Task #1268
PRD: CAS WS SSO Password Validation & CAS Token Functionality Bug
Status: | Work Completed-End life cycle | Start date: | November 15, 2011 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Rayvandy Gabbytian | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
- CAS Administration: Token functionality is not working as expected due to previous enhancement.
- Previous enhancement on Customer Inquiry, the Hibernate mapping has been changed to cater for additional relationship between TbAmUser & TbAmVasco (one-to-many).
- The relationship enables Customer Inquiry module to inquire customers given with their Secure Pass (Token) serial number attached to the user ID.
- The cascading options within this mapping is not operating as normal, causing instability in terms of data manipulation (the way Hibernate performs querying).
- The cascading options cause token functionalities (Enable, Disable, Assign, Revoke, Sync) is overwritten by the TbAmVasco object during update of maker checker pending flag
- Sample scenario:
- Bank Admin request Sync Token of customer via CAS Administration.
- CAS Administration inquire customer profile, storing in tbAmUser & tbAmBasco Object.
- CAS Administration parse the profile to CAS to performed Sync Token via CAS WS API, the request is successful.
- CAS WS API updated the relevant information to tbAmVasco table.
- CAS Administration updates the MK pending flag back to "not pending" and also unexpectedly update into DB with the previous tbAmUser & tbAmVasco Object (before Sync Token is requested).
- This resulted a situation deceiving that nothing ever happened even though Bank Admin performed the Sync Token process.
- I've removed the cascading options and it solved the problem.
- Current work around solution is to perform token functionality via CMS administration.
- CAS Web Services: Force change password is not working as expected due to strict password validation.
- Prior to SSO customer migration over CAS, the origin password policy allowable symbol is "!@#$%^&*()_+-=<>,.?/:;[]{}|"
- CAS password policy allowable symbol is less than they supported "!@#$%^&*()_+<>?"
- This has cause customer with non CAS supported symbols unable to login
- The previous action plan taken is to validate according to SSO password policy during normal login.
- The current issue is that those passwords has been expired which needs to be changed (Force Change Password)
- Current force change password WS does not validate according to SSO password policy.
- I've amended force change password WS to validate current password as per SSO password policy in order to allow them to change.
- Current work around solution is to reset customer password.
- Would need effort to deploy the below into SIT/UAT:
- CAS Administration (context root: CAS)
- https://hub.penril.net/hg/maybank/cas/cas_admin/
- CAS Web Services (context root: casWS)
- https://hub.penril.net/hg/maybank/cas/cas_ws/
- Check out the project and export as a WAR file. They can be deployed with default settings.
History
#1 Updated by Rayvandy Gabbytian almost 13 years ago
- Status changed from Development / Work In Progress to Work Completed-End life cycle
- % Done changed from 50 to 100