Closed toco-cam closed 1 year ago
@tassilo can you please validate the scope and confirm the effort.
@felix-mueller this use case should be considered in C8, too - please have a look.
The hard part here is probably setting up Active Directory and ensuring that the outlined solution works:
ProcessEnginePlugin
that registers an ExceptionCodeProvider
javax.naming.AuthenticationException
is thrown by the LDAP identity plugin and the exception message contains error 773
, a custom error code is returneduserlib
folder of Camunda RunA frontend extension point on the login page that has access to the error response of the login request; this is an effort S
topic
@toco-cam, changed the effort to m
since Microsoft Active Directory brings quite some complexity into this. We could reduce the effort again when we tried that an ExceptionCodeProvider
run against Active Directory works as expected.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 773, v4563 ]
. The LDAP error code is 49
(invalid credentials). The AD error is 773
(ERROR_PASSWORD_MUST_CHANGE).ProcessEngineException
s, checks the following:
javax.naming.AuthenticationException
.LDAP: error code 49
.data 773
.ExceptionCodeProvider
returns a custom error code (e.g. 22_222
).I moved the example to the camunda-consulting organization into our camunda-7-example repository: https://github.com/camunda-consulting/camunda-7-code-examples/tree/main/snippets/ldap-change-password.
The customer ticket is updated.
User Story (Required on creation)
Functional Requirements (Required before implementation)
Breakdown
Hints
Links