Package org.apereo.cas.configuration.model.support.azuread

Class AzureActiveDirectoryAuthenticationProperties

java.lang.Object
org.apereo.cas.configuration.model.support.azuread.AzureActiveDirectoryAuthenticationProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-azuread-authentication") public class AzureActiveDirectoryAuthenticationProperties extends Object implements Serializable
This is AzureActiveDirectoryAuthenticationProperties.
Since:
6.2.0
See Also:

  • Constructor Details

    • AzureActiveDirectoryAuthenticationProperties

      public AzureActiveDirectoryAuthenticationProperties()

  • Method Details

    • isEnabled

      public boolean isEnabled()
      Enable authentication against Azure active directory.

    • getName

      public String getName()
      The name of the authentication handler.

    • getOrder

      public int getOrder()
      The order of this authentication handler in the chain.

    • getPasswordEncoder

      public PasswordEncoderProperties getPasswordEncoder()
      Password encoding properties.

    • getPrincipalTransformation

      public PrincipalTransformationProperties getPrincipalTransformation()
      Principal transformation properties.

    • getClientId

      public String getClientId()
      Client id of the application.

    • getClientSecret

      public String getClientSecret()
      Client secret of the registered app in microsoft azure portal.

    • getLoginUrl

      public String getLoginUrl()
      This URL of the security token service that CAS goes to for acquiring tokens for resources and users This URL allows CAS to establish what is called an 'authority'. You can think of the authority as the directory issuing the identities/tokens. The login URL here is then composed of https://<instance>/<tenant>, where 'instance' is the Azure AD host (such as https://login.microsoftonline.com) and 'tenant' is the domain name (such as contoso.onmicrosoft.com) or tenant ID of the directory. Examples of authority URL are:
      • https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163: for a single tenant application defined in the tenant
      • https://login.microsoftonline.com/contoso.onmicrosoft.com: This representation is like the previous one, but uses the tenant domain name instead of the tenant Id.
      • https://login.microsoftonline.de/contoso.de: also uses a domain name, but in this case the Azure AD tenant admins have set a custom domain for their tenant, and the instance URL here is for the German national cloud.
      • https://login.microsoftonline.com/common: in the case of a multi-tenant application, that is an application available in several Azure AD tenants.
      • It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized with the convention that the URL should contain adfs like https://contoso.com/adfs.

    • getResource

      public String getResource()
      Resource url for the graph API to fetch attributes.

    • getCredentialCriteria

      public String getCredentialCriteria()
      A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:
      • 1) A regular expression pattern that is tested against the credential identifier.
      • 2) A fully qualified class name of your own design that implements Predicate.
      • 3) Path to an external Groovy script that implements the same interface.

    • getTenant

      public String getTenant()
      The microsoft tenant id.

    • getScope

      public String getScope()
      Scope used when fetching access tokens. Multiple scopes may be separated using a comma.

    • getState

      public AuthenticationHandlerStates getState()
      Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

    • setEnabled

      public AzureActiveDirectoryAuthenticationProperties setEnabled(boolean enabled)
      Enable authentication against Azure active directory.
      Returns:
      this.

    • setName

      public AzureActiveDirectoryAuthenticationProperties setName(String name)
      The name of the authentication handler.
      Returns:
      this.

    • setOrder

      public AzureActiveDirectoryAuthenticationProperties setOrder(int order)
      The order of this authentication handler in the chain.
      Returns:
      this.

    • setPasswordEncoder

      public AzureActiveDirectoryAuthenticationProperties setPasswordEncoder(PasswordEncoderProperties passwordEncoder)
      Password encoding properties.
      Returns:
      this.

    • setPrincipalTransformation

      public AzureActiveDirectoryAuthenticationProperties setPrincipalTransformation(PrincipalTransformationProperties principalTransformation)
      Principal transformation properties.
      Returns:
      this.

    • setClientId

      public AzureActiveDirectoryAuthenticationProperties setClientId(String clientId)
      Client id of the application.
      Returns:
      this.

    • setClientSecret

      public AzureActiveDirectoryAuthenticationProperties setClientSecret(String clientSecret)
      Client secret of the registered app in microsoft azure portal.
      Returns:
      this.

    • setLoginUrl

      public AzureActiveDirectoryAuthenticationProperties setLoginUrl(String loginUrl)
      This URL of the security token service that CAS goes to for acquiring tokens for resources and users This URL allows CAS to establish what is called an 'authority'. You can think of the authority as the directory issuing the identities/tokens. The login URL here is then composed of https://<instance>/<tenant>, where 'instance' is the Azure AD host (such as https://login.microsoftonline.com) and 'tenant' is the domain name (such as contoso.onmicrosoft.com) or tenant ID of the directory. Examples of authority URL are:
      • https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163: for a single tenant application defined in the tenant
      • https://login.microsoftonline.com/contoso.onmicrosoft.com: This representation is like the previous one, but uses the tenant domain name instead of the tenant Id.
      • https://login.microsoftonline.de/contoso.de: also uses a domain name, but in this case the Azure AD tenant admins have set a custom domain for their tenant, and the instance URL here is for the German national cloud.
      • https://login.microsoftonline.com/common: in the case of a multi-tenant application, that is an application available in several Azure AD tenants.
      • It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized with the convention that the URL should contain adfs like https://contoso.com/adfs.
      Returns:
      this.

    • setResource

      public AzureActiveDirectoryAuthenticationProperties setResource(String resource)
      Resource url for the graph API to fetch attributes.
      Returns:
      this.

    • setCredentialCriteria

      public AzureActiveDirectoryAuthenticationProperties setCredentialCriteria(String credentialCriteria)
      A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:
      • 1) A regular expression pattern that is tested against the credential identifier.
      • 2) A fully qualified class name of your own design that implements Predicate.
      • 3) Path to an external Groovy script that implements the same interface.
      Returns:
      this.

    • setTenant

      public AzureActiveDirectoryAuthenticationProperties setTenant(String tenant)
      The microsoft tenant id.
      Returns:
      this.

    • setScope

      public AzureActiveDirectoryAuthenticationProperties setScope(String scope)
      Scope used when fetching access tokens. Multiple scopes may be separated using a comma.
      Returns:
      this.

    • setState

      public AzureActiveDirectoryAuthenticationProperties setState(AuthenticationHandlerStates state)
      Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.
      Returns:
      this.