One of the biggest questions question with PortalGuard is what to use for the authentication store. Easiest for me would have been either the Luminis OpenDJ or Microsoft Active Directory. One of the things to consider is the flow. At the college that I work at, Banner is considered the gold standard. What this means is that if there is any conflict, Banner wins.
In spite of efforts to keep data clean, it is difficult not to have many data stores. Just to name a few, we deal with Banner, Active Directory, Luminis 5 and Canvas. This is is not all-inclusive. Keeping them in sync is not always straightforward as one wants.
Also, one goal is to allow people to log in directly to Banner Self Service without single sign in. Currently, we are not using LDAP but the third party table GOBTPAC. The PIN is an SSHA1 hash, and the HASH value is also on the table. I used this kludgy python script to prove that the workings of the hash in Banner were what I thought it was.
I created a view that only had the gobtpac_pidm, gobtpac_external_user, gobtpac_pin, gobtpac_hash. This allowed me to authenticate against banner.
Changing the password is not too hard. Portalguard will permit you to connect to an Oracle stored procedure. Banner has an API to change passwords in the GOBTPAC third party table.
This post is not complete. I will update it Monday or Tuesday.