Package org.apereo.cas.configuration.model.support.ldap

Class LdapAuthenticationProperties

java.lang.Object
org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties
org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties
org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties
org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties
All Implemented Interfaces:
Serializable, CasFeatureModule
@RequiresModule(name="cas-server-support-ldap") public class LdapAuthenticationProperties extends AbstractLdapAuthenticationProperties
This is LdapAuthenticationProperties.
Since:
5.0.0
See Also:

  • Constructor Details

    • LdapAuthenticationProperties

      public LdapAuthenticationProperties()

  • Method Details

    • getPasswordPolicy

      public LdapPasswordPolicyProperties getPasswordPolicy()
      Password policy settings.

    • getPrincipalTransformation

      public PrincipalTransformationProperties getPrincipalTransformation()
      Principal transformation settings.

    • getPasswordEncoder

      public PasswordEncoderProperties getPasswordEncoder()
      Password encoder settings for LDAP authentication.

    • getCredentialCriteria

      public String getCredentialCriteria()
      A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:
      • 1) A regular expression pattern that is tested against the credential identifier.
      • 2) A fully qualified class name of your own design that implements Predicate.
      • 3) Path to an external Groovy script that implements the same interface.

    • getPrincipalAttributeId

      public String getPrincipalAttributeId()
      The attribute to use as the principal identifier built during and upon a successful authentication attempt.

    • getPrincipalDnAttributeName

      public String getPrincipalDnAttributeName()
      Name of attribute to be used for principal's DN.

    • getPrincipalAttributeList

      public List<String> getPrincipalAttributeList()
      List of attributes to retrieve from LDAP. Attributes can be virtually remapped to multiple names. Example cn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER.

      To fetch and resolve attributes that carry tags/options, consider tagging the mapped attribute as such: homePostalAddress:homePostalAddress;.

    • isAllowMultiplePrincipalAttributeValues

      public boolean isAllowMultiplePrincipalAttributeValues()
      Sets a flag that determines whether multiple values are allowed for the principalAttributeId. This flag only has an effect if principalAttributeId is configured. If multiple values are detected when the flag is false, the first value is used and a warning is logged. If multiple values are detected when the flag is true, an exception is raised.

    • getAdditionalAttributes

      public List<String> getAdditionalAttributes()
      List of additional attributes to retrieve, if any.

    • isAllowMissingPrincipalAttributeValue

      public boolean isAllowMissingPrincipalAttributeValue()
      Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.

    • isCollectDnAttribute

      public boolean isCollectDnAttribute()
      When entry DN should be called as an attribute and stored into the principal.

    • getOrder

      public Integer getOrder()
      Order of the authentication handler in the chain.

    • getState

      public AuthenticationHandlerStates getState()
      Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.

    • setPasswordPolicy

      public LdapAuthenticationProperties setPasswordPolicy(LdapPasswordPolicyProperties passwordPolicy)
      Password policy settings.
      Returns:
      this.

    • setPrincipalTransformation

      public LdapAuthenticationProperties setPrincipalTransformation(PrincipalTransformationProperties principalTransformation)
      Principal transformation settings.
      Returns:
      this.

    • setPasswordEncoder

      public LdapAuthenticationProperties setPasswordEncoder(PasswordEncoderProperties passwordEncoder)
      Password encoder settings for LDAP authentication.
      Returns:
      this.

    • setCredentialCriteria

      public LdapAuthenticationProperties setCredentialCriteria(String credentialCriteria)
      A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:
      • 1) A regular expression pattern that is tested against the credential identifier.
      • 2) A fully qualified class name of your own design that implements Predicate.
      • 3) Path to an external Groovy script that implements the same interface.
      Returns:
      this.

    • setPrincipalAttributeId

      public LdapAuthenticationProperties setPrincipalAttributeId(String principalAttributeId)
      The attribute to use as the principal identifier built during and upon a successful authentication attempt.
      Returns:
      this.

    • setPrincipalDnAttributeName

      public LdapAuthenticationProperties setPrincipalDnAttributeName(String principalDnAttributeName)
      Name of attribute to be used for principal's DN.
      Returns:
      this.

    • setPrincipalAttributeList

      public LdapAuthenticationProperties setPrincipalAttributeList(List<String> principalAttributeList)
      List of attributes to retrieve from LDAP. Attributes can be virtually remapped to multiple names. Example cn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER.

      To fetch and resolve attributes that carry tags/options, consider tagging the mapped attribute as such: homePostalAddress:homePostalAddress;.

      Returns:
      this.

    • setAllowMultiplePrincipalAttributeValues

      public LdapAuthenticationProperties setAllowMultiplePrincipalAttributeValues(boolean allowMultiplePrincipalAttributeValues)
      Sets a flag that determines whether multiple values are allowed for the principalAttributeId. This flag only has an effect if principalAttributeId is configured. If multiple values are detected when the flag is false, the first value is used and a warning is logged. If multiple values are detected when the flag is true, an exception is raised.
      Returns:
      this.

    • setAdditionalAttributes

      public LdapAuthenticationProperties setAdditionalAttributes(List<String> additionalAttributes)
      List of additional attributes to retrieve, if any.
      Returns:
      this.

    • setAllowMissingPrincipalAttributeValue

      public LdapAuthenticationProperties setAllowMissingPrincipalAttributeValue(boolean allowMissingPrincipalAttributeValue)
      Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.
      Returns:
      this.

    • setCollectDnAttribute

      public LdapAuthenticationProperties setCollectDnAttribute(boolean collectDnAttribute)
      When entry DN should be called as an attribute and stored into the principal.
      Returns:
      this.

    • setOrder

      public LdapAuthenticationProperties setOrder(Integer order)
      Order of the authentication handler in the chain.
      Returns:
      this.

    • setState

      public LdapAuthenticationProperties setState(AuthenticationHandlerStates state)
      Define the scope and state of this authentication handler and the lifecycle in which it can be invoked or activated.
      Returns:
      this.