Dear all, Currently, we have been utilizing a custom account manager that allows users to change their passwords while already logged in. Before doing the password change, this account manager asks the user its current password to check authenticity. In our ongoing evaluation of adopting CAS for this functionality, we have encountered certain behaviors that prompt clarifications.
We have successfully employed the AccountManagement module against CAS version 6.6.15. However, we've observed the following scenarios: 1) When a user is already logged in, CAS does not prompt for the password or reauthentication. Consequently, if a user leaves their PC unlocked, another person could potentially change the password without authentication. Could you please confirm if this behavior aligns with the expected functionality? 2) With the doPasswordChange=true parameter, even when the user is already logged in, they are not redirected to the change password window; instead, they are directed to the account management menu. Is this behavior consistent with the intended functionality? Your insights into these observations would be highly valuable. Thank you for your time and assistance. Best regards, Miguel -- [image: Universidad de Navarra] <http://www.unav.es/> *Miguel Martínez de Espronceda Cámara* Project Manager Universidad de Navarra IT Services Tel: +34 948 425 600 x803156 m <anice...@unav.es>mmcam...@unav.es -- *Este mensaje puede contener información confidencial. Si usted no es el destinatario o lo ha recibido por error, por favor, bórrelo de sus sistemas y comuníquelo a la mayor brevedad al remitente. Los datos personales incluidos en los correos electrónicos que intercambie con el personal de la Universidad de Navarra podrán ser almacenados en la libreta de direcciones de su interlocutor y/o en los servidores de la Universidad durante el tiempo fijado en su política interna de conservación de información. La Universidad de Navarra gestiona dichos datos con fines meramente operativos, para permitir el contacto por email entre sus trabajadores/colaboradores y terceros. Puede consultar la Política de Privacidad de la Universidad de Navarra en la dirección: **https://www.unav.edu/aviso-legal* <https://www.unav.edu/aviso-legal>**** ** ** *This email message may contain confidential information. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. The personal information included in email messages exchanged with employees of the University of Navarra may be stored in the database of your interlocutor and/or the servers of the University for the time-period stipulated by its internal information storage policy. The University stores such data for purely administrative purposes, to facilitate e-mail contact between its employees and third parties. The University of Navarra Privacy Policy may be accessed at https://www.unav.edu/aviso-legal <https://www.unav.edu/aviso-legal> ***** ** ** _Antes de imprimir este mensaje o sus documentos anexos, asegúrese de que es necesario. Proteger el medio ambiente está en nuestras manos. Before printing this e-mail or attachments, be sure it is necessary. _It is in our hands to protect the environment.__ -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOJCSZ8ZQrJW5-3Mv%2BNg9d%2B9aGiW9rwx9kwW%2B_8GHh_9Dbh7Dw%40mail.gmail.com.
