[keycloak-dev] Require password change on login when AD is the federation provider and pwdLastSet equals 0
Bill Burke
bburke at redhat.com
Mon Sep 14 11:16:41 EDT 2015
You should be able to do this in 1.5. You'd write an authenticator that
checks this attribute, if 0, then set the update password required action.
On 9/14/2015 10:05 AM, Cory Snyder wrote:
> With Active Directory, a user is required to change their password on
> next login if the pwdLastSet attribute on their account is set to zero.
> It would be nice to redirect the user to a form where they can change
> their password if they try to login under this scenario. On Keycloak 1.4
> it seems that the application currently just displays a login error when
> this is the case. Any thoughts on this or can I go ahead and create an
> issue and try to implement this change?
>
> Thanks,
>
> Cory Snyder
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list