CAS Forget password & Change Password Options
250 views
Skip to first unread message
Ramesh Ramaiah
Oct 9, 2018, 8:32:25 AM10/9/18
to CAS Community
Hi,
I'm using CAS5.3 version and LDAP for user creating and access. My problem is If a end user want to change their CAS password voluntarily means, how we do this. Is there any option for that ?
Also end user want to use the Forget password. Please post your reply, If you have any ideas for this 2 problems ?
Thanks for Advance.
Thank you.
Ramesh.R
Eduardo Rdez
Jan 31, 2019, 7:08:16 AM1/31/19
to CAS Community
Hello,
We have the same problem. Also using CAS v5.3 connected to Ldap for user access. These are the steps we have taken to use the Forget Password, but no idea how to enable user change password. See if someone can help us to finish configuration. We would like to have one link for a voluntary change password action an another link for reset/forget password.
Added dependency:
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pm-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
Configured in cas.properties:
# EMAIL SERVER
spring.mail.host=smtp.office365.com
spring.mail.port=587
spring.mail.username=xxxxxxxxxxxxxx
spring.mail.password=xxxxxxxxxxxxxx
spring.mail.testConnection=true
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
# PASSWORD MANAGEMENT
cas.authn.pm.enabled=true
cas.authn.pm.reset.expirationMinutes=3
cas.authn.pm.reset.securityQuestionsEnabled=false
cas.authn.pm.autoLogin=false
# CHANGE PASSWORD EMAILS
cas.authn.pm.reset.mail.from=us...@email.com
cas.authn.pm.reset.mail.text=email text, reset your password %s
cas.authn.pm.reset.mail.subject=Change your password
cas.authn.pm.reset.mail.cc=
cas.authn.pm.reset.mail.bcc=
cas.authn.pm.reset.mail.attributeName=primaryMail
# CHANGE PASSWORD LDAP CONNECTION
cas.authn.pm.ldap.type=GENERIC
cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
cas.authn.pm.ldap.bindCredential=xxxxxxxxxxx
cas.authn.pm.ldap.poolPassivator=BIND
cas.authn.pm.ldap.connectionStrategy=DEFAULT
cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.pm.ldap.connectTimeout=PT5S
cas.authn.pm.ldap.minPoolSize=3
cas.authn.pm.ldap.maxPoolSize=10
cas.authn.pm.ldap.idleTime=PT10M
cas.authn.pm.ldap.useSsl=false
cas.authn.pm.ldap.useStartTls=false
cas.authn.pm.ldap.responseTimeout=PT5S
cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
cas.authn.pm.ldap.subtreeSearch=true
cas.authn.pm.ldap.searchFilter=username={user}
# LDAP PASSWORD POLICY
cas.authn.ldap[0].passwordPolicy.enabled=true
cas.authn.ldap[0].passwordPolicy.type=GENERIC
cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
cas.authn.ldap[0].passwordPolicy.loginFailures=5
cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
cas.authn.ldap[0].passwordPolicy.warningAttributeName=
cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
cas.authn.ldap[0].passwordPolicy.warnAll=true
cas.authn.ldap[0].passwordPolicy.warningDays=30
cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
# TOKEN MANAGEMENT
authn.passwordless.accounts.expireInSeconds=180
This configuration allows a "Reset your Password" link at login page, that shows a login form where you can identify a user name and submit the form. This action is making CAS to search for the user email in Ldap, and sends a reset password email, with a encoded link that is not working, just redirects to the usual login page.
The next step that we are doing, is enabling the dependency for passwordless, but as we load this new cas.war, the normal login page is changed with a form where you can just write a user and submit form, that is not working.
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-passwordless</artifactId>
<version>${cas.version}</version>
</dependency>
Can someone tell us how to enable change password and reset password configuracion/flows?
We have the same problem. Also using CAS v5.3 connected to Ldap for user access. These are the steps we have taken to use the Forget Password, but no idea how to enable user change password. See if someone can help us to finish configuration. We would like to have one link for a voluntary change password action an another link for reset/forget password.
Added dependency:
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pm-ldap</artifactId>
<version>${cas.version}</version>
</dependency>
Configured in cas.properties:
# EMAIL SERVER
spring.mail.host=smtp.office365.com
spring.mail.port=587
spring.mail.username=xxxxxxxxxxxxxx
spring.mail.password=xxxxxxxxxxxxxx
spring.mail.testConnection=true
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
# PASSWORD MANAGEMENT
cas.authn.pm.enabled=true
cas.authn.pm.reset.expirationMinutes=3
cas.authn.pm.reset.securityQuestionsEnabled=false
cas.authn.pm.autoLogin=false
# CHANGE PASSWORD EMAILS
cas.authn.pm.reset.mail.from=us...@email.com
cas.authn.pm.reset.mail.text=email text, reset your password %s
cas.authn.pm.reset.mail.subject=Change your password
cas.authn.pm.reset.mail.cc=
cas.authn.pm.reset.mail.bcc=
cas.authn.pm.reset.mail.attributeName=primaryMail
# CHANGE PASSWORD LDAP CONNECTION
cas.authn.pm.ldap.type=GENERIC
cas.authn.pm.ldap.ldapUrl=ldap://localhost:1389
cas.authn.pm.ldap.bindDn=uid=casuser,ou=apiusers,ou=root,c=country
cas.authn.pm.ldap.bindCredential=xxxxxxxxxxx
cas.authn.pm.ldap.poolPassivator=BIND
cas.authn.pm.ldap.connectionStrategy=DEFAULT
cas.authn.pm.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.pm.ldap.connectTimeout=PT5S
cas.authn.pm.ldap.minPoolSize=3
cas.authn.pm.ldap.maxPoolSize=10
cas.authn.pm.ldap.idleTime=PT10M
cas.authn.pm.ldap.useSsl=false
cas.authn.pm.ldap.useStartTls=false
cas.authn.pm.ldap.responseTimeout=PT5S
cas.authn.pm.ldap.baseDn=ou=users,ou=root,c=country
cas.authn.pm.ldap.subtreeSearch=true
cas.authn.pm.ldap.searchFilter=username={user}
# LDAP PASSWORD POLICY
cas.authn.ldap[0].passwordPolicy.enabled=true
cas.authn.ldap[0].passwordPolicy.type=GENERIC
cas.authn.ldap[0].passwordPolicy.policyAttributes.accountLocked=javax.security.auth.login.AccountLockedException
cas.authn.ldap[0].passwordPolicy.loginFailures=5
cas.authn.ldap[0].passwordPolicy.warningAttributeValue=
cas.authn.ldap[0].passwordPolicy.warningAttributeName=
cas.authn.ldap[0].passwordPolicy.displayWarningOnMatch=true
cas.authn.ldap[0].passwordPolicy.warnAll=true
cas.authn.ldap[0].passwordPolicy.warningDays=30
cas.authn.ldap[0].passwordPolicy.accountStateHandlingEnabled=true
cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT
# TOKEN MANAGEMENT
authn.passwordless.accounts.expireInSeconds=180
This configuration allows a "Reset your Password" link at login page, that shows a login form where you can identify a user name and submit the form. This action is making CAS to search for the user email in Ldap, and sends a reset password email, with a encoded link that is not working, just redirects to the usual login page.
The next step that we are doing, is enabling the dependency for passwordless, but as we load this new cas.war, the normal login page is changed with a form where you can just write a user and submit form, that is not working.
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-passwordless</artifactId>
<version>${cas.version}</version>
</dependency>
Can someone tell us how to enable change password and reset password configuracion/flows?
Thanks,
Eduardo Rdez
Mar 8, 2019, 4:57:03 AM3/8/19
to CAS Community
Hello,
We could allow the password change option from the login page using the following link:
Now users can voluntary follow the link, and do a password change at Ldap.
Arnauld Peyrou
Mar 11, 2019, 3:53:24 AM3/11/19
to cas-...@apereo.org
Hello,
Do you have to use all the configuration you've discribed in your email from the 01/31?
or juste use this link alone?
Regards,
Arnauld PEYROU
Responsable Technique et Support
Direction des Systèmes d'Information.
Inrap - 121 rue d'Alésia - 75014 Paris
Tél : 01 40 08 80 48.
Abonnez-vous à la lettre d'information de l'Inrap : http://www.inrap.fr/newsletter.php
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/acd97b70-566c-4f1a-ad7a-fcde5bdd63db%40apereo.org.
Eduardo Rdez
Mar 11, 2019, 5:24:51 AM3/11/19
to CAS Community
Hello,
Not sure because we were working at the same time in change password link and opt tokens sent by email. The change password link is working but still working on otp tokens. Try to answer, please do some tests in yout environment.
Think we added these sections for change password link. The connection to Ldap, allow the password management and the password policy. Also remember to add the password policy pattern:
# Minimum 8 and Maximum 10 characters at least 1 Lowercase Alphabet first, 1 Uppercase Alphabet, 1 Number and 1 Special Character from the list $@$!%.#*?&
cas.authn.pm.policyPattern=^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[$@$!%.#*?&])[A-Za-z\\d$@$!%.#*?&]{8,10}$
# PASSWORD MANAGEMENT
cas.authn.pm.enabled=true
cas.authn.pm.reset.expirationMinutes=3
cas.authn.pm.reset.securityQuestionsEnabled=false
cas.authn.pm.autoLogin=false
cas.authn.pm.enabled=true
cas.authn.pm.reset.expirationMinutes=3
cas.authn.pm.reset.securityQuestionsEnabled=false
cas.authn.pm.autoLogin=false
Arnauld Peyrou
Mar 15, 2019, 7:15:44 AM3/15/19
to cas-...@apereo.org
Thank you for your answer.
I've tried your configuraiton (with our's specification)
But i don't understand which page use or link to reset password.
I've only one link to change password on the login page..
i've tried your link adapted :https://url.domain.com/cas/login?doChangePassword
but it's always rediected us to the login page....
Cordialement,
Arnauld PEYROU
Responsable Technique et Support
Direction des Systèmes d'Information.
Inrap - 121 rue d'Alésia - 75014 Paris
Tél : 01 40 08 80 48.
Abonnez-vous à la lettre d'information de l'Inrap : http://www.inrap.fr/newsletter.php
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6492d59f-d667-4f09-8409-2d3a2237c943%40apereo.org.
Eduardo Rdez
Mar 15, 2019, 7:31:12 AM3/15/19
to CAS Community
Yes, think you are on the way,
doesn't show you a checkbox whith the text "Chage Password"
Like the one in the image:
Any error message at the application server where you developed cas.war? tomcat? catalina.out?
Reply all
Reply to author
Forward
0 new messages