Hi Ben,
Thanks for your suggestion, but I have already tried it (and tried it
once again, now). The problem still exists. This property, IIUC, only
enables in-place password management and has nothing to do with the
missing message/view/flow.
In CAS v5.0.x the "same" configuration with the same OpenLDAP backend
worked as expected...
handleAuthenticationFailure, as you said, should handle
CredentialExpiredException and render the VIEW_ID_EXPIRED_PASSWORD
(casExpireedPassView) but I don't see that happening. Perhaps, when
reaching that point, CredentialExpiredException is "lost" and a generic
AuthenticationException is thrown...
Pavlos
On 08/06/2017 01:17 μμ, Ben Howell-Thomas wrote:
Have a look at :
cas.authn.pm.enabled=true
which I think you need to set.
Also login-webflow.xml has a handleAuthenticationFailure step which
handles all the different exceptions, including
CredentialExpiredException.
On 7 June 2017 at 13:54, Pavlos Drandakis <[email protected]
<mailto:[email protected]>> wrote:
Hello all,
I am trying to setup CAS 5.1 (using the maven overlay method) to
authenticate users against an OpenLDAP server. If user's password
is not
expired, everything works as expected. But, when user's password
expires,
all I get is the "Invalid credentials" error in login page instead
of the
password expired view.
This is what I have in cas.properties:
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com
<http://ldap.example.com>
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].baseDn=dc=example,dc=com
cas.authn.ldap[0].userFilter=uid={user}
cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com
cas.authn.ldap[0].bindCredential=secretpass
cas.authn.ldap[0].passwordPolicy.type=GENERIC
cas.authn.ldap[0].passwordPolicy.enabled=true
Am I missing something?
Thanks, in advance
Pavlos
P.S.: Relevant log entries:
2017-06-07 15:20:22,463 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Applying
password policy to
[[org.ldaptive.auth.AuthenticationResponse@1608121171::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE,
resolvedDn=uid=auser,ou=People,dc=example,dc=com,
ldapEntry=[dn=uid=auser,ou=People,dc=example,dc=com[]],
accountState=[org.ldaptive.auth.ext.PasswordPolicyAccountState@1354577001::accountWarnings=null,
accountErrors=[PASSWORD_EXPIRED]], result=false,
resultCode=INVALID_CREDENTIALS,
message=javax.naming.AuthenticationException: [LDAP: error code 49 -
Invalid Credentials],
controls=[[org.ldaptive.control.PasswordPolicyControl@655105816::criticality=false,
timeBeforeExpiration=0, graceAuthNsRemaining=0,
error=PASSWORD_EXPIRED]]]]>
2017-06-07 15:20:22,464 DEBUG
[org.apereo.cas.authentication.support.DefaultAccountStateHandler] -
<Handling error [PASSWORD_EXPIRED]>
2017-06-07 15:20:22,465 INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<[LdapAuthenticationHandler] failed authenticating [auser]>
2017-06-07 15:20:22,465 DEBUG
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<[LdapAuthenticationHandler] exception details: [null]>
2017-06-07 15:20:22,468 WARN
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<Authentication has failed. Credentials may be incorrect or CAS cannot
find authentication handler that supports [auser] of type
[UsernamePasswordCredential], which suggests a configuration problem.>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html
<https://apereo.github.io/cas/Mailing-Lists.html>
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected]
<mailto:cas-user%[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d41c5617c375b7ada108bf29380118d6.squirrel%40webmail01.edunet.gr
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/d41c5617c375b7ada108bf29380118d6.squirrel%40webmail01.edunet.gr>.
This email is sent on behalf of Northgate Public Services (UK) Limited
and its associated companies including Rave Technologies (India) Pvt
Limited (together "Northgate Public Services") and is strictly
confidential and intended solely for the addressee(s).
If you are not the intended recipient of this email you must: (i) not
disclose, copy or distribute its contents to any other person nor use
its contents in any way or you may be acting unlawfully; (ii) contact
Northgate Public Services immediately on +44(0)1908 264500 quoting the
name of the sender and the addressee then delete it from your system.
Northgate Public Services has taken reasonable precautions to ensure
that no viruses are contained in this email, but does not accept any
responsibility once this email has been transmitted. You should scan
attachments (if any) for viruses.
Northgate Public Services (UK) Limited, registered in England and
Wales under number 00968498 with a registered address of
Peoplebuilding 2, Peoplebuilding Estate, Maylands Avenue, Hemel
Hempstead, Hertfordshire, HP2 4NN. Rave Technologies (India) Pvt
Limited, registered in India under number 117068 with a registered
address of 2nd Floor, Ballard House, Adi Marzban Marg, Ballard Estate,
Mumbai, Maharashtra, India, 400001.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8pvJ6UDtkeEzwryQbr%3DnDmT1Ca78vEq3b6qX1Uq5B%2BD8Gg%40mail.gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8pvJ6UDtkeEzwryQbr%3DnDmT1Ca78vEq3b6qX1Uq5B%2BD8Gg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe654566-5e31-fac1-b38f-4fef889e911d%40noc.edunet.gr.
