Hi,
welcome to Syncope.
You'll find my comments embedded below.
Regards.
On 03/03/2017 01:20, Terrance A. Crow wrote:
I’m having an issue with both Syncope 2.0.1 and Syncope 2.0.2 where the
end-users can’t save their answers to security questions.
Steps to recreate:
1. Using syncope-console as admin, create a security question.
2. Log in to syncope-enduser as a normal (non-admin) user. Select the new
security question, specify an answer, click on Finish, click on Save, and enter
the correct captcha information.
3. Log back on using the same ID to syncope-enduser and observe that the answer
to the security question is blank.
4. Log into syncope-console as admin, add the security answer to the USER
Search screen, and observe a blank answer for the user in question.
Once set, the security answer is *never* reported, neither in Admin
Console nor in Enduser UI, to avoid potential security issues.
I have just added a note to the SNAPSHOT reference guide [1]: this
version will replace [2] once next release (2.0.3) will be out.
Thanks for reporting!
The password reset process, however, is not working properly until the
latest fixes already available in 2.0.3-SNAPSHOT, that will be publicly
available (alongside with others) with Syncope 2.0.3.
The ID’s the result of a self-registration.
Syncope’s running on CentOS 7 (patched to current) under Oracle Java JDK
1.8.0_121. The Tomcat version is 8.0.41.
I found a similar condition in Jira (SYNCOPE-942), but it’s not an exact match
and that issue’s closed.
Am I missing something obvious?
[1]
https://ci.apache.org/projects/syncope/reference-guide.html#password-reset-no-security-answer
[2] https://syncope.apache.org/docs/reference-guide.html#password-reset
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
