Package org.apereo.cas.configuration.model.core.authentication

Class AuthenticationPolicyProperties

java.lang.Object
org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-authentication", automated=true) public class AuthenticationPolicyProperties extends Object implements Serializable
Configuration properties class for cas.authn.policy.
Since:
5.0.0
See Also:

  • Constructor Details

    • AuthenticationPolicyProperties

      public AuthenticationPolicyProperties()

  • Method Details

    • isRequiredHandlerAuthenticationPolicyEnabled

      public boolean isRequiredHandlerAuthenticationPolicyEnabled()
      Global authentication policy that is applied when CAS attempts to vend and validate tickets. Checks to make sure a particular authentication handler has successfully executed and validated credentials. Required handlers are defined per registered service.

    • isSourceSelectionEnabled

      public boolean isSourceSelectionEnabled()
      If true, allows CAS to select authentication handlers based on the credential source. This allows the authentication engine to restrict the task of validating credentials to the selected source or account repository, as opposed to every authentication handler registered with CAS at runtime.

    • getAny

      public AnyCredentialAuthenticationPolicyProperties getAny()
      Satisfied if any authentication handler succeeds. Allows options to avoid short circuiting and try every handler even if one prior succeeded.

    • getReq

      public RequiredAuthenticationHandlerAuthenticationPolicyProperties getReq()
      Satisfied if an only if a specified handler successfully authenticates its credential.

    • getAll

      public AllCredentialsAuthenticationPolicyProperties getAll()
      Satisfied if and only if all given credentials are successfully authenticated. Support for multiple credentials is new in CAS and this handler would only be acceptable in a multi-factor authentication situation.

    • getAllHandlers

      public AllHandlersAuthenticationPolicyProperties getAllHandlers()
      Satisfied if and only if all given authn handlers are successfully authenticated.

    • getGroovy

      public List<GroovyAuthenticationPolicyProperties> getGroovy()
      Execute a groovy script to detect authentication policy.

    • getRest

      public List<RestAuthenticationPolicyProperties> getRest()
      Execute a rest endpoint to detect authentication policy.

    • getNotPrevented

      public NotPreventedAuthenticationPolicyProperties getNotPrevented()
      Satisfied if an only if the authentication event is not blocked by a PreventedException.

    • getUniquePrincipal

      public UniquePrincipalAuthenticationPolicyProperties getUniquePrincipal()
      Satisfied if an only if the principal has not already authenticated and does not have an sso session with CAS. Otherwise, prevents the user from logging in more than once. Note that this policy adds an extra burden to the ticket store/registry as CAS needs to query all relevant tickets found in the registry to cross-check the requesting username with existing tickets.

    • getRequiredAttributes

      public RequiredAttributesAuthenticationPolicyProperties getRequiredAttributes()
      Satisfied if an only if the authentication contains the required attributes.

    • setRequiredHandlerAuthenticationPolicyEnabled

      public AuthenticationPolicyProperties setRequiredHandlerAuthenticationPolicyEnabled(boolean requiredHandlerAuthenticationPolicyEnabled)
      Global authentication policy that is applied when CAS attempts to vend and validate tickets. Checks to make sure a particular authentication handler has successfully executed and validated credentials. Required handlers are defined per registered service.
      Returns:
      this.

    • setSourceSelectionEnabled

      public AuthenticationPolicyProperties setSourceSelectionEnabled(boolean sourceSelectionEnabled)
      If true, allows CAS to select authentication handlers based on the credential source. This allows the authentication engine to restrict the task of validating credentials to the selected source or account repository, as opposed to every authentication handler registered with CAS at runtime.
      Returns:
      this.

    • setAny

      public AuthenticationPolicyProperties setAny(AnyCredentialAuthenticationPolicyProperties any)
      Satisfied if any authentication handler succeeds. Allows options to avoid short circuiting and try every handler even if one prior succeeded.
      Returns:
      this.

    • setReq

      public AuthenticationPolicyProperties setReq(RequiredAuthenticationHandlerAuthenticationPolicyProperties req)
      Satisfied if an only if a specified handler successfully authenticates its credential.
      Returns:
      this.

    • setAll

      public AuthenticationPolicyProperties setAll(AllCredentialsAuthenticationPolicyProperties all)
      Satisfied if and only if all given credentials are successfully authenticated. Support for multiple credentials is new in CAS and this handler would only be acceptable in a multi-factor authentication situation.
      Returns:
      this.

    • setAllHandlers

      public AuthenticationPolicyProperties setAllHandlers(AllHandlersAuthenticationPolicyProperties allHandlers)
      Satisfied if and only if all given authn handlers are successfully authenticated.
      Returns:
      this.

    • setGroovy

      public AuthenticationPolicyProperties setGroovy(List<GroovyAuthenticationPolicyProperties> groovy)
      Execute a groovy script to detect authentication policy.
      Returns:
      this.

    • setRest

      public AuthenticationPolicyProperties setRest(List<RestAuthenticationPolicyProperties> rest)
      Execute a rest endpoint to detect authentication policy.
      Returns:
      this.

    • setNotPrevented

      public AuthenticationPolicyProperties setNotPrevented(NotPreventedAuthenticationPolicyProperties notPrevented)
      Satisfied if an only if the authentication event is not blocked by a PreventedException.
      Returns:
      this.

    • setUniquePrincipal

      public AuthenticationPolicyProperties setUniquePrincipal(UniquePrincipalAuthenticationPolicyProperties uniquePrincipal)
      Satisfied if an only if the principal has not already authenticated and does not have an sso session with CAS. Otherwise, prevents the user from logging in more than once. Note that this policy adds an extra burden to the ticket store/registry as CAS needs to query all relevant tickets found in the registry to cross-check the requesting username with existing tickets.
      Returns:
      this.

    • setRequiredAttributes

      public AuthenticationPolicyProperties setRequiredAttributes(RequiredAttributesAuthenticationPolicyProperties requiredAttributes)
      Satisfied if an only if the authentication contains the required attributes.
      Returns:
      this.