Re: [cas-user] CAS 5.1 Password expired issues

[Pavlos Drandakis]

Eventually, everything seems to work ok, after adding in 
login-webflow.xml the following (which is present in CAS v5.0.x but not 
in CAS v5.1.0):

    <action-state id="handleAuthenticationFailure">
        <evaluate 
expression="authenticationExceptionHandler.handle(currentEvent.attributes.error, 
messageContext)"/>
        <transition on="AccountDisabledException" 
to="casAccountDisabledView"/>
        <transition on="AccountLockedException" to="casAccountLockedView"/>
        <transition on="CredentialExpiredException" 
to="casExpiredPassView"/>
        <transition on="AccountPasswordMustChangeException" 
to="casMustChangePassView"/>
        <transition on="InvalidLoginLocationException" 
to="casBadWorkstationView"/>
        <transition on="InvalidLoginTimeException" to="casBadHoursView"/>
        <transition on="FailedLoginException" to="initializeLoginForm"/>
        <transition on="AccountNotFoundException" 
to="initializeLoginForm"/>
        <transition on="UnauthorizedServiceForPrincipalException" 
to="initializeLoginForm" />
        <transition on="UnsatisfiedAuthenticationPolicyException" 
to="initializeLoginForm"/>
        <transition on="UnauthorizedAuthenticationException" 
to="casAuthenticationBlockedView"/>
        <transition to="initializeLoginForm"/>
    </action-state>
I don't know if it is the right way, but it seems to work...

Pavlos
P.S.: In order to show expiredPassView messages I had to
a) copy fragments/pwdupdateform.html to fragments/pwdexpiredform.html,
b) change the relevant th messages to screen.expiredpass.heading and 
screen.expiredpass.message
c) change in casExpiredPassView.html 
th:replace="fragments/pwdupdateform" to 
th:replace="fragments/pwdexpiredform"


On 16/06/2017 12:22 μμ, Ludovic Senecaux wrote:
The logs provide the right information from the LDAP directory, but 
the CAS does not seem to return the correct JSP page.

|
2017-06-0814:41:32,478DEBUG 
[org.apereo.cas.authentication.support.DefaultAccountStateHandler]-<Handlingerror 
[ACCOUNT_LOCKED]>
2017-06-0814:41:32,478INFO 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]failed 
authenticating [foo]>
2017-06-0814:41:32,479DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]exception 
details:[null]>
2017-06-0814:41:32,479WARN 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<Authenticationhas 
failed.Credentialsmay be incorrect orCAS cannot find authentication 
handler that supports [foo]of type [UsernamePasswordCredential],which 
suggests a configuration problem.>
2017-06-0814:41:32,480INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]-<Audittrail 
record BEGIN
=============================================================
WHO:foo
WHAT:Suppliedcredentials:[foo]
ACTION:AUTHENTICATION_FAILED
APPLICATION:CAS
WHEN:ThuJun0814:41:32CEST 2017
CLIENT IP ADDRESS:10.199.2.7
SERVER IP ADDRESS:192.168.108.100
=============================================================
|


|
2017-06-0815:15:35,859DEBUG 
[org.apereo.cas.authentication.support.DefaultAccountStateHandler]-<Handlingpolicy 
based on pre-definedattributes>
2017-06-0815:15:35,859DEBUG 
[org.apereo.cas.authentication.support.DefaultAccountStateHandler]-<Handlingerror 
[CHANGE_AFTER_RESET]>
2017-06-0815:15:35,860INFO 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]failed 
authenticating [foo]>
2017-06-0815:15:35,860DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<[LdapAuthenticationHandler]exception 
details:[null]>
2017-06-0815:15:35,861WARN 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager]-<Authenticationhas 
failed.Credentialsmay be incorrect orCAS cannot find authentication 
handler that supports [foo]of type [UsernamePasswordCredential],which 
suggests a configuration problem.>
2017-06-0815:15:35,862INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager]-<Audittrail 
record BEGIN
=============================================================
WHO:foo
WHAT:Suppliedcredentials:[foo]
ACTION:AUTHENTICATION_FAILED
APPLICATION:CAS
WHEN:ThuJun0815:15:35CEST 2017
CLIENT IP ADDRESS:10.199.2.7
SERVER IP ADDRESS:unknown
=============================================================
|


--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/619c16de-8be6-8e01-990e-4af6fd16eccf%40noc.edunet.gr.