Routing 'success' to 'passwordPolicyCheck' is required for LPPE. For a comprehensive list of changes, please take a look at the docs here: https://wiki.jasig.org/pages/viewpage.action?pageId=26149328
Regards, -Misagh > -----Original Message----- > From: Leszek Miś [mailto:[email protected]] > Sent: Friday, December 28, 2012 4:49 AM > To: [email protected] > Subject: [cas-user] LDAP/LPPE and password is not expiring > > Hello All, > My configuration is based on CAS 3.5.1 with LPPE support. I'm using RH > Directory Server. > > I have a problem with state, when password is not expiring: > > <Current date is 2012-12-28T11:13:17.791Z> > 2012-12-28 12:13:17,791 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:13:17,792 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:13:17,792 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > > Then, CAS server is "waiting for a response", and in logs I see huge > amount of info: > > 012-12-28 12:28:43,110 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,153 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.153Z> > 2012-12-28 12:28:43,153 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:28:43,154 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:28:43,154 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,180 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.180Z> > 2012-12-28 12:28:43,180 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:28:43,181 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:28:43,181 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,216 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.216Z> > 2012-12-28 12:28:43,216 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:28:43,217 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:28:43,217 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,256 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.256Z> > 2012-12-28 12:28:43,256 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:28:43,256 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:28:43,256 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,309 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.309Z> > 2012-12-28 12:28:43,309 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:28:43,309 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:28:43,309 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,346 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.346Z> > 2012-12-28 12:28:43,346 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:28:43,346 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:28:43,346 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,400 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.400Z> > 2012-12-28 12:28:43,400 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-01-27T23:00:00.000Z> > 2012-12-28 12:28:43,400 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Warning > period begins on 2013-01-24T23:00:00.000Z> > 2012-12-28 12:28:43,400 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Password is > not expiring. 30 days left to the warning> > 2012-12-28 12:28:43,436 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Current > date is 2012-12-28T11:28:43.436Z> > 2012-12-28 12:28:43,436 INFO > [org.jasig.cas.adaptors.ldap.LdapPasswordPolicyEnforcer] - <Expiration > date is 2013-0 > > In my login-webflow.xml I changed: > <transition on="success" to="sendTicketGrantingTicket" to : > > <transition on="success" to="passwordPolicyCheck" > > > When password is expiring, I can get a warning screen and then, after > 10 seconds my user is logged in correcty. > > Any ideas what else should I change? > > > /lm > > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
