Chris,
When you get a missing dependency, search your local copy of cas for that
class. Once you have the path, you can include that package in build.gradle.
e.g.
compileOnly
"org.apereo.cas:cas-server-support-token-core-api:${casServerVersion}"
compileOnly
"org.apereo.cas:cas-server-support-token-tickets:${casServerVersion}"
Ray
On Tue, 2021-07-27 at 12:59 -0700, Chris Durham wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Would you mind sharing the additions in the build.gradle and the package
structure you used? I'm using 6.4.0-RC6, but I suspect once I understand what
you had to add it should be transferrable logic wise
I've been trying to overlay classes to fix issues (or support our apparently
unique requirements), but have been unable to get it to compile without
complaining about lots and lots of missing dependencies.
BTW i submitted a pull request with a custom patch that allowed you to specify
whether the Password Management TST was single use or not, but it was rejected
(with a reasonable explanation at least!)
On Tuesday, 27 July 2021 at 10:12:00 UTC-5 [email protected] wrote:
Hi Chris,
Yes I use the overlay method. I created the package structure for that class in
my overlay, and then copied the class from github for my CAS version. I also
had to add a few dependencies in the build.gradle file to compile the overlay.
Joseph
Le mardi 27 juillet 2021 à 11 h 00 min 36 s UTC-4, Chris Durham a écrit :
Hi Joseph,
Our emails will be going to many different organizations that we have no
control over, so overriding that class might be our only option too.
Do you use the overlay method - and if so how do you override a single class
without having to import tons of stuff?
Chris
On Tuesday, 27 July 2021 at 07:09:29 UTC-5 [email protected] wrote:
Hi Chris,
If you have ATP activated and the password reset emails are only sent within
your own organization, you can ask your Office 365 admin to whitelist the CAS
server, this way ATP won't invalidate the password reset link. However, if they
can be sent to multiple organizations (who might also have Office 365 and ATP
activated) it would not be a practical solution to ask all of them to whitelist
your CAS server. I ended up overriding the VerifyPasswordResetRequestAction
class to remove the line that deletes the ticket. The ticket is still expired
after the configured delay, so it solved our problem with password management.
Joseph
Le mardi 27 juillet 2021 à 00 h 54 min 47 s UTC-4, Chris Durham a écrit :
Hey Joseph,
Did you get anywhere with this. We've been having the same issue and I
suddenly connected the dots and realized that we use Office 365 too..
Chris
On Wednesday, 30 June 2021 at 07:16:10 UTC-5 [email protected] wrote:
Hi everyone,
We recently upgraded our CAS server to version 6.2.8 from version 5.3.15.1 . We
found out that the behaviour of the password management feature, specifically
the password reset link, has changed. It seems that the password reset link is
now single use, you can't use it again after clicking on it once even though
it's not expired yet.
After investigating the error our users had "Password reset failed - We were
unable to process your password reset request at this time", we found out that
because we use Office 365 ATP (Advanced Threat Protection), all the links in
the email, including the password reset link, are verified and clicked before
the user gets the email. This means that the password reset link is already
used when it gets to the user's inbox...
I didn't find any configuration related to this in the CAS documentation. I'm
now thinking about overriding the class where the password reset token is
deleted after use, even though I don't like the idea of having to maintain this
change after future CAS updates.
Has anyone had this kind of problem with password management and something like
Office 365 ATP and what was your solution?
Thank you!
Joseph
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7225cfbb27a3c7f7fc53b06a2bc83d7e43d4296c.camel%40uvic.ca.
