Hi Igor,
This is not built-in functionality but could be done with some configuration and/or customization:
During authentication it is possible to pull attributes from the users LDAP record. If you can identify a "password last changed" attribute you could have this retrieved and added to user credential at login time (using TAM_CRED_ATTRS_SVC configuration). Once you have the value in the credential you can pass it in HTTP header to the backend (using http-tag-value function). This wouldn't be a "date of upcoming change" it would be "last changed" (but your app could work out the date of next change based on this and max password lifetime in your system).
If your backend application must have the password date in some specific form, you could build this into the credential at login time using a custom AAC authentication policy. This would allow you to connect to LDAP and pull the password last changed date... and then you could do custom coding in a JavaScript mechanism to convert to the change date that you need. Again, this would go into the credential which could then be passed to backend in HTTP header.
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Fri November 13, 2020 02:31 AM
From: Igor Vinogradov
Subject: ISAM 9.0 and date of the upcoming password change
Hi сommunity,
Is it possible in ISAM 9.0 to add the date of the upcoming password change to the headers of requests that are sent to the junctioned servers?
------------------------------
Igor Vinogradov
------------------------------