Re: [Bodington-developers] Bodington with SP and IdP - SSO and v2.6

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Alistair Young wrote:
> IdP/SP don't have anything at all to do with bod passwords. If you're
> using a bod authenticator that authenticates outwith bodington then you'll
> have the problem of changing passwords. Whether it's ldap/webauth/windows.
> 
> To sort it, somehow tie the authenticator to the change password
> functionality, i.e. ldap would disable it entirely.

I think this is what we are talking about. Some Authenticators would 
want to disable the changing of passwords (WebAuth, Shibb SP, etc).

> Even if you login with a windows username/password (though I don't think
> you can - bod can't authenticate to windows) you still can't change that
> password in bod.

Yep, so the Windows password authenticator should return false from 
isPasswordChangable() and the template should display differently as a 
result.

> If bod becomes part of a larger SSO solution, such as ldap or webauth then
> it's password changing functionality should be disabled.
> 
> Now we're on the subject I think it's time bod stopped storing passwords
> in plain text.
> 

Indeed. I had a quick look at this a little while ago and I think I have 
a patch hanging around somewhere which was a half hack at this. It 
wasn't as easy as I had hoped as the API was a bit muddled but I'll try 
and dig it out clean it up and send it to the list.

-- 
+--Matthew Buckett-----------------------------------------+
| VLE Developer, Learning Technologies Group               |
| Tel: +44 (0) 1865 283660 http://www.oucs.ox.ac.uk/       |
+------------Computing Services, University of Oxford------+