djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update site/content/posts/2022-01-18-idp-refresh-tls-ciphers-for-compliance.md

Browse Source 
Co-authored-by: Margo Crawford <margaretmcrawf@gmail.com>
This commit is contained in:
anjalitelang 2022-01-21 16:16:38 -05:00 committed by GitHub
parent 902802d4ed
commit 68af9e47d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
site/content/posts/2022-01-18-idp-refresh-tls-ciphers-for-compliance.md
View File

@ -75,7 +75,7 @@ If your access tokens have a lifetime shorter than 3 hours, Pinniped will issue
### What about LDAP / Active Directory IDP changes?
LDAP does not have a concept of sessions or refresh tokens. Hence we run LDAP queries against the LDAP or AD IDP to approximate a refresh. For LDAP, we validate if the LDAP entry still exists with no changes to Pinniped UID and username fields. For AD, we validate the same LDAP checks and we also validate the user's password has not changed since the original login and their account is not locked or disabled.
LDAP does not have a concept of sessions or refresh tokens. Hence we run LDAP queries against the LDAP or AD IDP to approximate a refresh. For LDAP, we validate if the LDAP entry still exists with no changes to Pinniped UID and username fields. For AD, we validate the same LDAP checks and we also validate that the user's password has not changed since the original login (note that we only store the time that the password was last changed, not the password itself) and their account is not locked or disabled.
## Secure TLS ciphers