Class LdapAuthenticationProperties
java.lang.Object
org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties
org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties
org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties
org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties
- All Implemented Interfaces:
Serializable
,CasFeatureModule
@RequiresModule(name="cas-server-support-ldap")
public class LdapAuthenticationProperties
extends AbstractLdapAuthenticationProperties
This is
LdapAuthenticationProperties
.- Since:
- 5.0.0
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties
AbstractLdapAuthenticationProperties.AuthenticationTypes
Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties
AbstractLdapProperties.LdapConnectionPoolPassivator, AbstractLdapProperties.LdapConnectionStrategy, AbstractLdapProperties.LdapHostnameVerifierOptions, AbstractLdapProperties.LdapTrustManagerOptions, AbstractLdapProperties.LdapType
Nested classes/interfaces inherited from interface org.apereo.cas.configuration.features.CasFeatureModule
CasFeatureModule.FeatureCatalog
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionList of additional attributes to retrieve, if any.A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase.getOrder()
Order of the authentication handler in the chain.Password encoder settings for LDAP authentication.Password policy settings.The attribute to use as the principal identifier built during and upon a successful authentication attempt.List of attributes to retrieve from LDAP.Name of attribute to be used for principal's DN.Principal transformation settings.getState()
Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.boolean
Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.boolean
Sets a flag that determines whether multiple values are allowed for theprincipalAttributeId
.boolean
When entry DN should be called as an attribute and stored into the principal.setAdditionalAttributes
(List<String> additionalAttributes) List of additional attributes to retrieve, if any.setAllowMissingPrincipalAttributeValue
(boolean allowMissingPrincipalAttributeValue) Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.setAllowMultiplePrincipalAttributeValues
(boolean allowMultiplePrincipalAttributeValues) Sets a flag that determines whether multiple values are allowed for theprincipalAttributeId
.setCollectDnAttribute
(boolean collectDnAttribute) When entry DN should be called as an attribute and stored into the principal.setCredentialCriteria
(String credentialCriteria) A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase.Order of the authentication handler in the chain.setPasswordEncoder
(PasswordEncoderProperties passwordEncoder) Password encoder settings for LDAP authentication.setPasswordPolicy
(LdapPasswordPolicyProperties passwordPolicy) Password policy settings.setPrincipalAttributeId
(String principalAttributeId) The attribute to use as the principal identifier built during and upon a successful authentication attempt.setPrincipalAttributeList
(List<String> principalAttributeList) List of attributes to retrieve from LDAP.setPrincipalDnAttributeName
(String principalDnAttributeName) Name of attribute to be used for principal's DN.setPrincipalTransformation
(PrincipalTransformationProperties principalTransformation) Principal transformation settings.Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties
getDerefAliases, getDnFormat, getPrincipalAttributePassword, getResolveFromAttribute, getType, isEnhanceWithEntryResolver, setDerefAliases, setDnFormat, setEnhanceWithEntryResolver, setPrincipalAttributePassword, setResolveFromAttribute, setType
Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties
getBaseDn, getPageSize, getSearchEntryHandlers, getSearchFilter, isSubtreeSearch, setBaseDn, setPageSize, setSearchEntryHandlers, setSearchFilter, setSubtreeSearch
Methods inherited from class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties
getBinaryAttributes, getBindCredential, getBindDn, getBlockWaitTime, getConnectionStrategy, getConnectTimeout, getHostnameVerifier, getIdleTime, getKeystore, getKeystorePassword, getKeystoreType, getLdapUrl, getMaxPoolSize, getMinPoolSize, getName, getPoolPassivator, getPrunePeriod, getResponseTimeout, getSaslAuthorizationId, getSaslMechanism, getSaslMutualAuth, getSaslQualityOfProtection, getSaslRealm, getSaslSecurityStrength, getTrustCertificates, getTrustManager, getTrustStore, getTrustStorePassword, getTrustStoreType, getValidatePeriod, getValidateTimeout, getValidator, isAllowMultipleDns, isAllowMultipleEntries, isDisablePooling, isFailFast, isFollowReferrals, isUseStartTls, isValidateOnCheckout, isValidatePeriodically, setAllowMultipleDns, setAllowMultipleEntries, setBinaryAttributes, setBindCredential, setBindDn, setBlockWaitTime, setConnectionStrategy, setConnectTimeout, setDisablePooling, setFailFast, setFollowReferrals, setHostnameVerifier, setIdleTime, setKeystore, setKeystorePassword, setKeystoreType, setLdapUrl, setMaxPoolSize, setMinPoolSize, setName, setPoolPassivator, setPrunePeriod, setResponseTimeout, setSaslAuthorizationId, setSaslMechanism, setSaslMutualAuth, setSaslQualityOfProtection, setSaslRealm, setSaslSecurityStrength, setTrustCertificates, setTrustManager, setTrustStore, setTrustStorePassword, setTrustStoreType, setUseStartTls, setValidateOnCheckout, setValidatePeriod, setValidatePeriodically, setValidateTimeout, setValidator
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apereo.cas.configuration.features.CasFeatureModule
isDefined, isUndefined
-
Constructor Details
-
LdapAuthenticationProperties
public LdapAuthenticationProperties()
-
-
Method Details
-
getPasswordPolicy
Password policy settings. -
getPrincipalTransformation
Principal transformation settings. -
getPasswordEncoder
Password encoder settings for LDAP authentication. -
getCredentialCriteria
A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:- 1) A regular expression pattern that is tested against the credential identifier.
- 2) A fully qualified class name of your own design that implements
Predicate
. - 3) Path to an external Groovy script that implements the same interface.
-
getPrincipalAttributeId
The attribute to use as the principal identifier built during and upon a successful authentication attempt. -
getPrincipalDnAttributeName
Name of attribute to be used for principal's DN. -
getPrincipalAttributeList
List of attributes to retrieve from LDAP. Attributes can be virtually remapped to multiple names. Examplecn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER
.To fetch and resolve attributes that carry tags/options, consider tagging the mapped attribute as such:
homePostalAddress:homePostalAddress;
. -
isAllowMultiplePrincipalAttributeValues
public boolean isAllowMultiplePrincipalAttributeValues()Sets a flag that determines whether multiple values are allowed for theprincipalAttributeId
. This flag only has an effect ifprincipalAttributeId
is configured. If multiple values are detected when the flag is false, the first value is used and a warning is logged. If multiple values are detected when the flag is true, an exception is raised. -
getAdditionalAttributes
List of additional attributes to retrieve, if any. -
isAllowMissingPrincipalAttributeValue
public boolean isAllowMissingPrincipalAttributeValue()Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found. -
isCollectDnAttribute
public boolean isCollectDnAttribute()When entry DN should be called as an attribute and stored into the principal. -
getOrder
Order of the authentication handler in the chain. -
getState
Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated. -
setPasswordPolicy
Password policy settings.- Returns:
this
.
-
setPrincipalTransformation
public LdapAuthenticationProperties setPrincipalTransformation(PrincipalTransformationProperties principalTransformation) Principal transformation settings.- Returns:
this
.
-
setPasswordEncoder
Password encoder settings for LDAP authentication.- Returns:
this
.
-
setCredentialCriteria
A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:- 1) A regular expression pattern that is tested against the credential identifier.
- 2) A fully qualified class name of your own design that implements
Predicate
. - 3) Path to an external Groovy script that implements the same interface.
- Returns:
this
.
-
setPrincipalAttributeId
The attribute to use as the principal identifier built during and upon a successful authentication attempt.- Returns:
this
.
-
setPrincipalDnAttributeName
Name of attribute to be used for principal's DN.- Returns:
this
.
-
setPrincipalAttributeList
List of attributes to retrieve from LDAP. Attributes can be virtually remapped to multiple names. Examplecn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER
.To fetch and resolve attributes that carry tags/options, consider tagging the mapped attribute as such:
homePostalAddress:homePostalAddress;
.- Returns:
this
.
-
setAllowMultiplePrincipalAttributeValues
public LdapAuthenticationProperties setAllowMultiplePrincipalAttributeValues(boolean allowMultiplePrincipalAttributeValues) Sets a flag that determines whether multiple values are allowed for theprincipalAttributeId
. This flag only has an effect ifprincipalAttributeId
is configured. If multiple values are detected when the flag is false, the first value is used and a warning is logged. If multiple values are detected when the flag is true, an exception is raised.- Returns:
this
.
-
setAdditionalAttributes
List of additional attributes to retrieve, if any.- Returns:
this
.
-
setAllowMissingPrincipalAttributeValue
public LdapAuthenticationProperties setAllowMissingPrincipalAttributeValue(boolean allowMissingPrincipalAttributeValue) Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.- Returns:
this
.
-
setCollectDnAttribute
When entry DN should be called as an attribute and stored into the principal.- Returns:
this
.
-
setOrder
Order of the authentication handler in the chain.- Returns:
this
.
-
setState
Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.- Returns:
this
.
-