CAS 6.4.0-RC5 (and earlier) Forgot Username failure

184 views
Skip to first unread message

Chris Durham

unread,
Jun 20, 2021, 12:49:02 AM6/20/21
to CAS Community
We are trying to use the new Password Management functionality in 6.4.0 (with JDBC) and facing a few issues.

When we submit the email for the user we get the following lines in the logs

WARN [org.apereo.cas.authentication.principal.resolvers.ChainingPrincipalResolver] - <None of the principal resolvers in the chain were able to produce a principal>

We have the following settings in our properties files

cas.authn.pm.jdbc.sql-find-email=SELECT email FROM user WHERE username = ?

cas.authn.pm.jdbc.sql-find-phone=SELECT phone FROM user WHERE username = ?

cas.authn.pm.jdbc.sql-find-user=SELECT username FROM user WHERE email = ? limit 1

In our resultant email the only attribute that is added is "email" which is the one thing that the user already knows :). We don't get a principal or a username.

Trying to read my way through the code in SendForgotUsernameInstructionsAction

locateUserAndProcess gets the username from PasswordManagementService.findUsername(query)

but sendForgotUsernameEmailToAccount builds the credentials with query.getUsername() - but surely username isn't in Query - otherwise locateUserAndProcess could have done the same thing?

I can see this changed in the 'refactor apis for pswd mgmt' in Feb 2021 - but can't see how username is supposed to get into query...

One thing that is additionally slightly annoying here is that in our case multiple usernames could be associated with a single email address and it would be nice to tell the user all of them.

Also for us it would be great if we could get information about the requesting service in the email to tailor the email even further.

Chris Durham

unread,
Jun 30, 2021, 4:47:23 PM6/30/21
to CAS Community, Chris Durham
Just wondering if anyone else has any issues in getting the username to appear in the email template for Forgot Username in CAS 6.4.0 RC5

Joseph Methot

unread,
Nov 29, 2021, 9:16:23 AM11/29/21
to CAS Community, Chris Durham
Hi Chris,

I'm trying to configure the Forgot username feature in CAS 6.4.3 and I have the same behaviour, the email contains the email address instead of the username... Did you find a solution for this problem?

Thank you!

Joseph

Sem van den Broek

unread,
Dec 14, 2021, 4:59:37 PM12/14/21
to CAS Community, joseph...@gmail.com, ch...@stourwalk.co.uk
Hi all,

I was struggling with this feature as well in CAS 6.4.3 and I sometimes got it working and sometimes not. It seemed to be related to the user previously having been logged in before attempting a username request. That seemed to make a difference but I want it to work all the time even when users have not yet logged in. It seems like the login caches some of the principal attributes so that the lookup succeeds, but I am unaware of the actual internals that manage this. The password reset has the same problems, and it also only seems to work after a user has been logged in.

Might this have something to do with manually defining a principal resolver? How would we solve this (with LDAP in my case)?

Thanks!

Sem

Reply all
Reply to author
Forward
0 new messages