Are you using OpenLDAP? Just curious if you had gotten that far with it as I'm not able to do so yet.
Thank you,
Jamie Sammons
| From: | Raymond D Walker <[email protected]> |
| To: | [email protected] |
| Date: | 08/02/2010 06:43 PM |
| Subject: | Re: [cas-user] LDAP Password Policy module problems |
Eric,
Yep... I see the BindLdapAuthenticationHandler throwing, and the AuthenticationViaFormAction catching it... and eventually
hitting:
if(e.getCode().equals(ExpiredPasswordException.EXPIRED_PASSWORD_CODE)){
return "showExpiredPassView";
}
but the spring webflow never triggers correctly... so for the time being I had to modify it to explicitly do something when encountering an expired password...
<action-state id="realSubmit">
<evaluate _expression_="authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext)" />
<transition on="showExpiredPassView" to="PasswordExpiredCheck" />
<transition on="warn" to="warn" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
</action-state>
In our case, I fire off another action in the "PasswordExpiredCheck" state to do some more checking on the user to supply a customized URL for our password change webapp... and eventually get to the "showExpiredPassView" end state. I'm guessing one could as easily transition to "showExpiredPassView" instead.
Something is definitely up with how the spring webflow is setup... the new version of spring is still "new to me" so pardon any mis-wording, etc.
Raymond Walker
Software Systems Engineer Sr.
ITS Northern Arizona University
[email protected]
On Aug 2, 2010, at 7:18 AM, Eric Pierce wrote:
> Are you sure you're using the BindLdapAuthenticationHandler included
> with the ldap-pwd-expiration module? It compares the result to a
> Regular _expression_ that should catch 'Password expired' and throws a
> custom exception (ExpiredPasswordException)
>
> -Eric
>
> On 8/1/10, Jamie Sammons <[email protected]> wrote:
>> I have also tried this with CAS 3.4.2.1 and
>> cas-server-support-ldap-pwd-expiration-3.4.2 and it appears to do the same
>> thing.
>>
>> It still seems like the LDAP error messages aren't making their way up
>> through the application for some reason.
>> --
>> You are currently subscribed to [email protected] as: [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
>
> --
> Eric Pierce
> Identity Management Architect
> Information Technology
> University of South Florida
> (813) 974-8868 -- [email protected]
>
> --
> You are currently subscribed to [email protected] as: [email protected]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--------------------------------------------------------- This e-mail message is intended only for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the CDS Global Help Desk ([email protected]) immediately by e-mail and delete the original message. --------------------------------------------------------- |
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
