Eric,
Yep... I see the BindLdapAuthenticationHandler throwing, and the
AuthenticationViaFormAction catching it... and eventually
hitting:
if(e.getCode().equals(ExpiredPasswordException.EXPIRED_PASSWORD_CODE)){
return "showExpiredPassView";
}
but the spring webflow never triggers correctly... so for the time being I had
to modify it to explicitly do something when encountering an expired password...
<action-state id="realSubmit">
<evaluate
expression="authenticationViaFormAction.submit(flowRequestContext,
flowScope.credentials, messageContext)" />
<transition on="showExpiredPassView" to="PasswordExpiredCheck"
/>
<transition on="warn" to="warn" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
</action-state>
In our case, I fire off another action in the "PasswordExpiredCheck" state to
do some more checking on the user to supply a customized URL for our password
change webapp... and eventually get to the "showExpiredPassView" end state. I'm
guessing one could as easily transition to "showExpiredPassView" instead.
Something is definitely up with how the spring webflow is setup... the new
version of spring is still "new to me" so pardon any mis-wording, etc.
Raymond Walker
Software Systems Engineer Sr.
ITS Northern Arizona University
[email protected]
On Aug 2, 2010, at 7:18 AM, Eric Pierce wrote:
> Are you sure you're using the BindLdapAuthenticationHandler included
> with the ldap-pwd-expiration module? It compares the result to a
> Regular Expression that should catch 'Password expired' and throws a
> custom exception (ExpiredPasswordException)
>
> -Eric
>
> On 8/1/10, Jamie Sammons <[email protected]> wrote:
>> I have also tried this with CAS 3.4.2.1 and
>> cas-server-support-ldap-pwd-expiration-3.4.2 and it appears to do the same
>> thing.
>>
>> It still seems like the LDAP error messages aren't making their way up
>> through the application for some reason.
>> --
>> You are currently subscribed to [email protected] as: [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>
> --
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- [email protected]
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
