Class BaseAlternativePrincipalResolverProperties
java.lang.Object
org.apereo.cas.configuration.model.support.x509.BaseAlternativePrincipalResolverProperties
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
CnEdipiPrincipalResolverProperties
,Rfc822EmailPrincipalResolverProperties
,SubjectAltNamePrincipalResolverProperties
@RequiresModule(name="cas-server-support-x509-webflow")
public abstract class BaseAlternativePrincipalResolverProperties
extends Object
implements Serializable
- Since:
- 6.0.0
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionAttribute name that will be used by X509 principal resolvers if the main attribute in the certificate is not present.setAlternatePrincipalAttribute
(String alternatePrincipalAttribute) Attribute name that will be used by X509 principal resolvers if the main attribute in the certificate is not present.
-
Constructor Details
-
BaseAlternativePrincipalResolverProperties
public BaseAlternativePrincipalResolverProperties()
-
-
Method Details
-
getAlternatePrincipalAttribute
Attribute name that will be used by X509 principal resolvers if the main attribute in the certificate is not present. This only applies to principal resolvers that are looking for attributes in the certificate that are not common to all certificates. (e.g.SUBJECT_ALT_NAME
,CN_EDIPI
)This assumes you would rather get something like the
subjectDn
rather thannull
wherenull
would allow falling through to another authentication mechanism.Currently supported values are:
subjectDn
,sigAlgOid
,subjectX500Principal
. -
setAlternatePrincipalAttribute
public BaseAlternativePrincipalResolverProperties setAlternatePrincipalAttribute(String alternatePrincipalAttribute) Attribute name that will be used by X509 principal resolvers if the main attribute in the certificate is not present. This only applies to principal resolvers that are looking for attributes in the certificate that are not common to all certificates. (e.g.SUBJECT_ALT_NAME
,CN_EDIPI
)This assumes you would rather get something like the
subjectDn
rather thannull
wherenull
would allow falling through to another authentication mechanism.Currently supported values are:
subjectDn
,sigAlgOid
,subjectX500Principal
.- Returns:
this
.
-