Class DuoSecurityMultifactorAuthenticationProperties
- All Implemented Interfaces:
Serializable
- Since:
- 5.2.0
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apereo.cas.configuration.model.support.mfa.BaseMultifactorAuthenticationProviderProperties
BaseMultifactorAuthenticationProviderProperties.MultifactorAuthenticationProviderFailureModes
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
Duo admin integration key.Duo admin secret key.Duo API host and url.Duo integration key.Duo secret key.Settings for Duo registration of unenrolled accounts.int
hashCode()
boolean
When set totrue
, CAS will contact Duo Security to check for user's account status and to evaluate whether user qualifies for multifactor authentication from Duo's perspective.boolean
When enabled, this option allows CAS to use Duo Security as a CAS-owned passwordless authentication provider and account store.boolean
Indicates whether this provider should support trusted devices.setAccountStatusEnabled
(boolean accountStatusEnabled) When set totrue
, CAS will contact Duo Security to check for user's account status and to evaluate whether user qualifies for multifactor authentication from Duo's perspective.setDuoAdminIntegrationKey
(String duoAdminIntegrationKey) Duo admin integration key.setDuoAdminSecretKey
(String duoAdminSecretKey) Duo admin secret key.setDuoApiHost
(String duoApiHost) Duo API host and url.setDuoIntegrationKey
(String duoIntegrationKey) Duo integration key.setDuoSecretKey
(String duoSecretKey) Duo secret key.setPasswordlessAuthenticationEnabled
(boolean passwordlessAuthenticationEnabled) When enabled, this option allows CAS to use Duo Security as a CAS-owned passwordless authentication provider and account store.Settings for Duo registration of unenrolled accounts.setTrustedDeviceEnabled
(boolean trustedDeviceEnabled) Indicates whether this provider should support trusted devices.Methods inherited from class org.apereo.cas.configuration.model.support.mfa.BaseMultifactorAuthenticationProviderProperties
getBypass, getFailureMode, getId, getName, getOrder, getRank, setBypass, setFailureMode, setId, setName, setOrder, setRank
-
Field Details
-
DEFAULT_IDENTIFIER
Provider id by default.- See Also:
-
-
Constructor Details
-
DuoSecurityMultifactorAuthenticationProperties
public DuoSecurityMultifactorAuthenticationProperties()
-
-
Method Details
-
getDuoIntegrationKey
Duo integration key. -
getDuoSecretKey
Duo secret key. -
getDuoApiHost
Duo API host and url. -
getRegistration
Settings for Duo registration of unenrolled accounts. -
isTrustedDeviceEnabled
public boolean isTrustedDeviceEnabled()Indicates whether this provider should support trusted devices. -
isAccountStatusEnabled
public boolean isAccountStatusEnabled()When set totrue
, CAS will contact Duo Security to check for user's account status and to evaluate whether user qualifies for multifactor authentication from Duo's perspective. When disabled, user account status is set to authenticate with Duo and the API call will never be made. Account status checking requires a particular Duo Security integration type that allows CAS to make API calls to Duo Security with enough permissions to get back user account details. Wrong integration types will result in API errors and warnings in the logs, forcing CAS to ignore the user account status and move on with the authentication attempt and flow. -
isPasswordlessAuthenticationEnabled
public boolean isPasswordlessAuthenticationEnabled()When enabled, this option allows CAS to use Duo Security as a CAS-owned passwordless authentication provider and account store. Note that this has nothing to do with Duo Security's "Passwordless/PassKey" capabilities, or PassKey/WebAuthn capabilities of CAS that act as a separate multifactor authentication provider. This solely controls the passwordless authentication feature that is provided by CAS directly.When enabled, CAS will contact Duo Security to look up eligible passwordless accounts. If the account is registered with Duo Security, CAS will switch to a passwordless flow and will use the user's registered device to send a push notification. User's registered with Duo Security must have a valid email address and a mobile/phone device.
This functionality requires that CAS is already equipped with Passwordless authentication.
-
getDuoAdminIntegrationKey
Duo admin integration key. -
getDuoAdminSecretKey
Duo admin secret key. -
setDuoIntegrationKey
public DuoSecurityMultifactorAuthenticationProperties setDuoIntegrationKey(String duoIntegrationKey) Duo integration key.- Returns:
this
.
-
setDuoSecretKey
Duo secret key.- Returns:
this
.
-
setDuoApiHost
Duo API host and url.- Returns:
this
.
-
setRegistration
public DuoSecurityMultifactorAuthenticationProperties setRegistration(DuoSecurityMultifactorAuthenticationRegistrationProperties registration) Settings for Duo registration of unenrolled accounts.- Returns:
this
.
-
setTrustedDeviceEnabled
public DuoSecurityMultifactorAuthenticationProperties setTrustedDeviceEnabled(boolean trustedDeviceEnabled) Indicates whether this provider should support trusted devices.- Returns:
this
.
-
setAccountStatusEnabled
public DuoSecurityMultifactorAuthenticationProperties setAccountStatusEnabled(boolean accountStatusEnabled) When set totrue
, CAS will contact Duo Security to check for user's account status and to evaluate whether user qualifies for multifactor authentication from Duo's perspective. When disabled, user account status is set to authenticate with Duo and the API call will never be made. Account status checking requires a particular Duo Security integration type that allows CAS to make API calls to Duo Security with enough permissions to get back user account details. Wrong integration types will result in API errors and warnings in the logs, forcing CAS to ignore the user account status and move on with the authentication attempt and flow.- Returns:
this
.
-
setPasswordlessAuthenticationEnabled
public DuoSecurityMultifactorAuthenticationProperties setPasswordlessAuthenticationEnabled(boolean passwordlessAuthenticationEnabled) When enabled, this option allows CAS to use Duo Security as a CAS-owned passwordless authentication provider and account store. Note that this has nothing to do with Duo Security's "Passwordless/PassKey" capabilities, or PassKey/WebAuthn capabilities of CAS that act as a separate multifactor authentication provider. This solely controls the passwordless authentication feature that is provided by CAS directly.When enabled, CAS will contact Duo Security to look up eligible passwordless accounts. If the account is registered with Duo Security, CAS will switch to a passwordless flow and will use the user's registered device to send a push notification. User's registered with Duo Security must have a valid email address and a mobile/phone device.
This functionality requires that CAS is already equipped with Passwordless authentication.
- Returns:
this
.
-
setDuoAdminIntegrationKey
public DuoSecurityMultifactorAuthenticationProperties setDuoAdminIntegrationKey(String duoAdminIntegrationKey) Duo admin integration key.- Returns:
this
.
-
setDuoAdminSecretKey
public DuoSecurityMultifactorAuthenticationProperties setDuoAdminSecretKey(String duoAdminSecretKey) Duo admin secret key.- Returns:
this
.
-
equals
- Overrides:
equals
in classBaseMultifactorAuthenticationProviderProperties
-
hashCode
public int hashCode()- Overrides:
hashCode
in classBaseMultifactorAuthenticationProviderProperties
-