000022330 - From a server side hook  how to check that the authenticated user's password is not expired and that their account is not locked out

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022330
Applies ToRSA ClearTrust 5.5.x Server Side Hooks
IssueFrom a server side hook, how to check that the authenticated user's password is not expired and that their account is not locked out
ResolutionThere are 2 options depending on whether or not the user's password is available within the server side hook:

1. If the password is available, the code can simply call the authenticate( ) method of the RuntimeAPI object to authenticate the user. The method returns a map containing a ResultConstant specifying the result of the attempt to authenticate; if the user's password is expired, or the account has been administratively locked, the value for the key ResultConstant.AUTHENTICATION_RESULT will be either ResultConstant.EXPIRED_PASSWORD or ResultConstant.ADMIN_LOCKOUT, respectively. See the Javadoc for the RuntimeAPI interface in the RSA ClearTrust Developer's Guide for more details.

2.
If the user's password is not available, the Administrative API can be used. The IUser interface has the methods getPasswordExpirationDate( ) and isAdminLockedout( ). getPasswordExpirationDate( ) returns a java.util.Date object that can be compared to the current date; isAdminLockedout( ) returns a boolean indicating whether or not the account has been administratively locked. See the Javadoc for the IUser interface in the RSA ClearTrust Developer's Guide for more details.
Legacy Article IDa27924

Attachments

    Outcomes