Class AzureActiveDirectoryAuthenticationProperties
java.lang.Object
org.apereo.cas.configuration.model.support.azuread.AzureActiveDirectoryAuthenticationProperties
- All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-azuread-authentication")
public class AzureActiveDirectoryAuthenticationProperties
extends Object
implements Serializable
- Since:
- 6.2.0
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionClient id of the application.Client secret of the registered app in microsoft azure portal.A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase.This URL of the security token service that CAS goes to for acquiring tokens for resources and users This URL allows CAS to establish what is called an 'authority'.getName()
The name of the authentication handler.int
getOrder()
The order of this authentication handler in the chain.Password encoding properties.Principal transformation properties.Resource url for the graph API to fetch attributes.getScope()
Scope used when fetching access tokens.getState()
Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.The microsoft tenant id.boolean
Enable authentication against Azure active directory.setClientId
(String clientId) Client id of the application.setClientSecret
(String clientSecret) Client secret of the registered app in microsoft azure portal.setCredentialCriteria
(String credentialCriteria) A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase.setEnabled
(boolean enabled) Enable authentication against Azure active directory.setLoginUrl
(String loginUrl) This URL of the security token service that CAS goes to for acquiring tokens for resources and users This URL allows CAS to establish what is called an 'authority'.The name of the authentication handler.setOrder
(int order) The order of this authentication handler in the chain.setPasswordEncoder
(PasswordEncoderProperties passwordEncoder) Password encoding properties.setPrincipalTransformation
(PrincipalTransformationProperties principalTransformation) Principal transformation properties.setResource
(String resource) Resource url for the graph API to fetch attributes.Scope used when fetching access tokens.Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.The microsoft tenant id.
-
Constructor Details
-
AzureActiveDirectoryAuthenticationProperties
public AzureActiveDirectoryAuthenticationProperties()
-
-
Method Details
-
isEnabled
public boolean isEnabled()Enable authentication against Azure active directory. -
getName
The name of the authentication handler. -
getOrder
public int getOrder()The order of this authentication handler in the chain. -
getPasswordEncoder
Password encoding properties. -
getPrincipalTransformation
Principal transformation properties. -
getClientId
Client id of the application. -
getClientSecret
Client secret of the registered app in microsoft azure portal. -
getLoginUrl
This URL of the security token service that CAS goes to for acquiring tokens for resources and users This URL allows CAS to establish what is called an 'authority'. You can think of the authority as the directory issuing the identities/tokens. The login URL here is then composed ofhttps://<instance>/<tenant>
, where 'instance' is the Azure AD host (such ashttps://login.microsoftonline.com
) and 'tenant' is the domain name (such ascontoso.onmicrosoft.com
) or tenant ID of the directory. Examples of authority URL are:https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163
: for a single tenant application defined in the tenanthttps://login.microsoftonline.com/contoso.onmicrosoft.com
: This representation is like the previous one, but uses the tenant domain name instead of the tenant Id.https://login.microsoftonline.de/contoso.de
: also uses a domain name, but in this case the Azure AD tenant admins have set a custom domain for their tenant, and the instance URL here is for the German national cloud.https://login.microsoftonline.com/common
: in the case of a multi-tenant application, that is an application available in several Azure AD tenants.- It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized
with the convention that the URL should contain adfs like
https://contoso.com/adfs
.
-
getResource
Resource url for the graph API to fetch attributes. -
getCredentialCriteria
A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:- 1) A regular expression pattern that is tested against the credential identifier.
- 2) A fully qualified class name of your own design that implements
Predicate
. - 3) Path to an external Groovy script that implements the same interface.
-
getTenant
The microsoft tenant id. -
getScope
Scope used when fetching access tokens. Multiple scopes may be separated using a comma. -
getState
Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated. -
setEnabled
Enable authentication against Azure active directory.- Returns:
this
.
-
setName
The name of the authentication handler.- Returns:
this
.
-
setOrder
The order of this authentication handler in the chain.- Returns:
this
.
-
setPasswordEncoder
public AzureActiveDirectoryAuthenticationProperties setPasswordEncoder(PasswordEncoderProperties passwordEncoder) Password encoding properties.- Returns:
this
.
-
setPrincipalTransformation
public AzureActiveDirectoryAuthenticationProperties setPrincipalTransformation(PrincipalTransformationProperties principalTransformation) Principal transformation properties.- Returns:
this
.
-
setClientId
Client id of the application.- Returns:
this
.
-
setClientSecret
Client secret of the registered app in microsoft azure portal.- Returns:
this
.
-
setLoginUrl
This URL of the security token service that CAS goes to for acquiring tokens for resources and users This URL allows CAS to establish what is called an 'authority'. You can think of the authority as the directory issuing the identities/tokens. The login URL here is then composed ofhttps://<instance>/<tenant>
, where 'instance' is the Azure AD host (such ashttps://login.microsoftonline.com
) and 'tenant' is the domain name (such ascontoso.onmicrosoft.com
) or tenant ID of the directory. Examples of authority URL are:https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163
: for a single tenant application defined in the tenanthttps://login.microsoftonline.com/contoso.onmicrosoft.com
: This representation is like the previous one, but uses the tenant domain name instead of the tenant Id.https://login.microsoftonline.de/contoso.de
: also uses a domain name, but in this case the Azure AD tenant admins have set a custom domain for their tenant, and the instance URL here is for the German national cloud.https://login.microsoftonline.com/common
: in the case of a multi-tenant application, that is an application available in several Azure AD tenants.- It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized
with the convention that the URL should contain adfs like
https://contoso.com/adfs
.
- Returns:
this
.
-
setResource
Resource url for the graph API to fetch attributes.- Returns:
this
.
-
setCredentialCriteria
public AzureActiveDirectoryAuthenticationProperties setCredentialCriteria(String credentialCriteria) A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:- 1) A regular expression pattern that is tested against the credential identifier.
- 2) A fully qualified class name of your own design that implements
Predicate
. - 3) Path to an external Groovy script that implements the same interface.
- Returns:
this
.
-
setTenant
The microsoft tenant id.- Returns:
this
.
-
setScope
Scope used when fetching access tokens. Multiple scopes may be separated using a comma.- Returns:
this
.
-
setState
Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.- Returns:
this
.
-