Package org.apereo.cas.configuration.model.core.authentication

Class PersonDirectoryPrincipalResolverProperties

java.lang.Object
org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-authentication", automated=true) public class PersonDirectoryPrincipalResolverProperties extends Object implements Serializable
Configuration properties class for Person Directory.
Since:
5.0.0
See Also:

  • Constructor Details

    • PersonDirectoryPrincipalResolverProperties

      public PersonDirectoryPrincipalResolverProperties()

  • Method Details

    • getPrincipalAttribute

      public String getPrincipalAttribute()
      Attribute name to use to indicate the identifier of the principal constructed. If the attribute is blank or has no values, the default principal id will be used determined by the underlying authentication engine. The principal id attribute usually is removed from the collection of attributes collected, though this behavior depends on the schematics of the underlying authentication strategy.

    • getReturnNull

      public TriStateBoolean getReturnNull()
      Return a null principal object if no attributes can be found for the principal.

    • getPrincipalResolutionFailureFatal

      public TriStateBoolean getPrincipalResolutionFailureFatal()
      When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements. Otherwise, logs the condition as an error without raising a catastrophic error.

    • getUseExistingPrincipalId

      public TriStateBoolean getUseExistingPrincipalId()
      Uses an existing principal id that may have already been established in order to run person directory queries. This is generally useful in situations where authentication is delegated to an external identity provider and a principal is first established to then query an attribute source.

    • getAttributeResolutionEnabled

      public TriStateBoolean getAttributeResolutionEnabled()
      Whether attribute repositories should be contacted to fetch person attributes. Defaults to true if not set.

    • getActiveAttributeRepositoryIds

      public String getActiveAttributeRepositoryIds()
      Activated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled. The list here may include identifiers separated by comma.

    • getPrincipalResolutionConflictStrategy

      public String getPrincipalResolutionConflictStrategy()
      In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain. Accepted values are: last, first.

    • getPrincipalTransformation

      public PrincipalTransformationProperties getPrincipalTransformation()
      Principal transformation properties.

    • getAttributeRepositorySelection

      public Map<String,String> getAttributeRepositorySelection()
      Control the behavior of the attribute repository selection by authentication method or handler. The map here is keyed by the authentication handler name, and the value is the attribute repository identifiers separated by comma. When the authentication handler is executed, the attribute repositories assigned to this handler will be selected to fetch attributes. Note that the resolution engine will always favor attribute repositories assigned to the service definition, if any and as part of its authentication policy, over this global setting.

    • setPrincipalAttribute

      public PersonDirectoryPrincipalResolverProperties setPrincipalAttribute(String principalAttribute)
      Attribute name to use to indicate the identifier of the principal constructed. If the attribute is blank or has no values, the default principal id will be used determined by the underlying authentication engine. The principal id attribute usually is removed from the collection of attributes collected, though this behavior depends on the schematics of the underlying authentication strategy.
      Returns:
      this.

    • setReturnNull

      public PersonDirectoryPrincipalResolverProperties setReturnNull(TriStateBoolean returnNull)
      Return a null principal object if no attributes can be found for the principal.
      Returns:
      this.

    • setPrincipalResolutionFailureFatal

      public PersonDirectoryPrincipalResolverProperties setPrincipalResolutionFailureFatal(TriStateBoolean principalResolutionFailureFatal)
      When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements. Otherwise, logs the condition as an error without raising a catastrophic error.
      Returns:
      this.

    • setUseExistingPrincipalId

      public PersonDirectoryPrincipalResolverProperties setUseExistingPrincipalId(TriStateBoolean useExistingPrincipalId)
      Uses an existing principal id that may have already been established in order to run person directory queries. This is generally useful in situations where authentication is delegated to an external identity provider and a principal is first established to then query an attribute source.
      Returns:
      this.

    • setAttributeResolutionEnabled

      public PersonDirectoryPrincipalResolverProperties setAttributeResolutionEnabled(TriStateBoolean attributeResolutionEnabled)
      Whether attribute repositories should be contacted to fetch person attributes. Defaults to true if not set.
      Returns:
      this.

    • setActiveAttributeRepositoryIds

      public PersonDirectoryPrincipalResolverProperties setActiveAttributeRepositoryIds(String activeAttributeRepositoryIds)
      Activated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled. The list here may include identifiers separated by comma.
      Returns:
      this.

    • setPrincipalResolutionConflictStrategy

      public PersonDirectoryPrincipalResolverProperties setPrincipalResolutionConflictStrategy(String principalResolutionConflictStrategy)
      In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain. Accepted values are: last, first.
      Returns:
      this.

    • setPrincipalTransformation

      public PersonDirectoryPrincipalResolverProperties setPrincipalTransformation(PrincipalTransformationProperties principalTransformation)
      Principal transformation properties.
      Returns:
      this.

    • setAttributeRepositorySelection

      public PersonDirectoryPrincipalResolverProperties setAttributeRepositorySelection(Map<String,String> attributeRepositorySelection)
      Control the behavior of the attribute repository selection by authentication method or handler. The map here is keyed by the authentication handler name, and the value is the attribute repository identifiers separated by comma. When the authentication handler is executed, the attribute repositories assigned to this handler will be selected to fetch attributes. Note that the resolution engine will always favor attribute repositories assigned to the service definition, if any and as part of its authentication policy, over this global setting.
      Returns:
      this.