This was floating around at Aruba just today. :)
I haven't tried either so you will need to test...
So the original qestions the SE was asking is " A school wants to expire all students certs at the end of the year on Dec 24"
You could in fact expire all Onboard certificates on a specific date - the way to do it would be to calculate the appropriate timeout value in the Onboard authorization policy, and return it as the Session-Timeout attribute.
This value would be: (desired expiration time MINUS the current time in seconds).
Something like the following SQL should do the trick:
# select FLOOR(EXTRACT(EPOCH FROM '2014-12-23T00:00:00' - NOW())) AS session_timeout;
session_timeout
-----------------
15149339
(1 row)
You can edit the highlighted date to whatever you like...
OR a more advance way....
You could write this SQL instead if you want certificates to last until the next 23 December. Who wants to have to reconfigure this stuff on Christmas Day?!
To use a different date in the year, change the month (yellow) and day (green) in the following SQL:
SELECT FLOOR(EXTRACT(EPOCH FROM (((EXTRACT(MONTH FROM NOW()) >= 12 AND EXTRACT(DAY FROM NOW()) >= 23)::INT + EXTRACT(YEAR FROM NOW())) || '-12-23')::TIMESTAMP - NOW())) AS session_timeout;
How this works:
- If the current date is before December 23 then use the current year;
- Otherwise, use the next year;
- Compute the difference between the specified year's date of December 23 and the current time [this will always be positive];
- Return the answer in seconds.
So on December 22 you will get a certificate lifetime less than 1 day ... On December 24 you will get a certificate lifetime of 364.something days.
Just for completeness, the certificate will expire around midnight on the specified day. If you want to choose a particular time during the day then append it after the -12-23 part, e.g. '-12-23T12:00' for noon. (For complete correctness you should also update the condition to check for times after midnight and before the specified expiration time ... but this is left as an exercise for the interested reader!)
Or