Class PersonDirectoryPrincipalResolverProperties
java.lang.Object
org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties
- All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-authentication",
automated=true)
public class PersonDirectoryPrincipalResolverProperties
extends Object
implements Serializable
Configuration properties class for Person Directory.
- Since:
- 5.0.0
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionActivated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled.Control the behavior of the attribute repository selection by authentication method or handler.Whether attribute repositories should be contacted to fetch person attributes.Attribute name to use to indicate the identifier of the principal constructed.In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain.When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements.Principal transformation properties.Return a null principal object if no attributes can be found for the principal.Uses an existing principal id that may have already been established in order to run person directory queries.setActiveAttributeRepositoryIds
(String activeAttributeRepositoryIds) Activated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled.setAttributeRepositorySelection
(Map<String, String> attributeRepositorySelection) Control the behavior of the attribute repository selection by authentication method or handler.setAttributeResolutionEnabled
(TriStateBoolean attributeResolutionEnabled) Whether attribute repositories should be contacted to fetch person attributes.setPrincipalAttribute
(String principalAttribute) Attribute name to use to indicate the identifier of the principal constructed.setPrincipalResolutionConflictStrategy
(String principalResolutionConflictStrategy) In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain.setPrincipalResolutionFailureFatal
(TriStateBoolean principalResolutionFailureFatal) When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements.setPrincipalTransformation
(PrincipalTransformationProperties principalTransformation) Principal transformation properties.setReturnNull
(TriStateBoolean returnNull) Return a null principal object if no attributes can be found for the principal.setUseExistingPrincipalId
(TriStateBoolean useExistingPrincipalId) Uses an existing principal id that may have already been established in order to run person directory queries.
-
Constructor Details
-
PersonDirectoryPrincipalResolverProperties
public PersonDirectoryPrincipalResolverProperties()
-
-
Method Details
-
getPrincipalAttribute
Attribute name to use to indicate the identifier of the principal constructed. If the attribute is blank or has no values, the default principal id will be used determined by the underlying authentication engine. The principal id attribute usually is removed from the collection of attributes collected, though this behavior depends on the schematics of the underlying authentication strategy. -
getReturnNull
Return a null principal object if no attributes can be found for the principal. -
getPrincipalResolutionFailureFatal
When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements. Otherwise, logs the condition as an error without raising a catastrophic error. -
getUseExistingPrincipalId
Uses an existing principal id that may have already been established in order to run person directory queries. This is generally useful in situations where authentication is delegated to an external identity provider and a principal is first established to then query an attribute source. -
getAttributeResolutionEnabled
Whether attribute repositories should be contacted to fetch person attributes. Defaults to true if not set. -
getActiveAttributeRepositoryIds
Activated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled. The list here may include identifiers separated by comma. -
getPrincipalResolutionConflictStrategy
In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain. Accepted values are:last
,first
. -
getPrincipalTransformation
Principal transformation properties. -
getAttributeRepositorySelection
Control the behavior of the attribute repository selection by authentication method or handler. The map here is keyed by the authentication handler name, and the value is the attribute repository identifiers separated by comma. When the authentication handler is executed, the attribute repositories assigned to this handler will be selected to fetch attributes. Note that the resolution engine will always favor attribute repositories assigned to the service definition, if any and as part of its authentication policy, over this global setting. -
setPrincipalAttribute
Attribute name to use to indicate the identifier of the principal constructed. If the attribute is blank or has no values, the default principal id will be used determined by the underlying authentication engine. The principal id attribute usually is removed from the collection of attributes collected, though this behavior depends on the schematics of the underlying authentication strategy.- Returns:
this
.
-
setReturnNull
Return a null principal object if no attributes can be found for the principal.- Returns:
this
.
-
setPrincipalResolutionFailureFatal
public PersonDirectoryPrincipalResolverProperties setPrincipalResolutionFailureFatal(TriStateBoolean principalResolutionFailureFatal) When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements. Otherwise, logs the condition as an error without raising a catastrophic error.- Returns:
this
.
-
setUseExistingPrincipalId
public PersonDirectoryPrincipalResolverProperties setUseExistingPrincipalId(TriStateBoolean useExistingPrincipalId) Uses an existing principal id that may have already been established in order to run person directory queries. This is generally useful in situations where authentication is delegated to an external identity provider and a principal is first established to then query an attribute source.- Returns:
this
.
-
setAttributeResolutionEnabled
public PersonDirectoryPrincipalResolverProperties setAttributeResolutionEnabled(TriStateBoolean attributeResolutionEnabled) Whether attribute repositories should be contacted to fetch person attributes. Defaults to true if not set.- Returns:
this
.
-
setActiveAttributeRepositoryIds
public PersonDirectoryPrincipalResolverProperties setActiveAttributeRepositoryIds(String activeAttributeRepositoryIds) Activated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled. The list here may include identifiers separated by comma.- Returns:
this
.
-
setPrincipalResolutionConflictStrategy
public PersonDirectoryPrincipalResolverProperties setPrincipalResolutionConflictStrategy(String principalResolutionConflictStrategy) In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain. Accepted values are:last
,first
.- Returns:
this
.
-
setPrincipalTransformation
public PersonDirectoryPrincipalResolverProperties setPrincipalTransformation(PrincipalTransformationProperties principalTransformation) Principal transformation properties.- Returns:
this
.
-
setAttributeRepositorySelection
public PersonDirectoryPrincipalResolverProperties setAttributeRepositorySelection(Map<String, String> attributeRepositorySelection) Control the behavior of the attribute repository selection by authentication method or handler. The map here is keyed by the authentication handler name, and the value is the attribute repository identifiers separated by comma. When the authentication handler is executed, the attribute repositories assigned to this handler will be selected to fetch attributes. Note that the resolution engine will always favor attribute repositories assigned to the service definition, if any and as part of its authentication policy, over this global setting.- Returns:
this
.
-