Groups

Forgotten Password Module When No Questions are Set

371 views

Skip to first unread message

matthe...@selu.edu

unread,

Apr 18, 2016, 10:06:10 AM4/18/16

to pwm-general

Hello,

Been using PWM for a while, it rocks. It has saved us a ton of time in creating and configuring our own self-service solution. Thank you.

My question is relating to the Forgotten Password module. When a user has never logged into the system before, has never set their challenge questions, and attempts to use the Forgotten Password module, they are presented with a blank screen. Is there something already present in PWM to address this? Ideally, they should receive an informational page telling them that they don't have questions set. I've looked, but I haven't found anything.

Any suggestions? Thanks again!

Matthew Gill

unread,

Apr 28, 2016, 7:22:45 AM4/28/16

to pwm-general

Bump?

Dave B

unread,

Apr 28, 2016, 8:53:24 AM4/28/16

to pwm-general

Matthew,

I'm not seeing a blank screen when I try Forgotten Password on a user without any challenge methods saved - I get:

PWM 5036 "There is no contact information available for your account. Please contact your administrator."

I'm on the latest build here, but if you're getting a blank screen, check out PWM.log and your tomcat logs for errors.

-Dave

Matthew Gill

unread,

Apr 28, 2016, 10:09:47 AM4/28/16

to pwm-general

That is exactly the screen I want to see! We are on an older build, 1.7.something... We get the following log:

April 28, 2016 at 9:02:50 AM CDT, ERROR, http.PwmResponse, {2jbk} 5006 ERROR_RESPONSES_NORESPONSES [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, FATAL, servlet.AbstractPwmServlet, 5006 ERROR_RESPONSES_NORESPONSES

April 28, 2016 at 9:02:50 AM CDT, DEBUG, operations.CrService, {2jbk} no responses found for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, operations.CrService, {2jbk} will attempt to read the following storage methods: ["DB"] for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserStatusReader, {2jbk} Helpdesk has no matching profiles for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz (default) [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is not a match for group 'cn=PWM Admins,ou=Custom Groups,DC=xyz,DC=xyz,DC=xyz' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is not a match for group 'cn=PWM Helpdesk,ou=Custom Groups,DC=xyz,DC=xyz,DC=xyz' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserStatusReader, {2jbk} checkProfile: UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} has value for attributes, update profile will not be required [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=person)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserStatusReader, {2jbk} completed user password status check for CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz PasswordStatus {expired=false, pre-expired=false, warn=false, violatesPolicy=false} (2ms) [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, operations.CrService, {2jbk} checkIfResponseConfigNeeded: UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} does not have good responses: no responses configured [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, operations.CrService, {2jbk} testing challenge profiles 'default' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, operations.CrService, {2jbk} no response info found for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, operations.CrService, {2jbk} will attempt to read the following storage methods: ["DB"] for response info for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.LdapPermissionTester, {2jbk} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, operations.PasswordUtility, {2jbk} testing password policy profile 'LongPassword' [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserSearchEngine, {2jbk} found userDN: CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz (2ms) [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserSearchEngine, {2jbk} completed user search process in 2ms, resultSize=1 [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserSearchEngine, {2jbk} performing ldap search for user; searchID=142 profile=default base=CN=Users,DC=xyz,DC=xyz,DC=xyz filter=SearchHelper: filter: (&(objectclass=User)(sAMAccountName=pwmguest)), scope: SUBTREE, attributes: [] maxCount=1 [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserSearchEngine, {2jbk} performing ldap search for user; searchID=141 profile=default base=OU=Service Accounts,DC=xyz,DC=xyz,DC=xyz filter=SearchHelper: filter: (&(objectclass=User)(sAMAccountName=pwmguest)), scope: SUBTREE, attributes: [] maxCount=1 [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserSearchEngine, {2jbk} performing ldap search for user; searchID=140 profile=default base=OU=User Base,DC=xyz,DC=xyz,DC=xyz filter=SearchHelper: filter: (&(objectclass=User)(sAMAccountName=pwmguest)), scope: SUBTREE, attributes: [] maxCount=2 [i.changed.this.ip]

April 28, 2016 at 9:02:50 AM CDT, DEBUG, ldap.UserSearchEngine, {2jbk} beginning user search process [i.changed.this.ip]

And a standard Error 500 page...

On a dev install of the latest snapshot (b14170196 reccd0bc157c7d1ab2f706a9193c6198da8a24416) :

April 28, 2016 at 9:08:15 AM CDT, DEBUG, http.PwmResponse, {118254} forcing logout due to error 5006 ERROR_RESPONSES_NORESPONSES [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, ERROR, http.PwmResponse, {118254} 5006 ERROR_RESPONSES_NORESPONSES [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, FATAL, servlet.AbstractPwmServlet, 5006 ERROR_RESPONSES_NORESPONSES

April 28, 2016 at 9:08:15 AM CDT, DEBUG, operations.CrService, {118254} no responses found for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, operations.CrService, {118254} will attempt to read the following storage methods: ["DB"] for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserStatusReader, {118254} assigned UpdateAttributes profileID "default" to CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz (default) [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=person)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserStatusReader, {118254} Helpdesk has no matching profiles for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz (default) [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is not a match for group 'cn=PWM Admins,ou=Custom Groups,DC=xyz,DC=xyz,DC=xyz' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is not a match for group 'cn=PWM Helpdesk,ou=Custom Groups,DC=xyz,DC=xyz,DC=xyz' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserStatusReader, {118254} completed user password status check for CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz PasswordStatus {expired=false, pre-expired=false, warn=false, violatesPolicy=false} (17ms) [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, operations.CrService, {118254} checkIfResponseConfigNeeded: UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} does not have good responses: no responses configured [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, operations.CrService, {118254} testing challenge profiles 'default' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, operations.CrService, {118254} no response info found for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, operations.CrService, {118254} will attempt to read the following storage methods: ["DB"] for response info for user CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.LdapPermissionTester, {118254} user UserIdentity{"userDN":"CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz","ldapProfile":"default"} is a match for '(objectClass=*)' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, operations.PasswordUtility, {118254} testing password policy profile 'LongPassword' [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserSearchEngine, {118254} found userDN: CN=pwmguest,OU=Guests,OU=User Base,DC=xyz,DC=xyz,DC=xyz (12ms) [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserSearchEngine, {118254} completed user search process in 11ms, resultSize=1 [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserSearchEngine, {118254} performing ldap search for user; searchID=39 profile=default base=CN=Users,DC=xyz,DC=xyz,DC=xyz filter=SearchHelper: filter: (&(objectclass=User)(sAMAccountName=pwmguest)), scope: SUBTREE, attributes: [] maxCount=1 [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserSearchEngine, {118254} performing ldap search for user; searchID=38 profile=default base=OU=Service Accounts,DC=xyz,DC=xyz,DC=xyz filter=SearchHelper: filter: (&(objectclass=User)(sAMAccountName=pwmguest)), scope: SUBTREE, attributes: [] maxCount=1 [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserSearchEngine, {118254} performing ldap search for user; searchID=37 profile=default base=OU=User Base,DC=xyz,DC=xyz,DC=xyz filter=SearchHelper: filter: (&(objectclass=User)(sAMAccountName=pwmguest)), scope: SUBTREE, attributes: [] maxCount=2 [i.changed.this.ip]

April 28, 2016 at 9:08:15 AM CDT, DEBUG, ldap.UserSearchEngine, {118254} beginning user search process [i.changed.this.ip]

April 28, 2016 at 9:08:12 AM CDT, DEBUG, servlet.CaptchaServlet, {118254} captcha passcode verified (120ms) [i.changed.this.ip]

April 28, 2016 at 9:08:12 AM CDT, DEBUG, servlet.CaptchaServlet, {118254} sending reCaptcha verification request [i.changed.this.ip]

April 28, 2016 at 9:08:00 AM CDT, DEBUG, filter.CaptchaFilter, {118254} session requires captcha verification, redirecting to Captcha servlet [i.changed.this.ip]

But, I don't get a standard Error 500 page... Instead I get a PWM page:

PWM 5006

The username is not valid or is not eligible to use this feature

Any thoughts?

Message has been deleted

Matthew Gill

unread,

Apr 28, 2016, 6:28:15 PM4/28/16

to pwm-general

The fact that there is at least a message now, instead of a 500 error page is great! I dug through the code and found the Error.Properties line:

Error_Response_NoResponse=The username is not valid or is not eligible to use this feature

I tried changing it to:

Error_Response_NoResponse=This user has no challenge questions set. Please contact the Help Desk.

I rezipped the files, and changed the extension to .jar, and replaced it in the WEB-INF/lib directory on the server. Afterwhich I receive:

Can't find bundle for base name password.pwm.i18n.Error, locale en

Can anyone give me some pointers on modifying the war file, or the SNAPSHOT jar to customize this message?

Thanks again!

Dave B

unread,

Apr 28, 2016, 6:43:03 PM4/28/16

to pwm-general

Matthew,

Assuming you mean in the newer builds - these errors and other localized text are configurable in the GUI and alter PwmConfiguration.xml so it will survive upgrades. Check out Settings | Display Text | Error and find the one you want to change.

-Dave

Matthew Gill

unread,

Apr 28, 2016, 10:02:45 PM4/28/16

to pwm-general

I've been using the older builds for so long I never saw this! Thanks Dave!

Reply all

Reply to author

Forward

0 new messages

Search

Clear search

Close search

Google apps

Main menu