reCAPTCHA Mode

Seth Stein

unread,

Jun 8, 2021, 5:25:13 PM6/8/21

to pwm-general

In the PWM configuration, you can choose either "reCaptcha Version 3" or "reCaptcha Version 3 - Invisible" for the reCAPTCHA Mode.

As I am reading through Google's documentation for reCAPTCHA v3, it says they will return a score which your application can use to take appropriate action. I am looking through the CaptchaUtility.java source code, I don't see where PWM is doing anything with this score when it verifies the response in verifyReCaptcha(). PWM is just checking for a 'success' response, which for V3 just means there were no errors with the reCAPTCHA process and has no bearing on the user behavior.

It seems like PWM has implemented reCAPTCHA v2 and reCAPTCHA v2 Invisible, which do not rely on a score, not v3.

Is the "reCAPTCHA Mode" mis-labeled in PWM? Should the configuration options be "reCAPTCHA v2" and "reCAPTCHA v2 - Invisible"?

Seth

Jason Rivard

unread,

Jun 9, 2021, 4:14:03 PM6/9/21

to pwm-general

I think it's probably mislabeled. At the time I did the upgrade from v1 it was very confusing what was what. The score is not used, and other than setting a minimum score which you can do on the google console I'm not sure what use it would be in PWM.

Seth Stein

unread,

Jun 11, 2021, 11:34:39 AM6/11/21

to pwm-general

Thanks, Jason, for clarifying. I have submitted a pull request to address this.

Seth

Stephen Lanning

unread,

Mar 9, 2022, 2:41:32 PM3/9/22

to pwm-general

What is the status on this? I just upgraded from PWM 1.8 - 1.9.2 and in the reCaptcha Mode I'm only seeing the options reCAPTCHA version 3 or reCAPTCHA version - Invisible.

When setting to Version 3 - Invisble PWM 1.9.2 it accepts the emal and last name, but just hangs. Otherwise, I receive the error "ERROR for site owner: Invalid key type" as mentioned int he article below.

https://www.netiq.com/documentation/self-service-password-reset-45/sspr-45-release-notes/data/sspr-45-release-notes.html

Is there a resolution? I am using the latest 1.9.2 war file downloaded at the end of February 2022.

Thanks in advance for your assistance as I'm new to building a PWM site, but have been doing basic admin for a few years.

Kindly,

Stephen

Jason Rivard

unread,

Mar 9, 2022, 6:38:49 PM3/9/22

to pwm-general

This was fixed in the 2.0 release. For older versions, it's just mislabeled, v3 really means v2.

-Jason

Stephen Lanning

unread,

Mar 9, 2022, 8:02:19 PM3/9/22

to pwm-general

Got it. Thank you for clarifying.

My issue ultimately turned out to be that I didn't have the proper permissions to the cacerts file.

Question: Which is the latest 'stable' version? Should I be installing 1.9.2 or the latest 2.0 version - which would you recommend?

Stephen

Jason Rivard

unread,

Mar 9, 2022, 11:15:19 PM3/9/22

to pwm-general

2.0 > 1.9.2 :) 2.0.1 is on its way soon-ish.

Stephen Lanning

unread,

Mar 10, 2022, 10:41:20 AM3/10/22

to pwm-general

Thanks, Jason.

Reply all

Reply to author

Forward