Thank you for your answer. I've tried your configuraiton (with our's specification) But i don't understand which page use or link to reset password.
I've only one link to change password on the login page.. i've tried your link adapted : https://url.domain.com/cas/login?doChangePassword but it's always rediected us to the login page.... Cordialement, Arnauld PEYROU Responsable Technique et Support Direction des Systèmes d'Information. Inrap - 121 rue d'Alésia - 75014 Paris Tél : 01 40 08 80 48. www.inrap.fr Abonnez-vous à la lettre d'information de l'Inrap : http://www.inrap.fr/newsletter.php Le lun. 11 mars 2019 à 10:24, Eduardo Rdez <edurodri...@gmail.com> a écrit : > Hello, > > Not sure because we were working at the same time in change password link > and opt tokens sent by email. The change password link is working but > still working on otp tokens. Try to answer, please do some tests in yout > environment. > > Think we added these sections for change password link. The connection to > Ldap, allow the password management and the password policy. Also remember > to add the password policy pattern: > > # Minimum 8 and Maximum 10 characters at least 1 Lowercase Alphabet first, > 1 Uppercase Alphabet, 1 Number and 1 Special Character from the list > $@$!%.#*?& > > cas.authn.pm.policyPattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%.#*?&])[A-Za-z\\d$@$!%.#*?&]{8,10}$ > > # PASSWORD MANAGEMENT > cas.authn.pm.enabled=true > cas.authn.pm.reset.expirationMinutes=3 > cas.authn.pm.reset.securityQuestionsEnabled=false > cas.authn.pm.autoLogin=false > > # CHANGE PASSWORD LDAP CONNECTION > cas.authn.pm.ldap.type=GENERIC > cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389 > cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country > cas.authn.pm.ldap.bindCredential=xxxxxxxxxxx > cas.authn.pm.ldap.poolPassivator=BIND > cas.authn.pm.ldap.connectionStrategy=DEFAULT > > cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider > cas.authn.pm.ldap.connectTimeout=PT5S > cas.authn.pm.ldap.minPoolSize=3 > cas.authn.pm.ldap.maxPoolSize=10 > cas.authn.pm.ldap.idleTime=PT10M > cas.authn.pm.ldap.useSsl=false > cas.authn.pm.ldap.useStartTls=false > cas.authn.pm.ldap.responseTimeout=PT5S > cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country > cas.authn.pm.ldap.subtreeSearch=true > cas.authn.pm.ldap.searchFilter=username={user} > > > # LDAP PASSWORD POLICY > cas.authn.ldap[0].passwordPolicy.enabled=true > cas.authn.ldap[0].passwordPolicy.type=GENERIC > > cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException > cas.authn.ldap[0].passwordPolicy.loginFailures=5 > cas.authn.ldap[0].passwordPolicy.warningAttributeValue= > cas.authn.ldap[0].passwordPolicy.warningAttributeName= > cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true > cas.authn.ldap[0].passwordPolicy.warnAll=true > cas.authn.ldap[0].passwordPolicy.warningDays=30 > cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true > cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT > > El lunes, 11 de marzo de 2019, 8:53:24 (UTC+1), Arnauld Peyrou escribió: >> >> Hello, >> >> Do you have to use all the configuration you've discribed in your email >> from the 01/31? >> or juste use this link alone? >> >> Regards, >> >> Arnauld PEYROU >> Responsable Technique et Support >> Direction des Systèmes d'Information. >> Inrap - 121 rue d'Alésia - 75014 Paris >> Tél : 01 40 08 80 48. >> www.inrap.fr >> Abonnez-vous à la lettre d'information de l'Inrap : >> http://www.inrap.fr/newsletter.php >> >> >> Le ven. 8 mars 2019 à 10:57, Eduardo Rdez <eduro...@gmail.com> a écrit : >> >>> Hello, >>> >>> We could allow the password change option from the login page using the >>> following link: >>> >>> https://url.domain.com/cas/login?doChangePassword >>> >>> Now users can voluntary follow the link, and do a password change at >>> Ldap. >>> >>> >>> >>> >>> >>> >>> >>> >>> El jueves, 31 de enero de 2019, 13:08:16 (UTC+1), Eduardo Rdez escribió: >>>> >>>> Hello, >>>> >>>> We have the same problem. Also using CAS v5.3 connected to Ldap for >>>> user access. These are the steps we have taken to use the Forget Password, >>>> but no idea how to enable user change password. See if someone can help us >>>> to finish configuration. We would like to have one link for a voluntary >>>> change password action an another link for reset/forget password. >>>> >>>> Added dependency: >>>> <dependency> >>>> <groupId>org.apereo.cas</groupId> >>>> <artifactId>cas-server-support-pm-ldap</artifactId> >>>> <version>${cas.version}</version> >>>> </dependency> >>>> >>>> Configured in cas.properties: >>>> >>>> # EMAIL SERVER >>>> spring.mail.host=smtp.office365.com >>>> spring.mail.port=587 >>>> spring.mail.username=xxxxxxxxxxxxxx >>>> spring.mail.password=xxxxxxxxxxxxxx >>>> spring.mail.testConnection=true >>>> spring.mail.properties.mail.smtp.auth=true >>>> spring.mail.properties.mail.smtp.starttls.enable=true >>>> >>>> # PASSWORD MANAGEMENT >>>> cas.authn.pm.enabled=true >>>> cas.authn.pm.reset.expirationMinutes=3 >>>> cas.authn.pm.reset.securityQuestionsEnabled=false >>>> cas.authn.pm.autoLogin=false >>>> >>>> # CHANGE PASSWORD EMAILS >>>> cas.authn.pm.reset.mail.from=u...@email.com >>>> cas.authn.pm.reset.mail.text=email text, reset your password %s >>>> cas.authn.pm.reset.mail.subject=Change your password >>>> cas.authn.pm.reset.mail.cc= >>>> cas.authn.pm.reset.mail.bcc= >>>> cas.authn.pm.reset.mail.attributeName=primaryMail >>>> >>>> # CHANGE PASSWORD LDAP CONNECTION >>>> cas.authn.pm.ldap.type=GENERIC >>>> cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389 >>>> cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country >>>> cas.authn.pm.ldap.bindCredential=xxxxxxxxxxx >>>> cas.authn.pm.ldap.poolPassivator=BIND >>>> cas.authn.pm.ldap.connectionStrategy=DEFAULT >>>> >>>> cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider >>>> cas.authn.pm.ldap.connectTimeout=PT5S >>>> cas.authn.pm.ldap.minPoolSize=3 >>>> cas.authn.pm.ldap.maxPoolSize=10 >>>> cas.authn.pm.ldap.idleTime=PT10M >>>> cas.authn.pm.ldap.useSsl=false >>>> cas.authn.pm.ldap.useStartTls=false >>>> cas.authn.pm.ldap.responseTimeout=PT5S >>>> cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country >>>> cas.authn.pm.ldap.subtreeSearch=true >>>> cas.authn.pm.ldap.searchFilter=username={user} >>>> >>>> # LDAP PASSWORD POLICY >>>> cas.authn.ldap[0].passwordPolicy.enabled=true >>>> cas.authn.ldap[0].passwordPolicy.type=GENERIC >>>> >>>> cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException >>>> cas.authn.ldap[0].passwordPolicy.loginFailures=5 >>>> cas.authn.ldap[0].passwordPolicy.warningAttributeValue= >>>> cas.authn.ldap[0].passwordPolicy.warningAttributeName= >>>> cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true >>>> cas.authn.ldap[0].passwordPolicy.warnAll=true >>>> cas.authn.ldap[0].passwordPolicy.warningDays=30 >>>> cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true >>>> cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT >>>> >>>> # TOKEN MANAGEMENT >>>> authn.passwordless.accounts.expireInSeconds=180 >>>> >>>> >>>> This configuration allows a "Reset your Password" link at login page, >>>> that shows a login form where you can identify a user name and submit the >>>> form. This action is making CAS to search for the user email in Ldap, and >>>> sends a reset password email, with a encoded link that is not working, just >>>> redirects to the usual login page. >>>> >>>> The next step that we are doing, is enabling the dependency for >>>> passwordless, but as we load this new cas.war, the normal login page is >>>> changed with a form where you can just write a user and submit form, that >>>> is not working. >>>> >>>> <dependency> >>>> <groupId>org.apereo.cas</groupId> >>>> <artifactId>cas-server-support-passwordless</artifactId> >>>> <version>${cas.version}</version> >>>> </dependency> >>>> >>>> >>>> Can someone tell us how to enable change password and reset password >>>> configuracion/flows? >>>> >>>> >>>> Thanks, >>>> >>>> >>>> >>>> >>>> >>>> El martes, 9 de octubre de 2018, 14:32:25 (UTC+2), Ramesh Ramaiah >>>> escribió: >>>>> >>>>> >>>>> Hi, >>>>> >>>>> I'm using CAS5.3 version and LDAP for user creating and access. My >>>>> problem is If a end user want to change their CAS password voluntarily >>>>> means, how we do this. Is there any option for that ? >>>>> >>>>> Also end user want to use the Forget password. Please post your >>>>> reply, If you have any ideas for this 2 problems ? >>>>> >>>>> Thanks for Advance. >>>>> >>>>> Thank you. >>>>> Ramesh.R >>>>> >>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+u...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/acd97b70-566c-4f1a-ad7a-fcde5bdd63db%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/acd97b70-566c-4f1a-ad7a-fcde5bdd63db%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6492d59f-d667-4f09-8409-2d3a2237c943%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6492d59f-d667-4f09-8409-2d3a2237c943%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAE5VfR1dEg3isp2UXEsfV_8BN5ZvJdUh83a43oAiuZ0WhPeABQ%40mail.gmail.com.
