apereocas-bot on gh-pages
Published docs to [gh-pages] fr… (compare)
mmoayyed on master
clean up refs to object mapper fix object mapper refs fix object mapper refs (compare)
mmoayyed on gh-pages
fix docs Merge branch 'gh-pages' of gith… Merge branch 'gh-pages' of gith… and 1 more (compare)
apereocas-bot on gh-pages
Published docs to [gh-pages] fr… (compare)
mmoayyed on master
trigger dependency update clean up refs to object mapper (compare)
apereocas-bot on gh-pages
Published docs to [gh-pages] fr… (compare)
mmoayyed on master
separate/refactor forgot userna… update update spel for access strategy… and 13 more (compare)
apereocas-bot on gh-pages
Published docs to [gh-pages] fr… (compare)
mmoayyed on master
support cors allowed origin pat… (compare)
mmoayyed on cors
@mmoayyed , have you got any news about PM feature? Is there any 6.x version with this functionallity resolved? thanks in advance
After this commit: apereo/cas@58345b0 password management is not working, any method annotated with @Async and calling to "ClientInfoHolder.getClientInfo()" throws NPE because ClientInfoHolder use ThreadLocal.
@mmoayyed Please check this commit, there are problems with PM and Audit.
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "https://example.com:8081/app\\?client_name=CasClient",
"name": "My App",
"id": 8081,
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled": true,
"ssoEnabled": false,
"delegatedAuthenticationPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders" : [ "java.util.ArrayList", [ "Microsoft Account" ] ]
}
}
}
val registeredService = payload.getRegisteredService() == null
? locateRegisteredService(serviceAudience)
: payload.getRegisteredService();
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService);
org.apereo.services.persondir.IPersonAttributeDao
is called on every creation of a ProxyGrantingTicket. For me it looks like org.apereo.cas.audit.AuditableExecution.execute(AuditableContext)
leads to org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository.retrievePersonAttributesToPrincipalAttributes(String)
which is called for any service url. Is this the intended behavior?
@mmoayyed tested 6.1.2 with same results, CAS sends the token to the user, but the token fails to load a form, instead loads the login form again
this is my relevant config (anonymizing some fields tougth)
cas.authn.pm.enabled=true
cas.authn.pm.ldap.type=AD
cas.authn.pm.ldap.usernameAttribute=userPrincipalName
cas.authn.pm.ldap.searchFilterUsername=(userPrincipalName={user})
cas.authn.pm.ldap.ldapUrl=ldap://...:389
cas.authn.pm.ldap.useSsl=false
cas.authn.pm.ldap.baseDn=OU=produccion,DC=...,DC=...
cas.authn.pm.ldap.searchFilter=(userPrincipalName={user})
cas.authn.pm.ldap.bindDn=...
cas.authn.pm.ldap.bindCredential=.....
cas.authn.pm.reset.mail.from=autenticacion.noreply@...
cas.authn.pm.reset.mail.attributeName=userPrincipalName
cas.authn.pm.reset.mail.text=Para recuperar su contrase\u00F1a siga las instrucciones de este enlace: %s
cas.authn.pm.reset.mail.subject=Solicitud de cambio de contraseña
cas.authn.pm.reset.mail.from=....
cas.authn.pm.reset.mail.attributeName=email
cas.authn.pm.reset.mail.text=Reset your password with this link: %s
cas.authn.pm.reset.mail.subject=Password Reset Request
cas.authn.pm.reset.expirationMinutes=10
spring.mail.host=....
spring.mail.port=25
spring.mail.username=....
spring.mail.password=....
spring.mail.testConnection=true
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=false
The most annoying thing is that nothing appears on the log, I've got trace level enabled
cas.properties
configuration parameters for Jetty, similar to the ones for the embedded Tomcat container detailed at https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties.html#embedded-apache-tomcat-container ?
after that i ran into new errors/ problems. The "set new password" method doesn't work. It only works if you reset the password by sending an email to the user.
I follow this guide: https://apereo.github.io/2019/10/25/cas61x-password-management-jdbc/
my remarks:
- "# Password Reset Email Info" and "# Forgot Username Email Info" have their option values mixed up. If you want have forgotten your username the system should lookup your email address. If you want to reset your password you need to give your name in stead of email address IMHO
- expired login method fails to update the database table Users. It does store the old password in the history table.
- text above the input fields isn't quite clear on what to do.
This is what i found out at 23 november.