id of the user if auth is successful and will throw some exception if it fails.
      In the case of LDAP passthrough auth, one of these exceptions can  be a PasswordExpiredException.
      One would expect some redirect link in UI to password reset. But it seems that this is not handled and treated as an error by IDM.
      Can someone confirm this is how it works?_

        Attachments

          Activity

            People

            • Assignee:
              alin Alin Brici
              Reporter:
              andre.posner Andre Posner
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: