Class BaseMultifactorAuthenticationProviderProperties
java.lang.Object
org.apereo.cas.configuration.model.support.mfa.BaseMultifactorAuthenticationProviderProperties
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
CasSimpleMultifactorAuthenticationProperties
,CasSimpleMultifactorAuthenticationTokenProperties
,DuoSecurityMultifactorAuthenticationProperties
,GoogleAuthenticatorMultifactorProperties
,InweboMultifactorAuthenticationProperties
,RadiusMultifactorAuthenticationProperties
,WebAuthnMultifactorAuthenticationProperties
,YubiKeyMultifactorAuthenticationProperties
@RequiresModule(name="cas-server-core-authentication-mfa")
public abstract class BaseMultifactorAuthenticationProviderProperties
extends Object
implements Serializable
- Since:
- 5.2.0
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
Multifactor bypass options for this provider.The failure mode policy for this MFA provider.getId()
The identifier for the multifactor provider.getName()
The name of the authentication handler used to verify credentials in MFA.int
getOrder()
The order of the authentication handler in the chain.int
getRank()
At times, CAS needs to determine the correct provider when step-up authentication is required.int
hashCode()
Multifactor bypass options for this provider.setFailureMode
(BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes failureMode) The failure mode policy for this MFA provider.The identifier for the multifactor provider.The name of the authentication handler used to verify credentials in MFA.setOrder
(int order) The order of the authentication handler in the chain.setRank
(int rank) At times, CAS needs to determine the correct provider when step-up authentication is required.
-
Constructor Details
-
BaseMultifactorAuthenticationProviderProperties
public BaseMultifactorAuthenticationProviderProperties()
-
-
Method Details
-
getRank
public int getRank()At times, CAS needs to determine the correct provider when step-up authentication is required. Consider for a moment that CAS already has established an SSO session with/without a provider and has reached a level of authentication. Another incoming request attempts to exercise that SSO session with a different and often competing authentication requirement that may differ from the authentication level CAS has already established. Concretely, examples may be:- CAS has achieved an SSO session, but a separate request now requires step-up authentication with DuoSecurity.
- CAS has achieved an SSO session with an authentication level satisfied by DuoSecurity, but a separate request now requires step-up authentication with YubiKey.
-
getOrder
public int getOrder()The order of the authentication handler in the chain. -
getId
The identifier for the multifactor provider. In most cases, this need not be configured explicitly, unless multiple instances of the same provider type are configured in CAS. -
getBypass
Multifactor bypass options for this provider. Each multifactor provider is equipped with options to allow for MFA bypass. Once the provider is chosen to honor the authentication request, bypass rules are then consulted to calculate whether the provider should ignore the request and skip MFA conditionally. -
getName
The name of the authentication handler used to verify credentials in MFA. Remember that if you have more than one authentication handler of the same type, the names must be defined uniquely for each authentication scheme. Failing to do so may force CAS to not register authentication handlers with a duplicate name. -
getFailureMode
public BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes getFailureMode()The failure mode policy for this MFA provider. The authentication policy by default supports fail-closed mode, which means that if you attempt to exercise a particular provider available to CAS and the provider cannot be reached, authentication will be stopped and an error will be displayed. You can of course change this behavior so that authentication proceeds without exercising the provider functionality, if that provider cannot respond. Each defined multifactor authentication provider can set its own failure mode policy. Failure modes set at this location will override the global failure mode, but defer to any failure mode set by the registered service. -
setRank
At times, CAS needs to determine the correct provider when step-up authentication is required. Consider for a moment that CAS already has established an SSO session with/without a provider and has reached a level of authentication. Another incoming request attempts to exercise that SSO session with a different and often competing authentication requirement that may differ from the authentication level CAS has already established. Concretely, examples may be:- CAS has achieved an SSO session, but a separate request now requires step-up authentication with DuoSecurity.
- CAS has achieved an SSO session with an authentication level satisfied by DuoSecurity, but a separate request now requires step-up authentication with YubiKey.
- Returns:
this
.
-
setOrder
The order of the authentication handler in the chain.- Returns:
this
.
-
setId
The identifier for the multifactor provider. In most cases, this need not be configured explicitly, unless multiple instances of the same provider type are configured in CAS.- Returns:
this
.
-
setBypass
public BaseMultifactorAuthenticationProviderProperties setBypass(MultifactorAuthenticationProviderBypassProperties bypass) Multifactor bypass options for this provider. Each multifactor provider is equipped with options to allow for MFA bypass. Once the provider is chosen to honor the authentication request, bypass rules are then consulted to calculate whether the provider should ignore the request and skip MFA conditionally.- Returns:
this
.
-
setName
The name of the authentication handler used to verify credentials in MFA. Remember that if you have more than one authentication handler of the same type, the names must be defined uniquely for each authentication scheme. Failing to do so may force CAS to not register authentication handlers with a duplicate name.- Returns:
this
.
-
setFailureMode
public BaseMultifactorAuthenticationProviderProperties setFailureMode(BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes failureMode) The failure mode policy for this MFA provider. The authentication policy by default supports fail-closed mode, which means that if you attempt to exercise a particular provider available to CAS and the provider cannot be reached, authentication will be stopped and an error will be displayed. You can of course change this behavior so that authentication proceeds without exercising the provider functionality, if that provider cannot respond. Each defined multifactor authentication provider can set its own failure mode policy. Failure modes set at this location will override the global failure mode, but defer to any failure mode set by the registered service.- Returns:
this
.
-
equals
-
hashCode
public int hashCode()
-