Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1724

Maximum Unchanged Password Days configuration is not respected by the Applications

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 2.0.4
    • 2.0.1
    • None
    • None
    • Tested with JIRA 4.0

      Maximum Unchanged Password Days (Internal Directory) configuration is not respected by the Applications, only by the Crowd console.

      If the password is expired, Crowd still allow users to authenticate to the Applications.

            [CWD-1724] Maximum Unchanged Password Days configuration is not respected by the Applications

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1509309 ] New: JAC Bug Workflow v3 [ 3364496 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1391085 ] New: Simplified Crowd Development Workflow v2 - restricted [ 1509309 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 271937 ] New: Simplified Crowd Development Workflow v2 [ 1391085 ]
            jawong.adm made changes -
            Workflow Original: JIRA Bug Workflow v2 [ 185459 ] New: Crowd Development Workflow v2 [ 271937 ]
            Peggy made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
            Peggy made changes -
            Status Original: Open [ 1 ] New: In Progress [ 3 ]
            Peggy made changes -
            Assignee New: Peggy [ pkuo ]
            David O'Flynn [Atlassian] made changes -
            Fix Version/s New: 2.0.4 [ 15040 ]

            This is not a minor bug, it is at least a critical bug. You allow users to log in with a password that is not valid any more! When our security-officer gets info about this he will request to shut down Crowd and replace it by an other software.
            When the JIRA-Stack is not able to handle "maximum unchanged days" crowd should not tell JIRA that the incredenials are valid.
            Fix this immediate please!

            Wolfgang Fellner added a comment - This is not a minor bug, it is at least a critical bug. You allow users to log in with a password that is not valid any more! When our security-officer gets info about this he will request to shut down Crowd and replace it by an other software. When the JIRA-Stack is not able to handle "maximum unchanged days" crowd should not tell JIRA that the incredenials are valid. Fix this immediate please!

            Hi Richard,

            It is strange. The reason is partly historic: JIRA has a completely different user management stack, and there's no way for Crowd to communicate concepts like "maximum unchanged days" to it.

            We're currently working to replace the JIRA stack with one derived from Crowd. This is a mammoth undertaking, but when we're done it'll allow us to fix issues like this.

            Cheers,
            Dave.
            Integration Product Manager.

            David O'Flynn [Atlassian] added a comment - Hi Richard, It is strange. The reason is partly historic: JIRA has a completely different user management stack, and there's no way for Crowd to communicate concepts like "maximum unchanged days" to it. We're currently working to replace the JIRA stack with one derived from Crowd. This is a mammoth undertaking, but when we're done it'll allow us to fix issues like this. Cheers, Dave. Integration Product Manager.

              pkuo Peggy
              rbattaglin Renan Battaglin
              Affected customers:
              3 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: