I am using crowd 2.7.0 with spring security. I am trying to use crowd's user forgot password functionality in my spring app. But when I reset an user password an email is sent to the user prompting for password reset.But after user successfully set his/her password they are redirected to crowd user login page not my spring app url where I want them to be redirected to. How can I tell this to crowd through java REST API client that user should be redirected to some url(http://mywebsite.com/myhome.htm in my case)?
Community moderators have prevented the ability to post new answers.
Unfortunately the built-in reset password page of Crowd (/crowd/console/resetpassword.action
) doesn't provide a way to redirect the user to a page of your choice after a successful password reset.
If you've downloaded Crowd's source (from my.atlassian.com), you can verify this yourself by looking at crowd/components/crowd-web-app/src/main/resources/xwork.xml
and com.atlassian.crowd.console.action.ResetPassword#doUpdate
() .
A possible workaround is to write your own password reset page (probably easiest to do that in a free-standing application, which sends its own reset emails) and use the Crowd REST APIs to set the user's password directly.
Thanks Casper! I thought I could use these dynamic password reset link generation(auto expirable) feature with maintaining any database.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is utterly madding. Every user, EVERY user I send to reset their password, no matter how LARGE I make the text I put in the wiki, every one of them emails me complaining about the fact they can't log in after they reset their password. This is an insane issue. How can I convey to you how much this needs to be resolved?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Mohiuddin Ahmed, I have implemented a JAVA project for this use case. It is on GitHub, open source.
There are explanation for everything (and if something is missing - let me know...) Have a look: https://github.com/OhadR/Authentication-Flows
This is the client web-app that uses the auth-flows, with the README with all explanations. it directs you the implementation: https://github.com/OhadR/oAuth2-sample/tree/master/authentication-flows
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm a bit late to the party here, but a simple solution for this use case (wanting to redirect to another site login page after successful password reset) is to use your web-server of choice (apache, nginx, ...) to do the redirect on successful password update.
I've written up a quick guide (using Apache) to redirect users to a confluence login page on crowd password update.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Community moderators have prevented the ability to post new answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.