Custom STS and expired password via WS-Trust scenario
https://stackoverflow.com/questions/12731328
-
05-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Are there any guidelines or best practices for handling expired passwords for scenario with active clients via WS-Trust?
For now I have couple of ideas, but can't find any info about it:
1. Issue special token, so client can determine, that is should show change password notification.
2. Throw specific exception.
Maybe I am missing something in WS-Trust standard?
Im using WIF built-in implementation, so it is 1.3 version of standard with parts of 1.4. Thanks a lot in advance.
Solution
WS-Trust 1.3 and 1.4 uses SOAP Fault mechanism. There are a handfull of faultcodes specified in the standard.
You can use wst:FailedAuthentication SOAP Fault code and provide second-level detail fields to explain password expired situation, but you should be careful not to introduce security vulnerabilities when doing so (e.g., by providing too detailed information).
