Not sure the issue is related to the fix in 4.0.3 The log indicates that
no account state is passed back to CAS. Is your configuration using the
ActiveDirectory response handler? That might be relevant in passing back
the account state over to CAS.
Something like this perhaps:
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler">
<property name="authenticationResponseHandlers">
<util:list>
<bean
class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler"
/>
</util:list>
</property>
</bean>
From: Daniel Fisher [mailto:[email protected]]
Sent: Friday, July 24, 2015 10:56 AM
To: [email protected]
Subject: Re: [cas-user] CAS 4 & LPPE & Active Directory,
"accountState=null"
On Thu, Jul 23, 2015 at 3:37 PM, Mike Seiler <[email protected]
<mailto:[email protected]> > wrote:
I'm trying to get LPPE working with the new CAS 4.0 server, but am finding
that the policies don't seem to be enforced, even though I have set the
maximum password age (on the AD side) to 1 day.
Are you using the latest version? (4.0.3) The release notes indicate fixes
related LPPE.
--Daniel Fisher
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as: [email protected]
<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
