The certificate is the host certificate of the LDAP server. LDAP is configured in such a way that for reset password request requires a ssl connection/ldaps. For the version 5.2 we have the LDAP referral, so we have modified our cas servers host file to point it to the IP and it works. But cas 6 authentication with ldap works fine but the password management doesn't work even after changing the host file. When we try to reset password, at first we get an error of no email address found and then it switches the view from enter your username/reset password to enter email address/forgot username.
On Wed, 21 Nov 2018, 1:28 am Ray Bon <[email protected] wrote: > Are you running the upgrade on a new host? A custom certificate? > You can create a certificate with build.sh gencert and import it with > command at bottom of > https://apereo.github.io/cas/5.3.x/installation/X509-Authentication.html > > Ray > > > On Tue, 2018-11-20 at 09:03 -0800, MD. Fazla Rabby wrote: > > We are already using CAS5.2 and password management working fine. But for > CAS version 6 we are getting the ldap referral error > "java.security.cert.CertificateException: Hostname does not match the > hostname in the server's certificate site:stackoverflow.com" > How to get around with this > > This is my cas.properties > > > > cas.authn.pm.enabled=true > cas.authn.pm.policyPattern=^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9 > ])(?=.*?[#?!@$%~()_{}-]).{8,}$ > cas.authn.pm.reset.text=Reset your password with this link: %s > cas.authn.pm.reset.subject=Password Reset Request > cas.authn.pm.reset.from=myemail.mydomain.com > > > #password reset expiry is set to 1 day equivalent minutes > cas.authn.pm.reset.expirationMinutes=1440 > cas.authn.pm.reset.emailAttribute=secondaryEmail > cas.authn.pm.reset.securityQuestionsEnabled=true > > # Automatically log in after successful password change > cas.authn.pm.autoLogin=false > > # Used to sign/encrypt the password-reset link > cas.authn.pm.reset.crypto.encryption.key=asdasdasdasdasdasdasdasdasdasd > cas.authn.pm.reset.crypto.signing.key > =asdasdasasdasdasdasdadsadasdasdasdasd > cas.authn.pm.reset.crypto.enabled=true > > > #Email Submissions > > spring.mail.host=smtp.office365.com > spring.mail.port=587 > [email protected] > spring.mail.password=pass > spring.mail.testConnection=true > spring.mail.properties.mail.smtp.auth=true > spring.mail.properties.mail.smtp.starttls.enable=true > > # > ##LDAP Password management > # > cas.authn.pm.ldap.type=AD > # > cas.authn.pm.ldap.ldapUrl=ldaps://myldap:636 > cas.authn.pm.ldap.useSsl=true > cas.authn.pm.ldap.useStartTls=false > cas.authn.pm.ldap.connectTimeout=50000 > cas.authn.pm.ldap.baseDn=DC=xx,DC=xx,DC=xx,DC=xx > cas.authn.pm.ldap.searchFilter=cn={user} > cas.authn.pm.ldap.subtreeSearch=true > cas.authn.pm.ldap.bindDn=CN=xx,OU=xx,DC=xx,DC=xx,DC=xx,DC=xx > cas.authn.pm.ldap.bindCredential=pass > # cas.authn.pm.ldap.connectionStrategy= > cas.authn.pm.ldap.trustCertificates=file:/etc/cas/myldap.cer > ## cas.authn.pm.ldap.keystore= > ## cas.authn.pm.ldap.keystorePassword= > ## cas.authn.pm.ldap.keystoreType=JKS|JCEKS|PKCS12 > cas.authn.pm.ldap.poolPassivator=BIND > cas.authn.pm.ldap.minPoolSize=3 > cas.authn.pm.ldap.maxPoolSize=10 > cas.authn.pm.ldap.validateOnCheckout=true > cas.authn.pm.ldap.validatePeriodically=true > cas.authn.pm.ldap.validatePeriod=600 > cas.authn.pm.ldap.validateTimeout=5000 > cas.authn.pm.ldap.failFast=true > cas.authn.pm.ldap.idleTime=500 > cas.authn.pm.ldap.prunePeriod=600 > cas.authn.pm.ldap.blockWaitTime=5000 > > ##cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > # > ## Attributes that should be fetched to indicate security questions and > answers, > ## assuming security questions are enabled. > cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion1 > =attributeAnswer1 > cas.authn.pm.ldap.securityQuestionsAttributes.attributeQuestion2 > =attributeAnswer2 > cas.authn.pm.ldap.securityQuestionsAttributes.attrQuestion3= > attributeAnswer2 > # > cas.authn.pm.ldap.validator.type=SEARCH > cas.authn.pm.ldap.validator.baseDn=DC=xx,DC=xx,DC=xx,DC=xx > ##cas.authn.pm.ldap.validator.searchFilter=(objectClass=*) > cas.authn.pm.ldap.validator.scope=SUBTREE > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1542734910.2802.5.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1542734910.2802.5.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9J-Y04nhp6LUNJMcm__fTboOgvRsXDhCKEi9NQP5FKYXym6g%40mail.gmail.com.
