https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41750
Bug ID: 41750
Summary: ForcePasswordResetWhenSetByStaff prohibits login via
CAS
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Authentication
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
When ForcePasswordResetWhenSetByStaff is set to "enforce" and staff adds
creates a new patron account, login by CAS is impossible.
It took us a while to figure this out, since it just "won't work" without any
helpful error message.
I think there are different ways this could be handled.
We could not check the password expiration date if a user authenticates through
another external system (LDAP, CAS, OAuth2), since they cannot change the
password then.
The smallest solution might be warning on the pref, to not enable this for
patron categories that use external authentication.
I think in general it would be nicer to allow external authentication and still
enforce if local login is used - there might be cases where both are the same
patron category now and this would keep things more flexible.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
