[cas-user] Re: CAS Forget password & Change Password Options
Hello,
We have the same problem. Also using CAS v5.3 connected to Ldap for user
access. These are the steps we have taken to use the Forget Password, but
no idea how to enable user change password. See if someone can help us to
finish configuration. We would like to have one link for a voluntary change
password action an another link for reset/forget password.
Added dependency:
org.apereo.cas
cas-server-support-pm-ldap
${cas.version}
Configured in cas.properties:
# EMAIL SERVER
spring.mail.host=smtp.office365.com
spring.mail.port=587
spring.mail.username=xx
spring.mail.password=xx
spring.mail.testConnection=true
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
# PASSWORD MANAGEMENT
cas.authn.pm.enabled=true
cas.authn.pm.reset.expirationMinutes=3
cas.authn.pm.reset.securityQuestionsEnabled=false
cas.authn.pm.autoLogin=false
# CHANGE PASSWORD EMAILS
cas.authn.pm.reset.mail.from=u...@email.com
cas.authn.pm.reset.mail.text=email text, reset your password %s
cas.authn.pm.reset.mail.subject=Change your password
cas.authn.pm.reset.mail.cc=
cas.authn.pm.reset.mail.bcc=
cas.authn.pm.reset.mail.attributeName=primaryMail
# CHANGE PASSWORD LDAP CONNECTION
cas.authn.pm.ldap.type=GENERIC
cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
cas.authn.pm.ldap.bindCredential=xxx
cas.authn.pm.ldap.poolPassivator=BIND
cas.authn.pm.ldap.connectionStrategy=DEFAULT
cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.pm.ldap.connectTimeout=PT5S
cas.authn.pm.ldap.minPoolSize=3
cas.authn.pm.ldap.maxPoolSize=10
cas.authn.pm.ldap.idleTime=PT10M
cas.authn.pm.ldap.useSsl=false
cas.authn.pm.ldap.useStartTls=false
cas.authn.pm.ldap.responseTimeout=PT5S
cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
cas.authn.pm.ldap.subtreeSearch=true
cas.authn.pm.ldap.searchFilter=username={user}
# LDAP PASSWORD POLICY
cas.authn.ldap[0].passwordPolicy.enabled=true
cas.authn.ldap[0].passwordPolicy.type=GENERIC
cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
cas.authn.ldap[0].passwordPolicy.loginFailures=5
cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
cas.authn.ldap[0].passwordPolicy.warningAttributeName=
cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
cas.authn.ldap[0].passwordPolicy.warnAll=true
cas.authn.ldap[0].passwordPolicy.warningDays=30
cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
# TOKEN MANAGEMENT
authn.passwordless.accounts.expireInSeconds=180
This configuration allows a "Reset your Password" link at login page, that
shows a login form where you can identify a user name and submit the form.
This action is making CAS to search for the user email in Ldap, and sends a
reset password email, with a encoded link that is not working, just
redirects to the usual login page.
The next step that we are doing, is enabling the dependency for
passwordless, but as we load this new cas.war, the normal login page is
changed with a form where you can just write a user and submit form, that
is not working.
org.apereo.cas
cas-server-support-passwordless
${cas.version}
Can someone tell us how to enable change password and reset password
configuracion/flows?
Thanks,
El martes, 9 de octubre de 2018, 14:32:25 (UTC+2), Ramesh Ramaiah escribió:
>
>
> Hi,
>
> I'm using CAS5.3 version and LDAP for user creating and access. My problem
> is If a end user want to change their CAS password voluntarily means, how
> we do this. Is there any option for that ?
>
> Also end user want to use the Forget password. Please post your reply, If
> you have any ideas for this 2 problems ?
>
> Thanks for Advance.
>
> Thank you.
> Ramesh.R
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d7620de4-c799-49cb-8a2f-789e88072e55%40apereo.org.
[cas-user] Re: CAS Forget password & Change Password Options
Hello,
We could allow the password change option from the login page using the
following link:
https://url.domain.com/cas/login?doChangePassword
Now users can voluntary follow the link, and do a password change at Ldap.
El jueves, 31 de enero de 2019, 13:08:16 (UTC+1), Eduardo Rdez escribió:
>
> Hello,
>
> We have the same problem. Also using CAS v5.3 connected to Ldap for user
> access. These are the steps we have taken to use the Forget Password, but
> no idea how to enable user change password. See if someone can help us to
> finish configuration. We would like to have one link for a voluntary change
> password action an another link for reset/forget password.
>
> Added dependency:
>
> org.apereo.cas
> cas-server-support-pm-ldap
> ${cas.version}
>
>
> Configured in cas.properties:
>
> # EMAIL SERVER
> spring.mail.host=smtp.office365.com
> spring.mail.port=587
> spring.mail.username=xx
> spring.mail.password=xx
> spring.mail.testConnection=true
> spring.mail.properties.mail.smtp.auth=true
> spring.mail.properties.mail.smtp.starttls.enable=true
>
> # PASSWORD MANAGEMENT
> cas.authn.pm.enabled=true
> cas.authn.pm.reset.expirationMinutes=3
> cas.authn.pm.reset.securityQuestionsEnabled=false
> cas.authn.pm.autoLogin=false
>
> # CHANGE PASSWORD EMAILS
> cas.authn.pm.reset.mail.from=u...@email.com
> cas.authn.pm.reset.mail.text=email text, reset your password %s
> cas.authn.pm.reset.mail.subject=Change your password
> cas.authn.pm.reset.mail.cc=
> cas.authn.pm.reset.mail.bcc=
> cas.authn.pm.reset.mail.attributeName=primaryMail
>
> # CHANGE PASSWORD LDAP CONNECTION
> cas.authn.pm.ldap.type=GENERIC
> cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
> cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
> cas.authn.pm.ldap.bindCredential=xxx
> cas.authn.pm.ldap.poolPassivator=BIND
> cas.authn.pm.ldap.connectionStrategy=DEFAULT
>
> cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
> cas.authn.pm.ldap.connectTimeout=PT5S
> cas.authn.pm.ldap.minPoolSize=3
> cas.authn.pm.ldap.maxPoolSize=10
> cas.authn.pm.ldap.idleTime=PT10M
> cas.authn.pm.ldap.useSsl=false
> cas.authn.pm.ldap.useStartTls=false
> cas.authn.pm.ldap.responseTimeout=PT5S
> cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
> cas.authn.pm.ldap.subtreeSearch=true
> cas.authn.pm.ldap.searchFilter=username={user}
>
> # LDAP PASSWORD POLICY
> cas.authn.ldap[0].passwordPolicy.enabled=true
> cas.authn.ldap[0].passwordPolicy.type=GENERIC
>
> cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
> cas.authn.ldap[0].passwordPolicy.loginFailures=5
> cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
> cas.authn.ldap[0].passwordPolicy.warningAttributeName=
> cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
> cas.authn.ldap[0].passwordPolicy.warnAll=true
> cas.authn.ldap[0].passwordPolicy.warningDays=30
> cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
> cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
>
> # TOKEN MANAGEMENT
> authn.passwordless.accounts.expireInSeconds=180
>
>
> This configuration allows a "Reset your Password" link at login page, that
> shows a login form where you can identify a user name and submit the form.
> This action is making CAS to search for the user email in Ldap, and sends a
> reset password email, with a encoded link that is not working, just
> redirects to the usual login page.
>
> The next step that we are doing, is enabling the dependency for
> passwordless, but as we load this new cas.war, the normal login page is
> changed with a form where you can just write a user and submit form, that
> is not working.
>
>
> org.apereo.cas
> cas-server-support-passwordless
> ${cas.version}
>
>
>
> Can someone tell us how to enable change password and reset password
> configuracion/flows?
>
>
> Thanks,
>
>
>
>
>
> El martes, 9 de octubre de 2018, 14:32:25 (UTC+2), Ramesh Ramaiah escribió:
>>
>>
>> Hi,
>>
>> I'm using CAS5.3 version and LDAP for user creating and access. My
>> problem is If a end user want to change their CAS password voluntarily
>> means, how we do this. Is there any option for that ?
>>
>> Also end user want to use the Forget password. Please post your reply,
>> If you have any ideas for this 2 problems ?
>>
>> Thanks for Advance.
>>
>> Thank you.
>> Ramesh.R
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/acd97b70-566c-4f1a-ad7a-fcde5bdd63db%
Re: [cas-user] Re: CAS Forget password & Change Password Options
Hello,
Do you have to use all the configuration you've discribed in your email
from the 01/31?
or juste use this link alone?
Regards,
Arnauld PEYROU
Responsable Technique et Support
Direction des Systèmes d'Information.
Inrap - 121 rue d'Alésia - 75014 Paris
Tél : 01 40 08 80 48.
www.inrap.fr
Abonnez-vous à la lettre d'information de l'Inrap :
http://www.inrap.fr/newsletter.php
Le ven. 8 mars 2019 à 10:57, Eduardo Rdez a écrit :
> Hello,
>
> We could allow the password change option from the login page using the
> following link:
>
> https://url.domain.com/cas/login?doChangePassword
>
> Now users can voluntary follow the link, and do a password change at Ldap.
>
>
>
>
>
>
>
>
> El jueves, 31 de enero de 2019, 13:08:16 (UTC+1), Eduardo Rdez escribió:
>>
>> Hello,
>>
>> We have the same problem. Also using CAS v5.3 connected to Ldap for user
>> access. These are the steps we have taken to use the Forget Password, but
>> no idea how to enable user change password. See if someone can help us to
>> finish configuration. We would like to have one link for a voluntary change
>> password action an another link for reset/forget password.
>>
>> Added dependency:
>>
>> org.apereo.cas
>> cas-server-support-pm-ldap
>> ${cas.version}
>>
>>
>> Configured in cas.properties:
>>
>> # EMAIL SERVER
>> spring.mail.host=smtp.office365.com
>> spring.mail.port=587
>> spring.mail.username=xx
>> spring.mail.password=xx
>> spring.mail.testConnection=true
>> spring.mail.properties.mail.smtp.auth=true
>> spring.mail.properties.mail.smtp.starttls.enable=true
>>
>> # PASSWORD MANAGEMENT
>> cas.authn.pm.enabled=true
>> cas.authn.pm.reset.expirationMinutes=3
>> cas.authn.pm.reset.securityQuestionsEnabled=false
>> cas.authn.pm.autoLogin=false
>>
>> # CHANGE PASSWORD EMAILS
>> cas.authn.pm.reset.mail.from=u...@email.com
>> cas.authn.pm.reset.mail.text=email text, reset your password %s
>> cas.authn.pm.reset.mail.subject=Change your password
>> cas.authn.pm.reset.mail.cc=
>> cas.authn.pm.reset.mail.bcc=
>> cas.authn.pm.reset.mail.attributeName=primaryMail
>>
>> # CHANGE PASSWORD LDAP CONNECTION
>> cas.authn.pm.ldap.type=GENERIC
>> cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
>> cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
>> cas.authn.pm.ldap.bindCredential=xxx
>> cas.authn.pm.ldap.poolPassivator=BIND
>> cas.authn.pm.ldap.connectionStrategy=DEFAULT
>>
>> cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>> cas.authn.pm.ldap.connectTimeout=PT5S
>> cas.authn.pm.ldap.minPoolSize=3
>> cas.authn.pm.ldap.maxPoolSize=10
>> cas.authn.pm.ldap.idleTime=PT10M
>> cas.authn.pm.ldap.useSsl=false
>> cas.authn.pm.ldap.useStartTls=false
>> cas.authn.pm.ldap.responseTimeout=PT5S
>> cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
>> cas.authn.pm.ldap.subtreeSearch=true
>> cas.authn.pm.ldap.searchFilter=username={user}
>>
>> # LDAP PASSWORD POLICY
>> cas.authn.ldap[0].passwordPolicy.enabled=true
>> cas.authn.ldap[0].passwordPolicy.type=GENERIC
>>
>> cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
>> cas.authn.ldap[0].passwordPolicy.loginFailures=5
>> cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
>> cas.authn.ldap[0].passwordPolicy.warningAttributeName=
>> cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
>> cas.authn.ldap[0].passwordPolicy.warnAll=true
>> cas.authn.ldap[0].passwordPolicy.warningDays=30
>> cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
>> cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
>>
>> # TOKEN MANAGEMENT
>> authn.passwordless.accounts.expireInSeconds=180
>>
>>
>> This configuration allows a "Reset your Password" link at login page,
>> that shows a login form where you can identify a user name and submit the
>> form. This action is making CAS to search for the user email in Ldap, and
>> sends a reset password email, with a encoded link that is not working, just
>> redirects to the usual login page.
>>
>> The next step that we are doing, is enabling the dependency for
>> passwordless, but as we load this new cas.war, the normal login page is
>> changed with a form where you can just write a user and submit form, that
>> is not working.
>>
>>
>> org.apereo.cas
>> cas-server-support-passwordless
>> ${cas.version}
>>
>>
>>
>> Can someone tell us how to enable change password and reset password
>> configuracion/flows?
>>
>>
>> Thanks,
>>
>>
>>
>>
>>
>> El martes, 9 de octubre de 2018, 14:32:25 (UTC+2), Ramesh Ramaiah
>> escribió:
>>>
>>>
>>> Hi,
>>>
>>> I'm using CAS5.3 version and LDAP for user creating and access. My
>>> problem is If a end user want to change their CAS password voluntarily
>>> means, how we do this. Is there any option for that ?
>>>
>>> Also end user want to use the Forget password. Please post your reply,
>>> If you have any ideas for this 2 problems ?
>>>
>>> Thanks for Advanc
Re: [cas-user] Re: CAS Forget password & Change Password Options
Hello,
Not sure because we were working at the same time in change password link
and opt tokens sent by email. The change password link is working but
still working on otp tokens. Try to answer, please do some tests in yout
environment.
Think we added these sections for change password link. The connection to
Ldap, allow the password management and the password policy. Also remember
to add the password policy pattern:
# Minimum 8 and Maximum 10 characters at least 1 Lowercase Alphabet first,
1 Uppercase Alphabet, 1 Number and 1 Special Character from the list
$@$!%.#*?&
cas.authn.pm.policyPattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%.#*?&])[A-Za-z\\d$@$!%.#*?&]{8,10}$
# PASSWORD MANAGEMENT
cas.authn.pm.enabled=true
cas.authn.pm.reset.expirationMinutes=3
cas.authn.pm.reset.securityQuestionsEnabled=false
cas.authn.pm.autoLogin=false
# CHANGE PASSWORD LDAP CONNECTION
cas.authn.pm.ldap.type=GENERIC
cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
cas.authn.pm.ldap.bindCredential=xxx
cas.authn.pm.ldap.poolPassivator=BIND
cas.authn.pm.ldap.connectionStrategy=DEFAULT
cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.pm.ldap.connectTimeout=PT5S
cas.authn.pm.ldap.minPoolSize=3
cas.authn.pm.ldap.maxPoolSize=10
cas.authn.pm.ldap.idleTime=PT10M
cas.authn.pm.ldap.useSsl=false
cas.authn.pm.ldap.useStartTls=false
cas.authn.pm.ldap.responseTimeout=PT5S
cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
cas.authn.pm.ldap.subtreeSearch=true
cas.authn.pm.ldap.searchFilter=username={user}
# LDAP PASSWORD POLICY
cas.authn.ldap[0].passwordPolicy.enabled=true
cas.authn.ldap[0].passwordPolicy.type=GENERIC
cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
cas.authn.ldap[0].passwordPolicy.loginFailures=5
cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
cas.authn.ldap[0].passwordPolicy.warningAttributeName=
cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
cas.authn.ldap[0].passwordPolicy.warnAll=true
cas.authn.ldap[0].passwordPolicy.warningDays=30
cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
El lunes, 11 de marzo de 2019, 8:53:24 (UTC+1), Arnauld Peyrou escribió:
>
> Hello,
>
> Do you have to use all the configuration you've discribed in your email
> from the 01/31?
> or juste use this link alone?
>
> Regards,
>
> Arnauld PEYROU
> Responsable Technique et Support
> Direction des Systèmes d'Information.
> Inrap - 121 rue d'Alésia - 75014 Paris
> Tél : 01 40 08 80 48.
> www.inrap.fr
> Abonnez-vous à la lettre d'information de l'Inrap :
> http://www.inrap.fr/newsletter.php
>
>
> Le ven. 8 mars 2019 à 10:57, Eduardo Rdez > a écrit :
>
>> Hello,
>>
>> We could allow the password change option from the login page using the
>> following link:
>>
>> https://url.domain.com/cas/login?doChangePassword
>>
>> Now users can voluntary follow the link, and do a password change at Ldap.
>>
>>
>>
>>
>>
>>
>>
>>
>> El jueves, 31 de enero de 2019, 13:08:16 (UTC+1), Eduardo Rdez escribió:
>>>
>>> Hello,
>>>
>>> We have the same problem. Also using CAS v5.3 connected to Ldap for user
>>> access. These are the steps we have taken to use the Forget Password, but
>>> no idea how to enable user change password. See if someone can help us to
>>> finish configuration. We would like to have one link for a voluntary change
>>> password action an another link for reset/forget password.
>>>
>>> Added dependency:
>>>
>>> org.apereo.cas
>>> cas-server-support-pm-ldap
>>> ${cas.version}
>>>
>>>
>>> Configured in cas.properties:
>>>
>>> # EMAIL SERVER
>>> spring.mail.host=smtp.office365.com
>>> spring.mail.port=587
>>> spring.mail.username=xx
>>> spring.mail.password=xx
>>> spring.mail.testConnection=true
>>> spring.mail.properties.mail.smtp.auth=true
>>> spring.mail.properties.mail.smtp.starttls.enable=true
>>>
>>> # PASSWORD MANAGEMENT
>>> cas.authn.pm.enabled=true
>>> cas.authn.pm.reset.expirationMinutes=3
>>> cas.authn.pm.reset.securityQuestionsEnabled=false
>>> cas.authn.pm.autoLogin=false
>>>
>>> # CHANGE PASSWORD EMAILS
>>> cas.authn.pm.reset.mail.from=u...@email.com
>>> cas.authn.pm.reset.mail.text=email text, reset your password %s
>>> cas.authn.pm.reset.mail.subject=Change your password
>>> cas.authn.pm.reset.mail.cc=
>>> cas.authn.pm.reset.mail.bcc=
>>> cas.authn.pm.reset.mail.attributeName=primaryMail
>>>
>>> # CHANGE PASSWORD LDAP CONNECTION
>>> cas.authn.pm.ldap.type=GENERIC
>>> cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
>>> cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
>>> cas.authn.pm.ldap.bindCredential=xxx
>>> cas.authn.pm.ldap.poolPassivator=BIND
>>> cas.authn.pm.ldap.connectionStrategy=DEFAULT
>>>
>>> cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.Unboun
Re: [cas-user] Re: CAS Forget password & Change Password Options
Thank you for your answer.
I've tried your configuraiton (with our's specification)
But i don't understand which page use or link to reset password.
I've only one link to change password on the login page..
i've tried your link adapted :
https://url.domain.com/cas/login?doChangePassword
but it's always rediected us to the login page
Cordialement,
Arnauld PEYROU
Responsable Technique et Support
Direction des Systèmes d'Information.
Inrap - 121 rue d'Alésia - 75014 Paris
Tél : 01 40 08 80 48.
www.inrap.fr
Abonnez-vous à la lettre d'information de l'Inrap :
http://www.inrap.fr/newsletter.php
Le lun. 11 mars 2019 à 10:24, Eduardo Rdez a écrit :
> Hello,
>
> Not sure because we were working at the same time in change password link
> and opt tokens sent by email. The change password link is working but
> still working on otp tokens. Try to answer, please do some tests in yout
> environment.
>
> Think we added these sections for change password link. The connection to
> Ldap, allow the password management and the password policy. Also remember
> to add the password policy pattern:
>
> # Minimum 8 and Maximum 10 characters at least 1 Lowercase Alphabet first,
> 1 Uppercase Alphabet, 1 Number and 1 Special Character from the list
> $@$!%.#*?&
>
> cas.authn.pm.policyPattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%.#*?&])[A-Za-z\\d$@$!%.#*?&]{8,10}$
>
> # PASSWORD MANAGEMENT
> cas.authn.pm.enabled=true
> cas.authn.pm.reset.expirationMinutes=3
> cas.authn.pm.reset.securityQuestionsEnabled=false
> cas.authn.pm.autoLogin=false
>
> # CHANGE PASSWORD LDAP CONNECTION
> cas.authn.pm.ldap.type=GENERIC
> cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
> cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
> cas.authn.pm.ldap.bindCredential=xxx
> cas.authn.pm.ldap.poolPassivator=BIND
> cas.authn.pm.ldap.connectionStrategy=DEFAULT
>
> cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
> cas.authn.pm.ldap.connectTimeout=PT5S
> cas.authn.pm.ldap.minPoolSize=3
> cas.authn.pm.ldap.maxPoolSize=10
> cas.authn.pm.ldap.idleTime=PT10M
> cas.authn.pm.ldap.useSsl=false
> cas.authn.pm.ldap.useStartTls=false
> cas.authn.pm.ldap.responseTimeout=PT5S
> cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
> cas.authn.pm.ldap.subtreeSearch=true
> cas.authn.pm.ldap.searchFilter=username={user}
>
>
> # LDAP PASSWORD POLICY
> cas.authn.ldap[0].passwordPolicy.enabled=true
> cas.authn.ldap[0].passwordPolicy.type=GENERIC
>
> cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
> cas.authn.ldap[0].passwordPolicy.loginFailures=5
> cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
> cas.authn.ldap[0].passwordPolicy.warningAttributeName=
> cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
> cas.authn.ldap[0].passwordPolicy.warnAll=true
> cas.authn.ldap[0].passwordPolicy.warningDays=30
> cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
> cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
>
> El lunes, 11 de marzo de 2019, 8:53:24 (UTC+1), Arnauld Peyrou escribió:
>>
>> Hello,
>>
>> Do you have to use all the configuration you've discribed in your email
>> from the 01/31?
>> or juste use this link alone?
>>
>> Regards,
>>
>> Arnauld PEYROU
>> Responsable Technique et Support
>> Direction des Systèmes d'Information.
>> Inrap - 121 rue d'Alésia - 75014 Paris
>> Tél : 01 40 08 80 48.
>> www.inrap.fr
>> Abonnez-vous à la lettre d'information de l'Inrap :
>> http://www.inrap.fr/newsletter.php
>>
>>
>> Le ven. 8 mars 2019 à 10:57, Eduardo Rdez a écrit :
>>
>>> Hello,
>>>
>>> We could allow the password change option from the login page using the
>>> following link:
>>>
>>> https://url.domain.com/cas/login?doChangePassword
>>>
>>> Now users can voluntary follow the link, and do a password change at
>>> Ldap.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> El jueves, 31 de enero de 2019, 13:08:16 (UTC+1), Eduardo Rdez escribió:
Hello,
We have the same problem. Also using CAS v5.3 connected to Ldap for
user access. These are the steps we have taken to use the Forget Password,
but no idea how to enable user change password. See if someone can help us
to finish configuration. We would like to have one link for a voluntary
change password action an another link for reset/forget password.
Added dependency:
org.apereo.cas
cas-server-support-pm-ldap
${cas.version}
Configured in cas.properties:
# EMAIL SERVER
spring.mail.host=smtp.office365.com
spring.mail.port=587
spring.mail.username=xx
spring.mail.password=xx
spring.mail.testConnection=true
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
# PASSWORD MANAGEMENT
cas.authn.pm.enabled=true
cas.authn.pm.reset.expirationMinutes=3
>>>
Re: [cas-user] Re: CAS Forget password & Change Password Options
Yes, think you are on the way,
doesn't show you a checkbox whith the text "Chage Password"
Like the one in the image:
Any error message at the application server where you developed cas.war?
tomcat? catalina.out?
El viernes, 15 de marzo de 2019, 12:15:44 (UTC+1), Arnauld Peyrou escribió:
>
> Thank you for your answer.
>
> I've tried your configuraiton (with our's specification)
> But i don't understand which page use or link to reset password.
>
> I've only one link to change password on the login page..
> i've tried your link adapted :
> https://url.domain.com/cas/login?doChangePassword
>
> but it's always rediected us to the login page
> Cordialement,
>
> Arnauld PEYROU
> Responsable Technique et Support
> Direction des Systèmes d'Information.
> Inrap - 121 rue d'Alésia - 75014 Paris
> Tél : 01 40 08 80 48.
> www.inrap.fr
> Abonnez-vous à la lettre d'information de l'Inrap :
> http://www.inrap.fr/newsletter.php
>
>
> Le lun. 11 mars 2019 à 10:24, Eduardo Rdez > a écrit :
>
>> Hello,
>>
>> Not sure because we were working at the same time in change password link
>> and opt tokens sent by email. The change password link is working but
>> still working on otp tokens. Try to answer, please do some tests in yout
>> environment.
>>
>> Think we added these sections for change password link. The connection to
>> Ldap, allow the password management and the password policy. Also remember
>> to add the password policy pattern:
>>
>> # Minimum 8 and Maximum 10 characters at least 1 Lowercase Alphabet
>> first, 1 Uppercase Alphabet, 1 Number and 1 Special Character from the list
>> $@$!%.#*?&
>>
>> cas.authn.pm.policyPattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%.#*?&])[A-Za-z\\d$@$!%.#*?&]{8,10}$
>>
>> # PASSWORD MANAGEMENT
>> cas.authn.pm.enabled=true
>> cas.authn.pm.reset.expirationMinutes=3
>> cas.authn.pm.reset.securityQuestionsEnabled=false
>> cas.authn.pm.autoLogin=false
>>
>> # CHANGE PASSWORD LDAP CONNECTION
>> cas.authn.pm.ldap.type=GENERIC
>> cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
>> cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
>> cas.authn.pm.ldap.bindCredential=xxx
>> cas.authn.pm.ldap.poolPassivator=BIND
>> cas.authn.pm.ldap.connectionStrategy=DEFAULT
>>
>> cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
>> cas.authn.pm.ldap.connectTimeout=PT5S
>> cas.authn.pm.ldap.minPoolSize=3
>> cas.authn.pm.ldap.maxPoolSize=10
>> cas.authn.pm.ldap.idleTime=PT10M
>> cas.authn.pm.ldap.useSsl=false
>> cas.authn.pm.ldap.useStartTls=false
>> cas.authn.pm.ldap.responseTimeout=PT5S
>> cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
>> cas.authn.pm.ldap.subtreeSearch=true
>> cas.authn.pm.ldap.searchFilter=username={user}
>>
>>
>> # LDAP PASSWORD POLICY
>> cas.authn.ldap[0].passwordPolicy.enabled=true
>> cas.authn.ldap[0].passwordPolicy.type=GENERIC
>>
>> cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
>> cas.authn.ldap[0].passwordPolicy.loginFailures=5
>> cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
>> cas.authn.ldap[0].passwordPolicy.warningAttributeName=
>> cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
>> cas.authn.ldap[0].passwordPolicy.warnAll=true
>> cas.authn.ldap[0].passwordPolicy.warningDays=30
>> cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
>> cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
>>
>> El lunes, 11 de marzo de 2019, 8:53:24 (UTC+1), Arnauld Peyrou escribió:
>>>
>>> Hello,
>>>
>>> Do you have to use all the configuration you've discribed in your email
>>> from the 01/31?
>>> or juste use this link alone?
>>>
>>> Regards,
>>>
>>> Arnauld PEYROU
>>> Responsable Technique et Support
>>> Direction des Systèmes d'Information.
>>> Inrap - 121 rue d'Alésia - 75014 Paris
>>> Tél : 01 40 08 80 48.
>>> www.inrap.fr
>>> Abonnez-vous à la lettre d'information de l'Inrap :
>>> http://www.inrap.fr/newsletter.php
>>>
>>>
>>> Le ven. 8 mars 2019 à 10:57, Eduardo Rdez a écrit :
>>>
Hello,
We could allow the password change option from the login page using the
following link:
https://url.domain.com/cas/login?doChangePassword
Now users can voluntary follow the link, and do a password change at
Ldap.
El jueves, 31 de enero de 2019, 13:08:16 (UTC+1), Eduardo Rdez escribió:
>
> Hello,
>
> We have the same problem. Also using CAS v5.3 connected to Ldap for
> user access. These are the steps we have taken to use the Forget
> Password,
> but no idea how to enable user change password. See if someone can help
> us
> to finish configuration. We would like to have one link for a voluntary
> change password action an another link for reset/forget password.
>
> Added dependency:
>
> org.apereo.cas
> cas-server-support-pm-ldap
>
