Hi Ben,
No, I hadn't, but I just did it: https://github.com/apereo/cas/issues/2703
Cheers,
Pavlos
On 22/06/2017 06:43 μμ, Ben Howell-Thomas wrote:
Regarding :
Eventually, everything seems to work ok, after adding in
login-webflow.xml the following (which is present in CAS v5.0.x
but not in CAS v5.1.0):
<action-state id="handleAuthenticationFailure">
<evaluate
expression="authenticationExceptionHandler.handle(currentEvent.attributes.error,
messageContext)"/>
<transition on="AccountDisabledException"
to="casAccountDisabledView"/>
<transition on="AccountLockedException"
to="casAccountLockedView"/>
<transition on="CredentialExpiredException"
to="casExpiredPassView"/>
<transition on="AccountPasswordMustChangeException"
to="casMustChangePassView"/>
<transition on="InvalidLoginLocationException"
to="casBadWorkstationView"/>
<transition on="InvalidLoginTimeException"
to="casBadHoursView"/>
<transition on="FailedLoginException"
to="initializeLoginForm"/>
<transition on="AccountNotFoundException"
to="initializeLoginForm"/>
<transition on="UnauthorizedServiceForPrincipalException"
to="initializeLoginForm" />
<transition on="UnsatisfiedAuthenticationPolicyException"
to="initializeLoginForm"/>
<transition on="UnauthorizedAuthenticationException"
to="casAuthenticationBlockedView"/>
<transition to="initializeLoginForm"/>
</action-state>
I don't know if it is the right way, but it seems to work...
Have you reported it as a bug or anything already?
It looks like the above states are being set up by
DefaultWebflowConfigurer.createHandleAuthenticationFailureAction() but
they aren't having any effect.
(Also, thanks for the workaround :)
On 17 June 2017 at 17:14, Pavlos Drandakis <pdra...@noc.edunet.gr
<mailto:pdra...@noc.edunet.gr>> wrote:
Eventually, everything seems to work ok, after adding in
login-webflow.xml the following (which is present in CAS v5.0.x
but not in CAS v5.1.0):
<action-state id="handleAuthenticationFailure">
<evaluate
expression="authenticationExceptionHandler.handle(currentEvent.attributes.error,
messageContext)"/>
<transition on="AccountDisabledException"
to="casAccountDisabledView"/>
<transition on="AccountLockedException"
to="casAccountLockedView"/>
<transition on="CredentialExpiredException"
to="casExpiredPassView"/>
<transition on="AccountPasswordMustChangeException"
to="casMustChangePassView"/>
<transition on="InvalidLoginLocationException"
to="casBadWorkstationView"/>
<transition on="InvalidLoginTimeException"
to="casBadHoursView"/>
<transition on="FailedLoginException"
to="initializeLoginForm"/>
<transition on="AccountNotFoundException"
to="initializeLoginForm"/>
<transition on="UnauthorizedServiceForPrincipalException"
to="initializeLoginForm" />
<transition on="UnsatisfiedAuthenticationPolicyException"
to="initializeLoginForm"/>
<transition on="UnauthorizedAuthenticationException"
to="casAuthenticationBlockedView"/>
<transition to="initializeLoginForm"/>
</action-state>
I don't know if it is the right way, but it seems to work...
Pavlos
P.S.: In order to show expiredPassView messages I had to
a) copy fragments/pwdupdateform.html to fragments/pwdexpiredform.html,
b) change the relevant th messages to screen.expiredpass.heading
and screen.expiredpass.message
c) change in casExpiredPassView.html
th:replace="fragments/pwdupdateform" to
th:replace="fragments/pwdexpiredform"
On 16/06/2017 12:22 μμ, Ludovic Senecaux wrote:
The logs provide the right information from the LDAP directory,
but the CAS does not seem to return the correct JSP page.
|
2017-06-0814:41:32,478DEBUG
[org.apereo.cas.authentication.support.DefaultAccountStateHandler]-<Handlingerror
[ACCOUNT_LOCKED]>
2017-06-0814:41:32,478INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]failed
authenticating [foo]>
2017-06-0814:41:32,479DEBUG
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]exception
details:[null]>
2017-06-0814:41:32,479WARN
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<Authenticationhas
failed.Credentialsmay be incorrect orCAS cannot find
authentication handler that supports [foo]of type
[UsernamePasswordCredential],which suggests a configuration problem.>
2017-06-0814:41:32,480INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]-<Audittrail
record BEGIN
=============================================================
WHO:foo
WHAT:Suppliedcredentials:[foo]
ACTION:AUTHENTICATION_FAILED
APPLICATION:CAS
WHEN:ThuJun0814:41:32CEST 2017
CLIENT IP ADDRESS:10.199.2.7
SERVER IP ADDRESS:192.168.108.100
=============================================================
|
|
2017-06-0815:15:35,859DEBUG
[org.apereo.cas.authentication.support.DefaultAccountStateHandler]-<Handlingpolicy
based on pre-definedattributes>
2017-06-0815:15:35,859DEBUG
[org.apereo.cas.authentication.support.DefaultAccountStateHandler]-<Handlingerror
[CHANGE_AFTER_RESET]>
2017-06-0815:15:35,860INFO
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]failed
authenticating [foo]>
2017-06-0815:15:35,860DEBUG
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]exception
details:[null]>
2017-06-0815:15:35,861WARN
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<Authenticationhas
failed.Credentialsmay be incorrect orCAS cannot find
authentication handler that supports [foo]of type
[UsernamePasswordCredential],which suggests a configuration problem.>
2017-06-0815:15:35,862INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]-<Audittrail
record BEGIN
=============================================================
WHO:foo
WHAT:Suppliedcredentials:[foo]
ACTION:AUTHENTICATION_FAILED
APPLICATION:CAS
WHEN:ThuJun0815:15:35CEST 2017
CLIENT IP ADDRESS:10.199.2.7
SERVER IP ADDRESS:unknown
=============================================================
|
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html
<https://apereo.github.io/cas/Mailing-Lists.html>
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/619c16de-8be6-8e01-990e-4af6fd16eccf%40noc.edunet.gr
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/619c16de-8be6-8e01-990e-4af6fd16eccf%40noc.edunet.gr?utm_medium=email&utm_source=footer>.
This email is sent on behalf of Northgate Public Services (UK) Limited
and its associated companies including Rave Technologies (India) Pvt
Limited (together "Northgate Public Services") and is strictly
confidential and intended solely for the addressee(s).
If you are not the intended recipient of this email you must: (i) not
disclose, copy or distribute its contents to any other person nor use
its contents in any way or you may be acting unlawfully; (ii) contact
Northgate Public Services immediately on +44(0)1908 264500 quoting the
name of the sender and the addressee then delete it from your system.
Northgate Public Services has taken reasonable precautions to ensure
that no viruses are contained in this email, but does not accept any
responsibility once this email has been transmitted. You should scan
attachments (if any) for viruses.
Northgate Public Services (UK) Limited, registered in England and
Wales under number 00968498 with a registered address of
Peoplebuilding 2, Peoplebuilding Estate, Maylands Avenue, Hemel
Hempstead, Hertfordshire, HP2 4NN. Rave Technologies (India) Pvt
Limited, registered in India under number 117068 with a registered
address of 2nd Floor, Ballard House, Adi Marzban Marg, Ballard Estate,
Mumbai, Maharashtra, India, 400001.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines:
https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8puoLs5MMy4nbxsu83bZKh3CJS0Vxq_Pn%3DL3MAnkc3oNyg%40mail.gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8puoLs5MMy4nbxsu83bZKh3CJS0Vxq_Pn%3DL3MAnkc3oNyg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e567d093-b52c-79ce-7a69-a91df5ad84ba%40noc.edunet.gr.
