Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By default when a user's password or account is locked you will just get a password incorrect error, even if your password is correct. That is very frustrating for the end user.
On this page it will be shown how you can show the message that the account is locked, ...

The original documentation for this is available at https://wiki.shibboleth.net/confluence/display/IDP4/LDAPAuthnConfiguration#LDAPAuthnConfiguration-AddmissingActiveDirectoryaccountstateerrors


Inside the file `conf/authn/password-authn-config.xml` you will have to add this

Code Block
languagexml
titleconf/authn/password-authn-config.xml
    <util:map id="shibboleth.authn.Password.ClassifiedMessageMap">
        <!-- ... THERE MIGHT BE MORE IN HERE -->
        <entry key="AccountDisabled">
         <list>
             <value>ACCOUNT_DISABLED</value>
             <value>533</value>
         </list>
        </entry>
        <entry key="AccountExpired">
            <list>
                <value>ACCOUNT_EXPIRED</value>
                <value>701</value>
            </list>
        </entry>
        <entry key="AccountLocked">
            <list>
                <value>AccountLocked</value>
                <value>Clients credentials have been revoked</value>
                <value>775</value>
            </list>
        </entry>
        <entry key="ChangePassword">
            <list>
                <value>PASSWORD_EXPIRED</value>
                <value>PASSWORD_MUST_CHANGE</value>
                <value>532</value>
                <value>773</value>
            </list>
        </entry>
        <!-- ... THERE MIGHT BE MORE IN HERE -->
    </util:map>


For the translations messages edit your `messages_LOCALE.properties` file like this

Code Block
firstlineAccountDisabled = Test123 AccountExpired = account-expired AccountLocked = account-locked ChangePassword = change-password account-disabled.message = Your account is disabled. Contact <a href="https://iswleuven.be">ISW</a> for more info. account-expired.message = Your account has expired. You will need to login on our website via UCLL. If you are not a student (anymore), please contact <a href="https://iswleuven.be">ISW</a> for more info. account-locked.message = Your account is locked. You or someone else may have made too many login attempts to this account. change-password.message = You must change your password before authenticating here. More info at <a href="https://acm.iswleuven.be/auth/password/reset">https://acm.iswleuven.be/auth/password/reset</a>.
titlemessages/messages_LOCALE.properties
AccountDisabled = account-disabled
AccountExpired = account-expired
AccountLocked = account-locked
ChangePassword = change-password

account-disabled.message = Your account is disabled. Contact <a href="https://iswleuven.be">ISW</a> for more info.
account-expired.message = Your account has expired. You will need to login on our website via UCLL. If you are not a student (anymore), please contact <a href="https://iswleuven.be">ISW</a> for more info.
account-locked.message = Your account is locked. You or someone else may have made too many login attempts to this account.
change-password.message = You must change your password before authenticating here. More info at <a href="https://acm.iswleuven.be/auth/password/reset">https://acm.iswleuven.be/auth/password/reset</a>.