Hi Chris, Yes I use the overlay method. I created the package structure for that class in my overlay, and then copied the class from github for my CAS version. I also had to add a few dependencies in the build.gradle file to compile the overlay.
Joseph Le mardi 27 juillet 2021 à 11 h 00 min 36 s UTC-4, Chris Durham a écrit : > Hi Joseph, > > Our emails will be going to many different organizations that we have no > control over, so overriding that class might be our only option too. > > Do you use the overlay method - and if so how do you override a single > class without having to import tons of stuff? > > Chris > > On Tuesday, 27 July 2021 at 07:09:29 UTC-5 [email protected] wrote: > >> Hi Chris, >> >> If you have ATP activated and the password reset emails are only sent >> within your own organization, you can ask your Office 365 admin to >> whitelist the CAS server, this way ATP won't invalidate the password reset >> link. However, if they can be sent to multiple organizations (who might >> also have Office 365 and ATP activated) it would not be a practical >> solution to ask all of them to whitelist your CAS server. I ended up >> overriding the VerifyPasswordResetRequestAction class to remove the line >> that deletes the ticket. The ticket is still expired after the configured >> delay, so it solved our problem with password management. >> >> Joseph >> Le mardi 27 juillet 2021 à 00 h 54 min 47 s UTC-4, Chris Durham a écrit : >> >>> Hey Joseph, >>> >>> Did you get anywhere with this. We've been having the same issue and I >>> suddenly connected the dots and realized that we use Office 365 too.. >>> >>> Chris >>> >>> On Wednesday, 30 June 2021 at 07:16:10 UTC-5 [email protected] wrote: >>> >>>> Hi everyone, >>>> >>>> We recently upgraded our CAS server to version 6.2.8 from version >>>> 5.3.15.1 . We found out that the behaviour of the password management >>>> feature, specifically the password reset link, has changed. It seems that >>>> the password reset link is now single use, you can't use it again after >>>> clicking on it once even though it's not expired yet. >>>> >>>> After investigating the error our users had "Password reset failed - We >>>> were unable to process your password reset request at this time", we found >>>> out that because we use Office 365 ATP (Advanced Threat Protection), all >>>> the links in the email, including the password reset link, are verified >>>> and >>>> clicked before the user gets the email. This means that the password reset >>>> link is already used when it gets to the user's inbox... >>>> >>>> I didn't find any configuration related to this in the CAS >>>> documentation. I'm now thinking about overriding the class where the >>>> password reset token is deleted after use, even though I don't like the >>>> idea of having to maintain this change after future CAS updates. >>>> >>>> Has anyone had this kind of problem with password management and >>>> something like Office 365 ATP and what was your solution? >>>> >>>> Thank you! >>>> >>>> Joseph >>>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3881a48e-b54d-44ca-82c3-a6c2ae1212e7n%40apereo.org.
