Skip to content

#345 Fix registration of CES password-management service (regression of #163)#346

Closed
henry-bobka wants to merge 3 commits into
developfrom
feature/345_fix_pm_service_registration
Closed

#345 Fix registration of CES password-management service (regression of #163)#346
henry-bobka wants to merge 3 commits into
developfrom
feature/345_fix_pm_service_registration

Conversation

@henry-bobka

@henry-bobka henry-bobka commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

After the CAS 6 => 7 / Spring Boot 2 => 3 upgrade, no mails were sent for CAS-driven flows but the UI reported "Password Reset Instructions Sent Successfully" — so the failure was invisible.

The drop was address-dependent and on the application layer:

  • admin@ces.local => CAS logs Email address [admin@ces.local] for [admin] is not valid and sends nothing.
  • admin@example.com => mail flows normally.

This is a regression of #163: CesLdapPasswordManagementService (which deliberately deactivates the e-mail-address validation for internal addresses like admin@ces.local) was no longer the active passwordChangeService at runtime.

The config class gated the CES override on @ConditionalOnProperty(name = "cas.authn.pm.ldap[0].ldap-url"). Indexed [0] property names are no longer resolved reliably by @ConditionalOnProperty since Spring Boot 3, so the condition silently stopped matching — the CES bean was never registered and the stock Apereo passwordChangeService (with active e-mail validation) took over.

Close #345

@henry-bobka henry-bobka closed this Jul 2, 2026
@henry-bobka
henry-bobka deleted the feature/345_fix_pm_service_registration branch July 2, 2026 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

CES e-mail validation bypass no longer active after CAS 7 / Spring Boot 3 upgrade

1 participant