PWM Password Expiration Notification is not working

[sofia(백선혜)]

(The Google Groups said this message is too long, so I'll post my question divided by two parts.)

Hi Team,

I can see the Password Expiration Notification Job is completed well and node service is enabled like below but Password Expiration Notification is not working. I could find 4 errors so far in the Log Viewer. Could you help me to work well for PWM Password Expiration Notification?

=========================================================

# 5034 ERROR_INVALID_FORMID

2022-08-04T02:09:40Z, FATAL, servlet.AbstractPwmServlet, {O7hZp,Admin} unexpected error: 5034 ERROR_INVALID_FORMID (form nonce incorrect) [211.45.193.101]

This error seems like the problem of my Email Templates. And the below is my email templates settings of PWM.

# 5019 ERROR_SERVICE_NOT_AVAILABLE

2022-08-04T02:07:25Z, ERROR, http.PwmResponse, {O7hZp,Admin} 5019 ERROR_SERVICE_NOT_AVAILABLE (configuration setting Settings ⇨ Web Services ⇨ REST Services ⇨ Enable Public Health and Statistics Web Services must be enabled for this page to function.) [211.45.193.101]

2022-08-04T02:07:25Z, FATAL, servlet.AbstractPwmServlet, {O7hZp,Admin} unexpected error: 5019 ERROR_SERVICE_NOT_AVAILABLE (configuration setting Settings ⇨ Web Services ⇨ REST Services ⇨ Enable Public Health and Statistics Web Services must be enabled for this page to function.) [211.45.193.101]

This error seems like I have to change the Settings but I cannot find Enable Public Health and Statistics Web Services feature. The below is my Rest Services settings of PWM.

[sofia(백선혜)]

# 5034 ERROR_INVALID_FORMID

2022-08-04T02:07:09Z, FATAL, servlet.AbstractPwmServlet, {O7hZp,Admin} unexpected error: 5034 ERROR_INVALID_FORMID (form nonce incorrect) [211.45.193.101]

2022-08-04T02:05:22Z, FATAL, servlet.AbstractPwmServlet, {O7hZp} unexpected error: 5004 ERROR_AUTHENTICATION_REQUIRED [211.45.193.101]

2022-08-04T02:05:20Z, FATAL, servlet.AbstractPwmServlet, {O7hZp} unexpected error: 5004 ERROR_AUTHENTICATION_REQUIRED [211.45.193.101]

This error seems like the problem of my Email Certificates. And the below is my email templates settings of PWM and related settings/log of my SMTP server in Windows EC2 Instance.(The message delivery seems like successful.)

# 5090 ERROR_RECOVERY_SEQUENCE_INCOMPLETE

2022-07-28T03:46:27Z, ERROR, http.PwmResponse, {na7ww} 5090 ERROR_RECOVERY_SEQUENCE_INCOMPLETE (forgotten password recovery sequence completed, but user has not actually satisfied any verification methods) [211.45.193.125]

2022-07-28T03:46:27Z, FATAL, servlet.AbstractPwmServlet, {na7ww} unexpected error: 5090 ERROR_RECOVERY_SEQUENCE_INCOMPLETE (forgotten password recovery sequence completed, but user has not actually satisfied any verification methods) [211.45.193.125]

2022-07-28T03:46:27Z, ERROR, forgottenpw.ForgottenPasswordServlet, {na7ww} 5090 ERROR_RECOVERY_SEQUENCE_INCOMPLETE (forgotten password recovery sequence completed, but user has not actually satisfied any verification methods) [211.45.193.125]

For this error, I don't get the meaning of "user has not actually satisfied any verification methods".

=========================================================

Best Regards,

Sofia.

[Jason Rivard]

The invalid form error "ERROR_INVALID_FORMID" is either because of a UI bug or because the server had an error and ended the user session abruptly.  Mostly likely it is the latter.  Once this happens there will be many superfluous errors after this until the user re-authenticates, and that's probably what the rest of the errors are.  Specifically the sequence incomplete error means that the user reached the point to try to reset a forgotten password but the current server side session doesn't have a record of the user having recently passed any validation checks, again most likely because of a previous error.  Check before these errors for other issues, and they may be hiding in DEBUG or TRACE level statements.