LPPE password expirying soon webflow
King, Robert
Looking to see if anyone has experience with this use case.
· CAS 6.3.x from cas-overlay-template
· LDAP with LPPE enabled
· custom account management application (service using CAS for authentication)
· When a users password has less then 30 days left to expiry, the LPPE triggers the interrupt webflow that loads casLoginMessageView.html for “Authentication Succeeded with Warnings”
· We customized templates/casLoginMessageView.html to add a button that links to our custom account management application
·
When a near expiry user logs in, they are presented with the following UI
· At this point the TGT is created in the ticket registry, but no TGC in the client browser
· If the user clicks “continue” the TGC is set, establishing the session in the client browser
· If the user clicks “change password”, since TGC is not set, the session is never valid and so sends the user into a “loop” where they go back to the cas/login because no TGC is set in the client browser
With interrupt notifications there is a way to configure “ssoEnabled: true”, which I think would resolve this issue. Does any such webflow option exist for the “Authentication Succeded with Warnings”?
King, Robert
Unfortunately no. The “fix” was to remove the link to the password self-service application and hope that our users are motivated enough to find their own way to the password self-service application.
From: Timothy Hansen <tha...@apu.edu>
Sent: Monday, August 29, 2022 2:16 PM
To: CAS Community <cas-...@apereo.org>
Cc: King, Robert <ro...@mun.ca>
Subject: [EXTERNAL SENDER] Re: LPPE password expirying soon webflow
I just discovered this problem in 6.5.x as I was attempting to implement the same thing in our environment. Where you ever able to discover a workaround?
