Class FreeIPAAuthenticationResponseHandler

  • All Implemented Interfaces:
    AuthenticationResponseHandler

    public class FreeIPAAuthenticationResponseHandler
    extends Object
    implements AuthenticationResponseHandler
    Attempts to parse the authentication response and set the account state using data associated with FreeIPA. The Authenticator should be configured to return 'krbPasswordExpiration', 'krbLoginFailedCount' and 'krbLastPwdChange' attributes, so they can be consumed by this handler.
    • Field Detail

      • ATTRIBUTES

        public static final String[] ATTRIBUTES
        Attributes needed to enforce password policy.
      • logger

        protected final Logger logger
        Logger for this class.
      • expirationPeriod

        private Period expirationPeriod
        Amount of time since a password was set until it will expire. Used if krbPasswordExpiration cannot be read.
      • warningPeriod

        private Period warningPeriod
        Amount of time before expiration to produce a warning.
      • maxLoginFailures

        private int maxLoginFailures
        Maximum number of login failures to allow.
    • Constructor Detail

      • FreeIPAAuthenticationResponseHandler

        public FreeIPAAuthenticationResponseHandler()
        Default constructor.
      • FreeIPAAuthenticationResponseHandler

        public FreeIPAAuthenticationResponseHandler​(Period warning,
                                                    int loginFailures)
        Creates a new freeipa authentication response handler.
        Parameters:
        warning - length of time before expiration that should produce a warning
        loginFailures - number of login failures to allow
      • FreeIPAAuthenticationResponseHandler

        public FreeIPAAuthenticationResponseHandler​(Period expiration,
                                                    Period warning,
                                                    int loginFailures)
        Creates a new freeipa authentication response handler.
        Parameters:
        expiration - length of time that a password is valid
        warning - length of time before expiration that should produce a warning
        loginFailures - number of login failures to allow
    • Method Detail

      • getMaxLoginFailures

        public int getMaxLoginFailures()
        Returns the maximum login failures.
        Returns:
        maximum login failures before lockout.
      • setMaxLoginFailures

        public void setMaxLoginFailures​(int loginFailures)
        Sets the maximum login failures.
        Parameters:
        loginFailures - before lockout.
      • getExpirationPeriod

        public Period getExpirationPeriod()
        Returns the amount of time since a password was set until it will expire. Only used if the krbPasswordExpiration attribute cannot be read from the directory.
        Returns:
        expiration period
      • setExpirationPeriod

        public void setExpirationPeriod​(Period period)
        Sets the amount of time since a password was set until it will expire. Only used if the krbPasswordExpiration attribute cannot be read from the directory.
        Parameters:
        period - expiration period
      • getWarningPeriod

        public Period getWarningPeriod()
        Returns the amount of time before expiration to produce a warning.
        Returns:
        warning period
      • setWarningPeriod

        public void setWarningPeriod​(Period period)
        Sets the amount of time before expiration to produce a warning.
        Parameters:
        period - warning period