Hi all and Dave, I'm trying to use the same attributes with my OpenLDAP : cas.authn.ldap[0].passwordPolicy.account-state-handling-enabled=true cas.authn.ldap[0].passwordPolicy.display-warning-on-match=true cas.authn.ldap[0].passwordPolicy.enable=true cas.authn.ldap[0].passwordPolicy.login-failures=5 cas.authn.ldap[0].passwordPolicy.policy-attributes.account-locked=javax.security.auth.login.AccountLockedException cas.authn.ldap[0].passwordPolicy.strategy=DEFAULT cas.authn.ldap[0].passwordPolicy.type=GENERIC cas.authn.ldap[0].passwordPolicy.warn-all=true cas.authn.ldap[0].passwordPolicy.warning-attribute-name=gestion cas.authn.ldap[0].passwordPolicy.warning-attribute-value=1 cas.authn.ldap[0].passwordPolicy.warning-days=30
At my first login, the CAS does not check the attribute "gestion" in my LDAP. Did I forget or something is missing ? Thanks, Mickaël Le lundi 28 janvier 2019 à 21:29:35 UTC+1, [email protected] a écrit : > We're wanting to enable the LPPE password expiration warning (your > password expires in N days) in CAS 5.2.7. I've set the properties: > > cas.authn.ldap[0].passwordPolicy.enabled: true > cas.authn.ldap[0].passwordPolicy.type: AD > cas.authn.ldap[0].passwordPolicy.strategy: DEFAULT > cas.authn.ldap[0].passwordPolicy.warningDays: 5 > cas.authn.ldap[0].passwordPolicy.warnAll: true > > > and sure enough, when I try to log in, I get the login page followed by > the casLoginMessageView.html page. But when I press the "CONTINUE" button > on that page, which should take me to the application, instead I end up > back at the login screen. > > In the log, I see: > > AUTHENTICATION_EVENT_TRIGGERED > AUTHENTICATION_SUCCESS > TICKET_GRANTING_TICKET_CREATED > > but then... > > 2019-01-28 11:04:43,223 DEBUG > [org.apereo.cas.web.flow.GenerateServiceTicketAction] - <Ticket-granting > ticket found in the context is > [TGT-20-*********************************************************YC-v-3MOV4-casdev-srv01-lid]> > 2019-01-28 11:04:43,239 ERROR > [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - > <Cannot read/parse JSON > [{"@class":"org.apereo.cas.ticket.TicketGrantingTicketImpl","@id":1,"id":"TGT-20-******************4OIdqEs6hCxUOo1V9oWRBct-...] > > to deserialize into type [interface > org.apereo.cas.ticket.TicketGrantingTicket]. This may be caused in the > absence of a configuration/support module that knows how to interpret the > JSON fragment, specially if the fragment describes a CAS registered service > definition. Internal parsing error is [Cannot construct instance of > `org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor` > > (no Creators, like default construct, exist): cannot deserialize from > Object value (no delegate- or property-based Creator) > at [Source: > (String)"{"@class":"org.apereo.cas.ticket.TicketGrantingTicketImpl","@id":1,"id":"TGT-20-******************4OIdqEs6hCxUOo1V9oWRBct-...daM15STZ9bFmYC-v-3MOV4-casdev-srv01-lid","authentication":{"@class":"org.apereo.cas.authentication.DefaultAuthentication","authenticationDate":1548691399.597,"credentials":["java.util.ArrayList",[{"@class":"org.apereo.cas.authentication.BasicCredentialMetaData","id":"curryd","credentialClass":"org.apereo.cas.authentication.UsernamePasswordCredential"}]],"principal":{"@clas"[truncated > > 4973 chars]; line: 1, column: 4973] (through reference chain: > org.apereo.cas.ticket.TicketGrantingTicketImpl["authentication"]->org.apereo.cas.authentication.DefaultAuthentication["successes"]->java.util.HashMap["Active > > Directory > (TNS)"]->org.apereo.cas.authentication.DefaultHandlerResult["warnings"]->java.util.ArrayList[0])]> > 2019-01-28 11:04:43,239 ERROR > [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Failed fetching > [TGT-20-*********************************************************YC-v-3MOV4-casdev-srv01-lid]: > > [java.lang.RuntimeException: > org.apereo.cas.ticket.TicketGrantingTicketImpl]> > 2019-01-28 11:04:43,240 DEBUG > [org.apereo.cas.web.flow.GenerateServiceTicketAction] - <CAS has determined > ticket-granting ticket > [TGT-20-*********************************************************YC-v-3MOV4-casdev-srv01-lid] > > is invalid and must be destroyed> > 2019-01-28 11:04:43,243 ERROR > [org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer] - > <Cannot read/parse JSON > [{"@class":"org.apereo.cas.ticket.TicketGrantingTicketImpl","@id":1,"id":"TGT-20-******************4OIdqEs6hCxUOo1V9oWRBct-...] > > to deserialize into type [interface > org.apereo.cas.ticket.TicketGrantingTicket]. This may be caused in the > absence of a configuration/support module that knows how to interpret the > JSON fragment, specially if the fragment describes a CAS registered service > definition. Internal parsing error is [Cannot construct instance of > `org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor` > > (no Creators, like default construct, exist): cannot deserialize from > Object value (no delegate- or property-based Creator) > at [Source: > (String)"{"@class":"org.apereo.cas.ticket.TicketGrantingTicketImpl","@id":1,"id":"TGT-20-******************4OIdqEs6hCxUOo1V9oWRBct-...daM15STZ9bFmYC-v-3MOV4-casdev-srv01-lid","authentication":{"@class":"org.apereo.cas.authentication.DefaultAuthentication","authenticationDate":1548691399.597,"credentials":["java.util.ArrayList",[{"@class":"org.apereo.cas.authentication.BasicCredentialMetaData","id":"curryd","credentialClass":"org.apereo.cas.authentication.UsernamePasswordCredential"}]],"principal":{"@clas"[truncated > > 4973 chars]; line: 1, column: 4973] (through reference chain: > org.apereo.cas.ticket.TicketGrantingTicketImpl["authentication"]->org.apereo.cas.authentication.DefaultAuthentication["successes"]->java.util.HashMap["Active > > Directory > (TNS)"]->org.apereo.cas.authentication.DefaultHandlerResult["warnings"]->java.util.ArrayList[0])]> > 2019-01-28 11:04:43,243 ERROR > [org.apereo.cas.ticket.registry.MongoDbTicketRegistry] - <Failed fetching > [TGT-20-*********************************************************YC-v-3MOV4-casdev-srv01-lid]: > > [java.lang.RuntimeException: > org.apereo.cas.ticket.TicketGrantingTicketImpl]> > > > followed by > > TICKET_GRANTING_TICKET_DESTROYED > > > Bummer. :-) > > I think the problem is described in the second line above: "Cannot > construct instance of > `org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor` > > (no Creators, like default construct, exist): cannot deserialize from > Object value (no delegate- or property-based Creator)". > > But I have no idea what that message is actually telling me, or why I'm > getting it. I do not have any custom code like home-grown authenticators, > etc. I do have a custom user interface theme (Thymeleaf templates), but I > don't see any significant differences there between mine and the stock > theme. Am I missing some component in my pom.xml that brings this in? The > documentation doesn't mention needing one, but... Am I missing some > property setting somewhere? > > Any insights appreciated. > > Thanks, > --Dave > > P.S. - Full log attached. > > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b25c36bb-dece-45e7-ab1d-5555cb7baf95n%40apereo.org.
