Hello everyone,
I wrote a custom auth scheme which, in addition to verifying the password, also verifies a second attribute. I concatenate the value of the second attribute with the password using a **** character as a separator
This method work well.
I have use java auth api. I check also disabled status for disabled user, expired password, ecc.. and return correct value for example
- return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT, SmAuthenticationResult.REASON_PW_EXPIRED)
or
- return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT, SmAuthenticationResult.REASON_PW_MUST_CHANGE)
If I try to login with a user who has the disabled status at 16777216 I am correctly redirected to smpwservices.fcc with correct reason.
But if I try to change passwod it does not work! I will redirect on login page.
This doesn't happen if I use form authentication. In both cases the same user directory is used (it is an LDAP, ca directory)
Where am I doing wrong ?
Is it possible that smpwservices.fcc call my library and that the authentication fails because the second factor is not passed to my library ?
Any other ideas ?
Thanks in advance
Marco