I had installed Ipsilon with --ipa. The IPA admin user password had expired and needed to be reset but all I got from Ipsilon was an authentication failure.
That's a good start! I'm not sure if it is also getting the password expiration information as well. If it is it would be nice to display it.
milestone: => Backlog
related to #55
milestone: Backlog => 1.1
owner: => rcritten
status: new => accepted
This is easy to reproduce with IPA as the identity backend since it starts with expired passwords:
$ ipa user-add --first=Ted --last=User tuser1 --password
Set the password to something memorable.
Now try to log into Ipsilon using the auth form. The password starts as expired in IPA so will be rejected. You should see a PAM error that the auth token is expired.
patch_available: 0 => 1
resolution: => fixed
status: accepted => closed
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1245445 (Red Hat Enterprise Linux 7)
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1245445 1245445]
The message is still lost if you log in via an SP. I guess I tested direct IdP logins.
milestone: 1.1 =>
resolution: fixed =>
status: closed => reopened
milestone: => 1.2
status: reopened => accepted
Fix for propogating error messages back to SP via the transaction store
Handle error messages for SP login as well.
Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: 1.2
to comment on this ticket.