Hello all, I am trying to setup CAS 5.1 (using the maven overlay method) to authenticate users against an OpenLDAP server. If user's password is not expired, everything works as expected. But, when user's password expires, all I get is the "Invalid credentials" error in login page instead of the password expired view.
This is what I have in cas.properties: cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com cas.authn.ldap[0].useSsl=false cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].baseDn=dc=example,dc=com cas.authn.ldap[0].userFilter=uid={user} cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com cas.authn.ldap[0].bindCredential=secretpass cas.authn.ldap[0].passwordPolicy.type=GENERIC cas.authn.ldap[0].passwordPolicy.enabled=true Am I missing something? Thanks, in advance Pavlos P.S.: Relevant log entries: 2017-06-07 15:20:22,463 DEBUG [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Applying password policy to [[org.ldaptive.auth.AuthenticationResponse@1608121171::authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, resolvedDn=uid=auser,ou=People,dc=example,dc=com, ldapEntry=[dn=uid=auser,ou=People,dc=example,dc=com[]], accountState=[org.ldaptive.auth.ext.PasswordPolicyAccountState@1354577001::accountWarnings=null, accountErrors=[PASSWORD_EXPIRED]], result=false, resultCode=INVALID_CREDENTIALS, message=javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials], controls=[[org.ldaptive.control.PasswordPolicyControl@655105816::criticality=false, timeBeforeExpiration=0, graceAuthNsRemaining=0, error=PASSWORD_EXPIRED]]]]> 2017-06-07 15:20:22,464 DEBUG [org.apereo.cas.authentication.support.DefaultAccountStateHandler] - <Handling error [PASSWORD_EXPIRED]> 2017-06-07 15:20:22,465 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] failed authenticating [auser]> 2017-06-07 15:20:22,465 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[LdapAuthenticationHandler] exception details: [null]> 2017-06-07 15:20:22,468 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [auser] of type [UsernamePasswordCredential], which suggests a configuration problem.> -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d41c5617c375b7ada108bf29380118d6.squirrel%40webmail01.edunet.gr.
