Jaden, That is the extent of my familiarity with password reset. I have never used the APIs.
Ray On Thu, 2020-09-17 at 14:31 -0700, Jaden wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Going to the login page (via a GET request) causes the login page to load. It contains a passwordManagementForm, which has a hidden "execution" value (a large token) and a hidden "_eventId" value (set to "resetPassword") inside. Clicking the Forgot Password button makes a POST call back to the same login page, but passes those two values along, which causes the Reset Password form to load. This form has a different "execution" value, and its "_eventId" is set to "findAccount". Typing a username here and clicking the Submit button causes yet another POST call to the same login page to be made. This time, the new "execution", "_eventId", and "username" fields are passed along. This seems to be what causes the Reset Password email to be sent. I could potentially have my application make all of these same calls, in the same order, passing the correct values at each step. In essence, the application would be mimicking a web browser. If this is the only approach, I can give it a try, but it feels like a bit of a hack to me. I was hoping for more of an API that my application could make a single call to. On Thursday, September 17, 2020 at 3:00:45 PM UTC-6 Ray Bon wrote: Jaden, Is cas 'Forgot Password' a GET or POST? Either way, there may be some cookies or hidden form fields that might require a GET call to the log in page first. I have done this for jMeter testing of other applications that have to go through the log in process, but not for resetting password. Ray On Thu, 2020-09-17 at 12:59 -0700, Jaden wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. My application has a "Reset Password" button inside it. When the user clicks that button, I'd like CAS to send them its standard password reset email (the one controlled by the various cas.authn.pm.reset.mail properties). In other words, I want it to behave as if they had clicked "Forgot Password" on the CAS login screen, typed their email address, and clicked Submit. Is this sort of behavior possible? I'm hoping for something simple like sending a GET request to CAS, but I'll take any solution I can get :-) Thanks! -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831<tel:(250)%20721-8831> | CLE 019 | [email protected] I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/429cfe25e8a527a17c700deb6f4311aed87ec4d7.camel%40uvic.ca.
