pwm-project / pwm Goto Github PK

View Code? Open in Web Editor NEW

877.0 82.0 246.0 141.18 MB

pwm

License: Other

Java 87.78% HTML 1.30% Batchfile 0.01% Shell 0.02% CSS 1.48% JavaScript 5.97% TypeScript 3.02% SCSS 0.43%

password self-service ldap user-registration

pwm's People

Contributors

Stargazers

Watchers

Forkers

jcauthorn ghacct22 jtmiller30 inab polyakov-andrey kewalaka obsicn m4ce ldchrist wahlstedtw natashabeige zeeshanali briangormanly bpredatsch idwright smahasankabir duttonw netiq-ps scottnesmith tridlk contegix ww-digital deejvince bonhamcm fabioandreteles wedacongit devnull69 snoockuums cherifsy onebagofrice fzachlod mahkorayem brandonkirklen skoranda jeanfpoulin yasin0ps meiko bsyn julietjensen lipengyu patrickfung hsssystems tubraunschweig lxnx0 vn-noob mndeto abaker44 romanticcat deltamobile infstylecheck sornss zigmax quantiarc yveshwang rayblanket oroc95 fksno jm0477 cacalote day4skiing marcianobarros20 atuc2 arisutha gnalawade ilyse63 sunmsn joswhite smart-on-fhir suhaibbhat dcozzy asacamano fidcn jchernandezr jamezpolley ganps7 acury ahotton danikuci1 klamberth27 wujcheng pavanvarmausa yhlee01 philippevienne watery hufman neb382 gowdarn mattock erich745 elijah626 gclayburg 289306290 mupi2015 ajeromexv chhayheng168 eoheurope ianp1 rihahari jschneid-nmdp carlosa8c

pwm's Issues

Error installing on Websphere Liberty Profile Server

------Start of DE processing------ = [12/22/15 11:14:32:915 EST]
Exception = java.lang.NullPointerException
Source = com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters
probeid = 1105
Stack Dump = java.lang.NullPointerException
at java.net.URI$Parser.parse(URI.java:3035)
at java.net.URI.(URI.java:607)
at password.pwm.util.PwmServletURLHelper.checkIfStartsWithURL(PwmServletURLHelper.java:97)
at password.pwm.util.PwmServletURLHelper.isPrivateUrl(PwmServletURLHelper.java:52)
at password.pwm.util.ServletHelper.handleRequestInitialization(ServletHelper.java:509)
at password.pwm.SessionFilter.processFilter(SessionFilter.java:105)
at password.pwm.SessionFilter.doFilter(SessionFilter.java:90)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at password.pwm.GZIPFilter.doFilter(GZIPFilter.java:45)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:207)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:1020)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1142)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4867)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:297)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:997)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:262)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink.ready(HttpDispatcherLink.java:341)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:470)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.handleNewRequest(HttpInboundLink.java:404)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.processRequest(HttpInboundLink.java:284)
at com.ibm.ws.http.channel.internal.inbound.HttpInboundLink.ready(HttpInboundLink.java:255)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:1017)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:626)
at com.ibm.ws.channel.ssl.internal.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1766)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:504)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:574)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:929)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1018)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1157)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:627)
at java.lang.Thread.run(Thread.java:809)

LDAP Search Filter Creation

File: FormUtility.java
Class: FormUtility
Function: ldapSearchFilterForForm
Problem Code:
if (objectClasses.size() == 1) {
sb.append("(objectclass=");
sb.append(objectClasses.iterator().next());
sb.append(")");
} else {
sb.append("(|");
for (final String objectClassValue : objectClasses) {
sb.append("(objectclass=");
sb.append(objectClassValue);
sb.append("("); ///////////////problem
}
sb.append(")");

Fixed Code:
if (objectClasses.size() == 1) {
sb.append("(objectclass=");
sb.append(objectClasses.iterator().next());
sb.append(")");
} else {
sb.append("(|");
for (final String objectClassValue : objectClasses) {
sb.append("(objectclass=");
sb.append(objectClassValue);
sb.append(")");/////////////fix
}
sb.append(")");
}

Thank you. ~NR.

ExternalChangeMethod

Was this feature removed between 1.7.1 and 1.8.0 (there was no notice in history/change-log), if it was could it be re-added. Just installed and configured PWM 1.8.0 and notice Developer/Integration settings missing. Can no longer sync external NIS directory with AD changes via PWM.

Thanks

How to use default applicationPath after 41d74e35e139c8a9f15986c5e424d187f6472288?

We would like to continue using an applicationPath detected from the WEB-INF directory, but after 41d74e3, how can this be achieved?

Unable to reset password using "forgotten password"

What steps will reproduce the problem?

Forgotten Password -> Input username
Receive email with code -> Input email code
Click check code

What is the expected output? What do you see instead?
Expected output => Option to set the new password
What do you see instead:

PWM 5015

An error has occurred. If this error occurs repeatedly please contact your helpdesk.

What version of PWM are you using?
1.8

What ldap directory and version are you using?
OpenLDAP: slapd 2.4.40

Please paste any error log messages below:

2016-02-12T18:21:40Z, TRACE, operations.PasswordUtility, {842} readPasswordPolicyForUser completed in 2ms [192.168.34.93]
2016-02-12T18:21:40Z, FATAL, servlet.AbstractPwmServlet, 5015 ERROR_UNKNOWN (unexpected error processing request: null
java.lang.NullPointerException
        at password.pwm.util.PwmPasswordRuleValidator.internalPwmPolicyValidator(PwmPasswordRuleValidator.java:222)
        at password.pwm.util.RandomPasswordGenerator.createRandomPassword(RandomPasswordGenerator.java:190)
        at password.pwm.ldap.auth.LDAPAuthenticationRequest.setTempUserPassword(LDAPAuthenticationRequest.java:406)
        at password.pwm.ldap.auth.LDAPAuthenticationRequest.authUsingUnknownPw(LDAPAuthenticationRequest.java:123)
        at password.pwm.ldap.auth.SessionAuthenticator.authUserWithUnknownPassword(SessionAuthenticator.java:170)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processSendNewPassword(ForgottenPasswordServlet.java:902)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.advancedToNextStage(ForgottenPasswordServlet.java:761)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processAction(ForgottenPasswordServlet.java:236)
        at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:108)
        at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:64)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.CaptchaFilter.processFilter(CaptchaFilter.java:53)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:81)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:70)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:67)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.ApplicationStatusFilter.doFilter(ApplicationStatusFilter.java:36)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
)
2016-02-12T18:21:40Z, ERROR, http.PwmResponse, {842} 5015 ERROR_UNKNOWN (unexpected error processing request: null [192.168.34.93]
java.lang.NullPointerException
        at password.pwm.util.PwmPasswordRuleValidator.internalPwmPolicyValidator(PwmPasswordRuleValidator.java:222)
        at password.pwm.util.RandomPasswordGenerator.createRandomPassword(RandomPasswordGenerator.java:190)
        at password.pwm.ldap.auth.LDAPAuthenticationRequest.setTempUserPassword(LDAPAuthenticationRequest.java:406)
        at password.pwm.ldap.auth.LDAPAuthenticationRequest.authUsingUnknownPw(LDAPAuthenticationRequest.java:123)
        at password.pwm.ldap.auth.SessionAuthenticator.authUserWithUnknownPassword(SessionAuthenticator.java:170)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processSendNewPassword(ForgottenPasswordServlet.java:902)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.advancedToNextStage(ForgottenPasswordServlet.java:761)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processAction(ForgottenPasswordServlet.java:236)
        at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:108)
        at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:64)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.CaptchaFilter.processFilter(CaptchaFilter.java:53)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:81)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:70)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:67)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.ApplicationStatusFilter.doFilter(ApplicationStatusFilter.java:36)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
)
2016-02-12T18:21:40Z, DEBUG, http.PwmResponse, {842} forcing logout due to error 5015 ERROR_UNKNOWN (unexpected error processing request: null [192.168.34.93]
java.lang.NullPointerException
        at password.pwm.util.PwmPasswordRuleValidator.internalPwmPolicyValidator(PwmPasswordRuleValidator.java:222)
        at password.pwm.util.RandomPasswordGenerator.createRandomPassword(RandomPasswordGenerator.java:190)
        at password.pwm.ldap.auth.LDAPAuthenticationRequest.setTempUserPassword(LDAPAuthenticationRequest.java:406)
        at password.pwm.ldap.auth.LDAPAuthenticationRequest.authUsingUnknownPw(LDAPAuthenticationRequest.java:123)
        at password.pwm.ldap.auth.SessionAuthenticator.authUserWithUnknownPassword(SessionAuthenticator.java:170)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processSendNewPassword(ForgottenPasswordServlet.java:902)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.advancedToNextStage(ForgottenPasswordServlet.java:761)
        at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processAction(ForgottenPasswordServlet.java:236)
        at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:108)
        at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:64)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.CaptchaFilter.processFilter(CaptchaFilter.java:53)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:81)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:110)
        at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:70)
        at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:71)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:67)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.http.filter.ApplicationStatusFilter.doFilter(ApplicationStatusFilter.java:36)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:521)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1096)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
)
2016-02-12T18:21:40Z, TRACE, http.PwmResponse, {842} forwarding to /WEB-INF/jsp/error.jsp [192.168.34.93]
2016-02-12T18:21:46Z, TRACE, http.PwmRequest, {842} GET request for: /pwm/ (no params) [192.168.34.93]
2016-02-12T18:21:46Z, TRACE, http.SessionManager, {842} incremented request counter to 1 [192.168.34.93]
2016-02-12T18:21:46Z, TRACE, http.PwmRequest, {842} GET request for: /pwm/private/ (no params) [192.168.34.93]
2016-02-12T18:21:46Z, TRACE, filter.AuthenticationFilter, {842} user requested resource requiring authentication (/pwm/private/), but is not authenticated; redirecting to LoginServlet [192.168.34.93]
2016-02-12T18:21:46Z, TRACE, http.PwmRequest, {842} GET request for: /pwm/private/login [192.168.34.93]
  posturl='H4sIAAAAAAAAAAFCAL3_UFdNLkFFUzEyOF9ITUFDMjU298-1mxKI8GKMqk3RMOCQ_4AWc16JqupX7dnNReKx7ZMvrlY2kexxQQXU4sepcUEg6fu3_UIAAAA='
2016-02-12T18:21:46Z, TRACE, http.PwmResponse, {842} forwarding to /WEB-INF/jsp/login.jsp [192.168.34.93]
2016-02-12T18:21:46Z, TRACE, http.SessionManager, {842} incremented request counter to 2 [192.168.34.93]

Builds inclduing daily's starting with commit 4a4a4aaecd8a96559b739fe03aad7b32c0605a47

Starting with that build, you can no longer login using Active Directory in any context path, you have to specify every context path.

In the screenshots below, it shows the error, and although this error is during setup, if I continue to to configure pwm, every user in any context will get that error preventing them from logging in unless every context path is inputted in the configuration.

Before
http://s2.postimg.org/697qkecc9/before.png

After 4a4a4aa...
http://s11.postimg.org/8iltzuoyb/upto_Build.png

JASON

SMS OAuth2 Support

Some SMS vendors do not support BASIC auth, but instead require a simple OAuth2 workflow with a token and refresh token. It would be great to be able to support this (as well as refreshing the token) in PWM. Thanks!

Latest build: Force Update Profile not enforced

In the latest build, Force Update Profile seems to have no effect - the settings to configure an LDAP query to trigger this was removed in the Dec 21 2015 update.

"Forgotten Username" allways returns content of cn attribute.

When I activate the "Forgotten Username" Module and change the "Username LDAP Attribute" from "cn" to "uid" (since I use uid for the user name, cn is givenname + " " + surename), the module still returns the content of the cn attribute.

Is this a lag of understanding on my site how this feature is suposed to work or a bug?

I would expect to get back the content of the atteribute I entered in Modules -> Forgotten Username -> Username LDAP Attribute

Thanks!

Intruder Notice Email never sent

The Intruder Notice email is never sent after an account is locked out because marking the username in the IntruderManager throws an error before the userid marking can occur in the SessionManager.postFailureSequence() method:

            if (username != null) {
                intruderManager.mark(RecordType.USERNAME, username, pwmSession.getLabel());
            }

            if (userIdentity != null) {
                intruderManager.convenience().markUserIdentity(userIdentity, sessionLabel);
            }

Problems to send auth email

Environment:

pwm-1.8.0-SNAPSHOT-2016-05-11T17:00:29Z-pwm-bundle.zip + tomcat7

already setup the email config:

email.smtp.address
email.smtp.port
email.smtp.username
email.smtp.userpassword

Set pwm log to trace:

2016-05-24T15:16:31Z, INFO , event.AuditService, audit event: {"perpetratorID":"alberto.viana","perpetratorDN":"uid=alberto.viana,ou=users,dc=my,dc=domain","perpetratorLdapProfile":"default","sourceAddress":"MY_IP","sourceHost":"MY_IP","type":"USER","eventCode":"CHANGE_PASSWORD","guid":"ebdb50b3-6b3e-40e9-800a-71329c0e1d80","timestamp":"2016-05-24T18:16:31Z"}
2016-05-24T15:16:31Z, ERROR, queue.EmailQueueManager, error during email send attempt: javax.mail.SendFailedException: Invalid Addresses;
  nested exception is:
        com.sun.mail.smtp.SMTPAddressFailedException: 554 5.7.1 <unknown[SERVER_IP]>: Client host rejected: Access denied

2016-05-24T15:16:31Z, ERROR, queue.EmailQueueManager, error sending email (Invalid Addresses) from: Change Password Notice <[email protected]>, to: [email protected], subject: Password Change Notification, permanent failure, discarding message

Seems that pwm is not even try to auth (Confirmed that at my smtp server log).

How can I debug that? Am I not suppose to see "plaintext" or "authenticated" in pwm log (As far as I could check pwm code)?

CAS Support?

Hi, I noticed PWM has built-in CAS integration. What would it take to include this module inside a CAS deployment? Are there binary dependencies available for PWM?

LocalDB Cannot be Null

I followed the guide at https://github.com/pwm-project/pwm/wiki/Installation-on-Windows-OS to install the latest PWM on Ubuntu 16.04 with OpenJDK 8 and Tomcat 8. Unfortunately, I keep getting the following message:

5082 ERROR_STARTUP_ERROR (unexpected error instantiating service class
'password.pwm.util.queue.EmailQueueManager', cannot load, error: LocalDB cannot be null)

I am not sure how to proceed from here. Google did not help much. Any suggestion will be much appreciated.

Macro errors out saying incorrect format

I've included a screenshot of what's happening. When I click add action in the modules -> user activation -> activation actions -> add action then input my macro, as soon as i put a @ it errors. You can see in the screenshot. What I want to do is replace the ldap email field with a custom email.

I am running: PWM v1.8.0-SNAPSHOT b11363872 red0d2f49694aad6b43ffe943ff1cb68e2df6abf5

Internationalization issue

Hi, while trying to enter token for my username I receive:

Thu Mar 10 12:32:59 CET 2016, WARN , password.pwm.servlet.ForgottenPasswordServlet, user in session 'CN=Artur Szcześniak,CN=Users,DC=blstream,DC=group' entered code for user 'CN=Artur Szcze?niak,CN=Users,DC=blstream,DC=group', counting as invalid attempt

tokenDN is received without "ś" symbol and comparator fails to check it against good DN.

pwmEventLog

I am seeing issues with the pwmEventLog attribute and password changes. It is further encapsulating attributes on each password change.

As far as I can tell it is because in LdapXmlUserHistory.java fromXML that
final String srcAddr = hrElement.getAttribute(XML_ATTR_SRC_IP) != null ? hrElement.getAttribute(XML_ATTR_SRC_IP).toString() : "";
final String srcHost = hrElement.getAttribute(XML_ATTR_SRC_HOST) != null ? hrElement.getAttribute(XML_ATTR_SRC_HOST).toString() : "";

instead of:
final String srcAddr = hrElement.getAttribute(XML_ATTR_SRC_IP) != null ? hrElement.getAttribute(XML_ATTR_SRC_IP).getValue() : "";
final String srcHost = hrElement.getAttribute(XML_ATTR_SRC_HOST) != null ? hrElement.getAttribute(XML_ATTR_SRC_HOST).getValue() : "";

Updating exisiting pwm on ldap giving paging errors

Hi,

Just letting you know that there seems to be no ability in the config editor to change the ldap.search.paging.enable flag and the ldap.search.pagining.size option which were added recently

I had to manually add these two settings to my PwmConfiguration.xml files to make pwm work correctly when running against openDJ.

Regards

William D.

<setting key="ldap.search.paging.enable" syntax="BOOLEAN">
  <label>Attribute to use for ldap search paging enable</label>
  <value>FALSE</value>
</setting>
<setting key="ldap.search.paging.size" syntax="NUMERIC">
  <label>Attribute to use for ldap search page sizing</label>
  <default />
</setting>

error in openldap.ldif

There is a small error in the openldap.ldif:

olcAttributeTypes: {1}( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret '

should be

olcAttributeTypes: {1}( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret'

(space after "pwmOtpSecret")

command.sh -applicationPath=<dir> ConfigSetPassword XXXX returns error

I get the error:

unable to establish operating environment: null

The commands ConfigUnlock and ConfigLock appear to work though.

Sorry - is this due to the application being locked and running? Would I need to shut it down first?

The debug mode for ExportStats (which also fails)

2015-12-11 10:37:03, DEBUG, stored.ConfigurationReader, loading configuration file: /var/pwm/PwmConfiguration.xml
2015-12-11 10:37:11, DEBUG, stored.StoredConfigurationImpl, successfully loaded configuration (7s)
2015-12-11 10:37:11, DEBUG, stored.ConfigurationReader, configuration mode: RUNNING
unable to establish operating environment: null

User Activation ERROR when user match

Now I get PWM 5015 when try to activate user who match activation query.
Log: "ERROR, http.PwmResponse, {14} 5015 ERROR_UNKNOWN (unexpected error processing request: null
java.lang.NullPointerException"
Using last commit: pwm-1.8.0-SNAPSHOT-2016-01-20T00:10:08Z-pwm-bundle.zip

error

finish installing pwm
I'll start guide configuration ... and error
poster in yellow: Error while Selecting step: SyntaxError: expected expression, got '& lt;'

Use JSTL for JSP outputs

<c:out would often be simpler (due to dot notation) and safer (due to automatic XML escaping) than <%=

message undefined when theme selected

Hi, when using a theme different from custom or default (those are basically empty so only the general one is applied) if I entera wrong username and/or password i get a box on the login page alertin me about "Password or username not valid". After some moments, selecting the tho inputbox, in the box with error message is appended some html code like "<div class="message undefined" ..."
It seems that having to process 2 stylesheet something goes wrong on the javascript that handle that messagebox

error translating ADDB to PwmSettingTemplate

Since a recent upgrade from 1.7 to the most recent 1.8 snapshot, my system log is filling with:
WARN , util.Helper, unexpected error translating input=ADDB to enumClass=PwmSettingTemplate.

Is ADDB an old config value that should be updated?

Problem involving SMS : Peer not authenticated

Hello everyone,

I have been trying to add a SMS option to reset password, but so far I am stuck on the following problem:
"ERROR, password.pwm.util.queue.SmsQueueManager, unexpected exception while sending SMS: peer not authenticated"

From what I have read so far, I realise this has to do with the SSL negociation not being successful, and should therefore import my SMS provider AC and/or certificate.

The piece of information I am missing is the following : where in the configuration do I find the path to the keystore used by PWM?
I have added the certificates to the keystore in the JRE_HOME, but nothing changed.

Thanks for your help,

Self-service Change Password never works

When a user attempts to change their password after all checks have succeeded, the user interface always brings up the password change page again.

In ChangePasswordServlet.handleChangeRequest(), the changePasswordBean.isAllChecksPassed() method is set to false by default, calling advancedToNextStage():

if (!changePasswordBean.isAllChecksPassed()) {
    this.advancedToNextStage(pwmRequest, changePasswordBean);
    return;
}

If no other checks fail, the user is always back to the change password page:

changePasswordBean.setAllChecksPassed(true);
pwmRequest.forwardToJsp(PwmConstants.JSP_URL.PASSWORD_CHANGE);

Email not being send

Emai1 are not being send and error is reported as below
2016-09-01T09:32:02Z, ERROR, queue.EmailQueueManager, 5085 ERROR_EMAIL_SEND_FAILURE (error sending email: No From address) fields: [{"to":"[email protected]","from":"Forgotten Password [email protected]","subject":"Forgotten Password Verification"}, javax.mail.MessagingException: No From address, cause:java.net.UnknownHostException: webapp: webapp: Name or service not known, cause:java.net.UnknownHostException: webapp: Name or service not known]
2016-09-01T09:32:02Z, ERROR, queue.EmailQueueManager, error sending email (No From address) from: Forgotten Password [email protected], to: [email protected], subject: Forgotten Password Verification, will retry
2016-09-01T09:32:17Z, ERROR, queue.EmailQueueManager, 5085 ERROR_EMAIL_SEND_FAILURE (error sending email: No From address) fields: [{"to":"[email protected]","from":"Forgotten Password [email protected]","subject":"Forgotten Password Verification"}, javax.mail.MessagingException: No From address, cause:java.net.UnknownHostException: webapp: webapp: Name or service not known, cause:java.net.UnknownHostException: webapp: Name or service not known]
2016-09-01T09:32:17Z, ERROR, queue.EmailQueueManager, error sending email (No From address) from: Forgotten Password [email protected], to: [email protected], subject: Forgotten Password Verification, will retry

SSO problem : authenticated without a password, redirecting to login page

Hi all

I've an issue using SSO Headers for authentication (PWm 1.7.1, OpenLDAP 2.3).
Once authenticated through, if i want to change my password or setup responses answers, i´m sent to the password page over and over again.

Extract from PWM.log

2015-11-18 11:49:39, TRACE, provider.JNDIProviderImpl, bind successful as uid=xzy,ou=users,dc=domain,dc=fr (47ms)
2015-11-18 11:49:39, TRACE, provider.ChaiProviderFactory, adding WatchdogWrapper to provider instance
2015-11-18 11:49:39, TRACE, provider.WatchdogWrapper, checking for user password expiration to adjust watchdog timeout
2015-11-18 11:49:39, TRACE, provider.ChaiProviderFactory, adding WireTraceWrapper to provider instance
2015-11-18 11:49:39, TRACE, provider.ChaiProviderFactory, adding StatisticsWrapper to provider instance
2015-11-18 11:49:39, TRACE, provider.WireTraceWrapper, begin id=18,op#1 method readStringAttribute(uid=xyz,ou=users,dc=domain,dc=fr,objectClass)
2015-11-18 11:49:39, TRACE, provider.WireTraceWrapper, finish id=18,op#1 result: "top" (1ms)
2015-11-18 11:49:39, INFO , operations.UserAuthenticator, {7m,[CN USER]} successful ssl authentication for uid=xyz,ou=users,dc=domain,dc=fr (56ms) [@ip Address user, @ip Address reverse proxy/]
2015-11-18 11:49:39, WARN , servlet.TopServlet, attempt to access functionality requiring password authentication, but password not yet supplied by actor, forwarding to password Login page
2015-11-18 11:49:39, DEBUG, servlet.TopServlet, {7m,[CN USER]} user is authenticated without a password, redirecting to login page [@ip Address user, @ip Address reverse proxy/]
2015-11-18 11:49:39, TRACE, pwm.SessionFilter, {7m,[CN USER]} GET request for: /pwm/private/Login (no params) [@ip Address user, @ip Address reverse proxy/]
2015-11-18 11:49:39, TRACE, util.MacroMachine, replaced Macro @user:ID@ with value: [CN USER]

Any help appreciated

Many thx

Check password error?

Hi,

I've just updated to your latest build (2015-11-04T18:42:37Z-pwm-1.8.0-SNAPSHOT.war) - when changing password I get the error:

Request URL:https://myserver/password/public/rest/checkpassword?pwmFormID=5xpXzLra3sOni0yBG6YKp4L6lLJQpglo150f720b964u3fAb&preventCache=1447255221334
Request Method:POST
Status Code:415 Unsupported Media Type

Is this a defect or do I need to set something? Thanks

no redirect to challenge

Cannot create field selecting field type

Hi, with version 1.8 it's not possible to create fields (on new user form, guest registratin form, ecc.) and select the type as was for version 1.7. The most notable absence is the "select" type.
Odd thing is that if I change manually the xml and restart pwm the interface is able to manage a field of type "select" (eg. adding values, removing values from the table) but it's not possible to create new one.

Unable to validate password on newuser form

I get the following exception thrown when attempting to create a new user - it is connected to checking the password.
Using latest code from github as of today with minimal configuration

2016-02-17T15:48:10Z, FATAL, servlet.AbstractPwmServlet, 5015 ERROR_UNKNOWN (unexpected error processing request: null
java.lang.NullPointerException
at password.pwm.PwmApplication.getProxiedChaiUser(PwmApplication.java:324)
at password.pwm.ldap.LdapUserDataReader.appProxiedReader(LdapUserDataReader.java:65)
at password.pwm.util.macro.MacroMachine.forUser(MacroMachine.java:246)
at password.pwm.util.PwmPasswordRuleValidator.internalPwmPolicyValidator(PwmPasswordRuleValidator.java:222)
at password.pwm.util.PwmPasswordRuleValidator.internalPwmPolicyValidator(PwmPasswordRuleValidator.java:157)
at password.pwm.util.PwmPasswordRuleValidator.validate(PwmPasswordRuleValidator.java:139)
at password.pwm.util.PwmPasswordRuleValidator.testPassword(PwmPasswordRuleValidator.java:92)

HTTP 500 during User Activation

I get HTTP 500 "An error has occurred. If this error occurs repeatedly please contact your helpdesk."

When I try to active a user who doesnt match the Activation Permission query

Using: pwm-1.8.0-SNAPSHOT-2016-01-13T19:05:57Z-pwm-bundle

Change password fails with "ERROR_WRONGPASSWORD (cannot set password for user, old password is not available)"

This Issue is still present.

What steps will reproduce the problem?

Forgotten password -> input user id and email address -> search
Email send to user's email and input the verification code
Prompt for input new password and confirm new password
click change password

What is the expected output? What do you see instead?
Expected output => password change success
What do you see instead => 5001 ERROR_WRONGPASSWORD (cannot set password for user, old password is not available)

What version of PWM are you using?
1.8.0

What ldap directory and version are you using?
AD LDS on Windows Server 2012 R2

Please paste any error log messages below:

2015-12-08 18:38:59, DEBUG, provider.WatchdogWrapper, ldap idle timeout detected, closing ldap connection for ChaiProvider #1434 (JNDIProviderImpl), OPEN ldaps://server.local:XXX CN=LDAP_STEP_PWM,OU=System,OU=Users,DC=step,DC=hornbach,DC=com
2015-12-08 18:38:57, DEBUG, provider.WatchdogWrapper, reopening ldap connection for CN=LDAP_STEP_PWM,OU=System,OU=Users,DC=step,DC=hornbach,DC=com
2015-12-08 18:38:29, DEBUG, provider.WatchdogWrapper, ldap idle timeout detected, closing ldap connection for ChaiProvider #1428 (JNDIProviderImpl), OPEN ldaps://server.local:XXX CN=LDAP_STEP_PWM,OU=System,OU=Users,DC=step,DC=hornbach,DC=com
2015-12-08 18:38:25, DEBUG, servlet.ChangePasswordServlet, 5001 ERROR_WRONGPASSWORD (cannot set password for user, old password is not available)
2015-12-08 18:38:21, DEBUG, localdb.LocalDBAdaptor, performed real size lookup of 0 for CACHE: 0ms, cached
2015-12-08 18:37:58, DEBUG, http.SessionManager, {21,userXXX} permission PWMADMIN for user STEP|CN=XXX,OU=XXX,DC=XXX,DC=XXX is DENIED [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.LdapPermissionTester, {21,userXXX} user UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} is not a match for group 'CN=PWM - Administrator,OU=Groups,DC=step,DC=hornbach,DC=com' [IPXXX]
2015-12-08 18:37:58, DEBUG, http.SessionManager, {21,userXXX} permission CHANGE_PASSWORD for user STEP|CN=XXX,OU=XXX,DC=XXX,DC=XXX is GRANTED [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.LdapPermissionTester, {21,userXXX} user UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} is a match for '(objectClass=*)' [IPXXX]
2015-12-08 18:37:58 , INFO , event.AuditService, audit event: {"perpetratorID":"userXXX","perpetratorDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","perpetratorLdapProfile":"STEP","sourceAddress":"IPXXX","sourceHost":"client.local","type":"USER","eventCode":"RECOVER_PASSWORD","guid":"97cdf13b-073e-47db-b288-eeabe19e8727","timestamp":"2015-12-08T17:37:58Z"}
2015-12-08 18:37:58 , INFO , forgottenpw.ForgottenPasswordServlet, {21,userXXX} user successfully supplied password recovery responses, forward to change password page: CN=XXX,OU=XXX,DC=XXX,DC=XXX [IPXXX]
2015-12-08 18:37:58, DEBUG, auth.SessionAuthenticator, {21,userXXX} clearing permission cache [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.UserStatusReader, {21} Helpdesk has no matching profiles for user CN=XXX,OU=XXX,DC=XXX,DC=XXX (STEP) [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.LdapPermissionTester, {21} user UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} is not a match for group 'cn=Helpdesk,cn=Domain Admins,cn=Users,DC=site,DC=example,DC=net' [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.UserStatusReader, {21} checkProfile: UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} has value for attributes, update profile will not be required [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.LdapPermissionTester, {21} user UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} is a match for '(objectClass=user)' [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.LdapPermissionTester, {21} user UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} is a match for '(objectClass=*)' [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.UserStatusReader, {21} completed user password status check for CN=XXX,OU=XXX,DC=XXX,DC=XXX PasswordStatus {expired=false, pre-expired=false, warn=false, violatesPolicy=false} (0ms) [IPXXX]
2015-12-08 18:37:58, DEBUG, operations.CrService, {21} checkIfResponseConfigNeeded: response setup is disabled, so user is not required to setup responses [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.LdapPermissionTester, {21} user UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} is a match for '(objectClass=*)' [IPXXX]
2015-12-08 18:37:58, DEBUG, operations.CrService, {21} testing challenge profiles 'default' [IPXXX]
2015-12-08 18:37:58, DEBUG, operations.CrService, {21} no response info found for user CN=XXX,OU=XXX,DC=XXX,DC=XXX [IPXXX]
2015-12-08 18:37:58, DEBUG, operations.CrService, {21} will attempt to read the following storage methods: ["LOCALDB"] for response info for user CN=XXX,OU=XXX,DC=XXX,DC=XXX [IPXXX]
2015-12-08 18:37:58, DEBUG, ldap.LdapPermissionTester, {21} user UserIdentity{"userDN":"CN=XXX,OU=XXX,DC=XXX,DC=XXX","ldapProfile":"STEP"} is a match for '(objectClass=*)' [IPXXX]
2015-12-08 18:37:58, DEBUG, operations.PasswordUtility, {21} testing password policy profile 'STEP' [IPXXX]

NOTE: I saw the code in PasswordUtility.setUserPassword and found the following code. Debugging get oldPassword = null. Don't know if I am missing some configuration.

// retrieve the user's old password from the userInfoBean in the session
final PasswordData oldPassword = pwmSession.getLoginInfoBean().getUserCurrentPassword();

boolean setPasswordWithoutOld = false;
if (oldPassword == null) {
    if (pwmSession.getSessionManager().getActor(pwmApplication).getChaiProvider().getDirectoryVendor() == ChaiProvider.DIRECTORY_VENDOR.MICROSOFT_ACTIVE_DIRECTORY) {
        setPasswordWithoutOld = true;
    }
}

if (!setPasswordWithoutOld) {
    // Check to make sure we actually have an old password
    if (oldPassword == null) {
        final String errorMsg = "cannot set password for user, old password is not available";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
}

configuration editor: cannot edit email HTML- body

when trying to change email html- Body text in the configuration editor a new dialog opens which shows an wysiwyg HTML- editor but does not allow editing the actual html body. The window is empty and no cursor is shown.

This happens for us in the current version as well as in an older snapshot we built in august.

Syslog udp 514 error

It's not possible to connect to a syslog server over udp port 514

Error: 2016-01-22 13:58:06, ERROR, event.AuditManager, 5060 ERROR_SYSLOG_WRITE_ERROR (java.net.ConnectException: Connection timed out: connect) fields: [udp,syslog.mydomain.com,514, java.net.ConnectException: Connection timed out: connect]

Version: PWM v1.7.1 b1232 (Release)

User profile update - blank fields

When trying to update a user profile, if there is no information in the fields (in my case otherMailbox and mobile), the user can use the update button and the program will try to send an email and sms to a blank number.

Looked on PWM_UPDATE.validateForm funtion, and if possible it would be good not to send if blank or make user fill all fields.

Errors in StoredConfiguration.xsd r943

Hello,

When I load the project under Eclipse, I get errors on StoredConfiguration.xsd, and indeed it seems to me that they are errors.

The XML declaration says: encoding="utf-16" but the actual content is obviously utf-8.
The element PwmConfiguration is a complexType that lists directly several elements, without any xsd:sequence tag.

Am I wrong ?

Administrator Group doesn't allow nested groups

When adding a LDAP Group for administration, it does not detect users if they are nested within another group.

PWM (Forgotten Password Module)

I have setup PWM (v1.7.1) running on Windows 2012. I have everything almost configured and I am getting an error setting up the Forgotten Password Module. When I click on the forgotten password module this is the error Im getting. (The username is not valid or does not have a configured response { 5006 ERROR_RESPONSES_NORESPONSES (multiple user matches found) }) I have it connected to my LDAP server and I am able to search for my users if I want to change their password. I appreciate any help I can get to resolve this matter. I do not have an sql setup on this.

New User link gives error

Hi, with latest nighty available (pwm-1.8.0-SNAPSHOT-2016-11-09T23:30:39Z-pwm-bundle.zip )
I got the a problem.
I've configured it with eDirectory. I'm trying a default new user registration.
If I enter the token send by mail manually in the field the activation goes fine, but if I clik on the link from the activation mail PWM start loading the progress bar, but from the browser console I got several warning

ignoring request to append duplicate param "processAction" to url

and errors:
ypeError: Cannot read property 'percentComplete' of undefined(…) "TypeError: Cannot read property 'percentComplete' of undefined
at loadFunction

It seems as the underlying directory is not an issue, cause even whith the error the user got created on LDAP server, and entering manually the token create the user as well and display correctly the progress bar

telemetry is enabled by default

The options

Enable Version Checking
Enable Anonymous Statistics Publishing

must default to off.

Directive 95/46/EC requires prior user consent before such data is transmitted.

Administrators Group

hello,
i want to ask a question about pwm1.8s configuration. i dont know how to set "Administrators Group"

in my ldap server, a group with two users(with administrator permission) had been created.

how can i solve this problem,thanks any way.

Adding new users to groups

Is it possible to add new users to groups?
I'm trying to find out how I could add a value to attribute in different entry than the currently created user entry.

For example, PWM creates user in uid=tester,ou=people,dc=example,dc=com and I would like to add a value (user uid) to memberUid: cn=user,ou=groups,dc=example,dc=com. Is this possible?

ChangePassword module to display both current and new password on same page

Hi,
Can this be achieved?
(instead of 2 step process, when "Require Current Password during change" is set to true, we want to have just one page with both old and new passwords).
i suspect that requires edit to JSP.. can anyone help with that, or possibly make that a configuration option?

Thank you
DeeJVince

Current snapshots broken

All snapshots after pwm-1.8.0-SNAPSHOT-2016-06-26T21:56:01Z-pwm-bundle.zip cannot be deployed because of a LocalDB error (see #80)

SNI support for TLS client

PWM does not support SNI when establishing TLS connection, for instance when calling a SMS HTTPS API which have multiple certificates on the same IP address.
It seems the problem relies on the outdated version of Apache httpclient used by PWM. Version 4.2.2 is used, only version 4.3.2 and later supports SNI : https://issues.apache.org/jira/browse/HTTPCLIENT-1119

There is currently a bug related to SNI in Java 8 when custom HostnameVerifier is used, I don't know if solving the SNI problem for PWM may be impacted : https://bugs.openjdk.java.net/browse/JDK-8144566

Whats the best way to theme PWM?

I've made a bunch of changes to the display of a PWM instance using CSS but its still kinda hacky without making changes to the HTML output below.

I'm wondering what would you guys would suggest would be the best way to essentially theme PWM. My initial thought is to make edits to the JSPs but there is worry about impacts when updating to a newer release.

Password change action webservice method cannot be changed to POST from UI

Using latest current build,
when i try to set the Post Password Change Actions,
I add an action, then on Web Service options, i try to set HTTP Method to Post, it does not save, nor it displays the body field.

Update: if i change the action to post in the configuration file, and then enter the configuration editor again, the post action is selected, and body text box shows.

Thank you,
DeeJVince

Update CAS configuration

There are some changes needed for the latest versions of CAS, and some enhancements that can be made.

Update CAS client config in web.xml
Support new style of clearPass with encrypted passwords
Provide a maven profile to simplify configuration