Hi Ben, thanks for your answer, but that bug (which is already resolved, as you said) was for AD and for version 5.1 RC1. The problem that I have is for Generic (OpenLDAP) and the official CAS 5.1.0 version (I had the same issue also with 5.1 RC4).
Is there anyone that has/could share a working configuration for CAS 5.1.0 - OpenLDAP - LPPE support? Thanks, in advance, Pavlos > This bug https://github.com/apereo/cas/issues/2322 previously could stop > the expired password being handled but it's fixed in 5.1 RC2. > > On 8 June 2017 at 15:10, Pavlos Drandakis <[email protected]> wrote: > >> Hi Ben, >> >> Thanks for your suggestion, but I have already tried it (and tried it >> once >> again, now). The problem still exists. This property, IIUC, only enables >> in-place password management and has nothing to do with the missing >> message/view/flow. >> >> In CAS v5.0.x the "same" configuration with the same OpenLDAP backend >> worked as expected... >> >> handleAuthenticationFailure, as you said, should handle >> CredentialExpiredException and render the VIEW_ID_EXPIRED_PASSWORD >> (casExpireedPassView) but I don't see that happening. Perhaps, when >> reaching that point, CredentialExpiredException is "lost" and a generic >> AuthenticationException is thrown... >> >> Pavlos >> > Have a look at : >> > >> > cas.authn.pm.enabled=true >> > >> > >> > which I think you need to set. >> > >> > Also login-webflow.xml has a handleAuthenticationFailure step which >> > handles >> > all the different exceptions, including CredentialExpiredException. >> > >> > >> > On 7 June 2017 at 13:54, Pavlos Drandakis <[email protected]> >> wrote: >> > >> >> Hello all, >> >> >> >> I am trying to setup CAS 5.1 (using the maven overlay method) to >> >> authenticate users against an OpenLDAP server. If user's password is >> not >> >> expired, everything works as expected. But, when user's password >> >> expires, >> >> all I get is the "Invalid credentials" error in login page instead of >> >> the >> >> password expired view. >> >> >> >> This is what I have in cas.properties: >> >> cas.authn.ldap[0].type=AUTHENTICATED >> >> cas.authn.ldap[0].ldapUrl=ldap://ldap.example.com >> >> cas.authn.ldap[0].useSsl=false >> >> cas.authn.ldap[0].useStartTls=false >> >> cas.authn.ldap[0].baseDn=dc=example,dc=com >> >> cas.authn.ldap[0].userFilter=uid={user} >> >> cas.authn.ldap[0].bindDn=cn=admin,dc=example,dc=com >> >> cas.authn.ldap[0].bindCredential=secretpass >> >> >> >> cas.authn.ldap[0].passwordPolicy.type=GENERIC >> >> cas.authn.ldap[0].passwordPolicy.enabled=true >> >> >> >> Am I missing something? >> >> Thanks, in advance >> >> Pavlos >> >> >> >> P.S.: Relevant log entries: >> >> 2017-06-07 15:20:22,463 DEBUG >> >> [org.apereo.cas.authentication.LdapAuthenticationHandler] - <Applying >> >> password policy to >> >> [[org.ldaptive.auth.AuthenticationResponse@1608121171:: >> >> authenticationResultCode=AUTHENTICATION_HANDLER_FAILURE, >> >> resolvedDn=uid=auser,ou=People,dc=example,dc=com, >> >> ldapEntry=[dn=uid=auser,ou=People,dc=example,dc=com[]], >> >> accountState=[org.ldaptive.auth.ext.PasswordPolicyAccountState@ >> >> 1354577001::accountWarnings=null, >> >> accountErrors=[PASSWORD_EXPIRED]], result=false, >> >> resultCode=INVALID_CREDENTIALS, >> >> message=javax.naming.AuthenticationException: [LDAP: error code 49 - >> >> Invalid Credentials], >> >> controls=[[org.ldaptive.control.PasswordPolicyControl@ >> >> 655105816::criticality=false, >> >> timeBeforeExpiration=0, graceAuthNsRemaining=0, >> >> error=PASSWORD_EXPIRED]]]]> >> >> 2017-06-07 15:20:22,464 DEBUG >> >> [org.apereo.cas.authentication.support.DefaultAccountStateHandler] - >> >> <Handling error [PASSWORD_EXPIRED]> >> >> 2017-06-07 15:20:22,465 INFO >> >> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> >> <[LdapAuthenticationHandler] failed authenticating [auser]> >> >> 2017-06-07 15:20:22,465 DEBUG >> >> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> >> <[LdapAuthenticationHandler] exception details: [null]> >> >> 2017-06-07 15:20:22,468 WARN >> >> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >> >> <Authentication has failed. Credentials may be incorrect or CAS >> cannot >> >> find authentication handler that supports [auser] of type >> >> [UsernamePasswordCredential], which suggests a configuration >> problem.> >> >> >> >> -- >> >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> >> - CAS mailing list guidelines: https://apereo.github.io/cas/ >> >> Mailing-Lists.html >> >> - CAS documentation website: https://apereo.github.io/cas >> >> - CAS project website: https://github.com/apereo/cas >> >> --- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "CAS Community" group. >> >> To unsubscribe from this group and stop receiving emails from it, >> send >> >> an >> >> email to [email protected]. >> >> To view this discussion on the web visit https://groups.google.com/a/ >> >> apereo.org/d/msgid/cas-user/d41c5617c375b7ada108bf29380118 >> >> d6.squirrel%40webmail01.edunet.gr. >> >> >> > >> > -- >> > This email is sent on behalf of Northgate Public Services (UK) Limited >> and >> > its associated companies including Rave Technologies (India) Pvt >> Limited >> > (together "Northgate Public Services") and is strictly confidential >> and >> > intended solely for the addressee(s). >> > If you are not the intended recipient of this email you must: (i) not >> > disclose, copy or distribute its contents to any other person nor use >> its >> > contents in any way or you may be acting unlawfully; (ii) contact >> > Northgate Public Services immediately on +44(0)1908 264500 quoting the >> > name >> > of the sender and the addressee then delete it from your system. >> > Northgate Public Services has taken reasonable precautions to ensure >> that >> > no viruses are contained in this email, but does not accept any >> > responsibility once this email has been transmitted. You should scan >> > attachments (if any) for viruses. >> > >> > Northgate Public Services (UK) Limited, registered in England and >> Wales >> > under number 00968498 with a registered address of Peoplebuilding 2, >> > Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, >> Hertfordshire, >> > HP2 >> > 4NN. Rave Technologies (India) Pvt Limited, registered in India under >> > number 117068 with a registered address of 2nd Floor, Ballard House, >> Adi >> > Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001. >> > >> > -- >> > - CAS gitter chatroom: https://gitter.im/apereo/cas >> > - CAS mailing list guidelines: >> > https://apereo.github.io/cas/Mailing-Lists.html >> > - CAS documentation website: https://apereo.github.io/cas >> > - CAS project website: https://github.com/apereo/cas >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "CAS Community" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > To view this discussion on the web visit >> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/ >> CAD0p8pvJ6UDtkeEzwryQbr%3DnDmT1Ca78vEq3b6qX1Uq5B%2BD8Gg%40mail.gmail.com. >> > >> >> >> -- >> --------------------------------------------- >> >> If it ain't cyrusmaster, it ain't nothing !!! >> >> --------------------------------------------- >> >> -- >> - CAS gitter chatroom: https://gitter.im/apereo/cas >> - CAS mailing list guidelines: https://apereo.github.io/cas/ >> Mailing-Lists.html >> - CAS documentation website: https://apereo.github.io/cas >> - CAS project website: https://github.com/apereo/cas >> --- >> You received this message because you are subscribed to the Google >> Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ >> apereo.org/d/msgid/cas-user/0054ab587e26c9a8aa42d13db13755 >> d1.squirrel%40webmail01.edunet.gr. >> > > -- > This email is sent on behalf of Northgate Public Services (UK) Limited and > its associated companies including Rave Technologies (India) Pvt Limited > (together "Northgate Public Services") and is strictly confidential and > intended solely for the addressee(s). > If you are not the intended recipient of this email you must: (i) not > disclose, copy or distribute its contents to any other person nor use its > contents in any way or you may be acting unlawfully; (ii) contact > Northgate Public Services immediately on +44(0)1908 264500 quoting the > name > of the sender and the addressee then delete it from your system. > Northgate Public Services has taken reasonable precautions to ensure that > no viruses are contained in this email, but does not accept any > responsibility once this email has been transmitted. You should scan > attachments (if any) for viruses. > > Northgate Public Services (UK) Limited, registered in England and Wales > under number 00968498 with a registered address of Peoplebuilding 2, > Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, > HP2 > 4NN. Rave Technologies (India) Pvt Limited, registered in India under > number 117068 with a registered address of 2nd Floor, Ballard House, Adi > Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001. > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD0p8pupsefZpWwkP2F_FVsWM5Y-RPd9xruMJDKAgmCrRfKJYQ%40mail.gmail.com. > -- --------------------------------------------- If it ain't cyrusmaster, it ain't nothing !!! --------------------------------------------- -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d984171b79fbc39ea21a9e8dc842dbfc.squirrel%40webmail01.edunet.gr.
