At approximately noon today, 8/12/18, IT began receiving reports of SSO errors when attempting to access some applications. After investigation, it was found this was due to an issue with system time of ADFS being off by about a minute with CAS. Tolerance was set to 10s, so connections we’re being refused. Tolerance has been increased to allow connections to flow again.
Impact: Users would have been unable to access many applications which are serviced by SSO, such as MUOnline, CashTrax, and library databases.
The IT Infrastructure Systems team has made changes to the account/password policy portion of our Default Domain Policy. The new password policy is now:
5 passwords remembered
Minimum password age is 5 days
Minimum password length is 8 characters
Password complexity is now enabled
Account lockout duration is 10 minutes
Account lockout threshold is 10 invalid logon attempts
Lockout counter is reset after 10 minutes