Hello Francesco,
Thanks for your update, we created the notification in the parameters
and the template, but we get stuck before the point you were describing:
We went through the procedure, the user creates his own account, with an
email and a password.
For simplicity, we created only one security question.
Once he forget the password, he comes back to the EndUser interface and
he request to insert the challenge answer.
Even if the challenge answer is correct (and I can check that it's
correctly stored into the database), we receive an error saying:
18:44:20.883 ERROR
org.apache.syncope.client.enduser.resources.UserSelfPasswordReset -
Error while updating user
java.lang.Exception: A correct security answer should be provided
at
org.apache.syncope.client.enduser.resources.UserSelfPasswordReset.newResourceResponse(UserSelfPasswordReset.java:76)
~[syncope-client-enduser-2.0.2.jar:2.0.2]
at
org.apache.wicket.request.resource.AbstractResource.respond(AbstractResource.java:629)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.request.handler.resource.ResourceRequestHandler.respond(ResourceRequestHandler.java:105)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.request.handler.resource.ResourceReferenceRequestHandler.respond(ResourceReferenceRequestHandler.java:108)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:895)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
~[wicket-request-7.6.0.jar:7.6.0]
at
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:265)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:222)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:293)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.protocol.http.WicketFilter.processRequestCycle(WicketFilter.java:261)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:203)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:284)
~[wicket-core-7.6.0.jar:7.6.0]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
~[catalina.jar:8.0.39]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
~[catalina.jar:8.0.39]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
~[catalina.jar:8.0.39]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
~[catalina.jar:8.0.39]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
~[catalina.jar:8.0.39]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
~[catalina.jar:8.0.39]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
~[catalina.jar:8.0.39]
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
~[catalina.jar:8.0.39]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
~[catalina.jar:8.0.39]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:509)
~[catalina.jar:8.0.39]
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1104)
~[tomcat-coyote.jar:8.0.39]
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
~[tomcat-coyote.jar:8.0.39]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
~[tomcat-coyote.jar:8.0.39]
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
~[tomcat-coyote.jar:8.0.39]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[?:1.8.0_111]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[?:1.8.0_111]
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
~[tomcat-util.jar:8.0.39]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
But we know that the challenge answer is correct and all in lowercase
like in the database, I can't understand why it doesn't find the correct
value.
Thanks,
Mária
On 19/01/2017 11:22, Francesco Chicchiriccò wrote:
> On 18/01/2017 14:13, Francesco Chicchiriccò wrote:
>> On 18/01/2017 11:59, Francesco Chicchiriccò wrote:
>>> On 18/01/2017 11:38, Tech wrote:
>>>> Hello,
>>>>
>>>> we faced something that could be a bug in version 2.0.1 and version
>>>> 2.0.2.
>>>>
>>>> We created a SecurityQuestion from the Admin interface and the user is
>>>> prompted to enter one during the creation of his account.
>>>>
>>>> The SecurityQuestion is correctly stored into the DB.
>>>>
>>>> We "forget" the password and we try to recover it using the interface,
>>>> but we cannot reset it.
>>>>
>>>> This is happening both for existing and new users.
>>>>
>>>> Could you please double-check?
>>>
>>> I assume you have already checked
>>>
>>> https://syncope.apache.org/docs/reference-guide.html#password-reset
>>>
>>> to understand how the password reset process is expected to work.
>>
>> A fundamental part for the outlined procedure to be effective, is to
>> have the notifications in place; see
>>
>> https://syncope.apache.org/docs/reference-guide.html#e-mail-configuration
>>
>>
>> for details.
>>
>> After that user has provided the correct answer to security question
>> via EndUser UI, a notification e-mail based on the
>> 'requestPasswordReset' template is sent; as you can see from the
>> template, an URL for accessing the EndUser UI (containing the unique
>> token generated for such request) is contained in the e-mail.
>>
>> Once clicked there, the process can continue with input of the new
>> password value.
>>
>> Finally, another notification e-mail based on the
>> 'confirmPasswordReset' template is sent out.
>
> FYI I have updated the password reset information with the further
> comments above; see
>
> https://ci.apache.org/projects/syncope/reference-guide.html#password-reset
>
>
> Regards.
>
