Thanks again Pavlos :) On 24 June 2017 at 07:43, Pavlos Drandakis <[email protected]> wrote:
> Hello all, > > just for future reference... > > PPolicy issues are now fixed in v5.1.1. There is no need to add anything > in the login-webflow.xml... > Pavlos > > > On 22/06/2017 08:31 μμ, Pavlos Drandakis wrote: > > Hi Ben, > > No, I hadn't, but I just did it: https://github.com/apereo/cas/issues/2703 > Cheers, > Pavlos > > On 22/06/2017 06:43 μμ, Ben Howell-Thomas wrote: > > Regarding : > > Eventually, everything seems to work ok, after adding in login-webflow.xml >> the following (which is present in CAS v5.0.x but not in CAS v5.1.0): >> <action-state id="handleAuthenticationFailure"> >> <evaluate expression="authenticationExceptionHandler.handle( >> currentEvent.attributes.error, messageContext)"/> >> <transition on="AccountDisabledException" >> to="casAccountDisabledView"/> >> <transition on="AccountLockedException" >> to="casAccountLockedView"/> >> <transition on="CredentialExpiredException" >> to="casExpiredPassView"/> >> <transition on="AccountPasswordMustChangeException" >> to="casMustChangePassView"/> >> <transition on="InvalidLoginLocationException" >> to="casBadWorkstationView"/> >> <transition on="InvalidLoginTimeException" to="casBadHoursView"/> >> <transition on="FailedLoginException" to="initializeLoginForm"/> >> <transition on="AccountNotFoundException" >> to="initializeLoginForm"/> >> <transition on="UnauthorizedServiceForPrincipalException" >> to="initializeLoginForm" /> >> <transition on="UnsatisfiedAuthenticationPolicyException" >> to="initializeLoginForm"/> >> <transition on="UnauthorizedAuthenticationException" to=" >> casAuthenticationBlockedView"/> >> <transition to="initializeLoginForm"/> >> </action-state> >> I don't know if it is the right way, but it seems to work... > > > Have you reported it as a bug or anything already? > > It looks like the above states are being set up by > DefaultWebflowConfigurer.createHandleAuthenticationFailureAction() but > they aren't having any effect. > > (Also, thanks for the workaround :) > > On 17 June 2017 at 17:14, Pavlos Drandakis <[email protected]> wrote: > >> Eventually, everything seems to work ok, after adding in >> login-webflow.xml the following (which is present in CAS v5.0.x but not in >> CAS v5.1.0): >> >> <action-state id="handleAuthenticationFailure"> >> <evaluate >> expression="authenticationExceptionHandler.handle(currentEvent.attributes.error, >> messageContext)"/> >> <transition on="AccountDisabledException" >> to="casAccountDisabledView"/> >> <transition on="AccountLockedException" >> to="casAccountLockedView"/> >> <transition on="CredentialExpiredException" >> to="casExpiredPassView"/> >> <transition on="AccountPasswordMustChangeException" >> to="casMustChangePassView"/> >> <transition on="InvalidLoginLocationException" >> to="casBadWorkstationView"/> >> <transition on="InvalidLoginTimeException" to="casBadHoursView"/> >> <transition on="FailedLoginException" to="initializeLoginForm"/> >> <transition on="AccountNotFoundException" >> to="initializeLoginForm"/> >> <transition on="UnauthorizedServiceForPrincipalException" >> to="initializeLoginForm" /> >> <transition on="UnsatisfiedAuthenticationPolicyException" >> to="initializeLoginForm"/> >> <transition on="UnauthorizedAuthenticationException" >> to="casAuthenticationBlockedView"/> >> <transition to="initializeLoginForm"/> >> </action-state> >> >> I don't know if it is the right way, but it seems to work... >> >> Pavlos >> P.S.: In order to show expiredPassView messages I had to >> a) copy fragments/pwdupdateform.html to fragments/pwdexpiredform.html, >> b) change the relevant th messages to screen.expiredpass.heading and >> screen.expiredpass.message >> c) change in casExpiredPassView.html th:replace="fragments/pwdupdateform" >> to th:replace="fragments/pwdexpiredform" >> >> >> >> On 16/06/2017 12:22 μμ, Ludovic Senecaux wrote: >> >> The logs provide the right information from the LDAP directory, but the >> CAS does not seem to return the correct JSP page. >> >> 2017-06-08 14:41:32,478 DEBUG [org.apereo.cas.authentication.support. >> DefaultAccountStateHandler] - <Handling error [ACCOUNT_LOCKED]> >> 2017-06-08 14:41:32,478 INFO [org.apereo.cas.authentication. >> PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] failed >> authenticating [foo]> >> 2017-06-08 14:41:32,479 DEBUG [org.apereo.cas.authentication. >> PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] >> exception details: [null]> >> 2017-06-08 14:41:32,479 WARN [org.apereo.cas.authentication. >> PolicyBasedAuthenticationManager] - <Authentication has failed. >> Credentials may be incorrect or CAS cannot find authentication handler >> that supports [foo] of type [UsernamePasswordCredential], which suggests >> a configuration problem.> >> 2017-06-08 14:41:32,480 INFO [org.apereo.inspektr.audit.support. >> Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN >> ============================================================= >> WHO: foo >> WHAT: Supplied credentials: [foo] >> ACTION: AUTHENTICATION_FAILED >> APPLICATION: CAS >> WHEN: Thu Jun 08 14:41:32 CEST 2017 >> CLIENT IP ADDRESS: 10.199.2.7 >> SERVER IP ADDRESS: 192.168.108.100 >> ============================================================= >> >> >> 2017-06-08 15:15:35,859 DEBUG [org.apereo.cas.authentication.support. >> DefaultAccountStateHandler] - <Handling policy based on pre-defined >> attributes> >> 2017-06-08 15:15:35,859 DEBUG [org.apereo.cas.authentication.support. >> DefaultAccountStateHandler] - <Handling error [CHANGE_AFTER_RESET]> >> 2017-06-08 15:15:35,860 INFO [org.apereo.cas.authentication. >> PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] failed >> authenticating [foo]> >> 2017-06-08 15:15:35,860 DEBUG [org.apereo.cas.authentication. >> PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] >> exception details: [null]> >> 2017-06-08 15:15:35,861 WARN [org.apereo.cas.authentication. >> PolicyBasedAuthenticationManager] - <Authentication has failed. >> Credentials may be incorrect or CAS cannot find authentication handler >> that supports [foo] of type [UsernamePasswordCredential], which suggests >> a configuration problem.> >> 2017-06-08 15:15:35,862 INFO [org.apereo.inspektr.audit.support. >> Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN >> ============================================================= >> WHO: foo >> WHAT: Supplied credentials: [foo] >> ACTION: AUTHENTICATION_FAILED >> APPLICATION: CAS >> WHEN: Thu Jun 08 15:15:35 CEST 2017 >> CLIENT IP ADDRESS: 10.199.2.7 >> SERVER IP ADDRESS: unknown >> ============================================================= >> >> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: https://apereo.github.io/cas/M >> ailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/619c16de-8be6-8e01-990e-4af6fd16ec >> cf%40noc.edunet.gr >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/619c16de-8be6-8e01-990e-4af6fd16eccf%40noc.edunet.gr?utm_medium=email&utm_source=footer> >> . >> > > > This email is sent on behalf of Northgate Public Services (UK) Limited and > its associated companies including Rave Technologies (India) Pvt Limited > (together "Northgate Public Services") and is strictly confidential and > intended solely for the addressee(s). > If you are not the intended recipient of this email you must: (i) not > disclose, copy or distribute its contents to any other person nor use its > contents in any way or you may be acting unlawfully; (ii) contact > Northgate Public Services immediately on +44(0)1908 264500 > <+44%201908%20264500> quoting the name of the sender and the addressee > then delete it from your system. > Northgate Public Services has taken reasonable precautions to ensure that > no viruses are contained in this email, but does not accept any > responsibility once this email has been transmitted. You should scan > attachments (if any) for viruses. > > Northgate Public Services (UK) Limited, registered in England and Wales > under number 00968498 with a registered address of Peoplebuilding 2, > Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2 > 4NN. Rave Technologies (India) Pvt Limited, registered in India under > number 117068 with a registered address of 2nd Floor, Ballard House, Adi > Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001. > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CAD0p8puoLs5MMy4nbxsu83bZKh3CJ > S0Vxq_Pn%3DL3MAnkc3oNyg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8puoLs5MMy4nbxsu83bZKh3CJS0Vxq_Pn%3DL3MAnkc3oNyg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/e567d093-b52c-79ce-7a69- > a91df5ad84ba%40noc.edunet.gr > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/e567d093-b52c-79ce-7a69-a91df5ad84ba%40noc.edunet.gr?utm_medium=email&utm_source=footer> > . > > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/bbb8beba-5498-0ed4-3f37- > b360c7f5aadd%40noc.edunet.gr > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbb8beba-5498-0ed4-3f37-b360c7f5aadd%40noc.edunet.gr?utm_medium=email&utm_source=footer> > . > -- This email is sent on behalf of Northgate Public Services (UK) Limited and its associated companies including Rave Technologies (India) Pvt Limited (together "Northgate Public Services") and is strictly confidential and intended solely for the addressee(s). If you are not the intended recipient of this email you must: (i) not disclose, copy or distribute its contents to any other person nor use its contents in any way or you may be acting unlawfully; (ii) contact Northgate Public Services immediately on +44(0)1908 264500 quoting the name of the sender and the addressee then delete it from your system. Northgate Public Services has taken reasonable precautions to ensure that no viruses are contained in this email, but does not accept any responsibility once this email has been transmitted. You should scan attachments (if any) for viruses. Northgate Public Services (UK) Limited, registered in England and Wales under number 00968498 with a registered address of Peoplebuilding 2, Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2 4NN. Rave Technologies (India) Pvt Limited, registered in India under number 117068 with a registered address of 2nd Floor, Ballard House, Adi Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8pt8avvXZB2Ki7X0E%2Bo8Y-dOi%3D8EuhDqmcwbA%2B0Gf_6gDQ%40mail.gmail.com.
