Thanks Jon
Here is the working code I came up with to force redirect from an InfoMap the user if his password is older than a certain threshold (ttl) value in days:
function generalizedTime2iso(gt)
{
// For reference iso format: "2011-10-05T14:48:00.000Z";
return gt.substr(0,4) + "-" + gt.substr(4,2) + "-" + gt.substr(6,2) + "T" + gt.substr(8,2) + ":" + gt.substr(10,2) + ":" + gt.substr(12,2);
}
var last_pwd_changed_iso = generalizedTime2iso(last_pwd_changed);
var last_pwd_changed_ephoc = new Date(last_pwd_changed_iso).valueOf();
var now_ephoc = new Date().valueOf();
let last_pwd_changed_threshold = now_ephoc - Number(profile_management_ttl) * 86400;
if (last_pwd_changed_threshold > last_pwd_changed_ephoc)
{
context.set(Scope.SESSION, "urn:ibm:security:asf:response:token:attributes", "itfim_override_targeturl_attr", profile_management_url);
}
Some ref on this subject:
https://philipnye.com/2017/12/14/redirect-after-login-from-infomap-or-authsvc-policy/Thanks
------------------------------
Sylvain Gilbert
------------------------------
Original Message:
Sent: Mon May 10, 2021 06:27 AM
From: Jon Harry
Subject: GeneralizedTime to Ephoc time format conversion in InfoMap
Hi Sylvain,
Looking at JavaScript, it seems there is a built-in Date class which can accept ISO8601 time format in constructor.
ISO8601 is similar to LDAP Generalized time except that it includes some separators.
It also has a valueOf() function that will return the epoch version.
I built this test code (only tested in Node.js - hopefully it can work in Verify Access):
//For reference: "2011-10-05T14:48:00.000Z";var gt = "20210414110900.0Z";var iso = gt.substr(0,4) + "-" + gt.substr(4,2) + "-" + gt.substr(6,2) + "T" + gt.substr(8,2) + ":" + gt.substr(10,2) + ":" + gt.substr(12);console.log(iso);var date = new Date(iso);console.log(date);console.log(date.valueOf());
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
Original Message:
Sent: Fri May 07, 2021 09:05 AM
From: Sylvain Gilbert
Subject: GeneralizedTime to Ephoc time format conversion in InfoMap
Hi
In ISAM LDAP schema, the SecUser's secPwdLastChanged attribute is formatted in the "Generalized Time" format.
V3.ibm.at:attributetypes=( 1.3.6.1.4.1.4228.1.19 NAME 'secPwdLastChanged' DESC 'secPwdLastChanged' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 USAGE userApplications )
I need to convert this value to an Ephoc time format to allow for trivial time comparison.
Would anyone know if the Appliance comes pre-equipped with any such JS helper method somewhere or mind sharing code snippets ?
My intent is from an InfoMap to determine the last time an authenticated user changed his/her password (var last_pwd_changed = user.getAttribute("secPwdLastChanged"); ) and take some arbitrary action.
Thanks
------------------------------
Sylvain Gilbert
------------------------------