Hi everyone, We recently upgraded our CAS server to version 6.2.8 from version 5.3.15.1 . We found out that the behaviour of the password management feature, specifically the password reset link, has changed. It seems that the password reset link is now single use, you can't use it again after clicking on it once even though it's not expired yet.
After investigating the error our users had "Password reset failed - We were unable to process your password reset request at this time", we found out that because we use Office 365 ATP (Advanced Threat Protection), all the links in the email, including the password reset link, are verified and clicked before the user gets the email. This means that the password reset link is already used when it gets to the user's inbox... I didn't find any configuration related to this in the CAS documentation. I'm now thinking about overriding the class where the password reset token is deleted after use, even though I don't like the idea of having to maintain this change after future CAS updates. Has anyone had this kind of problem with password management and something like Office 365 ATP and what was your solution? Thank you! Joseph -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4f57faa0-f276-4525-96fc-3872f7b778f4n%40apereo.org.
