Package org.apereo.cas.configuration.model.support.mfa.duo

Class DuoSecurityMultifactorAuthenticationProperties

java.lang.Object
org.apereo.cas.configuration.model.support.mfa.BaseMultifactorAuthenticationProviderProperties
org.apereo.cas.configuration.model.support.mfa.duo.DuoSecurityMultifactorAuthenticationProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-support-duo") public class DuoSecurityMultifactorAuthenticationProperties extends BaseMultifactorAuthenticationProviderProperties
This is DuoSecurityMultifactorAuthenticationProperties.
Since:
5.2.0
See Also:

  • Field Details

  • Constructor Details

    • DuoSecurityMultifactorAuthenticationProperties

      public DuoSecurityMultifactorAuthenticationProperties()

  • Method Details

    • getDuoIntegrationKey

      public String getDuoIntegrationKey()
      Duo integration key.

    • getDuoSecretKey

      public String getDuoSecretKey()
      Duo secret key.

    • getDuoApiHost

      public String getDuoApiHost()
      Duo API host and url.

    • getRegistration

      public DuoSecurityMultifactorAuthenticationRegistrationProperties getRegistration()
      Settings for Duo registration of unenrolled accounts.

    • isTrustedDeviceEnabled

      public boolean isTrustedDeviceEnabled()
      Indicates whether this provider should support trusted devices.

    • isAccountStatusEnabled

      public boolean isAccountStatusEnabled()
      When set to true, CAS will contact Duo Security to check for user's account status and to evaluate whether user qualifies for multifactor authentication from Duo's perspective. When disabled, user account status is set to authenticate with Duo and the API call will never be made. Account status checking requires a particular Duo Security integration type that allows CAS to make API calls to Duo Security with enough permissions to get back user account details. Wrong integration types will result in API errors and warnings in the logs, forcing CAS to ignore the user account status and move on with the authentication attempt and flow.

    • isPasswordlessAuthenticationEnabled

      public boolean isPasswordlessAuthenticationEnabled()
      When enabled, this option allows CAS to use Duo Security as a CAS-owned passwordless authentication provider and account store. Note that this has nothing to do with Duo Security's "Passwordless/PassKey" capabilities, or PassKey/WebAuthn capabilities of CAS that act as a separate multifactor authentication provider. This solely controls the passwordless authentication feature that is provided by CAS directly.

      When enabled, CAS will contact Duo Security to look up eligible passwordless accounts. If the account is registered with Duo Security, CAS will switch to a passwordless flow and will use the user's registered device to send a push notification. User's registered with Duo Security must have a valid email address and a mobile/phone device.

      This functionality requires that CAS is already equipped with Passwordless authentication.

    • getDuoAdminIntegrationKey

      public String getDuoAdminIntegrationKey()
      Duo admin integration key.

    • getDuoAdminSecretKey

      public String getDuoAdminSecretKey()
      Duo admin secret key.

    • setDuoIntegrationKey

      public DuoSecurityMultifactorAuthenticationProperties setDuoIntegrationKey(String duoIntegrationKey)
      Duo integration key.
      Returns:
      this.

    • setDuoSecretKey

      public DuoSecurityMultifactorAuthenticationProperties setDuoSecretKey(String duoSecretKey)
      Duo secret key.
      Returns:
      this.

    • setDuoApiHost

      public DuoSecurityMultifactorAuthenticationProperties setDuoApiHost(String duoApiHost)
      Duo API host and url.
      Returns:
      this.

    • setRegistration

      public DuoSecurityMultifactorAuthenticationProperties setRegistration(DuoSecurityMultifactorAuthenticationRegistrationProperties registration)
      Settings for Duo registration of unenrolled accounts.
      Returns:
      this.

    • setTrustedDeviceEnabled

      public DuoSecurityMultifactorAuthenticationProperties setTrustedDeviceEnabled(boolean trustedDeviceEnabled)
      Indicates whether this provider should support trusted devices.
      Returns:
      this.

    • setAccountStatusEnabled

      public DuoSecurityMultifactorAuthenticationProperties setAccountStatusEnabled(boolean accountStatusEnabled)
      When set to true, CAS will contact Duo Security to check for user's account status and to evaluate whether user qualifies for multifactor authentication from Duo's perspective. When disabled, user account status is set to authenticate with Duo and the API call will never be made. Account status checking requires a particular Duo Security integration type that allows CAS to make API calls to Duo Security with enough permissions to get back user account details. Wrong integration types will result in API errors and warnings in the logs, forcing CAS to ignore the user account status and move on with the authentication attempt and flow.
      Returns:
      this.

    • setPasswordlessAuthenticationEnabled

      public DuoSecurityMultifactorAuthenticationProperties setPasswordlessAuthenticationEnabled(boolean passwordlessAuthenticationEnabled)
      When enabled, this option allows CAS to use Duo Security as a CAS-owned passwordless authentication provider and account store. Note that this has nothing to do with Duo Security's "Passwordless/PassKey" capabilities, or PassKey/WebAuthn capabilities of CAS that act as a separate multifactor authentication provider. This solely controls the passwordless authentication feature that is provided by CAS directly.

      When enabled, CAS will contact Duo Security to look up eligible passwordless accounts. If the account is registered with Duo Security, CAS will switch to a passwordless flow and will use the user's registered device to send a push notification. User's registered with Duo Security must have a valid email address and a mobile/phone device.

      This functionality requires that CAS is already equipped with Passwordless authentication.

      Returns:
      this.

    • setDuoAdminIntegrationKey

      public DuoSecurityMultifactorAuthenticationProperties setDuoAdminIntegrationKey(String duoAdminIntegrationKey)
      Duo admin integration key.
      Returns:
      this.

    • setDuoAdminSecretKey

      public DuoSecurityMultifactorAuthenticationProperties setDuoAdminSecretKey(String duoAdminSecretKey)
      Duo admin secret key.
      Returns:
      this.

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class BaseMultifactorAuthenticationProviderProperties

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class BaseMultifactorAuthenticationProviderProperties