CAS 5.3.6 - Password Reset - Active Directory

[Michał Zań]

Hey,

I have a problem sending notifications when changing a user's password. Why send by SMS?

Error:

2019-06-19 12:44:07,314 WARN [org.apereo.cas.util.io.CommunicationsManager] - <CAS is unable to send tokens via sms messages given no settings are defined to account for sms providers, etc>

2019-06-19 12:44:07,319 WARN [org.apereo.cas.pm.web.flow.actions.SendPasswordResetInstructionsAction] - <No recipient is provided>

My configuration:

###################################################################

#       RESET HASŁA                                               #

###################################################################

###################### Powiadomienia mailowe

spring.mail.host=smtp.gmail.com

spring.mail.port=587

spring.mail.username=XXXXXXX

spring.mail.password=XXXXXX

spring.mail.testConnection=true

spring.mail.properties.mail.smtp.auth=true

spring.mail.properties.mail.smtp.starttls.enable=true

${configurationKey}.mail.from=XXXXX

${configurationKey}.mail.text=Reset your password with this link: %s

${configurationKey}.mail.subject=Password Reset Request

#cas.authn.pm.ldapmail.cc=

#cas.authn.pm.ldap.bcc=

${configurationKey}.mail.attributeName=mail

###################### Zmiana hasła

cas.authn.pm.enabled=true

# Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character

cas.authn.pm.policyPattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%*?&])[A-Za-z\\d$@$!%*?&]{8,10}

cas.authn.pm.reset.expirationMinutes=5

cas.authn.pm.reset.securityQuestionsEnabled=false

# Automatically log in after successful password change

cas.authn.pm.autoLogin=false

cas.authn.pm.ldap.type=AD

#cas.authn.pm.ldap.usernameAttribute=sAMAccountName

#cas.authn.pm.ldap.searchFilterUsername=userPrincipalName={user}

cas.authn.pm.ldap.ldapUrl=ldap://XXXXXX

cas.authn.pm.ldap.useSsl=false

cas.authn.pm.ldap.baseDn=ou=XXX,dc=XXX

cas.authn.pm.ldap.searchFilter=(sAMAccountName={user})

cas.authn.pm.ldap.bindDn=XXX@XXXX

cas.authn.pm.ldap.bindCredential=XXXXX

[Riley Wills]

Michal,

The sms warning message from org.apereo.cas.util.io.CommunicationsManager won't stop your notifications from being sent. This warning message originates from CommunicationsManager's validate method checking for SMS configuration properties.

Your notifications are not sending because the user's email address could not be found. You can check out https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties.html#password-management which mentions that email notification settings for password reset are defined under the cas.authn.pm.reset configuration key. You can find email notification configuration properties at https://apereo.github.io/cas/5.3.x/installation/Configuration-Properties-Common.html#email-notifications

The following configuration property would specify the attribute to fetch for the email address value from your LDAP Password Management source:

cas.authn.pm.reset.mail.attributeName=mail

[Michał Zań]

Thank you very much for information. I know more.

Now I have this error:

2019-06-24 12:32:26,190 WARN [org.apereo.cas.pm.config.PasswordManagementConfiguration] - <No storage service (LDAP, Database, etc) is configured to handle the account update and password servic

e operations. Password management functionality will have no effect and will be disabled until a storage service is configured. To explicitly disable the password management functionality, add '

cas.authn.pm.enabled=false' to the CAS configuration>

My settings:

###################################################################

#       RESET HASŁA                                               #

###################################################################

###################### Powiadomienia mailowe - treść wiadomości

cas.authn.pm.reset.mail.from=XXXXX@XXXXX

cas.authn.pm.reset.mail.text=Reset your password with this link: %s

cas.authn.pm.reset.mail.subject=Password Reset Request

#cas.authn.pm.ldapmail.cc=

#cas.authn.pm.ldap.bcc=

cas.authn.pm.reset.mail.attributeName=mail

###################### Powiadomienia mailowe - ustawienia konta

spring.mail.host=XXXXX

spring.mail.port=587

spring.mail.username=XXXXX@XXXXX

spring.mail.password=XXXXX

spring.mail.testConnection=true

spring.mail.properties.mail.smtp.auth=true

spring.mail.properties.mail.smtp.starttls.enable=true

###################### Zmiana hasła

cas.authn.pm.enabled=true

# Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character

cas.authn.pm.policyPattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%*?&])[A-Za-z\\d$@$!%*?&]{8,10}

cas.authn.pm.reset.expirationMinutes=5

cas.authn.pm.reset.securityQuestionsEnabled=false

# Automatically log in after successful password change

cas.authn.pm.autoLogin=false

###################### Połączenie do AD

cas.authn.pm.ldap.type=AD

#cas.authn.pm.ldap.usernameAttribute=sAMAccountName

#cas.authn.pm.ldap.searchFilterUsername=(sAMAccountName={user})

cas.authn.pm.ldap.ldapUrl=ldap://XXXXX

cas.authn.pm.ldap.useSsl=false

cas.authn.pm.ldap.baseDn=ou=XXXXX,dc=XXXXX,dc=XXXXX

cas.authn.pm.ldap.searchFilter=(sAMAccountName={user})

cas.authn.pm.ldap.bindDn=XXXXX@XXXXXL

cas.authn.pm.ldap.bindCredential=XXXXX

## Klucze do szyfrowania

cas.authn.pm.reset.crypto.encryption.key= XXXXX

cas.authn.pm.reset.crypto.signing.key= XXXXX