Hi Chris, If you have ATP activated and the password reset emails are only sent within your own organization, you can ask your Office 365 admin to whitelist the CAS server, this way ATP won't invalidate the password reset link. However, if they can be sent to multiple organizations (who might also have Office 365 and ATP activated) it would not be a practical solution to ask all of them to whitelist your CAS server. I ended up overriding the VerifyPasswordResetRequestAction class to remove the line that deletes the ticket. The ticket is still expired after the configured delay, so it solved our problem with password management.
Joseph Le mardi 27 juillet 2021 à 00 h 54 min 47 s UTC-4, Chris Durham a écrit : > Hey Joseph, > > Did you get anywhere with this. We've been having the same issue and I > suddenly connected the dots and realized that we use Office 365 too.. > > Chris > > On Wednesday, 30 June 2021 at 07:16:10 UTC-5 [email protected] wrote: > >> Hi everyone, >> >> We recently upgraded our CAS server to version 6.2.8 from version >> 5.3.15.1 . We found out that the behaviour of the password management >> feature, specifically the password reset link, has changed. It seems that >> the password reset link is now single use, you can't use it again after >> clicking on it once even though it's not expired yet. >> >> After investigating the error our users had "Password reset failed - We >> were unable to process your password reset request at this time", we found >> out that because we use Office 365 ATP (Advanced Threat Protection), all >> the links in the email, including the password reset link, are verified and >> clicked before the user gets the email. This means that the password reset >> link is already used when it gets to the user's inbox... >> >> I didn't find any configuration related to this in the CAS documentation. >> I'm now thinking about overriding the class where the password reset token >> is deleted after use, even though I don't like the idea of having to >> maintain this change after future CAS updates. >> >> Has anyone had this kind of problem with password management and >> something like Office 365 ATP and what was your solution? >> >> Thank you! >> >> Joseph >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1e6625eb-6413-41ed-a5e3-ba0a2341bee7n%40apereo.org.
