Would you mind sharing the additions in the build.gradle and the package structure you used? I'm using 6.4.0-RC6, but I suspect once I understand what you had to add it should be transferrable logic wise
I've been trying to overlay classes to fix issues (or support our apparently unique requirements), but have been unable to get it to compile without complaining about lots and lots of missing dependencies. BTW i submitted a pull request with a custom patch that allowed you to specify whether the Password Management TST was single use or not, but it was rejected (with a reasonable explanation at least!) On Tuesday, 27 July 2021 at 10:12:00 UTC-5 [email protected] wrote: > Hi Chris, > > Yes I use the overlay method. I created the package structure for that > class in my overlay, and then copied the class from github for my CAS > version. I also had to add a few dependencies in the build.gradle file to > compile the overlay. > > Joseph > > Le mardi 27 juillet 2021 à 11 h 00 min 36 s UTC-4, Chris Durham a écrit : > >> Hi Joseph, >> >> Our emails will be going to many different organizations that we have no >> control over, so overriding that class might be our only option too. >> >> Do you use the overlay method - and if so how do you override a single >> class without having to import tons of stuff? >> >> Chris >> >> On Tuesday, 27 July 2021 at 07:09:29 UTC-5 [email protected] wrote: >> >>> Hi Chris, >>> >>> If you have ATP activated and the password reset emails are only sent >>> within your own organization, you can ask your Office 365 admin to >>> whitelist the CAS server, this way ATP won't invalidate the password reset >>> link. However, if they can be sent to multiple organizations (who might >>> also have Office 365 and ATP activated) it would not be a practical >>> solution to ask all of them to whitelist your CAS server. I ended up >>> overriding the VerifyPasswordResetRequestAction class to remove the line >>> that deletes the ticket. The ticket is still expired after the configured >>> delay, so it solved our problem with password management. >>> >>> Joseph >>> Le mardi 27 juillet 2021 à 00 h 54 min 47 s UTC-4, Chris Durham a écrit : >>> >>>> Hey Joseph, >>>> >>>> Did you get anywhere with this. We've been having the same issue and I >>>> suddenly connected the dots and realized that we use Office 365 too.. >>>> >>>> Chris >>>> >>>> On Wednesday, 30 June 2021 at 07:16:10 UTC-5 [email protected] wrote: >>>> >>>>> Hi everyone, >>>>> >>>>> We recently upgraded our CAS server to version 6.2.8 from version >>>>> 5.3.15.1 . We found out that the behaviour of the password management >>>>> feature, specifically the password reset link, has changed. It seems that >>>>> the password reset link is now single use, you can't use it again after >>>>> clicking on it once even though it's not expired yet. >>>>> >>>>> After investigating the error our users had "Password reset failed - >>>>> We were unable to process your password reset request at this time", we >>>>> found out that because we use Office 365 ATP (Advanced Threat >>>>> Protection), >>>>> all the links in the email, including the password reset link, are >>>>> verified >>>>> and clicked before the user gets the email. This means that the password >>>>> reset link is already used when it gets to the user's inbox... >>>>> >>>>> I didn't find any configuration related to this in the CAS >>>>> documentation. I'm now thinking about overriding the class where the >>>>> password reset token is deleted after use, even though I don't like the >>>>> idea of having to maintain this change after future CAS updates. >>>>> >>>>> Has anyone had this kind of problem with password management and >>>>> something like Office 365 ATP and what was your solution? >>>>> >>>>> Thank you! >>>>> >>>>> Joseph >>>>> >>>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1ff0ff4-cf98-43ba-a5fd-895cfa0595fbn%40apereo.org.
