Serialized Form

Package org.apereo.cas.configuration

Class org.apereo.cas.configuration.CasConfigurationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8620267783496071683L

Serialized Fields

acceptableUsagePolicy

AcceptableUsagePolicyProperties acceptableUsagePolicy

AUP settings.

acme

AcmeProperties acme

ACME functionality.

amazonSts

AmazonSecurityTokenServiceProperties amazonSts

Integration settings for amazon sts.

audit

AuditProperties audit

Authentication audit functionality.

authn

AuthenticationProperties authn

General settings for authentication.

clearpass

ClearpassProperties clearpass

Clearpass settings.

client

CasJavaClientProperties client

Settings that configure the Java CAS client instance used internally for validation ops, etc.

consent

ConsentProperties consent

Attribute consent functionality.

custom

CasCustomProperties custom

Custom properties.

events

EventsProperties events

Authentication events functionality.

googleAnalytics

GoogleAnalyticsProperties googleAnalytics

Google Analytics functionality.

googleApps

GoogleAppsProperties googleApps

Google Apps integration settings.

googleFirebaseMessaging

GoogleFirebaseCloudMessagingProperties googleFirebaseMessaging

Google Firebase Cloud Messaging functionality.

googleMaps

GoogleMapsProperties googleMaps

Google Maps settings.

googleRecaptcha

GoogleRecaptchaProperties googleRecaptcha

Google reCAPTCHA settings.

host

CasServerHostProperties host

Settings that define this CAS host.

httpClient

HttpClientProperties httpClient

Http client and outgoing connections settings.

httpWebRequest

HttpRequestProperties httpWebRequest

Settings that control filtering of the incoming http requests.

initializationTime

long initializationTime

Timestamp that indicates the initialization time.

interrupt

InterruptProperties interrupt

Interrupt/notification functionality.

jdbc

DatabaseProperties jdbc

General database and hibernate settings.

locale

LocaleProperties locale

Locale and internationalization settings.

logging

LoggingProperties logging

Logging functionality.

logout

LogoutProperties logout

Logout functionality.

maxmind

MaxmindProperties maxmind

MaxMind settings.

messageBundle

MessageBundleProperties messageBundle

Message bundles and internationalization functionality.

monitor

MonitorProperties monitor

Monitoring functionality.

personDirectory

PersonDirectoryPrincipalResolverProperties personDirectory

Person directory and principal resolution functionality.

rest

RestProperties rest

REST API functionality.

samlCore

SamlCoreProperties samlCore

SAML Core functionality and settings.

samlMetadataUi

SamlMetadataUIProperties samlMetadataUi

SAML Metadata UI settings and parsing.

samlSp

SamlServiceProviderProperties samlSp

SAML SP integration settings.

scim

ScimProperties scim

SCIM functionality.

server

CasServerProperties server

Settings that define this CAS server instance.

serviceRegistry

ServiceRegistryProperties serviceRegistry

Service registry functionality.

sessionReplication

SessionReplicationProperties sessionReplication

Session replication properties.

slo

SingleLogOutProperties slo

SLO functionality.

smsProvider

SmsProvidersProperties smsProvider

SMS and Text messaging settings.

spring

SpringCloudConfigurationProperties spring

Spring cloud configuration settings.

sso

SingleSignOnProperties sso

SSO functionality.

standalone

StandaloneConfigurationProperties standalone

Standalone configuration settings.

tgc

TicketGrantingCookieProperties tgc

Ticket-granting cookie settings.

theme

ThemeProperties theme

UI and theme settings.

ticket

TicketProperties ticket

Ticketing functionality.

view

ViewProperties view

Views and UI functionality.

warningCookie

WarningCookieProperties warningCookie

Warning cookie settings.

webflow

WebflowProperties webflow

Spring Webflow functionality.

Package org.apereo.cas.configuration.model

Class org.apereo.cas.configuration.model.BaseRestEndpointProperties extends java.lang.Object implements Serializable

serialVersionUID:

2687020856160473089L

Serialized Fields

basicAuthPassword

java.lang.String basicAuthPassword

If REST endpoint is protected via basic authentication, specify the password for authentication.

basicAuthUsername

java.lang.String basicAuthUsername

If REST endpoint is protected via basic authentication, specify the username for authentication.

headers

java.util.Map<java.lang.String,java.lang.String> headers

Headers, defined as a Map, to include in the request when making the REST call. Will overwrite any header that CAS is pre-defined to send and include in the request. Key in the map should be the header name and the value in the map should be the header value.

url

java.lang.String url

The endpoint URL to contact and retrieve attributes.

Class org.apereo.cas.configuration.model.RestEndpointProperties extends BaseRestEndpointProperties implements Serializable

serialVersionUID:

2687020856160473089L

Serialized Fields

method

java.lang.String method

HTTP method to use when contacting the rest endpoint. Examples include GET, POST, etc.

Class org.apereo.cas.configuration.model.SpringResourceProperties extends java.lang.Object implements Serializable

serialVersionUID:

4142130961445546358L

Package org.apereo.cas.configuration.model.core

Class org.apereo.cas.configuration.model.core.CasJavaClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3646242105668747303L

Serialized Fields

prefix

java.lang.String prefix

Prefix of the CAS server used to establish ticket validators for the client. Typically set to https://sso.example.org/cas

validatorType

CasJavaClientProperties.ClientTicketValidatorTypes validatorType

Determines the type of ticket validator that CAS should create from the Java CAS client when attempting to issue in-bound ticket validation calls.

Class org.apereo.cas.configuration.model.core.CasServerHostProperties extends java.lang.Object implements Serializable

serialVersionUID:

8624916460241033347L

Serialized Fields

name

java.lang.String name

Name of the networking host configured to run CAS server. A CAS host is automatically appended to the ticket ids generated by CAS. If none is specified, one is automatically detected and used by CAS.

Class org.apereo.cas.configuration.model.core.CasServerProperties extends java.lang.Object implements Serializable

serialVersionUID:

7876382696803430817L

Serialized Fields

name

java.lang.String name

Full name of the CAS server. This is the public-facing address of the CAS deployment and not the individual node address, in the event that CAS is clustered.

prefix

java.lang.String prefix

A concatenation of the server name plus the CAS context path. Deployments at root likely need to blank out this value.

scope

java.lang.String scope

The CAS Server scope.

tomcat

CasEmbeddedApacheTomcatProperties tomcat

Configuration settings that control the embedded Apache Tomcat container.

Package org.apereo.cas.configuration.model.core.audit

Class org.apereo.cas.configuration.model.core.audit.AuditCouchbaseProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

580545095591694L

Serialized Fields

asynchronous

boolean asynchronous

Whether audit records should be executed asynchronously.

Class org.apereo.cas.configuration.model.core.audit.AuditCouchDbProperties extends BaseAsynchronousCouchDbProperties implements Serializable

serialVersionUID:

-5607529769937667881L

Class org.apereo.cas.configuration.model.core.audit.AuditEngineProperties extends java.lang.Object implements Serializable

serialVersionUID:

3946106584608417663L

Serialized Fields

alternateClientAddrHeaderName

java.lang.String alternateClientAddrHeaderName

Request header to use identify the client address.

If the application is sitting behind a load balancer, the client address typically ends up being the load balancer address itself. A common example for a header here would be X-Forwarded-For to glean the client address from the request, assuming the load balancer is configured correctly to pass that header along.

alternateServerAddrHeaderName

java.lang.String alternateServerAddrHeaderName

Request header to use identify the server address.

appCode

java.lang.String appCode

Application code to use in the audit logs.

This is a unique code that acts as the identifier for the application. In case audit logs are aggregated in a central location. This makes it easy to identify the application and filter results based on the code.

auditFormat

AuditEngineProperties.AuditFormatTypes auditFormat

The audit format to use in the logs.

enabled

boolean enabled

Whether auditing functionality should be enabled.

excludedActions

java.util.List<java.lang.String> excludedActions

Indicate a list of supported audit actions that should be excluded, filtered and ignored by CAS audit managers. Each supported action can be treated as a regular expression to match against built-in CAS actions.

ignoreAuditFailures

boolean ignoreAuditFailures

Indicates whether catastrophic audit failures should be logged or whether errors should bubble up and thrown back.

includeValidationAssertion

boolean includeValidationAssertion

Whether ticket validation events in the audit log should include information about the assertion that is validated; things such as the principal id and attributes released.

numberOfDaysInHistory

int numberOfDaysInHistory

Retrieve audit records from storage, starting from now and going back the indicated number of days in history.

supportedActions

java.util.List<java.lang.String> supportedActions

Indicate a list of supported audit actions that should be recognized, processed and recorded by CAS audit managers. Each supported action can be treated as a regular expression to match against built-in CAS actions.

useServerHostAddress

boolean useServerHostAddress

Determines whether a local DNS lookup should be made to query for the CAS server address.

By default, the server is address is determined from the request. Aside from special headers, this option allows one to query DNS to look up the server address of the CAS server processing requests.

Class org.apereo.cas.configuration.model.core.audit.AuditJdbcProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

4227475246873515918L

Serialized Fields

asynchronous

boolean asynchronous

Execute the recording of audit records in async manner. This setting must almost always be set to true.

columnLength

int columnLength

Allows one to trim the audit data by the specified length. A negative value disables the trimming process where the audit functionality no longer substrings the audit record.

dateFormatterPattern

java.lang.String dateFormatterPattern

Indicate the date formatter pattern used to fetch audit records from the database based on the record date. Default value is yyyy-MM-dd 00:00:00.000000.

maxAgeDays

int maxAgeDays

Indicates how long audit records should be kept in the database. This is used by the clean-up criteria to clean up after stale audit records.

schedule

SchedulingProperties schedule

Scheduler settings to indicate how often the cleaner is reloaded.

selectSqlQueryTemplate

java.lang.String selectSqlQueryTemplate

SQL query that provides a template to fetch audit records. Accepts two parameters using %s for table name and audit date.

Class org.apereo.cas.configuration.model.core.audit.AuditMongoDbProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

4940497540189318943L

Serialized Fields

asynchronous

boolean asynchronous

Execute the recording of audit records in async manner. This setting must almost always be set to true.

Class org.apereo.cas.configuration.model.core.audit.AuditProperties extends java.lang.Object implements Serializable

serialVersionUID:

3946106584608417663L

Serialized Fields

couchbase

AuditCouchbaseProperties couchbase

Family of sub-properties pertaining to couchbase-based audit destinations.

couchDb

AuditCouchDbProperties couchDb

Family of sub-properties pertaining to CouchDb-based audit destinations.

dynamoDb

AuditDynamoDbProperties dynamoDb

Family of sub-properties pertaining to dynamodb-based audit destinations.

engine

AuditEngineProperties engine

Core auditing engine functionality and settings are captured here, separate from audit storage services.

jdbc

AuditJdbcProperties jdbc

Family of sub-properties pertaining to Jdbc-based audit destinations.

mongo

AuditMongoDbProperties mongo

Family of sub-properties pertaining to MongoDb-based audit destinations.

redis

AuditRedisProperties redis

Family of sub-properties pertaining to Redis-based audit destinations.

rest

AuditRestProperties rest

Family of sub-properties pertaining to rest-based audit destinations.

slf4j

AuditSlf4jLogProperties slf4j

Family of sub-properties pertaining to file-based audit destinations.

Class org.apereo.cas.configuration.model.core.audit.AuditRestProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

3893437775090452831L

Serialized Fields

asynchronous

boolean asynchronous

Make storage requests asynchronously.

Class org.apereo.cas.configuration.model.core.audit.AuditSlf4jLogProperties extends java.lang.Object implements Serializable

serialVersionUID:

4227475246873515918L

Serialized Fields

enabled

boolean enabled

Decide whether Slf4j audits should be enabled.

singlelineSeparator

java.lang.String singlelineSeparator

Character to separate audit fields if single-line audits are used.

useSingleLine

boolean useSingleLine

Indicates whether audit logs should be recorded as a single-line.

By default, audit logs are split into multiple lines where each action and activity takes up a full line. This is a more compact version.

Package org.apereo.cas.configuration.model.core.authentication

Class org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationIPIntelligenceProperties extends java.lang.Object implements Serializable

serialVersionUID:

-9111174229142982880L

Serialized Fields

blackDot

AdaptiveAuthenticationIPIntelligenceProperties.BlackDot blackDot

Fetch IP diagnostic information via IP Intel.

groovy

GroovyAdaptiveAuthenticationIPIntelligenceProperties groovy

Fetch IP diagnostic information via Groovy.

rest

RestfulAdaptiveAuthenticationIPIntelligenceProperties rest

Fetch IP diagnostic information via REST.

Class org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationIPIntelligenceProperties.BlackDot extends java.lang.Object implements Serializable

serialVersionUID:

-4655149615297049570L

Serialized Fields

emailAddress

java.lang.String emailAddress

Include your contact information so you can be notified if a problem arise or if there are core changes.

mode

java.lang.String mode

• DYNA_LIST: If you get a value between 0 - 1, exclusive (like 0.99, 0.99999, 0.97), these values are generated by dynamic checks which looks for characteristics of the given IP. IPs that are either manually banned or seen on a public proxy site will return a value of 1. If you only want manually banned or public proxies, then in your code just look for the value "1". However, there are many IPs that haven't gone through manual review and IPs can change behavior very frequently (which is why dynamic checks exist in the first place). If you only look for the value of "1", then expect to have more proxy / VPN / bad IPs go through your system, however, false positives are less likely if you use the dynamic ban list option. If you wish to use only manually banned and public proxy IPs, append the parameter flags=m, the system will only return a result of 0 or 1. This option is the best to start off with that will have a noticeable impact in bot / proxy / VPN traffic, especially if you don't have any data sets to test with the system.
• DYNA_CHECK: In this scenario, you want to use dynamic checks as well but you want to skip additional checks to see if the IP is a bad ip (see What do you mean by "Bad IP"?). In this mode, some bad IPs are still detected but the system does not attempt to go through the full bad IPs check because the time for the extra checks vary wildly (between an extra 200ms to 2 seconds). In this mode, false positives are more likely than dynamic ban lists only. Scores are lower compared to the full IP check (without any flag options) because less attributes are considered. If you wish to use dynamic ban list and dynamic checks only, append the parameter flags=b. This option is the best if dynamic ban lists isn't catching enough IPs but you don't want to run the full check because it takes too long and/or you want to have a predictable execution time.
• FULL: Let the system to do a full lookup with one query.

url

java.lang.String url

URL endpoint of the service to make API calls.

Class org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1840174229142982880L

Serialized Fields

rejectBrowsers

java.lang.String rejectBrowsers

Comma-separated list of strings representing browser user agents to be rejected from participating in authentication transactions.

rejectCountries

java.lang.String rejectCountries

Comma-separated list of strings representing countries to be rejected from participating in authentication transactions.

rejectIpAddresses

java.lang.String rejectIpAddresses

Comma-separated list of strings representing IP addresses to be rejected from participating in authentication transactions.

requireMultifactor

java.util.Map<java.lang.String,java.lang.String> requireMultifactor

A map of (mfaProviderId -> adaptiveRegexPattern) that tells CAS when to trigger an MFA authentication transaction.

This property binds a valid mfa provider to an adaptive regex pattern representing either IP address, user-agent or geolocation. When either of those collected pieces of adaptive data matches configured regex pattern during authentication event, an MFA authentication transaction is triggered for an MFA provider represented by the map's key.

requireTimedMultifactor

java.util.List<TimeBasedAuthenticationProperties> requireTimedMultifactor

This property binds a valid mfa provider to a collection of rules that deal with triggering mfa based on that provider based on properties of date/time. One may want to force mfa during weekends, after hours, etc and the ruleset provides a modest configuration set where time can also be treated as trigger.

Class org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1840174229142982880L

Serialized Fields

ipIntel

AdaptiveAuthenticationIPIntelligenceProperties ipIntel

Control settings that handle and calculate IP intelligence, etc.

policy

AdaptiveAuthenticationPolicyProperties policy

Adaptive authentication policy-related settings.

risk

RiskBasedAuthenticationProperties risk

Control settings that handle and calculate risky authentication attempts.

Class org.apereo.cas.configuration.model.core.authentication.AttributeDefinitionStoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

1248812041234879300L

Serialized Fields

json

SpringResourceProperties json

Load attribute definitions from a JSON resource.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationAttributeReleaseProperties extends java.lang.Object implements Serializable

serialVersionUID:

6123748197108749858L

Serialized Fields

enabled

boolean enabled

Whether CAS authentication/protocol attributes should be released as part of ticket validation.

neverRelease

java.util.List<java.lang.String> neverRelease

List of authentication attributes that should never be released.

onlyRelease

java.util.List<java.lang.String> onlyRelease

List of authentication attributes that should be the only ones released. An empty list indicates all attributes should be released.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationEngineProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2475347572099983874L

Serialized Fields

groovyPostProcessor

GroovyAuthenticationEngineProcessorProperties groovyPostProcessor

Groovy script to handle the authentication post-processor.

groovyPreProcessor

GroovyAuthenticationEngineProcessorProperties groovyPreProcessor

Groovy script to handle the authentication pre-processor.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationExceptionsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2385347572099983874L

Serialized Fields

exceptions

java.util.List<java.lang.Class<? extends java.lang.Exception>> exceptions

Define custom exceptions that can then be mapped to message bundles for custom error handling.

By default CAS is configured to recognize and handle a number of exceptions for during authentication. Each exception has the specific message bundle mapping so that a specific message could be presented to end users on the login form. Any un-recognized or un-mapped exceptions results in a generic message. To map custom exceptions, one would need map the exception, they can be defined here and then linked to custom messages.

groovy

GroovyAuthenticationExceptionsProperties groovy

Handle exceptions using a groovy script.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

2039700004862120066L

Serialized Fields

all

AuthenticationPolicyProperties.AllCredentials all

Satisfied if and only if all given credentials are successfully authenticated. Support for multiple credentials is new in CAS and this handler would only be acceptable in a multi-factor authentication situation.

allHandlers

AuthenticationPolicyProperties.AllHandlers allHandlers

Satisfied if and only if all given authn handlers are successfully authenticated.

any

AuthenticationPolicyProperties.AnyCredential any

Satisfied if any authentication handler succeeds. Allows options to avoid short circuiting and try every handler even if one prior succeeded.

groovy

java.util.List<GroovyAuthenticationPolicyProperties> groovy

Execute a groovy script to detect authentication policy.

notPrevented

AuthenticationPolicyProperties.NotPrevented notPrevented

Satisfied if an only if the authentication event is not blocked by a PreventedException.

req

AuthenticationPolicyProperties.RequiredAuthenticationHandler req

Satisfied if an only if a specified handler successfully authenticates its credential.

requiredHandlerAuthenticationPolicyEnabled

boolean requiredHandlerAuthenticationPolicyEnabled

Global authentication policy that is applied when CAS attempts to vend and validate tickets. Checks to make sure a particular authentication handler has successfully executed and validated credentials. Required handlers are defined per registered service.

rest

java.util.List<RestAuthenticationPolicyProperties> rest

Execute a rest endpoint to detect authentication policy.

sourceSelectionEnabled

boolean sourceSelectionEnabled

If true, allows CAS to select authentication handlers based on the credential source. This allows the authentication engine to restrict the task of validating credentials to the selected source or account repository, as opposed to every authentication handler registered with CAS at runtime.

uniquePrincipal

AuthenticationPolicyProperties.UniquePrincipal uniquePrincipal

Satisfied if an only if the principal has not already authenticated and does not have an sso session with CAS. Otherwise, prevents the user from logging in more than once. Note that this policy adds an extra burden to the ticket store/registry as CAS needs to query all relevant tickets found in the registry to cross-check the requesting username with existing tickets.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.AllCredentials extends AuthenticationPolicyProperties.BaseAuthenticationPolicy implements Serializable

serialVersionUID:

928409456096460793L

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.AllHandlers extends AuthenticationPolicyProperties.BaseAuthenticationPolicy implements Serializable

serialVersionUID:

928409456096460793L

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.AnyCredential extends AuthenticationPolicyProperties.BaseAuthenticationPolicy implements Serializable

serialVersionUID:

4600357071276768175L

Serialized Fields

tryAll

boolean tryAll

Avoid short circuiting and try every handler even if one prior succeeded. Ensure number of provided credentials does not match the sum of authentication successes and failures

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.BaseAuthenticationPolicy extends java.lang.Object implements Serializable

serialVersionUID:

-1830217018850738715L

Serialized Fields

enabled

boolean enabled

Enables the policy.

name

java.lang.String name

The name of the authentication policy.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.NotPrevented extends AuthenticationPolicyProperties.BaseAuthenticationPolicy implements Serializable

serialVersionUID:

8184166804664983317L

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.RequiredAuthenticationHandler extends AuthenticationPolicyProperties.BaseAuthenticationPolicy implements Serializable

serialVersionUID:

-4206244023952305821L

Serialized Fields

handlerName

java.lang.String handlerName

The handler name which must have successfully executed and validated credentials.

tryAll

boolean tryAll

Ensure number of provided credentials does not match the sum of authentication successes and failures.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.UniquePrincipal extends AuthenticationPolicyProperties.BaseAuthenticationPolicy implements Serializable

serialVersionUID:

-4930217087310738715L

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1233126985007049516L

Serialized Fields

accept

AcceptAuthenticationProperties accept

Accepting authentication based on statically defined users.

adaptive

AdaptiveAuthenticationProperties adaptive

Adaptive authentication settings.

attributeRepository

PrincipalAttributesProperties attributeRepository

Attribute repository settings.

authenticationAttributeRelease

AuthenticationAttributeReleaseProperties authenticationAttributeRelease

Authentication attribute release settings.

azureActiveDirectory

AzureActiveDirectoryAuthenticationProperties azureActiveDirectory

Azure AD authentication settings.

cassandra

CassandraAuthenticationProperties cassandra

Cassandra authentication settings.

cloudDirectory

AmazonCloudDirectoryProperties cloudDirectory

Cloud Directory authentication settings.

cognito

AmazonCognitoAuthenticationProperties cognito

Configuration settings for cognito authentication.

core

CoreAuthenticationProperties core

Core authentication settings.

couchbase

CouchbaseAuthenticationProperties couchbase

Couchbase authentication settings.

couchDb

CouchDbAuthenticationProperties couchDb

CouchDb authentication settings.

digest

DigestProperties digest

Digest authentication settings.

errors

AuthenticationExceptionsProperties errors

Customization of authentication errors and exceptions.

file

FileAuthenticationProperties file

File-based authentication.

fortress

FortressAuthenticationProperties fortress

Apache Fortress authentication settings.

groovy

GroovyAuthenticationProperties groovy

Groovy authentication settings.

gua

GraphicalUserAuthenticationProperties gua

Graphical User authentication settings.

jaas

java.util.List<JaasAuthenticationProperties> jaas

Collection of settings related to JAAS authentication. These settings are required to be indexed (i.e. jaas[0].xyz).

jdbc

JdbcAuthenticationProperties jdbc

JDBC authentication settings.

json

JsonResourceAuthenticationProperties json

JSON authentication settings.

ldap

java.util.List<LdapAuthenticationProperties> ldap

Collection of settings related to LDAP authentication. These settings are required to be indexed (i.e. ldap[0].xyz).

mfa

MultifactorAuthenticationProperties mfa

MFA settings.

mongo

MongoDbAuthenticationProperties mongo

MongoDb authentication settings.

ntlm

NtlmProperties ntlm

NTLM authentication settings.

oauth

OAuthProperties oauth

OAuth authentication settings.

oidc

OidcProperties oidc

OpenID Connect authentication settings.

okta

OktaAuthenticationProperties okta

Okta authentication settings.

openid

OpenIdProperties openid

Deprecated.

6.2

OpenID authentication settings.

pac4j

Pac4jDelegatedAuthenticationProperties pac4j

Pac4j delegated authentication settings.

passwordless

PasswordlessAuthenticationProperties passwordless

Passwordless authentication settings.

passwordSync

PasswordSynchronizationProperties passwordSync

Passwordless sync settings.

pm

PasswordManagementProperties pm

Password management settings.

policy

AuthenticationPolicyProperties policy

Authentication policy settings.

qr

QRAuthenticationProperties qr

QR authentication settings.

radius

RadiusProperties radius

RADIUS authentication settings.

redis

RedisAuthenticationProperties redis

Redis authentication settings.

reject

RejectAuthenticationProperties reject

Blocked authentication.

remoteAddress

RemoteAddressAuthenticationProperties remoteAddress

Authentication based on a remote-address of a request.

rest

RestAuthenticationProperties rest

REST-based authentication settings.

samlIdp

SamlIdPProperties samlIdp

SAML identity provider settings.

shibIdp

ShibbolethIdPProperties shibIdp

Authentication settings when integrating CAS with a shibboleth IdP.

shiro

ShiroAuthenticationProperties shiro

Shiro-based authentication.

soap

SoapAuthenticationProperties soap

Settings that control SOAP authentication.

spnego

SpnegoProperties spnego

SPNEGO authentication settings.

surrogate

SurrogateAuthenticationProperties surrogate

Surrogate authentication settings.

syncope

SyncopeAuthenticationProperties syncope

Syncope authentication settings.

throttle

ThrottleProperties throttle

Authentication throttling settings.

token

TokenAuthenticationProperties token

Token/JWT authentication settings.

trusted

TrustedAuthenticationProperties trusted

Trusted authentication.

wsfed

java.util.List<WsFederationDelegationProperties> wsfed

Collection of settings related to WsFed delegated authentication. These settings are required to be indexed (i.e. wsfed[0].xyz).

wsfedIdp

WsFederationProperties wsfedIdp

WS-FED IdP authentication settings.

x509

X509Properties x509

X509 authentication settings.

Class org.apereo.cas.configuration.model.core.authentication.CoreAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2244126985007049516L

Serialized Fields

engine

AuthenticationEngineProperties engine

Customization of authentication engine and pre/post processing.

groovyAuthenticationResolution

GroovyAuthenticationHandlerResolutionProperties groovyAuthenticationResolution

Attempt to resolve/filter authentication handlers for the current transaction based on what is globally defined via an external groovy script.

serviceAuthenticationResolution

RegisteredServiceAuthenticationHandlerResolutionProperties serviceAuthenticationResolution

Attempt to resolve/filter authentication handlers for the current transaction based on what is globally defined via the definition of a registered service and how it filters the required authentication handlers.

Class org.apereo.cas.configuration.model.core.authentication.GroovyAdaptiveAuthenticationIPIntelligenceProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationEngineProcessorProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationExceptionsProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-1385347572099983874L

Class org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationHandlerResolutionProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Serialized Fields

order

int order

The execution order of this resolver in the chain of authentication handler resolvers.

Class org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

8713917167124116270L

Serialized Fields

script

java.lang.String script

Path to the groovy script to execute.

Class org.apereo.cas.configuration.model.core.authentication.GroovyPasswordPolicyProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.authentication.GroovyPrincipalAttributesProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

7901595963842506684L

Serialized Fields

caseInsensitive

boolean caseInsensitive

Whether attribute repository should consider the underlying attribute names in a case-insensitive manner.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.core.authentication.GroovyPrincipalTransformationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.authentication.GrouperPrincipalAttributesProperties extends java.lang.Object implements Serializable

serialVersionUID:

7139471665871712818L

Serialized Fields

enabled

boolean enabled

Enable the attribute repository source.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

parameters

java.util.Map<java.lang.String,java.lang.String> parameters

Custom parameters defined as a Map to pass onto the attribute repository which ultimately will be passed onto the grouper client. Key is the parameter name and value is the parameter value.

subjectType

java.lang.String subjectType

Indicate how the username passed to the attribute repository should be set and treated by the grouper client to look up records. Accepted values are: SUBJECT_IDENTIFIER, SUBJECT_ATTRIBUTE_NAME, SUBJECT_ID.

usernameAttribute

java.lang.String usernameAttribute

The attribute name that would be used to look up and determine the user id from the query map. The value linked to this attribute would be used as the username or subject by the attribute repository to pass on to the ultimate source to locate the user record.

Class org.apereo.cas.configuration.model.core.authentication.HttpClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7494946569869245770L

Serialized Fields

allowLocalUrls

boolean allowLocalUrls

Whether CAS should accept local URLs. For example http(s)://localhost/logout.

asyncTimeout

java.lang.String asyncTimeout

Indicates timeout for async operations.

authorityValidationRegex

java.lang.String authorityValidationRegex

If specified the regular expression will be used to validate the url's authority.

authorityValidationRegExCaseSensitive

boolean authorityValidationRegExCaseSensitive

Whether the regular expression specified with HttpClientProperties.authorityValidationRegex should be handled as case-sensitive (true) or case-insensitive (false). If no HttpClientProperties.authorityValidationRegex is set, this value does not have any effect.

connectionTimeout

java.lang.String connectionTimeout

Connection timeout for all operations that reach out to URL endpoints.

defaultHeaders

java.util.Map<java.lang.String,java.lang.String> defaultHeaders

The default headers to use for any HTTP connection. This is defined as map, where the key is the header name and the value is the header value that should be sent along with request.

hostNameVerifier

java.lang.String hostNameVerifier

Enable hostname verification when attempting to contact URL endpoints. May also be set to none to disable verification.

proxyHost

java.lang.String proxyHost

Send requests via a proxy; define the hostname.

proxyPort

int proxyPort

Send requests via a proxy; define the proxy port. Negative/zero values should deactivate the proxy configuration for the http client.

readTimeout

java.lang.String readTimeout

Read timeout for all operations that reach out to URL endpoints.

truststore

HttpClientTrustStoreProperties truststore

Configuration properties namespace for embedded Java SSL trust store.

Class org.apereo.cas.configuration.model.core.authentication.HttpClientTrustStoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1357168622083627654L

Serialized Fields

psw

java.lang.String psw

The truststore password.

type

java.lang.String type

Truststore type used to create a SSL context for http client.

Class org.apereo.cas.configuration.model.core.authentication.JsonPrincipalAttributesProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-6573755681498251678L

Serialized Fields

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2396781005262069816L

Serialized Fields

characterEncoding

java.lang.String characterEncoding

The encoding algorithm to use such as 'UTF-8'. Relevant when the type used is DEFAULT.

encodingAlgorithm

java.lang.String encodingAlgorithm

The encoding algorithm to use such as MD5. Relevant when the type used is DEFAULT or GLIBC_CRYPT.

secret

java.lang.String secret

Secret to use with STANDARD, PBKDF2, BCRYPT, GLIBC_CRYPT password encoders. Secret usually is an optional setting.

strength

int strength

Strength or number of iterations to use for password hashing. Usually relevant when dealing with PBKDF2 or BCRYPT encoders. Used by GLIBC_CRYPT encoders as well.

type

java.lang.String type

Define the password encoder type to use. Type may be specified as blank or NONE to disable password encoding. It may also refer to a fully-qualified class name that implements the Spring Security's PasswordEncoder interface if you wish you define your own encoder. The following types may be used:

• NONE: No password encoding (i.e. plain-text) takes place.
• DEFAULT: Use the DefaultPasswordEncoder of CAS. For message-digest algorithms via character-encoding and encoding-algorithm.
• BCRYPT: Use the BCryptPasswordEncoder based on the strength provided and an optional secret.
• SCRYPT: Use the SCryptPasswordEncoder.
• PBKDF2: Use the Pbkdf2PasswordEncoder based on the strength provided and an optional secret.
• STANDARD: Use the StandardPasswordEncoder based on the secret provided.
• SSHA: Use the LdapShaPasswordEncoder supports Ldap SHA and SSHA (salted-SHA). The values are base-64 encoded and have the label {SHA} or {SSHA} prepended to the encoded hash.
• GLIBC_CRYPT: Use the GlibcCryptPasswordEncoder based on the encoding-algorithm, strength provided and an optional secret.
• org.example.MyEncoder: An implementation of PasswordEncoder of your own choosing.
• file:///path/to/script.groovy: Path to a Groovy script charged with handling password encoding operations.

Class org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3878237508646993100L

Serialized Fields

accountStateHandlingEnabled

boolean accountStateHandlingEnabled

Indicates whether account state handling should be enabled to process warnings or errors reported back from the authentication response, produced by the source.

displayWarningOnMatch

boolean displayWarningOnMatch

Indicates if warning should be displayed, when the ldap attribute value matches the PasswordPolicyProperties.warningAttributeValue.

enabled

boolean enabled

Whether password policy should be enabled.

groovy

GroovyPasswordPolicyProperties groovy

Handle password policy via Groovy script.

loginFailures

int loginFailures

When dealing with FreeIPA, indicates the number of allows login failures.

policyAttributes

java.util.Map<java.lang.String,java.lang.Class<? extends javax.security.auth.login.LoginException>> policyAttributes

Key-value structure (Map) that indicates a list of boolean attributes as keys. If either attribute value is true, indicating an account state is flagged, the corresponding error can be thrown. Example accountLocked=javax.security.auth.login.AccountLockedException

strategy

PasswordPolicyProperties.PasswordPolicyHandlingOptions strategy

Decide how authentication should handle password policy changes.

warnAll

boolean warnAll

Always display the password expiration warning regardless.

warningAttributeName

java.lang.String warningAttributeName

Used by an account state handling policy that only calculates account warnings in case the entry carries this attribute.

warningAttributeValue

java.lang.String warningAttributeValue

Used by an account state handling policy that only calculates account warnings in case the entry carries an attribute PasswordPolicyProperties.warningAttributeName whose value matches this field.

warningDays

int warningDays

This is used to calculate a warning period to see if account expiry is within the calculated window.

Class org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties extends java.lang.Object implements Serializable

serialVersionUID:

8929912041234879300L

Serialized Fields

activeAttributeRepositoryIds

java.lang.String activeAttributeRepositoryIds

Activated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled. The list here may include identifiers separated by comma.

attributeResolutionEnabled

org.apereo.cas.util.model.TriStateBoolean attributeResolutionEnabled

Whether attribute repositories should be contacted to fetch person attributes. Defaults to true if not set.

principalAttribute

java.lang.String principalAttribute

Attribute name to use to indicate the identifier of the principal constructed. If the attribute is blank or has no values, the default principal id will be used determined by the underlying authentication engine. The principal id attribute usually is removed from the collection of attributes collected, though this behavior depends on the schematics of the underlying authentication strategy.

principalResolutionConflictStrategy

java.lang.String principalResolutionConflictStrategy

In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain. Accepted values are: last, first.

principalResolutionFailureFatal

org.apereo.cas.util.model.TriStateBoolean principalResolutionFailureFatal

When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements. Otherwise, logs the condition as an error without raising a catastrophic error.

returnNull

org.apereo.cas.util.model.TriStateBoolean returnNull

Return a null principal object if no attributes can be found for the principal.

useExistingPrincipalId

org.apereo.cas.util.model.TriStateBoolean useExistingPrincipalId

Uses an existing principal id that may have already been established in order to run person directory queries. This is generally useful in situations where authentication is delegated to an external identity provider and a principal is first established to then query an attribute source.

Class org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4525569588579072890L

Serialized Fields

aggregation

PrincipalAttributesCoreProperties.AggregationStrategyTypes aggregation

Indicates how the results of multiple attribute repositories should be aggregated together.

defaultAttributesToRelease

java.util.Set<java.lang.String> defaultAttributesToRelease

CAS provides the ability to release a bundle of principal attributes to all services by default. This bundle is not defined on a per-service basis and is always combined with attributes produced by the specific release policy of the service, such that for instance, you can devise rules to always release givenName and cn to every application, and additionally allow other specific principal attributes for only some applications per their attribute release policy.

expirationTime

int expirationTime

Indicates the global cache expiration period, once attributes are fetched from the underlying attribute repository. A zero or negative value indicates that no attribute caching should take place where attributes must always be fetched from the source.

expirationTimeUnit

java.lang.String expirationTimeUnit

Expiration caching time unit for attributes.

maximumCacheSize

int maximumCacheSize

Indicates the global cache size used to store attributes retrieved from the attribute repository.

merger

PrincipalAttributesCoreProperties.MergingStrategyTypes merger

Merging strategies can be used to resolve conflicts when the same attribute are found from multiple sources.

requireAllRepositorySources

boolean requireAllRepositorySources

In the event that multiple attribute repositories are defined, setting this option to true forces all repositories to produce a person object. If any of the repositories fails to produce a person or person attributes, the resolution engine will halt to short-circuit the process, failing to resolve the person altogether.

Class org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4515569588579072890L

Serialized Fields

attributeDefinitionStore

AttributeDefinitionStoreProperties attributeDefinitionStore

Reference to the attribute definition store that contains metadata about attributes and their encoding specifics.

azureActiveDirectory

java.util.List<AzureActiveDirectoryAttributesProperties> azureActiveDirectory

Retrieve attributes from multiple Microsoft Graph instances.

core

PrincipalAttributesCoreProperties core

Attribute resolution core/common settings.

couchbase

CouchbasePrincipalAttributesProperties couchbase

Retrieve attributes from Couchbase repositories.

groovy

java.util.List<GroovyPrincipalAttributesProperties> groovy

Retrieve attributes from multiple Groovy scripts.

grouper

GrouperPrincipalAttributesProperties grouper

Use Grouper to fetch principal attributes. You will also need to ensure grouper.client.properties is available on the classpath (i.e. src/main/resources) and it contains the following:

grouperClient.webService.url = http://192.168.99.100:32768/grouper-ws/servicesRest grouperClient.webService.login = banderson grouperClient.webService.password = password

jdbc

java.util.List<JdbcPrincipalAttributesProperties> jdbc

Retrieve attributes from multiple JDBC repositories.

json

java.util.List<JsonPrincipalAttributesProperties> json

Retrieve attributes from multiple JSON file repositories.

ldap

java.util.List<LdapPrincipalAttributesProperties> ldap

Retrieve attributes from multiple LDAP servers.

okta

OktaPrincipalAttributesProperties okta

Fetch user attributes from Okta.

redis

java.util.List<RedisPrincipalAttributesProperties> redis

Retrieve attributes from redis repositories.

rest

java.util.List<RestPrincipalAttributesProperties> rest

Retrieve attributes from multiple REST endpoints.

script

java.util.List<ScriptedPrincipalAttributesProperties> script

Deprecated.

Since 6.2

Retrieve attributes from multiple scripted repositories.

stub

StubPrincipalAttributesProperties stub

Use stubbed attribute definitions as the underlying attribute repository source. Static attributes that need to be mapped to a hardcoded value belong here.

Class org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties extends java.lang.Object implements Serializable

serialVersionUID:

1678602647607236322L

Serialized Fields

blockingPattern

java.lang.String blockingPattern

A regular expression that will be used against the username to match for blocking/forbidden values. If a match is found, an exception will be thrown and principal transformation will fail.

caseConversion

PrincipalTransformationProperties.CaseConversion caseConversion

Indicate whether the principal identifier should be transformed into upper-case, lower-case, etc.

groovy

GroovyPrincipalTransformationProperties groovy

Transform usernames using a Groovy resource.

pattern

java.lang.String pattern

A regular expression that will be used against the provided username for username extractions. On a successful match, the first matched group in the pattern will be used as the extracted username.

prefix

java.lang.String prefix

Prefix to add to the principal id prior to authentication.

suffix

java.lang.String suffix

Suffix to add to the principal id prior to authentication.

Class org.apereo.cas.configuration.model.core.authentication.RegisteredServiceAuthenticationHandlerResolutionProperties extends java.lang.Object implements Serializable

serialVersionUID:

8079027843747126083L

Serialized Fields

order

int order

The execution order of this resolver in the chain of authentication handler resolvers.

Class org.apereo.cas.configuration.model.core.authentication.RestAuthenticationPolicyProperties extends BaseRestEndpointProperties implements Serializable

serialVersionUID:

-8979188862774758908L

Class org.apereo.cas.configuration.model.core.authentication.RestfulAdaptiveAuthenticationIPIntelligenceProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

3659099897056632608L

Class org.apereo.cas.configuration.model.core.authentication.RestPrincipalAttributesProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-30055974448426360L

Serialized Fields

caseInsensitive

boolean caseInsensitive

Whether attribute repository should consider the underlying attribute names in a case-insensitive manner.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

usernameAttribute

java.lang.String usernameAttribute

The attribute name that would be used to look up and determine the user id from the query map. The value linked to this attribute would be used as the username or subject by the attribute repository to pass on to the ultimate source to locate the user record.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

3826749727400569308L

Serialized Fields

agent

RiskBasedAuthenticationProperties.Agent agent

Handle risky authentication attempts via a user-agent criteria.

dateTime

RiskBasedAuthenticationProperties.DateTime dateTime

Handle risky authentication attempts via an date/time criteria.

daysInRecentHistory

long daysInRecentHistory

Indicates how far back the search in authentication history must go in order to locate authentication events.

geoLocation

RiskBasedAuthenticationProperties.GeoLocation geoLocation

Handle risky authentication attempts via geolocation criteria.

ip

RiskBasedAuthenticationProperties.IpAddress ip

Handle risky authentication attempts via an IP criteria.

response

RiskBasedAuthenticationProperties.Response response

Design how responses should be handled, in the event that an authentication event is deemed risky.

threshold

double threshold

The risk threshold factor beyond which the authentication event may be considered risky.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.Agent extends java.lang.Object implements Serializable

serialVersionUID:

7766080681971729400L

Serialized Fields

enabled

boolean enabled

Enable user-agent checking and criteria to calculate risky authentication attempts.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.DateTime extends java.lang.Object implements Serializable

serialVersionUID:

-3776875583039922050L

Serialized Fields

enabled

boolean enabled

Enable date/time checking and criteria to calculate risky authentication attempts.

windowInHours

int windowInHours

The hourly window used before and after each authentication event in calculation to establish a pattern that can then be compared against the threshold.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.GeoLocation extends java.lang.Object implements Serializable

serialVersionUID:

4115333388680538358L

Serialized Fields

enabled

boolean enabled

Enable geolocation checking and criteria to calculate risky authentication attempts.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.IpAddress extends java.lang.Object implements Serializable

serialVersionUID:

577801361041617794L

Serialized Fields

enabled

boolean enabled

Enable IP address checking and criteria to calculate risky authentication attempts.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.Response extends java.lang.Object implements Serializable

serialVersionUID:

8254082561120701582L

Serialized Fields

blockAttempt

boolean blockAttempt

If an authentication attempt is deemed risky, block the response and do not allow further attempts.

mail

EmailProperties mail

Email settings for notifications, If an authentication attempt is deemed risky.

mfaProvider

java.lang.String mfaProvider

If an authentication attempt is deemed risky, force a multi-factor authentication event noted by the provider id here.

riskyAuthenticationAttribute

java.lang.String riskyAuthenticationAttribute

If an authentication attempt is deemed risky, communicate the nature of this attempt back to the application via a special attribute in the final CAS response indicated here.

sms

SmsProperties sms

SMS settings for notifications, If an authentication attempt is deemed risky.

Class org.apereo.cas.configuration.model.core.authentication.ScriptedPrincipalAttributesProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

4221139939506528713L

Serialized Fields

caseInsensitive

boolean caseInsensitive

Deprecated.

Since 6.2

Whether attribute repository should consider the underlying attribute names in a case-insensitive manner.

engineName

java.lang.String engineName

Deprecated.

Since 6.2

Script engine name, e.g. groovy, js, python, etc. Required if CAS can't determine based on extension. The file extension of the resource will be used to determine the engineName if not specified. Engines must be on the classpath in order for the engineName to be determined automatically. The first engine found claiming to support the extension of the file specified will be used.

id

java.lang.String id

Deprecated.

Since 6.2

A value can be assigned to this field to uniquely identify this resolver.

order

int order

Deprecated.

Since 6.2

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.core.authentication.StubPrincipalAttributesProperties extends java.lang.Object implements Serializable

serialVersionUID:

7017508256487553063L

Serialized Fields

attributes

java.util.Map<java.lang.String,java.lang.String> attributes

Static attributes that need to be mapped to a hardcoded value belong here. The structure follows a key-value pair where key is the attribute name and value is the attribute value. The key is the attribute fetched from the source and the value is the attribute name CAS should use for virtual renames. Attributes may be allowed to be virtually renamed and remapped. The key in the attribute map is the original attribute, and the value should be the virtually-renamed attribute.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.core.authentication.TimeBasedAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

3826749727400569308L

Serialized Fields

onDays

java.util.List<java.lang.String> onDays

Trigger mfa on the following days of the week.

onOrAfterHour

long onOrAfterHour

Trigger mfa after this hour, specified in 24-hour format.

onOrBeforeHour

long onOrBeforeHour

Trigger mfa before this hour, specified in 24-hour format.

providerId

java.lang.String providerId

The mfa provider id that should be triggered.

Package org.apereo.cas.configuration.model.core.authentication.passwordsync

Class org.apereo.cas.configuration.model.core.authentication.passwordsync.LdapPasswordSynchronizationProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-2521286056194686825L

Serialized Fields

enabled

boolean enabled

Whether or not password sync should be enabled for this ldap instance.

Class org.apereo.cas.configuration.model.core.authentication.passwordsync.PasswordSynchronizationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3878237508646993100L

Serialized Fields

enabled

boolean enabled

Allow password synchronization to be turned off globally.

ldap

java.util.List<LdapPasswordSynchronizationProperties> ldap

Options for password sync via LDAP.

Package org.apereo.cas.configuration.model.core.config.cloud

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2749293768878152908L

Serialized Fields

cloud

SpringCloudConfigurationProperties.Cloud cloud

Config config settings.

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

-123404249388429120L

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3 extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-124404249387429120L

Serialized Fields

bucketName

java.lang.String bucketName

Bucket name that holds the settings.

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-124404249387429120L

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-224404249387429120L

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonWebServicesConfiguration extends java.lang.Object implements Serializable

serialVersionUID:

-124404249388429120L

Serialized Fields

dynamoDb

SpringCloudConfigurationProperties.AmazonDynamoDb dynamoDb

AWS dynamo db settings.

s3

SpringCloudConfigurationProperties.AmazonS3 s3

AWS S3 settings.

secretsManager

SpringCloudConfigurationProperties.AmazonSecretsManager secretsManager

AWS secrets manager settings.

ssm

SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore ssm

AWS SSM settings.

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Cloud extends java.lang.Object implements Serializable

serialVersionUID:

-6326706651416825269L

Serialized Fields

aws

SpringCloudConfigurationProperties.AmazonWebServicesConfiguration aws

AWS config settings.

dynamoDb

SpringCloudConfigurationProperties.AmazonDynamoDb dynamoDb

AWS DynamoDb config settings.

jdbc

SpringCloudConfigurationProperties.Jdbc jdbc

Jdbc config settings.

mongo

SpringCloudConfigurationProperties.MongoDb mongo

MongoDb config settings.

rest

SpringCloudConfigurationProperties.Rest rest

REST config settings.

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Jdbc extends java.lang.Object implements Serializable

serialVersionUID:

-7575240387340025345L

Serialized Fields

driverClass

java.lang.String driverClass

Driver class name.

password

java.lang.String password

Database password.

sql

java.lang.String sql

SQL statement.

url

java.lang.String url

Database url.

user

java.lang.String user

Database user.

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.MongoDb extends java.lang.Object implements Serializable

serialVersionUID:

-6509143371334754469L

Serialized Fields

uri

java.lang.String uri

Mongodb URI.

Class org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

-4509143371334754469L

Package org.apereo.cas.configuration.model.core.config.standalone

Class org.apereo.cas.configuration.model.core.config.standalone.StandaloneConfigurationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7749293768878152908L

Serialized Fields

configurationDirectory

java.io.File configurationDirectory

Describes a directory path where CAS configuration may be found.

configurationFile

java.io.File configurationFile

Describes a file path where that contains the CAS properties in a single file.

configurationSecurity

StandaloneConfigurationSecurityProperties configurationSecurity

Configuration security settings used to encrypt/decrypt values. Settings are typically expected to be provided via command-line properties or system/environment variables as properties are bootstrapped and fetched. They are placed here to allow CAS to recognize their validity when passed.

Class org.apereo.cas.configuration.model.core.config.standalone.StandaloneConfigurationSecurityProperties extends java.lang.Object implements Serializable

serialVersionUID:

8571848605614437022L

Serialized Fields

alg

java.lang.String alg

Algorithm to use when deciphering settings. Default algorithm is PBEWithMD5AndTripleDES.

initializationVector

java.lang.Boolean initializationVector

An initialization vector is required for PBEWithDigestAndAES algorithms that aren't BouncyCastle. Enabling an initialization vector will break passwords encrypted without one. Toggling this value will make pre-existing non-PBEWithDigestAndAES encrypted passwords not work. For non-BouncyCastle PBEWithDigestAndAES algorithms that require an initialization vector, one will be used regardless of this setting since backwards compatibility with existing passwords using those algorithms is not an issue (since they didn't work in previous CAS versions). The default value is false so as not to break existing encrypted passwords. In general the use of an initialization vector will increase the encrypted text's length.

iteration

long iteration

Total number of iterations to use when deciphering settings. Default value comes from Jasypt 1000

provider

java.lang.String provider

Security provider to use when deciphering settings. Leave blank for Java, BC for BouncyCastle. This property can be set as a Java system property: cas.standalone.configuration-security.provider.

psw

java.lang.String psw

Secret key/password to use when deciphering settings. This property can be set as a Java system property: cas.standalone.configuration-security.psw.

Package org.apereo.cas.configuration.model.core.events

Class org.apereo.cas.configuration.model.core.events.CoreEventsProperties extends java.lang.Object implements Serializable

serialVersionUID:

2734523424737956370L

Serialized Fields

enabled

boolean enabled

Whether event tracking and recording functionality should be enabled.

trackConfigurationModifications

boolean trackConfigurationModifications

Whether CAS should track the underlying configuration store for changes. This depends on whether the store provides that sort of functionality. When running in standalone mode, this typically translates to CAS monitoring configuration files and reloading context conditionally if there are any changes.

trackGeolocation

boolean trackGeolocation

Whether geolocation should be tracked as part of collected authentication events. This of course require's consent from the user's browser to collect stats on location.

Class org.apereo.cas.configuration.model.core.events.CouchDbEventsProperties extends BaseAsynchronousCouchDbProperties implements Serializable

serialVersionUID:

-1587160128953366615L

Class org.apereo.cas.configuration.model.core.events.DynamoDbEventsProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

612447148774854955L

Serialized Fields

tableName

java.lang.String tableName

The table name used and created by CAS to hold events in DynamoDb.

Class org.apereo.cas.configuration.model.core.events.EventsProperties extends java.lang.Object implements Serializable

serialVersionUID:

1734523424737956370L

Serialized Fields

core

CoreEventsProperties core

Core and common events settings.

couchDb

CouchDbEventsProperties couchDb

Track authentication events inside a couchdb instance.

dynamoDb

DynamoDbEventsProperties dynamoDb

Track authentication events inside a DynamoDb instance.

influxDb

InfluxDbEventsProperties influxDb

Track authentication events inside an influxdb database.

jpa

JpaEventsProperties jpa

Track authentication events inside a database.

mongo

MongoDbEventsProperties mongo

Track authentication events inside a mongodb instance.

redis

RedisEventsProperties redis

Track authentication events inside a Redis instance.

Class org.apereo.cas.configuration.model.core.events.InfluxDbEventsProperties extends InfluxDbProperties implements Serializable

serialVersionUID:

-3918436901491275547L

Class org.apereo.cas.configuration.model.core.events.JpaEventsProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

7647381223153797806L

Class org.apereo.cas.configuration.model.core.events.MongoDbEventsProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Class org.apereo.cas.configuration.model.core.events.RedisEventsProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

9027696961101634818L

Package org.apereo.cas.configuration.model.core.logging

Class org.apereo.cas.configuration.model.core.logging.LoggingProperties extends java.lang.Object implements Serializable

serialVersionUID:

7455171260665661949L

Serialized Fields

mdcEnabled

boolean mdcEnabled

Allow CAS to add http request details into the logging's MDC filter. Mapped Diagnostic Context is essentially a map maintained by the logging framework where the application code provides key-value pairs which can then be inserted by the logging framework in log messages. MDC data can also be highly helpful in filtering messages or triggering certain actions.

Package org.apereo.cas.configuration.model.core.logout

Class org.apereo.cas.configuration.model.core.logout.LogoutProperties extends java.lang.Object implements Serializable

serialVersionUID:

7466171260665661949L

Serialized Fields

confirmLogout

boolean confirmLogout

Before logout, allow the option to confirm on the web interface.

followServiceRedirects

boolean followServiceRedirects

Whether CAS should be allowed to redirect to an alternative location after logout.

redirectParameter

java.lang.String redirectParameter

The target destination to which CAS should redirect after logout is indicated and extracted by a parameter name of your choosing here. If none specified, the default will be used as service.

redirectUrl

java.lang.String redirectUrl

A url to which CAS must immediately redirect after all logout operations have completed. Typically useful in scenarios where CAS is acting as a proxy and needs to redirect to an external identity provider's logout endpoint in order to remove a session, etc.

removeDescendantTickets

boolean removeDescendantTickets

Indicates whether tickets issued and linked to a ticket-granting ticket should also be removed as part of logout. There are a number of tickets issued by CAS whose expiration policy is usually by default bound to the SSO expiration policy and the active TGT, yet such tickets may be allowed to live beyond the normal lifetime of a CAS SSO session with options to be renewed. Examples include OAuth's access tokens, etc. Set this option to true if you want all linked tickets to be removed.

Package org.apereo.cas.configuration.model.core.monitor

Class org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2463521198550485506L

Serialized Fields

access

java.util.List<ActuatorEndpointProperties.EndpointAccessLevel> access

Define the security access level of the endpoint.

requiredAuthorities

java.util.List<java.lang.String> requiredAuthorities

Required user authorities.

requiredIpAddresses

java.util.List<java.lang.String> requiredIpAddresses

Required ip addresses.

requiredRoles

java.util.List<java.lang.String> requiredRoles

Required user roles.

Class org.apereo.cas.configuration.model.core.monitor.ActuatorEndpointsMonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3375777593395683691L

Serialized Fields

endpoint

java.util.Map<java.lang.String,ActuatorEndpointProperties> endpoint

Options for monitoring sensitive CAS endpoints and resources. Acts as a parent class for all endpoints and settings and exposes shortcuts so security and capability of endpoints can be globally controlled from one spot and then overridden elsewhere.

formLoginEnabled

boolean formLoginEnabled

Control whether access to endpoints can be controlled via form-based login over the web via a special admin login endpoint.

jaas

JaasSecurityActuatorEndpointsMonitorProperties jaas

Enable Spring Security's JAAS authentication provider for admin status authorization and access control.

jdbc

JdbcSecurityActuatorEndpointsMonitorProperties jdbc

Enable Spring Security's JDBC authentication provider for admin status authorization and access control.

ldap

LdapSecurityActuatorEndpointsMonitorProperties ldap

Enable Spring Security's LDAP authentication provider for admin status authorization and access control.

Class org.apereo.cas.configuration.model.core.monitor.JaasSecurityActuatorEndpointsMonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3024678577827371641L

Serialized Fields

loginContextName

java.lang.String loginContextName

The login context name should coincide with a given index in the login config specified. This name is used as the index to the configuration specified in the login config property. <pre> JAASTest { org.springframework.security.authentication.jaas.TestLoginModule required; }; </pre> In the above example, JAASTest should be set as the context name.

refreshConfigurationOnStartup

boolean refreshConfigurationOnStartup

If set, a call to Configuration#refresh() will be made by #configureJaas(Resource) method.

Class org.apereo.cas.configuration.model.core.monitor.JdbcMonitorProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-7139788158851782673L

Serialized Fields

maxWait

java.lang.String maxWait

When monitoring the JDBC connection pool, indicates the amount of time the operation must wait before it times outs and considers the pool in bad shape.

validationQuery

java.lang.String validationQuery

The query to execute against the database to monitor status.

Class org.apereo.cas.configuration.model.core.monitor.JdbcSecurityActuatorEndpointsMonitorProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

2625666117528467867L

Serialized Fields

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

query

java.lang.String query

Query to execute in order to authenticate users via JDBC. Example: SELECT username,password,enabled FROM users WHERE username=?

rolePrefix

java.lang.String rolePrefix

Prefix to add to the role.

Class org.apereo.cas.configuration.model.core.monitor.LdapMonitorProperties extends AbstractLdapProperties implements Serializable

serialVersionUID:

4722929378440179113L

Serialized Fields

enabled

boolean enabled

Whether LDAP monitoring should be enabled.

maxWait

java.lang.String maxWait

When monitoring the LDAP connection pool, indicates the amount of time the operation must wait before it times outs and considers the pool in bad shape.

pool

ConnectionPoolingProperties pool

Options that define the thread pool that will ping on the ldap pool.

Class org.apereo.cas.configuration.model.core.monitor.LdapSecurityActuatorEndpointsMonitorProperties extends AbstractLdapAuthenticationProperties implements Serializable

serialVersionUID:

-7333244539096172557L

Serialized Fields

ldapAuthz

LdapAuthorizationProperties ldapAuthz

Control authorization settings via LDAP after ldap authentication.

Class org.apereo.cas.configuration.model.core.monitor.MemcachedMonitorProperties extends BaseMemcachedProperties implements Serializable

serialVersionUID:

-9139788158851782673L

Class org.apereo.cas.configuration.model.core.monitor.MemoryMonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7147060071480971606L

Serialized Fields

freeMemThreshold

int freeMemThreshold

The free memory threshold for the memory monitor. If the amount of free memory available reaches this point the memory monitor will report back a warning status as a health check.

Class org.apereo.cas.configuration.model.core.monitor.MongoDbMonitorProperties extends BaseMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7047060071480971606L

Serialized Fields

endpoints

ActuatorEndpointsMonitorProperties endpoints

Properties relevant to endpoint security, etc.

jdbc

JdbcMonitorProperties jdbc

Options for monitoring JDBC resources.

ldap

java.util.List<LdapMonitorProperties> ldap

Options for monitoring LDAP resources.

load

ServerLoadMonitorProperties load

Options for monitoring the Load on a production server. Load averages are "system load averages" that show the running thread (task) demand on the system as an average number of running plus waiting threads. This measures demand, which can be greater than what the system is currently processing.

memcached

MemcachedMonitorProperties memcached

Options for monitoring Memcached resources.

memory

MemoryMonitorProperties memory

Options to monitor memory availability.

mongo

MongoDbMonitorProperties mongo

Options for monitoring MongoDb resources.

st

ServiceTicketMonitorProperties st

Options for monitoring the status a nd production of STs.

tgt

TicketGrantingTicketMonitorProperties tgt

Options for monitoring the status and production of TGTs.

warn

MonitorWarningProperties warn

Warning options that generally deal with cache-based resources, etc.

Class org.apereo.cas.configuration.model.core.monitor.MonitorWarningProperties extends java.lang.Object implements Serializable

serialVersionUID:

2788617778375787703L

Serialized Fields

evictionThreshold

long evictionThreshold

The monitor eviction threshold where if reached, CAS might generate a warning status for health checks. The underlying data source and monitor (i.e. cache) must support the concept of evictions.

threshold

int threshold

The monitor threshold where if reached, CAS might generate a warning status for health checks.

Class org.apereo.cas.configuration.model.core.monitor.ServerLoadMonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

5504478373010611957L

Serialized Fields

warn

MonitorWarningProperties warn

Warning settings for this monitor.

Class org.apereo.cas.configuration.model.core.monitor.ServiceTicketMonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8167395674267219982L

Serialized Fields

warn

MonitorWarningProperties warn

Warning settings for this monitor.

Class org.apereo.cas.configuration.model.core.monitor.TicketGrantingTicketMonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2756454350350278724L

Serialized Fields

warn

MonitorWarningProperties warn

Warning options for monitoring TGT production.

Package org.apereo.cas.configuration.model.core.rest

Class org.apereo.cas.configuration.model.core.rest.RestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1833107478273171342L

Serialized Fields

services

RestRegisteredServicesProperties services

Settings related to the REST APIs dealing with registered services.

x509

RestX509Properties x509

X509 settings related to the rest protocol and authentication.

Class org.apereo.cas.configuration.model.core.rest.RestRegisteredServicesProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1822107478273171342L

Serialized Fields

attributeName

java.lang.String attributeName

Authorization attribute name required by the REST endpoint in order to allow for the requested operation. Attribute must be resolvable by the authenticated principal, or must have been already.

attributeValue

java.lang.String attributeValue

Matching authorization attribute value, pulled from the attribute required by the REST endpoint in order to allow for the requested operation. The attribute value may also be constructed as a regex pattern.

Class org.apereo.cas.configuration.model.core.rest.RestX509Properties extends java.lang.Object implements Serializable

serialVersionUID:

-1833117478273171342L

Serialized Fields

bodyAuth

boolean bodyAuth

Flag that enables X509Certificate extraction from the request body for authentication.

headerAuth

boolean headerAuth

Flag that enables X509Certificate extraction from the request headers for authentication.

tlsClientAuth

boolean tlsClientAuth

Flag that enables TLS client X509Certificate extraction from the servlet container for authentication.

Package org.apereo.cas.configuration.model.core.services

Class org.apereo.cas.configuration.model.core.services.RestfulServiceRegistryProperties extends BaseRestEndpointProperties implements Serializable

serialVersionUID:

7086088180957285517L

Class org.apereo.cas.configuration.model.core.services.ServiceRegistryCacheProperties extends java.lang.Object implements Serializable

serialVersionUID:

-368826011744304210L

Serialized Fields

cacheSize

long cacheSize

Services cache size specifies the maximum number of entries the cache may contain.

duration

java.lang.String duration

Services cache duration specifies the fixed duration for an entry to be automatically removed from the cache after its creation or update.

initialCapacity

int initialCapacity

Services cache capacity sets the minimum total size for the internal data structures.

Class org.apereo.cas.configuration.model.core.services.ServiceRegistryCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-268826011744304210L

Serialized Fields

initFromJson

boolean initFromJson

Flag that indicates whether to initialise active service registry implementation with a default set of service definitions included with CAS by default in JSON format. The initialization generally tends to find JSON service definitions from org.apereo.cas.configuration.model.support.services.json.JsonServiceRegistryProperties#getLocation().

managementType

ServiceRegistryCoreProperties.ServiceManagementTypes managementType

Determine how services are internally managed, queried, cached and reloaded by CAS. Accepted values are the following:

• DEFAULT: Keep all services inside a concurrent map.
• DOMAIN: Group registered services by their domain having been explicitly defined.

Class org.apereo.cas.configuration.model.core.services.ServiceRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-368826011744304210L

Serialized Fields

amazonS3

AmazonS3ServiceRegistryProperties amazonS3

Properties pertaining to amazon s3 service registry.

cache

ServiceRegistryCacheProperties cache

Registry caching settings.

cassandra

CassandraServiceRegistryProperties cassandra

Properties pertaining to Apache Cassandra service registry.

core

ServiceRegistryCoreProperties core

Registry core/common settings.

cosmosDb

CosmosDbServiceRegistryProperties cosmosDb

Properties pertaining to Cosmos DB service registry.

couchbase

CouchbaseServiceRegistryProperties couchbase

Properties pertaining to couchbase service registry.

couchDb

CouchDbServiceRegistryProperties couchDb

Properties pertaining to Cosmos DB service registry.

dynamoDb

DynamoDbServiceRegistryProperties dynamoDb

Properties pertaining to dynamo db service registry.

git

GitServiceRegistryProperties git

Properties pertaining to Git-based service registry.

jpa

JpaServiceRegistryProperties jpa

Properties pertaining to jpa service registry.

json

JsonServiceRegistryProperties json

Properties pertaining to JSON service registry.

ldap

LdapServiceRegistryProperties ldap

Properties pertaining to ldap service registry.

mail

EmailProperties mail

Email settings for notifications.

mongo

MongoDbServiceRegistryProperties mongo

Properties pertaining to mongo db service registry.

redis

RedisServiceRegistryProperties redis

Properties pertaining to redis service registry.

rest

RestfulServiceRegistryProperties rest

Properties pertaining to REST service registry.

schedule

SchedulingProperties schedule

Scheduler settings to indicate how often is metadata reloaded.

sms

SmsProperties sms

SMS settings for notifications.

stream

StreamingServiceRegistryProperties stream

Properties pertaining to streaming service registry content over the wire.

yaml

YamlServiceRegistryProperties yaml

Properties pertaining to YAML service registry.

Package org.apereo.cas.configuration.model.core.slo

Class org.apereo.cas.configuration.model.core.slo.SingleLogOutProperties extends java.lang.Object implements Serializable

serialVersionUID:

3676710533477055700L

Serialized Fields

asynchronous

boolean asynchronous

Whether SLO callbacks should be done in an asynchronous manner via the HTTP client. When true, CAS will not wait for the operation to fully complete and will resume control to carry on.

disabled

boolean disabled

Whether SLO should be entirely disabled globally for the CAS deployment.

Package org.apereo.cas.configuration.model.core.sso

Class org.apereo.cas.configuration.model.core.sso.SingleSignOnProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8777647966370741733L

Serialized Fields

allowMissingServiceParameter

boolean allowMissingServiceParameter

Flag that indicates whether to allow SSO session with a missing target service.

createSsoCookieOnRenewAuthn

boolean createSsoCookieOnRenewAuthn

Flag that indicates whether to create SSO session on re-newed authentication event.

proxyAuthnEnabled

boolean proxyAuthnEnabled

Indicates whether CAS proxy authentication/tickets are supported by this server implementation.

renewAuthnEnabled

boolean renewAuthnEnabled

Indicates whether this server implementation should globally support CAS protocol authentication requests that are tagged with "renew=true".

requiredServicePattern

java.lang.String requiredServicePattern

A regular expression pattern that represents an application which must have established a session with CAS already before access to other applications can be allowed by CAS. This is the initial mandatory/required application with which the user must start before going anywhere else. Services that establish a session with CAS typically do so by receiving a service ticket from CAS.

ssoEnabled

boolean ssoEnabled

Indicate whether single sign-on should be turned on and supported globally for the server.

Package org.apereo.cas.configuration.model.core.ticket

Class org.apereo.cas.configuration.model.core.ticket.HardTimeoutTicketExpirationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

4160963910346416908L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

Timeout in seconds to kill the session and consider tickets expired.

Class org.apereo.cas.configuration.model.core.ticket.PrimaryTicketExpirationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

3345179252583399336L

Serialized Fields

maxTimeToLiveInSeconds

int maxTimeToLiveInSeconds

Maximum time in seconds tickets would be live in CAS server.

timeToKillInSeconds

int timeToKillInSeconds

Time in seconds after which tickets would be destroyed after a period of inactivity.

Class org.apereo.cas.configuration.model.core.ticket.ProxyGrantingTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

8478961497316814687L

Serialized Fields

maxLength

int maxLength

Maximum length of the proxy granting ticket, when generating one.

Class org.apereo.cas.configuration.model.core.ticket.ProxyTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3690545027059561010L

Serialized Fields

numberOfUses

int numberOfUses

Number of uses allowed.

timeToKillInSeconds

int timeToKillInSeconds

Number of seconds after which this ticket becomes invalid.

Class org.apereo.cas.configuration.model.core.ticket.RememberMeAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

1899959269597512610L

Serialized Fields

enabled

boolean enabled

Flag to indicate whether remember-me facility is enabled.

supportedIpAddresses

java.lang.String supportedIpAddresses

Regular expression that, when defined, forces CAS to create a remember-me authentication session if the current client ip (remote) address matches this pattern. If a match is not found, remember-me is ignored. If left undefined, remember-me authentication will proceed with the default CAS behavior.

supportedUserAgents

java.lang.String supportedUserAgents

Regular expression that, when defined, forces CAS to create a remember-me authentication session if the current user-agent matches this pattern. If a match is not found, remember-me is ignored. If left undefined, remember-me authentication will proceed with the default CAS behavior.

timeToKillInSeconds

long timeToKillInSeconds

Time in seconds after which remember-me enabled SSO session will be destroyed.

Class org.apereo.cas.configuration.model.core.ticket.ServiceTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7445209580598499921L

Serialized Fields

maxLength

int maxLength

Maximum length of generated service tickets.

numberOfUses

int numberOfUses

Controls number of times a service ticket can be used within CAS server. Usage in CAS context means service ticket validation transaction.

timeToKillInSeconds

long timeToKillInSeconds

Time in seconds that service tickets should be considered live in CAS server.

Class org.apereo.cas.configuration.model.core.ticket.ThrottledTimeoutTicketExpirationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2370751379747804646L

Serialized Fields

timeInBetweenUsesInSeconds

long timeInBetweenUsesInSeconds

Timeout in between each attempt.

timeToKillInSeconds

long timeToKillInSeconds

Timeout in seconds to kill the session and consider tickets expired.

Class org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

2349179252583399336L

Serialized Fields

maxLength

int maxLength

Maximum length of tickets.

onlyTrackMostRecentSession

boolean onlyTrackMostRecentSession

Flag to control whether to track most recent SSO sessions. As multiple tickets may be issued for the same application, this impacts how session information is tracked for every ticket which then has a subsequent impact on logout.

Class org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

2349079252583399336L

Serialized Fields

core

TicketGrantingTicketCoreProperties core

Core/common settings.

hardTimeout

HardTimeoutTicketExpirationPolicyProperties hardTimeout

Hard timeout for tickets.

primary

PrimaryTicketExpirationPolicyProperties primary

Primary/default expiration policy settings.

rememberMe

RememberMeAuthenticationProperties rememberMe

Remember me for tickets.

throttledTimeout

ThrottledTimeoutTicketExpirationPolicyProperties throttledTimeout

Throttled timeout for tickets.

timeout

TimeoutTicketExpirationPolicyProperties timeout

Timeout for tickets.

Class org.apereo.cas.configuration.model.core.ticket.TimeoutTicketExpirationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

8635419913795245907L

Serialized Fields

maxTimeToLiveInSeconds

int maxTimeToLiveInSeconds

Maximum time in seconds. for TGTs to be live in CAS server.

Class org.apereo.cas.configuration.model.core.ticket.TransientSessionTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3690545027059561010L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

Number of seconds after which this ticket becomes invalid.

Package org.apereo.cas.configuration.model.core.ticket.registry

Class org.apereo.cas.configuration.model.core.ticket.registry.InMemoryTicketRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2600525447128979994L

Serialized Fields

cache

boolean cache

Allow the ticket registry to cache ticket items for period of time and auto-evict and clean up, removing the need to running a ticket registry cleaner in the background.

concurrency

int concurrency

The estimated number of concurrently updating threads. The implementation performs internal sizing to try to accommodate this many threads.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

initialCapacity

int initialCapacity

The initial capacity of the underlying memory store. The implementation performs internal sizing to accommodate this many elements.

loadFactor

int loadFactor

The load factor threshold, used to control resizing. Resizing may be performed when the average number of elements per bin exceeds this threshold.

Class org.apereo.cas.configuration.model.core.ticket.registry.TicketRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4735458476452635679L

Serialized Fields

cassandra

CassandraTicketRegistryProperties cassandra

Cassandra registry settings.

cleaner

ScheduledJobProperties cleaner

Ticket registry cleaner settings.

couchbase

CouchbaseTicketRegistryProperties couchbase

Couchbase registry settings.

couchDb

CouchDbTicketRegistryProperties couchDb

CouchDb registry settings.

dynamoDb

DynamoDbTicketRegistryProperties dynamoDb

DynamoDb registry settings.

ehcache

EhcacheProperties ehcache

Ehcache registry settings.

ehcache3

Ehcache3Properties ehcache3

Ehcache3 registry settings.

hazelcast

HazelcastTicketRegistryProperties hazelcast

Hazelcast registry settings.

ignite

IgniteProperties ignite

Apache Ignite registry settings.

infinispan

InfinispanProperties infinispan

Infinispan registry settings.

inMemory

InMemoryTicketRegistryProperties inMemory

Settings relevant for the default in-memory ticket registry.

jms

JmsTicketRegistryProperties jms

JMS registry settings.

jpa

JpaTicketRegistryProperties jpa

JPA registry settings.

memcached

MemcachedTicketRegistryProperties memcached

Memcached registry settings.

mongo

MongoDbTicketRegistryProperties mongo

MongoDb registry settings.

redis

RedisTicketRegistryProperties redis

Redis registry settings.

Package org.apereo.cas.configuration.model.core.util

Class org.apereo.cas.configuration.model.core.util.ClientCertificateProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8004292720523993292L

Serialized Fields

passphrase

java.lang.String passphrase

The passphrase of the client certificate.

Class org.apereo.cas.configuration.model.core.util.EncryptionJwtCryptoProperties extends java.lang.Object implements Serializable

serialVersionUID:

616825635591169628L

Serialized Fields

key

java.lang.String key

The encryption key is a JWT whose length is defined by the encryption key size setting.

keySize

int keySize

The encryption key size.

Class org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3015641631298039059L

Serialized Fields

alg

java.lang.String alg

The signing/encryption algorithm to use.

enabled

boolean enabled

Whether crypto operations are enabled.

encryption

EncryptionJwtCryptoProperties encryption

Settings that deal with encryption of values.

signing

SigningJwtCryptoProperties signing

Settings that deal with signing of values.

strategyType

java.lang.String strategyType

Control the cipher sequence of operations. The accepted values are:

• ENCRYPT_AND_SIGN: Encrypt the value first, and then sign.
• SIGN_AND_ENCRYPT: Sign the value first, and then encrypt.

Class org.apereo.cas.configuration.model.core.util.EncryptionOptionalSigningOptionalJwtCryptographyProperties extends EncryptionJwtSigningJwtCryptographyProperties implements Serializable

serialVersionUID:

7185404480671258520L

Serialized Fields

encryptionEnabled

boolean encryptionEnabled

Whether crypto encryption operations are enabled.

signingEnabled

boolean signingEnabled

Whether crypto signing operations are enabled.

Class org.apereo.cas.configuration.model.core.util.EncryptionRandomizedCryptoProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6945916782426505112L

Serialized Fields

key

java.lang.String key

The encryption key. The encryption key by default and unless specified otherwise must be randomly-generated string whose length is defined by the encryption key size setting.

keySize

int keySize

Encryption key size.

Class org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6802876221525521736L

Serialized Fields

alg

java.lang.String alg

The signing/encryption algorithm to use.

enabled

boolean enabled

Whether crypto operations are enabled.

encryption

EncryptionRandomizedCryptoProperties encryption

Settings that deal with encryption of values.

signing

SigningJwtCryptoProperties signing

Settings that deal with signing of values.

Class org.apereo.cas.configuration.model.core.util.SigningJwtCryptoProperties extends java.lang.Object implements Serializable

serialVersionUID:

-552544781333015532L

Serialized Fields

key

java.lang.String key

The signing key is a JWT whose length is defined by the signing key size setting.

keySize

int keySize

The signing key size.

Class org.apereo.cas.configuration.model.core.util.TicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

5586947805593202037L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Properties and settings related to ticket encryption.

pgt

ProxyGrantingTicketProperties pgt

Properties and settings related to proxy-granting tickets.

pt

ProxyTicketProperties pt

Properties and settings related to proxy tickets.

registry

TicketRegistryProperties registry

Properties and settings related to ticket registry.

st

ServiceTicketProperties st

Properties and settings related to service tickets.

tgt

TicketGrantingTicketProperties tgt

Properties and settings related to ticket-granting tickets.

tst

TransientSessionTicketProperties tst

Properties and settings related to session-transient tickets.

Package org.apereo.cas.configuration.model.core.web

Class org.apereo.cas.configuration.model.core.web.LocaleCookieProperties extends PinnableCookieProperties implements Serializable

serialVersionUID:

158577966798914031L

Class org.apereo.cas.configuration.model.core.web.LocaleProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1644471820900213781L

Serialized Fields

cookie

LocaleCookieProperties cookie

Control the properties of the cookie created to hold language changes.

defaultValue

java.lang.String defaultValue

Default locale.

forceDefaultLocale

boolean forceDefaultLocale

When set to true, locale resolution via request parameters and such is ignored and the locale default value is always enforced.

paramName

java.lang.String paramName

Parameter name to use when switching locales.

Class org.apereo.cas.configuration.model.core.web.MessageBundleProperties extends java.lang.Object implements Serializable

serialVersionUID:

3769733438559663237L

Serialized Fields

baseNames

java.util.List<java.lang.String> baseNames

A list of strings representing base names for this message bundle. Set an array of basenames, each following the basic ResourceBundle convention of not specifying file extension or language codes. The resource location format is up to the specific MessageSource implementation. Regular and XMl properties files are supported: e.g. "messages" will find a "messages.properties", "messages_en.properties" etc arrangement as well as "messages.xml", "messages_en.xml" etc. The associated resource bundles will be checked sequentially when resolving a message code. Note that message definitions in a previous resource bundle will override ones in a later bundle, due to the sequential lookup.

cacheSeconds

int cacheSeconds

Cache size.

commonNames

java.util.List<java.lang.String> commonNames

A list of strings representing common names for this message bundle. Specify locale-independent common messages, with the message code as key and the full message String (may contain argument placeholders) as value.

Entries in last common names override first values (as opposed to baseNames used in message bundles).

encoding

java.lang.String encoding

Message bundle character encoding.

fallbackSystemLocale

boolean fallbackSystemLocale

Flag that controls whether to fallback to the default system locale if no locale is specified explicitly. Set whether to fall back to the system Locale if no files for a specific Locale have been found. If this is turned off, the only fallback will be the default file (e.g. "messages.properties" for basename "messages"). Falling back to the system Locale is the default behavior of ResourceBundle. However, this is often not desirable in an application server environment, where the system Locale is not relevant to the application at all: set this flag to false in such a scenario.

useCodeMessage

boolean useCodeMessage

Flag that controls whether to use code message. Set whether to use the message code as default message instead of throwing a NoSuchMessageException. Useful for development and debugging. Note: In case of a MessageSourceResolvable with multiple codes (like a FieldError) and a MessageSource that has a parent MessageSource, do not activate "useCodeAsDefaultMessage" in the parent: Else, you'll get the first code returned as message by the parent, without attempts to check further codes.

Package org.apereo.cas.configuration.model.core.web.flow

Class org.apereo.cas.configuration.model.core.web.flow.GroovyWebflowLoginDecoratorProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.web.flow.GroovyWebflowProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.web.flow.RestfulWebflowLoginDecoratorProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Class org.apereo.cas.configuration.model.core.web.flow.WebflowAutoConfigurationProperties extends java.lang.Object implements Serializable

serialVersionUID:

2441628331918226505L

Serialized Fields

enabled

boolean enabled

Whether webflow auto-configuration should be enabled.

order

int order

The order in which the webflow is configured.

Class org.apereo.cas.configuration.model.core.web.flow.WebflowLoginDecoratorProperties extends java.lang.Object implements Serializable

serialVersionUID:

2949978905279568311L

Serialized Fields

groovy

GroovyWebflowLoginDecoratorProperties groovy

Path to groovy resource that can decorate the login views and states.

rest

RestfulWebflowLoginDecoratorProperties rest

Path to REST API resource that can decorate the login views and states.

Class org.apereo.cas.configuration.model.core.web.flow.WebflowProperties extends java.lang.Object implements Serializable

serialVersionUID:

4949978905279568311L

Serialized Fields

autoConfiguration

WebflowAutoConfigurationProperties autoConfiguration

Webflow auto configuration settings.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Encryption/signing setting for webflow.

groovy

GroovyWebflowProperties groovy

Path to groovy resource that may auto-configure the webflow context dynamically creating/removing states and actions.

loginDecorator

WebflowLoginDecoratorProperties loginDecorator

Configuration settings relevant for login flow and view decoration.

session

WebflowSessionManagementProperties session

Webflow session management settings.

Class org.apereo.cas.configuration.model.core.web.flow.WebflowSessionManagementProperties extends java.lang.Object implements Serializable

serialVersionUID:

7479028707118198914L

Serialized Fields

compress

boolean compress

Whether or not the snapshots should be compressed.

lockTimeout

java.lang.String lockTimeout

Sets the time period that can elapse before a timeout occurs on an attempt to acquire a conversation lock. The default is 30 seconds. Only relevant if session storage is done on the server.

maxConversations

int maxConversations

Using the maxConversations property, you can limit the number of concurrently active conversations allowed in a single session. If the maximum is exceeded, the conversation manager will automatically end the oldest conversation. The default is 5, which should be fine for most situations. Set it to -1 for no limit. Setting maxConversations to 1 allows easy resource cleanup in situations where there should only be one active conversation per session. Only relevant if session storage is done on the server.

storage

boolean storage

Controls whether spring webflow sessions are to be stored server-side or client side. By default state is managed on the client side, that is also signed and encrypted.

Package org.apereo.cas.configuration.model.core.web.security

Class org.apereo.cas.configuration.model.core.web.security.HttpCorsRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

5938828345939769185L

Serialized Fields

allowCredentials

boolean allowCredentials

The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.

allowHeaders

java.util.List<java.lang.String> allowHeaders

The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Default is everything.

allowMethods

java.util.List<java.lang.String> allowMethods

The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a pre-flight request. The conditions under which a request is pre-flighted are discussed above. Default is everything.

allowOriginPatterns

java.util.List<java.lang.String> allowOriginPatterns

Comma-separated list of origin patterns to allow. Unlike allowed origins which only supports *, origin patterns are more flexible (for example https://*.example.com) and can be used when credentials are allowed. When no allowed origin patterns or allowed origins are set, CORS support is disabled.

allowOrigins

java.util.List<java.lang.String> allowOrigins

The Origin header indicates the origin of the cross-site access request or preflight request. The origin is a URI indicating the server from which the request initiated. When credentials are allowed, '*' cannot be used and origin patterns should be configured instead. It does not include any path information, but only the server name.

enabled

boolean enabled

Whether CORS should be enabled for http requests.

exposedHeaders

java.util.List<java.lang.String> exposedHeaders

The Access-Control-Expose-Headers header lets a server accept headers that browsers are allowed to access.

maxAge

long maxAge

The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached.

Class org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

5993704062519851359L

Serialized Fields

cache

boolean cache

When true, will inject the following headers into the response for non-static resources. <pre> Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 </pre>

contentSecurityPolicy

java.lang.String contentSecurityPolicy

Helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. Header value is made up of one or more directives. Multiple directives are separated with a semicolon.

enabled

boolean enabled

Allow CAS to inject and enforce http security headers via an http filter that are outlined here for caching, HSTS, etc.

hsts

boolean hsts

When true, will inject the following headers into the response: Strict-Transport-Security: max-age=15768000 ; includeSubDomains.

xcontent

boolean xcontent

When true, will inject the following headers into the response: X-Content-Type-Options: nosniff.

xframe

boolean xframe

When true, will inject the following headers into the response: X-Frame-Options: DENY.

xframeOptions

java.lang.String xframeOptions

Will inject values into the X-Frame-Options header into the response.

xss

boolean xss

When true, will inject the following headers into the response: X-XSS-Protection: 1; mode=block.

xssOptions

java.lang.String xssOptions

Will inject values into the X-XSS-Protection header into the response.

Class org.apereo.cas.configuration.model.core.web.security.HttpRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5175966163542099866L

Serialized Fields

allowMultiValueParameters

boolean allowMultiValueParameters

Whether CAS should accept multi-valued parameters in incoming requests. Example block would to prevent requests where more than one service parameter is specified.

charactersToForbid

java.lang.String charactersToForbid

Characters to block in incoming requests. none is a special value. Separate characters by a space.

cors

HttpCorsRequestProperties cors

Control CORS settings for requests.

customHeaders

java.util.Map<java.lang.String,java.lang.String> customHeaders

Custom response headers to inject into the response as needed.

header

HttpHeadersRequestProperties header

Enforce request header options and security settings.

onlyPostParams

java.lang.String onlyPostParams

Parameters that are only allowed and accepted during posts.

paramsToCheck

java.lang.String paramsToCheck

Parameters to sanitize and cross-check in incoming requests. The special value * instructs the Filter to check all parameters.

patternToBlock

java.lang.String patternToBlock

Specify a regular expression that would be checked against the request URL. If a successful match is found, the request would be blocked.

web

HttpWebRequestProperties web

Control http request settings.

Class org.apereo.cas.configuration.model.core.web.security.HttpWebRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4711604991237695091L

Serialized Fields

encoding

java.lang.String encoding

Control and specify the encoding for all http requests.

forceEncoding

boolean forceEncoding

Whether specified encoding should be forced for every request. Whether the specified encoding is supposed to override existing request and response encodings

Package org.apereo.cas.configuration.model.core.web.tomcat

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheSslHostConfigCertificateProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5412170529081298822L

Serialized Fields

certificateChainFile

java.lang.String certificateChainFile

Name of the file that contains the certificate chain associated with the server certificate used. The format is PEM-encoded. The certificate chain used for Tomcat should not include the server certificate as its first element. Note that when using more than one certificate for different types, they all must use the same certificate chain.

certificateFile

java.lang.String certificateFile

Name of the file that contains the server certificate. The format is PEM-encoded. In addition to the certificate, the file can also contain as optional elements DH parameters and/or an EC curve name for ephemeral keys, as generated by openssl dhparam and openssl ecparam, respectively. The output of the respective OpenSSL command can be concatenated to the certificate file.

certificateKeyFile

java.lang.String certificateKeyFile

Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of certificateFile and in this case both certificate and private key have to be in this file (NOT RECOMMENDED).

certificateKeyPassword

java.lang.String certificateKeyPassword

The password used to access the private key associated with the server certificate from the specified file.

type

java.lang.String type

The type of certificate. This is used to identify the ciphers that are compatible with the certificate. It must be one of UNDEFINED, RSA, DSS or EC. If only one Certificate is nested within a SSLHostConfig then this attribute is not required and will default to UNDEFINED. If multiple Certificates are nested within a SSLHostConfig then this attribute is required and each Certificate must have a unique type.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheSslHostConfigProperties extends java.lang.Object implements Serializable

serialVersionUID:

-32143821503580896L

Serialized Fields

caCertificateFile

java.lang.String caCertificateFile

Name of the file that contains the concatenated certificates for the trusted certificate authorities. The format is PEM-encoded.

certificates

java.util.List<CasEmbeddedApacheSslHostConfigCertificateProperties> certificates

List of certificates managed by the ssl host config.

certificateVerification

java.lang.String certificateVerification

Set to required if you want the SSL stack to require a valid certificate chain from the client before accepting a connection. Set to optional if you want the SSL stack to request a client Certificate, but not fail if one isn't presented. Set to optionalNoCA if you want client certificates to be optional and you don't want Tomcat to check them against the list of trusted CAs. If the TLS provider doesn't support this option (OpenSSL does, JSSE does not) it is treated as if optional was specified. A none value (which is the default) will not require a certificate chain unless the client requests a resource protected by a security constraint that uses CLIENT-CERT authentication.

certificateVerificationDepth

int certificateVerificationDepth

The maximum number of intermediate certificates that will be allowed when validating client certificates. If not specified, the default value of 10 will be used.

enabled

boolean enabled

Enable this host config.

hostName

java.lang.String hostName

The name of the SSL Host. This should either be the fully qualified domain name (e.g. tomcat.apache.org) or a wild card domain name (e.g. *.apache.org). If not specified, the default value of _default_ will be used.

insecureRenegotiation

boolean insecureRenegotiation

OpenSSL only. Configures if insecure renegotiation is allowed. The default is false. If the OpenSSL version used does not support configuring if insecure renegotiation is allowed then the default for that OpenSSL version will be used.

protocols

java.lang.String protocols

The names of the protocols to support when communicating with clients. This should be a list of any combination of the following:

• SSLv2Hello
• SSLv3
• TLSv1
• TLSv1.1
• TLSv1.2
• TLSv1.3
• all

Each token in the list can be prefixed with a plus sign ("+") or a minus sign ("-"). A plus sign adds the protocol, a minus sign removes it form the current list. The list is built starting from an empty list. The token all is an alias for SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2,TLSv1.3. Note that TLSv1.3 is only supported for JSSE when using a JVM that implements TLSv1.3. Note that SSLv2Hello will be ignored for OpenSSL based secure connectors. If more than one protocol is specified for an OpenSSL based secure connector it will always support SSLv2Hello. If a single protocol is specified it will not support SSLv2Hello. Note that SSLv2 and SSLv3 are inherently unsafe. If not specified, the default value of all will be used.

revocationEnabled

boolean revocationEnabled

Should the JSSE provider enable certificate revocation checks? This attribute is intended to enable revocation checks that have been configured for the current JSSE provider via other means. If not specified, a default of false is used.

sslProtocol

java.lang.String sslProtocol

The SSL protocol(s) to use (a single value may enable multiple protocols - see the JVM documentation for details). If not specified, the default is TLS. The permitted values may be obtained from the JVM documentation for the allowed values for algorithm when creating an SSLContext instance

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatAjpProperties extends java.lang.Object implements Serializable

serialVersionUID:

-32143821503580896L

Serialized Fields

allowTrace

boolean allowTrace

A boolean value which can be used to enable or disable the TRACE HTTP method. If not specified, this attribute is set to false.

asyncTimeout

java.lang.String asyncTimeout

The default timeout for asynchronous requests in milliseconds. If not specified, this attribute is set to 10000 (10 seconds).

attributes

java.util.Map<java.lang.String,java.lang.String> attributes

Additional attributes to be set on the AJP connector in form of key-value pairs. Examples include:

• tomcatAuthentication: If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. Note that this principal will have no roles associated with it. The default value is true.
• maxThreads: The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled. If not specified, this attribute is set to 200. If an executor is associated with this connector, this attribute is ignored as the connector will execute tasks using the executor rather than an internal thread pool.
• keepAliveTimeout: The number of milliseconds this Connector will wait for another AJP request before closing the connection. The default value is to use the value that has been set for the connectionTimeout attribute.
• maxCookieCount: The maximum number of cookies that are permitted for a request. A value of less than zero means no limit. If not specified, a default value of 200 will be used.
• bufferSize: The size of the output buffer to use. If less than or equal to zero, then output buffering is disabled. The default value is -1 (i.e. buffering disabled)
• clientCertProvider: When client certificate information is presented in a form other than instances of java.security.cert.X509Certificate it needs to be converted before it can be used and this property controls which JSSE provider is used to perform the conversion. For example it is used with the AJP connectors, the HTTP APR connector and with the org.apache.catalina.valves.SSLValve.If not specified, the default provider will be used.
• connectionTimeout: The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. The default value is infinite (i.e. no timeout).
• address: For servers with more than one IP address, this attribute specifies which address will be used for listening on the specified port. By default, this port will be used on all IP addresses associated with the server. A value of 127.0.0.1 indicates that the Connector will only listen on the loopback interface.

See the Apache Tomcat documentation for a full list.

enabled

boolean enabled

Enable AJP support in CAS for the embedded Apache Tomcat container.

enableLookups

boolean enableLookups

Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.

maxPostSize

int maxPostSize

The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The feature can be disabled by setting this attribute to a value less than or equal to 0. If not specified, this attribute is set to 2097152 (2 megabytes).

port

int port

The TCP port number on which this Connector will create a server socket and await incoming connections. Your operating system will allow only one server application to listen to a particular port number on a particular IP address. If the special value of 0 (zero) is used, then Tomcat will select a free port at random to use for this connector. This is typically only useful in embedded and testing applications.

protocol

java.lang.String protocol

Sets the protocol to handle incoming traffic.

proxyPort

int proxyPort

If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort().

redirectPort

int redirectPort

If this Connector is supporting non-SSL requests, and a request is received for which a matching security-constraint requires SSL transport, Catalina will automatically redirect the request to the port number specified here.

scheme

java.lang.String scheme

Set this attribute to the name of the protocol you wish to have returned by calls to request.getScheme(). For example, you would set this attribute to https for an SSL Connector.

secret

java.lang.String secret

Set the secret that must be included with every request.

secure

boolean secure

Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector (you would want this on an SSL Connector). The default value is false.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatApachePortableRuntimeProperties extends java.lang.Object implements Serializable

serialVersionUID:

8229851352067677264L

Serialized Fields

enabled

boolean enabled

Enable APR mode.

sslCaCertificateFile

java.io.File sslCaCertificateFile

SSL CA certificate file.

sslCaRevocationFile

java.io.File sslCaRevocationFile

SSL CA revocation file.

sslCertificateChainFile

java.io.File sslCertificateChainFile

SSL certificate chain file.

sslCertificateFile

java.io.File sslCertificateFile

SSL certificate file.

sslCertificateKeyFile

java.io.File sslCertificateKeyFile

SSL certificate key file.

sslCipherSuite

java.lang.String sslCipherSuite

SSL cipher suite.

sslDisableCompression

boolean sslDisableCompression

Disable SSL compression.

sslHonorCipherOrder

boolean sslHonorCipherOrder

Honor SSL cipher order.

sslHostConfig

CasEmbeddedApacheSslHostConfigProperties sslHostConfig

Configure the SSL host config for this connector.

sslPassword

java.lang.String sslPassword

SSL password (if a cert is encrypted, and no password has been provided, a callback will ask for a password).

sslProtocol

java.lang.String sslProtocol

SSL verify client.

sslVerifyClient

java.lang.String sslVerifyClient

SSL verify client.

sslVerifyDepth

int sslVerifyDepth

SSL verify depth.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatBasicAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

1164446071136700282L

Serialized Fields

authRoles

java.util.List<java.lang.String> authRoles

Add an authorization role, which is a role name that will be permitted access to the resources protected by this security constraint.

enabled

boolean enabled

Enable Basic authentication for Tomcat.

patterns

java.util.List<java.lang.String> patterns

Add a URL pattern to be part of this web resource collection.

securityRoles

java.util.List<java.lang.String> securityRoles

Security roles for the CAS application.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatClusteringProperties extends java.lang.Object implements Serializable

serialVersionUID:

620356002948464740L

Serialized Fields

channelSendOptions

int channelSendOptions

This option is used to set the flag that all messages sent through the SimpleTcpCluster uses. The flag decides how the messages are sent, and is a simple logical OR.

• 2: SEND_OPTIONS_SYNCHRONIZED_ACK
• 4: SEND_OPTIONS_USE_ACK
• 8: SEND_OPTIONS_ASYNCHRONOUS

cloudMembershipProvider

java.lang.String cloudMembershipProvider

Cloud membership provider, values are case sensitive and only used with clusteringType CLOUD. The different providers rely on environment variables to discover other members of cluster via DNS lookups of the service name or querying kubernetes API. See code or Tomcat documentation for the environment variables that are used.

• kubernetes will use org.apache.catalina.tribes.KubernetesMembershipProvider
• dns will use org.apache.catalina.tribes.DNSMembershipProvider
• Class implementing org.apache.catalina.tribes.MembershipProvider

clusteringType

java.lang.String clusteringType

Accepted values are: DEFAULT, CLOUD. Type of clustering to use, set to CLOUD if using CloudMembershipService.

clusterMembers

java.lang.String clusterMembers

Statically register members in the cluster. The syntax is: address:port:index

enabled

boolean enabled

Enable tomcat session clustering.

expireSessionsOnShutdown

boolean expireSessionsOnShutdown

When a web application is being shutdown, Tomcat issues an expire call to each session to notify all the listeners. If you wish for all sessions to expire on all nodes when a shutdown occurs on one node, set this value to true. Default value is false.

managerType

java.lang.String managerType

Accepted values are: DELTA, BACKUP. Enable all-to-all session replication using the DeltaManager to replicate session deltas. By all-to-all we mean that the session gets replicated to all the other nodes in the cluster. This works great for smaller cluster but we don't recommend it for larger clusters(a lot of Tomcat nodes). Also when using the delta manager it will replicate to all nodes, even nodes that don't have the application deployed. To get around this problem, you'll want to use the BackupManager. This manager only replicates the session data to one backup node, and only to nodes that have the application deployed. Downside of the BackupManager: not quite as battle tested as the delta manager.

membershipAddress

java.lang.String membershipAddress

Multicast address for membership. The multicast address that the membership will broadcast its presence and listen for other heartbeats on. The default value is 228.0.0.4 Make sure your network is enabled for multicast traffic. The multicast address, in conjunction with the port is what creates a cluster group. To divide up your farm into several different group, or to split up QA from production, change the port or the address

membershipDropTime

int membershipDropTime

The membership component will time out members and notify the Channel if a member fails to send a heartbeat within a give time. The default value is 3000 ms. This means, that if a heartbeat is not received from a member in that timeframe, the membership component will notify the cluster of this. On a high latency network you may wish to increase this value, to protect against false positives. Apache Tribes also provides a TcpFailureDetector that will verify a timeout using a TCP connection when a heartbeat timeout has occurred. This protects against false positives.

membershipFrequency

int membershipFrequency

The frequency in milliseconds in which heartbeats are sent out. The default value is 500 ms. In most cases the default value is sufficient. Changing this value, changes the interval in between heartbeats.

membershipLocalLoopbackDisabled

boolean membershipLocalLoopbackDisabled

Membership uses multicast, it will call java.net.MulticastSocket.setLoopbackMode(localLoopbackDisabled). When localLoopbackDisabled==true multicast messages will not reach other nodes on the same local machine. The default is false.

membershipPort

int membershipPort

Multicast port (the port and the address together determine cluster membership. The multicast port, the default value is 45564 The multicast port, in conjunction with the address is what creates a cluster group. To divide up your farm into several different group, or to split up QA from production, change the port or the address

membershipRecoveryCounter

int membershipRecoveryCounter

Membership uses multicast, it will call java.net.MulticastSocket.setLoopbackMode(localLoopbackDisabled). When localLoopbackDisabled==true multicast messages will not reach other nodes on the same local machine. The default is false.

membershipRecoveryEnabled

boolean membershipRecoveryEnabled

In case of a network failure, Java multicast socket don't transparently fail over, instead the socket will continuously throw IOException upon each receive request. When recovery-enabled is set to true, this will close the multicast socket and open a new socket with the same properties as defined above. The default is true.

receiverAddress

java.lang.String receiverAddress

The address (network interface) to listen for incoming traffic.

receiverAutoBind

int receiverAutoBind

Default value is 100. Use this value if you wish to automatically avoid port conflicts the cluster receiver will try to open a server socket on the port attribute port, and then work up autoBind number of times.

receiverMaxThreads

int receiverMaxThreads

Maximum threads configured for the listener. The maximum number of threads in the receiver thread pool. The default value is 6 Adjust this value relative to the number of nodes in the cluster, the number of messages being exchanged and the hardware you are running on. A higher value doesn't mean more efficiency, tune this value according to your own test results.

receiverPort

int receiverPort

The listen port for incoming data. The default value is 4000. To avoid port conflicts the receiver will automatically bind to a free port. So for example, if port is 4000, and autoBind is set to 10, then the receiver will open up a server socket on the first available port in the range 4000-4009.

receiverTimeout

int receiverTimeout

Listener timeout. The value in milliseconds for the polling timeout in the NioReceiver. On older versions of the JDK there have been bugs, that should all now be cleared out where the selector never woke up. The default value is a very high 5000 milliseconds.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatCsrfProperties extends java.lang.Object implements Serializable

serialVersionUID:

-32143821503580896L

Serialized Fields

enabled

boolean enabled

Enable filter.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatExtendedAccessLogProperties extends java.lang.Object implements Serializable

serialVersionUID:

6738161402499196038L

Serialized Fields

directory

java.lang.String directory

Directory name for extended log.

enabled

boolean enabled

Flag to indicate whether extended log facility is enabled.

pattern

java.lang.String pattern

String representing extended log pattern.

prefix

java.lang.String prefix

File name prefix for extended log.

suffix

java.lang.String suffix

File name suffix for extended log.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatHttpProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8809922027350085888L

Serialized Fields

attributes

java.util.Map<java.lang.String,java.lang.String> attributes

Additional attributes to be set on the connector.

enabled

boolean enabled

Enable a separate port for the embedded container for HTTP access.

port

int port

The HTTP port to use.

protocol

java.lang.String protocol

HTTP protocol to use.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatHttpProxyProperties extends java.lang.Object implements Serializable

serialVersionUID:

9129851352067677264L

Serialized Fields

attributes

java.util.Map<java.lang.String,java.lang.String> attributes

Custom attributes to set on the proxy connector.

enabled

boolean enabled

Enable the container running in proxy mode.

protocol

java.lang.String protocol

Proxy protocol to use.

proxyPort

int proxyPort

Proxy port for the proxy.

redirectPort

int redirectPort

Redirect port for the proxy.

scheme

java.lang.String scheme

Scheme used for the proxy.

secret

java.lang.String secret

Set the secret that must be included with every request.

secure

boolean secure

Whether proxy should run in secure mode.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatProperties extends java.lang.Object implements Serializable

serialVersionUID:

-99143821503580896L

Serialized Fields

ajp

CasEmbeddedApacheTomcatAjpProperties ajp

Embedded container AJP settings.

apr

CasEmbeddedApacheTomcatApachePortableRuntimeProperties apr

Embedded container tomcat APR options.

basicAuthn

CasEmbeddedApacheTomcatBasicAuthenticationProperties basicAuthn

Enable basic authentication for the embedded tomcat.

clustering

CasEmbeddedApacheTomcatClusteringProperties clustering

Embedded container tomcat clustering options.

csrf

CasEmbeddedApacheTomcatCsrfProperties csrf

Enable Tomcat's CSRF filter.

extAccessLog

CasEmbeddedApacheTomcatExtendedAccessLogProperties extAccessLog

Configuration properties for access logging beyond defaults.

http

CasEmbeddedApacheTomcatHttpProperties http

Embedded container HTTP port settings as an additional option.

httpProxy

CasEmbeddedApacheTomcatHttpProxyProperties httpProxy

Http proxy configuration properties. In the event that you decide to run CAS without any SSL configuration in the embedded Tomcat container and on a non-secure port yet wish to customize the connector configuration that is linked to the running port (i.e. 8080), this setting may apply.

remoteAddr

CasEmbeddedApacheTomcatRemoteAddressProperties remoteAddr

Enable Tomcat's RemoteAddress filter.

rewriteValve

CasEmbeddedApacheTomcatRewriteValveProperties rewriteValve

Embedded container's rewrite valve setting.

serverName

java.lang.String serverName

Controls the server attribute of the tomcat connector.

socket

CasEmbeddedApacheTomcatSocketProperties socket

Embedded container socket settings. The NIO and NIO2 implementation support the Java TCP socket attributes in addition to the common Connector and HTTP attributes.

sslValve

CasEmbeddedApacheTomcatSslValveProperties sslValve

Embedded container's SSL valve setting.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatRemoteAddressProperties extends java.lang.Object implements Serializable

serialVersionUID:

-32143821503580896L

Serialized Fields

allowedClientIpAddressRegex

java.lang.String allowedClientIpAddressRegex

A regular expression (using java.util.regex) that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST match for this request to be accepted. If this attribute is not specified, all requests will be accepted UNLESS the remote address matches a deny pattern.

deniedClientIpAddressRegex

java.lang.String deniedClientIpAddressRegex

A regular expression (using java.util.regex) that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST NOT match for this request to be accepted. If this attribute is not specified, request acceptance is governed solely by the accept attribute.

enabled

boolean enabled

Enable filter.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatRewriteValveProperties extends java.lang.Object implements Serializable

serialVersionUID:

9030094143985594411L

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatSocketProperties extends java.lang.Object implements Serializable

serialVersionUID:

3280755966422957481L

Serialized Fields

appReadBufSize

int appReadBufSize

Each connection that is opened up in Tomcat get associated with a read ByteBuffer. This attribute controls the size of this buffer. By default this read buffer is sized at 8192 bytes. For lower concurrency, you can increase this to buffer more data. For an extreme amount of keep alive connections, decrease this number or increase your heap size.

appWriteBufSize

int appWriteBufSize

Each connection that is opened up in Tomcat get associated with a write ByteBuffer. This attribute controls the size of this buffer. By default this write buffer is sized at 8192 bytes. For low concurrency you can increase this to buffer more response data. For an extreme amount of keep alive connections, decrease this number or increase your heap size. The default value here is pretty low, you should up it if you are not dealing with tens of thousands concurrent connections.

bufferPool

int bufferPool

The NIO connector uses a class called NioChannel that holds elements linked to a socket. To reduce garbage collection, the NIO connector caches these channel objects. This value specifies the size of this cache. The default value is 500, and represents that the cache will hold 500 NioChannel objects. Other values are -1 for unlimited cache and 0 for no cache.

performanceBandwidth

int performanceBandwidth

An int expressing the relative importance of high bandwidth. Performance preferences are described by three integers whose values indicate the relative importance of short connection time, low latency, and high bandwidth. The absolute values of the integers are irrelevant; in order to choose a protocol the values are compared, with larger values indicating stronger preferences. Negative values disable the setting. If the application prefers short connection time over both low latency and high bandwidth, for example, then it could invoke this method with the values (1, 0, 0). If the application prefers high bandwidth above low latency, and low latency above short connection time, then it could invoke this method with the values (0, 1, 2).

performanceConnectionTime

int performanceConnectionTime

An int expressing the relative importance of a short connection time. Performance preferences are described by three integers whose values indicate the relative importance of short connection time, low latency, and high bandwidth. The absolute values of the integers are irrelevant; in order to choose a protocol the values are compared, with larger values indicating stronger preferences. Negative values disable the setting. If the application prefers short connection time over both low latency and high bandwidth, for example, then it could invoke this method with the values (1, 0, 0). If the application prefers high bandwidth above low latency, and low latency above short connection time, then it could invoke this method with the values (0, 1, 2).

performanceLatency

int performanceLatency

An int expressing the relative importance of low latency. Performance preferences are described by three integers whose values indicate the relative importance of short connection time, low latency, and high bandwidth. The absolute values of the integers are irrelevant; in order to choose a protocol the values are compared, with larger values indicating stronger preferences. Negative values disable the setting. If the application prefers short connection time over both low latency and high bandwidth, for example, then it could invoke this method with the values (1, 0, 0). If the application prefers high bandwidth above low latency, and low latency above short connection time, then it could invoke this method with the values (0, 1, 2).

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatSslValveProperties extends java.lang.Object implements Serializable

serialVersionUID:

3164446071136700242L

Serialized Fields

enabled

boolean enabled

Enable the SSL valve for apache tomcat.

sslCipherHeader

java.lang.String sslCipherHeader

Allows setting a custom name for the ssl_cipher header. If not specified, the default of ssl_cipher is used.

sslCipherUserKeySizeHeader

java.lang.String sslCipherUserKeySizeHeader

Allows setting a custom name for the ssl_cipher_usekeysize header. If not specified, the default of ssl_cipher_usekeysize is used.

sslClientCertHeader

java.lang.String sslClientCertHeader

Allows setting a custom name for the ssl_client_cert header. If not specified, the default of ssl_client_cert is used.

sslSessionIdHeader

java.lang.String sslSessionIdHeader

Allows setting a custom name for the ssl_session_id header. If not specified, the default of ssl_session_id is used.

Package org.apereo.cas.configuration.model.core.web.view

Class org.apereo.cas.configuration.model.core.web.view.Cas10ViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1154879759474698223L

Serialized Fields

attributeRendererType

Cas10ViewProperties.ValidationAttributesRendererTypes attributeRendererType

Indicates how attributes in the final validation response should be formatted. Options available are:

• DEFAULT: The default option implements the rendering strategy specified by the CAS protocol.
• VALUES_PER_LINE: Includes the attribute value on each single line. (Values are comma-separated, if multiple).

Class org.apereo.cas.configuration.model.core.web.view.Cas20ProxyViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

6765987342872282599L

Serialized Fields

failure

java.lang.String failure

The relative location of the CAS2 proxy failure view bean.

success

java.lang.String success

The relative location of the CAS2 proxy success view bean.

Class org.apereo.cas.configuration.model.core.web.view.Cas20ViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7954879759474698003L

Serialized Fields

failure

java.lang.String failure

The relative location of the CAS3 failure view bean.

proxy

Cas20ProxyViewProperties proxy

Proxy views and settings.

success

java.lang.String success

The relative location of the CAS2 success view bean.

v3ForwardCompatible

boolean v3ForwardCompatible

Whether v2 protocol support should be forward compatible to act like v3 and match its response, mainly for attribute release.

Class org.apereo.cas.configuration.model.core.web.view.Cas30ViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

2345062034300650858L

Serialized Fields

attributeRendererType

Cas30ViewProperties.ValidationAttributesRendererTypes attributeRendererType

Indicates how attributes in the final validation response should be formatted. Options available are:

• DEFAULT: The default option implements the rendering strategy specified by the CAS protocol.
• INLINE: Includes the attribute name and value as XML attributes.

failure

java.lang.String failure

The relative location of the CAS3 success validation bean.

success

java.lang.String success

The relative location of the CAS3 success validation bean.

Class org.apereo.cas.configuration.model.core.web.view.CustomLoginFieldViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7122345678378395582L

Serialized Fields

converter

java.lang.String converter

The id of the custom converter to use to convert bound property values.

messageBundleKey

java.lang.String messageBundleKey

The key for this field found in the message bundle used to present a label/text in CAS views.

required

boolean required

Whether this field is required to have a value.

Class org.apereo.cas.configuration.model.core.web.view.RestfulViewProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Class org.apereo.cas.configuration.model.core.web.view.ViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

2719748442042197738L

Serialized Fields

authorizedServicesOnSuccessfulLogin

boolean authorizedServicesOnSuccessfulLogin

When set to true, attempts to calculate and display the list of authorized services for the authenticated user on successful authentication attempts.

cas1

Cas10ViewProperties cas1

CAS1 views and locations.

cas2

Cas20ViewProperties cas2

CAS2 views and locations.

cas3

Cas30ViewProperties cas3

CAS3 views and locations.

customLoginFormFields

java.util.Map<java.lang.String,CustomLoginFieldViewProperties> customLoginFormFields

Additional custom fields that should be displayed on the login form and would be bound to the authentication credential during form-authentication to carry additional metadata and tags. Key is the name of the custom field.

defaultRedirectUrl

java.lang.String defaultRedirectUrl

The default redirect URL if none is specified after a successful authentication event.

rest

RestfulViewProperties rest

Resolve CAS views via REST.

templatePrefixes

java.util.List<java.lang.String> templatePrefixes

Comma separated paths to where CAS templates may be found.

Package org.apereo.cas.configuration.model.support

Class org.apereo.cas.configuration.model.support.ConnectionPoolingProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5307463292890944799L

Serialized Fields

maxSize

int maxSize

Controls the maximum number of connections to keep in the pool, including both idle and in-use connections.

maxWait

java.lang.String maxWait

Sets the maximum time in seconds that this data source will wait while attempting to connect to a database.

A value of zero specifies that the timeout is the default system timeout if there is one; otherwise, it specifies that there is no timeout.

minSize

int minSize

Controls the minimum size that the pool is allowed to reach, including both idle and in-use connections.

suspension

boolean suspension

Whether or not pool suspension is allowed.

There is a performance impact when pool suspension is enabled. Unless you need it (for a redundancy system for example) do not enable it.

timeoutMillis

long timeoutMillis

The maximum number of milliseconds that the pool will wait for a connection to be validated as alive.

Package org.apereo.cas.configuration.model.support.acme

Class org.apereo.cas.configuration.model.support.acme.AcmeProperties extends java.lang.Object implements Serializable

serialVersionUID:

-561637865919944706L

Serialized Fields

domainChain

SpringResourceProperties domainChain

Define the domain's chain certificate file as a resource.

domainCsr

SpringResourceProperties domainCsr

Define the domains's CSR file as a resource.

domainKey

SpringResourceProperties domainKey

Define the domain's key file as a resource.

domains

java.util.List<java.lang.String> domains

List of domains or sub domains that are requesting a certificate renewal.

keySize

int keySize

Indicate the key length/size used when requesting/generating keys.

retryAttempts

int retryAttempts

Number of attempts to retry when executing certificate orders or checking for status of an existing order or challenge acknowledgement.

retryInternal

java.lang.String retryInternal

Delay interval between to retry attempts when executing certificate orders or checking for status of an existing order or challenge acknowledgement.

serverUrl

java.lang.String serverUrl

Server url to contact, when requesting certificates. Use acme://letsencrypt.org for production.

termsOfUseAccepted

boolean termsOfUseAccepted

Flag that indicates ACME terms of use has been accepted by the user.

userKey

SpringResourceProperties userKey

Define the user's key file as a resource.

Package org.apereo.cas.configuration.model.support.analytics

Class org.apereo.cas.configuration.model.support.analytics.GoogleAnalyticsCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

-5432498833437602657L

Serialized Fields

attributeName

java.lang.String attributeName

Attribute name to collect from the authentication event to serve as the cookie value.

attributeValuePattern

java.lang.String attributeValuePattern

A regular expression pattern that is tested against attribute values to only release and allow those that produce a successful match.

Class org.apereo.cas.configuration.model.support.analytics.GoogleAnalyticsProperties extends java.lang.Object implements Serializable

serialVersionUID:

5425678120443123345L

Serialized Fields

cookie

GoogleAnalyticsCookieProperties cookie

Cookie settings to be used with google analytics.

googleAnalyticsTrackingId

java.lang.String googleAnalyticsTrackingId

The tracking id. Configuring the tracking activated google analytics in CAS on UI views, etc.

Package org.apereo.cas.configuration.model.support.aup

Class org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7703477581675908899L

Serialized Fields

aupAttributeName

java.lang.String aupAttributeName

AUP attribute to choose in order to determine whether policy has been accepted or not. The attribute is expected to contain a boolean value where true indicates policy has been accepted and false indicates otherwise. The attribute is fetched for the principal from configured sources and compared for the right match to determine policy status. If the attribute is not found, the policy status is considered as denied.

aupPolicyTermsAttributeName

java.lang.String aupPolicyTermsAttributeName

AUP attribute to choose whose single value dictates how CAS should fetch the policy terms from the relevant message bundles.

enabled

boolean enabled

Allows AUP to be turned off on startup.

Class org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7703477581675908899L

Serialized Fields

core

AcceptableUsagePolicyCoreProperties core

Core configuration settings that control common AUP behavior are captured here.

couchbase

CouchbaseAcceptableUsagePolicyProperties couchbase

Control AUP via Couchbase.

couchDb

CouchDbAcceptableUsagePolicyProperties couchDb

Control AUP via CouchDb.

groovy

GroovyAcceptableUsagePolicyProperties groovy

Control AUP Groovy.

inMemory

InMemoryAcceptableUsagePolicyProperties inMemory

Control AUP backed by runtime's memory.

jdbc

JdbcAcceptableUsagePolicyProperties jdbc

Control AUP via Redis.

ldap

java.util.List<LdapAcceptableUsagePolicyProperties> ldap

Control AUP via LDAP.

mongo

MongoDbAcceptableUsagePolicyProperties mongo

Control AUP via a MongoDb database resource.

redis

RedisAcceptableUsagePolicyProperties redis

Control AUP via Redis.

rest

RestAcceptableUsagePolicyProperties rest

Control AUP via Redis.

Class org.apereo.cas.configuration.model.support.aup.CouchbaseAcceptableUsagePolicyProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

2323894615409106853L

Class org.apereo.cas.configuration.model.support.aup.CouchDbAcceptableUsagePolicyProperties extends BaseAsynchronousCouchDbProperties implements Serializable

serialVersionUID:

1323894615409106853L

Class org.apereo.cas.configuration.model.support.aup.GroovyAcceptableUsagePolicyProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

9164227843747126083L

Class org.apereo.cas.configuration.model.support.aup.InMemoryAcceptableUsagePolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

8164227843747126083L

Serialized Fields

scope

InMemoryAcceptableUsagePolicyProperties.Scope scope

Scope of map where the aup selection is stored.

Class org.apereo.cas.configuration.model.support.aup.JdbcAcceptableUsagePolicyProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-1325011278378393385L

Serialized Fields

aupColumn

java.lang.String aupColumn

The column to store the AUP attribute. May differ from the profile attribute defined by AcceptableUsagePolicyCoreProperties#getAupAttributeName(). SQL query can be further customized by setting JdbcAcceptableUsagePolicyProperties.sqlUpdate.

principalIdAttribute

java.lang.String principalIdAttribute

The profile attribute to extract the value for the JdbcAcceptableUsagePolicyProperties.principalIdColumn used in the WHERE clause of JdbcAcceptableUsagePolicyProperties.sqlUpdate. If empty, the principal ID will be used.

principalIdColumn

java.lang.String principalIdColumn

The column to identify the principal. SQL query can be further customized by setting JdbcAcceptableUsagePolicyProperties.sqlUpdate.

sqlSelect

java.lang.String sqlSelect

The query template to search for the AUP attribute. %s placeholders represent JdbcAcceptableUsagePolicyProperties.aupColumn, JdbcAcceptableUsagePolicyProperties.tableName, JdbcAcceptableUsagePolicyProperties.principalIdColumn settings.

sqlUpdate

java.lang.String sqlUpdate

The query template to update the AUP attribute. %s placeholders represent JdbcAcceptableUsagePolicyProperties.tableName, JdbcAcceptableUsagePolicyProperties.aupColumn, JdbcAcceptableUsagePolicyProperties.principalIdColumn settings.

tableName

java.lang.String tableName

The table name in the database that holds the AUP attribute to update for the user.

Class org.apereo.cas.configuration.model.support.aup.LdapAcceptableUsagePolicyProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-7991011278378393382L

Serialized Fields

aupAcceptedAttributeValue

java.lang.String aupAcceptedAttributeValue

Attribute value that indicates whether AUP has been accepted for the LDAP record.

Class org.apereo.cas.configuration.model.support.aup.MongoDbAcceptableUsagePolicyProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Class org.apereo.cas.configuration.model.support.aup.RedisAcceptableUsagePolicyProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-2147683393318585262L

Class org.apereo.cas.configuration.model.support.aup.RestAcceptableUsagePolicyProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Package org.apereo.cas.configuration.model.support.aws

Class org.apereo.cas.configuration.model.support.aws.AmazonS3ServiceRegistryProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-6790277338807046269L

Class org.apereo.cas.configuration.model.support.aws.AmazonSecurityTokenServiceProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

5426637051495147084L

Serialized Fields

principalAttributeName

java.lang.String principalAttributeName

Attribute name that must be found and resolved for the principal to authorize the user to proceed with obtaining credentials.

principalAttributeValue

java.lang.String principalAttributeValue

Attribute value, defined as a regex pattern that must be found and resolved for the principal to authorize the user to proceed with obtaining credentials.

rbacEnabled

boolean rbacEnabled

When set to true, credentials will be obtained based on roles as attributes resolved for the user. Typically, you could use roles wthin your account or for cross-account access.

When set to true, the #getPrincipalAttributeName() must contain roleArns as values.

Class org.apereo.cas.configuration.model.support.aws.BaseAmazonWebServicesProperties extends java.lang.Object implements Serializable

serialVersionUID:

6426637051495147084L

Serialized Fields

clientExecutionTimeout

java.lang.String clientExecutionTimeout

Client execution timeout.

connectionTimeout

java.lang.String connectionTimeout

Connection timeout.

credentialAccessKey

java.lang.String credentialAccessKey

Use access-key provided by AWS to authenticate.

credentialSecretKey

java.lang.String credentialSecretKey

Use secret key provided by AWS to authenticate.

endpoint

java.lang.String endpoint

AWS custom endpoint.

localAddress

java.lang.String localAddress

Local address.

maxConnections

int maxConnections

Maximum connections setting.

profileName

java.lang.String profileName

Profile name to use.

profilePath

java.lang.String profilePath

Profile path.

proxyHost

java.lang.String proxyHost

Optionally specifies the proxy host to connect through.

proxyPassword

java.lang.String proxyPassword

Optionally specifies the proxy password to connect through.

proxyUsername

java.lang.String proxyUsername

Optionally specifies the proxy username to connect through.

region

java.lang.String region

AWS region used.

retryMode

java.lang.String retryMode

Outline the requested retry mode. Accepted values are STANDARD, LEGACY.

socketTimeout

java.lang.String socketTimeout

Socket timeout.

useReaper

boolean useReaper

Flag that indicates whether to use reaper.

Package org.apereo.cas.configuration.model.support.azuread

Class org.apereo.cas.configuration.model.support.azuread.AzureActiveDirectoryAttributesProperties extends java.lang.Object implements Serializable

serialVersionUID:

-12055975558426360L

Serialized Fields

apiBaseUrl

java.lang.String apiBaseUrl

Base API url used to contact microsoft graph for calls.

attributes

java.lang.String attributes

Comma-separated attributes and user properties to fetch from microsoft graph. If attributes are specified here, they would be the only ones requested and fetched. If this field is left blank, a default set of attributes are fetched and returned.

caseInsensitive

boolean caseInsensitive

Whether attribute repository should consider the underlying attribute names in a case-insensitive manner.

clientId

java.lang.String clientId

Client id of the registered app in microsoft azure portal.

clientSecret

java.lang.String clientSecret

Client secret of the registered app in microsoft azure portal.

domain

java.lang.String domain

Domain that is appended to usernames when doing lookups. The @ is automatically included.

grantType

java.lang.String grantType

Grant type used to fetch access tokens; defaults to client_credentials.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

loggingLevel

java.lang.String loggingLevel

Adjust the logging level of the API calls. Defaults to basic. Accepted values are none,headers,basic,body.

loginBaseUrl

java.lang.String loginBaseUrl

Base login url used to fetch access tokens.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

resource

java.lang.String resource

Resource to fetch access tokens for; defaults to the graph api url.

scope

java.lang.String scope

Scope used when fetching access tokens.

tenant

java.lang.String tenant

The microsoft tenant id.

Class org.apereo.cas.configuration.model.support.azuread.AzureActiveDirectoryAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-21355975558426360L

Serialized Fields

clientId

java.lang.String clientId

Client id of the application.

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate.
• 3) Path to an external Groovy script that implements the same interface.

loginUrl

java.lang.String loginUrl

Login url including the tenant id.

name

java.lang.String name

The name of the authentication handler.

order

int order

The order of this authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

resource

java.lang.String resource

Resource url for the graph API to fetch attributes.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Package org.apereo.cas.configuration.model.support.captcha

Class org.apereo.cas.configuration.model.support.captcha.GoogleRecaptchaProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8955074129123813915L

Serialized Fields

enabled

boolean enabled

Whether google reCAPTCHA should be enabled.

invisible

boolean invisible

Whether google reCAPTCHA invisible should be enabled.

position

java.lang.String position

The google reCAPTCHA badge position (only if invisible is enabled). Accepted values are:

• bottomright: bottom right corner, default value.
• bottomleft: bottom left corner
• inline: allows to control the CSS.

score

double score

reCAPTCHA v3 returns a score (1.0 is very likely a good interaction, 0.0 is very likely a bot). reCAPTCHA learns by seeing real traffic on your site. For this reason, scores in a staging environment or soon after implementing may differ from production. As reCAPTCHA v3 doesn't ever interrupt the user flow, you can first run reCAPTCHA without taking action and then decide on thresholds by looking at your traffic in the admin console. By default, you can use a threshold of 0.5.

secret

java.lang.String secret

The google reCAPTCHA site secret.

siteKey

java.lang.String siteKey

The google reCAPTCHA site key.

verifyUrl

java.lang.String verifyUrl

The google reCAPTCHA endpoint for verification of tokens and input.

version

GoogleRecaptchaProperties.RecaptchaVersions version

Indicate the version of the recaptcha api. Accepted values are: V2, V3.

Package org.apereo.cas.configuration.model.support.cassandra.authentication

Class org.apereo.cas.configuration.model.support.cassandra.authentication.BaseCassandraProperties extends java.lang.Object implements Serializable

serialVersionUID:

3708645268337674572L

Serialized Fields

consistencyLevel

java.lang.String consistencyLevel

Query option consistency level. The consistency level set through this method will be use for queries that don't explicitly have a consistency level. Accepted values are:ALL, ANY, EACH_QUORUM, LOCAL_ONE, LOCAL_QUORUM, LOCAL_SERIAL, ONE, QUORUM, SERIAL, THREE, TWO.

contactPoints

java.util.List<java.lang.String> contactPoints

The list of contact points to use for the new cluster.

keyspace

java.lang.String keyspace

Keyspace address to use where the cluster would connect.

localDc

java.lang.String localDc

Used by a DC-ware round-robin load balancing policy. This policy provides round-robin queries over the node of the local data center. It also includes in the query plans returned a configurable number of hosts in the remote data centers, but those are always tried after the local nodes. In other words, this policy guarantees that no host in a remote data center will be queried unless no host in the local data center can be reached.

password

java.lang.String password

Password to bind and establish a connection to cassandra.

serialConsistencyLevel

java.lang.String serialConsistencyLevel

Query option serial consistency level. The serial consistency level set through this method will be use for queries that don't explicitly have a serial consistency level. Accepted values are:ALL, ANY, EACH_QUORUM, LOCAL_ONE, LOCAL_QUORUM, LOCAL_SERIAL, ONE, QUORUM, SERIAL, THREE, TWO.

timeout

java.lang.String timeout

The request timeout. This defines how long the driver will wait for a given Cassandra node to answer a query.

username

java.lang.String username

Username to bind and establish a connection to cassandra.

Class org.apereo.cas.configuration.model.support.cassandra.authentication.CassandraAuthenticationProperties extends BaseCassandraProperties implements Serializable

serialVersionUID:

1369405266376125234L

Serialized Fields

name

java.lang.String name

Name of the authentication handler.

order

java.lang.Integer order

The authentication handler order in the chain.

passwordAttribute

java.lang.String passwordAttribute

Password attribute to fetch and compare.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding settings for this authentication.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

query

java.lang.String query

The authentication query to use when searching for users.

tableName

java.lang.String tableName

Table name to fetch credentials.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch and compare.

Package org.apereo.cas.configuration.model.support.cassandra.serviceregistry

Class org.apereo.cas.configuration.model.support.cassandra.serviceregistry.CassandraServiceRegistryProperties extends BaseCassandraProperties implements Serializable

serialVersionUID:

-1835394847251801709L

Package org.apereo.cas.configuration.model.support.cassandra.ticketregistry

Class org.apereo.cas.configuration.model.support.cassandra.ticketregistry.CassandraTicketRegistryProperties extends BaseCassandraProperties implements Serializable

serialVersionUID:

-2468250557119133004L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

dropTablesOnStartup

boolean dropTablesOnStartup

Flag that indicates whether to drop tables on start up.

Package org.apereo.cas.configuration.model.support.clearpass

Class org.apereo.cas.configuration.model.support.clearpass.ClearpassProperties extends java.lang.Object implements Serializable

serialVersionUID:

6047778458053531460L

Serialized Fields

cacheCredential

boolean cacheCredential

Enable clearpass and allow CAS to cache credentials.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the password captured.

Package org.apereo.cas.configuration.model.support.clouddirectory

Class org.apereo.cas.configuration.model.support.clouddirectory.AmazonCloudDirectoryProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

6725526133973304269L

Serialized Fields

directoryArn

java.lang.String directoryArn

Directory ARN.

facetName

java.lang.String facetName

Facet name.

name

java.lang.String name

The name of the authentication handler.

order

int order

The order of this authentication handler in the chain.

passwordAttributeName

java.lang.String passwordAttributeName

Password attribute to choose on the entry to compare.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

schemaArn

java.lang.String schemaArn

Schema ARN.

usernameAttributeName

java.lang.String usernameAttributeName

Username attribute to choose when locating accounts.

usernameIndexPath

java.lang.String usernameIndexPath

Username index path.

Package org.apereo.cas.configuration.model.support.cognito

Class org.apereo.cas.configuration.model.support.cognito.AmazonCognitoAuthenticationProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-4748558614314096213L

Serialized Fields

clientId

java.lang.String clientId

The application client id, created in Cognito without a secret key.

mappedAttributes

java.util.Map<java.lang.String,java.lang.String> mappedAttributes

Map of attributes to rename after fetching from the user pool. Mapped attributes are defined using a key-value structure where CAS allows the attribute name/key to be renamed virtually to a different attribute. The key is the attribute fetched from the user pool and the value is the attribute name CAS should use for virtual renames.

name

java.lang.String name

The name of the authentication handler.

order

int order

The order of this authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

userPoolId

java.lang.String userPoolId

The user pool identifiers where accounts may be located.

Package org.apereo.cas.configuration.model.support.consent

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties extends java.lang.Object implements Serializable

serialVersionUID:

5201308051524438384L

Serialized Fields

activationStrategyGroovyScript

SpringResourceProperties activationStrategyGroovyScript

Path to script that determines the activation rules for consent-enabled transactions.

active

boolean active

Whether consent functionality should be globally applicapable to all applications and requests.

couchDb

CouchDbConsentProperties couchDb

Keep consent decisions stored via a CouchDb database resource.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Signing/encryption settings.

enabled

boolean enabled

Whether consent functionality should be enabled.

groovy

GroovyConsentProperties groovy

Keep consent decisions stored via a Groovy resource.

jpa

JpaConsentProperties jpa

Keep consent decisions stored via JDBC resources.

json

JsonConsentProperties json

Keep consent decisions stored via a static JSON resource.

ldap

LdapConsentProperties ldap

Keep consent decisions stored via LDAP user records.

mongo

MongoDbConsentProperties mongo

Keep consent decisions stored via a MongoDb database resource.

redis

RedisConsentProperties redis

Keep consent decisions stored via Redis.

reminder

long reminder

Global reminder time unit, to reconfirm consent in cases no changes are detected.

reminderTimeUnit

java.time.temporal.ChronoUnit reminderTimeUnit

Global reminder time unit of measure, to reconfirm consent in cases no changes are detected.

rest

RestfulConsentProperties rest

Keep consent decisions stored via REST.

webflow

WebflowAutoConfigurationProperties webflow

The webflow configuration.

Class org.apereo.cas.configuration.model.support.consent.CouchDbConsentProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

8184753250455916462L

Class org.apereo.cas.configuration.model.support.consent.GroovyConsentProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

7079027843747126083L

Class org.apereo.cas.configuration.model.support.consent.JpaConsentProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

1646689616653363554L

Class org.apereo.cas.configuration.model.support.consent.JsonConsentProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

7079027843747126083L

Class org.apereo.cas.configuration.model.support.consent.LdapConsentProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

1L

Serialized Fields

consentAttributeName

java.lang.String consentAttributeName

Name of LDAP attribute that holds consent decisions as JSON.

type

AbstractLdapProperties.LdapType type

Type of LDAP directory.

Class org.apereo.cas.configuration.model.support.consent.MongoDbConsentProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Class org.apereo.cas.configuration.model.support.consent.RedisConsentProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-1347683393318585262L

Class org.apereo.cas.configuration.model.support.consent.RestfulConsentProperties extends BaseRestEndpointProperties implements Serializable

serialVersionUID:

-6909617495470495341L

Package org.apereo.cas.configuration.model.support.cookie

Class org.apereo.cas.configuration.model.support.cookie.CookieProperties extends java.lang.Object implements Serializable

serialVersionUID:

6804770601645126835L

Serialized Fields

comment

java.lang.String comment

CAS Cookie comment, describes the cookie's usage and purpose.

domain

java.lang.String domain

Cookie domain. Specifies the domain within which this cookie should be presented. The form of the domain name is specified by RFC 2965. A domain name begins with a dot (.foo.com) and means that the cookie is visible to servers in a specified Domain Name System (DNS) zone (for example, www.foo.com, but not a.b.foo.com). By default, cookies are only returned to the server that sent them.

httpOnly

boolean httpOnly

true if this cookie contains the HttpOnly attribute. This means that the cookie should not be accessible to scripting engines, like javascript.

maxAge

int maxAge

The maximum age of the cookie, specified in seconds. By default, -1 indicating the cookie will persist until browser shutdown. A positive value indicates that the cookie will expire after that many seconds have passed. Note that the value is the maximum age when the cookie will expire, not the cookie's current age. A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.

name

java.lang.String name

Cookie name. Constructs a cookie with a specified name and value. The name must conform to RFC 2965. That means it can contain only ASCII alphanumeric characters and cannot contain commas, semicolons, or white space or begin with a $ character. The cookie's name cannot be changed after creation. By default, cookies are created according to the RFC 2965 cookie specification. Cookie names are automatically calculated assigned by CAS at runtime, and there is usually no need to customize the name or assign it a different value unless a special use case warrants the change.

path

java.lang.String path

Cookie path. Specifies a path for the cookie to which the client should return the cookie. The cookie is visible to all the pages in the directory you specify, and all the pages in that directory's subdirectories. A cookie's path must include the servlet that set the cookie, for example, /catalog, which makes the cookie visible to all directories on the server under /catalog. Consult RFC 2965 (available on the Internet) for more information on setting path names for cookies.

sameSitePolicy

java.lang.String sameSitePolicy

If a cookie is only intended to be accessed in a first party context, the developer has the option to apply one of settings SameSite=Lax or SameSite=Strict or SameSite=None to prevent external access.

To safeguard more websites and their users, the new secure-by-default model assumes all cookies should be protected from external access unless otherwise specified. Developers must use a new cookie setting, SameSite=None, to designate cookies for cross-site access. When the SameSite=None attribute is present, an additional Secure attribute is used so cross-site cookies can only be accessed over HTTPS connections.

Accepted values are: Lax, Strict, None.

secure

boolean secure

True if sending this cookie should be restricted to a secure protocol, or false if the it can be sent using any protocol.

Class org.apereo.cas.configuration.model.support.cookie.PinnableCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

-7643955577897341936L

Serialized Fields

allowedIpAddressesPattern

java.lang.String allowedIpAddressesPattern

A regular expression pattern that indicates the set of allowed IP addresses, when #isPinToSession() is cofigured. In the event that there is a mismatch between the cookie IP address and the current request-provided IP address (i.e. network switches, VPN, etc), the cookie can still be considered valid if the new IP address matches the pattern specified here.

pinToSession

boolean pinToSession

When generating cookie values, determine whether the value should be compounded and signed with the properties of the current session, such as IP address, user-agent, etc.

Class org.apereo.cas.configuration.model.support.cookie.TicketGrantingCookieProperties extends PinnableCookieProperties implements Serializable

serialVersionUID:

7392972818105536350L

Serialized Fields

autoConfigureCookiePath

boolean autoConfigureCookiePath

Decide if cookie paths should be automatically configured based on the application context path, when the cookie path is not configured.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that determine how the cookie should be signed and encrypted.

rememberMeMaxAge

java.lang.String rememberMeMaxAge

If remember-me is enabled, specifies the maximum age of the cookie.

Class org.apereo.cas.configuration.model.support.cookie.WarningCookieProperties extends PinnableCookieProperties implements Serializable

serialVersionUID:

-266090748600049578L

Serialized Fields

autoConfigureCookiePath

boolean autoConfigureCookiePath

Decide if cookie paths should be automatically configured based on the application context path, when the cookie path is not configured.

Package org.apereo.cas.configuration.model.support.cosmosdb

Class org.apereo.cas.configuration.model.support.cosmosdb.BaseCosmosDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

2528153816791719898L

Serialized Fields

allowTelemetry

boolean allowTelemetry

Whether telemetry should be enabled by default.

consistencyLevel

java.lang.String consistencyLevel

Document Db consistency level. Azure Cosmos DB is designed from the ground up with global distribution in mind for every data model. It is designed to offer predictable low latency guarantees, a 99.99% availability SLA, and multiple well-defined relaxed consistency models. Currently, Azure Cosmos DB provides five consistency levels: strong, bounded-staleness, session, consistent prefix, and eventual. Besides strong and eventual consistency models commonly offered by distributed databases, Azure Cosmos DB offers three more carefully codified and operationalized consistency models, and has validated their usefulness against real world use cases. These are the bounded staleness, session, and consistent prefix consistency levels. Collectively these five consistency levels enable you to make well-reasoned trade-offs between consistency, availability, and latency. Accepted values are:

• Strong: Linearizability
• Session: Consistent Prefix. Monotonic reads, monotonic writes, read-your-writes, write-follows-reads
• Eventual: Out of order reads
• BoundedStaleness: Consistent Prefix. Reads lag behind writes by k prefixes or t interval
• ConsistentPrefix: Updates returned are some prefix of all the updates, with no gaps

database

java.lang.String database

Database name.

dropCollection

boolean dropCollection

Whether collections should be dropped on startup and re-created.

indexingMode

java.lang.String indexingMode

Specifies the supported indexing modes in the Azure Cosmos DB database service. Accepted values are:

• Consistent: Index is updated synchronously with a create or update operation. With consistent indexing, query behavior is the same as the default consistency level for the collection. The index is always kept up to date with the data.
• Lazy: Index is updated asynchronously with respect to a create or update operation. With lazy indexing, queries are eventually consistent. The index is updated when the collection is idle.
• None: No index is provided. Setting IndexingMode to "None" drops the index. Use this if you don't want to maintain the index for a document collection, to save the storage cost or improve the write throughput. Your queries will degenerate to scans of the entire collection.

key

java.lang.String key

Document Db master key.

throughput

int throughput

Database throughput usually between 400 or 100,000.

uri

java.lang.String uri

Document Db host address (i.e. https://localhost:8081).

Class org.apereo.cas.configuration.model.support.cosmosdb.CosmosDbServiceRegistryProperties extends BaseCosmosDbProperties implements Serializable

serialVersionUID:

6194689836396653458L

Serialized Fields

collection

java.lang.String collection

Collection to store CAS service definitions.

Package org.apereo.cas.configuration.model.support.couchbase

Class org.apereo.cas.configuration.model.support.couchbase.BaseCouchbaseProperties extends java.lang.Object implements Serializable

serialVersionUID:

6550895842866988551L

Serialized Fields

addresses

java.util.List<java.lang.String> addresses

Node addresses.

bucket

java.lang.String bucket

Bucket name.

clusterPassword

java.lang.String clusterPassword

Cluster password.

clusterUsername

java.lang.String clusterUsername

Cluster username.

connectionTimeout

java.lang.String connectionTimeout

String representation of connection timeout.

idleConnectionTimeout

java.lang.String idleConnectionTimeout

String representation of idle connection timeout.

kvTimeout

java.lang.String kvTimeout

String representation of KV timeout.

maxHttpConnections

int maxHttpConnections

Maximum number of connections made to the cluster.

maxNumRequestsInRetry

long maxNumRequestsInRetry

Allows to customize the maximum number of requests allowed in the retry timer.

maxParallelism

int maxParallelism

Maximum number of parallel threads made for queries.

queryThreshold

java.lang.String queryThreshold

String representation of query threshold.

queryTimeout

java.lang.String queryTimeout

String representation of query timeout.

scanConsistency

java.lang.String scanConsistency

Query scan consistency. By default, the query engine will return whatever is currently in the index at the time of query (this mode is also called NOT_BOUNDED). If you need to include everything that has just been written, a different scan consistency must be chosen. If REQUEST_PLUS is chosen, it will likely take a bit longer to return the results but the query engine will make sure that it is as up-to-date as possible. Accepted values are: NOT_BOUNDED, REQUEST_PLUS.

scanWaitTimeout

java.lang.String scanWaitTimeout

String representation of scan timeout.

searchTimeout

java.lang.String searchTimeout

String representation of search timeout.

viewTimeout

java.lang.String viewTimeout

String representation of view timeout.

Package org.apereo.cas.configuration.model.support.couchbase.authentication

Class org.apereo.cas.configuration.model.support.couchbase.authentication.CouchbaseAuthenticationProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

-7257332242368463818L

Serialized Fields

name

java.lang.String name

The name of the authentication handler.

order

int order

Order of authentication handler in chain.

passwordAttribute

java.lang.String passwordAttribute

Password attribute to fetch and compare against credential.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for this handler.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch and compare against credential.

Class org.apereo.cas.configuration.model.support.couchbase.authentication.CouchbasePrincipalAttributesProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

-6573755681498251678L

Serialized Fields

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch attributes by.

Package org.apereo.cas.configuration.model.support.couchbase.serviceregistry

Class org.apereo.cas.configuration.model.support.couchbase.serviceregistry.CouchbaseServiceRegistryProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

-4975171412161962007L

Package org.apereo.cas.configuration.model.support.couchbase.ticketregistry

Class org.apereo.cas.configuration.model.support.couchbase.ticketregistry.CouchbaseTicketRegistryProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

2123040809519673836L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.couchdb

Class org.apereo.cas.configuration.model.support.couchdb.BaseAsynchronousCouchDbProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

-7920471433876478891L

Serialized Fields

asynchronous

boolean asynchronous

Make DB updates asynchronously.

Class org.apereo.cas.configuration.model.support.couchdb.BaseCouchDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

1323894615409106853L

Serialized Fields

caching

boolean caching

Use a local cache to reduce fetches..

cleanupIdleConnections

boolean cleanupIdleConnections

Remove idle connections from pool.

connectionTimeout

int connectionTimeout

TCP connection timeout.

createIfNotExists

boolean createIfNotExists

Create the database if it doesn't exist.

dbName

java.lang.String dbName

Database name.

enableSsl

boolean enableSsl

Use TLS. Only needed if not specified by URL.

maxCacheEntries

int maxCacheEntries

Max entries in local cache.

maxConnections

int maxConnections

Maximum connections to CouchDB.

maxObjectSizeBytes

int maxObjectSizeBytes

Largest allowable serialized object.

password

java.lang.String password

Password for connection.

proxyHost

java.lang.String proxyHost

Proxy host.

proxyPort

int proxyPort

proxy port.

relaxedSslSettings

boolean relaxedSslSettings

Relax TLS settings–like certificate verification.

retries

int retries

Retries for update conflicts.

socketTimeout

int socketTimeout

Socket idle timeout.

url

java.lang.String url

Connection url.

useExpectContinue

boolean useExpectContinue

Expect HTTP 100 Continue during connection.

username

java.lang.String username

Username for connection.

Package org.apereo.cas.configuration.model.support.couchdb.authentication

Class org.apereo.cas.configuration.model.support.couchdb.authentication.CouchDbAuthenticationProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

1830797033934229732L

Serialized Fields

attributes

java.lang.String attributes

Attributes to fetch from CouchDb.

name

java.lang.String name

The name of the authentication handler.

order

int order

Order of authentication handler in chain.

passwordAttribute

java.lang.String passwordAttribute

Password attribute to fetch and compare against credential.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for this handler.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch and compare against credential.

Package org.apereo.cas.configuration.model.support.couchdb.serviceregistry

Class org.apereo.cas.configuration.model.support.couchdb.serviceregistry.CouchDbServiceRegistryProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

-5101551655756163621L

Package org.apereo.cas.configuration.model.support.couchdb.ticketregistry

Class org.apereo.cas.configuration.model.support.couchdb.ticketregistry.CouchDbTicketRegistryProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

6895485069081125319L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.custom

Class org.apereo.cas.configuration.model.support.custom.CasCustomProperties extends java.lang.Object implements Serializable

serialVersionUID:

5354004353286722083L

Serialized Fields

properties

java.util.Map<java.lang.String,java.lang.String> properties

Collection of custom settings that can be utilized for a local deployment. The settings should be available to CAS views and webflows for altering UI and/or introducing custom behavior to any extended customized component without introducing a new property namespace. This is defined as a map, where the key should be the setting name and the value should be the setting value.

Package org.apereo.cas.configuration.model.support.digest

Class org.apereo.cas.configuration.model.support.digest.DigestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7920128284733546444L

Serialized Fields

authenticationMethod

java.lang.String authenticationMethod

Authentication method used when creating digest header.

name

java.lang.String name

Name of the authentication handler.

order

java.lang.Integer order

Order of the authentication handler in the chain.

realm

java.lang.String realm

The digest realm to use.

users

java.util.Map<java.lang.String,java.lang.String> users

Static/stub list of username and passwords to accept if no other account store is defined.

Package org.apereo.cas.configuration.model.support.dynamodb

Class org.apereo.cas.configuration.model.support.dynamodb.AbstractDynamoDbProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-8349917272283787550L

Serialized Fields

billingMode

AbstractDynamoDbProperties.BillingMode billingMode

Billing mode specifies how you are charged for read and write throughput and how you manage capacity.

dropTablesOnStartup

boolean dropTablesOnStartup

Flag that indicates whether to drop tables on start up.

localInstance

boolean localInstance

Indicates that the database instance is local to the deployment that does not require or use any credentials or other configuration other than host and region. This is mostly used during development and testing.

preventTableCreationOnStartup

boolean preventTableCreationOnStartup

Flag that indicates whether to prevent CAS from creating tables.

readCapacity

long readCapacity

Read capacity.

timeOffset

int timeOffset

Time offset.

writeCapacity

long writeCapacity

Write capacity.

Class org.apereo.cas.configuration.model.support.dynamodb.AuditDynamoDbProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

102540148774854955L

Serialized Fields

asynchronous

boolean asynchronous

Make storage requests asynchronously.

tableName

java.lang.String tableName

The table name used and created by CAS to hold audit logs in DynamoDb.

Class org.apereo.cas.configuration.model.support.dynamodb.DynamoDbServiceRegistryProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

809653348774854955L

Serialized Fields

tableName

java.lang.String tableName

The table name used and created by CAS to hold service definitions in DynamoDb.

Class org.apereo.cas.configuration.model.support.dynamodb.DynamoDbTicketRegistryProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

699497009058965681L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

proxyGrantingTicketsTableName

java.lang.String proxyGrantingTicketsTableName

The table name used and created by CAS to hold proxy ticket granting tickets in DynamoDb.

proxyTicketsTableName

java.lang.String proxyTicketsTableName

The table name used and created by CAS to hold proxy tickets in DynamoDb.

serviceTicketsTableName

java.lang.String serviceTicketsTableName

The table name used and created by CAS to hold service tickets in DynamoDb.

ticketGrantingTicketsTableName

java.lang.String ticketGrantingTicketsTableName

The table name used and created by CAS to hold ticket granting tickets in DynamoDb.

transientSessionTicketsTableName

java.lang.String transientSessionTicketsTableName

The table name used and created by CAS to hold transient session ticket tickets in DynamoDb.

Class org.apereo.cas.configuration.model.support.dynamodb.DynamoDbTrustedDevicesMultifactorProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

102540148774854955L

Serialized Fields

tableName

java.lang.String tableName

The table name used and created by CAS to hold mfa trust definitions in DynamoDb.

Package org.apereo.cas.configuration.model.support.ehcache

Class org.apereo.cas.configuration.model.support.ehcache.Ehcache3Properties extends java.lang.Object implements Serializable

serialVersionUID:

7772510035918976450L

Serialized Fields

clusterConnectionTimeout

long clusterConnectionTimeout

Timeout when connecting to Terracotta cluster.

clusteredCacheConsistency

Ehcache3Properties.Consistency clusteredCacheConsistency

Cluster consistency may be STRONG or EVENTUAL.

clusterReadWriteTimeout

long clusterReadWriteTimeout

Timeout when reading or writing to/from Terracotta cluster.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

defaultServerResource

java.lang.String defaultServerResource

Name of default server resource on Terracotta cluster.

enabled

boolean enabled

Enabled allows this registry to be disabled on startup (so registry choice can be made at runtime).

enableManagement

boolean enableManagement

Sets whether JMX management beans are enabled for all caches.

enableStatistics

boolean enableStatistics

Sets whether statistics are enabled for all caches.

eternal

boolean eternal

Sets whether elements are eternal. If eternal, timeouts are ignored and the element is never expired. False by default. Functionality brought over from Ehcache 2, document use case.

maxElementsInMemory

int maxElementsInMemory

Builder that sets the maximum objects to be held in memory (0 = no limit).

perCacheSizeOnDisk

java.lang.String perCacheSizeOnDisk

Per cache size of disk cache.

persistOnDisk

boolean persistOnDisk

Persist data on disk when jvm is shut down if not using terracotta cluster.

resourcePoolName

java.lang.String resourcePoolName

Name of resource pool to use on Terracotta cluster.

resourcePoolSize

java.lang.String resourcePoolSize

Size of resource pool on terracotta cluster.

rootDirectory

java.lang.String rootDirectory

Root directory to store data if not using terracotta cluster.

terracottaClusterUri

java.lang.String terracottaClusterUri

URI in format something like "terracotta://host1.company.org:9410,host2.company.org:9410/cas-application". Default port for terracotta (9410) is used if not specified in URI.

Class org.apereo.cas.configuration.model.support.ehcache.EhcacheProperties extends java.lang.Object implements Serializable

serialVersionUID:

7772510035918976450L

Serialized Fields

cacheManagerName

java.lang.String cacheManagerName

Deprecated.

Since 6.2

The name of the cache manager instance.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Deprecated.

Since 6.2

Crypto settings for the registry.

diskExpiryThreadIntervalSeconds

int diskExpiryThreadIntervalSeconds

Deprecated.

Since 6.2

The interval in seconds between runs of the disk expiry thread.

enabled

boolean enabled

Deprecated.

Since 6.2

Enabled allows this registry to be disabled on startup (so registry choice can be made at runtime).

eternal

boolean eternal

Deprecated.

Since 6.2

Sets whether elements are eternal. If eternal, timeouts are ignored and the element is never expired. False by default.

loaderAsync

boolean loaderAsync

Deprecated.

Since 6.2

Whether to load the cache bootstrapper asynchronously.

maxChunkSize

int maxChunkSize

Deprecated.

Since 6.2

The maximum serialized size of the elements to request from a remote cache peer during bootstrap.

maxElementsInCache

int maxElementsInCache

Deprecated.

Since 6.2

Builder which sets the maximum number entries in cache.

maxElementsInMemory

int maxElementsInMemory

Deprecated.

Since 6.2

Builder that sets the maximum objects to be held in memory (0 = no limit).

maxElementsOnDisk

int maxElementsOnDisk

Deprecated.

Since 6.2

Builder which sets the maximum number elements on Disk. 0 means unlimited.

maximumBatchSize

int maximumBatchSize

Deprecated.

Since 6.2

Maximum batch size for replication ops.

memoryStoreEvictionPolicy

java.lang.String memoryStoreEvictionPolicy

Deprecated.

Since 6.2

Builder which Sets the eviction policy. An invalid argument will set it to null.

• LRU - least recently used
• LFU - least frequently used
• FIFO - first in first out, the oldest element by creation time

persistence

java.lang.String persistence

Deprecated.

Since 6.2

Sets the persistence strategy. Acceptable values are:

• LOCALTEMPSWAP: Standard open source (non fault-tolerant) on-disk persistence.
• DISTRIBUTED: Terracotta clustered persistence (requires a Terracotta clustered cache)
• LOCALRESTARTABLE: Enterprise fault tolerant persistence
• NONE: No persistence

replicatePuts

boolean replicatePuts

Deprecated.

Since 6.2

Whether to replicate puts.

replicatePutsViaCopy

boolean replicatePutsViaCopy

Deprecated.

Since 6.2

Whether a put should replicated by copy or by invalidation, (a remove). By copy is best when the entry is expensive to produce. By invalidation is best when we are really trying to force other caches to sync back to a canonical source like a database. An example of a latter usage would be a read/write cache being used in Hibernate. This setting only has effect if #replicateUpdates is true.

replicateRemovals

boolean replicateRemovals

Deprecated.

Since 6.2

Whether to replicate removes.

replicateUpdates

boolean replicateUpdates

Deprecated.

Since 6.2

Whether to replicate updates.

replicateUpdatesViaCopy

boolean replicateUpdatesViaCopy

Deprecated.

Since 6.2

Whether an update (a put) should be by copy or by invalidation, (a remove). By copy is best when the entry is expensive to produce. By invalidation is best when we are really trying to force other caches to sync back to a canonical source like a database. An example of a latter usage would be a read/write cache being used in Hibernate. This setting only has effect if #replicateUpdates is true.

replicationInterval

java.lang.String replicationInterval

Deprecated.

Since 6.2

The replication interval in milliseconds for the cache replicator.

shared

boolean shared

Deprecated.

Since 6.2

Set whether the EhCache CacheManager should be shared (as a singleton at the ClassLoader level) or independent (typically local within the application). Default is "false", creating an independent local instance. NOTE: This feature allows for sharing this EhCacheManagerFactoryBean's CacheManager with any code calling CacheManager.create() in the same ClassLoader space, with no need to agree on a specific CacheManager name. However, it only supports a single EhCacheManagerFactoryBean involved which will control the lifecycle of the underlying CacheManager (in particular, its shutdown).

synchronousWrites

boolean synchronousWrites

Deprecated.

Since 6.2

Sets the persistence write mode.

systemProps

java.util.Map<java.lang.String,java.lang.String> systemProps

Deprecated.

Since 6.2

Allows system properties to be set prior to ehcache.xml parsing. EhCache will interpolate system properties in the ehcache xml config file e.g. ${ehCacheMulticastAddress}.

Package org.apereo.cas.configuration.model.support.email

Class org.apereo.cas.configuration.model.support.email.EmailProperties extends java.lang.Object implements Serializable

serialVersionUID:

7367120636536230761L

Serialized Fields

attributeName

java.lang.String attributeName

Principal attribute name that indicates the destination email address for this message. The attribute must already be resolved and available to the CAS principal.

bcc

java.lang.String bcc

Email BCC address, if any.

cc

java.lang.String cc

Email CC address, if any.

from

java.lang.String from

Email from address.

html

boolean html

Indicate whether the message body should be evaluated as HTML text.

replyTo

java.lang.String replyTo

Email Reply-To address, if any.

subject

java.lang.String subject

Email subject line.

text

java.lang.String text

Email message body. Could be plain text or a reference to an external file that would serve as a template. If specified as a path to an external file with an extension .gtemplate, then the email message body would be processed using the Groovy template engine. The template engine uses JSP style <% %> script and <%= %> expression syntax or GString style expressions. The variable out is bound to the writer that the template is being written to.

validateAddresses

boolean validateAddresses

Set whether to validate all addresses which get passed to this helper.

Package org.apereo.cas.configuration.model.support.firebase

Class org.apereo.cas.configuration.model.support.firebase.GoogleFirebaseCloudMessagingProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5679682641899738092L

Serialized Fields

databaseUrl

java.lang.String databaseUrl

Firebase database url.

registrationTokenAttributeName

java.lang.String registrationTokenAttributeName

The principal attribute name that contains the registration token for the user. Registration tokens that are provided by clients during the handshake process should be stored on the server, and made available to CAS as a principal attribute.

scopes

java.util.List<java.lang.String> scopes

Required scopes to properly communicate with the firebase cloud.

serviceAccountKey

SpringResourceProperties serviceAccountKey

Path to the service account key json file. This can optional if you set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the file path of the JSON file that contains your service account key. If this is undefined, the property value will be used instead.

Package org.apereo.cas.configuration.model.support.fortress

Class org.apereo.cas.configuration.model.support.fortress.FortressAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

9068259944327425315L

Serialized Fields

rbaccontext

java.lang.String rbaccontext

Use this setting to set the tenant id onto function call into Fortress which allows segregation of data by customer. The context is used for multi-tenancy to isolate data sets within a particular sub-tree within DIT. Setting contextId into this object will render this class' implementer thread unsafe.

Package org.apereo.cas.configuration.model.support.generic

Class org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

2448007503183227617L

Serialized Fields

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate.
• 3) Path to an external Groovy script that implements the same interface.

enabled

boolean enabled

Indicates whether the authentication strategy is enabled. The strategy may also be disabled explicitly if the AcceptAuthenticationProperties.users is left blank.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for the authentication handler.

passwordPolicy

PasswordPolicyProperties passwordPolicy

Password policy settings.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

users

java.lang.String users

Accepted users for authentication, in the syntax of uid::password.

Class org.apereo.cas.configuration.model.support.generic.FileAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4031366217090049241L

Serialized Fields

name

java.lang.String name

Authentication handler name used to verify credentials in the file.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

separator

java.lang.String separator

Separator character that distinguishes between usernames and passwords in the file.

Class org.apereo.cas.configuration.model.support.generic.GroovyAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

2179027841236526083L

Serialized Fields

name

java.lang.String name

Authentication handler name used to verify credentials in the file.

order

java.lang.Integer order

Order of the authentication handler in the chain.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Class org.apereo.cas.configuration.model.support.generic.JsonResourceAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

1079027841236526083L

Serialized Fields

name

java.lang.String name

Authentication handler name used to verify credentials in the file.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

passwordPolicy

PasswordPolicyProperties passwordPolicy

Password policy settings.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Class org.apereo.cas.configuration.model.support.generic.RejectAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3228601837221178711L

Serialized Fields

name

java.lang.String name

Name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

users

java.lang.String users

Comma-separated list of users to reject for authentication.

Class org.apereo.cas.configuration.model.support.generic.RemoteAddressAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

573409035023089696L

Serialized Fields

ipAddressRange

java.lang.String ipAddressRange

The authorized network address to allow for authentication.

name

java.lang.String name

The name of the authentication handler.

order

java.lang.Integer order

Order of the authentication handler in the chain.

Class org.apereo.cas.configuration.model.support.generic.ShiroAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8997401036330472417L

Serialized Fields

name

java.lang.String name

Name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

requiredPermissions

java.util.Set<java.lang.String> requiredPermissions

Required permissions that should be authorized by Shiro.

requiredRoles

java.util.Set<java.lang.String> requiredRoles

Required roles that should be authorized by Shiro.

Package org.apereo.cas.configuration.model.support.geo

Class org.apereo.cas.configuration.model.support.geo.BaseGeoLocationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4548572400079087989L

Package org.apereo.cas.configuration.model.support.geo.googlemaps

Class org.apereo.cas.configuration.model.support.geo.googlemaps.GoogleMapsProperties extends BaseGeoLocationProperties implements Serializable

serialVersionUID:

4661113818711911462L

Serialized Fields

apiKey

java.lang.String apiKey

Authenticate into google maps via an API key.

clientId

java.lang.String clientId

Authenticate into google maps via a client id.

clientSecret

java.lang.String clientSecret

Authenticate into google maps via a client secret.

connectTimeout

java.lang.String connectTimeout

The connection timeout when reaching out to google maps.

googleAppsEngine

boolean googleAppsEngine

When true, a strategy for handling URL requests using Google App Engine's URL Fetch API.

Package org.apereo.cas.configuration.model.support.geo.maxmind

Class org.apereo.cas.configuration.model.support.geo.maxmind.MaxmindProperties extends BaseGeoLocationProperties implements Serializable

serialVersionUID:

7883029275219817797L

Package org.apereo.cas.configuration.model.support.git.services

Class org.apereo.cas.configuration.model.support.git.services.BaseGitProperties extends java.lang.Object implements Serializable

serialVersionUID:

4194689836396653458L

Serialized Fields

activeBranch

java.lang.String activeBranch

The branch to checkout and activate, defaults to master.

branchesToClone

java.lang.String branchesToClone

If the repository is to be cloned, this will allow a select list of branches to be fetched. List the branch names separated by commas or use * to clone all branches. Defaults to all branches.

clearExistingIdentities

boolean clearExistingIdentities

When establishing an ssh session, determine if default identities loaded on the machine should be excluded/removed and identity should only be limited to those loaded from given keys.

cloneDirectory

SpringResourceProperties cloneDirectory

Directory into which the repository would be cloned.

httpClientType

BaseGitProperties.HttpClientTypes httpClientType

Implementation of HTTP client to use when doing git operations via http/https. The jgit library sets the connection factory statically (globally) so this property should be set to the same value for all git repositories (services, saml, etc). Not doing so might result in one connection factory being used for clone and another for subsequent fetches.

password

java.lang.String password

Password used to access or push to the repository.

privateKey

SpringResourceProperties privateKey

Path to the SSH private key identity. Must be a resource that can resolve to an absolute file on disk due to Jsch library needing String path. Classpath resource would work if file on disk rather than inside archive.

privateKeyPassphrase

java.lang.String privateKeyPassphrase

Password for the SSH private key.

pushChanges

boolean pushChanges

Decide whether changes should be pushed back into the remote repository.

repositoryUrl

java.lang.String repositoryUrl

The address of the git repository. Could be a URL or a file-system path.

signCommits

boolean signCommits

Whether or not commits should be signed.

sshSessionPassword

java.lang.String sshSessionPassword

As with using SSH with public keys, an SSH session with ssh://[email protected]/repo.git must be specified to use password-secured SSH connections.

strictHostKeyChecking

boolean strictHostKeyChecking

Whether on not to turn on strict host key checking. true will be "yes", false will be "no", "ask" not supported.

timeout

java.lang.String timeout

Timeout for git operations such as push and pull in seconds.

username

java.lang.String username

Username used to access or push to the repository.

Class org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties extends BaseGitProperties implements Serializable

serialVersionUID:

4194689836396653458L

Serialized Fields

groupByType

boolean groupByType

Determine whether service definitions in the git repository should be located/stored in groups and separate folder structures based on the service type.

See Also:

#getRootDirectory()

rootDirectory

java.lang.String rootDirectory

Root directory in the git repository structure to track service definition files. This might be most useful if the git repository is tasked with other types of files and configurations and allowing a separate root directory for service definitions provide a clean separation between services files and everything else. This setting may work in concert with #isGroupByType(). If left blank, the root folder of the git repository itself is used as the root directory for service definitions.

Package org.apereo.cas.configuration.model.support.gua

Class org.apereo.cas.configuration.model.support.gua.GraphicalUserAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7527953699378415460L

Serialized Fields

ldap

LdapGraphicalUserAuthenticationProperties ldap

Locate GUA settings and images from LDAP.

simple

java.util.Map<java.lang.String,java.lang.String> simple

Locate GUA settings and images from a static image per user. This is treated as a Map where the key is the user id and the value should be the graphical resource.

Class org.apereo.cas.configuration.model.support.gua.LdapGraphicalUserAuthenticationProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

4666838063728336692L

Serialized Fields

imageAttribute

java.lang.String imageAttribute

Entry attribute that holds the user image.

Package org.apereo.cas.configuration.model.support.hazelcast

Class org.apereo.cas.configuration.model.support.hazelcast.BaseHazelcastProperties extends java.lang.Object implements Serializable

serialVersionUID:

4204884717547468480L

Serialized Fields

cluster

HazelcastClusterProperties cluster

Hazelcast cluster settings if CAS is able to auto-create caches.

core

HazelcastCoreProperties core

Core configuration settings for hazelcast.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastClusterMulticastProperties extends java.lang.Object implements Serializable

serialVersionUID:

1827784607045775145L

Serialized Fields

enabled

boolean enabled

Enables a multicast configuration using a group address and port. Contains the configuration for the multicast discovery mechanism. With the multicast discovery mechanism Hazelcast allows Hazelcast members to find each other using multicast. So Hazelcast members do not need to know concrete addresses of members, they just multicast to everyone listening. It depends on your environment if multicast is possible or allowed; otherwise you need to have a look at the tcp/ip cluster

group

java.lang.String group

The multicast group address used for discovery. With the multicast auto-discovery mechanism, Hazelcast allows cluster members to find each other using multicast communication. The cluster members do not need to know the concrete addresses of the other members, as they just multicast to all the other members for listening. Whether multicast is possible or allowed depends on your environment.

port

int port

The multicast port used for discovery.

timeout

int timeout

specifies the time in seconds that a member should wait for a valid multicast response from another member running in the network before declaring itself the leader member (the first member joined to the cluster) and creating its own cluster. This only applies to the startup of members where no leader has been assigned yet. If you specify a high value, such as 60 seconds, it means that until a leader is selected, each member will wait 60 seconds before moving on. Be careful when providing a high value. Also, be careful not to set the value too low, or the members might give up too early and create their own cluster.

timeToLive

int timeToLive

Gets the time to live for the multicast package in seconds. This is the default time-to-live for multicast packets sent out on the socket

trustedInterfaces

java.lang.String trustedInterfaces

Multicast trusted interfaces for discovery. With the multicast auto-discovery mechanism, Hazelcast allows cluster members to find each other using multicast communication. The cluster members do not need to know the concrete addresses of the other members, as they just multicast to all the other members for listening. Whether multicast is possible or allowed depends on your environment.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastClusterProperties extends java.lang.Object implements Serializable

serialVersionUID:

1817784607045775145L

Serialized Fields

core

HazelcastCoreClusterProperties core

Hazelcast core cluster settings.

discovery

HazelcastDiscoveryProperties discovery

Describe discovery strategies for Hazelcast.

network

HazelcastNetworkClusterProperties network

Hazelcast network cluster settings.

wanReplication

HazelcastWANReplicationProperties wanReplication

WAN replication settings.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastCoreClusterProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8374968308106013185L

Serialized Fields

asyncBackupCount

int asyncBackupCount

Hazelcast supports both synchronous and asynchronous backups. By default, backup operations are synchronous. In this case, backup operations block operations until backups are successfully copied to backup members (or deleted from backup members in case of remove) and acknowledgements are received. Therefore, backups are updated before a put operation is completed, provided that the cluster is stable. Asynchronous backups, on the other hand, do not block operations. They are fire and forget and do not require acknowledgements; the backup operations are performed at some point in time.

asyncFillup

boolean asyncFillup

Used when replication is turned on with #isReplicated().

If a new member joins the cluster, there are two ways you can handle the initial provisioning that is executed to replicate all existing values to the new member. Each involves how you configure the async fill up.

• First, you can configure async fill up to true, which does not block reads while the fill up operation is underway. That way, you have immediate access on the new member, but it will take time until all the values are eventually accessible. Not yet replicated values are returned as non-existing (null).
• Second, you can configure for a synchronous initial fill up (by configuring the async fill up to false), which blocks every read or write access to the map until the fill up operation is finished. Use this with caution since it might block your application from operating.

backupCount

int backupCount

To provide data safety, Hazelcast allows you to specify the number of backup copies you want to have. That way, data on a cluster member will be copied onto other member(s). To create synchronous backups, select the number of backup copies. When this count is 1, a map entry will have its backup on one other member in the cluster. If you set it to 2, then a map entry will have its backup on two other members. You can set it to 0 if you do not want your entries to be backed up, e.g., if performance is more important than backing up. The maximum value for the backup count is 6. Sync backup operations have a blocking cost which may lead to latency issues.

cpMemberCount

int cpMemberCount

CP Subsystem is a component of a Hazelcast cluster that builds a strongly consistent layer for a set of distributed data structures. Its data structures are CP with respect to the CAP principle, i.e., they always maintain linearizability and prefer consistency over availability during network partitions. Besides network partitions, CP Subsystem withstands server and client failures. All members of a Hazelcast cluster do not necessarily take part in CP Subsystem. The number of Hazelcast members that take part in CP Subsystem is specified here. CP Subsystem must have at least 3 CP members.

evictionPolicy

java.lang.String evictionPolicy

Hazelcast supports policy-based eviction for distributed maps. Currently supported policies are LRU (Least Recently Used) and LFU (Least Frequently Used) and NONE. See this for more info.

instanceName

java.lang.String instanceName

The instance name.

loggingType

java.lang.String loggingType

Hazelcast has a flexible logging configuration and doesn't depend on any logging framework except JDK logging. It has in-built adaptors for a number of logging frameworks and also supports custom loggers by providing logging interfaces. To use built-in adaptors you should set this setting to one of predefined types below.

• jdk: JDK logging
• log4j: Log4j
• slf4j: Slf4j
• none: Disable logging

mapMergePolicy

java.lang.String mapMergePolicy

Define how data items in Hazelcast maps are merged together from source to destination. By default, merges map entries from source to destination if they don't exist in the destination map. Accepted values are:

• PUT_IF_ABSENT: Merges data structure entries from source to destination if they don't exist in the destination data structure.
• HIGHER_HITS: * Merges data structure entries from source to destination data structure if the source entry has more hits than the destination one.
• DISCARD: Merges only entries from the destination data structure and discards all entries from the source data structure.
• PASS_THROUGH: Merges data structure entries from source to destination directly unless the merging entry is null
• EXPIRATION_TIME: Merges data structure entries from source to destination data structure if the source entry will expire later than the destination entry. This policy can only be used if the clocks of the nodes are in sync.
• LATEST_UPDATE: Merges data structure entries from source to destination data structure if the source entry was updated more frequently than the destination entry. This policy can only be used if the clocks of the nodes are in sync.
• LATEST_ACCESS: Merges data structure entries from source to destination data structure if the source entry has been accessed more recently than the destination entry. This policy can only be used if the clocks of the nodes are in sync.

maxNoHeartbeatSeconds

int maxNoHeartbeatSeconds

Max timeout of heartbeat in seconds for a node to assume it is dead.

maxSize

int maxSize

Sets the maximum size of the map.

maxSizePolicy

java.lang.String maxSizePolicy

• FREE_HEAP_PERCENTAGE: Policy based on minimum free JVM heap memory percentage per JVM.
• FREE_HEAP_SIZE: Policy based on minimum free JVM heap memory in megabytes per JVM.
• FREE_NATIVE_MEMORY_PERCENTAGE: Policy based on minimum free native memory percentage per Hazelcast instance.
• FREE_NATIVE_MEMORY_SIZE: Policy based on minimum free native memory in megabytes per Hazelcast instance.
• PER_NODE: Policy based on maximum number of entries stored per data structure (map, cache etc) on each Hazelcast instance.
• PER_PARTITION: Policy based on maximum number of entries stored per data structure (map, cache etc) on each partition.
• USED_HEAP_PERCENTAGE: Policy based on maximum used JVM heap memory percentage per data structure (map, cache etc) on each Hazelcast instance .
• USED_HEAP_SIZE: Policy based on maximum used JVM heap memory in megabytes per data structure (map, cache etc) on each Hazelcast instance.
• USED_NATIVE_MEMORY_PERCENTAGE: Policy based on maximum used native memory percentage per data structure (map, cache etc) on each Hazelcast instance.
• USED_NATIVE_MEMORY_SIZE: Policy based on maximum used native memory in megabytes per data structure (map, cache etc) on each Hazelcast instance .

partitionMemberGroupType

java.lang.String partitionMemberGroupType

With PartitionGroupConfig, you can control how primary and backup partitions are mapped to physical Members. Hazelcast will always place partitions on different partition groups so as to provide redundancy. Accepted value are: PER_MEMBER, HOST_AWARE, CUSTOM, ZONE_AWARE, SPI. In all cases a partition will never be created on the same group. If there are more partitions defined than there are partition groups, then only those partitions, up to the number of partition groups, will be created. For example, if you define 2 backups, then with the primary, that makes 3. If you have only two partition groups only two will be created.

• PER_MEMBER Partition Groups}: This is the default partition scheme and is used if no other scheme is defined. Each Member is in a group of its own.
• HOST_AWARE Partition Groups}: In this scheme, a group corresponds to a host, based on its IP address. Partitions will not be written to any other members on the same host. This scheme provides good redundancy when multiple instances are being run on the same host.
• CUSTOM Partition Groups}: In this scheme, IP addresses, or IP address ranges, are allocated to groups. Partitions are not written to the same group. This is very useful for ensuring partitions are written to different racks or even availability zones.
• ZONE_AWARE Partition Groups}: In this scheme, groups are allocated according to the metadata provided by Discovery SPI Partitions are not written to the same group. This is very useful for ensuring partitions are written to availability zones or different racks without providing the IP addresses to the config ahead.
• SPI Partition Groups}: In this scheme, groups are allocated according to the implementation provided by Discovery SPI.

replicated

boolean replicated

A Replicated Map is a distributed key-value data structure where the data is replicated to all members in the cluster. It provides full replication of entries to all members for high speed access. A Replicated Map does not partition data (it does not spread data to different cluster members); instead, it replicates the data to all members. Replication leads to higher memory consumption. However, a Replicated Map has faster read and write access since the data is available on all members. Writes could take place on local/remote members in order to provide write-order, eventually being replicated to all other members.

If you have a large cluster or very high occurrences of updates, the Replicated Map may not scale linearly as expected since it has to replicate update operations to all members in the cluster. Since the replication of updates is performed in an asynchronous manner, Hazelcast recommends you enable back pressure in case your system has high occurrences of updates. Note that Replicated Map does not guarantee eventual consistency because there are some edge cases that fail to provide consistency.

Replicated Map uses the internal partition system of Hazelcast in order to serialize updates happening on the same key at the same time. This happens by sending updates of the same key to the same Hazelcast member in the cluster.

Due to the asynchronous nature of replication, a Hazelcast member could die before successfully replicating a "write" operation to other members after sending the "write completed" response to its caller during the write process. In this scenario, Hazelcast’s internal partition system promotes one of the replicas of the partition as the primary one. The new primary partition does not have the latest "write" since the dead member could not successfully replicate the update.

timeout

int timeout

Connection timeout in seconds for the TCP/IP config and members joining the cluster.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

5935324429402972680L

Serialized Fields

enableCompression

boolean enableCompression

Enables compression when default java serialization is used.

enableManagementCenterScripting

boolean enableManagementCenterScripting

Enables scripting from Management Center.

licenseKey

java.lang.String licenseKey

Hazelcast enterprise license key.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastNetworkClusterProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8474968308106013185L

Serialized Fields

ipv4Enabled

boolean ipv4Enabled

IPv6 support has been switched off by default, since some platforms have issues in use of IPv6 stack. And some other platforms such as Amazon AWS have no support at all. To enable IPv6 support set this setting to false.

localAddress

java.lang.String localAddress

If this property is set, then this is the address where the server socket is bound to.

members

java.util.List<java.lang.String> members

Sets the well known members. If members is empty, calling this method will have the same effect as calling clear(). A member can be a comma separated string, e..g '10.11.12.1,10.11.12.2' which indicates multiple members are going to be added.

networkInterfaces

java.lang.String networkInterfaces

You can specify which network interfaces that Hazelcast should use. Servers mostly have more than one network interface, so you may want to list the valid IPs. Range characters ('*' and '-') can be used for simplicity. For instance, 10.3.10.* refers to IPs between 10.3.10.0 and 10.3.10.255. Interface 10.3.10.4-18 refers to IPs between 10.3.10.4 and 10.3.10.18 (4 and 18 included). If network interface configuration is enabled (it is disabled by default) and if Hazelcast cannot find an matching interface, then it will print a message on the console and will not start on that node. Interfaces can be separated by a comma.

outboundPorts

java.util.List<java.lang.String> outboundPorts

The outbound ports for the Hazelcast configuration.

port

int port

You can specify the ports which Hazelcast will use to communicate between cluster members. The name of the parameter for this is port and its default value is 5701. By default, Hazelcast will try 100 ports to bind. Meaning that, if you set the value of port as 5701, as members are joining to the cluster, Hazelcast tries to find ports between 5701 and 5801.

portAutoIncrement

boolean portAutoIncrement

You may also want to choose to use only one port. In that case, you can disable the auto-increment feature of port.

publicAddress

java.lang.String publicAddress

The default public address to be advertised to other cluster members and clients.

tcpipEnabled

boolean tcpipEnabled

Enable TCP/IP config. Contains the configuration for the Tcp/Ip join mechanism. The Tcp/Ip join mechanism relies on one or more well known members. So when a new member wants to join a cluster, it will try to connect to one of the well known members. If it is able to connect, it will now about all members in the cluster and doesn't rely on these well known members anymore.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastTicketRegistryProperties extends BaseHazelcastProperties implements Serializable

serialVersionUID:

-1095208036374406772L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

pageSize

long pageSize

Page size is used by a special Predicate which helps to get a page-by-page result of a query.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastWANReplicationProperties extends java.lang.Object implements Serializable

serialVersionUID:

1726420607045775145L

Serialized Fields

enabled

boolean enabled

Whether WAN should be enabled.

replicationName

java.lang.String replicationName

Name of this replication group.

targets

java.util.List<HazelcastWANReplicationTargetClusterProperties> targets

List of target clusters to be used for synchronization and replication.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastWANReplicationTargetClusterProperties extends java.lang.Object implements Serializable

serialVersionUID:

1635330607045885145L

Serialized Fields

acknowledgeType

java.lang.String acknowledgeType

Accepted values are:

• ACK_ON_RECEIPT: ACK after WAN operation is received by the target cluster (without waiting the result of actual operation invocation).
• ACK_ON_OPERATION_COMPLETE: Wait till the operation is complete on target cluster.

batchMaximumDelayMilliseconds

int batchMaximumDelayMilliseconds

Maximum amount of time, in milliseconds, to be waited before sending a batch of events in case batch.size is not reached.

batchSize

int batchSize

Maximum size of events that are sent to the target cluster in a single batch.

clusterName

java.lang.String clusterName

Sets the cluster name used as an endpoint group password for authentication on the target endpoint. If there is no separate publisher ID property defined, this cluster name will also be used as a WAN publisher ID. This ID is then used for identifying the publisher.

consistencyCheckStrategy

java.lang.String consistencyCheckStrategy

Strategy for checking the consistency of data between replicas.

endpoints

java.lang.String endpoints

Comma separated list of endpoints in this replication group. IP addresses and ports of the cluster members for which the WAN replication is implemented. These endpoints are not necessarily the entire target cluster and WAN does not perform the discovery of other members in the target cluster. It only expects that these IP addresses (or at least some of them) are available.

executorThreadCount

int executorThreadCount

The number of threads that the replication executor will have. The executor is used to send WAN events to the endpoints and ideally you want to have one thread per endpoint. If this property is omitted and you have specified the endpoints property, this will be the case. If necessary you can manually define the number of threads that the executor will use. Once the executor has been initialized there is thread affinity between the discovered endpoints and the executor threads - all events for a single endpoint will go through a single executor thread, preserving event order. It is important to determine which number of executor threads is a good value. Failure to do so can lead to performance issues - either contention on a too small number of threads or wasted threads that will not be performing any work.

properties

java.util.Map<java.lang.String,java.lang.Comparable> properties

The WAN publisher properties.

publisherClassName

java.lang.String publisherClassName

Publisher class name for WAN replication.

publisherId

java.lang.String publisherId

Returns the publisher ID used for identifying the publisher.

queueCapacity

int queueCapacity

For huge clusters or high data mutation rates, you might need to increase the replication queue size. The default queue size for replication queues is 10,000. This means, if you have heavy put/update/remove rates, you might exceed the queue size so that the oldest, not yet replicated, updates might get lost.

queueFullBehavior

java.lang.String queueFullBehavior

Accepted values are:

• THROW_EXCEPTION: Instruct WAN replication implementation to throw an exception and doesn't allow further processing.
• DISCARD_AFTER_MUTATION: Instruct WAN replication implementation to drop new events when WAN event queues are full.
• THROW_EXCEPTION_ONLY_IF_REPLICATION_ACTIVE: Similar to THROW_EXCEPTION but only throws exception when WAN replication is active. * Discards the new events if WAN replication is stopped.

responseTimeoutMilliseconds

int responseTimeoutMilliseconds

Time, in milliseconds, to be waited for the acknowledgment of a sent WAN event to target cluster.

snapshotEnabled

boolean snapshotEnabled

When set to true, only the latest events (based on key) are selected and sent in a batch.

Package org.apereo.cas.configuration.model.support.hazelcast.discovery

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastAwsDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8281247687171101766L

Serialized Fields

accessKey

java.lang.String accessKey

AWS access key.

connectionTimeoutSeconds

int connectionTimeoutSeconds

The maximum amount of time Hazelcast will try to connect to a well known member before giving up. Setting this value too low could mean that a member is not able to connect to a cluster. Setting the value too high means that member startup could slow down because of longer timeouts (for example, when a well known member is not up). Increasing this value is recommended if you have many IPs listed and the members cannot properly build up the cluster. Its default value is 5.

hostHeader

java.lang.String hostHeader

Host header. i.e. ec2.amazonaws.com. The URL that is the entry point for a web service.

iamRole

java.lang.String iamRole

If you do not want to use access key and secret key, you can specify iam-role. Hazelcast fetches your credentials by using your IAM role. This setting only affects deployments on Amazon EC2. If you are deploying CAS in an Amazon ECS environment, the role should not be specified. The role is fetched from the task definition that is assigned to run CAS.

port

int port

Hazelcast port. Typically may be set to 5701. You can set searching for other ports rather than 5701 if you've members on different ports.

region

java.lang.String region

AWS region. i.e. us-east-1. The region where your members are running.

secretKey

java.lang.String secretKey

AWS secret key.

securityGroupName

java.lang.String securityGroupName

If a security group is configured, only instances within that security group are selected.

tagKey

java.lang.String tagKey

If a tag key/value is set, only instances with that tag key/value will be selected.

tagValue

java.lang.String tagValue

If a tag key/value is set, only instances with that tag key/value will be selected.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastAzureDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

3861923784551442190L

Serialized Fields

clientId

java.lang.String clientId

The Azure Active Directory Service Principal client ID.

clientSecret

java.lang.String clientSecret

The Azure Active Directory Service Principal client secret.

clusterId

java.lang.String clusterId

The name of the tag on the hazelcast vm resources. With every Hazelcast Virtual Machine you deploy in your resource group, you need to ensure that each VM is tagged with the value of cluster-id defined in your Hazelcast configuration. The only requirement is that every VM can access each other either by private or public IP address.

groupName

java.lang.String groupName

The Azure resource group name of the cluster. You can find this in the Azure portal or CLI.

subscriptionId

java.lang.String subscriptionId

The Azure subscription ID.

tenantId

java.lang.String tenantId

The Azure Active Directory tenant ID.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8281223487171101795L

Serialized Fields

aws

HazelcastAwsDiscoveryProperties aws

Describe discovery strategy based on AWS. The AWS config contains the configuration for AWS join mechanism. What happens behind the scenes is that data about the running AWS instances in a specific region are downloaded using the accesskey/secretkey and are potential Hazelcast members. There are 2 mechanisms for filtering out AWS instances and these mechanisms can be combined (AND).

1. If a security group is configured, only instances within that security group are selected.
2. If a tag key/value is set, only instances with that tag key/value will be selected.

Once Hazelcast has figured out which instances are available, it will use the private IP addresses of these instances to create a TCP/IP-cluster.

azure

HazelcastAzureDiscoveryProperties azure

Describe discovery strategy based on Azure.

dockerSwarm

HazelcastDockerSwarmDiscoveryProperties dockerSwarm

Describe discovery strategy based on docker swarm.

enabled

boolean enabled

Whether discovery should be enabled via the configured strategies below.

jclouds

HazelcastJCloudsDiscoveryProperties jclouds

Describe discovery strategy based on JClouds.

kubernetes

HazelcastKubernetesDiscoveryProperties kubernetes

Describe discovery strategy based on Kubernetes.

multicast

HazelcastClusterMulticastProperties multicast

Multicast discovery settings.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastDockerSwarmDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1409066358752067150L

Serialized Fields

dnsProvider

HazelcastDockerSwarmDiscoveryProperties.DnsRProvider dnsProvider

Swarm DNSRR network binding.

memberProvider

HazelcastDockerSwarmDiscoveryProperties.MemberAddressProvider memberProvider

Local network binding.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastDockerSwarmDiscoveryProperties.DnsRProvider extends java.lang.Object implements Serializable

serialVersionUID:

-1863901001243353934L

Serialized Fields

enabled

boolean enabled

Enable provider.

peerServices

java.lang.String peerServices

Comma separated list of docker services and associated ports to be considered peers of this service. Note, this must include itself (the definition of serviceName and servicePort) if the service is to cluster with other instances of this service.

serviceName

java.lang.String serviceName

Name of the docker service that this instance is running in.

servicePort

int servicePort

Internal port that hazelcast is listening on.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastDockerSwarmDiscoveryProperties.MemberAddressProvider extends java.lang.Object implements Serializable

serialVersionUID:

-2963901001243353939L

Serialized Fields

dockerNetworkNames

java.lang.String dockerNetworkNames

Comma delimited list of Docker network names to discover matching services on.

dockerServiceLabels

java.lang.String dockerServiceLabels

Comma delimited list of relevant Docker service label=values to find tasks/containers on the networks.

dockerServiceNames

java.lang.String dockerServiceNames

Comma delimited list of relevant Docker service names to find tasks/containers on the networks.

enabled

boolean enabled

Enable provider.

hazelcastPeerPort

int hazelcastPeerPort

The raw port that hazelcast is listening on. IMPORTANT: This is NOT a docker "published" port, nor is it necessarily a EXPOSEd port. It is the hazelcast port that the service is configured with, this must be the same for all matched containers in order to work, and just using the default of 5701 is the simplest way to go.

skipVerifySsl

boolean skipVerifySsl

If Swarm Mgr URI is SSL, to enable skip-verify for it.

swarmMgrUri

java.lang.String swarmMgrUri

Swarm Manager URI (overrides DOCKER_HOST).

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastJCloudsDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8281247687171101766L

Serialized Fields

credential

java.lang.String credential

Cloud Provider credential, can be thought of as a password for cloud services.

credentialPath

java.lang.String credentialPath

Used for cloud providers which require an extra JSON or P12 key file. This denotes the path of that file. Only tested with Google Compute Engine. (Required if Google Compute Engine is used.)

endpoint

java.lang.String endpoint

Defines the endpoint for a generic API such as OpenStack or CloudStack (optional).

group

java.lang.String group

Filters instance groups (optional). When used with AWS it maps to security group.

identity

java.lang.String identity

Cloud Provider identity, can be thought of as a user name for cloud services.

port

int port

Port which the hazelcast instance service uses on the cluster member. Default value is 5701. (optional)

provider

java.lang.String provider

String value that is used to identify ComputeService provider. For example, "google-compute-engine" is used for Google Cloud services. See here for more info.

regions

java.lang.String regions

Defines region for a cloud service (optional). Can be used with comma separated values for multiple values.

roleName

java.lang.String roleName

Used for IAM role support specific to AWS (optional, but if defined, no identity or credential should be defined in the configuration).

tagKeys

java.lang.String tagKeys

Filters cloud instances with tags (optional). Can be used with comma separated values for multiple values.

tagValues

java.lang.String tagValues

Filters cloud instances with tags (optional) Can be used with comma separated values for multiple values.

zones

java.lang.String zones

Defines zone for a cloud service (optional). Can be used with comma separated values for multiple values.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastKubernetesDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

8590530159392472509L

Serialized Fields

apiRetries

int apiRetries

Defines the number of retries to Kubernetes API. Defaults to: 3.

apiToken

java.lang.String apiToken

Defines an oauth token for the kubernetes client to access the kubernetes REST API. Defaults to reading the token from the auto-injected file at: /var/run/secrets/kubernetes.io/serviceaccount/token.

caCertificate

java.lang.String caCertificate

CA Authority certificate from Kubernetes Master. Defaults to reading the certificate from the auto-injected file at: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt.

kubernetesMaster

java.lang.String kubernetesMaster

Defines an alternative address for the kubernetes master. Defaults to: https://kubernetes.default.svc

namespace

java.lang.String namespace

Defines the namespace of the application POD through the Service Discovery REST API of Kubernetes.

podLabelName

java.lang.String podLabelName

Defines the pod label to lookup through the Service Discovery REST API of Kubernetes.

podLabelValue

java.lang.String podLabelValue

Defines the pod label value to lookup through the Service Discovery REST API of Kubernetes.

resolveNotReadyAddresses

boolean resolveNotReadyAddresses

Defines if not ready addresses should be evaluated to be discovered on startup.

serviceDns

java.lang.String serviceDns

Defines the DNS service lookup domain. This is defined as something similar to my-svc.my-namespace.svc.cluster.local.

serviceDnsTimeout

int serviceDnsTimeout

Defines the DNS service lookup timeout in seconds. Defaults to 5 secs.

serviceLabelName

java.lang.String serviceLabelName

Defines the service label to lookup through the Service Discovery REST API of Kubernetes.

serviceLabelValue

java.lang.String serviceLabelValue

Defines the service label value to lookup through the Service Discovery REST API of Kubernetes.

serviceName

java.lang.String serviceName

Defines the service name of the POD to lookup through the Service Discovery REST API of Kubernetes.

servicePort

int servicePort

If specified with a value greater than 0, its value defines the endpoint port of the service (overriding the default).

useNodeNameAsExternalAddress

boolean useNodeNameAsExternalAddress

Defines if the node name should be used as external address, instead of looking up the external IP using the /nodes resource. Default is false.

Package org.apereo.cas.configuration.model.support.ignite

Class org.apereo.cas.configuration.model.support.ignite.IgniteProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5259465262649559156L

Serialized Fields

ackTimeout

java.lang.String ackTimeout

Sets timeout for receiving acknowledgement for sent message. If acknowledgement is not received within this timeout, sending is considered as failed and SPI tries to repeat message sending.

clientMode

boolean clientMode

Start in client mode. If true the local node is started as a client.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

defaultPersistenceEnabled

boolean defaultPersistenceEnabled

Ignite native persistence is a distributed ACID and SQL-compliant disk store that transparently integrates with Ignite's durable memory. Ignite persistence is optional and can be turned on and off. When turned off Ignite becomes a pure in-memory store. With the native persistence enabled, Ignite always stores a superset of data on disk, and as much as it can in RAM based on the capacity of the latter. For example, if there are 100 entries and RAM has the capacity to store only 20, then all 100 will be stored on disk and only 20 will be cached in RAM for better performance. Also, it is worth mentioning that as with a pure in-memory use case, when the persistence is turned on, every individual cluster node persists only a subset of the data, only including partitions for which the node is either primary or backup. Collectively, the whole cluster contains the full data set.

defaultRegionMaxSize

long defaultRegionMaxSize

By default, Ignite nodes consume up to 20% of the RAM available locally, and in most cases, ​this is the only parameter you might need to change. Using the below setting allows you to change the default region memory size.

forceServerMode

boolean forceServerMode

Sets force server mode flag. If true TcpDiscoverySpi is started in server mode regardless of IgniteConfiguration.isClientMode().

igniteAddress

java.util.List<java.lang.String> igniteAddress

Used by TcpDiscoveryVmIpFinder which is an IP Finder which works only with pre-configured list of IP addresses specified via this setting. By default, this IP finder is not shared, which means that all grid nodes have to be configured with the same list of IP addresses when this IP finder is used. Parses provided values and initializes the internal collection of addresses. Addresses may be represented as follows:

• IP address (e.g. 127.0.0.1, 9.9.9.9, etc);
• IP address and port (e.g. 127.0.0.1:47500, 9.9.9.9:47501, etc);
• IP address and port range (e.g. 127.0.0.1:47500..47510, 9.9.9.9:47501..47504, etc);
• Hostname (e.g. host1.com, host2, etc);
• Hostname and port (e.g. host1.com:47500, host2:47502, etc).
• Hostname and port range (e.g. host1.com:47500..47510, host2:47502..47508, etc).

If port is 0 or not provided then default port will be used (depends on discovery SPI configuration). If port range is provided (e.g. host:port1..port2) the following should be considered:

• port1 < port2 should be true;
• Both port1 and port2 should be greater than 0.

joinTimeout

java.lang.String joinTimeout

Sets join timeout. If non-shared IP finder is used and node fails to connect to any address from IP finder, node keeps trying to join within this timeout. If all addresses are still unresponsive, exception is thrown and node startup fails.

keyAlgorithm

java.lang.String keyAlgorithm

The key algorithm to use when creating SSL context.

keyStoreFilePath

java.lang.String keyStoreFilePath

Keystore file path used to create a SSL context for the ticket registry.

keyStorePassword

java.lang.String keyStorePassword

Keystore password used to create a SSL context for the ticket registry.

keyStoreType

java.lang.String keyStoreType

Keystore type used to create a SSL context for the ticket registry.

localAddress

java.lang.String localAddress

Sets local host IP address that discovery SPI uses. If not provided, by default a first found non-loopback address will be used. If there is no non-loopback address available, then InetAddress.getLocalHost() will be used.

localPort

int localPort

Sets local port to listen to.

networkTimeout

java.lang.String networkTimeout

Sets maximum network timeout to use for network operations.

protocol

java.lang.String protocol

SSL protocol used to create a SSL context for the ticket registry.

socketTimeout

java.lang.String socketTimeout

Sets socket operations timeout. This timeout is used to limit connection time and write-to-socket time. Note that when running Ignite on Amazon EC2, socket timeout must be set to a value significantly greater than the default (e.g. to 30000).

threadPriority

int threadPriority

Sets thread priority. All threads within SPI will be started with it.

ticketsCache

IgniteProperties.TicketsCache ticketsCache

Settings related to tickets cache.

trustStoreFilePath

java.lang.String trustStoreFilePath

Truststore file path used to create a SSL context for the ticket registry.

trustStorePassword

java.lang.String trustStorePassword

Truststore password used to create a SSL context for the ticket registry.

trustStoreType

java.lang.String trustStoreType

Truststore type used to create a SSL context for the ticket registry.

Class org.apereo.cas.configuration.model.support.ignite.IgniteProperties.TicketsCache extends java.lang.Object implements Serializable

serialVersionUID:

4715167757542984471L

Serialized Fields

atomicityMode

java.lang.String atomicityMode

Specifies the atomicity mode.

• ATOMIC: Specifies atomic-only cache behaviour. In this mode distributed transactions and distributed locking are not supported. Disabling transactions and locking allows to achieve much higher performance and throughput ratios. In addition to transactions and locking, one of the main differences in ATOMIC mode is that bulk writes, such as putAll(...), removeAll(...), and transformAll(...) methods, become simple batch operations which can partially fail. In case of partial failure CachePartialUpdateCheckedException will be thrown which will contain a list of keys for which the update failed. It is recommended that bulk writes are used whenever multiple keys need to be inserted or updated in cache, as they reduce number of network trips and provide better performance. Note that even without locking and transactions, ATOMIC mode still provides full consistency guarantees across all cache nodes. Also note that all data modifications in ATOMIC mode are guaranteed to be atomic and consistent with writes to the underlying persistent store, if one is configured.
• TRANSACTIONAL: Specifies fully ACID-compliant transactional cache behavior.

cacheMode

java.lang.String cacheMode

Specified the caching mode.

• LOCAL: Specifies local-only cache behaviour. In this mode caches residing on different grid nodes will not know about each other. Other than distribution, local caches still have all the caching features, such as eviction, expiration, swapping, querying, etc... This mode is very useful when caching read-only data or data that automatically expires at a certain interval and then automatically reloaded from persistence store.
• REPLICATED: Specifies fully replicated cache behavior. In this mode all the keys are distributed to all participating nodes. User still has affinity control over subset of nodes for any given key via AffinityFunction configuration.
• PARTITIONED: Specifies partitioned cache behaviour. In this mode the overall key set will be divided into partitions and all partitions will be split equally between participating nodes. User has affinity control over key assignment via AffinityFunction configuration. Note that partitioned cache is always fronted by local 'near' cache which stores most recent data. You can configure the size of near cache via NearCacheConfiguration.getNearEvictionPolicy() configuration property.

writeSynchronizationMode

java.lang.String writeSynchronizationMode

Mode indicating how Ignite should wait for write replies from other nodes. Default value is FULL_ASYNC}, which means that Ignite will not wait for responses from participating nodes. This means that by default remote nodes may get their state updated slightly after any of the cache write methods complete, or after Transaction.commit() method completes.

• FULL_ASYNC: Flag indicating that Ignite will not wait for write or commit responses from participating nodes, which means that remote nodes may get their state updated a bit after any of the cache write methods complete, or after Transaction.commit() method completes.
• FULL_SYNC: Flag indicating that Ignite should wait for write or commit replies from all nodes. This behavior guarantees that whenever any of the atomic or transactional writes complete, all other participating nodes which cache the written data have been updated.
• PRIMARY_SYNC: This flag only makes sense for CacheMode.PARTITIONED mode. When enabled, Ignite will wait for write or commit to complete on primary node, but will not wait for backups to be updated.

Package org.apereo.cas.configuration.model.support.infinispan

Class org.apereo.cas.configuration.model.support.infinispan.InfinispanProperties extends java.lang.Object implements Serializable

serialVersionUID:

1974626726565626634L

Serialized Fields

cacheName

java.lang.String cacheName

Cache name to create and hold tickets in.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.influxdb

Class org.apereo.cas.configuration.model.support.influxdb.InfluxDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1945287308473842616L

Serialized Fields

batchInterval

java.lang.String batchInterval

The interval used to run batch jobs to flush points.

consistencyLevel

java.lang.String consistencyLevel

Database consistency level. Acceptable values are ALL, ANY, ONE, QUORUM.

• ALL - Write succeeds only if write reached all cluster members.
• ANY - Write succeeds if write reached any cluster members.
• ONE - Write succeeds if write reached at least one cluster members.
• QUORUM - Write succeeds only if write reached a quorum of cluster members.

database

java.lang.String database

Database name.

dropDatabase

boolean dropDatabase

Whether the indicated database should be dropped and recreated.

password

java.lang.String password

InfluxDb connection password.

pointsToFlush

int pointsToFlush

The number of point to flush and write to the database as part of the batch.

retentionPolicy

java.lang.String retentionPolicy

Database retention policy to use.

url

java.lang.String url

InfluxDb connection url.

username

java.lang.String username

InfluxDb connection username.

Package org.apereo.cas.configuration.model.support.interrupt

Class org.apereo.cas.configuration.model.support.interrupt.GroovyInterruptProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126082L

Class org.apereo.cas.configuration.model.support.interrupt.InterruptCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

4263941933003310968L

Serialized Fields

triggerMode

InterruptCoreProperties.InterruptTriggerModes triggerMode

Define how interrupt notifications should be triggered in the authentication flow.

Class org.apereo.cas.configuration.model.support.interrupt.InterruptProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4945287309473842615L

Serialized Fields

core

InterruptCoreProperties core

Core settings for interrupt notifications.

groovy

GroovyInterruptProperties groovy

Inquire for interrupt using a Groovy resource.

json

JsonInterruptProperties json

Inquire for interrupt using a JSON resource.

regex

RegexInterruptProperties regex

Inquire for interrupt using a regex pattern operating on attributes.

rest

RestfulInterruptProperties rest

Inquire for interrupt using a REST resource.

Class org.apereo.cas.configuration.model.support.interrupt.JsonInterruptProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

1079027840047126083L

Class org.apereo.cas.configuration.model.support.interrupt.RegexInterruptProperties extends java.lang.Object implements Serializable

serialVersionUID:

2169027840047126083L

Serialized Fields

attributeName

java.lang.String attributeName

A regex pattern on the attribute name that if matches will successfully complete the first condition for the interrupt notifications trigger.

attributeValue

java.lang.String attributeValue

A regex pattern on the attribute value that if matches will successfully complete the first condition for the interrupt notifications trigger.

Class org.apereo.cas.configuration.model.support.interrupt.RestfulInterruptProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

1833594332973137011L

Package org.apereo.cas.configuration.model.support.jaas

Class org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4643338626978471986L

Serialized Fields

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate.
• 3) Path to an external Groovy script that implements the same interface.

kerberosKdcSystemProperty

java.lang.String kerberosKdcSystemProperty

Typically, the default realm and the KDC for that realm are indicated in the Kerberos krb5.conf configuration file. However, if you like, you can instead specify the realm value by setting this following system property value.

If you set the realm property, you SHOULD also configure the kerberos KDC system property.

Also note that if you set these properties, then no cross-realm authentication is possible unless a krb5.conf file is also provided from which the additional information required for cross-realm authentication may be obtained.

If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf (if such a file is found). The krb5.conf file is still consulted if values for items other than the default realm and KDC are needed. If no krb5.conf file is found, then the default values used for these items are implementation-specific.

See Also:

Oracle documentation

kerberosRealmSystemProperty

java.lang.String kerberosRealmSystemProperty

Typically, the default realm and the KDC for that realm are indicated in the Kerberos krb5.conf configuration file. However, if you like, you can instead specify the realm value by setting this following system property value.

If you set the realm property, you SHOULD also configure the kerberos KDC system property.

Also note that if you set these properties, then no cross-realm authentication is possible unless a krb5.conf file is also provided from which the additional information required for cross-realm authentication may be obtained.

If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf (if such a file is found). The krb5.conf file is still consulted if values for items other than the default realm and KDC are needed. If no krb5.conf file is found, then the default values used for these items are implementation-specific.

See Also:

Oracle documentation

loginConfigType

java.lang.String loginConfigType

Typically set to JavaLoginConfig which is the default Configuration implementation from the SUN provider. This type accepts a URI/path to a configuration file as a valid parameter type specified via JaasAuthenticationProperties.loginConfigurationFile. If this parameter is not specified, then the configuration information is loaded from the sources described in the ConfigFile class specification. If this parameter is specified, the configuration information is loaded solely from the specified URI.

loginConfigurationFile

java.lang.String loginConfigurationFile

Path to the location of configuration file (i.e. jaas.conf) that contains the realms and login modules.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for JAAS authentication.

passwordPolicy

PasswordPolicyProperties passwordPolicy

Password policy settings.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal construction settings.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

realm

java.lang.String realm

JAAS realm to use.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Package org.apereo.cas.configuration.model.support.jdbc

Class org.apereo.cas.configuration.model.support.jdbc.JdbcAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7199786191466526110L

Serialized Fields

bind

java.util.List<BindJdbcAuthenticationProperties> bind

Settings related to bind-mode jdbc authentication. Authenticates a user by attempting to create a database connection using the username and (hashed) password.

encode

java.util.List<QueryEncodeJdbcAuthenticationProperties> encode

Settings related to query-encode-mode jdbc authentication. A JDBC querying handler that will pull back the password and the private salt value for a user and validate the encoded password using the public salt value. Assumes everything is inside the same database table. Supports settings for number of iterations as well as private salt. This password encoding method combines the private Salt and the public salt which it prepends to the password before hashing. If multiple iterations are used, the byte code hash of the first iteration is rehashed without the salt values. The final hash is converted to hex before comparing it to the database value.

query

java.util.List<QueryJdbcAuthenticationProperties> query

Settings related to query-mode jdbc authentication. Authenticates a user by comparing the user password (which can be encoded with a password encoder) against the password on record determined by a configurable database query.

search

java.util.List<SearchJdbcAuthenticationProperties> search

Settings related to search-mode jdbc authentication. Searches for a user record by querying against a username and password; the user is authenticated if at least one result is found.

Class org.apereo.cas.configuration.model.support.jdbc.JdbcPrincipalAttributesProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

6915428382578138387L

Serialized Fields

attributes

java.util.Map<java.lang.String,java.lang.String> attributes

Map of attributes to fetch from the database. Attributes are defined using a key-value structure where CAS allows the attribute name/key to be renamed virtually to a different attribute. The key is the attribute fetched from the data source and the value is the attribute name CAS should use for virtual renames. Attributes may be allowed to be virtually renamed and remapped. The key in the attribute map is the original attribute, and the value should be the virtually-renamed attribute.

caseCanonicalization

java.lang.String caseCanonicalization

When constructing the final person object from the attribute repository, indicate how the username should be canonicalized. Accepted values are:

• UPPER: Transform the final person id into uppercase characters.
• LOWER: Transform the final person id into lowercase characters.
• NONE: Do nothing.

caseInsensitiveQueryAttributes

java.util.List<java.lang.String> caseInsensitiveQueryAttributes

Collection of attributes, used to build the SQL query, that should go through a case canonicalization process defined as key->value. Note that the key is not the name of the attribute, but the query attribute that is used in generating the final query clause (i.e. username). The value can be NONE, LOWER, UPPER. It's also possible to define a list of attributes without a case canonicalization override such as username, attribute2 in which case JdbcPrincipalAttributesProperties.caseCanonicalization will dictate the final outcome.

columnMappings

java.util.Map<java.lang.String,java.lang.String> columnMappings

Used only when there is a mapping of many rows to one user. This is done using a key-value structure where the key is the name of the "attribute name" column the value is the name of the "attribute value" column. If the table structure is as such: <pre> ----------------------------- uid | attr_name | attr_value ----------------------------- tom | first_name | Thomas </pre> Then a column mapping must be specified to teach CAS to use attr_name and attr_value for attribute names and values.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

queryAttributes

java.util.Map<java.lang.String,java.lang.String> queryAttributes

Define a Map of query attribute names to data-layer attribute names to use when building the query. The key is always the name of the query attribute that is defined by CAS and passed internally, and the value is the database column that should map.

queryType

java.lang.String queryType

Indicates how multiple attributes in a query should be concatenated together. Accepted values are: *

• AND: Concatenate attributes in the query using an AND-clause.
• OR: Concatenate attributes in the query using an OR-clause.

requireAllAttributes

boolean requireAllAttributes

If the SQL should only be run if all attributes listed in the mappings exist in the query.

singleRow

boolean singleRow

Designed to work against a table where there is a mapping of one row to one user. The fields in the table structure is assumed to match username|name|lastname|address where there is only a single row per user. Setting this setting to false will force CAS to work against a table where there is a mapping of one row to one user. The fields in the table structure is assumed to match username|attr_name|attr_value where there is more than one row per username.

sql

java.lang.String sql

The SQL statement to execute and fetch attributes. The syntax of the query must be SELECT * FROM table WHERE {0}. The WHERE clause is dynamically generated by CAS.

username

java.util.List<java.lang.String> username

Username attribute(s) to use when running the SQL query.

Package org.apereo.cas.configuration.model.support.jdbc.authn

Class org.apereo.cas.configuration.model.support.jdbc.authn.BaseJdbcAuthenticationProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

8460723293967413501L

Serialized Fields

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate.
• 3) Path to an external Groovy script that implements the same interface.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding strategies for this authentication.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Class org.apereo.cas.configuration.model.support.jdbc.authn.BindJdbcAuthenticationProperties extends BaseJdbcAuthenticationProperties implements Serializable

serialVersionUID:

4268982716707687796L

Class org.apereo.cas.configuration.model.support.jdbc.authn.QueryEncodeJdbcAuthenticationProperties extends BaseJdbcAuthenticationProperties implements Serializable

serialVersionUID:

-6647373426301411768L

Serialized Fields

algorithmName

java.lang.String algorithmName

Algorithm used for hashing.

disabledFieldName

java.lang.String disabledFieldName

Column name that indicates whether account is disabled.

expiredFieldName

java.lang.String expiredFieldName

Column name that indicates whether account is expired.

numberOfIterations

int numberOfIterations

Default number of iterations for hashing.

numberOfIterationsFieldName

java.lang.String numberOfIterationsFieldName

Field/column name that indicates the number of iterations used for password hashing.

passwordFieldName

java.lang.String passwordFieldName

Password column name.

saltFieldName

java.lang.String saltFieldName

Field/column name that indicates the salt used for password hashing.

sql

java.lang.String sql

SQL query to execute and look up accounts. Example: SELECT * FROM table WHERE username=?.

staticSalt

java.lang.String staticSalt

Static salt to be used for hashing.

Class org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties extends BaseJdbcAuthenticationProperties implements Serializable

serialVersionUID:

7806132208223986680L

Serialized Fields

fieldDisabled

java.lang.String fieldDisabled

Boolean field that should indicate whether the account is disabled.

fieldExpired

java.lang.String fieldExpired

Boolean field that should indicate whether the account is expired.

fieldPassword

java.lang.String fieldPassword

Password field/column name to retrieve.

principalAttributeList

java.util.List<java.lang.String> principalAttributeList

List of column names to fetch as user attributes.

sql

java.lang.String sql

SQL query to execute. Example: SELECT * FROM table WHERE name=?.

Class org.apereo.cas.configuration.model.support.jdbc.authn.SearchJdbcAuthenticationProperties extends BaseJdbcAuthenticationProperties implements Serializable

serialVersionUID:

6912107600297453730L

Serialized Fields

fieldPassword

java.lang.String fieldPassword

Password column name.

fieldUser

java.lang.String fieldUser

Username column name.

tableUsers

java.lang.String tableUsers

Table name where accounts are held.

Package org.apereo.cas.configuration.model.support.jms

Class org.apereo.cas.configuration.model.support.jms.JmsTicketRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2600525447128979994L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

queueIdentifier

java.lang.String queueIdentifier

Identifier for this CAS server node that tags the sender/receiver in the JMS queue and avoid processing of inbound calls. If left blank, an identifier is generated automatically and kept in memory.

Package org.apereo.cas.configuration.model.support.jpa

Class org.apereo.cas.configuration.model.support.jpa.AbstractJpaProperties extends java.lang.Object implements Serializable

serialVersionUID:

761486823496930920L

Serialized Fields

autocommit

boolean autocommit

The default auto-commit behavior of connections in the pool. Determined whether queries such as update/insert should be immediately executed without waiting for an underlying transaction.

batchSize

int batchSize

A non-zero value enables use of JDBC2 batch updates by Hibernate. e.g. recommended values between 5 and 30.

dataSourceName

java.lang.String dataSourceName

Attempts to do a JNDI data source look up for the data source name specified. Will attempt to locate the data source object as is.

ddlAuto

java.lang.String ddlAuto

Hibernate feature to automatically validate and exports DDL to the schema. By default, creates and drops the schema automatically when a session is starts and ends. Setting the value to validate or none may be more desirable for production, but any of the following options can be used:

• validate: Validate the schema, but make no changes to the database.
• update: Update the schema.
• create: Create the schema, destroying previous data.
• create-drop: Drop the schema at the end of the session.
• none: Do nothing.

Note that during a version migration where any schema has changed create-drop will result in the loss of all data as soon as CAS is started. For transient data like tickets this is probably not an issue, but in cases like the audit table important data could be lost. Using `update`, while safe for data, is confirmed to result in invalid database state. validate or none settings are likely the only safe options for production use.

For more info, see this.

defaultCatalog

java.lang.String defaultCatalog

Qualifies unqualified table names with the given catalog in generated SQL.

defaultSchema

java.lang.String defaultSchema

Qualify unqualified table names with the given schema/tablespace in generated SQL.

dialect

java.lang.String dialect

The database dialect is a configuration setting for platform independent software (JPA, Hibernate, etc) which allows such software to translate its generic SQL statements into vendor specific DDL, DML.

driverClass

java.lang.String driverClass

The JDBC driver used to connect to the database.

failFastTimeout

long failFastTimeout

Set the pool initialization failure timeout.

• Any value greater than zero will be treated as a timeout for pool initialization. The calling thread will be blocked from continuing until a successful connection to the database, or until the timeout is reached. If the timeout is reached, then a PoolInitializationException will be thrown.
• A value of zero will not prevent the pool from starting in the case that a connection cannot be obtained. However, upon start the pool will attempt to obtain a connection and validate that the connectionTestQuery and connectionInitSql are valid. If those validations fail, an exception will be thrown. If a connection cannot be obtained, the validation is skipped and the the pool will start and continue to try to obtain connections in the background. This can mean that callers to DataSource#getConnection() may encounter exceptions.
• A value less than zero will not bypass any connection attempt and validation during startup, and therefore the pool will start immediately. The pool will continue to try to obtain connections in the background. This can mean that callers to DataSource#getConnection() may encounter exceptions.

Note that if this timeout value is greater than or equal to zero (0), and therefore an initial connection validation is performed, this timeout does not override the connectionTimeout or validationTimeout; they will be honored before this timeout is applied. The default value is one millisecond.

fetchSize

int fetchSize

Used to specify number of rows to be fetched in a select query.

generateStatistics

boolean generateStatistics

Allow hibernate to generate query statistics.

healthQuery

java.lang.String healthQuery

The SQL query to be executed to test the validity of connections.

idleTimeout

java.lang.String idleTimeout

Controls the maximum amount of time that a connection is allowed to sit idle in the pool.

isolateInternalQueries

boolean isolateInternalQueries

This property determines whether data source isolates internal pool queries, such as the connection alive test, in their own transaction.

Since these are typically read-only queries, it is rarely necessary to encapsulate them in their own transaction. This property only applies if AbstractJpaProperties.autocommit is disabled.

isolationLevelName

java.lang.String isolationLevelName

Defines the isolation level for transactions.

See Also:

TransactionDefinition

leakThreshold

int leakThreshold

Controls the amount of time that a connection can be out of the pool before a message is logged indicating a possible connection leak.

password

java.lang.String password

The database connection password.

physicalNamingStrategyClassName

java.lang.String physicalNamingStrategyClassName

Fully-qualified name of the class that can control the physical naming strategy of hibernate.

pool

ConnectionPoolingProperties pool

Database connection pooling settings.

propagationBehaviorName

java.lang.String propagationBehaviorName

Defines the propagation behavior for transactions.

See Also:

TransactionDefinition

properties

java.util.Map<java.lang.String,java.lang.String> properties

Additional settings provided by Hibernate in form of key-value pairs.

url

java.lang.String url

The database connection URL.

user

java.lang.String user

The database user.

The database user must have sufficient permissions to be able to handle schema changes and updates, when needed.

Class org.apereo.cas.configuration.model.support.jpa.DatabaseProperties extends java.lang.Object implements Serializable

serialVersionUID:

7740236971148591965L

Serialized Fields

caseInsensitive

boolean caseInsensitive

When choosing physical table names, determine whether names should be considered case-insensitive.

genDdl

boolean genDdl

Whether to generate DDL after the EntityManagerFactory has been initialized creating/updating all relevant tables.

physicalTableNames

java.util.Map<java.lang.String,java.lang.String> physicalTableNames

Indicate a physical table name to be used by the hibernate naming strategy in case table names need to be customized for the specific type of database. The key here indicates the CAS-provided table name and the value is the translate physical name for the database. If a match is not found for the CAS-provided table name, then that name will be used by default.

showSql

boolean showSql

Whether SQL queries should be displayed in the console/logs.

Package org.apereo.cas.configuration.model.support.jpa.serviceregistry

Class org.apereo.cas.configuration.model.support.jpa.serviceregistry.JpaServiceRegistryProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

352435146313504995L

Package org.apereo.cas.configuration.model.support.jpa.ticketregistry

Class org.apereo.cas.configuration.model.support.jpa.ticketregistry.JpaTicketRegistryProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-8053839523783801072L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

jpaLockingTimeout

java.lang.String jpaLockingTimeout

Indicates the lock duration when one is about to be acquired by the cleaner.

ticketLockType

javax.persistence.LockModeType ticketLockType

Ticket locking type. Acceptable values are READ,WRITE,OPTIMISTIC,OPTIMISTIC_FORCE_INCREMENT,PESSIMISTIC_READ, PESSIMISTIC_WRITE,PESSIMISTIC_FORCE_INCREMENT,NONE.

Package org.apereo.cas.configuration.model.support.kafka

Class org.apereo.cas.configuration.model.support.kafka.BaseKafkaProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3844529231331941592L

Serialized Fields

bootstrapAddress

java.lang.String bootstrapAddress

Kafka bootstrapping server address (i.e. localhost:9092).

Class org.apereo.cas.configuration.model.support.kafka.KafkaSingleTopicProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1844529231331941592L

Serialized Fields

compressionType

java.lang.String compressionType

Specify the final compression type for a given topic. This configuration accepts the standard compression codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts 'uncompressed' which is equivalent to no compression; and 'producer' which means retain the original compression codec set by the producer.

config

java.util.Map<java.lang.String,java.lang.String> config

Additional configuration options, as pointed out by TopicConfig.

name

java.lang.String name

Set the name of the topic.

partitions

int partitions

Set the number of partitions (default 1).

replicas

int replicas

Set the number of replicas (default 1).

Package org.apereo.cas.configuration.model.support.ldap

Class org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

3849857270054289852L

Serialized Fields

derefAliases

java.lang.String derefAliases

Define how aliases are de-referenced. Accepted values are:

• NEVER
• SEARCHING: dereference when searching the entries beneath the starting point but not when searching for the starting entry.
• FINDING: dereference when searching for the starting entry but not when searching the entries beneath the starting point.
• ALWAYS: dereference when searching for the starting entry and when searching the entries beneath the starting point.

dnFormat

java.lang.String dnFormat

Specify the dn format accepted by the AD authenticator, etc. Example format might be uid=%s,ou=people,dc=example,dc=org.

enhanceWithEntryResolver

boolean enhanceWithEntryResolver

Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.

principalAttributePassword

java.lang.String principalAttributePassword

If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

For the anonymous authentication type, if principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

type

AbstractLdapAuthenticationProperties.AuthenticationTypes type

The authentication type.

• AD - Users authenticate with sAMAccountName.
• AUTHENTICATED - Manager bind/search type of authentication. If principalAttributePassword} is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
• ANONYMOUS: Similar semantics as AUTHENTICATED except no bindDn and bindCredential may be specified to initialize the connection. If principalAttributePassword is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.
• DIRECT: Direct Bind - Compute user DN from format string and perform simple bind. This is relevant when no search is required to compute the DN needed for a bind operation. Use cases for this type are: 1) All users are under a single branch in the directory, e.g. ou=Users,dc=example,dc=org. 2) The username provided on the CAS login form is part of the DN, e.g. uid=%s,ou=Users,dc=example,dc=org.

Class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties extends java.lang.Object implements Serializable

serialVersionUID:

2682743362616979324L

Serialized Fields

allowMultipleDns

boolean allowMultipleDns

Whether search/query results are allowed to match on multiple DNs, or whether a single unique DN is expected for the result.

allowMultipleEntries

boolean allowMultipleEntries

Set if multiple Entries are allowed.

binaryAttributes

java.util.List<java.lang.String> binaryAttributes

Indicate the collection of attributes that are to be tagged and processed as binary attributes by the underlying search resolver.

bindCredential

java.lang.String bindCredential

The bind credential to use when connecting to LDAP.

bindDn

java.lang.String bindDn

The bind DN to use when connecting to LDAP. LDAP connection configuration injected into the LDAP connection pool can be initialized with the following parameters:

• bindDn/bindCredential provided - Use the provided credentials to bind when initializing connections.
• bindDn/bindCredential set to * - Use a fast-bind strategy to initialize the pool.
• bindDn/bindCredential set to blank - Skip connection initializing; perform operations anonymously.
• SASL mechanism provided - Use the given SASL mechanism to bind when initializing connections.

blockWaitTime

java.lang.String blockWaitTime

The length of time the pool will block. By default the pool will block indefinitely and there is no guarantee that waiting threads will be serviced in the order in which they made their request. This option should be used with a blocking connection pool when you need to control the exact number of connections that can be created

connectionStrategy

java.lang.String connectionStrategy

If multiple URLs are provided as the ldapURL this describes how each URL will be processed.

• ACTIVE_PASSIVE First LDAP will be used for every request unless it fails and then the next shall be used.
• ROUND_ROBIN For each new connection the next url in the list will be used.
• RANDOM For each new connection a random LDAP url will be selected.
• DNS_SRV LDAP urls based on DNS SRV records of the configured/given LDAP url will be used.

connectTimeout

java.lang.String connectTimeout

Sets the maximum amount of time that connects will block.

disablePooling

boolean disablePooling

Whether to use a pooled connection factory in components.

failFast

boolean failFast

Attempt to populate the connection pool early on startup and fail quickly if something goes wrong.

followReferrals

boolean followReferrals

Set if search referrals should be followed.

hostnameVerifier

AbstractLdapProperties.LdapHostnameVerifierOptions hostnameVerifier

Hostname verification options.

idleTime

java.lang.String idleTime

Removes connections from the pool based on how long they have been idle in the available queue. Prunes connections that have been idle for more than the indicated amount.

keystore

java.lang.String keystore

Path to the keystore used for SSL connections. Typically contains SSL certificates for the LDAP server.

keystorePassword

java.lang.String keystorePassword

Keystore password.

keystoreType

java.lang.String keystoreType

The type of keystore. PKCS12 or JKS. If left blank, defaults to the default keystore type indicated by the underlying Java platform.

ldapUrl

java.lang.String ldapUrl

The LDAP url to the server. More than one may be specified, separated by space and/or comma.

maxPoolSize

int maxPoolSize

Maximum LDAP connection pool size which the pool can use to grow.

minPoolSize

int minPoolSize

Minimum LDAP connection pool size. Size the pool should be initialized to and pruned to

name

java.lang.String name

Name of the LDAP handler.

poolPassivator

java.lang.String poolPassivator

You may receive unexpected LDAP failures, when CAS is configured to authenticate using DIRECT or AUTHENTICATED types and LDAP is locked down to not allow anonymous binds/searches. Every second attempt with a given LDAP connection from the pool would fail if it was on the same connection as a failed login attempt, and the regular connection validator would similarly fail. When a connection is returned back to a pool, it still may contain the principal and credentials from the previous attempt. Before the next bind attempt using that connection, the validator tries to validate the connection again but fails because it’s no longer trying with the configured bind credentials but with whatever user DN was used in the previous step. Given the validation failure, the connection is closed and CAS would deny access by default. Passivators attempt to reconnect to LDAP with the configured bind credentials, effectively resetting the connection to what it should be after each bind request. Furthermore if you are seeing errors in the logs that resemble a 'Operation exception encountered, reopening connection' type of message, this usually is an indication that the connection pool’s validation timeout established and created by CAS is greater than the timeout configured in the LDAP server, or more likely, in the load balancer in front of the LDAP servers. You can adjust the LDAP server session’s timeout for connections, or you can teach CAS to use a validity period that is equal or less than the LDAP server session’s timeout. Accepted values are:

• NONE: No passivation takes place.
• BIND: The default behavior which passivates a connection by performing a bind operation on it. This option requires the availability of bind credentials when establishing connections to LDAP.

prunePeriod

java.lang.String prunePeriod

Removes connections from the pool based on how long they have been idle in the available queue. Run the pruning process at the indicated interval.

responseTimeout

java.lang.String responseTimeout

Duration of time to wait for responses.

saslAuthorizationId

java.lang.String saslAuthorizationId

SASL authorization id.

saslMechanism

java.lang.String saslMechanism

The SASL mechanism.

saslMutualAuth

java.lang.Boolean saslMutualAuth

SASL mutual auth is enabled?

saslQualityOfProtection

java.lang.String saslQualityOfProtection

SASL quality of protected.

saslRealm

java.lang.String saslRealm

The SASL realm.

saslSecurityStrength

java.lang.String saslSecurityStrength

SASL security strength.

trustCertificates

java.lang.String trustCertificates

Path of the trust certificates to use for the SSL connection. Ignores keystore-related settings when activated and used.

trustManager

java.lang.String trustManager

Trust Manager options. Trust managers are responsible for managing the trust material that is used when making LDAP trust decisions, and for deciding whether credentials presented by a peer should be accepted. Accepted values are: *

• DEFAULT: Enable and force the default JVM trust managers.
• ANY: Trust any client or server.

trustStore

java.lang.String trustStore

Path to the keystore used to determine which certificates or certificate authorities should be trusted. Used when connecting to an LDAP server via LDAPS or startTLS connection. If left blank, the default truststore for the Java runtime is used.

trustStorePassword

java.lang.String trustStorePassword

Password needed to open the truststore.

trustStoreType

java.lang.String trustStoreType

The type of trust keystore that determines which certificates or certificate authorities are trusted. Types depend on underlying java platform, typically PKCS12 or JKS. If left blank, defaults to the default keystore type indicated by the underlying Java platform.

useStartTls

boolean useStartTls

Whether TLS should be used and enabled when establishing the connection.

validateOnCheckout

boolean validateOnCheckout

Whether connections should be validated when loaned out from the pool.

validatePeriod

java.lang.String validatePeriod

Period at which pool should be validated.

validatePeriodically

boolean validatePeriodically

Whether connections should be validated periodically when the pool is idle.

validateTimeout

java.lang.String validateTimeout

Period at which validation operations may time out.

validator

LdapValidatorProperties validator

LDAP connection validator settings.

Class org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties extends AbstractLdapProperties implements Serializable

serialVersionUID:

3009946735155362639L

Serialized Fields

baseDn

java.lang.String baseDn

Base DN to use. There may be scenarios where different parts of a single LDAP tree could be considered as base-dns. Rather than duplicating the LDAP configuration block for each individual base-dn, each entry can be specified and joined together using a special delimiter character. The user DN is retrieved using the combination of all base-dn and DN resolvers in the order defined. DN resolution should fail if multiple DNs are found. Otherwise the first DN found is returned. Usual syntax is: subtreeA,dc=example,dc=net|subtreeC,dc=example,dc=net.

pageSize

int pageSize

Request that the server return results in batches of a specific size. See RFC 2696. This control is often used to work around server result size limits. A negative/zero value disables paged requests.

searchEntryHandlers

java.util.List<LdapSearchEntryHandlersProperties> searchEntryHandlers

Search handlers.

searchFilter

java.lang.String searchFilter

User filter to use for searching. Syntax is cn={user} or cn={0}. You may also provide an external groovy script in the syntax of file:/path/to/GroovyScript.groovy to fully build the final filter template dynamically.

subtreeSearch

boolean subtreeSearch

Whether subtree searching is allowed.

Class org.apereo.cas.configuration.model.support.ldap.CaseChangeSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

2420895955116725666L

Serialized Fields

attributeNameCaseChange

java.lang.String attributeNameCaseChange

The Attribute name case change.

attributeNames

java.util.List<java.lang.String> attributeNames

The Attribute names.

attributeValueCaseChange

java.lang.String attributeValueCaseChange

The Attribute value case change.

dnCaseChange

java.lang.String dnCaseChange

The Dn case change.

Class org.apereo.cas.configuration.model.support.ldap.DnAttributeSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1174594647679213858L

Serialized Fields

addIfExists

boolean addIfExists

The Add if exists.

dnAttributeName

java.lang.String dnAttributeName

The Dn attribute name.

Class org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties extends AbstractLdapAuthenticationProperties implements Serializable

serialVersionUID:

-5357843463521189892L

Serialized Fields

additionalAttributes

java.util.List<java.lang.String> additionalAttributes

List of additional attributes to retrieve, if any.

allowMissingPrincipalAttributeValue

boolean allowMissingPrincipalAttributeValue

Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.

allowMultiplePrincipalAttributeValues

boolean allowMultiplePrincipalAttributeValues

Sets a flag that determines whether multiple values are allowed for the LdapAuthenticationProperties.principalAttributeId. This flag only has an effect if LdapAuthenticationProperties.principalAttributeId is configured. If multiple values are detected when the flag is false, the first value is used and a warning is logged. If multiple values are detected when the flag is true, an exception is raised.

collectDnAttribute

boolean collectDnAttribute

When entry DN should be called as an attribute and stored into the principal.

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate.
• 3) Path to an external Groovy script that implements the same interface.

order

java.lang.Integer order

Order of the authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for LDAP authentication.

passwordPolicy

LdapPasswordPolicyProperties passwordPolicy

Password policy settings.

principalAttributeId

java.lang.String principalAttributeId

The attribute to use as the principal identifier built during and upon a successful authentication attempt.

principalAttributeList

java.util.List<java.lang.String> principalAttributeList

List of attributes to retrieve from LDAP. Attributes can be virtually remapped to multiple names. Example cn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER. To fetch and resolve attributes that carry tags/options, consider tagging the mapped attribute as such: homePostalAddress:homePostalAddress;.

principalDnAttributeName

java.lang.String principalDnAttributeName

Name of attribute to be used for principal's DN.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Class org.apereo.cas.configuration.model.support.ldap.LdapAuthorizationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2680169790567609780L

Serialized Fields

allowMultipleResults

boolean allowMultipleResults

Indicate whether the LDAP search query is allowed to return multiple entries.

baseDn

java.lang.String baseDn

Base DN to start the search.

groupAttribute

java.lang.String groupAttribute

Attribute expected to be found on the entry resulting from the group search whose value is going to be used to construct roles. The final value is always prefixed with LdapAuthorizationProperties.groupPrefix. This is useful in scenarios where you wish to grant access to a resource to all users who a member of a given group.

groupBaseDn

java.lang.String groupBaseDn

Base DN to start the search looking for groups.

groupFilter

java.lang.String groupFilter

Search filter to begin looking for groups.

groupPrefix

java.lang.String groupPrefix

A prefix that is prepended to the group attribute value to construct an authorized role.

roleAttribute

java.lang.String roleAttribute

Attribute expected to be found on the entry whose value is going to be used to construct roles. The final value is always prefixed with LdapAuthorizationProperties.rolePrefix. This is useful in scenarios where you wish to grant access to a resource to all users who carry a special attribute.

rolePrefix

java.lang.String rolePrefix

Prefix for the role.

searchFilter

java.lang.String searchFilter

LDAP search filter to locate accounts.

Class org.apereo.cas.configuration.model.support.ldap.LdapPasswordPolicyProperties extends PasswordPolicyProperties implements Serializable

serialVersionUID:

-1878237508646993100L

Serialized Fields

customPolicyClass

java.lang.String customPolicyClass

An implementation of a policy class that knows how to handle LDAP responses. The class must be an implementation of org.ldaptive.auth.AuthenticationResponseHandler.

type

AbstractLdapProperties.LdapType type

LDAP type.

Class org.apereo.cas.configuration.model.support.ldap.LdapPrincipalAttributesProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

5760065368731012063L

Serialized Fields

attributes

java.util.Map<java.lang.String,java.lang.String> attributes

Map of attributes to fetch from the source. Attributes are defined using a key-value structure where CAS allows the attribute name/key to be renamed virtually to a different attribute. The key is the attribute fetched from the data source and the value is the attribute name CAS should use for virtual renames. Attributes may be allowed to be virtually renamed and remapped. The key in the attribute map is the original attribute, and the value should be the virtually-renamed attribute. To fetch and resolve attributes that carry tags/options, consider tagging the mapped attribute as such: affiliation=affiliation.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.support.ldap.LdapSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5198990160347131821L

Serialized Fields

caseChange

CaseChangeSearchEntryHandlersProperties caseChange

Provides the ability to modify the case of search entry DNs, attribute names, and attribute values.

dnAttribute

DnAttributeSearchEntryHandlersProperties dnAttribute

Adds the entry DN as an attribute to the result set. Provides a client side implementation of RFC 5020.

mergeAttribute

MergeAttributesSearchEntryHandlersProperties mergeAttribute

Merges the values of one or more attributes into a single attribute. The merged attribute may or may not already exist on the entry. If it does exist it's existing values will remain intact.

primaryGroupId

PrimaryGroupIdSearchEntryHandlersProperties primaryGroupId

Constructs the primary group SID and then searches for that group and puts it's DN in the memberOf attribute of the original search entry. This handler requires that entries contain both the objectSid/primaryGroupID attributes. If those attributes are not found this handler is a no-op. This handler should be used in conjunction with the ObjectSidHandler to ensure the objectSid attribute is in the proper form. See http://support2.microsoft.com/kb/297951

recursive

RecursiveSearchEntryHandlersProperties recursive

This recursively searches based on a supplied attribute and merges those results into the original entry.

type

LdapSearchEntryHandlersProperties.SearchEntryHandlerTypes type

The type of search entry handler to choose.

Class org.apereo.cas.configuration.model.support.ldap.LdapValidatorProperties extends java.lang.Object implements Serializable

serialVersionUID:

1150417354213235193L

Serialized Fields

attributeName

java.lang.String attributeName

Attribute name to use for the compare validator.

attributeValue

java.lang.String attributeValue

Attribute values to use for the compare validator.

baseDn

java.lang.String baseDn

Base DN to use for the search request of the search validator.

dn

java.lang.String dn

DN to compare to use for the compare validator.

scope

java.lang.String scope

Search scope to use for the search request of the search validator.

searchFilter

java.lang.String searchFilter

Search filter to use for the search request of the search validator.

type

java.lang.String type

Determine the LDAP validator type. The following LDAP validators can be used to test connection health status:

• search: Validates a connection is healthy by performing a search operation. Validation is considered successful if the search result size is greater than zero.
• none: No validation takes place.
• compare: Validates a connection is healthy by performing a compare operation.

Class org.apereo.cas.configuration.model.support.ldap.MergeAttributesSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3988972992084584349L

Serialized Fields

attributeNames

java.util.List<java.lang.String> attributeNames

The Attribute names.

mergeAttributeName

java.lang.String mergeAttributeName

The Merge attribute name.

Class org.apereo.cas.configuration.model.support.ldap.PrimaryGroupIdSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

539574118704476712L

Serialized Fields

baseDn

java.lang.String baseDn

The Base dn.

groupFilter

java.lang.String groupFilter

The Group filter.

Class org.apereo.cas.configuration.model.support.ldap.RecursiveSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

7038108925310792763L

Serialized Fields

mergeAttributes

java.util.List<java.lang.String> mergeAttributes

The Merge attributes.

searchAttribute

java.lang.String searchAttribute

The Search attribute.

Package org.apereo.cas.configuration.model.support.ldap.serviceregistry

Class org.apereo.cas.configuration.model.support.ldap.serviceregistry.LdapServiceRegistryProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

2372867394066286022L

Serialized Fields

idAttribute

java.lang.String idAttribute

ID attribute used for the registered service entry in LDAP to keep track of the service numeric identifier.

loadFilter

java.lang.String loadFilter

The load filter used to load entries by the LdapServiceRegistryProperties.objectClass. This is typically used to load all definitions that might be mapped to a service definition. The search filter used to load entries by the LdapServiceRegistryProperties.idAttribute. This is typically used to load a specific service definition by its id during search operations.

objectClass

java.lang.String objectClass

Object class used for the registered service entry in LDAP.

serviceDefinitionAttribute

java.lang.String serviceDefinitionAttribute

Service definition attribute used for the registered service entry in LDAP to keep a representation of the service body.

Package org.apereo.cas.configuration.model.support.memcached

Class org.apereo.cas.configuration.model.support.memcached.BaseMemcachedProperties extends java.lang.Object implements Serializable

serialVersionUID:

514520518053691666L

Serialized Fields

daemon

boolean daemon

Set the daemon state of the IO thread (defaults to true).

failureMode

java.lang.String failureMode

Failure mode. Acceptable values are Redistribute,Retry,Cancel.

hashAlgorithm

java.lang.String hashAlgorithm

Hash algorithm. Acceptable values are NATIVE_HASH,CRC_HASH,FNV1_64_HASH,FNV1A_64_HASH,FNV1_32_HASH,FNV1A_32_HASH,KETAMA_HASH.

kryoAutoReset

boolean kryoAutoReset

If true, reset is called automatically after an entire object graph has been read or written. If false, reset must be called manually, which allows unregistered class names, references, and other information to span multiple object graphs.

kryoObjectsByReference

boolean kryoObjectsByReference

If true, each appearance of an object in the graph after the first is stored as an integer ordinal. When set to true, MapReferenceResolver is used. This enables references to the same object and cyclic graphs to be serialized, but typically adds overhead of one byte per object.

kryoRegistrationRequired

boolean kryoRegistrationRequired

If true, an exception is thrown when an unregistered class is encountered.

If false, when an unregistered class is encountered, its fully qualified class name will be serialized and the default serializer for the class used to serialize the object. Subsequent appearances of the class within the same object graph are serialized as an int id. Registered classes are serialized as an int id, avoiding the overhead of serializing the class name, but have the drawback of needing to know the classes to be serialized up front. See ComponentSerializationPlan for help here.

locatorType

java.lang.String locatorType

Locator mode. Acceptable values are ARRAY_MOD, CONSISTENT, VBUCKET.

maxIdle

int maxIdle

Set the value for the maxTotal configuration attribute for pools created with this configuration instance.

maxReconnectDelay

long maxReconnectDelay

Set the maximum reconnect delay.

maxTotal

int maxTotal

Sets the cap on the number of objects that can be allocated by the pool (checked out to clients, or idle awaiting checkout) at a given time. Use a negative value for no limit.

minIdle

int minIdle

Get the value for the minIdle configuration attribute for pools created with this configuration instance.

opTimeout

long opTimeout

Set the default operation timeout in milliseconds.

protocol

java.lang.String protocol

Protocol. Acceptable values are TEXT, BINARY.

servers

java.lang.String servers

Comma-separated list of memcached servers.

shouldOptimize

boolean shouldOptimize

Set to false if the default operation optimization is not desirable.

shutdownTimeoutSeconds

long shutdownTimeoutSeconds

The number of seconds to wait for connections to finish before shutting down the client.

timeoutExceptionThreshold

int timeoutExceptionThreshold

Set the maximum timeout exception threshold.

transcoder

BaseMemcachedProperties.TranscoderTypes transcoder

Indicate the transcoder type.

transcoderCompressionThreshold

int transcoderCompressionThreshold

For transcoders other than kryo, determines the compression threshold. Does not apply to kryo.

useNagleAlgorithm

boolean useNagleAlgorithm

Set to true if you'd like to enable the Nagle algorithm.

Class org.apereo.cas.configuration.model.support.memcached.MemcachedTicketRegistryProperties extends BaseMemcachedProperties implements Serializable

serialVersionUID:

509520518053691786L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.mfa

Class org.apereo.cas.configuration.model.support.mfa.AccepttoMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

-2309444053833490009L

Serialized Fields

apiUrl

java.lang.String apiUrl

Base URL for API calls to authenticate, fetch channels or verify responses.

applicationId

java.lang.String applicationId

Identifier of the application. When an organization creates an application in eGuardian dashboard this id gets generated.

authnSelectionUrl

java.lang.String authnSelectionUrl

URL of the Acceptto instance for authn discovery. This page allows the user to choose their second-factor authentication method. Based on the policies defined by relying party user has the option of using Push Notification, Text Message, Voice Call, TOTP for replying to the authentication request. As soon as users select Accept or Decline with the push, or verifies with a one-time passcode, they will get redirected back to callback url that was passed by the relying party.

emailAttribute

java.lang.String emailAttribute

The user attribute that collects the user's email address which the relying party wants to authenticate.

groupAttribute

java.lang.String groupAttribute

List of active directory group GUIDs that user is a member of. This is used for Group based policies. If undefined, will ignore passing the groups to Acceptto.

message

java.lang.String message

Message to deliver to the user. This message gets delivered to the user device via push notification. e.g "Would you like to sign in?".

organizationId

java.lang.String organizationId

Organization identifier.

organizationSecret

java.lang.String organizationSecret

Organization secret.

qrLoginEnabled

boolean qrLoginEnabled

Whether QR Code login should be enabled.

registrationApiPublicKey

SpringResourceProperties registrationApiPublicKey

Location of public key used to verify API responses that are produced as part of device pairing and registration.

registrationApiUrl

java.lang.String registrationApiUrl

URL to the enrollment/registration API.

secret

java.lang.String secret

Secret of the application. When an organization creates an application in eGuardian dashboard this secret gets generated.

timeout

long timeout

Timeout value for the authentication request is in seconds. If the user does not respond in the specified time period, an authentication request expires. The max value is 600 seconds. Setting the value any higher will cause it to revert back to 600 seconds.

Class org.apereo.cas.configuration.model.support.mfa.AuthenticationAttributeMultifactorAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

6426521468929733907L

Serialized Fields

globalAuthenticationAttributeNameTriggers

java.lang.String globalAuthenticationAttributeNameTriggers

MFA can be triggered for all users/subjects whose authentication event/metadata has resolved a specific attribute that matches one of the below conditions:

• Trigger MFA based on a authentication attribute(s) whose value(s) matches a regex pattern. Note that this behavior is only applicable if there is only a single MFA provider configured, since that would allow CAS to know what provider to next activate.
• Trigger MFA based on a authentication attribute(s) whose value(s) EXACTLY matches an MFA provider. This option is more relevant if you have more than one provider configured or if you have the flexibility of assigning provider ids to attributes as values.

Needless to say, the attributes need to have been resolved for the authentication event prior to this step. This trigger is generally useful when the underlying authentication engine signals CAS to perform additional validation of credentials. This signal may be captured by CAS as an attribute that is part of the authentication event metadata which can then trigger additional multifactor authentication events.

globalAuthenticationAttributeValueRegex

java.lang.String globalAuthenticationAttributeValueRegex

The regular expression that is cross matches against the authentication attribute to determine if the account is qualified for multifactor authentication.

Class org.apereo.cas.configuration.model.support.mfa.AuthyMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

-3746749663459157641L

Serialized Fields

apiKey

java.lang.String apiKey

Authy API key.

apiUrl

java.lang.String apiUrl

Authy API url.

countryCode

java.lang.String countryCode

Phone number country code used to look up and/or create the Authy user account.

forceVerification

boolean forceVerification

Flag authentication requests to authy to force verification of credentials.

mailAttribute

java.lang.String mailAttribute

Principal attribute used to look up an email address for credential verification. The attribute value is then used to look up the user record in Authy, or create the user.

phoneAttribute

java.lang.String phoneAttribute

Principal attribute used to look up a phone number for credential verification. The attribute value is then used to look up the user record in Authy, or create the user.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.BaseMultifactorAuthenticationProviderProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2690281104343633871L

Serialized Fields

bypass

MultifactorAuthenticationProviderBypassProperties bypass

Multifactor bypass options for this provider. Each multifactor provider is equipped with options to allow for MFA bypass. Once the provider is chosen to honor the authentication request, bypass rules are then consulted to calculate whether the provider should ignore the request and skip MFA conditionally.

failureMode

BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes failureMode

The failure mode policy for this MFA provider. The authentication policy by default supports fail-closed mode, which means that if you attempt to exercise a particular provider available to CAS and the provider cannot be reached, authentication will be stopped and an error will be displayed. You can of course change this behavior so that authentication proceeds without exercising the provider functionality, if that provider cannot respond. Each defined multifactor authentication provider can set its own failure mode policy. Failure modes set at this location will override the global failure mode, but defer to any failure mode set by the registered service.

id

java.lang.String id

The identifier for the multifactor provider. In most cases, this need not be configured explicitly, unless multiple instances of the same provider type are configured in CAS.

name

java.lang.String name

The name of the authentication handler used to verify credentials in MFA.

order

int order

The order of the authentication handler in the chain.

rank

int rank

At times, CAS needs to determine the correct provider when step-up authentication is required. Consider for a moment that CAS already has established an SSO session with/without a provider and has reached a level of authentication. Another incoming request attempts to exercise that SSO session with a different and often competing authentication requirement that may differ from the authentication level CAS has already established. Concretely, examples may be:

• CAS has achieved an SSO session, but a separate request now requires step-up authentication with DuoSecurity.
• CAS has achieved an SSO session with an authentication level satisfied by DuoSecurity, but a separate request now requires step-up authentication with YubiKey.

In certain scenarios, CAS will attempt to rank authentication levels and compare them with each other. If CAS already has achieved a level that is higher than what the incoming request requires, no step-up authentication will be performed. If the opposite is true, CAS will route the authentication flow to the required authentication level and upon success, will adjust the SSO session with the new higher authentication level now satisfied. Ranking of authentication methods is done per provider via specific properties for each. Note that the higher the rank value is, the higher on the security scale it remains. A provider that ranks higher with a larger weight value trumps and override others with a lower value.

Class org.apereo.cas.configuration.model.support.mfa.CasSimpleMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

-9211748853833491119L

Serialized Fields

mail

EmailProperties mail

Email settings for notifications.

sms

SmsProperties sms

SMS settings for notifications.

timeToKillInSeconds

long timeToKillInSeconds

Time in seconds that CAS tokens should be considered live in CAS server.

tokenLength

int tokenLength

The length of the generated token.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

-4655375354167880807L

Serialized Fields

accountStatusEnabled

boolean accountStatusEnabled

When set to true, CAS will contact Duo Security to check for user's account status and to evaluate whether user qualifies for multifactor authentication from Duo's perspective. When disabled, user account status is set to authenticate with Duo and the API call will never be made.

duoApiHost

java.lang.String duoApiHost

Duo API host and url.

duoApplicationKey

java.lang.String duoApplicationKey

The application key is a string, at least 40 characters long, that you generate and keep secret from Duo. This is a required setting for the WebSDK integration types. Leaving this setting as blank will activate the Universal Prompt option. You can generate a random string in Python with: <pre> import os, hashlib print hashlib.sha1(os.urandom(32)).hexdigest() </pre>

duoIntegrationKey

java.lang.String duoIntegrationKey

Duo integration key.

duoSecretKey

java.lang.String duoSecretKey

Duo secret key.

registrationUrl

java.lang.String registrationUrl

Link to a registration app, typically developed in-house in order to allow new users to sign-up for duo functionality. If the user account status requires enrollment and this link is specified, CAS will redirect the authentication flow to this registration app. Otherwise, the default duo mechanism for new-user registrations shall take over.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.GlobalMultifactorAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

5426522468929733907L

Serialized Fields

globalProviderId

java.lang.String globalProviderId

MFA can be triggered for all applications and users regardless of individual settings. This setting holds the value of an MFA provider that shall be activated for all requests, regardless.

Class org.apereo.cas.configuration.model.support.mfa.GroovyMultifactorAuthenticationProviderBypassProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.mfa.GrouperMultifactorAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

6426522468929733907L

Serialized Fields

grouperGroupField

java.lang.String grouperGroupField

MFA can be triggered by Grouper groups to which the authenticated principal is assigned. Groups are collected by CAS and then cross-checked against all available/configured MFA providers. The group’s comparing factor MUST be defined in CAS to activate this behavior and it can be based on the group’s name, display name, etc where a successful match against a provider id shall activate the chosen MFA provider.

Class org.apereo.cas.configuration.model.support.mfa.InweboMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

-942637204816051814L

Serialized Fields

clientCertificate

ClientCertificateProperties clientCertificate

The client certificate.

consoleAdminUrl

java.lang.String consoleAdminUrl

Console admin API url.

serviceApiUrl

java.lang.String serviceApiUrl

The service API url.

serviceId

java.lang.Long serviceId

The Inwebo service id.

siteAlias

java.lang.String siteAlias

The alias of the secured site.

siteDescription

java.lang.String siteDescription

The description of the secured site.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

7426521468929733907L

Serialized Fields

authenticationContextAttribute

java.lang.String authenticationContextAttribute

Attribute returned in the final CAS validation payload that indicates the authentication context class satisfied in the event of a multifactor authentication attempt.

contentType

java.lang.String contentType

Content-type that is expected to be specified by non-web clients such as curl, etc in the event that the provider supports variations of non-browser based MFA. The value is treated as a regular expression.

globalFailureMode

BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes globalFailureMode

Defines the global failure mode for the entire deployment. This is meant to be used a shortcut to define the policy globally rather than per application. Applications registered with CAS can still define a failure mode and override the global.

providerSelectionEnabled

boolean providerSelectionEnabled

In the event that multiple multifactor authentication providers are determined for a multifactor authentication transaction, this setting will allow one to interactively choose a provider out of the list of available providers. A trigger may be designed to support more than one provider, and rather than letting CAS auto-determine the selected provider via scripts or ranking strategies, this method puts the choice back onto the user to decide which provider makes the most sense at any given time.

providerSelectorGroovyScript

SpringResourceProperties providerSelectorGroovyScript

In the event that multiple multifactor authentication providers are determined for a multifactor authentication transaction, by default CAS will attempt to sort the collection of providers based on their rank and will pick one with the highest priority. This use case may arise if multiple triggers are defined where each decides on a different multifactor authentication provider, or the same provider instance is configured multiple times with many instances. Provider selection may also be carried out using Groovy scripting strategies more dynamically. The following example should serve as an outline of how to select multifactor providers based on a Groovy script.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationHttpTriggerProperties extends java.lang.Object implements Serializable

serialVersionUID:

5511521468929733907L

Serialized Fields

requestHeader

java.lang.String requestHeader

MFA can be triggered for a specific authentication request, provided the initial request to the CAS /login endpoint contains a request header that indicates the required MFA authentication flow. The header name is configurable, but its value must match the authentication provider id of an available MFA provider.

requestParameter

java.lang.String requestParameter

MFA can be triggered for a specific authentication request, provided the initial request to the CAS /login endpoint contains a parameter that indicates the required MFA authentication flow. The parameter name is configurable, but its value must match the authentication provider id of an available MFA provider.

sessionAttribute

java.lang.String sessionAttribute

MFA can be triggered for a specific authentication request, provided the request contains a session/request attribute that indicates the required MFA authentication flow. The attribute name is configurable, but its value must match the authentication provider id of an available MFA provider.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7416521468929733907L

Serialized Fields

acceptto

AccepttoMultifactorAuthenticationProperties acceptto

Activate and configure a multifactor authentication provider via Acceptto.

authy

AuthyMultifactorAuthenticationProperties authy

Activate and configure a multifactor authentication provider via Authy.

core

MultifactorAuthenticationCoreProperties core

Multifactor authentication core/common settings.

duo

java.util.List<DuoSecurityMultifactorAuthenticationProperties> duo

Activate and configure a multifactor authentication provider via Duo Security.

gauth

GoogleAuthenticatorMultifactorProperties gauth

Activate and configure a multifactor authentication provider via Google Authenticator.

groovyScript

SpringResourceProperties groovyScript

MFA can be triggered based on the results of a groovy script of your own design. The outcome of the script should determine the MFA provider id that CAS should attempt to activate.

inwebo

InweboMultifactorAuthenticationProperties inwebo

Activate and configure a multifactor authentication provider via Inwebo.

radius

RadiusMultifactorAuthenticationProperties radius

Activate and configure a multifactor authentication provider via RADIUS.

simple

CasSimpleMultifactorAuthenticationProperties simple

Activate and configure a multifactor authentication provider via CAS itself.

swivel

SwivelMultifactorAuthenticationProperties swivel

Activate and configure a multifactor authentication provider via Swivel.

triggers

MultifactorAuthenticationTriggersProperties triggers

Multifactor authentication core/common settings for triggering mfa.

trusted

TrustedDevicesMultifactorProperties trusted

Activate and configure a multifactor authentication with the capability to trust and remember devices.

u2f

U2FMultifactorAuthenticationProperties u2f

Activate and configure a multifactor authentication provider via U2F FIDO.

webAuthn

WebAuthnMultifactorAuthenticationProperties webAuthn

Activate and configure a multifactor authentication provider via WebAuthN.

yubikey

YubiKeyMultifactorAuthenticationProperties yubikey

Activate and configure a multifactor authentication provider via YubiKey.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties extends java.lang.Object implements Serializable

serialVersionUID:

-9181362378365850397L

Serialized Fields

authenticationAttributeName

java.lang.String authenticationAttributeName

Skip multifactor authentication based on designated authentication attribute names.

authenticationAttributeValue

java.lang.String authenticationAttributeValue

Optionally, skip multifactor authentication based on designated authentication attribute values.

authenticationHandlerName

java.lang.String authenticationHandlerName

Skip multifactor authentication depending on form of primary authentication execution. Specifically, skip multifactor if the a particular authentication handler noted by its name successfully is able to authenticate credentials in the primary factor.

authenticationMethodName

java.lang.String authenticationMethodName

Skip multifactor authentication depending on method/form of primary authentication execution. Specifically, skip multifactor if the authentication method attribute collected as part of authentication metadata matches a certain value.

credentialClassType

java.lang.String credentialClassType

Skip multifactor authentication depending on form of primary credentials. Value must equal the fully qualified class name of the credential type.

groovy

GroovyMultifactorAuthenticationProviderBypassProperties groovy

Handle bypass using a Groovy resource.

httpRequestHeaders

java.lang.String httpRequestHeaders

Skip multifactor authentication if the http request contains the defined header names. Header names may be comma-separated and can be regular expressions; values are ignored.

httpRequestRemoteAddress

java.lang.String httpRequestRemoteAddress

Skip multifactor authentication if the http request's remote address or host matches the value defined here. The value may be specified as a regular expression.

principalAttributeName

java.lang.String principalAttributeName

Skip multifactor authentication based on designated principal attribute names.

principalAttributeValue

java.lang.String principalAttributeValue

Optionally, skip multifactor authentication based on designated principal attribute values.

rest

RestfulMultifactorAuthenticationProviderBypassProperties rest

Handle bypass using a REST endpoint.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationTriggersProperties extends java.lang.Object implements Serializable

serialVersionUID:

7410521468929733907L

Serialized Fields

authentication

AuthenticationAttributeMultifactorAuthenticationProperties authentication

Activate MFA based on properties or attributes of the authentication.

global

GlobalMultifactorAuthenticationProperties global

Activate MFA globally.

grouper

GrouperMultifactorAuthenticationProperties grouper

Activate MFA based on grouper integration.

http

MultifactorAuthenticationHttpTriggerProperties http

MFA triggers that operate based on the http request properties.

principal

PrincipalAttributeMultifactorAuthenticationProperties principal

Activate MFA based on properties or attributes of the principal.

rest

RestfulMultifactorAuthenticationProperties rest

MFA can be triggered based on the results of a remote REST endpoint of your design. If the endpoint is configured, CAS shall issue a POST, providing the principal and the service url. The body of the response in the event of a successful 200 status code is expected to be the MFA provider id which CAS should activate.

Class org.apereo.cas.configuration.model.support.mfa.PrincipalAttributeMultifactorAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7426521468929733907L

Serialized Fields

denyIfUnmatched

boolean denyIfUnmatched

Force CAS to deny and block the authentication attempt altogether if attribute name/value configuration cannot produce a successful match to trigger multifactor authentication.

globalPrincipalAttributeNameTriggers

java.lang.String globalPrincipalAttributeNameTriggers

MFA can be triggered for all users/subjects carrying a specific attribute that matches one of the conditions below.

• Trigger MFA based on a principal attribute(s) whose value(s) matches a regex pattern. Note that this behavior is only applicable if there is only a single MFA provider configured, since that would allow CAS to know what provider to next activate.
• Trigger MFA based on a principal attribute(s) whose value(s) EXACTLY matches an MFA provider. This option is more relevant if you have more than one provider configured or if you have the flexibility of assigning provider ids to attributes as values.

Needless to say, the attributes need to have been resolved for the principal prior to this step.

globalPrincipalAttributePredicate

SpringResourceProperties globalPrincipalAttributePredicate

This is a more generic variant of the PrincipalAttributeMultifactorAuthenticationProperties.globalPrincipalAttributeNameTriggers. It may be useful in cases where there is more than one provider configured and available in the application runtime and you need to design a strategy to dynamically decide on the provider that should be activated for the request. The decision is handed off to a Predicate implementation that define in a Groovy script whose location is taught to CAS.

globalPrincipalAttributeValueRegex

java.lang.String globalPrincipalAttributeValueRegex

The regular expression that is cross matches against the principal attribute to determine if the account is qualified for multifactor authentication.

Class org.apereo.cas.configuration.model.support.mfa.RadiusMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

7021301814775348087L

Serialized Fields

allowedAuthenticationAttempts

long allowedAuthenticationAttempts

Total number of allowed authentication attempts with the radius mfa server before the authentication event is considered cancelled. A negative/zero value indicates that no limit is enforced.

client

RadiusClientProperties client

RADIUS client settings.

failoverOnAuthenticationFailure

boolean failoverOnAuthenticationFailure

In the event that radius authentication fails, fail over to the next server in the list.

failoverOnException

boolean failoverOnException

In the event that radius authentication fails due to a catastrophic event, fail over to the next server in the list.

server

RadiusServerProperties server

RADIUS server settings.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.RestfulMultifactorAuthenticationProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

3659099897056632608L

Class org.apereo.cas.configuration.model.support.mfa.RestfulMultifactorAuthenticationProviderBypassProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

1833594332973137011L

Class org.apereo.cas.configuration.model.support.mfa.SwivelMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

-7409451053833491119L

Serialized Fields

ignoreSslErrors

boolean ignoreSslErrors

Control whether SSL errors should be ignored by the swivel server.

sharedSecret

java.lang.String sharedSecret

Shared secret to authenticate against the swivel server.

swivelTuringImageUrl

java.lang.String swivelTuringImageUrl

URL endpoint response to generate a turing image.

swivelUrl

java.lang.String swivelUrl

Swivel endpoint url for verification of credentials.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Package org.apereo.cas.configuration.model.support.mfa.gauth

Class org.apereo.cas.configuration.model.support.mfa.gauth.CoreGoogleAuthenticatorMultifactorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7451748853833491119L

Serialized Fields

codeDigits

int codeDigits

Length of the generated code.

issuer

java.lang.String issuer

Issuer used in the barcode when dealing with device registration events. Used in the registration URL to identify CAS.

label

java.lang.String label

Label used in the barcode when dealing with device registration events. Used in the registration URL to identify CAS.

multipleDeviceRegistrationEnabled

boolean multipleDeviceRegistrationEnabled

When enabled, allows the user/system to accept multiple accounts and device registrations per user, allowing one to switch between or register new devices/accounts automatically.

timeStepSize

long timeStepSize

The expiration time of the generated code in seconds.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

windowSize

int windowSize

Since TOTP passwords are time-based, it is essential that the clock of both the server and the client are synchronised within the tolerance defined here as the window size.

Class org.apereo.cas.configuration.model.support.mfa.gauth.CouchDbGoogleAuthenticatorMultifactorProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

-6260683393319585262L

Class org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

-7401748853833491119L

Serialized Fields

cleaner

ScheduledJobProperties cleaner

Control how stale expired tokens should be cleared from the underlying store.

core

CoreGoogleAuthenticatorMultifactorProperties core

Core/common settings for Google Multifactor authentication.

couchDb

CouchDbGoogleAuthenticatorMultifactorProperties couchDb

Store google authenticator devices via CouchDb.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the records.

jpa

JpaGoogleAuthenticatorMultifactorProperties jpa

Store google authenticator devices inside a jdbc instance.

json

JsonGoogleAuthenticatorMultifactorProperties json

Store google authenticator devices inside a json file.

ldap

LdapGoogleAuthenticatorMultifactorProperties ldap

Store google authenticator devices inside a LDAP directories.

mongo

MongoDbGoogleAuthenticatorMultifactorProperties mongo

Store google authenticator devices inside a MongoDb instance.

redis

RedisGoogleAuthenticatorMultifactorProperties redis

Store google authenticator devices via Redis.

rest

RestfulGoogleAuthenticatorMultifactorProperties rest

Store google authenticator devices via a rest interface.

Class org.apereo.cas.configuration.model.support.mfa.gauth.JpaGoogleAuthenticatorMultifactorProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-2689797889546802618L

Class org.apereo.cas.configuration.model.support.mfa.gauth.JsonGoogleAuthenticatorMultifactorProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

4303355159388663888L

Class org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-100556119517414696L

Serialized Fields

accountAttributeName

java.lang.String accountAttributeName

Name of LDAP attribute that holds GAuth account/credential as JSON.

Class org.apereo.cas.configuration.model.support.mfa.gauth.MongoDbGoogleAuthenticatorMultifactorProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-200556119517414696L

Serialized Fields

tokenCollection

java.lang.String tokenCollection

Collection name where tokens are kept to prevent replay attacks.

Class org.apereo.cas.configuration.model.support.mfa.gauth.RedisGoogleAuthenticatorMultifactorProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-1260683393319585262L

Class org.apereo.cas.configuration.model.support.mfa.gauth.RestfulGoogleAuthenticatorMultifactorProperties extends BaseRestEndpointProperties implements Serializable

serialVersionUID:

4518622579150572559L

Serialized Fields

tokenUrl

java.lang.String tokenUrl

Endpoint url of the REST resource used for tokens that are kept to prevent replay attacks.

Package org.apereo.cas.configuration.model.support.mfa.trusteddevice

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.BaseDeviceFingerprintComponentProperties extends java.lang.Object implements Serializable

serialVersionUID:

46126170193036440L

Serialized Fields

enabled

boolean enabled

Is this component enabled or not.

order

int order

Indicates the order of components when generating a device fingerprint.

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.CouchDbTrustedDevicesMultifactorProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

5887850351177564308L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties extends java.lang.Object implements Serializable

serialVersionUID:

747021103142441353L

Serialized Fields

clientIp

DeviceFingerprintProperties.ClientIp clientIp

Configure usage of client ip within trusted device fingerprints.

componentSeparator

java.lang.String componentSeparator

Component Separator for device fingerprints.

cookie

DeviceFingerprintProperties.Cookie cookie

Configure usage of a device cookie within trusted device fingerprints.

geolocation

DeviceFingerprintProperties.GeoLocation geolocation

Configure usage of geo-location within trusted device fingerprints.

userAgent

DeviceFingerprintProperties.UserAgent userAgent

Configure usage of User-Agent header within trusted device fingerprints.

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties.ClientIp extends BaseDeviceFingerprintComponentProperties implements Serializable

serialVersionUID:

785014133279201757L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties.Cookie extends PinnableCookieProperties implements Serializable

serialVersionUID:

-9022498833437602657L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the cookie value stored on the client machine.

enabled

boolean enabled

Is this component enabled or not.

order

int order

Indicates the order of components when generating a device fingerprint.

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties.GeoLocation extends BaseDeviceFingerprintComponentProperties implements Serializable

serialVersionUID:

-4125531035180836136L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties.UserAgent extends BaseDeviceFingerprintComponentProperties implements Serializable

serialVersionUID:

-5325531035180836136L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.JpaTrustedDevicesMultifactorProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-8329950619696176349L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.JsonTrustedDevicesMultifactorProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-8690563713141571620L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.MongoDbTrustedDevicesMultifactorProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

4940497540189318943L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-2261683393319585262L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.RestfulTrustedDevicesMultifactorProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

3659099897056632608L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.TrustedDevicesMultifactorCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

1585013239016790473L

Serialized Fields

authenticationContextAttribute

java.lang.String authenticationContextAttribute

If an MFA request is bypassed due to a trusted authentication decision, applications will receive a special attribute as part of the validation payload that indicates this behavior. Applications must further account for the scenario where they ask for an MFA mode and yet don’t receive confirmation of it in the response given the authentication session was trusted and MFA bypassed.

autoAssignDeviceName

boolean autoAssignDeviceName

When device registration is enabled, indicate whether a device name should be automatically selected and assigned by CAS.

deviceRegistrationEnabled

boolean deviceRegistrationEnabled

Indicates whether CAS should ask for device registration consent or execute it automatically.

keyGeneratorType

TrustedDevicesMultifactorCoreProperties.TrustedDevicesKeyGeneratorTypes keyGeneratorType

Indicates how record keys for trusted devices would be generated so they can be signed/verified on fetch operations.

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.TrustedDevicesMultifactorProperties extends java.lang.Object implements Serializable

serialVersionUID:

1505013239016790473L

Serialized Fields

cleaner

ScheduledJobProperties cleaner

Settings that control the background cleaner process.

core

TrustedDevicesMultifactorCoreProperties core

Trusted devices core settings.

couchDb

CouchDbTrustedDevicesMultifactorProperties couchDb

Store devices records inside CouchDb.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the device records.

deviceFingerprint

DeviceFingerprintProperties deviceFingerprint

Configure how device fingerprints are generated.

dynamoDb

DynamoDbTrustedDevicesMultifactorProperties dynamoDb

Store devices records inside DynamoDb.

jpa

JpaTrustedDevicesMultifactorProperties jpa

Store devices records via JDBC resources.

json

JsonTrustedDevicesMultifactorProperties json

Record trusted devices via a JSON resource.

mongo

MongoDbTrustedDevicesMultifactorProperties mongo

Store devices records inside MongoDb.

redis

RedisTrustedDevicesMultifactorProperties redis

Store devices records inside Redis.

rest

RestfulTrustedDevicesMultifactorProperties rest

Store devices records via REST.

Package org.apereo.cas.configuration.model.support.mfa.u2f

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FCoreMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

6152350313777066398L

Serialized Fields

expireDevices

long expireDevices

Expire and forget device registration records after this period.

expireDevicesTimeUnit

java.util.concurrent.TimeUnit expireDevicesTimeUnit

Device registration record expiration time unit.

expireRegistrations

long expireRegistrations

Expire and forget device registration requests after this period.

expireRegistrationsTimeUnit

java.util.concurrent.TimeUnit expireRegistrationsTimeUnit

Device registration requests expiration time unit.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FCouchDbMultifactorAuthenticationProperties extends BaseAsynchronousCouchDbProperties implements Serializable

serialVersionUID:

2751957521987245445L

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FDynamoDbMultifactorAuthenticationProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

612447148774854955L

Serialized Fields

tableName

java.lang.String tableName

The table name used and created by CAS to hold devices in DynamoDb.

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FGroovyMultifactorAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-1261683393319585262L

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FJpaMultifactorAuthenticationProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-4334840263678287815L

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FJsonMultifactorAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-6883660787308509919L

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FMongoDbMultifactorAuthenticationProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-7963843335569634144L

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

6151350313777066398L

Serialized Fields

cleaner

ScheduledJobProperties cleaner

Clean up expired records via a background cleaner process.

core

U2FCoreMultifactorAuthenticationProperties core

Core/common U2F settings.

couchDb

U2FCouchDbMultifactorAuthenticationProperties couchDb

Store device registration records via CouchDb.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the u2f registration records.

dynamoDb

U2FDynamoDbMultifactorAuthenticationProperties dynamoDb

Store device registration records inside a dynamodb database resource.

groovy

U2FGroovyMultifactorAuthenticationProperties groovy

Store device registration records via a Groovy script.

jpa

U2FJpaMultifactorAuthenticationProperties jpa

Store device registration records inside a JDBC resource.

json

U2FJsonMultifactorAuthenticationProperties json

Store device registration records inside a static JSON resource.

mongo

U2FMongoDbMultifactorAuthenticationProperties mongo

Store device registration records inside a MongoDb resource.

redis

U2FRedisMultifactorAuthenticationProperties redis

Store device registration records inside a redis resource.

rest

U2FRestfulMultifactorAuthenticationProperties rest

Store device registration records via REST APIs.

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FRedisMultifactorAuthenticationProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-1261683393319585262L

Class org.apereo.cas.configuration.model.support.mfa.u2f.U2FRestfulMultifactorAuthenticationProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Package org.apereo.cas.configuration.model.support.mfa.webauthn

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnDynamoDbMultifactorProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

-2261683393319585262L

Serialized Fields

tableName

java.lang.String tableName

The table name used and created by CAS to hold records in DynamoDb.

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnJpaMultifactorProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-4114840263678287815L

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnJsonMultifactorProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-1283660787308509919L

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnLdapMultifactorProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-1161683393319585262L

Serialized Fields

accountAttributeName

java.lang.String accountAttributeName

Name of LDAP attribute that holds WebAuthn account/credential as JSON.

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnMongoDbMultifactorProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

6876845341227039713L

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnMultifactorAuthenticationCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-919073482703977440L

Serialized Fields

allowedOrigins

java.lang.String allowedOrigins

The allowed origins that returned authenticator responses will be compared against. The default is set to the server name. A successful registration or authentication operation requires origins to exactly equal one of these values.

allowPrimaryAuthentication

boolean allowPrimaryAuthentication

Configure the authentication flow to allow web-authn to be used as the first primary factor for authentication. Registered accounts with a valid webauthn registration record can choose to login using their device as the first step.

allowUnrequestedExtensions

boolean allowUnrequestedExtensions

If true finish registration op and finish assertion will accept responses containing extension outputs for which there was no extension input.

allowUntrustedAttestation

boolean allowUntrustedAttestation

If false finish registration op will only allow registrations where the attestation signature can be linked to a trusted attestation root. This excludes self attestation and none attestation. Regardless of the value of this option, invalid attestation statements of supported formats will always be rejected. For example, a "packed" attestation statement with an invalid signature will be rejected even if this option is set to true.

applicationId

java.lang.String applicationId

The extension input to set for the appid extension when initiating authentication operations. If this member is set, starting an assertion op will automatically set the appid extension input, and finish assertion op will adjust its verification logic to also accept this AppID as an alternative to the RP ID. By default, this is not set.

attestationConveyancePreference

java.lang.String attestationConveyancePreference

Accepted values are: DIRECT, INDIRECT, NONE. The argument for the attestation parameter in registration operations. Unless your application has a concrete policy for authenticator attestation, it is recommended to leave this parameter undefined.

displayNameAttribute

java.lang.String displayNameAttribute

Name of the principal attribute that indicates the principal's display name, primarily used for device registration.

enabled

boolean enabled

Whether WebAuthn functionality should be activated and enabled.

expireDevices

long expireDevices

Expire and forget device registration records after this period.

expireDevicesTimeUnit

java.util.concurrent.TimeUnit expireDevicesTimeUnit

Device registration record expiration time unit.

relyingPartyId

java.lang.String relyingPartyId

The id that will be set as the rp parameter when initiating registration operations, and which id hash will be compared against. This is a required parameter. A successful registration or authentication operation requires rp id hash to exactly equal the SHA-256 hash of this id member. Alternatively, it may instead equal the SHA-256 hash of application id if the latter is present.

relyingPartyName

java.lang.String relyingPartyName

The human-palatable name of the Relaying Party.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

trustedDeviceMetadata

SpringResourceProperties trustedDeviceMetadata

Trusted device metadata to contain trusted attestation root certificates to pre-seed the metadata service.

validateSignatureCounter

boolean validateSignatureCounter

If true, finish assertion op will fail if the signature counter value in the response is not strictly greater than the stored signature counter value.

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

4211350313777066398L

Serialized Fields

cleaner

ScheduledJobProperties cleaner

Clean up expired records via a background cleaner process.

core

WebAuthnMultifactorAuthenticationCoreProperties core

WebAuthn core settings.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Properties and settings related to device registration records and encryption.

dynamoDb

WebAuthnDynamoDbMultifactorProperties dynamoDb

Store device registration records inside a dynamodb resource.

jpa

WebAuthnJpaMultifactorProperties jpa

Store device registration records inside a JDBC resource.

json

WebAuthnJsonMultifactorProperties json

Store device registration records inside a static JSON resource.

ldap

WebAuthnLdapMultifactorProperties ldap

Store device registration records inside an LDAP directory..

mongo

WebAuthnMongoDbMultifactorProperties mongo

Keep device registration records inside a MongoDb resource.

redis

WebAuthnRedisMultifactorProperties redis

Store device registration records inside a redis resource.

rest

WebAuthnRestfulMultifactorProperties rest

Store device registration records via external REST APIs.

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnRedisMultifactorProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-2261683393319585262L

Class org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnRestfulMultifactorProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-77291036299848782L

Package org.apereo.cas.configuration.model.support.mfa.yubikey

Class org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyCouchDbMultifactorProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

3757390989294642185L

Class org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyDynamoDbMultifactorProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

321667148774858855L

Serialized Fields

tableName

java.lang.String tableName

The table name used and created by CAS to hold devices in DynamoDb.

Class org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyJpaMultifactorProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-4420099402220880361L

Class org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyMongoDbMultifactorProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

6876845341227039713L

Class org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties implements Serializable

serialVersionUID:

9138057706201201089L

Serialized Fields

allowedDevices

java.util.Map<java.lang.String,java.lang.String> allowedDevices

Collection of allowed devices allowed per user. This is done using a key-value structure where the key is the user the value is the allowed collection of yubikey device ids.

apiUrls

java.util.List<java.lang.String> apiUrls

YubiKey API urls to contact for verification of credentials.

clientId

java.lang.Integer clientId

Yubikey client id.

couchDb

YubiKeyCouchDbMultifactorProperties couchDb

Keep device registration records inside a CouchDb resource.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the yubikey registration records.

dynamoDb

YubiKeyDynamoDbMultifactorProperties dynamoDb

Keep device registration records inside a dynamo db resource.

jpa

YubiKeyJpaMultifactorProperties jpa

Keep device registration records inside a JDBC resource.

mongo

YubiKeyMongoDbMultifactorProperties mongo

Keep device registration records inside a MongoDb resource.

multipleDeviceRegistrationEnabled

boolean multipleDeviceRegistrationEnabled

When enabled, allows the user/system to accept multiple accounts and device registrations per user, allowing one to switch between or register new devices/accounts automatically.

redis

YubiKeyRedisMultifactorProperties redis

Keep device registration records inside a redis resource.

rest

YubiKeyRestfulMultifactorProperties rest

Keep device registration records inside a rest api.

secretKey

java.lang.String secretKey

Yubikey secret key.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyRedisMultifactorProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-1261683393319585262L

Class org.apereo.cas.configuration.model.support.mfa.yubikey.YubiKeyRestfulMultifactorProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-33291036299848782L

Package org.apereo.cas.configuration.model.support.mongo

Class org.apereo.cas.configuration.model.support.mongo.BaseMongoDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2471243083598934186L

Serialized Fields

authenticationDatabaseName

java.lang.String authenticationDatabaseName

Name of the database to use for authentication.

clientUri

java.lang.String clientUri

The connection uri to the mongodb instance. This typically takes on the form of mongodb://user:[email protected]:35522/db. If not specified, will fallback onto other individual settings. If specified, takes over all other settings where applicable.

databaseName

java.lang.String databaseName

MongoDb database instance name.

host

java.lang.String host

MongoDb database host for authentication. Multiple host addresses may be defined, separated by comma. If more than one host is defined, it is assumed that each host contains the port as well, if any. Otherwise the configuration may fallback onto the port defined.

password

java.lang.String password

MongoDb database password for authentication.

pool

MongoDbConnectionPoolProperties pool

core connection-related settings.

port

int port

MongoDb database port.

readConcern

java.lang.String readConcern

Read concern. Accepted values are:

• LOCAL
• MAJORITY
• LINEARIZABLE
• SNAPSHOT
• AVAILABLE

readPreference

java.lang.String readPreference

Read preference. Accepted values are:

• PRIMARY
• SECONDARY
• SECONDARY_PREFERRED
• PRIMARY_PREFERRED
• NEAREST

replicaSet

java.lang.String replicaSet

A replica set in MongoDB is a group of mongod processes that maintain the same data set. Replica sets provide redundancy and high availability, and are the basis for all production deployments.

retryWrites

boolean retryWrites

Sets whether writes should be retried if they fail due to a network error.

socketKeepAlive

boolean socketKeepAlive

Whether the database socket connection should be tagged with keep-alive.

sslEnabled

boolean sslEnabled

Whether connections require SSL.

timeout

java.lang.String timeout

MongoDb database connection timeout.

userId

java.lang.String userId

MongoDb database user for authentication.

writeConcern

java.lang.String writeConcern

Write concern describes the level of acknowledgement requested from MongoDB for write operations to a standalone mongo db or to replica sets or to sharded clusters. In sharded clusters, mongo db instances will pass the write concern on to the shards.

Class org.apereo.cas.configuration.model.support.mongo.MongoDbAuthenticationProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-7304734732383722585L

Serialized Fields

attributes

java.lang.String attributes

Attributes to fetch from Mongo (blank by default to force the pac4j legacy behavior).

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of authentication handler in chain.

passwordAttribute

java.lang.String passwordAttribute

Attribute that holds the password.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for the authentication handler.

principalIdAttribute

java.lang.String principalIdAttribute

Attribute that would be used to establish the authenticated profile.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

usernameAttribute

java.lang.String usernameAttribute

Attributes that holds the username.

Class org.apereo.cas.configuration.model.support.mongo.MongoDbConnectionPoolProperties extends java.lang.Object implements Serializable

serialVersionUID:

8312213511918496060L

Serialized Fields

idleTime

java.lang.String idleTime

The maximum idle time of a pooled connection. A zero value indicates no limit to the idle time. A pooled connection that has exceeded its idle time will be closed and replaced when necessary by a new connection.

lifeTime

java.lang.String lifeTime

The maximum time a pooled connection can live for. A zero value indicates no limit to the life time. A pooled connection that has exceeded its life time will be closed and replaced when necessary by a new connection.

maxSize

int maxSize

Maximum number of connections to keep around.

maxWaitTime

java.lang.String maxWaitTime

The maximum time that a thread may wait for a connection to become available.

minSize

int minSize

Minimum number of connections to keep around.

perHost

int perHost

Total number of connections allowed per host.

Class org.apereo.cas.configuration.model.support.mongo.SingleCollectionMongoDbProperties extends BaseMongoDbProperties implements Serializable

serialVersionUID:

4869686250345657447L

Serialized Fields

collection

java.lang.String collection

MongoDb database collection name to fetch and/or create.

dropCollection

boolean dropCollection

Whether collections should be dropped on startup and re-created.

Package org.apereo.cas.configuration.model.support.mongo.serviceregistry

Class org.apereo.cas.configuration.model.support.mongo.serviceregistry.MongoDbServiceRegistryProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-227092724742371662L

Package org.apereo.cas.configuration.model.support.mongo.ticketregistry

Class org.apereo.cas.configuration.model.support.mongo.ticketregistry.MongoDbTicketRegistryProperties extends BaseMongoDbProperties implements Serializable

serialVersionUID:

8243690796900311918L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

dropCollection

boolean dropCollection

Whether collections should be dropped on startup and re-created.

Package org.apereo.cas.configuration.model.support.ntlm

Class org.apereo.cas.configuration.model.support.ntlm.NtlmProperties extends java.lang.Object implements Serializable

serialVersionUID:

1479912148936123469L

Serialized Fields

domainController

java.lang.String domainController

The domain controller to retrieve if load balanced. Otherwise retrieve the domain controller as a possible NT or workgroup.

enabled

boolean enabled

Whether NTLM authentication should be enabled and registered with CAS as well.

includePattern

java.lang.String includePattern

If specified, gets all domain controllers in the specified NtlmProperties.domainController and then filters hosts that match the pattern.

loadBalance

boolean loadBalance

Indicates how the domain controller should be retrieved, whether matched and filtered by a pattern or retrieved as possible NT or workgroup.

name

java.lang.String name

The name of the authentication handler.

order

int order

The order of the authentication handler in the chain.

Package org.apereo.cas.configuration.model.support.oauth

Class org.apereo.cas.configuration.model.support.oauth.CsrfCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

5298598088218873282L

Class org.apereo.cas.configuration.model.support.oauth.OAuthAccessTokenProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6832081675586528350L

Serialized Fields

createAsJwt

boolean createAsJwt

Create access token as JWTs.

crypto

EncryptionOptionalSigningOptionalJwtCryptographyProperties crypto

Crypto settings.

maxTimeToLiveInSeconds

java.lang.String maxTimeToLiveInSeconds

Hard timeout to kill the access token and expire it.

timeToKillInSeconds

java.lang.String timeToKillInSeconds

Sliding window for the access token expiration policy. Essentially, this is an idle time out.

Class org.apereo.cas.configuration.model.support.oauth.OAuthCodeProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7687928082301669359L

Serialized Fields

numberOfUses

int numberOfUses

Number of times this code is valid and can be used.

timeToKillInSeconds

long timeToKillInSeconds

Duration in seconds where the code is valid.

Class org.apereo.cas.configuration.model.support.oauth.OAuthDeviceTokenProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6832081675586528350L

Serialized Fields

maxTimeToLiveInSeconds

java.lang.String maxTimeToLiveInSeconds

Hard timeout to kill the access token and expire it.

refreshInterval

java.lang.String refreshInterval

The device refresh interval. The client should attempt to acquire an access token every few seconds (at a rate specified by interval) by POSTing to the access token endpoint on the server.

Class org.apereo.cas.configuration.model.support.oauth.OAuthDeviceUserCodeProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1232081675586528350L

Serialized Fields

maxTimeToLiveInSeconds

java.lang.String maxTimeToLiveInSeconds

Hard timeout to kill the access token and expire it.

userCodeLength

int userCodeLength

Length of the generated user code.

Class org.apereo.cas.configuration.model.support.oauth.OAuthGrantsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2246860215082703251L

Serialized Fields

resourceOwner

OAuthGrantsProperties.ResourceOwner resourceOwner

Resource owner grant settings.

Class org.apereo.cas.configuration.model.support.oauth.OAuthGrantsProperties.ResourceOwner extends java.lang.Object implements Serializable

serialVersionUID:

3171206304518294330L

Serialized Fields

requireServiceHeader

boolean requireServiceHeader

Whether using the resource-owner grant should enforce authorization rules and per-service policies based on a service parameter is provided as a header outside the normal semantics of the grant and protocol.

Class org.apereo.cas.configuration.model.support.oauth.OAuthProperties extends java.lang.Object implements Serializable

serialVersionUID:

2677128037234123907L

Serialized Fields

accessToken

OAuthAccessTokenProperties accessToken

Settings related to oauth access tokens.

code

OAuthCodeProperties code

Settings related to oauth codes.

crypto

EncryptionOptionalSigningOptionalJwtCryptographyProperties crypto

Crypto settings that sign/encrypt secrets.

csrfCookie

CsrfCookieProperties csrfCookie

Control the CSRF cookie settings in OAUTH authentication flows.

deviceToken

OAuthDeviceTokenProperties deviceToken

Settings related to oauth device tokens.

deviceUserCode

OAuthDeviceUserCodeProperties deviceUserCode

Settings related to oauth device user codes.

grants

OAuthGrantsProperties grants

Settings related to oauth grants.

refreshToken

OAuthRefreshTokenProperties refreshToken

Settings related to oauth refresh tokens.

replicateSessions

boolean replicateSessions

Indicates whether profiles and other session data, collected as part of OAuth flows and requests that are kept by the container session, should be replicated across the cluster using CAS and its own ticket registry. Without this option, OAuth profile data and other related pieces of information should be manually replicated via means and libraries outside of CAS.

uma

UmaProperties uma

OAuth UMA authentication settings.

userProfileViewType

OAuthProperties.UserProfileViewTypes userProfileViewType

User profile view type determines how the final user profile should be rendered once an access token is "validated".

Class org.apereo.cas.configuration.model.support.oauth.OAuthRefreshTokenProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8328568272835831702L

Serialized Fields

timeToKillInSeconds

java.lang.String timeToKillInSeconds

Hard timeout beyond which the refresh token is considered expired.

Package org.apereo.cas.configuration.model.support.oidc

Class org.apereo.cas.configuration.model.support.oidc.OidcCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

823028615694269276L

Serialized Fields

claimsMap

java.util.Map<java.lang.String,java.lang.String> claimsMap

Map fixed claims to CAS attributes. Key is the existing claim name for a scope and value is the new attribute that should take its place and value.

dynamicClientRegistrationMode

java.lang.String dynamicClientRegistrationMode

Whether dynamic registration operates in OPEN or PROTECTED mode.

issuer

java.lang.String issuer

OIDC issuer.

skew

java.lang.String skew

Skew value used to massage the authentication issue instance.

userDefinedScopes

java.util.Map<java.lang.String,java.lang.String> userDefinedScopes

Mapping of user-defined scopes. Key is the new scope name and value is a comma-separated list of claims mapped to the scope.

Class org.apereo.cas.configuration.model.support.oidc.OidcDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

813028615694269276L

Serialized Fields

claims

java.util.List<java.lang.String> claims

List of supported claims.

claimTypesSupported

java.util.List<java.lang.String> claimTypesSupported

Supported claim types.

codeChallengeMethodsSupported

java.util.List<java.lang.String> codeChallengeMethodsSupported

List of PKCE code challenge methods supported.

grantTypesSupported

java.util.List<java.lang.String> grantTypesSupported

Supported grant types.

idTokenEncryptionAlgValuesSupported

java.util.List<java.lang.String> idTokenEncryptionAlgValuesSupported

Supported algorithms for id token encryption.

idTokenEncryptionEncodingValuesSupported

java.util.List<java.lang.String> idTokenEncryptionEncodingValuesSupported

Supported encoding strategies for id token encryption.

idTokenSigningAlgValuesSupported

java.util.List<java.lang.String> idTokenSigningAlgValuesSupported

Supported algorithms for id token signing.

introspectionSupportedAuthenticationMethods

java.util.List<java.lang.String> introspectionSupportedAuthenticationMethods

Supported authentication methods for introspection.

responseTypesSupported

java.util.List<java.lang.String> responseTypesSupported

Supported response types.

scopes

java.util.List<java.lang.String> scopes

List of supported scopes.

subjectTypes

java.util.List<java.lang.String> subjectTypes

List of supported subject types.

tokenEndpointAuthMethodsSupported

java.util.List<java.lang.String> tokenEndpointAuthMethodsSupported

List of client authentication methods supported by token endpoint.

userInfoEncryptionAlgValuesSupported

java.util.List<java.lang.String> userInfoEncryptionAlgValuesSupported

Supported algorithms for user-info encryption.

userInfoEncryptionEncodingValuesSupported

java.util.List<java.lang.String> userInfoEncryptionEncodingValuesSupported

Supported encoding strategies for user-info encryption.

userInfoSigningAlgValuesSupported

java.util.List<java.lang.String> userInfoSigningAlgValuesSupported

Supported algorithms for user-info signing.

Class org.apereo.cas.configuration.model.support.oidc.OidcJsonWebKeystoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1696060572027445151L

Serialized Fields

jwksCacheInMinutes

int jwksCacheInMinutes

Timeout that indicates how long should the JWKS file be kept in cache.

jwksFile

java.lang.String jwksFile

Path to the JWKS file resource used to handle signing/encryption of authentication tokens.

jwksKeySize

int jwksKeySize

The key size for the generated jwks. This is an algorithm-specific metric, such as modulus length, specified in number of bits.

If the keystore type is EC, the key size defined here should switch to one of 256, 384 or 521. If using EC, then the size should match the number of bits required.

jwksType

java.lang.String jwksType

The type of the JWKS used to handle signing/encryption of authentication tokens. Accepted values are RSA or EC.

rest

RestfulOidcJsonWebKeystoreProperties rest

Fetch JWKS via a REST endpoint.

Class org.apereo.cas.configuration.model.support.oidc.OidcLogoutProperties extends java.lang.Object implements Serializable

serialVersionUID:

4988981831781991817L

Serialized Fields

backchannelLogoutSupported

boolean backchannelLogoutSupported

Whether the back-channel logout is supported.

frontchannelLogoutSupported

boolean frontchannelLogoutSupported

Whether the front-channel logout is supported.

Class org.apereo.cas.configuration.model.support.oidc.OidcProperties extends java.lang.Object implements Serializable

serialVersionUID:

813028615694269276L

Serialized Fields

core

OidcCoreProperties core

OIDC core protocol settings.

discovery

OidcDiscoveryProperties discovery

OIDC discovery configuration.

jwks

OidcJsonWebKeystoreProperties jwks

Configuration properties managing the jwks settings for OIDC.

logout

OidcLogoutProperties logout

OIDC logout configuration.

webfinger

OidcWebFingerProperties webfinger

OIDC webfinger protocol settings.

Class org.apereo.cas.configuration.model.support.oidc.OidcWebFingerProperties extends java.lang.Object implements Serializable

serialVersionUID:

231228615694269276L

Serialized Fields

userInfo

OidcWebFingerProperties.UserInfoRepository userInfo

Manage settings related to user-info repositories locating resources and accounts.

Class org.apereo.cas.configuration.model.support.oidc.OidcWebFingerProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

7179027843747126083L

Class org.apereo.cas.configuration.model.support.oidc.OidcWebFingerProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

-2172345378378393382L

Class org.apereo.cas.configuration.model.support.oidc.OidcWebFingerProperties.UserInfoRepository extends java.lang.Object implements Serializable

serialVersionUID:

1279027843747126043L

Serialized Fields

groovy

OidcWebFingerProperties.Groovy groovy

Resolve webfinger user-info resources via Groovy.

rest

OidcWebFingerProperties.Rest rest

Resolve webfinger user-info resources via REST.

Class org.apereo.cas.configuration.model.support.oidc.RestfulOidcJsonWebKeystoreProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

3659099897056632608L

Package org.apereo.cas.configuration.model.support.okta

Class org.apereo.cas.configuration.model.support.okta.BaseOktaProperties extends java.lang.Object implements Serializable

serialVersionUID:

-23245764438426360L

Serialized Fields

connectionTimeout

int connectionTimeout

Connection timeout in milliseconds.

order

int order

The order of this authentication handler in the chain.

organizationUrl

java.lang.String organizationUrl

Okta domain.

proxyHost

java.lang.String proxyHost

Send requests via a proxy; define the hostname.

proxyPassword

java.lang.String proxyPassword

Send requests via a proxy; define the proxy password.

proxyPort

int proxyPort

Send requests via a proxy; define the proxy port. Negative/zero values should deactivate the proxy configuration for the http client.

proxyUsername

java.lang.String proxyUsername

Send requests via a proxy; define the proxy username.

Class org.apereo.cas.configuration.model.support.okta.OktaAuthenticationProperties extends BaseOktaProperties implements Serializable

serialVersionUID:

-13245764438426360L

Serialized Fields

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate.
• 3) Path to an external Groovy script that implements the same interface.

name

java.lang.String name

The name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Class org.apereo.cas.configuration.model.support.okta.OktaPrincipalAttributesProperties extends BaseOktaProperties implements Serializable

serialVersionUID:

-6573755681498251678L

Serialized Fields

apiToken

java.lang.String apiToken

Okta API token.

clientId

java.lang.String clientId

Okta client id used in combination with the private key.

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

privateKey

SpringResourceProperties privateKey

Private key resource used for oauth20 api calls with a client id. When using this approach, you won't need an API Token because the Okta SDK will request an access token for you.

scopes

java.util.List<java.lang.String> scopes

Okta allows you to interact with Okta APIs using scoped OAuth 2.0 access tokens. Each access token enables the bearer to perform specific actions on specific Okta endpoints, with that ability controlled by which scopes the access token contains. Scopes are only used when using client id and private-key.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch attributes by.

Package org.apereo.cas.configuration.model.support.openid

Class org.apereo.cas.configuration.model.support.openid.OpenIdProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2935759289483632610L

Serialized Fields

enforceRpId

boolean enforceRpId

Deprecated.

Since 6.2

Whether relying party identifies should be enforced. This is used during the realm verification process.

name

java.lang.String name

Deprecated.

Since 6.2

Name of the underlying authentication handler.

order

java.lang.Integer order

Deprecated.

Since 6.2

Order of the authentication handler in the chain.

principal

PersonDirectoryPrincipalResolverProperties principal

Deprecated.

Since 6.2

Principal construction settings.

Package org.apereo.cas.configuration.model.support.pac4j

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7885975876831784206L

Serialized Fields

autoRedirect

boolean autoRedirect

Auto-redirect to this client.

callbackUrl

java.lang.String callbackUrl

Callback URL to use to return the flow back to the CAS server one the identity provider is successfully done. This may be used at the discretion of the client and its type to build service parameters, redirect URIs, etc. If none is specified, the CAS server's login endpoint will be used as the basis of the final callback url.

callbackUrlType

Pac4jBaseClientProperties.CallbackUrlTypes callbackUrlType

Determine how the callback url should be resolved. Default is Pac4jBaseClientProperties.CallbackUrlTypes.QUERY_PARAMETER.

clientName

java.lang.String clientName

Name of the client mostly for UI purposes and uniqueness. This name, with 'non-word' characters converted to '-' (e.g. "This Org (New)" becomes "This-Org--New-") is added to the "class" attribute of the redirect link on the login page, to allow for custom styling of individual IdPs (e.g. for an organization logo).

cssClass

java.lang.String cssClass

CSS class that should be assigned to this client.

displayName

java.lang.String displayName

Indicate the title or display name of the client for decoration and client presentation purposes. If left blank, the client original name would be used by default.

enabled

boolean enabled

Whether the client/external identity provider should be considered active and enabled for integration purposes.

principalAttributeId

java.lang.String principalAttributeId

The attribute to use as the principal identifier built during and upon a successful authentication attempt.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationBitBucketProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

-1460460726554772979L

Serialized Fields

autoConfigureCookiePath

boolean autoConfigureCookiePath

Decide if cookie paths should be automatically configured based on the application context path, when the cookie path is not configured.

enabled

boolean enabled

Determine whether cookie settings should be enabled to track delgated authentication choices and identity providers.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3561947621312270068L

Serialized Fields

lazyInit

boolean lazyInit

Whether initialization of delegated identity providers should be done eagerly typically during startup.

name

java.lang.String name

The name of the authentication handler in CAS used for delegation.

order

java.lang.Integer order

Order of the authentication handler in the chain.

principalAttributeId

java.lang.String principalAttributeId

The attribute to use as the principal identifier built during and upon a successful authentication attempt.

replicateSessions

boolean replicateSessions

Indicates whether profiles and other session data, collected as part of pac4j flows and requests that are kept by the container session, should be replicated across the cluster using CAS and its own ticket registry. Without this option, profile data and other related pieces of information should be manually replicated via means and libraries outside of CAS.

typedIdUsed

boolean typedIdUsed

When constructing the final user profile from the delegated provider, determines if the provider id should be combined with the principal id.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationDropboxProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationFacebookProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-2737594266552466076L

Serialized Fields

fields

java.lang.String fields

Custom fields to include in the request.

scope

java.lang.String scope

The requested scope.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationFoursquareProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationGitHubProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Serialized Fields

scope

java.lang.String scope

The requested scope from the provider. The default scope is user, i.e. read/write access to the GitHub user account. For a full list of possible scopes, see this).

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationGoogleProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Serialized Fields

scope

java.lang.String scope

The requested scope.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationGroovyProvisioningProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

7179027843747126083L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationHiOrgServerProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Serialized Fields

scope

java.lang.String scope

The requested scope.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationLinkedInProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Serialized Fields

scope

java.lang.String scope

The requested scope.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationPayPalProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4388567744591488495L

Serialized Fields

bitbucket

Pac4jDelegatedAuthenticationBitBucketProperties bitbucket

Settings that deal with having BitBucket as an external delegated-to authentication provider.

cas

java.util.List<Pac4jCasClientProperties> cas

Settings that deal with having CAS Servers as an external delegated-to authentication provider.

cookie

Pac4jDelegatedAuthenticationCookieProperties cookie

Cookie settings to be used with delegated authentication to store user preferences.

core

Pac4jDelegatedAuthenticationCoreProperties core

Pac4j core authentication engine settings.

dropbox

Pac4jDelegatedAuthenticationDropboxProperties dropbox

Settings that deal with having Dropbox as an external delegated-to authentication provider.

facebook

Pac4jDelegatedAuthenticationFacebookProperties facebook

Settings that deal with having Facebook as an external delegated-to authentication provider.

foursquare

Pac4jDelegatedAuthenticationFoursquareProperties foursquare

Settings that deal with having FourSquare as an external delegated-to authentication provider.

github

Pac4jDelegatedAuthenticationGitHubProperties github

Settings that deal with having Github as an external delegated-to authentication provider.

google

Pac4jDelegatedAuthenticationGoogleProperties google

Settings that deal with having Google as an external delegated-to authentication provider.

hiOrgServer

Pac4jDelegatedAuthenticationHiOrgServerProperties hiOrgServer

Settings that deal with having HiOrg-Server as an external delegated-to authentication provider.

linkedIn

Pac4jDelegatedAuthenticationLinkedInProperties linkedIn

Settings that deal with having LinkedIn as an external delegated-to authentication provider.

oauth2

java.util.List<Pac4jOAuth20ClientProperties> oauth2

Settings that deal with having OAuth2-capable providers as an external delegated-to authentication provider.

oidc

java.util.List<Pac4jOidcClientProperties> oidc

Settings that deal with having OpenID Connect Providers as an external delegated-to authentication provider.

paypal

Pac4jDelegatedAuthenticationPayPalProperties paypal

Settings that deal with having Paypal as an external delegated-to authentication provider.

provisioning

Pac4jDelegatedAuthenticationProvisioningProperties provisioning

Handle provisioning ops when establishing profiles from external identity providers.

rest

Pac4jDelegatedAuthenticationRestfulProperties rest

Settings that allow CAS to fetch and build clients over a REST endpoint rather than built-in properties.

saml

java.util.List<Pac4jSamlClientProperties> saml

Settings that deal with having SAML2 IdPs as an external delegated-to authentication provider.

samlDiscovery

SamlIdPDiscoveryProperties samlDiscovery

Settings related to handling saml2 discovery of IdPs.

twitter

Pac4jDelegatedAuthenticationTwitterProperties twitter

Settings that deal with having Twitter as an external delegated-to authentication provider.

windowsLive

Pac4jDelegatedAuthenticationWindowsLiveProperties windowsLive

Settings that deal with having WindowsLive as an external delegated-to authentication provider.

wordpress

Pac4jDelegatedAuthenticationWordpressProperties wordpress

Settings that deal with having WordPress as an external delegated-to authentication provider.

yahoo

Pac4jDelegatedAuthenticationYahooProperties yahoo

Settings that deal with having Yahoo as an external delegated-to authentication provider.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProvisioningProperties extends java.lang.Object implements Serializable

serialVersionUID:

3478567744591488495L

Serialized Fields

groovy

Pac4jDelegatedAuthenticationGroovyProvisioningProperties groovy

Hand off the provisioning task to an external groovy script to create and manage establish profiles.

rest

Pac4jDelegatedAuthenticationRestfulProvisioningProperties rest

Hand off the provisioning task to an external rest api to create and manage establish profiles.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationRestfulProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

3659099897056632608L

Serialized Fields

cacheDuration

java.lang.String cacheDuration

Control the expiration policy of the cache that holds on the results from the rest api.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationRestfulProvisioningProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationTwitterProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

6906343970517008092L

Serialized Fields

includeEmail

boolean includeEmail

Set to true to request the user's email address from the Twitter API. For this to have an effect it must first be enabled in the Twitter developer console.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationWindowsLiveProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationWordpressProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationYahooProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jIdentifiableClientProperties extends Pac4jBaseClientProperties implements Serializable

serialVersionUID:

3007013267786902465L

Serialized Fields

id

java.lang.String id

The client id.

secret

java.lang.String secret

The client secret.

Package org.apereo.cas.configuration.model.support.pac4j.cas

Class org.apereo.cas.configuration.model.support.pac4j.cas.Pac4jCasClientProperties extends Pac4jBaseClientProperties implements Serializable

serialVersionUID:

-2738631545437677447L

Serialized Fields

loginUrl

java.lang.String loginUrl

The CAS server login url.

protocol

java.lang.String protocol

CAS protocol to use. Acceptable values are CAS10, CAS20, CAS20_PROXY, CAS30, CAS30_PROXY, SAML.

Package org.apereo.cas.configuration.model.support.pac4j.oauth

Class org.apereo.cas.configuration.model.support.pac4j.oauth.Pac4jOAuth20ClientProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-1240711580664148382L

Serialized Fields

authUrl

java.lang.String authUrl

Authorization endpoint of the provider.

customParams

java.util.Map<java.lang.String,java.lang.String> customParams

Custom parameters in form of key-value pairs sent along in authZ requests, etc.

profileAttrs

java.util.Map<java.lang.String,java.lang.String> profileAttrs

Profile attributes to request and collect in form of key-value pairs.

profilePath

java.lang.String profilePath

Profile path portion of the profile endpoint of the provider.

profileUrl

java.lang.String profileUrl

Profile endpoint of the provider.

profileVerb

java.lang.String profileVerb

Http method to use when asking for profile.

responseType

java.lang.String responseType

Response type determines the authentication flow on the Authentication Server.

scope

java.lang.String scope

The scope requested from the identity provider.

tokenUrl

java.lang.String tokenUrl

Token endpoint of the provider.

Package org.apereo.cas.configuration.model.support.pac4j.oidc

Class org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

3359382317533639638L

Serialized Fields

connectTimeout

java.lang.String connectTimeout

Read timeout of the OIDC client.

customParams

java.util.Map<java.lang.String,java.lang.String> customParams

Custom parameters to send along in authZ requests, etc.

disablePkce

boolean disablePkce

Disable PKCE support for the provider.

discoveryUri

java.lang.String discoveryUri

The discovery endpoint to locate the provide metadata.

expireSessionWithToken

boolean expireSessionWithToken

Checks if sessions expire with token expiration.

logoutUrl

java.lang.String logoutUrl

Logout url used for this provider.

mappedClaims

java.util.List<java.lang.String> mappedClaims

List arbitrary mappings of claims when fetching user profiles. Uses a "directed list" where the allowed syntax would be claim->attribute.

maxClockSkew

java.lang.String maxClockSkew

Clock skew in order to account for drift, when validating id tokens.

preferredJwsAlgorithm

java.lang.String preferredJwsAlgorithm

The JWS algorithm to use forcefully when validating ID tokens. If none is defined, the first algorithm from metadata will be used.

readTimeout

java.lang.String readTimeout

Connect timeout of the OIDC client.

responseMode

java.lang.String responseMode

The response mode specifies how the result of the authorization request is formatted. For backward compatibility the default value is empty, which means the default pac4j (empty) response mode is used. Possible values includes "query", "fragment", "form_post", or "web_message"

responseType

java.lang.String responseType

The response type tells the authorization server which grant to execute. For backward compatibility the default value is empty, which means the default pac4j ("code") response type is used. Possibles values includes "code", "token" or "id_token".

scope

java.lang.String scope

Requested scope(s).

tokenExpirationAdvance

java.lang.String tokenExpirationAdvance

Default time period advance (in seconds) for considering an access token expired.

useNonce

boolean useNonce

Whether an initial nonce should be to used initially for replay attack mitigation.

Class org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAppleOidcClientProperties extends BasePac4jOidcClientProperties implements Serializable

serialVersionUID:

2258382317533639638L

Serialized Fields

privateKey

java.lang.String privateKey

Private key obtained from Apple. Must point to a resource that resolved to an elliptic curve (EC) private key.

privateKeyId

java.lang.String privateKeyId

The identifier for the private key. Usually the 10 character Key ID of the private key you create in Apple.

teamId

java.lang.String teamId

Apple team identifier. Usually, 10 character string given to you by Apple.

timeout

java.lang.String timeout

Client secret expiration timeout.

Class org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jAzureOidcClientProperties extends BasePac4jOidcClientProperties implements Serializable

serialVersionUID:

1259382317533639638L

Serialized Fields

tenant

java.lang.String tenant

Azure AD tenant name. After tenant is configured, #getDiscoveryUri() property will be overridden.

Azure AD tenant name can take 4 different values:

• common: Users with both a personal Microsoft account and a work or school account from Azure AD can sign in.
• organizations: Only users with work or school accounts from Azure AD can sign in.
• consumers: Only users with a personal Microsoft account can sign in.
• Specific tenant domain name or ID: Only user with account under that the specified tenant can login

Class org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties extends BasePac4jOidcClientProperties implements Serializable

serialVersionUID:

3359382317533639638L

Class org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGoogleOidcClientProperties extends BasePac4jOidcClientProperties implements Serializable

serialVersionUID:

3259382317533639638L

Class org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jKeyCloakOidcClientProperties extends BasePac4jOidcClientProperties implements Serializable

serialVersionUID:

3209382317533639638L

Serialized Fields

baseUri

java.lang.String baseUri

Keycloak base URL used to construct metadata discovery URI.

realm

java.lang.String realm

Keycloak realm used to construct metadata discovery URI.

Class org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

3359382317533639638L

Serialized Fields

apple

Pac4jAppleOidcClientProperties apple

Settings specific to delegating authentication to apple signin.

azure

Pac4jAzureOidcClientProperties azure

Settings specific to delegating authentication to azure.

generic

Pac4jGenericOidcClientProperties generic

Settings specific to delegating authentication to generic oidc.

google

Pac4jGoogleOidcClientProperties google

Settings specific to delegating authentication to google.

keycloak

Pac4jKeyCloakOidcClientProperties keycloak

Settings specific to delegating authentication to keycloak.

Package org.apereo.cas.configuration.model.support.pac4j.saml

Class org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties extends Pac4jBaseClientProperties implements Serializable

serialVersionUID:

-862819796533384951L

Serialized Fields

acceptedSkew

java.lang.String acceptedSkew

Maximum skew in seconds between SP and IDP clocks. This skew is added onto the NotOnOrAfter field in seconds for the SAML response validation.

allSignatureValidationDisabled

boolean allSignatureValidationDisabled

Whether the signature validation should be disabled. Never set this property to true in production.

assertionConsumerServiceIndex

int assertionConsumerServiceIndex

Allows the SAML client to select a specific ACS url from the metadata, if defined. A negative value de-activates the selection process and is the default.

attributeConsumingServiceIndex

int attributeConsumingServiceIndex

AttributeConsumingServiceIndex attribute of AuthnRequest element. The given index points out a specific AttributeConsumingService structure, declared into the Service Provider (SP)'s metadata, to be used to specify all the attributes that the Service Provider is asking to be released within the authentication assertion returned by the Identity Provider (IdP). This attribute won't be sent with the request unless a positive value (including 0) is defined.

authnContextClassRef

java.util.List<java.lang.String> authnContextClassRef

Requested authentication context class in authn requests.

authnContextComparisonType

java.lang.String authnContextComparisonType

Specifies the comparison rule that should be used to evaluate the specified authentication methods. For example, if exact is specified, the authentication method used must match one of the authentication methods specified by the AuthnContextClassRef elements. AuthContextClassRef element require comparison rule to be used to evaluate the specified authentication methods. If not explicitly specified "exact" rule will be used by default. Other acceptable values are minimum, maximum, better.

blockedSignatureSigningAlgorithms

java.util.List<java.lang.String> blockedSignatureSigningAlgorithms

Collection of signing signature blocked algorithms, if any, to override the global defaults.

certificateExpirationDays

int certificateExpirationDays

Define the validity period for the certificate in number of days. The end-date of the certificate is controlled by this setting, when defined as a value greater than zero.

certificateNameToAppend

java.lang.String certificateNameToAppend

A name to append to signing certificates generated. The named part appended can be useful to identify for which clientName it was generated If no name is provided the default certificate name will be used.

certificateSignatureAlg

java.lang.String certificateSignatureAlg

Certificate signature algorithm to use when generating the certificate.

destinationBinding

java.lang.String destinationBinding

The destination binding to use when creating authentication requests.

forceAuth

boolean forceAuth

Whether authentication requests should be tagged as forced auth.

forceKeystoreGeneration

boolean forceKeystoreGeneration

Force generation of the keystore.

identityProviderMetadataPath

java.lang.String identityProviderMetadataPath

The metadata location of the identity provider that is to handle authentications.

keystoreAlias

java.lang.String keystoreAlias

The key alias used in the keystore.

keystorePassword

java.lang.String keystorePassword

The password to use when generating the SP/CAS keystore.

keystorePath

java.lang.String keystorePath

Location of the keystore to use and generate the SP/CAS keystore.

mappedAttributes

java.util.List<java.lang.String> mappedAttributes

Describes the map of attributes that are to be fetched from the credential (map keys) and then transformed/renamed using map values before they are put into a profile. An example might be to fetch givenName from credential and rename it to urn:oid:2.5.4.42 or vice versa. Note that this setting only applies to attribute names, and not friendly-names. List arbitrary mappings of claims. Uses a "directed list" where the allowed syntax would be givenName->urn:oid:2.5.4.42.

maximumAuthenticationLifetime

java.lang.String maximumAuthenticationLifetime

Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you. By default, the SAML client will accept assertions based on a previous authentication for one hour. You can adjust this behavior by modifying this setting. The unit of time here is seconds.

messageStoreFactory

java.lang.String messageStoreFactory

Factory implementing this interface provides services for storing and retrieval of SAML messages for e.g. verification of retrieved responses. The default factory is an always empty store. You may choose org.pac4j.saml.store.HttpSessionStore instead which allows SAML messages to be stored in a distributed session store specially required for high availability deployments and validation operations.

nameIdPolicyAllowCreate

org.apereo.cas.util.model.TriStateBoolean nameIdPolicyAllowCreate

Flag to indicate whether the allow-create flags for nameid policies should be set to true, false or ignored/defined.

nameIdPolicyFormat

java.lang.String nameIdPolicyFormat

NameID policy to request in the authentication requests.

passive

boolean passive

Whether authentication requests should be tagged as passive.

principalIdAttribute

java.lang.String principalIdAttribute

The attribute found in the saml response that may be used to establish the authenticated user and build a profile for CAS.

privateKeyPassword

java.lang.String privateKeyPassword

The password to use when generating the private key for the SP/CAS keystore.

providerName

java.lang.String providerName

Provider name set for the saml authentication request. Sets the human-readable name of the requester for use by the presenter's user agent or the identity provider.

requestedAttributes

java.util.List<Pac4jSamlClientProperties.ServiceProviderRequestedAttribute> requestedAttributes

List of attributes requested by the service provider that would be put into the service provider metadata.

serviceProviderEntityId

java.lang.String serviceProviderEntityId

The entity id of the SP/CAS that is used in the SP metadata generation process.

serviceProviderMetadataPath

java.lang.String serviceProviderMetadataPath

Location of the SP metadata to use and generate.

signatureAlgorithms

java.util.List<java.lang.String> signatureAlgorithms

Collection of signing signature algorithms, if any, to override the global defaults.

signatureCanonicalizationAlgorithm

java.lang.String signatureCanonicalizationAlgorithm

The signing signature canonicalization algorithm, if any, to override the global defaults.

signatureReferenceDigestMethods

java.util.List<java.lang.String> signatureReferenceDigestMethods

Collection of signing signature reference digest methods, if any, to override the global defaults.

signAuthnRequest

boolean signAuthnRequest

Whether or not the authnRequest should be signed.

signServiceProviderLogoutRequest

boolean signServiceProviderLogoutRequest

Whether or not the Logout Request sent from the SP should be signed.

signServiceProviderMetadata

boolean signServiceProviderMetadata

Whether or not SAML SP metadata should be signed when generated.

useNameQualifier

boolean useNameQualifier

Whether name qualifiers should be produced in the final saml response.

wantsAssertionsSigned

boolean wantsAssertionsSigned

Whether metadata should be marked to request sign assertions.

wantsResponsesSigned

boolean wantsResponsesSigned

Whether a response has to be mandatory signed.

Class org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties.ServiceProviderRequestedAttribute extends java.lang.Object implements Serializable

serialVersionUID:

-862819796533384951L

Serialized Fields

friendlyName

java.lang.String friendlyName

Attribute friendly name.

name

java.lang.String name

Attribute name.

nameFormat

java.lang.String nameFormat

Attribute name format.

required

boolean required

Whether this attribute is required and should be marked so in the metadata.

Package org.apereo.cas.configuration.model.support.passwordless

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationAccountsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8424650395669337488L

Serialized Fields

groovy

PasswordlessAuthenticationGroovyAccountsProperties groovy

Passwordless authentication settings via Groovy.

json

PasswordlessAuthenticationJsonAccountsProperties json

Passwordless authentication settings via JSON resource.

ldap

PasswordlessAuthenticationLdapAccountsProperties ldap

Passwordless authentication settings via LDAP.

mongo

PasswordlessAuthenticationMongoDbAccountsProperties mongo

Passwordless authentication settings via MongoDb.

rest

PasswordlessAuthenticationRestAccountsProperties rest

Passwordless authentication settings via REST.

simple

java.util.Map<java.lang.String,java.lang.String> simple

Passwordless authentication settings using static accounts. The key is the user identifier, while the value is the form of contact such as email, sms, etc.

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

6726382874579042117L

Serialized Fields

delegatedAuthenticationActivated

boolean delegatedAuthenticationActivated

Allow passwordless authentication to skip its own flow in favor of delegated authentication providers that may be available and defined in CAS.

If delegated authentication is activated, CAS will skip its normal passwordless authentication flow in favor of the requested delegated authentication provider. If no delegated providers are available, passwordless authentication flow will commence as usual.

delegatedAuthenticationSelectorScript

SpringResourceProperties delegatedAuthenticationSelectorScript

Select the delegated identity provider for the passwordless user using a script.

multifactorAuthenticationActivated

boolean multifactorAuthenticationActivated

Allow passwordless authentication to skip its own flow in favor of multifactor authentication providers that may be available and defined in CAS.

If multifactor authentication is activated, and defined MFA triggers in CAS signal availability and eligibility of an MFA flow for the given passwordless user, CAS will skip its normal passwordless authentication flow in favor of the requested multifactor authentication provider. If no MFA providers are available, or if no triggers require MFA for the verified passwordless user, passwordless authentication flow will commence as usual.

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

8726382874579042117L

Serialized Fields

accounts

PasswordlessAuthenticationAccountsProperties accounts

Properties to instruct CAS how accounts for passwordless authentication should be located.

core

PasswordlessAuthenticationCoreProperties core

Core passwordless settings.

tokens

PasswordlessAuthenticationTokensProperties tokens

Properties to instruct CAS how tokens for passwordless authentication should be located.

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationTokensProperties extends java.lang.Object implements Serializable

serialVersionUID:

8371063350377031703L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings on how to reset the password.

expireInSeconds

int expireInSeconds

Indicate how long should the token be considered valid.

jpa

PasswordlessAuthenticationJpaTokensProperties jpa

Passwordless authentication settings via JPA.

mail

EmailProperties mail

Email settings for notifications.

rest

PasswordlessAuthenticationRestTokensProperties rest

Passwordless authentication settings via REST.

sms

SmsProperties sms

SMS settings for notifications.

Package org.apereo.cas.configuration.model.support.passwordless.account

Class org.apereo.cas.configuration.model.support.passwordless.account.PasswordlessAuthenticationGroovyAccountsProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.passwordless.account.PasswordlessAuthenticationJsonAccountsProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.passwordless.account.PasswordlessAuthenticationLdapAccountsProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-1102345678378393382L

Serialized Fields

emailAttribute

java.lang.String emailAttribute

Name of the LDAP attribute that indicates the user's email address.

phoneAttribute

java.lang.String phoneAttribute

Name of the LDAP attribute that indicates the user's phone.

Class org.apereo.cas.configuration.model.support.passwordless.account.PasswordlessAuthenticationMongoDbAccountsProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-6304734732383722585L

Class org.apereo.cas.configuration.model.support.passwordless.account.PasswordlessAuthenticationRestAccountsProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Package org.apereo.cas.configuration.model.support.passwordless.token

Class org.apereo.cas.configuration.model.support.passwordless.token.PasswordlessAuthenticationJpaTokensProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

7647381223153797806L

Serialized Fields

cleaner

ScheduledJobProperties cleaner

Settings that control the background cleaner process.

Class org.apereo.cas.configuration.model.support.passwordless.token.PasswordlessAuthenticationRestTokensProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Package org.apereo.cas.configuration.model.support.pm

Class org.apereo.cas.configuration.model.support.pm.ForgotUsernamePasswordManagementProperties extends java.lang.Object implements Serializable

serialVersionUID:

4850199066765183587L

Serialized Fields

googleRecaptcha

GoogleRecaptchaProperties googleRecaptcha

Google reCAPTCHA settings.

mail

EmailProperties mail

Email settings for notifications.

Class org.apereo.cas.configuration.model.support.pm.GroovyPasswordManagementProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.pm.JdbcPasswordManagementProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

4746591112640513465L

Serialized Fields

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

sqlChangePassword

java.lang.String sqlChangePassword

SQL query to change the password and update.

sqlDeleteSecurityQuestions

java.lang.String sqlDeleteSecurityQuestions

SQL query to delete security questions for the account, if any.

sqlFindEmail

java.lang.String sqlFindEmail

SQL query to locate the user email address.

sqlFindPhone

java.lang.String sqlFindPhone

SQL query to locate the user phone number.

sqlFindUser

java.lang.String sqlFindUser

SQL query to locate the user via email.

sqlGetSecurityQuestions

java.lang.String sqlGetSecurityQuestions

SQL query to locate security questions for the account, if any.

sqlUpdateSecurityQuestions

java.lang.String sqlUpdateSecurityQuestions

SQL query to update security questions for the account, if any.

Class org.apereo.cas.configuration.model.support.pm.JsonPasswordManagementProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

1129426669588789974L

Class org.apereo.cas.configuration.model.support.pm.LdapPasswordManagementProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-2610186056194686825L

Serialized Fields

securityQuestionsAttributes

java.util.Map<java.lang.String,java.lang.String> securityQuestionsAttributes

Collection of attribute names that indicate security questions answers. This is done via a key-value structure where the key is the attribute name for the security question and the value is the attribute name for the answer linked to the question.

type

AbstractLdapProperties.LdapType type

The specific variant of LDAP based on which update operations will be constructed. Accepted values are: *

• AD
• GENERIC
• FreeIPA
• EDirectory

usernameAttribute

java.lang.String usernameAttribute

Username attribute required by LDAP.

Class org.apereo.cas.configuration.model.support.pm.PasswordHistoryCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

2212199066765183587L

Serialized Fields

enabled

boolean enabled

Flag to indicate if password history tracking is enabled.

Class org.apereo.cas.configuration.model.support.pm.PasswordHistoryProperties extends java.lang.Object implements Serializable

serialVersionUID:

2211199066765183587L

Serialized Fields

core

PasswordHistoryCoreProperties core

Password history core/common settings.

groovy

SpringResourceProperties groovy

Handle password history with Groovy.

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-261644582798411176L

Serialized Fields

autoLogin

boolean autoLogin

Flag to indicate whether successful password change should trigger login automatically.

enabled

boolean enabled

Flag to indicate if password management facility is enabled.

policyPattern

java.lang.String policyPattern

A String value representing password policy regex pattern. Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character.

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties extends java.lang.Object implements Serializable

serialVersionUID:

-260644582798411176L

Serialized Fields

core

PasswordManagementCoreProperties core

Password management core settings.

forgotUsername

ForgotUsernamePasswordManagementProperties forgotUsername

Settings related to fetching usernames.

googleRecaptcha

GoogleRecaptchaProperties googleRecaptcha

Google reCAPTCHA settings.

groovy

GroovyPasswordManagementProperties groovy

Handle password policy via Groovy script.

history

PasswordHistoryProperties history

Settings related to password history management.

jdbc

JdbcPasswordManagementProperties jdbc

Manage account passwords in database.

json

JsonPasswordManagementProperties json

Manage account passwords in JSON resources.

ldap

java.util.List<LdapPasswordManagementProperties> ldap

Manage account passwords in LDAP.

reset

ResetPasswordManagementProperties reset

Settings related to resetting password.

rest

RestfulPasswordManagementProperties rest

Manage account passwords via REST.

webflow

WebflowAutoConfigurationProperties webflow

The webflow configuration.

Class org.apereo.cas.configuration.model.support.pm.ResetPasswordManagementProperties extends java.lang.Object implements Serializable

serialVersionUID:

3453970349530670459L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings on how to reset the password.

expirationMinutes

long expirationMinutes

How long in minutes should the password expiration link remain valid.

includeClientIpAddress

boolean includeClientIpAddress

Whether the Password Management Token will contain the client IP Address.

includeServerIpAddress

boolean includeServerIpAddress

Whether the Password Management Token will contain the server IP Address.

mail

EmailProperties mail

Email settings for notifications.

securityQuestionsEnabled

boolean securityQuestionsEnabled

Whether reset operations require security questions, or should they be marked as optional.

sms

SmsProperties sms

SMS settings for notifications.

Class org.apereo.cas.configuration.model.support.pm.RestfulPasswordManagementProperties extends java.lang.Object implements Serializable

serialVersionUID:

5262948164099973872L

Serialized Fields

endpointPassword

java.lang.String endpointPassword

Password for Basic-Auth at the password management endpoints.

endpointUrlChange

java.lang.String endpointUrlChange

Endpoint URL to use when updating passwords..

endpointUrlEmail

java.lang.String endpointUrlEmail

Endpoint URL to use when locating email addresses.

endpointUrlPhone

java.lang.String endpointUrlPhone

Endpoint URL to use when locating phone numbers.

endpointUrlSecurityQuestions

java.lang.String endpointUrlSecurityQuestions

Endpoint URL to use when locating security questions.

endpointUrlUser

java.lang.String endpointUrlUser

Endpoint URL to use when locating user names.

endpointUsername

java.lang.String endpointUsername

Username for Basic-Auth at the password management endpoints.

Package org.apereo.cas.configuration.model.support.qr

Class org.apereo.cas.configuration.model.support.qr.JsonQRAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

7179027843747126083L

Class org.apereo.cas.configuration.model.support.qr.QRAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

8726382874579042117L

Serialized Fields

allowedOrigins

java.util.List<java.lang.String> allowedOrigins

Configure allowed Origin header values. This check is mostly designed for browser clients. There is nothing preventing other types of client to modify the Origin header value.

When SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.

Each provided allowed origin must start by "http://", "https://" or be "*" (means that all origins are allowed). By default, only same origin requests are allowed (empty list).

json

JsonQRAuthenticationProperties json

Track registered devices in a repository backed by a JSON resource.

Package org.apereo.cas.configuration.model.support.quartz

Class org.apereo.cas.configuration.model.support.quartz.ScheduledJobProperties extends java.lang.Object implements Serializable

serialVersionUID:

9059671958275130605L

Serialized Fields

schedule

SchedulingProperties schedule

Scheduler settings to indicate how often the job should run.

Class org.apereo.cas.configuration.model.support.quartz.SchedulingProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1522227059439367394L

Serialized Fields

enabled

boolean enabled

Whether scheduler should be enabled to schedule the job to run.

enabledOnHost

java.lang.String enabledOnHost

Overrides SchedulingProperties.enabled property value of true if this property does not match hostname of CAS server. This can be useful if deploying CAS with an image in a statefulset where all names are predictable but where having different configurations for different servers is hard. The value can be an exact hostname or a regular expression that will be used to match the hostname.

repeatInterval

java.lang.String repeatInterval

String representation of a repeat interval of re-loading data for an data store implementation. This is the timeout between consecutive job’s executions.

startDelay

java.lang.String startDelay

String representation of a start delay of loading data for a data store implementation. This is the delay between scheduler startup and first job’s execution

Package org.apereo.cas.configuration.model.support.radius

Class org.apereo.cas.configuration.model.support.radius.RadiusClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7961769318651312854L

Serialized Fields

accountingPort

int accountingPort

The accounting port.

authenticationPort

int authenticationPort

The authentication port.

inetAddress

java.lang.String inetAddress

Server address to connect and establish a session.

sharedSecret

java.lang.String sharedSecret

Secret/password to use for the initial bind.

socketTimeout

int socketTimeout

Socket connection timeout in milliseconds.

Class org.apereo.cas.configuration.model.support.radius.RadiusProperties extends java.lang.Object implements Serializable

serialVersionUID:

5244307919878753714L

Serialized Fields

client

RadiusClientProperties client

RADIUS client settings.

failoverOnAuthenticationFailure

boolean failoverOnAuthenticationFailure

Whether authentication errors should be skipped and fail over to the next server.

failoverOnException

boolean failoverOnException

Whether catastrophic errors should be skipped and fail over to the next server.

name

java.lang.String name

The name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

server

RadiusServerProperties server

RADIUS server settings.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

Class org.apereo.cas.configuration.model.support.radius.RadiusServerProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3911282132573730184L

Serialized Fields

nasIdentifier

java.lang.String nasIdentifier

The NAS identifier.

nasIpAddress

java.lang.String nasIpAddress

The NAS IP address.

nasIpv6Address

java.lang.String nasIpv6Address

The NAS IPv6 address.

nasPort

long nasPort

The NAS port.

nasPortId

long nasPortId

The NAS port id.

nasPortType

int nasPortType

The NAS port type.

nasRealPort

long nasRealPort

The NAS real port.

protocol

java.lang.String protocol

Radius protocol to use when communicating with the server.

retries

int retries

Number of re-try attempts when dealing with connection and authentication failures.

Package org.apereo.cas.configuration.model.support.redis

Class org.apereo.cas.configuration.model.support.redis.AuditRedisProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-8112996050439638782L

Serialized Fields

asynchronous

boolean asynchronous

Execute the recording of audit records in async manner. This setting must almost always be set to true.

Class org.apereo.cas.configuration.model.support.redis.BaseRedisProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2600996981339638782L

Serialized Fields

cluster

RedisClusterProperties cluster

Redis cluster settings.

connectTimeout

java.lang.String connectTimeout

Connection timeout.

database

int database

Database index used by the connection factory.

enabled

boolean enabled

Whether the module is enabled or not, defaults to true.

host

java.lang.String host

Redis server host.

password

java.lang.String password

Login password of the redis server.

pool

RedisPoolProperties pool

Redis connection pool settings.

port

int port

Redis server port.

readFrom

BaseRedisProperties.RedisReadFromTypes readFrom

Setting that describes how Lettuce routes read operations to replica nodes. Note that modes referencing MASTER/SLAVE are deprecated (but still supported) in the Lettuce redis client dependency so migrate config to UPSTREAM/REPLICA.

sentinel

RedisSentinelProperties sentinel

Redis Sentinel settings.

timeout

java.lang.String timeout

Command timeout.

useSsl

boolean useSsl

Whether or not to use SSL for connection factory.

Class org.apereo.cas.configuration.model.support.redis.RedisAuthenticationProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-1232996050439638782L

Serialized Fields

name

java.lang.String name

The name of the authentication handler.

order

int order

Order of authentication handler in chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for this handler.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

Class org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties extends java.lang.Object implements Serializable

serialVersionUID:

2912983343579258662L

Serialized Fields

host

java.lang.String host

Server's host address.

id

java.lang.String id

Identifier of this node.

name

java.lang.String name

Name of this node.

port

int port

Server's port number.

replicaOf

java.lang.String replicaOf

Set the id of the master node.

type

java.lang.String type

Indicate the type/role of this node. Accepted values are: MASTER, SLAVE.

Class org.apereo.cas.configuration.model.support.redis.RedisClusterProperties extends java.lang.Object implements Serializable

serialVersionUID:

5236837157740950831L

Serialized Fields

adaptiveTopologyRefresh

boolean adaptiveTopologyRefresh

Whether adaptive topology refreshing using all available refresh triggers should be used.

dynamicRefreshSources

boolean dynamicRefreshSources

Whether to discover and query all cluster nodes for obtaining the cluster topology. When set to false, only the initial seed nodes are used as sources for topology discovery.

maxRedirects

int maxRedirects

The max number of redirects to follow.

nodes

java.util.List<RedisClusterNodeProperties> nodes

List of nodes available in the redis cluster.

password

java.lang.String password

The cluster connection's password.

topologyRefreshPeriod

java.lang.String topologyRefreshPeriod

Enables periodic refresh of cluster topology and sets the refresh period.

Class org.apereo.cas.configuration.model.support.redis.RedisPoolProperties extends java.lang.Object implements Serializable

serialVersionUID:

8534823157764550894L

Serialized Fields

enabled

boolean enabled

Enable the pooling configuration.

fairness

boolean fairness

Returns whether or not the pool serves threads waiting to borrow objects fairly. True means that waiting threads are served as if waiting in a FIFO queue.

lifo

boolean lifo

Returns whether the pool has LIFO (last in, first out) behaviour with respect to idle objects - always returning the most recently used object from the pool, or as a FIFO (first in, first out) queue, where the pool always returns the oldest object in the idle object pool.

maxActive

int maxActive

Max number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.

maxIdle

int maxIdle

Max number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.

maxWait

int maxWait

Maximum amount of time (in milliseconds) a connection allocation should block before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.

minEvictableIdleTimeMillis

long minEvictableIdleTimeMillis

Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)). When non-positive, no objects will be evicted from the pool due to idle time alone.

minIdle

int minIdle

Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.

numTestsPerEvictionRun

int numTestsPerEvictionRun

Sets the maximum number of objects to examine during each run (if any) of the idle object evictor thread. When positive, the number of tests performed for a run will be the minimum of the configured value and the number of idle instances in the pool. When negative, the number of tests performed will be ceil(getNumIdle()/ abs(getNumTestsPerEvictionRun())) which means that when the value is -n roughly one nth of the idle objects will be tested per run.

softMinEvictableIdleTimeMillis

long softMinEvictableIdleTimeMillis

Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)), with the extra condition that at least minIdle object instances remain in the pool. This setting is overridden by getMinEvictableIdleTimeMillis() (that is, if getMinEvictableIdleTimeMillis() is positive, then getSoftMinEvictableIdleTimeMillis() is ignored).

testOnBorrow

boolean testOnBorrow

Returns whether objects borrowed from the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed, and a new attempt will be made to borrow an object from the pool.

testOnCreate

boolean testOnCreate

Returns whether objects created for the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, then borrowObject() will fail.

testOnReturn

boolean testOnReturn

Returns whether objects borrowed from the pool will be validated when they are returned to the pool via the returnObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. Returning objects that fail validation are destroyed rather then being returned the pool.

testWhileIdle

boolean testWhileIdle

Returns whether objects sitting idle in the pool will be validated by the idle object evictor ( if any - see setTimeBetweenEvictionRunsMillis(long)). Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed.

Class org.apereo.cas.configuration.model.support.redis.RedisPrincipalAttributesProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-2373755681488251678L

Serialized Fields

id

java.lang.String id

A value can be assigned to this field to uniquely identify this resolver.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.support.redis.RedisSentinelProperties extends java.lang.Object implements Serializable

serialVersionUID:

5434823157764550831L

Serialized Fields

master

java.lang.String master

Name of Redis server.

node

java.util.List<java.lang.String> node

list of host:port pairs.

Class org.apereo.cas.configuration.model.support.redis.RedisServiceRegistryProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-9012996050439638782L

Class org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-2600996050439638782L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.replication

Class org.apereo.cas.configuration.model.support.replication.CookieSessionReplicationProperties extends PinnableCookieProperties implements Serializable

serialVersionUID:

6165162204295764362L

Serialized Fields

autoConfigureCookiePath

boolean autoConfigureCookiePath

Decide if cookie paths should be automatically configured based on the application context path, when the cookie path is not configured.

Class org.apereo.cas.configuration.model.support.replication.SessionReplicationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3839399712674610962L

Serialized Fields

cookie

CookieSessionReplicationProperties cookie

Cookie setting for session replication.

Package org.apereo.cas.configuration.model.support.rest

Class org.apereo.cas.configuration.model.support.rest.RestAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6122859176355467060L

Serialized Fields

charset

java.lang.String charset

Charset to encode the credentials sent to the REST endpoint.

name

java.lang.String name

Name of the authentication handler.

order

java.lang.Integer order

Order of the authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for REST authentication.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

uri

java.lang.String uri

Endpoint URI to use for verification of credentials.

Package org.apereo.cas.configuration.model.support.saml

Class org.apereo.cas.configuration.model.support.saml.SamlCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8505851926931247878L

Serialized Fields

attributeNamespace

java.lang.String attributeNamespace

Attribute namespace to use when generating SAML1 responses.

issueLength

int issueLength

Issue length that controls the validity period of the assertion.

issuer

java.lang.String issuer

Issuer of the assertion when generating SAML1 responses.

securityManager

java.lang.String securityManager

Qualified name of the security manager class used for creating a SAML parser pool.

skewAllowance

java.lang.String skewAllowance

Skew allowance that controls the issue instance of the authentication.

ticketidSaml2

boolean ticketidSaml2

Whether ticket ids generated should be saml2 compliant when generating SAML1 responses.

Package org.apereo.cas.configuration.model.support.saml.googleapps

Class org.apereo.cas.configuration.model.support.saml.googleapps.GoogleAppsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5133482766495375325L

Serialized Fields

keyAlgorithm

java.lang.String keyAlgorithm

Deprecated.

Since 6.2

Signature algorithm used to generate keys.

privateKeyLocation

java.lang.String privateKeyLocation

Deprecated.

Since 6.2

The private key location that is used to sign responses, etc.

publicKeyLocation

java.lang.String publicKeyLocation

Deprecated.

Since 6.2

The public key location that is also shared with google apps.

Package org.apereo.cas.configuration.model.support.saml.idp

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPAlgorithmsProperties extends java.lang.Object implements Serializable

serialVersionUID:

6547093517788229284L

Serialized Fields

overrideAllowedAlgorithms

java.util.List<java.lang.String> overrideAllowedAlgorithms

The Override white listed algorithms.

overrideAllowedSignatureSigningAlgorithms

java.util.List<java.lang.String> overrideAllowedSignatureSigningAlgorithms

The Override allowed signature signing algorithms.

overrideBlockedEncryptionAlgorithms

java.util.List<java.lang.String> overrideBlockedEncryptionAlgorithms

The Override black listed encryption algorithms.

overrideBlockedSignatureSigningAlgorithms

java.util.List<java.lang.String> overrideBlockedSignatureSigningAlgorithms

The Override blocked signature signing algorithms.

overrideDataEncryptionAlgorithms

java.util.List<java.lang.String> overrideDataEncryptionAlgorithms

The Override data encryption algorithms.

overrideKeyEncryptionAlgorithms

java.util.List<java.lang.String> overrideKeyEncryptionAlgorithms

The Override key encryption algorithms.

overrideSignatureAlgorithms

java.util.List<java.lang.String> overrideSignatureAlgorithms

The Override signature algorithms.

overrideSignatureCanonicalizationAlgorithm

java.lang.String overrideSignatureCanonicalizationAlgorithm

The Override signature canonicalization algorithm.

overrideSignatureReferenceDigestMethods

java.util.List<java.lang.String> overrideSignatureReferenceDigestMethods

The Override signature reference digest methods.

privateKeyAlgName

java.lang.String privateKeyAlgName

Algorithm name to use when generating or locating private key for signing operations..

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1848175783676789852L

Serialized Fields

attributeFriendlyNames

java.util.List<java.lang.String> attributeFriendlyNames

A mapping of attribute names to their friendly names, defined globally. Example might be urn:oid:1.3.6.1.4.1.5923.1.1.1.6->eduPersonPrincipalName.

attributeQueryProfileEnabled

boolean attributeQueryProfileEnabled

Indicates whether attribute query profile is enabled. Enabling this setting would allow CAS to record SAML responses and have them be made available later for attribute lookups.

authenticationContextClassMappings

java.util.List<java.lang.String> authenticationContextClassMappings

A mapping of authentication context class refs. This is where specific authentication context classes are reference and mapped to providers that CAS may support mainly for MFA purposes.

Example might be urn:oasis:names:tc:SAML:2.0:ac:classes:SomeClassName->mfa-duo.

entityId

java.lang.String entityId

The SAML entity id for the deployment.

sessionStorageType

SamlIdPCoreProperties.SessionStorageTypes sessionStorageType

Indicates whether saml requests, and other session data, collected as part of SAML flows and requests that are kept by the container http session, local storage, or should be replicated across the cluster.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

3547093517788229284L

Serialized Fields

resource

java.util.List<SpringResourceProperties> resource

Locate discovery feed json file.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPLogoutProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4608824149569614549L

Serialized Fields

forceSignedLogoutRequests

boolean forceSignedLogoutRequests

Whether SLO logout requests are required to be signed.

logoutResponseBinding

java.lang.String logoutResponseBinding

Whether SLO logout responses should be sent using a forced binding. Accepted values are:

• urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
• urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

If no binding is defined, all available SLO endpoints found in the metadata will be consulted for logout responses.

sendLogoutResponse

boolean sendLogoutResponse

Whether SLO logout responses should be sent to service providers.

signLogoutResponse

boolean signLogoutResponse

Whether SLO logout responses are required to be signed.

singleLogoutCallbacksDisabled

boolean singleLogoutCallbacksDisabled

Whether SAML SLO is enabled and processed.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProfileProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3218075783676789852L

Serialized Fields

slo

SamlIdPProfileProperties.Saml2SloProfile slo

Settings related to the saml2 slo redirect profile.

sso

SamlIdPProfileProperties.Saml2SsoProfile sso

Settings related to the saml2 sso profile.

ssoPostSimpleSign

SamlIdPProfileProperties.Saml2SsoPostSimpleSignProfile ssoPostSimpleSign

Settings related to the saml2 sso post simple-sign profile.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProfileProperties.Saml2SloProfile extends java.lang.Object implements Serializable

serialVersionUID:

1976431439191949383L

Serialized Fields

urlDecodeRedirectRequest

boolean urlDecodeRedirectRequest

Whether the initial request should be explicitly url-decoded before it's consumed by the decoder.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProfileProperties.Saml2SsoPostSimpleSignProfile extends java.lang.Object implements Serializable

serialVersionUID:

2276431439191949383L

Serialized Fields

urlDecodeRedirectRequest

boolean urlDecodeRedirectRequest

Whether the initial request should be explicitly url-decoded before it's consumed by the decoder.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProfileProperties.Saml2SsoProfile extends java.lang.Object implements Serializable

serialVersionUID:

6576431439191949383L

Serialized Fields

urlDecodeRedirectRequest

boolean urlDecodeRedirectRequest

Whether the initial request should be explicitly url-decoded before it's consumed by the decoder.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5848075783676789852L

Serialized Fields

algs

SamlIdPAlgorithmsProperties algs

Settings related to algorithms used for signing, etc.

core

SamlIdPCoreProperties core

Core SAML2 settings that control key aspects of the saml2 authentication scenario.

logout

SamlIdPLogoutProperties logout

SAML2 logout related settings.

metadata

SamlIdPMetadataProperties metadata

SAML2 metadata related settings.

profile

SamlIdPProfileProperties profile

Settings related to handling saml2 profiles.

response

SamlIdPResponseProperties response

Settings related to SAML2 responses.

ticket

SamlIdPTicketProperties ticket

Settings related to naming saml cache storage.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties extends java.lang.Object implements Serializable

serialVersionUID:

7200477683583467619L

Serialized Fields

attributeNameFormats

java.util.List<java.lang.String> attributeNameFormats

Each individual attribute can be mapped to a particular name-format. Example: attributeName->basic|uri|unspecified|custom-format-etc,....

credentialType

SamlIdPResponseProperties.SignatureCredentialTypes credentialType

Indicate the encoding type of the credential used when rendering the saml response.

defaultAttributeNameFormat

java.lang.String defaultAttributeNameFormat

Indicates the default name-format for all attributes in case the individual attribute is not individually mapped.

defaultAuthenticationContextClass

java.lang.String defaultAuthenticationContextClass

The default authentication context class to include in the response if none is specified via the service.

signError

boolean signError

Whether error responses should be signed.

skewAllowance

java.lang.String skewAllowance

Time unit in seconds used to skew authentication dates such as valid-from and valid-until elements.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

6837089259390742073L

Serialized Fields

samlArtifactsCacheStorageName

java.lang.String samlArtifactsCacheStorageName

name that should be given to the saml artifact cache storage name.

samlAttributeQueryCacheStorageName

java.lang.String samlAttributeQueryCacheStorageName

The name that should be given to the saml attribute query cache storage name.

Package org.apereo.cas.configuration.model.support.saml.idp.metadata

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.AmazonS3SamlMetadataProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

352435146313504995L

Serialized Fields

bucketName

java.lang.String bucketName

S3 bucket that contains metadata files.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the metadata records.

idpMetadataBucketName

java.lang.String idpMetadataBucketName

The collection name that is responsible to hold the identity provider metadata.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.CoreSamlMetadataProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8116473583467202828L

Serialized Fields

cacheExpiration

java.lang.String cacheExpiration

How long should metadata be cached.

failFast

boolean failFast

Whether invalid metadata should eagerly fail quickly on startup once the resource is parsed.

requireValidMetadata

boolean requireValidMetadata

Whether valid metadata is required.

sloServicePostBindingEnabled

boolean sloServicePostBindingEnabled

Whether metadata generation process should support SLO service POST binding.

sloServiceRedirectBindingEnabled

boolean sloServiceRedirectBindingEnabled

Whether metadata generation process should support SLO service REDIRECT binding.

ssoServicePostBindingEnabled

boolean ssoServicePostBindingEnabled

Whether metadata generation process should support SSO service POST binding.

ssoServicePostSimpleSignBindingEnabled

boolean ssoServicePostSimpleSignBindingEnabled

Whether metadata generation process should support SSO service POST SimpleSign binding.

ssoServiceRedirectBindingEnabled

boolean ssoServiceRedirectBindingEnabled

Whether metadata generation process should support SSO service REDIRECT binding.

ssoServiceSoapBindingEnabled

boolean ssoServiceSoapBindingEnabled

Whether metadata generation process should support SSO service SOAP binding.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.CouchDbSamlMetadataProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

1673956475847790139L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the metadata records.

idpMetadataEnabled

boolean idpMetadataEnabled

Whether identity provider metadata artifacts are expected to be found in the database.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.FileSystemSamlMetadataProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8336473583467202828L

Serialized Fields

location

java.lang.String location

Directory location of SAML metadata and signing/encryption keys. This directory will be used to hold the configuration files.

signMetadata

boolean signMetadata

Whether metadata generated on disk should be digitally signed. Signing operations use the saml2 identity provider's signing certificate and signing key.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.GitSamlMetadataProperties extends BaseGitProperties implements Serializable

serialVersionUID:

4194689836396653458L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the metadata records.

idpMetadataEnabled

boolean idpMetadataEnabled

Whether identity provider metadata artifacts are expected to be found in the database.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.HttpSamlMetadataProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8226473583467202828L

Serialized Fields

forceMetadataRefresh

boolean forceMetadataRefresh

Forcefully download and fetch metadata files form URL sources and disregard any cached copies of the metadata.

metadataBackupLocation

java.lang.String metadataBackupLocation

Directory location where downloaded SAML metadata is cached as backup files. If left undefined, the directory is calculated off of the metadata location on disk when specified. The directory location should also support and be resolvable via Spring expression language.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.JpaSamlMetadataProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

352435146313504995L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the metadata records.

idpMetadataEnabled

boolean idpMetadataEnabled

Whether identity provider metadata artifacts are expected to be found in the database.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.MDQSamlMetadataProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1311568960413770598L

Serialized Fields

basicAuthnPassword

java.lang.String basicAuthnPassword

Basic auth password in case the metadata instance is connecting to an MDQ server.

basicAuthnUsername

java.lang.String basicAuthnUsername

Basic auth username in case the metadata instance is connecting to an MDQ server.

supportedContentTypes

java.util.List<java.lang.String> supportedContentTypes

Supported content types in case the metadata instance is connecting to an MDQ server. MediaType.APPLICATION_XML_VALUE and MediaType.TEXT_XML_VALUE are supported by default.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.MongoDbSamlMetadataProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-227092724742371662L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the metadata records.

idpMetadataCollection

java.lang.String idpMetadataCollection

The collection name that is responsible to hold the identity provider metadata.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.RedisSamlMetadataProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-227092724742371662L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the metadata records.

idpMetadataEnabled

boolean idpMetadataEnabled

Whether identity provider metadata artifacts are expected to be found in the database.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.RestSamlMetadataProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-7734304585762871404L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the metadata records.

idpMetadataEnabled

boolean idpMetadataEnabled

Whether identity provider metadata artifacts are expected to be found in the database.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.SamlIdPMetadataProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1020542741768471305L

Serialized Fields

amazonS3

AmazonS3SamlMetadataProperties amazonS3

Properties pertaining to AWS S3 metadata resolution.

core

CoreSamlMetadataProperties core

Core and common settings related to saml2 metadata management.

couchDb

CouchDbSamlMetadataProperties couchDb

Properties pertaining to CouchDB metadata resolution.

fileSystem

FileSystemSamlMetadataProperties fileSystem

Settings related to saml2 metadata management, when fetching or handling metadata using the file system.

git

GitSamlMetadataProperties git

Properties pertaining to git saml metadata resolvers.

http

HttpSamlMetadataProperties http

Settings related to saml2 metadata management, when fetching or handling metadata over http endpoints from URL resources.

jpa

JpaSamlMetadataProperties jpa

Properties pertaining to jpa metadata resolution.

mdq

MDQSamlMetadataProperties mdq

Metadata management settings via MDQ protocol.

mongo

MongoDbSamlMetadataProperties mongo

Properties pertaining to mongo db saml metadata resolvers.

redis

RedisSamlMetadataProperties redis

Properties pertaining to redis saml metadata resolvers.

rest

RestSamlMetadataProperties rest

Properties pertaining to REST metadata resolution.

Package org.apereo.cas.configuration.model.support.saml.mdui

Class org.apereo.cas.configuration.model.support.saml.mdui.SamlMetadataUIProperties extends java.lang.Object implements Serializable

serialVersionUID:

2113479681245996975L

Serialized Fields

maxValidity

long maxValidity

If specified, creates a validity filter on the metadata to check for metadata freshness based on the max validity. Value is specified in seconds.

parameter

java.lang.String parameter

The parameter name that indicates the entity id of the service provider submitted to CAS.

requireSignedRoot

boolean requireSignedRoot

When parsing metadata, whether the root element is required to be signed.

requireValidMetadata

boolean requireValidMetadata

Whether valid metadata is required when parsing metadata.

resources

java.util.List<java.lang.String> resources

Metadata resources to load and parse through based on the incoming entity id in order to locate MDUI. Resources can be classpath/file/http resources. If each metadata resource has a signing certificate, they can be added onto the resource with a :: separator. Example: classpath:/sp-metadata.xml::classpath:/pub.key.

schedule

SchedulingProperties schedule

Scheduler settings to indicate how often is metadata reloaded.

Package org.apereo.cas.configuration.model.support.saml.shibboleth

Class org.apereo.cas.configuration.model.support.saml.shibboleth.ShibbolethIdPProperties extends java.lang.Object implements Serializable

serialVersionUID:

1741075420882227768L

Serialized Fields

serverUrl

java.lang.String serverUrl

The server url of the shibboleth idp deployment.

Package org.apereo.cas.configuration.model.support.saml.sps

Class org.apereo.cas.configuration.model.support.saml.sps.AbstractSamlSPProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5381463661659831898L

Serialized Fields

attributes

java.util.List<java.lang.String> attributes

Set up the attribute release policy for this service. Allow attributes that are to be released to this SP. Attributes should be separated by commas and can be virtually mapped and renamed.

description

java.lang.String description

Description of this service provider as it's stored in the registry.

entityIds

java.util.List<java.lang.String> entityIds

List of entityIds allowed for this service provider. Multiple ids can be specified in the event that the metadata is an aggregate.

metadata

java.lang.String metadata

The location of the metadata for this service provider. Can be a URL or another form of resource.

name

java.lang.String name

Name of this service provider.

nameIdAttribute

java.lang.String nameIdAttribute

Attribute to use when generating nameids for this SP.

nameIdFormat

java.lang.String nameIdFormat

The forced nameId format to use when generating a response.

signAssertions

boolean signAssertions

Indicate whether assertions should be signed.

signatureLocation

java.lang.String signatureLocation

Signature location used to verify metadata.

signResponses

boolean signResponses

Indicate whether responses should be signed.

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties extends java.lang.Object implements Serializable

serialVersionUID:

8602328179113963081L

Serialized Fields

academicHealthPlans

SamlServiceProviderProperties.AcademicHealthPlans academicHealthPlans

Settings related to Academic HealthPlans acting as a SAML service provider.

academicWorks

SamlServiceProviderProperties.AcademicWorks academicWorks

Settings related to Academic Works acting as a SAML service provider.

adobeCloud

SamlServiceProviderProperties.AdobeCloud adobeCloud

Settings related to Adobe Cloud acting as a SAML service provider.

amazon

SamlServiceProviderProperties.Amazon amazon

Settings related to Amazon acting as a SAML service provider.

appDynamics

SamlServiceProviderProperties.AppDynamics appDynamics

Settings related to AppDynamics acting as a SAML service provider.

arcGIS

SamlServiceProviderProperties.ArcGIS arcGIS

Settings related to ArcGIS acting as a SAML service provider.

armsSoftware

SamlServiceProviderProperties.ArmsSoftware armsSoftware

Settings related to ArmsSoftware acting as a SAML service provider.

asana

SamlServiceProviderProperties.Asana asana

Settings related to Asana acting as a SAML service provider.

benefitFocus

SamlServiceProviderProperties.BenefitFocus benefitFocus

Settings related to BenefitFocus acting as a SAML service provider.

blackBaud

SamlServiceProviderProperties.BlackBaud blackBaud

Settings related to BlackBaud acting as a SAML service provider.

box

SamlServiceProviderProperties.Box box

Settings related to Box acting as a SAML service provider.

bynder

SamlServiceProviderProperties.Bynder bynder

Settings related to Bynder acting as a SAML service provider.

cccco

SamlServiceProviderProperties.CaliforniaCommunityColleges cccco

Settings related to CCC acting as a SAML service provider.

cherWell

SamlServiceProviderProperties.CherWell cherWell

Settings related to CherWell acting as a SAML service provider.

concurSolutions

SamlServiceProviderProperties.ConcurSolutions concurSolutions

Settings related to ConcurSolutions acting as a SAML service provider.

confluence

SamlServiceProviderProperties.Confluence confluence

Settings related to Confluence acting as a SAML service provider.

craniumCafe

SamlServiceProviderProperties.CraniumCafe craniumCafe

Settings related to Cranium Cafe acting as a SAML service provider.

crashPlan

SamlServiceProviderProperties.CrashPlan crashPlan

Settings related to CrashPlan acting as a SAML service provider.

docuSign

SamlServiceProviderProperties.DocuSign docuSign

Settings related to DocuSign acting as a SAML service provider.

dropbox

SamlServiceProviderProperties.Dropbox dropbox

Settings related to Dropbox acting as a SAML service provider.

easyIep

SamlServiceProviderProperties.EasyIep easyIep

Settings related to Easy IEP acting as a SAML service provider.

egnyte

SamlServiceProviderProperties.Egnyte egnyte

Settings related to CherWell acting as a SAML service provider.

emma

SamlServiceProviderProperties.Emma emma

Settings related to Emma acting as a SAML service provider.

everBridge

SamlServiceProviderProperties.EverBridge everBridge

Settings related to EverBridge acting as a SAML service provider.

evernote

SamlServiceProviderProperties.Evernote evernote

Settings related to Evernote acting as a SAML service provider.

famis

SamlServiceProviderProperties.Famis famis

Settings related to Famis acting as a SAML service provider.

gartner

SamlServiceProviderProperties.Gartner gartner

Settings related to Gartner acting as a SAML service provider.

gitlab

SamlServiceProviderProperties.Gitlab gitlab

Settings related to Gitlab acting as a SAML service provider.

giveCampus

SamlServiceProviderProperties.GiveCampus giveCampus

Settings related to GiveCampus acting as a SAML service provider.

hipchat

SamlServiceProviderProperties.Hipchat hipchat

Settings related to Hipchat acting as a SAML service provider.

inCommon

SamlServiceProviderProperties.InCommon inCommon

Settings related to InCommon acting as a SAML service provider.

infiniteCampus

SamlServiceProviderProperties.InfiniteCampus infiniteCampus

Settings related to InfiniteCampus acting as a SAML service provider.

jira

SamlServiceProviderProperties.Jira jira

Settings related to JIRA acting as a SAML service provider.

neoGov

SamlServiceProviderProperties.NeoGov neoGov

Settings related to NeoGov acting as a SAML service provider.

netPartner

SamlServiceProviderProperties.NetPartner netPartner

Settings related to NetPartner acting as a SAML service provider.

newRelic

SamlServiceProviderProperties.NewRelic newRelic

Settings related to CherWell acting as a SAML service provider.

office365

SamlServiceProviderProperties.Office365 office365

Settings related to Office365 acting as a SAML service provider.

openAthens

SamlServiceProviderProperties.OpenAthens openAthens

Settings related to OpenAthens acting as a SAML service provider.

pagerDuty

SamlServiceProviderProperties.PagerDuty pagerDuty

Settings related to PagerDuty acting as a SAML service provider.

pollEverywhere

SamlServiceProviderProperties.PollEverywhere pollEverywhere

Settings related to PollEverywhere acting as a SAML service provider.

qualtrics

SamlServiceProviderProperties.Qualtrics qualtrics

Settings related to Qualtrics acting as a SAML service provider.

rocketChat

SamlServiceProviderProperties.RocketChat rocketChat

Settings related to RocketChat acting as a SAML service provider.

safariOnline

SamlServiceProviderProperties.SafariOnline safariOnline

Settings related to SafariOnline acting as a SAML service provider.

salesforce

SamlServiceProviderProperties.Salesforce salesforce

Settings related to Salesforce acting as a SAML service provider.

saManage

SamlServiceProviderProperties.SAManage saManage

Settings related to SA Manage acting as a SAML service provider.

sansSth

SamlServiceProviderProperties.SecuringTheHuman sansSth

Settings related to SecuringTheHuman acting as a SAML service provider.

serviceNow

SamlServiceProviderProperties.ServiceNow serviceNow

Settings related to ServiceNow acting as a SAML service provider.

slack

SamlServiceProviderProperties.Slack slack

Settings related to Slack acting as a SAML service provider.

sserca

SamlServiceProviderProperties.SunshineStateEdResearchAlliance sserca

Settings related to Sunshine state ed/release alliance acting as a SAML service provider.

symplicity

SamlServiceProviderProperties.Symplicity symplicity

Settings related to Symplicity acting as a SAML service provider.

tableau

SamlServiceProviderProperties.Tableau tableau

Settings related to Tableu acting as a SAML service provider.

topHat

SamlServiceProviderProperties.TopHat topHat

Settings related to TopHat acting as a SAML service provider.

warpWire

SamlServiceProviderProperties.WarpWire warpWire

Settings related to WarpWire acting as a SAML service provider.

webAdvisor

SamlServiceProviderProperties.WebAdvisor webAdvisor

Settings related to WebAdvisor acting as a SAML service provider.

webex

SamlServiceProviderProperties.Webex webex

Settings related to Webex acting as a SAML service provider.

workday

SamlServiceProviderProperties.Workday workday

Settings related to Workday acting as a SAML service provider.

yuja

SamlServiceProviderProperties.Yuja yuja

Settings related to Yuja acting as a SAML service provider.

zendesk

SamlServiceProviderProperties.Zendesk zendesk

Settings related to Zendesk acting as a SAML service provider.

zimbra

SamlServiceProviderProperties.Zimbra zimbra

Settings related to Zimbra acting as a SAML service provider.

zoom

SamlServiceProviderProperties.Zoom zoom

Settings related to ZOOM acting as a SAML service provider.

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.AcademicHealthPlans extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.AcademicWorks extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

5855725238963607605L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.AdobeCloud extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5466434234795577247L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Amazon extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.AppDynamics extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.ArcGIS extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

2976006720801066953L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.ArmsSoftware extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Asana extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

6392492484052314295L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.BenefitFocus extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6518570556068267724L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.BlackBaud extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Box extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5320292115253509284L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Bynder extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.CaliforniaCommunityColleges extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.CherWell extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.ConcurSolutions extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Confluence extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.CraniumCafe extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.CrashPlan extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.DocuSign extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Dropbox extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-8275173711355379058L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.EasyIep extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

6177866628049579956L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Egnyte extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3168760591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Emma extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.EverBridge extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Evernote extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1333379518527897627L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Famis extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

4685484530782109454L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Gartner extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Gitlab extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.GiveCampus extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Hipchat extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.InCommon extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6336757169059216490L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.InfiniteCampus extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-9023417844664430533L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Jira extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.NeoGov extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.NetPartner extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

5262806306575955633L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.NewRelic extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3268960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Office365 extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

5878458463269060163L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.OpenAthens extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

7295249577313928465L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.PagerDuty extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.PollEverywhere extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Qualtrics extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.RocketChat extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.SafariOnline extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Salesforce extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

4685484530782109454L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.SAManage extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-8695176237527302883L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.SecuringTheHuman extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1688194227471468248L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.ServiceNow extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

4329681021653966734L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Slack extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1996859011579246804L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.SunshineStateEdResearchAlliance extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5558960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Symplicity extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3178960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Tableau extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-2426590644028989950L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.TopHat extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.WarpWire extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.WebAdvisor extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

8449304623099588610L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Webex extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

1957066095836617091L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Workday extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

3484810792914261584L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Yuja extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Zendesk extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-4668960591734555087L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Zimbra extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Zoom extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-4877129302021248398L

Package org.apereo.cas.configuration.model.support.scim

Class org.apereo.cas.configuration.model.support.scim.ScimProperties extends java.lang.Object implements Serializable

serialVersionUID:

7943229230342691009L

Serialized Fields

enabled

boolean enabled

Decide whether scim should be enabled.

oauthToken

java.lang.String oauthToken

Authenticate into the SCIM server/service via a pre-generated OAuth token.

password

java.lang.String password

Authenticate into the SCIM server with a pre-defined password.

target

java.lang.String target

The SCIM provisioning target URI.

username

java.lang.String username

Authenticate into the SCIM server with a pre-defined username.

version

long version

Indicate what version of the scim protocol is and should be used.

Package org.apereo.cas.configuration.model.support.services.json

Class org.apereo.cas.configuration.model.support.services.json.JsonServiceRegistryProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-3022199446494732533L

Serialized Fields

watcherEnabled

boolean watcherEnabled

Flag indicating whether a background watcher thread is enabled for the purposes of live reloading of service registry data changes from persistent data store.

Package org.apereo.cas.configuration.model.support.services.stream

Class org.apereo.cas.configuration.model.support.services.stream.BaseStreamServicesProperties extends java.lang.Object implements Serializable

serialVersionUID:

7025417314334269017L

Class org.apereo.cas.configuration.model.support.services.stream.StreamingServiceRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

4957127900906059461L

Serialized Fields

enabled

boolean enabled

Whether service registry events should be streamed and published across a CAS cluster. One typical workflow is to enable the publisher on one master node and have others consume definitions and changes from the upstream master node in order to avoid overrides and timing issues as changes may step over each other if the service registry schedule is not timed correctly.

hazelcast

StreamServicesHazelcastProperties hazelcast

Stream services with hazelcast.

kafka

StreamServicesKafkaProperties kafka

Stream services with Kafka.

replicationMode

StreamingServiceRegistryProperties.ReplicationModes replicationMode

Indicates the replication mode. Accepted values are:

• ACTIVE_ACTIVE: All CAS nodes sync copies of definitions and keep them locally.
• ACTIVE_PASSIVE: One master node keeps definitions and streams changes to other passive nodes

Package org.apereo.cas.configuration.model.support.services.stream.hazelcast

Class org.apereo.cas.configuration.model.support.services.stream.hazelcast.StreamServicesHazelcastProperties extends BaseStreamServicesProperties implements Serializable

serialVersionUID:

-1583614089051161614L

Serialized Fields

config

BaseHazelcastProperties config

Configuration of the hazelcast instance to queue and stream items.

duration

java.lang.String duration

Duration that indicates how long should items be kept in the hazelcast cache. Note that generally this number needs to be short as once an item is delivered to a target, it is explicitly removed from the cache/queue. This duration needs to be adjusted if the latency between the CAS nodes in the cluster is too large. Having too short a value will cause the record to expire before it reaches other members of the cluster.

Class org.apereo.cas.configuration.model.support.services.stream.hazelcast.StreamServicesKafkaProperties extends BaseKafkaProperties implements Serializable

serialVersionUID:

-7126701588226903867L

Serialized Fields

topic

KafkaSingleTopicProperties topic

Describe the kafka topic.

Package org.apereo.cas.configuration.model.support.services.yaml

Class org.apereo.cas.configuration.model.support.services.yaml.YamlServiceRegistryProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

4863603996990314548L

Serialized Fields

watcherEnabled

boolean watcherEnabled

Flag indicating whether a background watcher thread is enabled for the purposes of live reloading of service registry data changes from persistent data store.

Package org.apereo.cas.configuration.model.support.sms

Class org.apereo.cas.configuration.model.support.sms.AmazonSnsProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-3366665169030844517L

Serialized Fields

maxPrice

java.lang.String maxPrice

The maximum amount in USD that you are willing to spend to send the SMS message. Amazon SNS will not send the message if it determines that doing so would incur a cost that exceeds the maximum price. This attribute has no effect if your month-to-date SMS costs have already exceeded the limit set for the MonthlySpendLimit attribute, which you set by using the SetSMSAttributes request. If you are sending the message to an Amazon SNS topic, the maximum price applies to each message delivery to each phone number that is subscribed to the topic.

senderId

java.lang.String senderId

A custom ID that contains up to 11 alphanumeric characters, including at least one letter and no spaces. The sender ID is displayed as the message sender on the receiving device. For example, you can use your business brand to make the message source easier to recognize. Support for sender IDs varies by country and/or region. For example, messages delivered to U.S. phone numbers will not display the sender ID. If you do not specify a sender ID, the message will display a long code as the sender ID in supported countries and regions. For countries or regions that require an alphabetic sender ID, the message displays NOTICE as the sender ID.

smsType

java.lang.String smsType

The type of message that you are sending.

• Promotional - Noncritical messages, such as marketing messages. Amazon SNS optimizes the message delivery to incur the lowest cost.
• Transactional – Critical messages that support customer transactions, such as one-time passcodes for multi-factor authentication. Amazon SNS optimizes the message delivery to achieve the highest reliability.

Class org.apereo.cas.configuration.model.support.sms.ClickatellProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2147844690349952176L

Serialized Fields

serverUrl

java.lang.String serverUrl

URL to contact and send messages.

token

java.lang.String token

Secure token used to establish a handshake with the service.

Class org.apereo.cas.configuration.model.support.sms.GroovySmsProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.sms.NexmoProperties extends java.lang.Object implements Serializable

serialVersionUID:

7546596773588579321L

Serialized Fields

apiSecret

java.lang.String apiSecret

Nexmo API secret obtained from Nexmo.

apiToken

java.lang.String apiToken

Nexmo API token obtained from Nexmo.

signatureSecret

java.lang.String signatureSecret

Nexmo Signature secret obtained from Nexmo.

Class org.apereo.cas.configuration.model.support.sms.RestfulSmsProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Class org.apereo.cas.configuration.model.support.sms.SmsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3713886839517507306L

Serialized Fields

attributeName

java.lang.String attributeName

Principal attribute name that indicates the destination phone number for this SMS message. The attribute must already be resolved and available to the CAS principal.

from

java.lang.String from

The from address for the message.

text

java.lang.String text

The body of the SMS message.

Class org.apereo.cas.configuration.model.support.sms.SmsProvidersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3713886839517507306L

Serialized Fields

clickatell

ClickatellProperties clickatell

Clickatell settings.

groovy

GroovySmsProperties groovy

Groovy script for sending sms notifications.

nexmo

NexmoProperties nexmo

Nexmo settings.

rest

RestfulSmsProperties rest

Send SMS via via REST.

sns

AmazonSnsProperties sns

SNS settings.

textMagic

TextMagicProperties textMagic

TextMagic settings.

twilio

TwilioProperties twilio

Twilio settings.

Class org.apereo.cas.configuration.model.support.sms.TextMagicProperties extends java.lang.Object implements Serializable

serialVersionUID:

5645993472155203013L

Serialized Fields

apiKey

java.lang.String apiKey

set API key value for the first API key authentication.

apiKeyPrefix

java.lang.String apiKeyPrefix

set API key prefix for the first API key authentication.

connectTimeout

int connectTimeout

connect timeout (in milliseconds).

debugging

boolean debugging

Check that whether debugging is enabled for this API client.

password

java.lang.String password

set password for the first HTTP basic authentication.

readTimeout

int readTimeout

read timeout (in milliseconds).

token

java.lang.String token

Secure token used to establish a handshake.

userAgent

java.lang.String userAgent

Set the User-Agent header's value (by adding to the default header map).

username

java.lang.String username

Username authorized to use the service as the bind account.

verifyingSsl

boolean verifyingSsl

Should SSL connections be verified?

writeTimeout

int writeTimeout

write timeout (in milliseconds).

Class org.apereo.cas.configuration.model.support.sms.TwilioProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7043132225482495229L

Serialized Fields

accountId

java.lang.String accountId

Twilio account identifier used for authentication.

token

java.lang.String token

Twilio secret token used for authentication.

Package org.apereo.cas.configuration.model.support.soap

Class org.apereo.cas.configuration.model.support.soap.SoapAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7297575260958941037L

Serialized Fields

name

java.lang.String name

The name of the authentication handler.

order

int order

The order of this authentication handler in the chain.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

url

java.lang.String url

URL of the SOAP endpoint.

Package org.apereo.cas.configuration.model.support.spnego

Class org.apereo.cas.configuration.model.support.spnego.SpnegoAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4513529663377430783L

Serialized Fields

cachePolicy

long cachePolicy

Jcifs Netbios cache policy.

jcifsDomain

java.lang.String jcifsDomain

The Jcifs domain.

jcifsDomainController

java.lang.String jcifsDomainController

The Jcifs domain controller.

jcifsNetbiosWins

java.lang.String jcifsNetbiosWins

The Jcifs netbios wins.

jcifsPassword

java.lang.String jcifsPassword

The Jcifs password.

jcifsServicePassword

java.lang.String jcifsServicePassword

The Jcifs service password.

jcifsServicePrincipal

java.lang.String jcifsServicePrincipal

The Jcifs service principal.

jcifsUsername

java.lang.String jcifsUsername

The Jcifs username.

timeout

java.lang.String timeout

Spnego JCIFS timeout.

Class org.apereo.cas.configuration.model.support.spnego.SpnegoLdapProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-8835216200501334936L

Class org.apereo.cas.configuration.model.support.spnego.SpnegoProperties extends java.lang.Object implements Serializable

serialVersionUID:

8084143496524446970L

Serialized Fields

alternativeRemoteHostAttribute

java.lang.String alternativeRemoteHostAttribute

Alternative header name to use in order to find the host address.

dnsTimeout

java.lang.String dnsTimeout

When validating clients, specifies the DNS timeout used to look up an address.

hostNameClientActionStrategy

java.lang.String hostNameClientActionStrategy

The bean id of a webflow action whose job is to evaluate the client host to see if the request is authorized for spnego. Supported strategies include hostnameSpnegoClientAction where CAS checks to see if the request’s remote hostname matches a predefine pattern. and ldapSpnegoClientAction where CAS checks an LDAP instance for the remote hostname, to locate a pre-defined attribute whose mere existence would allow the webflow to resume to SPNEGO.

hostNamePatternString

java.lang.String hostNamePatternString

A regex pattern that indicates whether the client host name is allowed for spnego.

ipsToCheckPattern

java.lang.String ipsToCheckPattern

A regex pattern that indicates whether the client IP is allowed for spnego.

ldap

SpnegoLdapProperties ldap

LDAP settings for spnego to validate clients, etc.

mixedModeAuthentication

boolean mixedModeAuthentication

If true, does not terminate authentication and allows CAS to resume and fallback to normal authentication means such as uid/psw via the login page. If disallowed, considers spnego authentication to be final in the event of failures.

name

java.lang.String name

Name of the authentication handler.

ntlm

boolean ntlm

Determines the header to set and the message prefix when negotiating spnego.

ntlmAllowed

boolean ntlmAllowed

Allows authentication if spnego credential is marked as NTLM.

order

int order

The order of the authentication handler in the chain.

principal

PersonDirectoryPrincipalResolverProperties principal

Password encoding settings for this authentication.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

principalWithDomainName

boolean principalWithDomainName

If specified, will create the principal by ths name on successful authentication.

properties

java.util.List<SpnegoAuthenticationProperties> properties

Individual authentication settings for spengo that are grouped and fed to the spnego authentication object to form a collection.

send401OnAuthenticationFailure

boolean send401OnAuthenticationFailure

If the authenticated principal cannot be determined from the spegno credential, will set the http status code to 401.

spnegoAttributeName

java.lang.String spnegoAttributeName

In case LDAP is used to validate clients, this is the attribute that indicates the host.

supportedBrowsers

java.lang.String supportedBrowsers

Begins negotiating spnego if the user-agent is one of the supported browsers.

system

SpnegoSystemProperties system

Spnego settings that apply as system properties.

webflow

WebflowAutoConfigurationProperties webflow

The webflow configuration.

Class org.apereo.cas.configuration.model.support.spnego.SpnegoSystemProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7213507143858237596L

Serialized Fields

kerberosConf

java.lang.String kerberosConf

The Kerberos conf. As with all Kerberos installations, a Kerberos Key Distribution Center (KDC) is required. It needs to contain the user name and password you will use to be authenticated to Kerberos. As with most Kerberos installations, a Kerberos configuration file krb5.conf is consulted to determine such things as the default realm and KDC. Typically, the default realm and the KDC for that realm are indicated in the Kerberos krb5.conf configuration file. The path to the configuration file must typically be defined as an absolute path.

kerberosDebug

java.lang.String kerberosDebug

The Kerberos debug.

kerberosKdc

java.lang.String kerberosKdc

The Kerberos kdc.

kerberosRealm

java.lang.String kerberosRealm

The Kerberos realm.

loginConf

java.lang.String loginConf

The Login conf.Absolute path to the jaas login configuration file. This should define the spnego authentication details. Make sure you have at least specified the JCIFS Service Principal defined.

useSubjectCredsOnly

boolean useSubjectCredsOnly

The Use subject creds only.

Package org.apereo.cas.configuration.model.support.surrogate

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2088813217398883623L

Serialized Fields

couchDb

SurrogateCouchDbAuthenticationProperties couchDb

Locate surrogate accounts via CouchDB.

jdbc

SurrogateJdbcAuthenticationProperties jdbc

Locate surrogate accounts via a JDBC resource.

json

SurrogateJsonAuthenticationProperties json

Locate surrogate accounts via a JSON resource.

ldap

SurrogateLdapAuthenticationProperties ldap

Locate surrogate accounts via an LDAP server.

mail

EmailProperties mail

Email settings for notifications.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal construction settings.

rest

SurrogateRestfulAuthenticationProperties rest

Locate surrogate accounts via a REST resource.

separator

java.lang.String separator

The separator character used to distinguish between the surrogate account and the admin account.

simple

SurrogateSimpleAuthenticationProperties simple

Locate surrogate accounts via CAS configuration, hardcoded as properties.

sms

SmsProperties sms

SMS settings for notifications.

tgt

SurrogateAuthenticationTicketGrantingTicketProperties tgt

Settings related to tickets issued for surrogate session, their expiration policy, etc.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationTicketGrantingTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

2077366413438267330L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

Timeout in seconds to kill the surrogate session and consider tickets expired.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateCouchDbAuthenticationProperties extends BaseCouchDbProperties implements Serializable

serialVersionUID:

8378399979559955402L

Serialized Fields

profileBased

boolean profileBased

Use user profiles instead of surrogate/principal pairs. If +true+, a list of of principals the user is an authorized surrogate of is stored in the user profile in CouchDb. Most useful with CouchDb authentication or AUP.

surrogatePrincipalsAttribute

java.lang.String surrogatePrincipalsAttribute

Attribute with list of principals the user may surrogate when user surrogates are stored in user profiles.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateJdbcAuthenticationProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

8970195444880123796L

Serialized Fields

surrogateAccountQuery

java.lang.String surrogateAccountQuery

SQL query to use in order to retrieve the list of qualified accounts for impersonation for a given admin user.

surrogateSearchQuery

java.lang.String surrogateSearchQuery

Surrogate query to use to determine whether an admin user can impersonate another user. The query must return an integer count of greater than zero.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateJsonAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

3599367681439517829L

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateLdapAuthenticationProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-3848837302921751926L

Serialized Fields

memberAttributeName

java.lang.String memberAttributeName

Attribute that must be found on the LDAP entry linked to the admin user that tags the account as authorized for impersonation.

memberAttributeValueRegex

java.lang.String memberAttributeValueRegex

A pattern that is matched against the attribute value of the admin user, that allows for further authorization of the admin user and accounts qualified for impersonation. The regular expression pattern is expected to contain at least a single group whose value on a successful match indicates the qualified impersonated user by admin.

surrogateSearchFilter

java.lang.String surrogateSearchFilter

LDAP search filter used to locate the surrogate account.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateRestfulAuthenticationProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

8152273816132989085L

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateSimpleAuthenticationProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

16938920863432222L

Serialized Fields

surrogates

java.util.Map<java.lang.String,java.lang.String> surrogates

Define the list of accounts that are allowed to impersonate. This is done in a key-value structure where the key is the admin user and the value is a comma-separated list of identifiers that can be impersonated by the admin-user.

Package org.apereo.cas.configuration.model.support.syncope

Class org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2446926316502297496L

Serialized Fields

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate.
• 3) Path to an external Groovy script that implements the same interface.

domain

java.lang.String domain

Syncope domain used for authentication, etc.

name

java.lang.String name

Name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for the authentication handler.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

url

java.lang.String url

Syncope instance URL primary used for REST.

Package org.apereo.cas.configuration.model.support.themes

Class org.apereo.cas.configuration.model.support.themes.ThemeProperties extends java.lang.Object implements Serializable

serialVersionUID:

2248773823196496599L

Serialized Fields

defaultThemeName

java.lang.String defaultThemeName

The default theme name of this CAS deployment.

paramName

java.lang.String paramName

The parameter name used to switch themes.

Package org.apereo.cas.configuration.model.support.throttle

Class org.apereo.cas.configuration.model.support.throttle.Bucket4jThrottleProperties extends java.lang.Object implements Serializable

serialVersionUID:

5813165633105563813L

Serialized Fields

blocking

boolean blocking

Whether the request should block until capacity becomes available.

capacity

int capacity

Number of tokens that can be used within the time window.

overdraft

int overdraft

Indicate the overdraft used if requests are above the average capacity. A positive value activates a greedy strategy for producing tokens for capacity.

rangeInSeconds

int rangeInSeconds

Time window in which capacity can be allowed.

Class org.apereo.cas.configuration.model.support.throttle.HazelcastThrottleProperties extends BaseHazelcastProperties implements Serializable

serialVersionUID:

5813165633105563813L

Class org.apereo.cas.configuration.model.support.throttle.JdbcThrottleProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-9199878384425691919L

Serialized Fields

auditQuery

java.lang.String auditQuery

Audit query to execute against the database to locate audit records based on IP, user, date and an application code along with the relevant audit action.

Class org.apereo.cas.configuration.model.support.throttle.ThrottleCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1806129199319966518L

Serialized Fields

appCode

java.lang.String appCode

Application code used to identify this application in the audit logs.

usernameParameter

java.lang.String usernameParameter

Username parameter to use in order to extract the username from the request.

Class org.apereo.cas.configuration.model.support.throttle.ThrottleFailureProperties extends java.lang.Object implements Serializable

Serialized Fields

code

java.lang.String code

Failure code to record in the audit log. Generally this indicates an authentication failure event.

rangeSeconds

int rangeSeconds

Period of time in seconds during which the threshold applies.

threshold

int threshold

Number of failed login attempts permitted in the above period. All login throttling components that ship with CAS limit successive failed login attempts that exceed a threshold rate in failures per second.

Class org.apereo.cas.configuration.model.support.throttle.ThrottleProperties extends java.lang.Object implements Serializable

serialVersionUID:

6813165633105563813L

Serialized Fields

bucket4j

Bucket4jThrottleProperties bucket4j

Settings related to throttling requests using bucket4j.

core

ThrottleCoreProperties core

Core throttling settings.

failure

ThrottleFailureProperties failure

Throttling failure events.

hazelcast

HazelcastThrottleProperties hazelcast

Settings related to throttling requests using hazelcast.

jdbc

JdbcThrottleProperties jdbc

Record authentication throttling events in a JDBC resource.

schedule

SchedulingProperties schedule

Scheduler settings to clean up throttled attempts.

Package org.apereo.cas.configuration.model.support.token

Class org.apereo.cas.configuration.model.support.token.TokenAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

6016124091895278265L

Serialized Fields

crypto

EncryptionOptionalSigningOptionalJwtCryptographyProperties crypto

Crypto settings.

name

java.lang.String name

Name of the authentication handler.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

state

AuthenticationHandlerStates state

Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

webflow

WebflowAutoConfigurationProperties webflow

The webflow configuration.

Package org.apereo.cas.configuration.model.support.trusted

Class org.apereo.cas.configuration.model.support.trusted.TrustedAuthenticationProperties extends PersonDirectoryPrincipalResolverProperties implements Serializable

serialVersionUID:

279410895614233349L

Serialized Fields

name

java.lang.String name

Indicates the name of the authentication handler.

order

java.lang.Integer order

Order of the authentication handler in the chain.

remotePrincipalHeader

java.lang.String remotePrincipalHeader

Indicates the name of the request header that may be extracted from the request as the indicated authenticated userid from the remote authn system.

Package org.apereo.cas.configuration.model.support.uma

Class org.apereo.cas.configuration.model.support.uma.UmaCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

865028615694269276L

Serialized Fields

issuer

java.lang.String issuer

UMA issuer.

Class org.apereo.cas.configuration.model.support.uma.UmaPermissionTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

6624128522839644377L

Serialized Fields

maxTimeToLiveInSeconds

java.lang.String maxTimeToLiveInSeconds

Hard timeout to kill the access token and expire it.

Class org.apereo.cas.configuration.model.support.uma.UmaProperties extends java.lang.Object implements Serializable

serialVersionUID:

865028615694269276L

Serialized Fields

core

UmaCoreProperties core

Handles core settings.

permissionTicket

UmaPermissionTicketProperties permissionTicket

Handles settings related to permission tickets.

requestingPartyToken

UmaRequestingPartyTokenProperties requestingPartyToken

Handles settings related to rpt tokens.

resourceSet

UmaResourceSetProperties resourceSet

Handles settings related to management of resource-sets, etc.

Class org.apereo.cas.configuration.model.support.uma.UmaRequestingPartyTokenProperties extends java.lang.Object implements Serializable

serialVersionUID:

3988708361481340920L

Serialized Fields

jwksFile

SpringResourceProperties jwksFile

Path to the JWKS file that is used to sign the rpt token.

maxTimeToLiveInSeconds

java.lang.String maxTimeToLiveInSeconds

Hard timeout to kill the access token and expire it.

Class org.apereo.cas.configuration.model.support.uma.UmaResourceSetJpaProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

210435146313504995L

Class org.apereo.cas.configuration.model.support.uma.UmaResourceSetProperties extends java.lang.Object implements Serializable

serialVersionUID:

215435145313504895L

Serialized Fields

jpa

UmaResourceSetJpaProperties jpa

Store resource-sets and policies via JPA.

Package org.apereo.cas.configuration.model.support.wsfed

Class org.apereo.cas.configuration.model.support.wsfed.GroovyWsFederationDelegationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationDelegatedCookieProperties extends PinnableCookieProperties implements Serializable

serialVersionUID:

7392972818105536350L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that determine how the cookie should be signed and encrypted.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationDelegationProperties extends java.lang.Object implements Serializable

serialVersionUID:

5743971334977239938L

Serialized Fields

attributeMutatorScript

GroovyWsFederationDelegationProperties attributeMutatorScript

Path to attribute mutator groovy script that allows one to modify wsfed attributes before establishing a final principal.

attributeResolverEnabled

boolean attributeResolverEnabled

Whether CAS should enable its own attribute resolution machinery after having received a response from wsfed.

attributesType

java.lang.String attributesType

Indicates how attributes should be recorded into the principal object. Useful if you wish to additionally resolve attributes on top of what wsfed provides. Accepted values are CAS,WSFED,BOTH.

autoRedirect

boolean autoRedirect

Whether CAS should auto redirect to this wsfed instance.

cookie

WsFederationDelegatedCookieProperties cookie

Signing/encryption settings related to managing the cookie that is used to keep track of the session.

encryptionCertificate

java.lang.String encryptionCertificate

The path to the public key/certificate used to handle and verify encrypted assertions.

encryptionPrivateKey

java.lang.String encryptionPrivateKey

The path to the private key used to handle and verify encrypted assertions.

encryptionPrivateKeyPassword

java.lang.String encryptionPrivateKeyPassword

The private key password.

id

java.lang.String id

Internal identifier for this wsfed configuration. If undefined, the identifier would be auto-generated by CAS itself. In the event that there is more than on CAS server defined in a clustered deployment, this identifier must be statically defined in the configuration.

identityAttribute

java.lang.String identityAttribute

The attribute extracted from the assertion and used to construct the CAS principal id.

identityProviderIdentifier

java.lang.String identityProviderIdentifier

The entity id or the identifier of the Wsfed instance.

identityProviderUrl

java.lang.String identityProviderUrl

Wsfed identity provider url.

name

java.lang.String name

Name of the authentication handler.

order

int order

The order of the authentication handler in the chain.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal resolution settings.

relyingPartyIdentifier

java.lang.String relyingPartyIdentifier

The identifier for CAS (RP) registered with wsfed.

signingCertificateResources

java.lang.String signingCertificateResources

Locations of signing certificates used to verify assertions.

tolerance

java.lang.String tolerance

Tolerance value used to skew assertions to support clock drift.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationIdentityProviderProperties extends java.lang.Object implements Serializable

serialVersionUID:

5190493517277610788L

Serialized Fields

realm

java.lang.String realm

At this point, by default security token service’s endpoint operate using a single realm configuration and identity provider configuration is only able to recognize and request tokens for a single realm. Registration of clients need to ensure this value is matched.

realmName

java.lang.String realmName

Realm name.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8679379856243224647L

Serialized Fields

idp

WsFederationIdentityProviderProperties idp

Settings related to the wed-fed identity provider.

sts

WsFederationSecurityTokenServiceProperties sts

Settings related to the we-fed security token service.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationSecurityTokenServiceProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1155140161252595793L

Serialized Fields

conditionsAcceptClientLifetime

boolean conditionsAcceptClientLifetime

Set whether client lifetime is accepted.

conditionsFailLifetimeExceedance

boolean conditionsFailLifetimeExceedance

If requested lifetime exceeds shall it fail (default) or overwrite with maximum lifetime.

conditionsFutureTimeToLive

java.lang.String conditionsFutureTimeToLive

Get how long (in seconds) a client-supplied Created Element is allowed to be in the future. The default is 60 seconds to avoid common problems relating to clock skew.

conditionsLifetime

java.lang.String conditionsLifetime

Set the default lifetime in seconds for issued SAML tokens.

conditionsMaxLifetime

java.lang.String conditionsMaxLifetime

Set the maximum lifetime in seconds for issued SAML tokens.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings used to secure calls between the idp and the sts.

customClaims

java.util.List<java.lang.String> customClaims

Collection of fully-qualified claims prefixed with the appropriate namespace that are expected to be released via attribute release policy.

encryptionKeystoreFile

java.lang.String encryptionKeystoreFile

Keystore path used to encrypt tokens.

encryptionKeystorePassword

java.lang.String encryptionKeystorePassword

Keystore password used to encrypt tokens.

encryptTokens

boolean encryptTokens

Whether tokens generated by STS should encrypted.

realm

WsFederationSecurityTokenServiceRealmProperties realm

Realm definition settings that define this CAS server.

signingKeystoreFile

java.lang.String signingKeystoreFile

Keystore path used to sign tokens.

signingKeystorePassword

java.lang.String signingKeystorePassword

Keystore password used to sign tokens.

signTokens

boolean signTokens

Set whether the provided token will be signed or not. Default is true.

subjectNameIdFormat

java.lang.String subjectNameIdFormat

When generating a SAML token, indicates the subject name-id format to use. Accepted values are:

• unspecified
• email
• transient
• persistent
• entity

subjectNameQualifier

java.lang.String subjectNameQualifier

When generating a SAML token, indicates the subject name-id qualifier to use.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationSecurityTokenServiceRealmProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2209230334376432934L

Serialized Fields

issuer

java.lang.String issuer

Issuer/name of the realm identified and registered with STS.

keyPassword

java.lang.String keyPassword

Key alias associated with the this realm.

keystoreAlias

java.lang.String keystoreAlias

Key alias associated with the this realm.

keystoreFile

java.lang.String keystoreFile

Keystore path associated with the this realm.

keystorePassword

java.lang.String keystorePassword

Keystore password associated with the this realm.

Package org.apereo.cas.configuration.model.support.x509

Class org.apereo.cas.configuration.model.support.x509.BaseAlternativePrincipalResolverProperties extends java.lang.Object implements Serializable

serialVersionUID:

4770829035414038072L

Serialized Fields

alternatePrincipalAttribute

java.lang.String alternatePrincipalAttribute

Attribute name that will be used by X509 principal resolvers if the main attribute in the certificate is not present. This only applies to principal resolvers that are looking for attributes in the certificate that are not common to all certificates. (e.g. SUBJECT_ALT_NAME, CN_EDIPI)

This assumes you would rather get something like the subjectDn rather than null where null would allow falling through to another authentication mechanism.

Currently supported values are: subjectDn, sigAlgOid, subjectX500Principal.

Class org.apereo.cas.configuration.model.support.x509.CnEdipiPrincipalResolverProperties extends BaseAlternativePrincipalResolverProperties implements Serializable

serialVersionUID:

2622326703782668141L

Serialized Fields

extractEdipiAsAttribute

boolean extractEdipiAsAttribute

Whether to extract EDIPI as an attribute, regardless of principal resolver type.

Class org.apereo.cas.configuration.model.support.x509.Rfc822EmailPrincipalResolverProperties extends BaseAlternativePrincipalResolverProperties implements Serializable

serialVersionUID:

-8696449609399074305L

Class org.apereo.cas.configuration.model.support.x509.SerialNoDnPrincipalResolverProperties extends java.lang.Object implements Serializable

serialVersionUID:

1259126639860604739L

Serialized Fields

serialNumberPrefix

java.lang.String serialNumberPrefix

The serial number prefix used for principal resolution when type is set to X509Properties.PrincipalTypes.SERIAL_NO_DN.

valueDelimiter

java.lang.String valueDelimiter

Value delimiter used for principal resolution when type is set to X509Properties.PrincipalTypes.SERIAL_NO_DN.

Class org.apereo.cas.configuration.model.support.x509.SerialNoPrincipalResolverProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4935371089672080311L

Serialized Fields

principalHexSNZeroPadding

boolean principalHexSNZeroPadding

If radix hex padding should be used when X509Properties.PrincipalTypes is X509Properties.PrincipalTypes.SERIAL_NO.

principalSNRadix

int principalSNRadix

Radix used when X509Properties.PrincipalTypes is X509Properties.PrincipalTypes.SERIAL_NO.

Class org.apereo.cas.configuration.model.support.x509.SubjectAltNamePrincipalResolverProperties extends BaseAlternativePrincipalResolverProperties implements Serializable

serialVersionUID:

-8696449609399074305L

Class org.apereo.cas.configuration.model.support.x509.SubjectDnPrincipalResolverProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1833042842488884318L

Serialized Fields

format

SubjectDnPrincipalResolverProperties.SubjectDnFormat format

Format of subject DN to use.

Class org.apereo.cas.configuration.model.support.x509.X509LdapProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-1655068554291000206L

Serialized Fields

certificateAttribute

java.lang.String certificateAttribute

The LDAP attribute that holds the certificate revocation list.

Class org.apereo.cas.configuration.model.support.x509.X509Properties extends java.lang.Object implements Serializable

serialVersionUID:

-9032744084671270366L

Serialized Fields

cacheDiskOverflow

boolean cacheDiskOverflow

When CRLs are cached, indicate whether cache should overflow to disk.

cacheDiskSize

java.lang.String cacheDiskSize

Size of cache on disk.

cacheEternal

boolean cacheEternal

When CRLs are cached, indicate if cache items should be eternal.

cacheMaxElementsInMemory

int cacheMaxElementsInMemory

When CRLs are cached, indicate maximum number of elements kept in memory.

cacheTimeToLiveSeconds

long cacheTimeToLiveSeconds

When CRLs are cached, indicate the time-to-live of cache items.

checkAll

boolean checkAll

Whether revocation checking should check all resources, or stop at first one.

checkKeyUsage

boolean checkKeyUsage

Deployer supplied setting to check the KeyUsage extension.

cnEdipi

CnEdipiPrincipalResolverProperties cnEdipi

Principal resolver properties for CN_EDIPI resolver type.

crlExpiredPolicy

java.lang.String crlExpiredPolicy

If the CRL has expired, activate the this policy. Activated if X509Properties.revocationChecker is CRL. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

crlFetcher

java.lang.String crlFetcher

Options to describe how to fetch CRL resources. To fetch CRLs, the following options are available:

• RESOURCE: By default, all revocation checks use fixed resources to fetch the CRL resource from the specified location.
• LDAP: A CRL resource may be fetched from a pre-configured attribute, in the event that the CRL resource location is an LDAP URI.

crlResourceExpiredPolicy

java.lang.String crlResourceExpiredPolicy

If the CRL resource has expired, activate the this policy. Activated if X509Properties.revocationChecker is RESOURCE. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

crlResources

java.util.List<java.lang.String> crlResources

List of CRL resources to use for fetching.

crlResourceUnavailablePolicy

java.lang.String crlResourceUnavailablePolicy

If the CRL resource is unavailable, activate the this policy. Activated if X509Properties.revocationChecker is RESOURCE. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

crlUnavailablePolicy

java.lang.String crlUnavailablePolicy

If the CRL is unavailable, activate the this policy. Activated if X509Properties.revocationChecker is CRL. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

extractCert

boolean extractCert

Whether to extract certificate from request. The default implementation extracts certificate from header via Tomcat SSLValve parsing logic and using the X509Properties.DEFAULT_CERT_HEADER_NAME header. Must be false by default because if someone enables it they need to make sure they are behind proxy that won't let the header arrive directly from the browser.

ldap

X509LdapProperties ldap

LDAP settings when fetching CRLs from LDAP.

maxPathLength

int maxPathLength

Deployer supplied setting for maximum pathLength in a SUPPLIED certificate.

maxPathLengthAllowUnspecified

boolean maxPathLengthAllowUnspecified

Deployer supplied setting to allow unlimited pathLength in a SUPPLIED certificate.

mixedMode

boolean mixedMode

Determine whether X509 authentication should allow other forms of authentication such as username/password. If this setting is turned off, typically the ability to view the login form as the primary form of authentication is turned off.

name

java.lang.String name

The authentication handler name.

order

int order

The order of the authentication handler in the chain.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal resolution properties.

principalDescriptor

java.lang.String principalDescriptor

The principal descriptor used for principal resolution when type is set to X509Properties.PrincipalTypes.SUBJECT.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

principalType

X509Properties.PrincipalTypes principalType

Indicates the type of principal resolution for X509.

refreshIntervalSeconds

int refreshIntervalSeconds

The refresh interval of the internal scheduler in cases where CRL revocation checking is done via resources.

regExSubjectDnPattern

java.lang.String regExSubjectDnPattern

The pattern that authorizes an acceptable certificate by its subject dn.

regExTrustedIssuerDnPattern

java.lang.String regExTrustedIssuerDnPattern

The compiled pattern supplied by the deployer.

requireKeyUsage

boolean requireKeyUsage

Deployer supplied setting to force require the correct KeyUsage extension.

revocationChecker

java.lang.String revocationChecker

Revocation certificate checking can be carried out in one of the following ways:

• NONE: No revocation is performed.
• CRL: The CRL URI(s) mentioned in the certificate cRLDistributionPoints extension field. Caches are available to prevent excessive IO against CRL endpoints. CRL data is fetched if does not exist in the cache or if it is expired.
• RESOURCE: A CRL hosted at a fixed location. The CRL is fetched at periodic intervals and cached.

revocationPolicyThreshold

int revocationPolicyThreshold

Threshold value if expired CRL revocation policy is to be handled via threshold.

rfc822Email

Rfc822EmailPrincipalResolverProperties rfc822Email

Principal resolver properties for RFC822_EMAIL resolver type.

serialNo

SerialNoPrincipalResolverProperties serialNo

Principal resolver properties for SERIAL_NO resolver type.

serialNoDn

SerialNoDnPrincipalResolverProperties serialNoDn

Principal resolver properties for SERIAL_NO_DN resolver type.

sslHeaderName

java.lang.String sslHeaderName

The name of the header to consult for an X509 cert (e.g. when behind proxy).

subjectAltName

SubjectAltNamePrincipalResolverProperties subjectAltName

Principal resolver properties for SUBJECT_ALT_NAME resolver type.

subjectDn

SubjectDnPrincipalResolverProperties subjectDn

Principal resolver properties for SUBJECT_DN resolver type.

throwOnFetchFailure

boolean throwOnFetchFailure

When CRL revocation checking is done via distribution points, decide if fetch failures should throw errors.

webflow

X509WebflowAutoConfigurationProperties webflow

The webflow configuration.

Class org.apereo.cas.configuration.model.support.x509.X509WebflowAutoConfigurationProperties extends WebflowAutoConfigurationProperties implements Serializable

serialVersionUID:

2744305877450488111L

Serialized Fields

clientAuth

java.lang.String clientAuth

Indicate the strategy that should be used to enforce client x509 authentication. Accepted values are true, false, want.

port

int port

Port that is used to enact x509 client authentication as a separate connector. Configuration of a separate server connector and port allows the separation of client-auth functionality from the rest of the server, allowing for opt-in behavior. To activate, a non-zero port must be specified.