We have been using CAS for the past couple of years and have had good success with the product. Earlier this spring Denison upgraded to v3.5.2 and activated the LPPE support (OpenLdap environment) to support a use-case where new accounts are required to change their password on the first login. This has worked really well and we are now looking into supporting user initiated password resets. To this end I have some questions for the CAS community:
1. Is there any built in functionality for user initiated password resets in the the base product? Does this change with v4.0? (I did see an extension from Unicon [1]) 2. For implementors that have added this support what approach did you take? Did you do this within CAS? What did you do to verify that the reset request came from the actual user (security questions, token sent to mobile device, etc.)? 3. Is anyone using a third-party solution (whether open source or commercial) to process user initiated password changes? Any guidance, insight, or lessons learned is appreciated! Thanks for your time, -Michael [1] - https://github.com/Unicon/cas-password-manager -- Michael Herring Information Technology Services Web Developer Denison University 740-587-6360 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
