[ltb-dev] [LDAP Tool Box - Bug #863] Password Token Expiring

noreply at lsc-project.org noreply at lsc-project.org
Mon May 23 20:10:43 CEST 2016


Issue #863 has been updated by Jeff G.


We are authenticating with a CAS account that is separate from the account being reset.

I don't see anything wrong with the code. The first include is for the CAS code. After the user authenticates it brings them back to the reset page and says "Token is not valid". The reset code doesn't like whatever CAS is passing through. I thought CAS was pretty much transparent to the destination website.

Like I said, if the user is authenticated with CAS prior to clicking the link it works perfectly.
----------------------------------------
Bug #863: Password Token Expiring
http://tools.lsc-project.org/issues/863

Author: Jeff G
Status: New
Priority: High
Assigned to: 
Category: Self Service Password
Target version: self-service-password-?


It seems the password tokens expire when a new one is requested, even for completely different people. If I request a password reset token for client A, then 5 minutes later for client B, client A will no longer be able to reset their password using the token they were sent. Is this normal?


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160523/eedd65ed/attachment.htm>


More information about the ltb-dev mailing list