Hi,
In CAS v6.6.15.1 I can throw an AccountPasswordMustChangeException in a groovy script for lppe and I will get the message of "authenticationFailure.AccountPasswordMustChangeException".
But in CAS v7.0.X and v7.1.X it does not work any more, the webflow doesn't redirect to the expected page.
My groovy script is simple :
import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException
def List<MessageDescriptor> run(final Object... args) {
throw new AccountPasswordMustChangeException()
}
In the logs I have this :
2024-06-19 12:58:15,807 ERROR [org.apereo.cas.util.concurrent.CasReentrantLock] - <AccountPasswordMustChangeException
IndyInterface.java:fromCache:321
lppe-strategy-throws-error.groovy:run:4
DirectMethodHandleAccessor.java:invoke:103
>
2024-06-19 12:58:15,810 ERROR [org.apereo.cas.authentication.DefaultAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [UsernamePasswordCredential(username=lehirleb, source=null, customFields={})] of type [UsernamePasswordCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
2024-06-19 12:58:15,810 ERROR [org.apereo.cas.authentication.DefaultAuthenticationManager] - <[LdapAuthenticationHandler]: [org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException / null]>
Is there a new way to do it?
My goal is to redirect a user when his password is invalid and is in a special group (a group of banned users for instance).
Regards.