[Bug 41750] New: ForcePasswordResetWhenSetByStaff prohibits login via CAS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41750 Bug ID: 41750 Summary: ForcePasswordResetWhenSetByStaff prohibits login via CAS Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: katrin.fischer@bsz-bw.de QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org When ForcePasswordResetWhenSetByStaff is set to "enforce" and staff adds creates a new patron account, login by CAS is impossible. It took us a while to figure this out, since it just "won't work" without any helpful error message. I think there are different ways this could be handled. We could not check the password expiration date if a user authenticates through another external system (LDAP, CAS, OAuth2), since they cannot change the password then. The smallest solution might be warning on the pref, to not enable this for patron categories that use external authentication. I think in general it would be nicer to allow external authentication and still enforce if local login is used - there might be cases where both are the same patron category now and this would keep things more flexible. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41750 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org