[Active Directory] Token expiration

Forge Component
(14)
Published on 20 May by Renato Pauleta
14 votes
Published on 20 May by Renato Pauleta

Hi,

Cenario: 

The user authenticates with windows credentials and then check which role if the user has or not that role. And the action AD_GroupCheckUserExists needs a token.

Problem
The token expire(which is a good thing security wise), but i need to "update" the token manualy every week or so.

Question:

Is there any option for using the user that is already autenticated to get his roles?

Or
Is possible to have a process that runs every week to generate a new token?

Thanks

Solution

Hi Jorge,

By tokens you mean the tokens used in the AD configuration screens? Those tokens don't have expiration, they do represent a connection to the AD with optional credentials (depending if your connection requires an authenticated user to access the AD contents). If your tokens have a domain username and password and that password expires weekly then it's a different mater and you do need to update the token information.

You don't need to use these screens. You can create your own way of updating the ADAccess table and create your own mechanisms to generate and control your tokens and accesses.


The authenticated user might not have access to search the AD and you'd have to generate a new token when the user logs in with the user's credentials and then destroy the token when the user logs out or loses the session.


When you mention get the user's roles you mean the groups is in? If yes, then I would use the AD_UserGetGroups.


I hope I've helped a bit. 

Solution

Hi Renato,

Yes you give me some ideas how to solve it.

Thanks for the help