Developer forum

Forum » CMS - Standard features » External Authentication Providers and password expiry

External Authentication Providers and password expiry

E-mail notifications
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Reply
Posted on 22/04/2021 00:05:19

Hello,

We are using OKTA on some sites for the external authentication provider. We just had some of our users get locked out due to their password expirying (expires=true was appended to the URL). However, they have been active on the site so it shouldn't lock them out.

The problem was that AccessUser.AccessUserPasswordDate was still at a date from 90 days ago when their account was created. The password policy is for 90 day.

It appears that AccessuserPasswordDate isn't updated when someone logs in through an external provider. However, I would take it a step further and say that external logins should skip the check for their password expiring, so that the external login provider is used instead.

The code to do that is in LogOnHandler. You can search for &expires=true to find the section where this is occuring. Skipping that check there should give this a good solution. 

Would you agree? In the meantime I've reset the PasswordDate to today's date which buys me 3 months.

Thanks!

Scott


Replies

 
Oleg Rodionov Dynamicweb Employee
Oleg Rodionov
Posted on 23/04/2021 01:28:26
Reply

Hi Scott,

I've submitted DevOps Feature 1881 to implement new behavior per your suggestion. Thanks

BR, Oleg QA 

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 23/04/2021 06:37:16
Reply

Thanks Oleg!

Scott

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 15/06/2021 22:57:27
Reply

Hi Oleg,

I'm checking in to see what was decided about this. Our customer is reaching their 180 days already so we need to decide on next steps.

Thanks,

Scott

 
Oleg Rodionov Dynamicweb Employee
Oleg Rodionov
Posted on 17/06/2021 00:57:45
Reply

Hi Scott,

1886 is under developing nowadays, I hope it will be fixed in upcoming DW release. Sorry, for inconvenience.

BR, Oleg QA

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 17/06/2021 06:02:51
Reply

Thanks Oleg. I appreciate you making that happen.

 
Kristian Kirkholt Dynamicweb Employee
Kristian Kirkholt
Posted on 29/06/2021 15:28:00
Reply

Hi Scott

Waiting is over. Feature #1881 has been implemented in Dynamicweb version 9.10.12

Download section: https://doc.dynamicweb.com/downloads/releases

Kind Regards
Dynamicweb Sipport
Kristian Kirkholt

 
Scott Forsyth Dynamicweb Employee
Scott Forsyth
Posted on 31/08/2021 22:20:26
Reply

Hi Kristian,

I meant to reply to this earlier. Thanks for this!

Scott

 

You must be logged in to post in the forum