Package org.apereo.cas.configuration.model.support.mfa

Class AuthenticationAttributeMultifactorAuthenticationProperties

java.lang.Object
org.apereo.cas.configuration.model.support.mfa.AuthenticationAttributeMultifactorAuthenticationProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-authentication", automated=true) public class AuthenticationAttributeMultifactorAuthenticationProperties extends Object implements Serializable
This is AuthenticationAttributeMultifactorAuthenticationProperties.
Since:
6.4.0
See Also:

  • Constructor Details

    • AuthenticationAttributeMultifactorAuthenticationProperties

      public AuthenticationAttributeMultifactorAuthenticationProperties()

  • Method Details

    • getGlobalAuthenticationAttributeNameTriggers

      public String getGlobalAuthenticationAttributeNameTriggers()
      MFA can be triggered for all users/subjects whose authentication event/metadata has resolved a specific attribute that matches one of the below conditions:
      • Trigger MFA based on a authentication attribute(s) whose value(s) matches a regex pattern. Note that this behavior is only applicable if there is only a single MFA provider configured, since that would allow CAS to know what provider to next activate.
      • Trigger MFA based on a authentication attribute(s) whose value(s) EXACTLY matches an MFA provider. This option is more relevant if you have more than one provider configured or if you have the flexibility of assigning provider ids to attributes as values.
      Needless to say, the attributes need to have been resolved for the authentication event prior to this step. This trigger is generally useful when the underlying authentication engine signals CAS to perform additional validation of credentials. This signal may be captured by CAS as an attribute that is part of the authentication event metadata which can then trigger additional multifactor authentication events.

    • getGlobalAuthenticationAttributeValueRegex

      public String getGlobalAuthenticationAttributeValueRegex()
      The regular expression that is cross matches against the authentication attribute to determine if the account is qualified for multifactor authentication.

    • setGlobalAuthenticationAttributeNameTriggers

      public AuthenticationAttributeMultifactorAuthenticationProperties setGlobalAuthenticationAttributeNameTriggers(String globalAuthenticationAttributeNameTriggers)
      MFA can be triggered for all users/subjects whose authentication event/metadata has resolved a specific attribute that matches one of the below conditions:
      • Trigger MFA based on a authentication attribute(s) whose value(s) matches a regex pattern. Note that this behavior is only applicable if there is only a single MFA provider configured, since that would allow CAS to know what provider to next activate.
      • Trigger MFA based on a authentication attribute(s) whose value(s) EXACTLY matches an MFA provider. This option is more relevant if you have more than one provider configured or if you have the flexibility of assigning provider ids to attributes as values.
      Needless to say, the attributes need to have been resolved for the authentication event prior to this step. This trigger is generally useful when the underlying authentication engine signals CAS to perform additional validation of credentials. This signal may be captured by CAS as an attribute that is part of the authentication event metadata which can then trigger additional multifactor authentication events.
      Returns:
      this.

    • setGlobalAuthenticationAttributeValueRegex

      public AuthenticationAttributeMultifactorAuthenticationProperties setGlobalAuthenticationAttributeValueRegex(String globalAuthenticationAttributeValueRegex)
      The regular expression that is cross matches against the authentication attribute to determine if the account is qualified for multifactor authentication.
      Returns:
      this.