Class AdaptiveAuthenticationPolicyProperties
java.lang.Object
org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationPolicyProperties
- All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-authentication",
automated=true)
public class AdaptiveAuthenticationPolicyProperties
extends Object
implements Serializable
- Since:
- 5.0.0
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionComma-separated list of strings representing browser user agents to be rejected from participating in authentication transactions.Comma-separated list of strings representing countries to be rejected from participating in authentication transactions.Comma-separated list of strings representing IP addresses to be rejected from participating in authentication transactions.A map of (mfaProviderId -> adaptiveRegexPattern
) that tells CAS when to trigger an MFA authentication transaction.This property binds a valid mfa provider to a collection of rules that deal with triggering mfa based on that provider based on properties of date/time.setRejectBrowsers
(String rejectBrowsers) Comma-separated list of strings representing browser user agents to be rejected from participating in authentication transactions.setRejectCountries
(String rejectCountries) Comma-separated list of strings representing countries to be rejected from participating in authentication transactions.setRejectIpAddresses
(String rejectIpAddresses) Comma-separated list of strings representing IP addresses to be rejected from participating in authentication transactions.setRequireMultifactor
(Map<String, String> requireMultifactor) A map of (mfaProviderId -> adaptiveRegexPattern
) that tells CAS when to trigger an MFA authentication transaction.setRequireTimedMultifactor
(List<TimeBasedAuthenticationProperties> requireTimedMultifactor) This property binds a valid mfa provider to a collection of rules that deal with triggering mfa based on that provider based on properties of date/time.
-
Constructor Details
-
AdaptiveAuthenticationPolicyProperties
public AdaptiveAuthenticationPolicyProperties()
-
-
Method Details
-
getRejectCountries
Comma-separated list of strings representing countries to be rejected from participating in authentication transactions. -
getRejectBrowsers
Comma-separated list of strings representing browser user agents to be rejected from participating in authentication transactions. -
getRejectIpAddresses
Comma-separated list of strings representing IP addresses to be rejected from participating in authentication transactions. -
getRequireMultifactor
A map of (mfaProviderId -> adaptiveRegexPattern
) that tells CAS when to trigger an MFA authentication transaction.This property binds a valid mfa provider to an adaptive regex pattern representing either IP address, user-agent or geolocation. When either of those collected pieces of adaptive data matches configured regex pattern during authentication event, an MFA authentication transaction is triggered for an MFA provider represented by the map's key.
-
getRequireTimedMultifactor
This property binds a valid mfa provider to a collection of rules that deal with triggering mfa based on that provider based on properties of date/time. One may want to force mfa during weekends, after hours, etc and the ruleset provides a modest configuration set where time can also be treated as trigger. -
setRejectCountries
Comma-separated list of strings representing countries to be rejected from participating in authentication transactions.- Returns:
this
.
-
setRejectBrowsers
Comma-separated list of strings representing browser user agents to be rejected from participating in authentication transactions.- Returns:
this
.
-
setRejectIpAddresses
Comma-separated list of strings representing IP addresses to be rejected from participating in authentication transactions.- Returns:
this
.
-
setRequireMultifactor
public AdaptiveAuthenticationPolicyProperties setRequireMultifactor(Map<String, String> requireMultifactor) A map of (mfaProviderId -> adaptiveRegexPattern
) that tells CAS when to trigger an MFA authentication transaction.This property binds a valid mfa provider to an adaptive regex pattern representing either IP address, user-agent or geolocation. When either of those collected pieces of adaptive data matches configured regex pattern during authentication event, an MFA authentication transaction is triggered for an MFA provider represented by the map's key.
- Returns:
this
.
-
setRequireTimedMultifactor
public AdaptiveAuthenticationPolicyProperties setRequireTimedMultifactor(List<TimeBasedAuthenticationProperties> requireTimedMultifactor) This property binds a valid mfa provider to a collection of rules that deal with triggering mfa based on that provider based on properties of date/time. One may want to force mfa during weekends, after hours, etc and the ruleset provides a modest configuration set where time can also be treated as trigger.- Returns:
this
.
-