<html><head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body
 text="#000000" bgcolor="#FFFFFF">
Hi All,<br>
  <br>
I'm trying to setup password reset using email on a new system (3.9).  
I've copied files from a working system (3.8), and also compared them 
with the samples.  I will include my configs below.<br>
  <br>
Clicking "Forgot Password" displays the correct form to enter the email 
address.  Submitting shows success and I receive the email with a link. 
 Clicking the link opens a browser window that displays the regular 
login screen, not the password page as would be expected.<br>
  <br>
The link looks like this (email address changed):<br>
  <pre wrap=""><a class="moz-txt-link-freetext" href="https://id.nazarene.org/confirm/reset?user=bfirestone@globalnaz.org&token=7135096842">https://id.example.com/confirm/reset?user=test@example.com&token=7135096842</a></pre>
  <br>
The log shows:<br>
DEBUG (com.evolveum.midpoint.security.api.SecurityUtil): Denied access 
to FilterInvocation: URL: /self/dashboard by anonymousUser : Not logged 
in<br>
  <br>
I don't have any idea why the nonce token isn't authenticating 
correctly.  If anyone has any ideas, I'd appreciate it.<br>
Thanks!<br>
Brad<br>
  <br>
Global Security Policy:<br>
<securityPolicy oid="ae102ac0-735c-11e9-b544-871134a1b753" <br>
    
xmlns='<a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>'><br>
    <name>Our Global Security Policy</name><br>
    <authentication><br>
        <mailAuthentication><br>
            <name>confirmationLink</name><br>
            <displayName>Additional mail 
authnetication</displayName><br>
            <mailNonce>mailNonce</mailNonce><br>
        </mailAuthentication><br>
    </authentication><br>
    <credentials><br>
        <password><br>
            <maxAge>P1000D</maxAge><br>
            
<lockoutMaxFailedAttempts>5</lockoutMaxFailedAttempts><br>
            
<lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration><br>
            <lockoutDuration>PT15M</lockoutDuration><br>
            <historyLength>1</historyLength><br>
            <valuePolicyRef 
oid="af1ad05a-735c-11e9-a5f1-8b992d7b3048" 
type="ValuePolicyType"></valuePolicyRef><br>
            
<propagationUserControl>mapping</propagationUserControl><br>
        </password><br>
        <nonce><br>
            <maxAge>PT2H</maxAge><br>
            <name>mailNonce</name><br>
            <valuePolicyRef 
oid="b67275c4-735c-11e9-aa36-335e84f81ac6" 
type="ValuePolicyType"></valuePolicyRef><br>
        </nonce><br>
    </credentials><br>
    <credentialsReset><br>
        <mailReset><br>
            <name>Reset password using mail</name><br>
            
<additionalAuthenticationName>confirmationLink</additionalAuthenticationName><br>
        </mailReset><br>
    </credentialsReset><br>
</securityPolicy><br>
  <br>
Nonce Value Policy:<br>
<valuePolicy oid="b67275c4-735c-11e9-aa36-335e84f81ac6"<br>
             
xmlns=<a class="moz-txt-link-rfc2396E" href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">"http://midpoint.evolveum.com/xml/ns/public/common/common-3"</a>><br>
    <name>Nonce Value Policy</name><br>
    <description>Value policy for mail-based password reset 
nonce</description><br>
    <stringPolicy><br>
        <limitations><br>
            <minLength>10</minLength><br>
            <limit><br>
                <description>Numbers</description><br>
                <minOccurs>10</minOccurs><br>
                <maxOccurs>10</maxOccurs><br>
                <mustBeFirst>false</mustBeFirst><br>
                <characterClass><br>
                    <value>1234567890</value><br>
                </characterClass><br>
            </limit><br>
        </limitations><br>
    </stringPolicy><br>
</valuePolicy><br>
  <br>
System Config - Password notifier:<br>
<passwordResetNotifier><br>
        <recipientExpression><br>
        <script><br>
            <code>return requestee.getEmailAddress()</code><br>
        </script><br>
        </recipientExpression><br>
        <bodyExpression><br>
        <script><br>
            <code><br>
                       <br>
                import 
com.evolveum.midpoint.notifications.api.events.ModelEvent<br>
                modelEvent = (ModelEvent) event<br>
                newUser = modelEvent.getFocusContext().getObjectNew();<br>
                userType = newUser.asObjectable();<br>
     <br>
                link = midpoint.createPasswordResetLink(userType)<br>
                bodyMessage = "A password reset has been requested for 
your Account.  Please click on the link below to complete the password 
reset. The link will                 be valid for 2 hours. " +<br>
                "Here is your password reset link:\n" + link<br>
           <br>
                return bodyMessage;<br>
            </code><br>
        </script><br>
        </bodyExpression><br>
        <transport>mail</transport><br>
  <br>
    </passwordResetNotifier><br>
</body>
</html>