Serialized Form

Package org.apereo.cas

Class org.apereo.cas.AbstractCentralAuthenticationService extends java.lang.Object implements Serializable

serialVersionUID:

-7572316677901391166L

Serialized Fields

applicationEventPublisher

org.springframework.context.ApplicationEventPublisher applicationEventPublisher

Application event publisher.

ticketRegistry

TicketRegistry ticketRegistry

TicketRegistry for storing and retrieving tickets as needed.

servicesManager

ServicesManager servicesManager

Implementation of Service Manager.

logoutManager

LogoutManager logoutManager

The logout manager.

ticketFactory

TicketFactory ticketFactory

The ticket factory.

authenticationRequestServiceSelectionStrategies

AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies

The service selection strategy during validation events.

serviceContextAuthenticationPolicyFactory

ContextualAuthenticationPolicyFactory<T> serviceContextAuthenticationPolicyFactory

Authentication policy that uses a service context to produce stateful security policies to apply when authenticating credentials.

principalFactory

PrincipalFactory principalFactory

Factory to create the principal type.

cipherExecutor

CipherExecutor<I,O> cipherExecutor

Cipher executor to handle ticket validation.

registeredServiceAccessStrategyEnforcer

AuditableExecution registeredServiceAccessStrategyEnforcer

Enforce registered service access in an auditable way since the access strategy is not usually managed as a Spring bean.

Class org.apereo.cas.DefaultCentralAuthenticationService extends AbstractCentralAuthenticationService implements Serializable

serialVersionUID:

-8943828074939533986L

Class org.apereo.cas.DefaultMessageDescriptor extends java.lang.Object implements Serializable

serialVersionUID:

1227390629186486032L

Serialized Fields

code

java.lang.String code

defaultMessage

java.lang.String defaultMessage

params

java.io.Serializable[] params

Class org.apereo.cas.DistributedCacheObject extends java.lang.Object implements Serializable

serialVersionUID:

-6776499291439952013L

Serialized Fields

properties

java.util.Map<K,V> properties

timestamp

long timestamp

value

java.io.Serializable value

Class org.apereo.cas.StringBean extends java.lang.Object implements Serializable

serialVersionUID:

-2216572507148074902L

Serialized Fields

id

java.lang.String id

Package org.apereo.cas.adaptors.authy

Class org.apereo.cas.adaptors.authy.AuthyMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

4789727148634156909L

Class org.apereo.cas.adaptors.authy.AuthyTokenCredential extends java.lang.Object implements Serializable

serialVersionUID:

-7970600701132111037L

Serialized Fields

token

java.lang.String token

Package org.apereo.cas.adaptors.azure

Class org.apereo.cas.adaptors.azure.AzureAuthenticatorMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

4789727148634156909L

Class org.apereo.cas.adaptors.azure.AzureAuthenticatorTokenCredential extends OneTimeTokenCredential implements Serializable

serialVersionUID:

-7570600701132111037L

Package org.apereo.cas.adaptors.duo.authn

Class org.apereo.cas.adaptors.duo.authn.BaseDuoSecurityAuthenticationService extends java.lang.Object implements Serializable

serialVersionUID:

-8044100706027708789L

Serialized Fields

duoProperties

DuoSecurityMultifactorProperties duoProperties

Duo Properties.

Class org.apereo.cas.adaptors.duo.authn.BasicDuoSecurityAuthenticationService extends BaseDuoSecurityAuthenticationService implements Serializable

serialVersionUID:

-6690808348975271382L

Class org.apereo.cas.adaptors.duo.authn.DefaultDuoMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

4789727148634156909L

Serialized Fields

registrationUrl

java.lang.String registrationUrl

duoAuthenticationService

DuoSecurityAuthenticationService duoAuthenticationService

Class org.apereo.cas.adaptors.duo.authn.DuoCredential extends java.lang.Object implements Serializable

serialVersionUID:

-7570600733132111037L

Serialized Fields

username

java.lang.String username

signedDuoResponse

java.lang.String signedDuoResponse

Class org.apereo.cas.adaptors.duo.authn.DuoDirectCredential extends java.lang.Object implements Serializable

serialVersionUID:

-7570699733132111037L

Serialized Fields

authentication

Authentication authentication

Package org.apereo.cas.adaptors.gauth

Class org.apereo.cas.adaptors.gauth.GoogleAuthenticatorMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

4789727148634156909L

Class org.apereo.cas.adaptors.gauth.GoogleAuthenticatorTokenCredential extends OneTimeTokenCredential implements Serializable

serialVersionUID:

-7570600701132111037L

Package org.apereo.cas.adaptors.gauth.repository.credentials

Class org.apereo.cas.adaptors.gauth.repository.credentials.GoogleAuthenticatorAccount extends OneTimeTokenAccount implements Serializable

serialVersionUID:

2441775052626253711L

Package org.apereo.cas.adaptors.gauth.token

Class org.apereo.cas.adaptors.gauth.token.GoogleAuthenticatorToken extends OneTimeToken implements Serializable

serialVersionUID:

8494781829798273770L

Package org.apereo.cas.adaptors.generic

Class org.apereo.cas.adaptors.generic.CasUserAccount extends java.lang.Object implements Serializable

serialVersionUID:

7579594722197541062L

Serialized Fields

password

java.lang.String password

attributes

java.util.Map<K,V> attributes

status

CasUserAccount.AccountStatus status

expirationDate

java.time.LocalDate expirationDate

Package org.apereo.cas.adaptors.generic.remote

Class org.apereo.cas.adaptors.generic.remote.RemoteAddressCredential extends AbstractCredential implements Serializable

serialVersionUID:

-3638145328441211073L

Serialized Fields

remoteAddress

java.lang.String remoteAddress

Package org.apereo.cas.adaptors.radius

Class org.apereo.cas.adaptors.radius.JRadiusServerImpl extends java.lang.Object implements Serializable

serialVersionUID:

-7122734096722096617L

Serialized Fields

protocol

RadiusProtocol protocol

RADIUS protocol.

radiusClientFactory

RadiusClientFactory radiusClientFactory

Produces RADIUS client instances for authentication.

retries

int retries

Number of times to retry authentication when no response is received.

nasIpAddress

java.lang.String nasIpAddress

nasIpv6Address

java.lang.String nasIpv6Address

nasPort

long nasPort

nasPortId

long nasPortId

nasIdentifier

java.lang.String nasIdentifier

nasRealPort

long nasRealPort

nasPortType

long nasPortType

Class org.apereo.cas.adaptors.radius.RadiusClientFactory extends java.lang.Object implements Serializable

serialVersionUID:

8226097527127614276L

Serialized Fields

accountingPort

int accountingPort

The port to do accounting on.

authenticationPort

int authenticationPort

The port to do authentication on.

socketTimeout

int socketTimeout

Socket timeout in seconds.

inetAddress

java.lang.String inetAddress

RADIUS server network address.

sharedSecret

java.lang.String sharedSecret

The shared secret to send to the RADIUS server.

Package org.apereo.cas.adaptors.radius.authentication

Class org.apereo.cas.adaptors.radius.authentication.RadiusMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

4789727148634156909L

Serialized Fields

servers

java.util.List<E> servers

Class org.apereo.cas.adaptors.radius.authentication.RadiusTokenCredential extends java.lang.Object implements Serializable

serialVersionUID:

-7570675701132111037L

Serialized Fields

token

java.lang.String token

Package org.apereo.cas.adaptors.swivel

Class org.apereo.cas.adaptors.swivel.SwivelMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

498455080794156917L

Serialized Fields

swivelUrl

java.lang.String swivelUrl

Class org.apereo.cas.adaptors.swivel.SwivelTokenCredential extends java.lang.Object implements Serializable

serialVersionUID:

361318678073819595L

Serialized Fields

token

java.lang.String token

Package org.apereo.cas.adaptors.trusted.authentication.principal

Class org.apereo.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredential extends AbstractCredential implements Serializable

serialVersionUID:

8866786438439775669L

Serialized Fields

principal

Principal principal

The trusted principal.

Package org.apereo.cas.adaptors.u2f

Class org.apereo.cas.adaptors.u2f.U2FAuthentication extends java.lang.Object implements Serializable

serialVersionUID:

334984331545697641L

Serialized Fields

challenge

java.lang.String challenge

appId

java.lang.String appId

keyHandle

java.lang.String keyHandle

Class org.apereo.cas.adaptors.u2f.U2FMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

157455070794156717L

Class org.apereo.cas.adaptors.u2f.U2FRegistration extends java.lang.Object implements Serializable

serialVersionUID:

8478965906212939618L

Serialized Fields

challenge

java.lang.String challenge

appId

java.lang.String appId

Class org.apereo.cas.adaptors.u2f.U2FTokenCredential extends java.lang.Object implements Serializable

serialVersionUID:

-970682410132111037L

Serialized Fields

token

java.lang.String token

Package org.apereo.cas.adaptors.x509.authentication

Class org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException extends java.security.GeneralSecurityException implements Serializable

serialVersionUID:

5157864033250359972L

Serialized Fields

id

java.lang.String id

Identifier/name of CRL.

expirationDate

java.time.ZonedDateTime expirationDate

CRL expiration date.

leniency

int leniency

Leniency of expiration.

Package org.apereo.cas.adaptors.x509.authentication.principal

Class org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential extends AbstractCredential implements Serializable

serialVersionUID:

631753409512746474L

Serialized Fields

certificates

java.security.cert.X509Certificate[] certificates

The collection of certificates sent with the request.

certificate

java.security.cert.X509Certificate certificate

The certificate that we actually use.

Package org.apereo.cas.adaptors.x509.authentication.revocation

Class org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException extends java.security.GeneralSecurityException implements Serializable

serialVersionUID:

8827788431199129708L

Serialized Fields

revocationDate

java.time.ZonedDateTime revocationDate

The revocation date.

serial

java.math.BigInteger serial

The serial.

reason

RevokedCertificateException.Reason reason

The reason.

Package org.apereo.cas.adaptors.yubikey

Class org.apereo.cas.adaptors.yubikey.YubiKeyCredential extends java.lang.Object implements Serializable

serialVersionUID:

-7570600701132111037L

Serialized Fields

token

java.lang.String token

Class org.apereo.cas.adaptors.yubikey.YubiKeyMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

4789727148634156909L

Package org.apereo.cas.audit

Class org.apereo.cas.audit.AuditActionContextJsonSerializer extends AbstractJacksonBackedStringSerializer<org.apereo.inspektr.audit.AuditActionContext> implements Serializable

serialVersionUID:

-8983370764375218898L

Package org.apereo.cas.aup

Class org.apereo.cas.aup.AbstractPrincipalAttributeAcceptableUsagePolicyRepository extends java.lang.Object implements Serializable

serialVersionUID:

1883808902502739L

Serialized Fields

ticketRegistrySupport

TicketRegistrySupport ticketRegistrySupport

Ticket registry support.

aupAttributeName

java.lang.String aupAttributeName

Single-valued attribute in LDAP that describes whether the policy has been accepted. Its value must match either TRUE/FALSE.

Class org.apereo.cas.aup.DefaultAcceptableUsagePolicyRepository extends AbstractPrincipalAttributeAcceptableUsagePolicyRepository implements Serializable

serialVersionUID:

-3059445754626980894L

Serialized Fields

policyMap

java.util.Map<K,V> policyMap

Class org.apereo.cas.aup.JdbcAcceptableUsagePolicyRepository extends AbstractPrincipalAttributeAcceptableUsagePolicyRepository implements Serializable

serialVersionUID:

1600024683199961892L

Serialized Fields

tableName

java.lang.String tableName

Class org.apereo.cas.aup.LdapAcceptableUsagePolicyRepository extends AbstractPrincipalAttributeAcceptableUsagePolicyRepository implements Serializable

serialVersionUID:

1600024683199961892L

Serialized Fields

searchFilter

java.lang.String searchFilter

baseDn

java.lang.String baseDn

Class org.apereo.cas.aup.MongoDbAcceptableUsagePolicyRepository extends AbstractPrincipalAttributeAcceptableUsagePolicyRepository implements Serializable

serialVersionUID:

1600024683199961892L

Serialized Fields

collection

java.lang.String collection

Class org.apereo.cas.aup.RestAcceptableUsagePolicyRepository extends AbstractPrincipalAttributeAcceptableUsagePolicyRepository implements Serializable

serialVersionUID:

1600024683199961892L

Serialized Fields

properties

AcceptableUsagePolicyProperties.Rest properties

Package org.apereo.cas.authentication

Class org.apereo.cas.authentication.AbstractCredential extends java.lang.Object implements Serializable

serialVersionUID:

8196868021183513898L

Class org.apereo.cas.authentication.AbstractMultifactorAuthenticationProvider extends java.lang.Object implements Serializable

serialVersionUID:

4789727148134156909L

Serialized Fields

bypassEvaluator

MultifactorAuthenticationProviderBypass bypassEvaluator

globalFailureMode

java.lang.String globalFailureMode

id

java.lang.String id

order

int order

Class org.apereo.cas.authentication.AuthenticationException extends java.lang.RuntimeException implements Serializable

serialVersionUID:

-6032827784134751797L

Serialized Fields

handlerErrors

java.util.Map<K,V> handlerErrors

Immutable map of handler names to the errors they raised.

handlerSuccesses

java.util.Map<K,V> handlerSuccesses

Immutable map of handler names to an authentication success metadata instance.

Class org.apereo.cas.authentication.BasicCredentialMetaData extends java.lang.Object implements Serializable

serialVersionUID:

4929579849241505377L

Serialized Fields

id

java.lang.String id

Credential type unique identifier.

credentialClass

java.lang.Class<T> credentialClass

Type of original credential.

Class org.apereo.cas.authentication.BasicIdentifiableCredential extends java.lang.Object implements Serializable

serialVersionUID:

-700605020472810939L

Serialized Fields

id

java.lang.String id

Class org.apereo.cas.authentication.DefaultAuthentication extends java.lang.Object implements Serializable

serialVersionUID:

3206127526058061391L

Serialized Fields

authenticationDate

java.time.ZonedDateTime authenticationDate

Authentication date stamp.

principal

Principal principal

Authenticated principal.

credentials

java.util.List<E> credentials

List of metadata about credentials presented at authentication.

attributes

java.util.Map<K,V> attributes

Authentication metadata attributes.

successes

java.util.Map<K,V> successes

Map of handler name to handler authentication success event.

failures

java.util.Map<K,V> failures

Map of handler name to handler authentication failure cause.

Class org.apereo.cas.authentication.DefaultAuthenticationBuilder extends java.lang.Object implements Serializable

serialVersionUID:

-8504842011648432398L

Serialized Fields

principal

Principal principal

Authenticated principal.

credentials

java.util.List<E> credentials

Credential metadata.

attributes

java.util.Map<K,V> attributes

Authentication metadata attributes.

successes

java.util.Map<K,V> successes

Map of handler names to authentication successes.

failures

java.util.Map<K,V> failures

Map of handler names to authentication failures.

authenticationDate

java.time.ZonedDateTime authenticationDate

Authentication date.

Class org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult extends java.lang.Object implements Serializable

serialVersionUID:

-3113998493287982485L

Serialized Fields

handlerName

java.lang.String handlerName

The name of the authentication handler that successfully authenticated a credential.

credentialMetaData

CredentialMetaData credentialMetaData

Credential meta data.

principal

Principal principal

Resolved principal for authenticated credential.

warnings

java.util.List<E> warnings

List of warnings issued by the authentication source while authenticating the credential.

Class org.apereo.cas.authentication.DefaultAuthenticationResult extends java.lang.Object implements Serializable

serialVersionUID:

8454900425245262824L

Serialized Fields

credentialProvided

boolean credentialProvided

authentication

Authentication authentication

service

Service service

Class org.apereo.cas.authentication.DefaultAuthenticationResultBuilder extends java.lang.Object implements Serializable

serialVersionUID:

6180465589526463843L

Serialized Fields

providedCredentials

java.util.List<E> providedCredentials

authentications

java.util.Set<E> authentications

Class org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy extends java.lang.Object implements Serializable

serialVersionUID:

-7458940344679793681L

Serialized Fields

order

int order

Class org.apereo.cas.authentication.DefaultAuthenticationTransaction extends java.lang.Object implements Serializable

serialVersionUID:

6213904009424725484L

Serialized Fields

service

Service service

credentials

java.util.Collection<E> credentials

Class org.apereo.cas.authentication.DefaultMultifactorAuthenticationProviderBypass extends java.lang.Object implements Serializable

serialVersionUID:

3720922341350004543L

Serialized Fields

bypassProperties

MultifactorAuthenticationProviderBypassProperties bypassProperties

Bypass settings for this provider.

httpRequestRemoteAddressPattern

java.util.regex.Pattern httpRequestRemoteAddressPattern

httpRequestHeaderPatterns

java.util.Set<E> httpRequestHeaderPatterns

Class org.apereo.cas.authentication.DefaultPrincipalElectionStrategy extends java.lang.Object implements Serializable

serialVersionUID:

6704726217030836315L

Serialized Fields

principalFactory

PrincipalFactory principalFactory

Class org.apereo.cas.authentication.DefaultVariegatedMultifactorAuthenticationProvider extends AbstractMultifactorAuthenticationProvider implements Serializable

serialVersionUID:

4789727148134156909L

Serialized Fields

providers

java.util.Collection<E> providers

Class org.apereo.cas.authentication.GroovyMultifactorAuthenticationProviderBypass extends DefaultMultifactorAuthenticationProviderBypass implements Serializable

serialVersionUID:

-4909072898415688377L

Class org.apereo.cas.authentication.HttpBasedServiceCredential extends AbstractCredential implements Serializable

serialVersionUID:

1492607216336354503L

Serialized Fields

callbackUrl

java.net.URL callbackUrl

The callbackURL to check that identifies the application.

service

RegisteredService service

The registered service associated with this callback.

Class org.apereo.cas.authentication.OneTimePasswordCredential extends AbstractCredential implements Serializable

serialVersionUID:

1892587671827699709L

Serialized Fields

password

java.lang.String password

One-time password.

id

java.lang.String id

Optional unique identifier.

Class org.apereo.cas.authentication.OneTimeToken extends java.lang.Object implements Serializable

serialVersionUID:

-1329938047176583075L

Serialized Fields

id

long id

token

java.lang.Integer token

userId

java.lang.String userId

issuedDateTime

java.time.LocalDateTime issuedDateTime

Class org.apereo.cas.authentication.OneTimeTokenAccount extends java.lang.Object implements Serializable

serialVersionUID:

-8289105320642735252L

Serialized Fields

id

long id

secretKey

java.lang.String secretKey

validationCode

int validationCode

scratchCodes

java.util.List<E> scratchCodes

username

java.lang.String username

registrationDate

java.time.ZonedDateTime registrationDate

Class org.apereo.cas.authentication.OneTimeTokenCredential extends java.lang.Object implements Serializable

serialVersionUID:

-7570600701132111037L

Serialized Fields

token

java.lang.String token

Class org.apereo.cas.authentication.PreventedException extends java.lang.Exception implements Serializable

serialVersionUID:

4702274165911620708L

Class org.apereo.cas.authentication.PrincipalException extends AuthenticationException implements Serializable

serialVersionUID:

-6590363469748313596L

Class org.apereo.cas.authentication.PseudoPlatformTransactionManager extends org.springframework.transaction.support.AbstractPlatformTransactionManager implements Serializable

serialVersionUID:

-3501861804821200893L

Class org.apereo.cas.authentication.RememberMeUsernamePasswordCredential extends UsernamePasswordCredential implements Serializable

serialVersionUID:

-6710007659431302397L

Serialized Fields

rememberMe

boolean rememberMe

Class org.apereo.cas.authentication.RestMultifactorAuthenticationProviderBypass extends DefaultMultifactorAuthenticationProviderBypass implements Serializable

serialVersionUID:

-7553888418344342672L

Class org.apereo.cas.authentication.RootCasException extends java.lang.RuntimeException implements Serializable

serialVersionUID:

-2384466176716541689L

Serialized Fields

code

java.lang.String code

The code description of the exception.

Class org.apereo.cas.authentication.SurrogateAuthenticationException extends AuthenticationException implements Serializable

serialVersionUID:

-3250559691638860076L

Class org.apereo.cas.authentication.SurrogatePrincipal extends java.lang.Object implements Serializable

serialVersionUID:

5672386093026290631L

Serialized Fields

primary

Principal primary

surrogate

Principal surrogate

Class org.apereo.cas.authentication.SurrogatePrincipalElectionStrategy extends DefaultPrincipalElectionStrategy implements Serializable

serialVersionUID:

-3112906686072339162L

Class org.apereo.cas.authentication.SurrogateUsernamePasswordCredential extends RememberMeUsernamePasswordCredential implements Serializable

serialVersionUID:

8760695298971444249L

Serialized Fields

surrogateUsername

java.lang.String surrogateUsername

Class org.apereo.cas.authentication.UsernamePasswordCredential extends java.lang.Object implements Serializable

serialVersionUID:

-700605081472810939L

Serialized Fields

username

java.lang.String username

password

java.lang.String password

Package org.apereo.cas.authentication.adaptive

Class org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException extends AuthenticationException implements Serializable

serialVersionUID:

4386330975702952112L

Package org.apereo.cas.authentication.exceptions

Class org.apereo.cas.authentication.exceptions.AccountDisabledException extends javax.security.auth.login.AccountException implements Serializable

serialVersionUID:

7487835035108753209L

Class org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException extends javax.security.auth.login.CredentialExpiredException implements Serializable

serialVersionUID:

7487835035108753209L

Class org.apereo.cas.authentication.exceptions.InvalidLoginLocationException extends javax.security.auth.login.AccountException implements Serializable

serialVersionUID:

5745711263227480194L

Class org.apereo.cas.authentication.exceptions.InvalidLoginTimeException extends javax.security.auth.login.AccountException implements Serializable

serialVersionUID:

-6699752791525619208L

Class org.apereo.cas.authentication.exceptions.MixedPrincipalException extends PrincipalException implements Serializable

serialVersionUID:

-9040132618070273997L

Serialized Fields

first

Principal first

First resolved principal.

second

Principal second

Second resolved principal.

Class org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException extends PrincipalException implements Serializable

serialVersionUID:

380456166081802820L

Package org.apereo.cas.authentication.principal

Class org.apereo.cas.authentication.principal.AbstractWebApplicationService extends java.lang.Object implements Serializable

serialVersionUID:

610105280927740076L

Serialized Fields

id

java.lang.String id

originalUrl

java.lang.String originalUrl

artifactId

java.lang.String artifactId

principal

java.lang.String principal

source

java.lang.String source

loggedOutAlready

boolean loggedOutAlready

format

ValidationResponseType format

attributes

java.util.HashMap<K,V> attributes

Class org.apereo.cas.authentication.principal.AbstractWebApplicationServiceResponseBuilder extends java.lang.Object implements Serializable

serialVersionUID:

-4584738964007702423L

Serialized Fields

servicesManager

ServicesManager servicesManager

Services manager instance.

order

int order

Class org.apereo.cas.authentication.principal.ClientCredential extends java.lang.Object implements Serializable

serialVersionUID:

-7883301304291894763L

Serialized Fields

typedIdUsed

boolean typedIdUsed

userProfile

org.pac4j.core.profile.UserProfile userProfile

The user profile after authentication.

clientName

java.lang.String clientName

Name of the client that established the credential.

Class org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository extends AbstractPrincipalAttributesRepository implements Serializable

serialVersionUID:

-4535358847021241725L

Class org.apereo.cas.authentication.principal.DefaultPrincipalFactory extends java.lang.Object implements Serializable

serialVersionUID:

-3999695695604948495L

Class org.apereo.cas.authentication.principal.DefaultResponse extends java.lang.Object implements Serializable

serialVersionUID:

-8251042088720603062L

Serialized Fields

responseType

Response.ResponseType responseType

url

java.lang.String url

attributes

java.util.Map<K,V> attributes

Class org.apereo.cas.authentication.principal.DefaultWebApplicationResponseBuilderLocator extends java.lang.Object implements Serializable

serialVersionUID:

388417797622191740L

Serialized Fields

builders

java.util.List<E> builders

Class org.apereo.cas.authentication.principal.GroovyPrincipalFactory extends DefaultPrincipalFactory implements Serializable

serialVersionUID:

-3999695695604948495L

Class org.apereo.cas.authentication.principal.NullPrincipal extends java.lang.Object implements Serializable

serialVersionUID:

2309300426720915104L

Serialized Fields

attributes

java.util.Map<K,V> attributes

Class org.apereo.cas.authentication.principal.OidcPairwisePersistentIdGenerator extends ShibbolethCompatiblePersistentIdGenerator implements Serializable

serialVersionUID:

7114093881796832321L

Class org.apereo.cas.authentication.principal.ShibbolethCompatiblePersistentIdGenerator extends java.lang.Object implements Serializable

serialVersionUID:

6182838799563190289L

Serialized Fields

salt

java.lang.String salt

attribute

java.lang.String attribute

Class org.apereo.cas.authentication.principal.SimplePrincipal extends java.lang.Object implements Serializable

serialVersionUID:

-1255260750151385796L

Serialized Fields

id

java.lang.String id

The unique identifier for the principal.

attributes

java.util.Map<K,V> attributes

Principal attributes.

Class org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl extends AbstractWebApplicationService implements Serializable

serialVersionUID:

8334068957483758042L

Class org.apereo.cas.authentication.principal.WebApplicationServiceResponseBuilder extends AbstractWebApplicationServiceResponseBuilder implements Serializable

serialVersionUID:

-851233878780818494L

Serialized Fields

order

int order

Package org.apereo.cas.authentication.principal.cache

Class org.apereo.cas.authentication.principal.cache.AbstractPrincipalAttributesRepository extends java.lang.Object implements Serializable

serialVersionUID:

6350245643948535906L

Serialized Fields

expiration

long expiration

The expiration time.

timeUnit

java.lang.String timeUnit

Expiration time unit.

mergingStrategy

AbstractPrincipalAttributesRepository.MergingStrategy mergingStrategy

The merging strategy that deals with existing principal attributes and those that are retrieved from the source. By default, existing attributes are ignored and the source is always consulted.

Class org.apereo.cas.authentication.principal.cache.CachingPrincipalAttributesRepository extends AbstractPrincipalAttributesRepository implements Serializable

serialVersionUID:

6350244643948535906L

Serialized Fields

maxCacheSize

long maxCacheSize

Package org.apereo.cas.authentication.support.password

Class org.apereo.cas.authentication.support.password.PasswordExpiringWarningMessageDescriptor extends DefaultMessageDescriptor implements Serializable

serialVersionUID:

-5892600936676838470L

Package org.apereo.cas.authentication.surrogate

Class org.apereo.cas.authentication.surrogate.SurrogateJdbcAuthenticationService.SurrogateAccount extends java.lang.Object implements Serializable

serialVersionUID:

7734857552147825153L

Serialized Fields

surrogateAccount

java.lang.String surrogateAccount

Package org.apereo.cas.configuration

Class org.apereo.cas.configuration.CasConfigurationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8620267783496071683L

Serialized Fields

interrupt

InterruptProperties interrupt

Interrupt/notification functionality.

consent

ConsentProperties consent

Attribute consent functionality.

scim

ScimProperties scim

SCIM functionality.

authn

AuthenticationProperties authn

General settings for authentication.

audit

AuditProperties audit

Authentication audit functionality.

httpClient

HttpClientProperties httpClient

Http client and outgoing connections settings.

personDirectory

PersonDirectoryPrincipalResolverProperties personDirectory

Person directory and principal resolution functionality.

events

EventsProperties events

Authentication events functionality.

host

HostProperties host

Settings that define this CAS host.

logout

LogoutProperties logout

Logout functionality.

metrics

MetricsProperties metrics

Metrics functionality.

monitor

MonitorProperties monitor

Monitoring functionality.

rest

RestProperties rest

REST API functionality.

server

CasServerProperties server

Settings that define this CAS server instance.

client

CasJavaClientProperties client

Settings that configure the Java CAS client instance used internally for validation ops, etc.

serviceRegistry

ServiceRegistryProperties serviceRegistry

Service registry functionality.

slo

SloProperties slo

SLO functionality.

sso

SsoProperties sso

SSO functionality.

ticket

TicketProperties ticket

Ticketing functionality.

messageBundle

MessageBundleProperties messageBundle

Message bundles and internationalization functionality.

adminPagesSecurity

AdminPagesSecurityProperties adminPagesSecurity

Admin pages and their security, controling endpoints, etc.

httpWebRequest

HttpRequestProperties httpWebRequest

Settings that control filtering of the incoming http requests.

view

ViewProperties view

Views and UI functionality.

googleAnalytics

GoogleAnalyticsProperties googleAnalytics

Google Analytics functionality.

googleRecaptcha

GoogleRecaptchaProperties googleRecaptcha

Google reCAPTCHA settings.

smsProvider

SmsProvidersProperties smsProvider

SMS and Text messaging settings.

acceptableUsagePolicy

AcceptableUsagePolicyProperties acceptableUsagePolicy

AUP settings.

clearpass

ClearpassProperties clearpass

Clearpass settings.

tgc

TicketGrantingCookieProperties tgc

Ticket-granting cookie settings.

warningCookie

WarningCookieProperties warningCookie

Warning cookie settings.

samlSp

SamlServiceProviderProperties samlSp

SAML SP integration settings.

maxmind

MaxmindProperties maxmind

MaxMind settings.

googleMaps

GoogleMapsProperties googleMaps

Google Maps settings.

jdbc

DatabaseProperties jdbc

General database and hibernate settings.

googleApps

GoogleAppsProperties googleApps

Google Apps integration settings.

samlMetadataUi

SamlMetadataUIProperties samlMetadataUi

SAML Metadata UI settings and parsing.

samlCore

SamlCoreProperties samlCore

SAML Core functionality and settings.

theme

ThemeProperties theme

UI and theme settings.

locale

LocaleProperties locale

Locale and internationalization settings.

webflow

WebflowProperties webflow

Spring Webflow functionality.

custom

CasCustomProperties custom

Custom properties.

standalone

StandaloneConfigurationProperties standalone

Standalone configuration settings.

Package org.apereo.cas.configuration.model.core

Class org.apereo.cas.configuration.model.core.CasJavaClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3646242105668747303L

Serialized Fields

prefix

java.lang.String prefix

Prefix of the CAS server used to establish ticket validators for the client. Typically set to https://sso.example.org/cas

validatorType

CasJavaClientProperties.ClientTicketValidatorTypes validatorType

Determines the type of ticket validator that CAS should create from the Java CAS client when attempting to issue in-bound ticket validation calls.

Class org.apereo.cas.configuration.model.core.CasServerProperties extends java.lang.Object implements Serializable

serialVersionUID:

7876382696803430817L

Serialized Fields

name

java.lang.String name

Full name of the CAS server. This is public-facing address of the CAS deployment and not the individual node address, in the event that CAS is clustered.

prefix

java.lang.String prefix

A concatenation of the server name plus the CAS context path. Deployments at root likely need to blank out this value.

ajp

CasEmbeddedApacheTomcatAjpProperties ajp

Embedded container AJP settings.

http

CasEmbeddedApacheTomcatHttpProperties http

Embedded container HTTP port settings as an additional option.

clustering

CasEmbeddedApacheTomcatClusteringProperties clustering

Embedded container tomcat clustering options.

httpProxy

CasEmbeddedApacheTomcatHttpProxyProperties httpProxy

Http proxy configuration properties. In the event that you decide to run CAS without any SSL configuration in the embedded Tomcat container and on a non-secure port yet wish to customize the connector configuration that is linked to the running port (i.e. 8080), this setting may apply.

sslValve

CasEmbeddedApacheTomcatSslValveProperties sslValve

Embedded container's SSL valve setting.

rewriteValve

CasEmbeddedApacheTomcatRewriteValveProperties rewriteValve

Embedded container's rewrite valve setting.

extAccessLog

CasEmbeddedApacheTomcatExtendedAccessLogProperties extAccessLog

Configuration properties for access logging beyond defaults.

remoteAddr

CasEmbeddedApacheTomcatRemoteAddressProperties remoteAddr

Enable Tomcat's RemoteAddress filter.

csrf

CasEmbeddedApacheTomcatCsrfProperties csrf

Enable Tomcat's CSRF filter.

basicAuthn

CasEmbeddedApacheTomcatBasicAuthenticationProperties basicAuthn

Enable basic authentication for the embedded tomcat.

Class org.apereo.cas.configuration.model.core.HostProperties extends java.lang.Object implements Serializable

serialVersionUID:

8624916460241033347L

Serialized Fields

name

java.lang.String name

Name of the networking host configured to run CAS server.

Package org.apereo.cas.configuration.model.core.audit

Class org.apereo.cas.configuration.model.core.audit.AuditJdbcProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

4227475246873515918L

Serialized Fields

asynchronous

boolean asynchronous

Execute the recording of audit records in async manner. This setting must almost always be set to true.

maxAgeDays

int maxAgeDays

Indicates how long audit records should be kept in the database. This is used by the clean-up criteria to clean up after stale audit records.

columnLength

int columnLength

Allows one to trim the audit data by the specified length. A negative value disables the trimming process where the audit functionality no longer substrings the audit record.

isolationLevelName

java.lang.String isolationLevelName

Defines the isolation level for transactions.

See Also:

TransactionDefinition

propagationBehaviorName

java.lang.String propagationBehaviorName

Defines the propagation behavior for transactions.

See Also:

TransactionDefinition

Class org.apereo.cas.configuration.model.core.audit.AuditMongoDbProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

4940497540189318943L

Serialized Fields

asynchronous

boolean asynchronous

Execute the recording of audit records in async manner. This setting must almost always be set to true.

Class org.apereo.cas.configuration.model.core.audit.AuditProperties extends java.lang.Object implements Serializable

serialVersionUID:

3946106584608417663L

Serialized Fields

numberOfDaysInHistory

int numberOfDaysInHistory

Retrieve audit records from storage, starting from now and going back the indicated number of days in history.

includeValidationAssertion

boolean includeValidationAssertion

Whether ticket validation events in the audit log should include information about the assertion that is validated; things such as the principal id and attributes released.

appCode

java.lang.String appCode

Application code to use in the audit logs. This is a unique code that acts as the identifier for the application. In case audit logs are aggregated in a central location. This makes it easy to identify the application and filter results based on the code.

alternateServerAddrHeaderName

java.lang.String alternateServerAddrHeaderName

Request header to use identify the server address.

alternateClientAddrHeaderName

java.lang.String alternateClientAddrHeaderName

Request header to use identify the client address. If the application is sitting behind a load balancer, the client address typically ends up being the load balancer address itself. A common example for a header here would be X-Forwarded-For to glean the client address from the request, assuming the load balancer is configured correctly to pass that header along.

useServerHostAddress

boolean useServerHostAddress

Determines whether a local DNS lookup should be made to query for the CAS server address. By default, the server is address is determined from the request. Aside from special headers, this option allows one to query DNS to look up the server address of the CAS server processing requests.

jdbc

AuditJdbcProperties jdbc

Family of sub-properties pertaining to Jdbc-based audit destinations.

mongo

AuditMongoDbProperties mongo

Family of sub-properties pertaining to MongoDb-based audit destinations.

rest

AuditRestProperties rest

Family of sub-properties pertaining to rest-based audit destinations.

slf4j

AuditSlf4jLogProperties slf4j

Family of sub-properties pertaining to file-based audit destinations.

ignoreAuditFailures

boolean ignoreAuditFailures

Indicates whether catastrophic audit failures should simply be logged or whether errors should bubble up and thrown back.

Class org.apereo.cas.configuration.model.core.audit.AuditRestProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

3893437775090452831L

Class org.apereo.cas.configuration.model.core.audit.AuditSlf4jLogProperties extends java.lang.Object implements Serializable

serialVersionUID:

4227475246873515918L

Serialized Fields

useSingleLine

boolean useSingleLine

Indicates whether audit logs should be recorded as a single-line.

By default, audit logs are split into multiple lines where each action and activity takes up a full line. This is a more compact version.

singlelineSeparator

java.lang.String singlelineSeparator

Character to separate audit fields if single-line audits are used.

auditFormat

org.apereo.inspektr.audit.support.AbstractStringAuditTrailManager.AuditFormats auditFormat

The audit format to use in the logs.

Package org.apereo.cas.configuration.model.core.authentication

Class org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1840174229142982880L

Serialized Fields

rejectCountries

java.lang.String rejectCountries

Comma-separated list of strings representing countries to be rejected from participating in authentication transactions.

rejectBrowsers

java.lang.String rejectBrowsers

Comma-separated list of strings representing browser user agents to be rejected from participating in authentication transactions.

rejectIpAddresses

java.lang.String rejectIpAddresses

Comma-separated list of strings representing IP addresses to be rejected from participating in authentication transactions.

risk

RiskBasedAuthenticationProperties risk

Control settings that handle and calculate risky authentication attempts.

requireMultifactor

java.util.Map<K,V> requireMultifactor

A map of (mfaProviderId -> adaptiveRegexPattern) that tells CAS when to trigger an MFA authentication transaction.

This property binds a valid mfa provider to an adaptive regex pattern representing either IP address, user-agent or geolocation. When either of those collected pieces of adaptive data matches configured regex pattern during authentication event, an MFA authentication transaction is triggered for an MFA provider represented by the map's key.

Default value is EMPTY Map.

requireTimedMultifactor

java.util.List<E> requireTimedMultifactor

This property binds a valid mfa provider to a collection of rules that deal with triggering mfa based on that provider based on properties of date/time. One may want to force mfa during weekends, after hours, etc and the ruleset provides a modest configuration set where time can also be treated as trigger.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationAttributeReleaseProperties extends java.lang.Object implements Serializable

serialVersionUID:

6123748197108749858L

Serialized Fields

neverRelease

java.util.List<E> neverRelease

List of authentication attributes that should never be released.

onlyRelease

java.util.List<E> onlyRelease

List of authentication attributes that should be the only ones released. An empty list indicates all attributes should be released.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationExceptionsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2385347572099983874L

Serialized Fields

exceptions

java.util.List<E> exceptions

Define custom exceptions that can then be mapped to message bundles for custom error handling. By default CAS is configured to recognize and handle a number of exceptions for during authentication. Each exception has the specific message bundle mapping so that a specific message could be presented to end users on the login form. Any un-recognized or un-mapped exceptions results in a generic message. To map custom exceptions, one would need map the exception, they can be defined here and then linked to custom messages.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

2039700004862120066L

Serialized Fields

requiredHandlerAuthenticationPolicyEnabled

boolean requiredHandlerAuthenticationPolicyEnabled

Global authentication policy that is applied when CAS attempts to vend and validate tickets. Checks to make sure a particular authentication handler has successfully executed and validated credentials. Required handlers are defined per registered service.

any

AuthenticationPolicyProperties.Any any

Satisfied if any authentication handler succeeds. Allows options to avoid short circuiting and try every handler even if one prior succeeded.

req

AuthenticationPolicyProperties.Req req

Satisfied if an only if a specified handler successfully authenticates its credential.

all

AuthenticationPolicyProperties.All all

Satisfied if and only if all given credentials are successfully authenticated. Support for multiple credentials is new in CAS and this handler would only be acceptable in a multi-factor authentication situation.

groovy

java.util.List<E> groovy

Execute a groovy script to detect authentication policy.

rest

java.util.List<E> rest

Execute a rest endpoint to detect authentication policy.

notPrevented

AuthenticationPolicyProperties.NotPrevented notPrevented

Satisfied if an only if the authentication event is not blocked by a PreventedException.

uniquePrincipal

AuthenticationPolicyProperties.UniquePrincipal uniquePrincipal

Satisfied if an only if the principal has not already authenticated and does not have an sso session with CAS. Otherwise, prevents the user from logging in more than once. Note that this policy adds an extra burden to the ticket store/registry as CAS needs to query all relevant tickets found in the registry to cross-check the requesting username with existing tickets.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.All extends java.lang.Object implements Serializable

serialVersionUID:

928409456096460793L

Serialized Fields

enabled

boolean enabled

Enables the policy.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.Any extends java.lang.Object implements Serializable

serialVersionUID:

4600357071276768175L

Serialized Fields

enabled

boolean enabled

Enables the policy.

tryAll

boolean tryAll

Avoid short circuiting and try every handler even if one prior succeeded. Ensure number of provided credentials does not match the sum of authentication successes and failures

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.NotPrevented extends java.lang.Object implements Serializable

serialVersionUID:

-4930217018850738715L

Serialized Fields

enabled

boolean enabled

Enables the policy.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.Req extends java.lang.Object implements Serializable

serialVersionUID:

-4206244023952305821L

Serialized Fields

enabled

boolean enabled

Enables the policy.

tryAll

boolean tryAll

Ensure number of provided credentials does not match the sum of authentication successes and failures.

handlerName

java.lang.String handlerName

The handler name which must have successfully executed and validated credentials.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties.UniquePrincipal extends java.lang.Object implements Serializable

serialVersionUID:

-4930217087310738715L

Serialized Fields

enabled

boolean enabled

Enables the policy.

Class org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1233126985007049516L

Serialized Fields

passwordless

PasswordlessAuthenticationProperties passwordless

Passwordless authentication settings.

json

JsonResourceAuthenticationProperties json

JSON authentication settings.

syncope

SyncopeAuthenticationProperties syncope

Syncope authentication settings.

couchbase

CouchbaseAuthenticationProperties couchbase

Couchbase authentication settings.

cassandra

CassandraAuthenticationProperties cassandra

Cassandra authentication settings.

cloudDirectory

CloudDirectoryProperties cloudDirectory

Cloud Directory authentication settings.

surrogate

SurrogateAuthenticationProperties surrogate

Surrogate authentication settings.

gua

GraphicalUserAuthenticationProperties gua

Graphical User authentication settings.

pm

PasswordManagementProperties pm

Password management settings.

adaptive

AdaptiveAuthenticationProperties adaptive

Adaptive authentication settings.

attributeRepository

PrincipalAttributesProperties attributeRepository

Attribute repository settings.

digest

DigestProperties digest

Digest authentication settings.

rest

RestAuthenticationProperties rest

REST-based authentication settings.

ldap

java.util.List<E> ldap

Collection of settings related to LDAP authentication. These settings are required to be indexed (i.e. ldap[0].xyz).

throttle

ThrottleProperties throttle

Authentication throttling settings.

samlIdp

SamlIdPProperties samlIdp

SAML identity provider settings.

exceptions

AuthenticationExceptionsProperties exceptions

Customization of authentication errors and exceptions.

policy

AuthenticationPolicyProperties policy

Authentication policy settings.

accept

AcceptAuthenticationProperties accept

Accepting authentication based on statically defined users.

file

FileAuthenticationProperties file

File-based authentication.

reject

RejectAuthenticationProperties reject

Blacklist-based authentication.

remoteAddress

RemoteAddressAuthenticationProperties remoteAddress

Authentication based on a remote-address of a request.

shibIdp

ShibbolethIdPProperties shibIdp

Authentication settings when integrating CAS with a shibboleth IdP.

shiro

ShiroAuthenticationProperties shiro

Shiro-based authentication.

trusted

TrustedAuthenticationProperties trusted

Trusted authentication.

jaas

java.util.List<E> jaas

Collection of settings related to JAAS authentication. These settings are required to be indexed (i.e. jaas[0].xyz).

jdbc

JdbcAuthenticationProperties jdbc

JDBC authentication settings.

mfa

MultifactorAuthenticationProperties mfa

MFA settings.

mongo

MongoAuthenticationProperties mongo

MongoDb authentication settings.

ntlm

NtlmProperties ntlm

NTLM authentication settings.

oauth

OAuthProperties oauth

OAuth authentication settings.

oidc

OidcProperties oidc

OpenID Connect authentication settings.

openid

OpenIdProperties openid

OpenID authentication settings.

pac4j

Pac4jDelegatedAuthenticationProperties pac4j

Pac4j delegated authentication settings.

radius

RadiusProperties radius

RADIUS authentication settings.

spnego

SpnegoProperties spnego

SPNEGO authentication settings.

wsfed

java.util.List<E> wsfed

Collection of settings related to WsFed delegated authentication. These settings are required to be indexed (i.e. wsfed[0].xyz).

wsfedIdp

WsFederationProperties wsfedIdp

WS-FED IdP authentication settings.

x509

X509Properties x509

X509 authentication settings.

token

TokenAuthenticationProperties token

Token/JWT authentication settings.

fortress

FortressAuthenticationProperties fortress

Apache Fortress authentication settings.

authenticationAttributeRelease

AuthenticationAttributeReleaseProperties authenticationAttributeRelease

Authentication attribute release settings.

releaseProtocolAttributes

boolean releaseProtocolAttributes

Whether CAS authentication/protocol attributes should be released as part of ticket validation.

Class org.apereo.cas.configuration.model.core.authentication.CouchbasePrincipalAttributesProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

-6573755681498251678L

Serialized Fields

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch attributes by.

Class org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

8713917167124116270L

Serialized Fields

script

java.lang.String script

Path to the groovy script to execute.

Class org.apereo.cas.configuration.model.core.authentication.GroovyPrincipalAttributesProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

7901595963842506684L

Serialized Fields

caseInsensitive

boolean caseInsensitive

Whether attribute repository should consider the underlying attribute names in a case-insensitive manner.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.core.authentication.GrouperPrincipalAttributesProperties extends java.lang.Object implements Serializable

serialVersionUID:

7139471665871712818L

Serialized Fields

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

enabled

boolean enabled

Enable the attribute repository source.

Class org.apereo.cas.configuration.model.core.authentication.HttpClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7494946569869245770L

Serialized Fields

connectionTimeout

java.lang.String connectionTimeout

Connection timeout for all operations that reach out to URL endpoints.

readTimeout

java.lang.String readTimeout

Read timeout for all operations that reach out to URL endpoints.

asyncTimeout

java.lang.String asyncTimeout

Indicates timeout for async operations.

hostNameVerifier

java.lang.String hostNameVerifier

Enable hostname verification when attempting to contact URL endpoints. May also be set to none to disable verification.

truststore

HttpClientProperties.Truststore truststore

Configuration properties namespace for embedded Java SSL trust store.

allowLocalLogoutUrls

boolean allowLocalLogoutUrls

Whether CAS should accept local logout URLs. For example http(s)://localhost/logout

authorityValidationRegEx

java.lang.String authorityValidationRegEx

If specified the regular expression will be used to validate the url's authority.

authorityValidationRegExCaseSensitive

boolean authorityValidationRegExCaseSensitive

Whether the regular expression specified with authorityValidationRegEx should be handled as case-sensitive (true) or case-insensitive (false). If no authorityValidationRegEx is set, this value does not have any effect.

Class org.apereo.cas.configuration.model.core.authentication.HttpClientProperties.Truststore extends java.lang.Object implements Serializable

serialVersionUID:

-1357168622083627654L

Serialized Fields

psw

java.lang.String psw

The truststore password.

Class org.apereo.cas.configuration.model.core.authentication.JdbcPrincipalAttributesProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

6915428382578138387L

Serialized Fields

sql

java.lang.String sql

The SQL statement to execute and fetch attributes. The syntax of the query must be SELECT * FROM table WHERE {0}. The WHERE clause is dynamically generated by CAS.

singleRow

boolean singleRow

Designed to work against a table where there is a mapping of one row to one user. The fields in the table structure is assumed to match username|name|lastname|address where there is only a single row per user. Setting this setting to false will force CAS to work against a table where there is a mapping of one row to one user. The fields in the table structure is assumed to match username|attr_name|attr_value where there is more than one row per username.

requireAllAttributes

boolean requireAllAttributes

If the SQL should only be run if all attributes listed in the mappings exist in the query.

caseCanonicalization

org.apereo.services.persondir.util.CaseCanonicalizationMode caseCanonicalization

When constructing the final person object from the attribute repository, indicate how the username should be canonicalized.

queryType

org.apereo.services.persondir.support.QueryType queryType

Indicates how multiple attributes in a query should be concatenated together. The other option is OR.

columnMappings

java.util.Map<K,V> columnMappings

Used only when there is a mapping of many rows to one user. This is done using a key-value structure where the key is the name of the "attribute name" column the value is the name of the "attribute value" column. If the table structure is as such:

 -----------------------------
 uid | attr_name  | attr_value
 -----------------------------
 tom | first_name | Thomas
 

Then a column mapping must be specified to teach CAS to use attr_name and attr_value for attribute names and values.

username

java.util.List<E> username

Username attribute(s) to use when running the SQL query.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

attributes

java.util.Map<K,V> attributes

Map of attributes to fetch from the database. Attributes are defined using a key-value structure where CAS allows the attribute name/key to be renamed virtually to a different attribute. The key is the attribute fetched from the data source and the value is the attribute name CAS should use for virtual renames.

Class org.apereo.cas.configuration.model.core.authentication.JsonPrincipalAttributesProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-6573755681498251678L

Serialized Fields

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.core.authentication.LdapPrincipalAttributesProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

5760065368731012063L

Serialized Fields

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

attributes

java.util.Map<K,V> attributes

Map of attributes to fetch from the source. Attributes are defined using a key-value structure where CAS allows the attribute name/key to be renamed virtually to a different attribute. The key is the attribute fetched from the data source and the value is the attribute name CAS should use for virtual renames.

Class org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2396781005262069816L

Serialized Fields

type

java.lang.String type

Define the password encoder type to use. Type may be specified as blank or 'NONE' to disable password encoding. It may also refer to a fully-qualified class name that implements the PasswordEncoder interface if you wish you define your own encoder.

See Also:

PasswordEncoderProperties.PasswordEncoderTypes

encodingAlgorithm

java.lang.String encodingAlgorithm

The encoding algorithm to use such as 'MD5'. Relevant when the type used is 'DEFAULT'.

characterEncoding

java.lang.String characterEncoding

The encoding algorithm to use such as 'UTF-8'. Relevant when the type used is 'DEFAULT'.

secret

java.lang.String secret

Secret to use with STANDARD, PBKDF2, BCRYPT password encoders. Secret usually is an optional setting.

strength

int strength

Strength or number of iterations to use for password hashing. Usually relevant when dealing with PBKDF2 or BCRYPT encoders.

Class org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3878237508646993100L

Serialized Fields

strategy

PasswordPolicyProperties.PasswordPolicyHandlingOptions strategy

Decide how authentication should handle password policy changes. Acceptable values are:

• DEFAULT: Default password policy rules handling account states.
• GROOVY: Handle account changes and warnings via Groovy scripts
• REJECT_RESULT_CODE: Handle account state only if the authentication result code isn't blocked

policyAttributes

java.util.Map<K,V> policyAttributes

Key-value structure (Map) that indicates a list of boolean attributes as keys. If either attribute value is true, indicating an account state is flagged, the corresponding error can be thrown. Example accountLocked=javax.security.auth.login.AccountLockedException

enabled

boolean enabled

Whether password policy should be enabled.

accountStateHandlingEnabled

boolean accountStateHandlingEnabled

Indicates whether account state handling should be enabled to process warnings or errors reported back from the authentication response, produced by the source.

loginFailures

int loginFailures

When dealing with FreeIPA, indicates the number of allows login failures.

warningAttributeValue

java.lang.String warningAttributeValue

Used by an account state handling policy that only calculates account warnings in case the entry carries an attribute PasswordPolicyProperties.warningAttributeName whose value matches this field.

warningAttributeName

java.lang.String warningAttributeName

Used by an account state handling policy that only calculates account warnings in case the entry carries this attribute.

displayWarningOnMatch

boolean displayWarningOnMatch

Indicates if warning should be displayed, when the ldap attribute value matches the PasswordPolicyProperties.warningAttributeValue.

warnAll

boolean warnAll

Always display the password expiration warning regardless.

warningDays

int warningDays

This is used to calculate a warning period to see if account expiry is within the calculated window.

groovy

PasswordPolicyProperties.Groovy groovy

Handle password policy via Groovy script.

Class org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties extends java.lang.Object implements Serializable

serialVersionUID:

8929912041234879300L

Serialized Fields

principalAttribute

java.lang.String principalAttribute

Attribute name to use to indicate the identifier of the principal constructed. If the attribute is blank or has no values, the default principal id will be used determined by the underlying authentication engine. The principal id attribute usually is removed from the collection of attributes collected, though this behavior depends on the schematics of the underlying authentication strategy.

returnNull

boolean returnNull

Return a null principal object if no attributes can be found for the principal.

principalResolutionFailureFatal

boolean principalResolutionFailureFatal

When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements. Otherwise, simply logs the condition as an error without raising a catastrophic error.

Class org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4515569588579072890L

Serialized Fields

expirationTime

int expirationTime

Indicates the global cache expiration period, once attributes are fetched from the underlying attribute repository.

expirationTimeUnit

java.lang.String expirationTimeUnit

Expiration caching time unit for attributes.

maximumCacheSize

int maximumCacheSize

Indicates the global cache size used to store attributes retrieved from the attribute repository.

merger

java.lang.String merger

Merging strategies can be used to resolve conflicts when the same attribute are found from multiple sources. Accepted values are the following:

• REPLACE: Overwrites existing attribute values, if any.
• ADD: Retains existing attribute values if any, and ignores values from subsequent sources in the resolution chain.
• MERGE: Combines all values into a single attribute, essentially creating a multi-valued attribute.

defaultAttributesToRelease

java.util.Set<E> defaultAttributesToRelease

CAS provides the ability to release a bundle of principal attributes to all services by default. This bundle is not defined on a per-service basis and is always combined with attributes produced by the specific release policy of the service, such that for instance, you can devise rules to always release givenName and cn to every application, and additionally allow other specific principal attributes for only some applications per their attribute release policy.

jdbc

java.util.List<E> jdbc

Retrieve attributes from multiple JDBC repositories.

rest

java.util.List<E> rest

Retrieve attributes from multiple REST endpoints.

groovy

java.util.List<E> groovy

Retrieve attributes from multiple Groovy scripts.

ldap

java.util.List<E> ldap

Retrieve attributes from multiple LDAP servers.

json

java.util.List<E> json

Retrieve attributes from multiple JSON file repositories.

couchbase

CouchbasePrincipalAttributesProperties couchbase

Retrieve attributes from Couchbase repositories.

script

java.util.List<E> script

Retrieve attributes from multiple scripted repositories.

stub

StubPrincipalAttributesProperties stub

Use stubbed attribute definitions as the underlying attribute repository source. Static attributes that need to be mapped to a hardcoded value belong here.

grouper

GrouperPrincipalAttributesProperties grouper

Use Grouper to fetch principal attributes. You will also need to ensure grouper.client.properties is available on the classpath (i.e. src/main/resources) and it contains the following:

 grouperClient.webService.url = http://192.168.99.100:32768/grouper-ws/servicesRest
 grouperClient.webService.login = banderson
 grouperClient.webService.password = password
 

Class org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties extends java.lang.Object implements Serializable

serialVersionUID:

1678602647607236322L

Serialized Fields

prefix

java.lang.String prefix

Prefix to add to the principal id prior to authentication.

suffix

java.lang.String suffix

Suffix to add to the principal id prior to authentication.

pattern

java.lang.String pattern

A regular expression that will be used against the provided username for username extractions. On a successful match, the first matched group in the pattern will be used as the extracted username.

groovy

PrincipalTransformationProperties.Groovy groovy

Transform usernames using a Groovy resource.

caseConversion

PrincipalTransformationProperties.CaseConversion caseConversion

Indicate whether the principal identifier should be transformed into upper-case, lower-case, etc. Accepted values are NONE, UPPERCASE, LOWERCASE,

Class org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.core.authentication.RestAuthenticationPolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8979188862774758908L

Serialized Fields

endpoint

java.lang.String endpoint

Rest endpoint url to contact.

Class org.apereo.cas.configuration.model.core.authentication.RestPrincipalAttributesProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-30055974448426360L

Serialized Fields

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

caseInsensitive

boolean caseInsensitive

Whether attribute repository should consider the underlying attribute names in a case-insensitive manner.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

3826749727400569308L

Serialized Fields

ip

RiskBasedAuthenticationProperties.IpAddress ip

Handle risky authentication attempts via an IP criteria.

agent

RiskBasedAuthenticationProperties.Agent agent

Handle risky authentication attempts via a user-agent criteria.

geoLocation

RiskBasedAuthenticationProperties.GeoLocation geoLocation

Handle risky authentication attempts via geolocation criteria.

dateTime

RiskBasedAuthenticationProperties.DateTime dateTime

Handle risky authentication attempts via an date/time criteria.

response

RiskBasedAuthenticationProperties.Response response

Design how responses should be handled, in the event that an authentication event is deemed risky.

threshold

double threshold

The risk threshold factor beyond which the authentication event may be considered risky.

daysInRecentHistory

long daysInRecentHistory

Indicates how far back the search in authentication history must go in order to locate authentication events.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.Agent extends java.lang.Object implements Serializable

serialVersionUID:

7766080681971729400L

Serialized Fields

enabled

boolean enabled

Enable user-agent checking and criteria to calculate risky authentication attempts.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.DateTime extends java.lang.Object implements Serializable

serialVersionUID:

-3776875583039922050L

Serialized Fields

enabled

boolean enabled

Enable date/time checking and criteria to calculate risky authentication attempts.

windowInHours

int windowInHours

The hourly window used before and after each authentication event in calculation to establish a pattern that can then be compared against the threshold.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.GeoLocation extends java.lang.Object implements Serializable

serialVersionUID:

4115333388680538358L

Serialized Fields

enabled

boolean enabled

Enable geolocation checking and criteria to calculate risky authentication attempts.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.IpAddress extends java.lang.Object implements Serializable

serialVersionUID:

577801361041617794L

Serialized Fields

enabled

boolean enabled

Enable IP address checking and criteria to calculate risky authentication attempts.

Class org.apereo.cas.configuration.model.core.authentication.RiskBasedAuthenticationProperties.Response extends java.lang.Object implements Serializable

serialVersionUID:

8254082561120701582L

Serialized Fields

blockAttempt

boolean blockAttempt

If an authentication attempt is deemed risky, block the response and do not allow further attempts.

mfaProvider

java.lang.String mfaProvider

If an authentication attempt is deemed risky, force a multi-factor authentication event noted by the provider id here.

riskyAuthenticationAttribute

java.lang.String riskyAuthenticationAttribute

If an authentication attempt is deemed risky, communicate the nature of this attempt back to the application via a special attribute in the final CAS response indicated here.

mail

EmailProperties mail

Email settings for notifications, If an authentication attempt is deemed risky.

sms

SmsProperties sms

SMS settings for notifications, If an authentication attempt is deemed risky.

Class org.apereo.cas.configuration.model.core.authentication.ScriptedPrincipalAttributesProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

4221139939506528713L

Serialized Fields

caseInsensitive

boolean caseInsensitive

Whether attribute repository should consider the underlying attribute names in a case-insensitive manner.

order

int order

The order of this attribute repository in the chain of repositories. Can be used to explicitly position this source in chain and affects merging strategies.

Class org.apereo.cas.configuration.model.core.authentication.StubPrincipalAttributesProperties extends java.lang.Object implements Serializable

serialVersionUID:

7017508256487553063L

Serialized Fields

attributes

java.util.Map<K,V> attributes

Static attributes that need to be mapped to a hardcoded value belong here. The structure follows a key-value pair where key is the attribute name and value is the attribute value. The key is the attribute fetched from the source and the value is the attribute name CAS should use for virtual renames.

Class org.apereo.cas.configuration.model.core.authentication.TimeBasedAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

3826749727400569308L

Serialized Fields

providerId

java.lang.String providerId

The mfa provider id that should be triggered.

onOrAfterHour

long onOrAfterHour

Trigger mfa after this hour, specified in 24-hour format.

onOrBeforeHour

long onOrBeforeHour

Trigger mfa before this hour, specified in 24-hour format.

onDays

java.util.List<E> onDays

Trigger mfa on the following days of the week.

Package org.apereo.cas.configuration.model.core.events

Class org.apereo.cas.configuration.model.core.events.EventsProperties extends java.lang.Object implements Serializable

serialVersionUID:

1734523424737956370L

Serialized Fields

trackGeolocation

boolean trackGeolocation

Whether geolocation should be tracked as part of collected authentication events. This of course require's consent from the user's browser to collect stats on location.

trackConfigurationModifications

boolean trackConfigurationModifications

Whether CAS should track the underlying configuration store for changes. This depends on whether the store provides that sort of functionality. When running in standalone mode, this typically translates to CAS monitoring configuration files and reloading context conditionally if there are any changes.

jpa

EventsProperties.Jpa jpa

Track authentication events inside a database.

influxDb

EventsProperties.InfluxDb influxDb

Track authentication events inside an influxdb database.

mongo

EventsProperties.MongoDb mongo

Track authentication events inside a mongodb instance.

Class org.apereo.cas.configuration.model.core.events.EventsProperties.InfluxDb extends InfluxDbProperties implements Serializable

serialVersionUID:

-3918436901491275547L

Class org.apereo.cas.configuration.model.core.events.EventsProperties.Jpa extends AbstractJpaProperties implements Serializable

serialVersionUID:

7647381223153797806L

Class org.apereo.cas.configuration.model.core.events.EventsProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Package org.apereo.cas.configuration.model.core.logout

Class org.apereo.cas.configuration.model.core.logout.LogoutProperties extends java.lang.Object implements Serializable

serialVersionUID:

7466171260665661949L

Serialized Fields

redirectParameter

java.lang.String redirectParameter

The target destination to which CAS should redirect after logout is indicated and extracted by a parameter name of your choosing here. If none specified, the default will be used as service.

followServiceRedirects

boolean followServiceRedirects

Whether CAS should be allowed to redirect to an alternative location after logout.

removeDescendantTickets

boolean removeDescendantTickets

Indicates whether tickets issued and linked to a ticket-granting ticket should also be removed as part of logout. There are a number of tickets issued by CAS whose expiration policy is usually by default bound to the SSO expiration policy and the active TGT, yet such tickets may be allowed to live beyond the normal lifetime of a CAS SSO session with options to be renewed. Examples include OAuth's access tokens, etc. Set this option to true if you want all linked tickets to be removed.

confirmLogout

boolean confirmLogout

Before logout, allow the option to confirm on the web interface.

redirectUrl

java.lang.String redirectUrl

A url to which CAS must immediately redirect after all logout operations have completed. Typically useful in scenarios where CAS is acting as a proxy and needs to redirect to an external identity provider's logout endpoint in order to remove a session, etc.

Package org.apereo.cas.configuration.model.core.metrics

Class org.apereo.cas.configuration.model.core.metrics.MetricsProperties extends java.lang.Object implements Serializable

serialVersionUID:

345002357523418414L

Serialized Fields

refreshInterval

java.lang.String refreshInterval

String representation of refresh interval for metrics collection.

loggerName

java.lang.String loggerName

Log destination name of the logging system in use for metrics output.

redis

MetricsProperties.Redis redis

Export metrics to a redis database.

statsd

MetricsProperties.Statsd statsd

Export metrics to a statsd database.

mongo

MetricsProperties.MongoDb mongo

Export metrics to an mongodb database.

influxDb

MetricsProperties.InfluxDb influxDb

Export metrics to an influxdb database.

openTsdb

MetricsProperties.OpenTsdb openTsdb

Export metrics to an open tsdb database.

Class org.apereo.cas.configuration.model.core.metrics.MetricsProperties.InfluxDb extends InfluxDbProperties implements Serializable

serialVersionUID:

1231713495513399930L

Class org.apereo.cas.configuration.model.core.metrics.MetricsProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

8131713495513399930L

Class org.apereo.cas.configuration.model.core.metrics.MetricsProperties.OpenTsdb extends java.lang.Object implements Serializable

serialVersionUID:

7419713490013390030L

Serialized Fields

connectTimeout

int connectTimeout

Connection timeout.

readTimeout

int readTimeout

Reading input timeout.

url

java.lang.String url

Url of the Open TSDB server. Typically, this is http://localhost:4242/api/put.

Class org.apereo.cas.configuration.model.core.metrics.MetricsProperties.Redis extends BaseRedisProperties implements Serializable

serialVersionUID:

6419713490013390030L

Serialized Fields

prefix

java.lang.String prefix

It is best to use a prefix that is unique to the application instance (e.g. using a random value and maybe the logical name of the application to make it possible to correlate with other instances of the same application)

key

java.lang.String key

The key is used to keep a global index of all metric names, so it should be unique globally, whatever that means for your system (e.g. two instances of the same system could share a Redis cache if they have distinct keys).

Class org.apereo.cas.configuration.model.core.metrics.MetricsProperties.Statsd extends java.lang.Object implements Serializable

serialVersionUID:

6541713495513399930L

Serialized Fields

host

java.lang.String host

Statsd host.

port

int port

Statd port.

prefix

java.lang.String prefix

Define a prefix for statd metrics.

Package org.apereo.cas.configuration.model.core.monitor

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7047060071480971606L

Serialized Fields

freeMemThreshold

int freeMemThreshold

The free memory threshold for the memory monitor. If the amount of free memory available reaches this point the memory monitor will report back a warning status as a health check.

tgt

MonitorProperties.Tgt tgt

Options for monitoring the status a nd production of TGTs.

st

MonitorProperties.St st

Options for monitoring the status a nd production of STs.

warn

MonitorWarningProperties warn

Warning options that generally deal with cache-based resources, etc.

endpoints

MonitorProperties.Endpoints endpoints

Options for monitoring sensitive CAS endpoints and resources. Acts as a parent class for all endpoints and settings and exposes shortcuts so security and capability of endpoints can be globally controlled from one spot and then overridden elsewhere.

jdbc

MonitorProperties.Jdbc jdbc

Options for monitoring JDBC resources.

ldap

MonitorProperties.Ldap ldap

Options for monitoring LDAP resources.

memcached

MonitorProperties.Memcached memcached

Options for monitoring Memcached resources.

mongo

MonitorProperties.MongoDb mongo

Options for monitoring MongoDb resources.

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.BaseEndpoint extends java.lang.Object implements Serializable

serialVersionUID:

-6342643529009550539L

Serialized Fields

enabled

java.lang.Boolean enabled

Disable access to the endpoint completely.

sensitive

java.lang.Boolean sensitive

Marking the endpoint as sensitive will force it to require authentication. The authentication scheme usually is done via the presence of spring security related modules who then handle the protocol and verifications of credentials. If you wish to choose alternative methods for endpoint security, such as letting CAS handle the sensitivity of the endpoint itself via CAS itself or via IP pattern checking, etc, set this flag to false. For more elaborate means of authenticating into an endpoint such as basic authn and verifications credentials with a master account, LDAP, JDBC, etc set this endpoint to true and configure spring security appropriate as is described by the docs.

By default all endpoints are considered disabled and sensitive.

It's important to note that these endpoints and their settings only affect what CAS provides. Additional endpoints provided by Spring Boot are controlled elsewhere by Spring Boot itself.

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

-4725314424606890035L

Serialized Fields

dashboard

MonitorProperties.Endpoints.Dashboard dashboard

Dashboard related settings.

auditEvents

MonitorProperties.Endpoints.AuditEvents auditEvents

Audit events related settings.

authenticationEvents

MonitorProperties.Endpoints.AuthenticationEvents authenticationEvents

Authentication events related settings.

configurationState

MonitorProperties.Endpoints.ConfigurationState configurationState

Configuration State related settings.

healthCheck

MonitorProperties.Endpoints.HealthCheck healthCheck

Health check related settings.

loggingConfig

MonitorProperties.Endpoints.LoggingConfig loggingConfig

Logging configuration related settings.

metrics

MonitorProperties.Endpoints.Metrics metrics

Metrics related settings.

attributeResolution

MonitorProperties.Endpoints.AttributeResolution attributeResolution

Attribute resolution related settings.

singleSignOnReport

MonitorProperties.Endpoints.SingleSignOnReport singleSignOnReport

Single Sign on sessions report related settings.

statistics

MonitorProperties.Endpoints.Statistics statistics

Statistics related settings.

discovery

MonitorProperties.Endpoints.Discovery discovery

Discovery related settings.

trustedDevices

MonitorProperties.Endpoints.TrustedDevices trustedDevices

Trusted devices related settings.

status

MonitorProperties.Endpoints.Status status

Status related settings.

singleSignOnStatus

MonitorProperties.Endpoints.SingleSignOnStatus singleSignOnStatus

Single Sign On Status related settings.

springWebflowReport

MonitorProperties.Endpoints.SpringWebflowReport springWebflowReport

Spring webflow related settings.

registeredServicesReport

MonitorProperties.Endpoints.RegisteredServicesReport registeredServicesReport

Registered services and service registry related settings.

configurationMetadata

MonitorProperties.Endpoints.ConfigurationMetadata configurationMetadata

Configuration metadata, documentation and fields, etc.

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.AttributeResolution extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

-8767474517054230527L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.AuditEvents extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

3343622053293351139L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.AuthenticationEvents extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

-3437901726997576756L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.ConfigurationMetadata extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

8568828537931315971L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.ConfigurationState extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

5810340952202590071L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.Dashboard extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

6907100597153582851L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.Discovery extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

6642274054226792542L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.HealthCheck extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

1304521673247289954L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.LoggingConfig extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

3380609022897326907L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.Metrics extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

8904907489485781427L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.RegisteredServicesReport extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

821037221486732220L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.SingleSignOnReport extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

-6733579261041320425L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.SingleSignOnStatus extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

6835023873478746895L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.SpringWebflowReport extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

-6188494393130226404L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.Statistics extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

4244607771350272091L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.Status extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

-750490138316116795L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Endpoints.TrustedDevices extends MonitorProperties.BaseEndpoint implements Serializable

serialVersionUID:

-9185848511703326325L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Jdbc extends AbstractJpaProperties implements Serializable

serialVersionUID:

-7139788158851782673L

Serialized Fields

validationQuery

java.lang.String validationQuery

The query to execute against the database to monitor status.

maxWait

java.lang.String maxWait

When monitoring the JDBC connection pool, indicates the amount of time the operation must wait before it times outs and considers the pool in bad shape.

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Ldap extends AbstractLdapProperties implements Serializable

serialVersionUID:

4722929378440179113L

Serialized Fields

maxWait

java.lang.String maxWait

When monitoring the LDAP connection pool, indicates the amount of time the operation must wait before it times outs and considers the pool in bad shape.

pool

ConnectionPoolingProperties pool

Options that define the LDAP connection pool to monitor.

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Memcached extends BaseMemcachedProperties implements Serializable

serialVersionUID:

-9139788158851782673L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.MongoDb extends BaseMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.St extends java.lang.Object implements Serializable

serialVersionUID:

-8167395674267219982L

Serialized Fields

warn

MonitorWarningProperties warn

Warning settings for this monitor.

Class org.apereo.cas.configuration.model.core.monitor.MonitorProperties.Tgt extends java.lang.Object implements Serializable

serialVersionUID:

-2756454350350278724L

Serialized Fields

warn

MonitorWarningProperties warn

Warning options for monitoring TGT production.

Class org.apereo.cas.configuration.model.core.monitor.MonitorWarningProperties extends java.lang.Object implements Serializable

serialVersionUID:

2788617778375787703L

Serialized Fields

threshold

int threshold

The monitor threshold where if reached, CAS might generate a warning status for health checks.

evictionThreshold

long evictionThreshold

The monitor eviction threshold where if reached, CAS might generate a warning status for health checks. The underlying data source and monitor (i.e. cache) must support the concept of evictions.

Package org.apereo.cas.configuration.model.core.rest

Class org.apereo.cas.configuration.model.core.rest.RestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1833107478273171342L

Serialized Fields

attributeName

java.lang.String attributeName

Authorization attribute name required by the REST endpoint in order to allow for the requested operation. Attribute must be resolvable by the authenticated principal, or must have been already.

attributeValue

java.lang.String attributeValue

Matching authorization attribute value, pulled from the attribute required by the REST endpoint in order to allow for the requested operation. The attribute value may also be constructed as a regex pattern.

headerAuth

boolean headerAuth

Flag that enables X509Certificate extraction from the request headers for authentication.

bodyAuth

boolean bodyAuth

Flag that enables X509Certificate extraction from the request body for authentication.

Package org.apereo.cas.configuration.model.core.services

Class org.apereo.cas.configuration.model.core.services.ServiceRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-368826011744304210L

Serialized Fields

cosmosDb

CosmosDbServiceRegistryProperties cosmosDb

Properties pertaining to Cosmos DB service registry.

couchDb

CouchDbServiceRegistryProperties couchDb

Properties pertaining to Cosmos DB service registry.

rest

BaseRestEndpointProperties rest

Properties pertaining to REST service registry.

redis

RedisServiceRegistryProperties redis

Properties pertaining to redis service registry.

json

JsonServiceRegistryProperties json

Properties pertaining to JSON service registry.

yaml

YamlServiceRegistryProperties yaml

Properties pertaining to YAML service registry.

jpa

JpaServiceRegistryProperties jpa

Properties pertaining to jpa service registry.

ldap

LdapServiceRegistryProperties ldap

Properties pertaining to ldap service registry.

mongo

MongoDbServiceRegistryProperties mongo

Properties pertaining to mongo db service registry.

couchbase

CouchbaseServiceRegistryProperties couchbase

Properties pertaining to couchbase service registry.

dynamoDb

DynamoDbServiceRegistryProperties dynamoDb

Properties pertaining to dynamo db service registry.

stream

StreamingServiceRegistryProperties stream

Properties pertaining to streaming service registry content over the wire.

schedule

SchedulingProperties schedule

Scheduler settings to indicate how often is metadata reloaded.

mail

EmailProperties mail

Email settings for notifications.

sms

SmsProperties sms

SMS settings for notifications.

initFromJson

boolean initFromJson

Flag that indicates whether to initialise active service registry implementation with a default set of service definition included with CAS in JSON format.

watcherEnabled

boolean watcherEnabled

Flag indicating whether a background watcher thread is enabled for the purposes of live reloading of service registry data changes from persistent data store.

managementType

ServiceRegistryProperties.ServiceManagementTypes managementType

Determine how services are internally managed, queried, cached and reloaded by CAS. Accepted values are the following:

• DEFAULT: Keep all services inside a concurrent map.
• DOMAIN: Group registered services by their domain having been explicitly defined.

Package org.apereo.cas.configuration.model.core.slo

Class org.apereo.cas.configuration.model.core.slo.SloProperties extends java.lang.Object implements Serializable

serialVersionUID:

3676710533477055700L

Serialized Fields

asynchronous

boolean asynchronous

Whether SLO callbacks should be done in an asynchronous manner via the HTTP client. When true, CAS will not wait for the operation to fully complete and will resume control to carry on.

disabled

boolean disabled

Whether SLO should be entirely disabled globally for the CAS deployment.

Package org.apereo.cas.configuration.model.core.sso

Class org.apereo.cas.configuration.model.core.sso.SsoProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8777647966370741733L

Serialized Fields

createSsoCookieOnRenewAuthn

boolean createSsoCookieOnRenewAuthn

Flag that indicates whether to create SSO session on re-newed authentication event.

allowMissingServiceParameter

boolean allowMissingServiceParameter

Flag that indicates whether to allow SSO session with a missing target service.

proxyAuthnEnabled

boolean proxyAuthnEnabled

Indicates whether CAS proxy authentication/tickets are supported by this server implementation.

renewAuthnEnabled

boolean renewAuthnEnabled

Indicates whether this server implementation should globally support CAS protocol authentication requests that are tagged with "renew=true".

Package org.apereo.cas.configuration.model.core.standalone

Class org.apereo.cas.configuration.model.core.standalone.StandaloneConfigurationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7749293768878152908L

Serialized Fields

configurationDirectory

java.io.File configurationDirectory

Describes a directory path where CAS configuration may be found.

configurationFile

java.io.File configurationFile

Describes a file path where that contains the CAS properties in a single file.

configurationSecurity

StandaloneConfigurationProperties.StandaloneConfigurationSecurityProperties configurationSecurity

Configuration security settings used to encrypt/decrypt values. Settings are typically expected to be provided via command-line properties or system/environment variables as properties are bootstrapped and fetched. They are placed here to allow CAS to recognize their validity when passed.

Class org.apereo.cas.configuration.model.core.standalone.StandaloneConfigurationProperties.StandaloneConfigurationSecurityProperties extends java.lang.Object implements Serializable

serialVersionUID:

8571848605614437022L

Serialized Fields

alg

java.lang.String alg

Algorithm to use when deciphering settings.

provider

java.lang.String provider

Security provider to use when deciphering settings.

iteration

long iteration

Total number of iterations to use when deciphering settings.

psw

java.lang.String psw

Secret key/password to use when deciphering settings.

Package org.apereo.cas.configuration.model.core.ticket

Class org.apereo.cas.configuration.model.core.ticket.ProxyGrantingTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

8478961497316814687L

Serialized Fields

maxLength

int maxLength

Maximum length of the proxy granting ticket, when generating one.

Class org.apereo.cas.configuration.model.core.ticket.ProxyTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3690545027059561010L

Serialized Fields

numberOfUses

int numberOfUses

Number of uses allowed.

timeToKillInSeconds

int timeToKillInSeconds

Number of seconds after which this ticket becomes invalid.

Class org.apereo.cas.configuration.model.core.ticket.ServiceTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7445209580598499921L

Serialized Fields

numberOfUses

int numberOfUses

Controls number of times a service ticket can be used within CAS server. Usage in CAS context means service ticket validation transaction.

timeToKillInSeconds

long timeToKillInSeconds

Time in seconds that service tickets should be considered live in CAS server.

maxLength

int maxLength

Maximum length of generated service tickets.

Class org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

2349079252583399336L

Serialized Fields

maxLength

int maxLength

Maximum length of TGTs.

maxTimeToLiveInSeconds

int maxTimeToLiveInSeconds

Maximum time in seconds TGTs would be live in CAS server.

timeToKillInSeconds

int timeToKillInSeconds

Time in seconds after which TGTs would be destroyed after a period of inactivity.

onlyTrackMostRecentSession

boolean onlyTrackMostRecentSession

Flag to control whether to track most recent SSO sessions. As multiple tickets may be issued for the same application, this impacts how session information is tracked for every ticket which then has a subsequent impact on logout.

hardTimeout

TicketGrantingTicketProperties.HardTimeout hardTimeout

Hard timeout for TGTs.

throttledTimeout

TicketGrantingTicketProperties.ThrottledTimeout throttledTimeout

Throttled timeout for TGTs.

timeout

TicketGrantingTicketProperties.Timeout timeout

Timeout for TGTs.

rememberMe

TicketGrantingTicketProperties.RememberMe rememberMe

Remember me for TGTs.

Class org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties.HardTimeout extends java.lang.Object implements Serializable

serialVersionUID:

4160963910346416908L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

Timeout in seconds to kill the session and consider tickets expired.

Class org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties.RememberMe extends java.lang.Object implements Serializable

serialVersionUID:

1899959269597512610L

Serialized Fields

enabled

boolean enabled

Flag to indicate whether remember-me facility is enabled.

timeToKillInSeconds

long timeToKillInSeconds

Time in seconds after which remember-me enabled SSO session will be destroyed.

Class org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties.ThrottledTimeout extends java.lang.Object implements Serializable

serialVersionUID:

-2370751379747804646L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

Timeout in seconds to kill the session and consider tickets expired.

timeInBetweenUsesInSeconds

long timeInBetweenUsesInSeconds

Timeout in between each attempt.

Class org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties.Timeout extends java.lang.Object implements Serializable

serialVersionUID:

8635419913795245907L

Serialized Fields

maxTimeToLiveInSeconds

int maxTimeToLiveInSeconds

Maximum time in seconds. for TGTs to be live in CAS server.

Class org.apereo.cas.configuration.model.core.ticket.TransientSessionTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3690545027059561010L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

Number of seconds after which this ticket becomes invalid.

Package org.apereo.cas.configuration.model.core.ticket.registry

Class org.apereo.cas.configuration.model.core.ticket.registry.TicketRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4735458476452635679L

Serialized Fields

jms

JmsTicketRegistryProperties jms

JMS registry settings.

dynamoDb

DynamoDbTicketRegistryProperties dynamoDb

DynamoDb registry settings.

infinispan

InfinispanProperties infinispan

Infinispan registry settings.

couchbase

CouchbaseTicketRegistryProperties couchbase

Couchbase registry settings.

mongo

MongoTicketRegistryProperties mongo

MongoDb registry settings.

ehcache

EhcacheProperties ehcache

Ehcache registry settings.

hazelcast

HazelcastTicketRegistryProperties hazelcast

Hazelcast registry settings.

ignite

IgniteProperties ignite

Apache Ignite registry settings.

jpa

JpaTicketRegistryProperties jpa

JPA registry settings.

memcached

MemcachedTicketRegistryProperties memcached

Memcached registry settings.

redis

RedisTicketRegistryProperties redis

Redis registry settings.

inMemory

TicketRegistryProperties.InMemory inMemory

Settings relevant for the default in-memory ticket registry.

couchDb

CouchDbTicketRegistryProperties couchDb

CouchDb registry settings.

cleaner

ScheduledJobProperties cleaner

Ticket registry cleaner settings.

Class org.apereo.cas.configuration.model.core.ticket.registry.TicketRegistryProperties.InMemory extends java.lang.Object implements Serializable

serialVersionUID:

-2600525447128979994L

Serialized Fields

cache

boolean cache

Allow the ticket registry to cache ticket items for period of time and auto-evict and clean up, removing the need to running a ticket registry cleaner in the background.

initialCapacity

int initialCapacity

The initial capacity of the underlying memory store. The implementation performs internal sizing to accommodate this many elements.

loadFactor

int loadFactor

The load factor threshold, used to control resizing. Resizing may be performed when the average number of elements per bin exceeds this threshold.

concurrency

int concurrency

The estimated number of concurrently updating threads. The implementation performs internal sizing to try to accommodate this many threads.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.core.util

Class org.apereo.cas.configuration.model.core.util.EncryptionJwtCryptoProperties extends java.lang.Object implements Serializable

serialVersionUID:

616825635591169628L

Serialized Fields

key

java.lang.String key

The encryption key is a JWT whose length is defined by the signing key size setting.

keySize

int keySize

The encryption key size.

Class org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3015641631298039059L

Serialized Fields

enabled

boolean enabled

Whether crypto operations are enabled.

encryption

EncryptionJwtCryptoProperties encryption

Settings that deal with encryption of values.

signing

SigningJwtCryptoProperties signing

Settings that deal with signing of values.

alg

java.lang.String alg

The signing/encryption algorithm to use.

Class org.apereo.cas.configuration.model.core.util.EncryptionOptionalSigningOptionalJwtCryptographyProperties extends EncryptionJwtSigningJwtCryptographyProperties implements Serializable

serialVersionUID:

7185404480671258520L

Serialized Fields

encryptionEnabled

boolean encryptionEnabled

Whether crypto encryption operations are enabled.

signingEnabled

boolean signingEnabled

Whether crypto signing operations are enabled.

Class org.apereo.cas.configuration.model.core.util.EncryptionRandomizedCryptoProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6945916782426505112L

Serialized Fields

key

java.lang.String key

The encryption key. The encryption key by default and unless specified otherwise must be randomly-generated string whose length is defined by the encryption key size setting.

keySize

int keySize

Encryption key size.

Class org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6802876221525521736L

Serialized Fields

enabled

boolean enabled

Whether crypto operations are enabled.

encryption

EncryptionRandomizedCryptoProperties encryption

Settings that deal with encryption of values.

signing

SigningJwtCryptoProperties signing

Settings that deal with signing of values.

alg

java.lang.String alg

The signing/encryption algorithm to use.

Class org.apereo.cas.configuration.model.core.util.SigningJwtCryptoProperties extends java.lang.Object implements Serializable

serialVersionUID:

-552544781333015532L

Serialized Fields

key

java.lang.String key

The signing key is a JWT whose length is defined by the signing key size setting.

keySize

int keySize

The signing key size.

Class org.apereo.cas.configuration.model.core.util.TicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

5586947805593202037L

Serialized Fields

tst

TransientSessionTicketProperties tst

Properties and settings related to session-transient tickets.

pgt

ProxyGrantingTicketProperties pgt

Properties and settings related to proxy-granting tickets.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Properties and settings related to ticket encryption.

pt

ProxyTicketProperties pt

Properties and settings related to proxy tickets.

registry

TicketRegistryProperties registry

Properties and settings related to ticket registry.

st

ServiceTicketProperties st

Properties and settings related to service tickets.

tgt

TicketGrantingTicketProperties tgt

Properties and settings related to ticket-granting tickets.

Package org.apereo.cas.configuration.model.core.web

Class org.apereo.cas.configuration.model.core.web.MessageBundleProperties extends java.lang.Object implements Serializable

serialVersionUID:

3769733438559663237L

Serialized Fields

encoding

java.lang.String encoding

Message bundle character encoding.

cacheSeconds

int cacheSeconds

Cache size.

fallbackSystemLocale

boolean fallbackSystemLocale

Flag that controls whether to fallback to the default system locale if no locale is specified explicitly. Set whether to fall back to the system Locale if no files for a specific Locale have been found. If this is turned off, the only fallback will be the default file (e.g. "messages.properties" for basename "messages"). Falling back to the system Locale is the default behavior of java.util.ResourceBundle. However, this is often not desirable in an application server environment, where the system Locale is not relevant to the application at all: set this flag to "false" in such a scenario.

useCodeMessage

boolean useCodeMessage

Flag that controls whether to use code message. Set whether to use the message code as default message instead of throwing a NoSuchMessageException. Useful for development and debugging. Note: In case of a MessageSourceResolvable with multiple codes (like a FieldError) and a MessageSource that has a parent MessageSource, do not activate "useCodeAsDefaultMessage" in the parent: Else, you'll get the first code returned as message by the parent, without attempts to check further codes.

baseNames

java.util.List<E> baseNames

A list of strings representing base names for this message bundle. Set an array of basenames, each following the basic ResourceBundle convention of not specifying file extension or language codes. The resource location format is up to the specific MessageSource implementation. Regular and XMl properties files are supported: e.g. "messages" will find a "messages.properties", "messages_en.properties" etc arrangement as well as "messages.xml", "messages_en.xml" etc. The associated resource bundles will be checked sequentially when resolving a message code. Note that message definitions in a previous resource bundle will override ones in a later bundle, due to the sequential lookup.

commonNames

java.util.List<E> commonNames

A list of strings representing common names for this message bundle. Specify locale-independent common messages, with the message code as key and the full message String (may contain argument placeholders) as value.

Entries in last common names override first values (as opposed to baseNames used in message bundles).

Package org.apereo.cas.configuration.model.core.web.security

Class org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties extends java.lang.Object implements Serializable

serialVersionUID:

9129787932447507179L

Serialized Fields

ip

java.lang.String ip

The IP address pattern that can control access to the admin status endpoints.

alternateIpHeaderName

java.lang.String alternateIpHeaderName

Alternative header name to use when extracting the IP address. If left blank, the request's remote ip address will be pulled. When dealing with proxies or load balancers, this value should likely be set to X-Forwarded-For.

adminRoles

java.util.List<E> adminRoles

Roles that are required for access to the admin status endpoint in the event that access is controlled via external authentication means such as Spring Security's authentication providers.

loginUrl

java.lang.String loginUrl

CAS server login URL to use. When defined, will begin to protect the access status endpoints via CAS itself.

service

java.lang.String service

The service parameter for the admin status endpoint. This is typically set to the dashboard url as the initial starting point for the redirect.

actuatorEndpointsEnabled

boolean actuatorEndpointsEnabled

Whether Spring Boot's actuator endpoints should show up on the dashboard.

jdbc

AdminPagesSecurityProperties.Jdbc jdbc

Enable Spring Security's JDBC authentication provider for admin status authorization and access control.

ldap

AdminPagesSecurityProperties.Ldap ldap

Enable Spring Security's LDAP authentication provider for admin status authorization and access control.

jaas

AdminPagesSecurityProperties.Jaas jaas

Enable Spring Security's JAAS authentication provider for admin status authorization and access control.

Class org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties.Jaas extends java.lang.Object implements Serializable

serialVersionUID:

-3024678577827371641L

Serialized Fields

refreshConfigurationOnStartup

boolean refreshConfigurationOnStartup

If set, a call to Configuration#refresh() will be made by #configureJaas(Resource) method.

loginContextName

java.lang.String loginContextName

The login context name should coincide with a given index in the login config specified. This name is used as the index to the configuration specified in the login config property.

JAASTest {
    org.springframework.security.authentication.jaas.TestLoginModule required;
};

In the above example, JAASTest should be set as the context name.

Class org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties.Jdbc extends AbstractJpaProperties implements Serializable

serialVersionUID:

2625666117528467867L

Serialized Fields

rolePrefix

java.lang.String rolePrefix

Prefix to add to the role.

query

java.lang.String query

Query to execute in order to authenticate users via JDBC. Example: SELECT username,password,enabled FROM users WHERE username=?

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

Class org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties.Ldap extends AbstractLdapAuthenticationProperties implements Serializable

serialVersionUID:

-7333244539096172557L

Serialized Fields

ldapAuthz

LdapAuthorizationProperties ldapAuthz

Control authorization settings via LDAP after ldap authentication.

Class org.apereo.cas.configuration.model.core.web.security.HttpCorsRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

5938828345939769185L

Serialized Fields

enabled

boolean enabled

Whether CORS should be enabled for http requests.

allowCredentials

boolean allowCredentials

The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.

allowOrigins

java.util.List<E> allowOrigins

The Origin header indicates the origin of the cross-site access request or preflight request. The origin is a URI indicating the server from which the request initiated. It does not include any path information, but only the server name.

allowMethods

java.util.List<E> allowMethods

The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a pre-flight request. The conditions under which a request is pre-flighted are discussed above. Default is everything.

allowHeaders

java.util.List<E> allowHeaders

The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. Default is everything.

maxAge

long maxAge

The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached.

exposedHeaders

java.util.List<E> exposedHeaders

The Access-Control-Expose-Headers header lets a server whitelist headers that browsers are allowed to access.

Class org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

5993704062519851359L

Serialized Fields

cache

boolean cache

When true, will inject the following headers into the response for non-static resources.

 Cache-Control: no-cache, no-store, max-age=0, must-revalidate
 Pragma: no-cache
 Expires: 0
 

hsts

boolean hsts

When true, will inject the following headers into the response: Strict-Transport-Security: max-age=15768000 ; includeSubDomains.

xframe

boolean xframe

When true, will inject the following headers into the response: X-Frame-Options: DENY.

xcontent

boolean xcontent

When true, will inject the following headers into the response: X-Content-Type-Options: nosniff.

xss

boolean xss

When true, will inject the following headers into the response: X-XSS-Protection: 1; mode=block.

xframeOptions

java.lang.String xframeOptions

Will inject values into the X-Frame-Options header into the response.

xssOptions

java.lang.String xssOptions

Will inject values into the X-XSS-Protection header into the response.

contentSecurityPolicy

java.lang.String contentSecurityPolicy

Helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header. Header value is made up of one or more directives. Multiple directives are separated with a semicolon.

Class org.apereo.cas.configuration.model.core.web.security.HttpRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5175966163542099866L

Serialized Fields

allowMultiValueParameters

boolean allowMultiValueParameters

Whether CAS should accept multi-valued parameters in incoming requests. Example block would to prevent requests where more than one service parameter is specified.

onlyPostParams

java.lang.String onlyPostParams

Parameters that are only allowed and accepted during posts.

paramsToCheck

java.lang.String paramsToCheck

Parameters to sanitize and cross-check in incoming requests. The special value * instructs the Filter to check all parameters.

customHeaders

java.util.Map<K,V> customHeaders

Custom response headers to inject into the response as needed.

web

HttpWebRequestProperties web

Control http request settings.

header

HttpHeadersRequestProperties header

Enforce request header options and security settings.

cors

HttpCorsRequestProperties cors

Control CORS settings for requests.

Class org.apereo.cas.configuration.model.core.web.security.HttpWebRequestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4711604991237695091L

Serialized Fields

encoding

java.lang.String encoding

Control and specify the encoding for all http requests.

forceEncoding

boolean forceEncoding

Whether specified encoding should be forced for every request. Whether the specified encoding is supposed to override existing request and response encodings

Package org.apereo.cas.configuration.model.core.web.tomcat

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatAjpProperties extends java.lang.Object implements Serializable

serialVersionUID:

-32143821503580896L

Serialized Fields

protocol

java.lang.String protocol

Sets the protocol to handle incoming traffic.

port

int port

The TCP port number on which this Connector will create a server socket and await incoming connections. Your operating system will allow only one server application to listen to a particular port number on a particular IP address. If the special value of 0 (zero) is used, then Tomcat will select a free port at random to use for this connector. This is typically only useful in embedded and testing applications.

secure

boolean secure

Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector (you would want this on an SSL Connector). The default value is false.

allowTrace

boolean allowTrace

A boolean value which can be used to enable or disable the TRACE HTTP method. If not specified, this attribute is set to false.

scheme

java.lang.String scheme

Set this attribute to the name of the protocol you wish to have returned by calls to request.getScheme(). For example, you would set this attribute to "https" for an SSL Connector.

enabled

boolean enabled

Enable AJP support in CAS for the embedded Apache Tomcat container.

asyncTimeout

java.lang.String asyncTimeout

The default timeout for asynchronous requests in milliseconds. If not specified, this attribute is set to 10000 (10 seconds).

enableLookups

boolean enableLookups

Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.

maxPostSize

int maxPostSize

The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The feature can be disabled by setting this attribute to a value less than or equal to 0. If not specified, this attribute is set to 2097152 (2 megabytes).

proxyPort

int proxyPort

If this Connector is being used in a proxy configuration, configure this attribute to specify the server port to be returned for calls to request.getServerPort().

redirectPort

int redirectPort

If this Connector is supporting non-SSL requests, and a request is received for which a matching <security-constraint> requires SSL transport, Catalina will automatically redirect the request to the port number specified here.

attributes

java.util.Map<K,V> attributes

Additional attributes to be set on the AJP connector in form of key-value pairs. Examples include:

• tomcatAuthentication: If set to true, the authentication will be done in Tomcat. Otherwise, the authenticated principal will be propagated from the native webserver and used for authorization in Tomcat. Note that this principal will have no roles associated with it. The default value is true.
• maxThreads: The maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled. If not specified, this attribute is set to 200. If an executor is associated with this connector, this attribute is ignored as the connector will execute tasks using the executor rather than an internal thread pool.
• keepAliveTimeout: The number of milliseconds this Connector will wait for another AJP request before closing the connection. The default value is to use the value that has been set for the connectionTimeout attribute.
• maxCookieCount: The maximum number of cookies that are permitted for a request. A value of less than zero means no limit. If not specified, a default value of 200 will be used.
• bufferSize: The size of the output buffer to use. If less than or equal to zero, then output buffering is disabled. The default value is -1 (i.e. buffering disabled)
• clientCertProvider: When client certificate information is presented in a form other than instances of java.security.cert.X509Certificate it needs to be converted before it can be used and this property controls which JSSE provider is used to perform the conversion. For example it is used with the AJP connectors, the HTTP APR connector and with the org.apache.catalina.valves.SSLValve.If not specified, the default provider will be used.
• connectionTimeout: The number of milliseconds this Connector will wait, after accepting a connection, for the request URI line to be presented. The default value is infinite (i.e. no timeout).
• address: For servers with more than one IP address, this attribute specifies which address will be used for listening on the specified port. By default, this port will be used on all IP addresses associated with the server. A value of 127.0.0.1 indicates that the Connector will only listen on the loopback interface.

See the Apache Tomcat documentation for a full list.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatBasicAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

1164446071136700282L

Serialized Fields

enabled

boolean enabled

Enable the SSL valve for apache tomcat.

securityRoles

java.util.List<E> securityRoles

Security roles for the CAS application.

authRoles

java.util.List<E> authRoles

Add an authorization role, which is a role name that will be permitted access to the resources protected by this security constraint.

patterns

java.util.List<E> patterns

Add a URL pattern to be part of this web resource collection.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatClusteringProperties extends java.lang.Object implements Serializable

serialVersionUID:

620356002948464740L

Serialized Fields

expireSessionsOnShutdown

boolean expireSessionsOnShutdown

When a web application is being shutdown, Tomcat issues an expire call to each session to notify all the listeners. If you wish for all sessions to expire on all nodes when a shutdown occurs on one node, set this value to true. Default value is false.

channelSendOptions

int channelSendOptions

This option is used to set the flag that all messages sent through the SimpleTcpCluster uses. The flag decides how the messages are sent, and is a simple logical OR.

• 2: SEND_OPTIONS_SYNCHRONIZED_ACK
• 4: SEND_OPTIONS_USE_ACK
• 8: SEND_OPTIONS_ASYNCHRONOUS

receiverPort

int receiverPort

The listen port for incoming data. The default value is 4000. To avoid port conflicts the receiver will automatically bind to a free port. So for example, if port is 4000, and autoBind is set to 10, then the receiver will open up a server socket on the first available port in the range 4000-4009.

receiverTimeout

int receiverTimeout

Listener timeout. The value in milliseconds for the polling timeout in the NioReceiver. On older versions of the JDK there have been bugs, that should all now be cleared out where the selector never woke up. The default value is a very high 5000 milliseconds.

receiverMaxThreads

int receiverMaxThreads

Maximum threads configured for the listener. The maximum number of threads in the receiver thread pool. The default value is 6 Adjust this value relative to the number of nodes in the cluster, the number of messages being exchanged and the hardware you are running on. A higher value doesn't mean more efficiency, tune this value according to your own test results.

receiverAddress

java.lang.String receiverAddress

The address (network interface) to listen for incoming traffic.

receiverAutoBind

int receiverAutoBind

Default value is 100. Use this value if you wish to automatically avoid port conflicts the cluster receiver will try to open a server socket on the port attribute port, and then work up autoBind number of times.

clusterMembers

java.lang.String clusterMembers

Statically register members in the cluster. The syntax is: address:port:index

membershipPort

int membershipPort

Multicast port (the port and the address together determine cluster membership. The multicast port, the default value is 45564 The multicast port, in conjunction with the address is what creates a cluster group. To divide up your farm into several different group, or to split up QA from production, change the port or the address

membershipAddress

java.lang.String membershipAddress

Multicast address for membership. The multicast address that the membership will broadcast its presence and listen for other heartbeats on. The default value is 228.0.0.4 Make sure your network is enabled for multicast traffic. The multicast address, in conjunction with the port is what creates a cluster group. To divide up your farm into several different group, or to split up QA from production, change the port or the address

membershipFrequency

int membershipFrequency

The frequency in milliseconds in which heartbeats are sent out. The default value is 500 ms. In most cases the default value is sufficient. Changing this value, simply changes the interval in between heartbeats.

membershipDropTime

int membershipDropTime

The membership component will time out members and notify the Channel if a member fails to send a heartbeat within a give time. The default value is 3000 ms. This means, that if a heartbeat is not received from a member in that timeframe, the membership component will notify the cluster of this. On a high latency network you may wish to increase this value, to protect against false positives. Apache Tribes also provides a TcpFailureDetector that will verify a timeout using a TCP connection when a heartbeat timeout has occurred. This protects against false positives.

membershipRecoveryEnabled

boolean membershipRecoveryEnabled

In case of a network failure, Java multicast socket don't transparently fail over, instead the socket will continuously throw IOException upon each receive request. When recoveryEnabled is set to true, this will close the multicast socket and open a new socket with the same properties as defined above. The default is true.

membershipLocalLoopbackDisabled

boolean membershipLocalLoopbackDisabled

Membership uses multicast, it will call java.net.MulticastSocket.setLoopbackMode(localLoopbackDisabled). When localLoopbackDisabled==true multicast messages will not reach other nodes on the same local machine. The default is false.

membershipRecoveryCounter

int membershipRecoveryCounter

Membership uses multicast, it will call java.net.MulticastSocket.setLoopbackMode(localLoopbackDisabled). When localLoopbackDisabled==true multicast messages will not reach other nodes on the same local machine. The default is false.

managerType

java.lang.String managerType

Accepted values are: DELTA, BACKUP. Enable all-to-all session replication using the DeltaManager to replicate session deltas. By all-to-all we mean that the session gets replicated to all the other nodes in the cluster. This works great for smaller cluster but we don't recommend it for larger clusters(a lot of Tomcat nodes). Also when using the delta manager it will replicate to all nodes, even nodes that don't have the application deployed. To get around this problem, you'll want to use the BackupManager. This manager only replicates the session data to one backup node, and only to nodes that have the application deployed. Downside of the BackupManager: not quite as battle tested as the delta manager.

enabled

boolean enabled

Enable tomcat session clustering.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatCsrfProperties extends java.lang.Object implements Serializable

serialVersionUID:

-32143821503580896L

Serialized Fields

enabled

boolean enabled

Enable filter.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatExtendedAccessLogProperties extends java.lang.Object implements Serializable

serialVersionUID:

6738161402499196038L

Serialized Fields

enabled

boolean enabled

Flag to indicate whether extended log facility is enabled.

pattern

java.lang.String pattern

String representing extended log pattern.

suffix

java.lang.String suffix

File name suffix for extended log.

prefix

java.lang.String prefix

File name prefix for extended log.

directory

java.lang.String directory

Directory name for extended log.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatHttpProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8809922027350085888L

Serialized Fields

enabled

boolean enabled

Enable a separate port for the embedded container for HTTP access.

port

int port

The HTTP port to use.

protocol

java.lang.String protocol

HTTP protocol to use.

attributes

java.util.Map<K,V> attributes

Additional attributes to be set on the connector.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatHttpProxyProperties extends java.lang.Object implements Serializable

serialVersionUID:

9129851352067677264L

Serialized Fields

enabled

boolean enabled

Enable the container running in proxy mode.

scheme

java.lang.String scheme

Scheme used for the proxy.

secure

boolean secure

Whether proxy should run in secure mode.

redirectPort

int redirectPort

Redirect port for the proxy.

proxyPort

int proxyPort

Proxy port for the proxy.

protocol

java.lang.String protocol

Proxy protocol to use.

attributes

java.util.Map<K,V> attributes

Custom attributes to set on the proxy connector.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatRemoteAddressProperties extends java.lang.Object implements Serializable

serialVersionUID:

-32143821503580896L

Serialized Fields

enabled

boolean enabled

Enable filter.

allowedClientIpAddressRegex

java.lang.String allowedClientIpAddressRegex

A regular expression (using java.util.regex) that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST match for this request to be accepted. If this attribute is not specified, all requests will be accepted UNLESS the remote address matches a deny pattern.

deniedClientIpAddressRegex

java.lang.String deniedClientIpAddressRegex

A regular expression (using java.util.regex) that the remote client's IP address is compared to. If this attribute is specified, the remote address MUST NOT match for this request to be accepted. If this attribute is not specified, request acceptance is governed solely by the accept attribute.

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatRewriteValveProperties extends java.lang.Object implements Serializable

serialVersionUID:

9030094143985594411L

Class org.apereo.cas.configuration.model.core.web.tomcat.CasEmbeddedApacheTomcatSslValveProperties extends java.lang.Object implements Serializable

serialVersionUID:

3164446071136700242L

Serialized Fields

enabled

boolean enabled

Enable the SSL valve for apache tomcat.

sslClientCertHeader

java.lang.String sslClientCertHeader

Allows setting a custom name for the ssl_client_cert header. If not specified, the default of ssl_client_cert is used.

sslCipherHeader

java.lang.String sslCipherHeader

Allows setting a custom name for the ssl_cipher header. If not specified, the default of ssl_cipher is used.

sslSessionIdHeader

java.lang.String sslSessionIdHeader

Allows setting a custom name for the ssl_session_id header. If not specified, the default of ssl_session_id is used.

sslCipherUserKeySizeHeader

java.lang.String sslCipherUserKeySizeHeader

Allows setting a custom name for the ssl_cipher_usekeysize header. If not specified, the default of ssl_cipher_usekeysize is used.

Package org.apereo.cas.configuration.model.core.web.view

Class org.apereo.cas.configuration.model.core.web.view.Cas20ViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7954879759474698003L

Serialized Fields

success

java.lang.String success

The relative location of the CAS2 success view bean.

failure

java.lang.String failure

The relative location of the CAS3 failure view bean.

v3ForwardCompatible

boolean v3ForwardCompatible

Whether v2 protocol support should be forward compatible to act like v3 and match its response, mainly for attribute release.

proxy

Cas20ViewProperties.Proxy proxy

Proxy views and settings.

Class org.apereo.cas.configuration.model.core.web.view.Cas20ViewProperties.Proxy extends java.lang.Object implements Serializable

serialVersionUID:

6765987342872282599L

Serialized Fields

success

java.lang.String success

The relative location of the CAS2 proxy success view bean.

failure

java.lang.String failure

The relative location of the CAS2 proxy failure view bean.

Class org.apereo.cas.configuration.model.core.web.view.Cas30ViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

2345062034300650858L

Serialized Fields

success

java.lang.String success

The relative location of the CAS3 success validation bean.

failure

java.lang.String failure

The relative location of the CAS3 success validation bean.

attributeRendererType

Cas30ViewProperties.ValidationAttributesRendererTypes attributeRendererType

Indicates how attributes in the final validation response should be formatted. Options available are:

• DEFAULT: The default option implements the rendering strategy specified by the CAS protocol.
• INLINE: Includes the attribute name and value as XML attributes.

Class org.apereo.cas.configuration.model.core.web.view.ViewProperties extends java.lang.Object implements Serializable

serialVersionUID:

2719748442042197738L

Serialized Fields

defaultRedirectUrl

java.lang.String defaultRedirectUrl

The default redirect URL if none is specified after a successful authentication event.

templatePrefixes

java.util.List<E> templatePrefixes

Comma separated paths to where CAS templates may be found.

cas2

Cas20ViewProperties cas2

CAS2 views and locations.

cas3

Cas30ViewProperties cas3

CAS3 views and locations.

rest

ViewProperties.Rest rest

Resolve CAS views via REST.

Class org.apereo.cas.configuration.model.core.web.view.ViewProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Package org.apereo.cas.configuration.model.support

Class org.apereo.cas.configuration.model.support.ConnectionPoolingProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5307463292890944799L

Serialized Fields

minSize

int minSize

Controls the maximum size that the pool is allowed to reach, including both idle and in-use connections.

maxSize

int maxSize

Controls the maximum number of connections to keep in the pool, including both idle and in-use connections.

maxWait

java.lang.String maxWait

Sets the maximum time in seconds that this data source will wait while attempting to connect to a database. A value of zero specifies that the timeout is the default system timeout if there is one; otherwise, it specifies that there is no timeout.

suspension

boolean suspension

Whether or not pool suspension is allowed. There is a performance impact when pool suspension is enabled. Unless you need it (for a redundancy system for example) do not enable it.

timeoutMillis

long timeoutMillis

The maximum number of milliseconds that the pool will wait for a connection to be validated as alive.

Package org.apereo.cas.configuration.model.support.analytics

Class org.apereo.cas.configuration.model.support.analytics.GoogleAnalyticsProperties extends java.lang.Object implements Serializable

serialVersionUID:

5425678120443123345L

Serialized Fields

googleAnalyticsTrackingId

java.lang.String googleAnalyticsTrackingId

The tracking id. Configuring the tracking activated google analytics in CAS on UI views, etc.

Package org.apereo.cas.configuration.model.support.aup

Class org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7703477581675908899L

Serialized Fields

ldap

AcceptableUsagePolicyProperties.Ldap ldap

Control AUP via LDAP.

jdbc

AcceptableUsagePolicyProperties.Jdbc jdbc

Control AUP via Redis.

rest

AcceptableUsagePolicyProperties.Rest rest

Control AUP via Redis.

mongo

AcceptableUsagePolicyProperties.MongoDb mongo

Keep consent decisions stored via a MongoDb database resource.

enabled

boolean enabled

AUP enabled allows AUP to be turned off on startup.

aupAttributeName

java.lang.String aupAttributeName

AUP attribute to choose in order to determine whether policy has been accepted or not.

Class org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyProperties.Jdbc extends AbstractJpaProperties implements Serializable

serialVersionUID:

-1325011278378393385L

Serialized Fields

tableName

java.lang.String tableName

The table name in the database that holds the AUP attribute to update for the user.

Class org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyProperties.Ldap extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-7991011278378393382L

Class org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Class org.apereo.cas.configuration.model.support.aup.AcceptableUsagePolicyProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Package org.apereo.cas.configuration.model.support.aws

Class org.apereo.cas.configuration.model.support.aws.BaseAmazonWebServicesProperties extends java.lang.Object implements Serializable

serialVersionUID:

6426637051495147084L

Serialized Fields

credentialAccessKey

java.lang.String credentialAccessKey

Use access-key provided by AWS to authenticate.

credentialSecretKey

java.lang.String credentialSecretKey

Use secret key provided by AWS to authenticate.

region

java.lang.String region

AWS region used.

profileName

java.lang.String profileName

Profile name to use.

profilePath

java.lang.String profilePath

Profile path.

regionOverride

java.lang.String regionOverride

EC2 region override.

serviceNameIntern

java.lang.String serviceNameIntern

Service name pattern.

endpoint

java.lang.String endpoint

AWS custom endpoint.

Package org.apereo.cas.configuration.model.support.captcha

Class org.apereo.cas.configuration.model.support.captcha.GoogleRecaptchaProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8955074129123813915L

Serialized Fields

enabled

boolean enabled

Whether google reCAPTCHA should be enabled.

siteKey

java.lang.String siteKey

The google reCAPTCHA site key.

verifyUrl

java.lang.String verifyUrl

The google reCAPTCHA endpoint for verification of tokens and input.

secret

java.lang.String secret

The google reCAPTCHA site secret.

invisible

boolean invisible

Whether google reCAPTCHA invisible should be enabled.

position

java.lang.String position

The google reCAPTCHA badge position (only if invisible is enabled). Accepted values are:

• bottomright: default value.
• bottomleft
• inline: allows to control the CSS.

Package org.apereo.cas.configuration.model.support.cassandra.authentication

Class org.apereo.cas.configuration.model.support.cassandra.authentication.BaseCassandraProperties extends java.lang.Object implements Serializable

serialVersionUID:

3708645268337674572L

Serialized Fields

username

java.lang.String username

Username to bind and establish a connection to cassandra.

password

java.lang.String password

Password to bind and establish a connection to cassandra.

protocolVersion

java.lang.String protocolVersion

Cassandra protocol version.

keyspace

java.lang.String keyspace

Keyspace address to use where the cluster would connect.

contactPoints

java.lang.String contactPoints

The list of contact points to use for the new cluster.

localDc

java.lang.String localDc

Used by a DC-ware round-robin load balancing policy. This policy provides round-robin queries over the node of the local data center. It also includes in the query plans returned a configurable number of hosts in the remote data centers, but those are always tried after the local nodes. In other words, this policy guarantees that no host in a remote data center will be queried unless no host in the local data center can be reached.

shuffleReplicas

boolean shuffleReplicas

The DC policy is wrapped inside a token-aware policy that may be set to shuffle replicas. This indicates whether to shuffle the replicas returned by getRoutingKey. Note that setting this parameter to true might decrease the effectiveness of caching (especially at consistency level ONE), since the same row will be retrieved from any replica (instead of only the "primary" replica without shuffling). On the other hand, shuffling will better distribute writes, and can alleviate hotspots caused by "fat" partitions.

retryPolicy

java.lang.String retryPolicy

A policy that defines a default behavior to adopt when a request fails. Such policy allows to centralize the handling of query retries, allowing to minimize the need for exception catching/handling in business code. Accepted options are DEFAULT_RETRY_POLICY, DOWNGRADING_CONSISTENCY_RETRY_POLICY, FALLTHROUGH_RETRY_POLICY.

The default policy retries queries in only two cases:

• On a read timeout, if enough replicas replied but data was not retrieved.
• On a write timeout, if we timeout while writing the distributed log used by batch statements. This retry policy is conservative in that it will never retry with a different consistency level than the one of the initial operation.

compression

java.lang.String compression

Protocol compression options. Accepted options are NONE, SNAPPY, LZ4.

consistencyLevel

java.lang.String consistencyLevel

Query option consistency level. The consistency level set through this method will be use for queries that don't explicitly have a consistency level. Accepted values are:ALL, ANY, EACH_QUORUM, LOCAL_ONE, LOCAL_QUORUM, LOCAL_SERIAL, ONE, QUORUM, SERIAL, THREE, TWO.

serialConsistencyLevel

java.lang.String serialConsistencyLevel

Query option serial consistency level. The serial consistency level set through this method will be use for queries that don't explicitly have a serial consistency level. Accepted values are:ALL, ANY, EACH_QUORUM, LOCAL_ONE, LOCAL_QUORUM, LOCAL_SERIAL, ONE, QUORUM, SERIAL, THREE, TWO.

maxConnections

int maxConnections

Sets the maximum number of connections.

coreConnections

int coreConnections

Sets the core number of connections per host.

maxRequestsPerConnection

int maxRequestsPerConnection

Sets the maximum number of connection requests per host.

connectTimeoutMillis

int connectTimeoutMillis

The connection timeout in milliseconds. As the name implies, the connection timeout defines how long the driver waits to establish a new connection to a Cassandra node before giving up.

readTimeoutMillis

int readTimeoutMillis

The per-host read timeout in milliseconds. This defines how long the driver will wait for a given Cassandra node to answer a query.

port

int port

Cassandra instance port.

Class org.apereo.cas.configuration.model.support.cassandra.authentication.CassandraAuthenticationProperties extends BaseCassandraProperties implements Serializable

serialVersionUID:

1369405266376125234L

Serialized Fields

name

java.lang.String name

Name of the authentication handler.

order

java.lang.Integer order

The authentication handler order in the chain.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch and compare.

passwordAttribute

java.lang.String passwordAttribute

Password attribute to fetch and compare.

tableName

java.lang.String tableName

Table name to fetch credentials.

query

java.lang.String query

The authentication query to use when searching for users.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding settings for this authentication.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

Package org.apereo.cas.configuration.model.support.clearpass

Class org.apereo.cas.configuration.model.support.clearpass.ClearpassProperties extends java.lang.Object implements Serializable

serialVersionUID:

6047778458053531460L

Serialized Fields

cacheCredential

boolean cacheCredential

Enable clearpass and allow CAS to cache credentials.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the password captured.

Package org.apereo.cas.configuration.model.support.clouddirectory

Class org.apereo.cas.configuration.model.support.clouddirectory.CloudDirectoryProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

6725526133973304269L

Serialized Fields

directoryArn

java.lang.String directoryArn

Directory ARN.

schemaArn

java.lang.String schemaArn

Schema ARN.

facetName

java.lang.String facetName

Facet name.

usernameAttributeName

java.lang.String usernameAttributeName

Username attribute to choose when locating accounts.

passwordAttributeName

java.lang.String passwordAttributeName

Password attribute to choose on the entry to compare.

usernameIndexPath

java.lang.String usernameIndexPath

Username index path.

name

java.lang.String name

The name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

order

int order

The order of this authentication handler in the chain.

Package org.apereo.cas.configuration.model.support.consent

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties extends java.lang.Object implements Serializable

serialVersionUID:

5201308051524438384L

Serialized Fields

reminder

int reminder

Global reminder time unit, to reconfirm consent in cases no changes are detected.

reminderTimeUnit

java.time.temporal.ChronoUnit reminderTimeUnit

Global reminder time unit of measure, to reconfirm consent in cases no changes are detected.

rest

ConsentProperties.Rest rest

Keep consent decisions stored via REST.

ldap

ConsentProperties.Ldap ldap

Keep consent decisions stored via LDAP user records.

jpa

ConsentProperties.Jpa jpa

Keep consent decisions stored via JDBC resources.

json

ConsentProperties.Json json

Keep consent decisions stored via a static JSON resource.

groovy

ConsentProperties.Groovy groovy

Keep consent decisions stored via a Groovy resource.

mongo

ConsentProperties.MongoDb mongo

Keep consent decisions stored via a MongoDb database resource.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Signing/encryption settings.

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

7079027843747126083L

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties.Jpa extends AbstractJpaProperties implements Serializable

serialVersionUID:

1646689616653363554L

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties.Json extends SpringResourceProperties implements Serializable

serialVersionUID:

7079027843747126083L

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties.Ldap extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

1L

Serialized Fields

type

AbstractLdapProperties.LdapType type

Type of LDAP directory.

consentAttributeName

java.lang.String consentAttributeName

Name of LDAP attribute that holds consent decisions as JSON.

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-1918436901491275547L

Class org.apereo.cas.configuration.model.support.consent.ConsentProperties.Rest extends java.lang.Object implements Serializable

serialVersionUID:

-6909617495470495341L

Serialized Fields

endpoint

java.lang.String endpoint

REST endpoint to use to which consent decision records will be submitted.

Package org.apereo.cas.configuration.model.support.cookie

Class org.apereo.cas.configuration.model.support.cookie.CookieProperties extends java.lang.Object implements Serializable

serialVersionUID:

6804770601645126835L

Serialized Fields

name

java.lang.String name

Cookie name. Constructs a cookie with a specified name and value. The name must conform to RFC 2965. That means it can contain only ASCII alphanumeric characters and cannot contain commas, semicolons, or white space or begin with a $ character. The cookie's name cannot be changed after creation. By default, cookies are created according to the RFC 2965 cookie specification.

path

java.lang.String path

Cookie path. Specifies a path for the cookie to which the client should return the cookie. The cookie is visible to all the pages in the directory you specify, and all the pages in that directory's subdirectories. A cookie's path must include the servlet that set the cookie, for example, /catalog, which makes the cookie visible to all directories on the server under /catalog. Consult RFC 2965 (available on the Internet) for more information on setting path names for cookies.

domain

java.lang.String domain

Cookie domain. Specifies the domain within which this cookie should be presented. The form of the domain name is specified by RFC 2965. A domain name begins with a dot (.foo.com) and means that the cookie is visible to servers in a specified Domain Name System (DNS) zone (for example, www.foo.com, but not a.b.foo.com). By default, cookies are only returned to the server that sent them.

secure

boolean secure

True if sending this cookie should be restricted to a secure protocol, or false if the it can be sent using any protocol.

httpOnly

boolean httpOnly

true if this cookie contains the HttpOnly attribute. This means that the cookie should not be accessible to scripting engines, like javascript.

maxAge

int maxAge

The maximum age of the cookie, specified in seconds. By default, -1 indicating the cookie will persist until browser shutdown. A positive value indicates that the cookie will expire after that many seconds have passed. Note that the value is the maximum age when the cookie will expire, not the cookie's current age. A negative value means that the cookie is not stored persistently and will be deleted when the Web browser exits. A zero value causes the cookie to be deleted.

pinToSession

boolean pinToSession

When generating cookie values, determine whether the value should be compounded and signed with the properties of the current session, such as IP address, user-agent, etc.

Class org.apereo.cas.configuration.model.support.cookie.TicketGrantingCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

7392972818105536350L

Serialized Fields

rememberMeMaxAge

java.lang.String rememberMeMaxAge

If remember-me is enabled, specifies the maximum age of the cookie.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that determine how the cookie should be signed and encrypted.

Class org.apereo.cas.configuration.model.support.cookie.WarningCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

-266090748600049578L

Package org.apereo.cas.configuration.model.support.cosmosdb

Class org.apereo.cas.configuration.model.support.cosmosdb.BaseCosmosDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

2528153816791719898L

Serialized Fields

throughput

int throughput

Database throughput usually between 400 or 100,000.

uri

java.lang.String uri

Document Db host address (i.e. https://localhost:8081).

key

java.lang.String key

Document Db master key.

consistencyLevel

java.lang.String consistencyLevel

Document Db consistency level. Azure Cosmos DB is designed from the ground up with global distribution in mind for every data model. It is designed to offer predictable low latency guarantees, a 99.99% availability SLA, and multiple well-defined relaxed consistency models. Currently, Azure Cosmos DB provides five consistency levels: strong, bounded-staleness, session, consistent prefix, and eventual. Besides strong and eventual consistency models commonly offered by distributed databases, Azure Cosmos DB offers three more carefully codified and operationalized consistency models, and has validated their usefulness against real world use cases. These are the bounded staleness, session, and consistent prefix consistency levels. Collectively these five consistency levels enable you to make well-reasoned trade-offs between consistency, availability, and latency. Accepted values are:

• Strong: Linearizability
• Session: Consistent Prefix. Monotonic reads, monotonic writes, read-your-writes, write-follows-reads
• Eventual: Out of order reads
• BoundedStaleness: Consistent Prefix. Reads lag behind writes by k prefixes or t interval
• ConsistentPrefix: Updates returned are some prefix of all the updates, with no gaps

database

java.lang.String database

Database name.

allowTelemetry

boolean allowTelemetry

Whether telemetry should be enabled by default.

dropCollection

boolean dropCollection

Whether collections should be dropped on startup and re-created.

Class org.apereo.cas.configuration.model.support.cosmosdb.CosmosDbServiceRegistryProperties extends BaseCosmosDbProperties implements Serializable

serialVersionUID:

6194689836396653458L

Serialized Fields

collection

java.lang.String collection

Collection to store CAS service definitions.

Package org.apereo.cas.configuration.model.support.couchbase

Class org.apereo.cas.configuration.model.support.couchbase.BaseCouchbaseProperties extends java.lang.Object implements Serializable

serialVersionUID:

6550895842866988551L

Serialized Fields

nodeSet

java.lang.String nodeSet

Nodeset name.

timeout

java.lang.String timeout

String representation of connection timeout.

password

java.lang.String password

Password.

bucket

java.lang.String bucket

Bucket name.

Package org.apereo.cas.configuration.model.support.couchbase.authentication

Class org.apereo.cas.configuration.model.support.couchbase.authentication.CouchbaseAuthenticationProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

-7257332242368463818L

Serialized Fields

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

name

java.lang.String name

The name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for this handler.

order

int order

Order of authentication handler in chain.

usernameAttribute

java.lang.String usernameAttribute

Username attribute to fetch and compare against credential.

passwordAttribute

java.lang.String passwordAttribute

Password attribute to fetch and compare against credential.

Package org.apereo.cas.configuration.model.support.couchbase.serviceregistry

Class org.apereo.cas.configuration.model.support.couchbase.serviceregistry.CouchbaseServiceRegistryProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

-4975171412161962007L

Package org.apereo.cas.configuration.model.support.couchbase.ticketregistry

Class org.apereo.cas.configuration.model.support.couchbase.ticketregistry.CouchbaseTicketRegistryProperties extends BaseCouchbaseProperties implements Serializable

serialVersionUID:

2123040809519673836L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.couchdb

Class org.apereo.cas.configuration.model.support.couchdb.AbstractCouchDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

1323894615409106853L

Serialized Fields

url

java.lang.String url

Connection url.

username

java.lang.String username

Username for connection.

password

java.lang.String password

Password for connection.

socketTimeout

int socketTimeout

Socket idle timeout.

connectionTimeout

int connectionTimeout

TCP connection timeout.

maxConnections

int maxConnections

Maximum connections to CouchDB.

enableSSL

boolean enableSSL

Use TLS. Only needed if not specified by URL.

relaxedSSLSettings

boolean relaxedSSLSettings

Relax TLS settings–like certificate verification.

caching

boolean caching

Use a local cache to reduce fetches..

maxCacheEntries

int maxCacheEntries

Max entries in local cache.

maxObjectSizeBytes

int maxObjectSizeBytes

Largest allowable serialized object.

useExpectContinue

boolean useExpectContinue

Expect HTTP 100 Continue during connection.

cleanupIdleConnections

boolean cleanupIdleConnections

Remove idle connections from pool.

createIfNotExists

boolean createIfNotExists

Create the database if it doesn't exist.

retries

int retries

Retries for update conflicts.

dbName

java.lang.String dbName

Database name. Defaults to +serviceRegistry+ and +ticketRegistry+ for the service and ticket registries, respectively.

Class org.apereo.cas.configuration.model.support.couchdb.CouchDbServiceRegistryProperties extends AbstractCouchDbProperties implements Serializable

serialVersionUID:

-5101551655756163621L

Class org.apereo.cas.configuration.model.support.couchdb.CouchDbTicketRegistryProperties extends AbstractCouchDbProperties implements Serializable

serialVersionUID:

6895485069081125319L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.custom

Class org.apereo.cas.configuration.model.support.custom.CasCustomProperties extends java.lang.Object implements Serializable

serialVersionUID:

5354004353286722083L

Serialized Fields

properties

java.util.Map<K,V> properties

Collection of custom settings that can be utilized for a local deployment. The settings should be available to CAS views and webflows for altering UI and/or introducing custom behavior to any extended customized component without introducing a new property namespace. An example would be: cas.properties.[name]=[value]

Package org.apereo.cas.configuration.model.support.digest

Class org.apereo.cas.configuration.model.support.digest.DigestProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7920128284733546444L

Serialized Fields

realm

java.lang.String realm

The digest realm to use.

authenticationMethod

java.lang.String authenticationMethod

Authentication method used when creating digest header.

users

java.util.Map<K,V> users

Static/stub list of username and passwords to accept if no other account store is defined.

name

java.lang.String name

Name of the authentication handler.

Package org.apereo.cas.configuration.model.support.dynamodb

Class org.apereo.cas.configuration.model.support.dynamodb.AbstractDynamoDbProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-8349917272283787550L

Serialized Fields

dropTablesOnStartup

boolean dropTablesOnStartup

Flag that indicates whether to drop tables on start up.

preventTableCreationOnStartup

boolean preventTableCreationOnStartup

Flag that indicates whether to prevent CAS from creating tables.

timeOffset

int timeOffset

Time offset.

readCapacity

long readCapacity

Read capacity.

writeCapacity

long writeCapacity

Write capacity.

connectionTimeout

int connectionTimeout

Connection timeout.

requestTimeout

int requestTimeout

Request timeout.

socketTimeout

int socketTimeout

Socket timeout.

useGzip

boolean useGzip

Flag that indicates whether to use Gzip compression.

useReaper

boolean useReaper

Flag that indicates whether to use reaper.

useThrottleRetries

boolean useThrottleRetries

Flag that indicates whether to throttle retries.

useTcpKeepAlive

boolean useTcpKeepAlive

Flag that indicates whether to keep TCP connection alive.

protocol

java.lang.String protocol

Protocol setting.

clientExecutionTimeout

int clientExecutionTimeout

Client execution timeout.

cacheResponseMetadata

boolean cacheResponseMetadata

Flag that indicates whether to cache response metadata.

localAddress

java.lang.String localAddress

Local address.

maxConnections

int maxConnections

Maximum connections setting.

localInstance

boolean localInstance

Indicates that the database instance is local to the deployment that does not require or use any credentials or other configuration other than host and region. This is mostly used during development and testing.

Class org.apereo.cas.configuration.model.support.dynamodb.DynamoDbServiceRegistryProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

809653348774854955L

Serialized Fields

tableName

java.lang.String tableName

The table name used and created by CAS to hold service definitions in DynamoDb.

Class org.apereo.cas.configuration.model.support.dynamodb.DynamoDbTicketRegistryProperties extends AbstractDynamoDbProperties implements Serializable

serialVersionUID:

699497009058965681L

Serialized Fields

serviceTicketsTableName

java.lang.String serviceTicketsTableName

The table name used and created by CAS to hold service tickets in DynamoDb.

proxyTicketsTableName

java.lang.String proxyTicketsTableName

The table name used and created by CAS to hold proxy tickets in DynamoDb.

ticketGrantingTicketsTableName

java.lang.String ticketGrantingTicketsTableName

The table name used and created by CAS to hold ticket granting tickets in DynamoDb.

proxyGrantingTicketsTableName

java.lang.String proxyGrantingTicketsTableName

The table name used and created by CAS to hold proxy ticket granting tickets in DynamoDb.

transientSessionTicketsTableName

java.lang.String transientSessionTicketsTableName

The table name used and created by CAS to hold transient session ticket tickets in DynamoDb.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.ehcache

Class org.apereo.cas.configuration.model.support.ehcache.EhcacheProperties extends java.lang.Object implements Serializable

serialVersionUID:

7772510035918976450L

Serialized Fields

synchronousWrites

boolean synchronousWrites

Sets the persistence write mode.

loaderAsync

boolean loaderAsync

Whether to load the cache bootstrapper asynchronously.

maxChunkSize

int maxChunkSize

The maximum serialized size of the elements to request from a remote cache peer during bootstrap.

maximumBatchSize

int maximumBatchSize

Maximum batch size for replication ops.

replicationInterval

java.lang.String replicationInterval

The replication interval in milliseconds for the cache replicator.

replicatePuts

boolean replicatePuts

Whether to replicate puts.

replicateUpdatesViaCopy

boolean replicateUpdatesViaCopy

Whether an update (a put) should be by copy or by invalidation, (a remove). By copy is best when the entry is expensive to produce. By invalidation is best when we are really trying to force other caches to sync back to a canonical source like a database. An example of a latter usage would be a read/write cache being used in Hibernate. This setting only has effect if #replicateUpdates is true.

replicateRemovals

boolean replicateRemovals

Whether to replicate removes.

replicateUpdates

boolean replicateUpdates

Whether to replicate updates.

replicatePutsViaCopy

boolean replicatePutsViaCopy

Whether a put should replicated by copy or by invalidation, (a remove). By copy is best when the entry is expensive to produce. By invalidation is best when we are really trying to force other caches to sync back to a canonical source like a database. An example of a latter usage would be a read/write cache being used in Hibernate. This setting only has effect if #replicateUpdates is true.

shared

boolean shared

Set whether the EhCache CacheManager should be shared (as a singleton at the ClassLoader level) or independent (typically local within the application). Default is "false", creating an independent local instance. NOTE: This feature allows for sharing this EhCacheManagerFactoryBean's CacheManager with any code calling CacheManager.create() in the same ClassLoader space, with no need to agree on a specific CacheManager name. However, it only supports a single EhCacheManagerFactoryBean involved which will control the lifecycle of the underlying CacheManager (in particular, its shutdown).

cacheManagerName

java.lang.String cacheManagerName

The name of the cache manager instance.

diskExpiryThreadIntervalSeconds

int diskExpiryThreadIntervalSeconds

The interval in seconds between runs of the disk expiry thread.

eternal

boolean eternal

Sets whether elements are eternal. If eternal, timeouts are ignored and the element is never expired. False by default.

maxElementsInMemory

int maxElementsInMemory

Builder that sets the maximum objects to be held in memory (0 = no limit).

maxElementsInCache

int maxElementsInCache

Builder which sets the maximum number entries in cache.

maxElementsOnDisk

int maxElementsOnDisk

Builder which sets the maximum number elements on Disk. 0 means unlimited.

memoryStoreEvictionPolicy

java.lang.String memoryStoreEvictionPolicy

Builder which Sets the eviction policy. An invalid argument will set it to null.

• LRU - least recently used
• LFU - least frequently used
• FIFO - first in first out, the oldest element by creation time

persistence

java.lang.String persistence

Sets the persistence strategy. Acceptable values are:

• LOCALTEMPSWAP: Standard open source (non fault-tolerant) on-disk persistence.
• DISTRIBUTED: Terracotta clustered persistence (requires a Terracotta clustered cache)
• LOCALRESTARTABL: Enterprise fault tolerant persistence
• NONE: No persistence

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.email

Class org.apereo.cas.configuration.model.support.email.EmailProperties extends java.lang.Object implements Serializable

serialVersionUID:

7367120636536230761L

Serialized Fields

attributeName

java.lang.String attributeName

Principal attribute name that indicates the destination email address for this message. The attribute must already be resolved and available to the CAS principal.

text

java.lang.String text

Email message body.

from

java.lang.String from

Email from address.

subject

java.lang.String subject

Email subject line.

cc

java.lang.String cc

Email CC address, if any.

bcc

java.lang.String bcc

Email BCC address, if any.

Package org.apereo.cas.configuration.model.support.fortress

Class org.apereo.cas.configuration.model.support.fortress.FortressAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

9068259944327425315L

Serialized Fields

rbaccontext

java.lang.String rbaccontext

Use this setting to set the tenant id onto function call into Fortress which allows segregation of data by customer. The context is used for multi-tenancy to isolate data sets within a particular sub-tree within DIT. Setting contextId into this object will render this class' implementer thread unsafe.

Package org.apereo.cas.configuration.model.support.generic

Class org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

2448007503183227617L

Serialized Fields

users

java.lang.String users

Accepted users for authentication, in the syntax of uid::password.

name

java.lang.String name

Name of the authentication handler.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for the authentication handler.

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

passwordPolicy

PasswordPolicyProperties passwordPolicy

Password policy settings.

Class org.apereo.cas.configuration.model.support.generic.FileAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4031366217090049241L

Serialized Fields

separator

java.lang.String separator

Separator character that distinguishes between usernames and passwords in the file.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

name

java.lang.String name

Authentication hanler name used to verify credentials in the file.

Class org.apereo.cas.configuration.model.support.generic.JsonResourceAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

1079027841236526083L

Serialized Fields

passwordPolicy

PasswordPolicyProperties passwordPolicy

Password policy settings.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

name

java.lang.String name

Authentication hanler name used to verify credentials in the file.

Class org.apereo.cas.configuration.model.support.generic.RejectAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3228601837221178711L

Serialized Fields

users

java.lang.String users

Comma-separated list of users to reject for authentication.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

name

java.lang.String name

Name of the authentication handler.

Class org.apereo.cas.configuration.model.support.generic.RemoteAddressAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

573409035023089696L

Serialized Fields

ipAddressRange

java.lang.String ipAddressRange

The authorized network address to allow for authentication.

name

java.lang.String name

The name of the authentication handler.

Class org.apereo.cas.configuration.model.support.generic.ShiroAuthenticationProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

8997401036330472417L

Serialized Fields

requiredRoles

java.util.Set<E> requiredRoles

Required roles that should be authorized by Shiro.

requiredPermissions

java.util.Set<E> requiredPermissions

Required permissions that should be authorized by Shiro.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation properties.

name

java.lang.String name

Name of the authentication handler.

Package org.apereo.cas.configuration.model.support.geo

Class org.apereo.cas.configuration.model.support.geo.BaseGeoLocationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4548572400079087989L

Serialized Fields

ipStackApiAccessKey

java.lang.String ipStackApiAccessKey

The access key for ip-stack used to look up ip addresses for geo locations. See this link for more info.

Package org.apereo.cas.configuration.model.support.geo.googlemaps

Class org.apereo.cas.configuration.model.support.geo.googlemaps.GoogleMapsProperties extends BaseGeoLocationProperties implements Serializable

serialVersionUID:

4661113818711911462L

Serialized Fields

apiKey

java.lang.String apiKey

Authenticate into google maps via an API key.

clientId

java.lang.String clientId

Authenticate into google maps via a client id.

clientSecret

java.lang.String clientSecret

Authenticate into google maps via a client secret.

connectTimeout

java.lang.String connectTimeout

The connection timeout when reaching out to google maps.

googleAppsEngine

boolean googleAppsEngine

When true, a strategy for handling URL requests using Google App Engine's URL Fetch API.

Package org.apereo.cas.configuration.model.support.geo.maxmind

Class org.apereo.cas.configuration.model.support.geo.maxmind.MaxmindProperties extends BaseGeoLocationProperties implements Serializable

serialVersionUID:

7883029275219817797L

Package org.apereo.cas.configuration.model.support.gua

Class org.apereo.cas.configuration.model.support.gua.GraphicalUserAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7527953699378415460L

Serialized Fields

ldap

GraphicalUserAuthenticationProperties.Ldap ldap

Locate GUA settings and images from LDAP.

resource

SpringResourceProperties resource

Locate GUA settings and images from a static image.

Class org.apereo.cas.configuration.model.support.gua.GraphicalUserAuthenticationProperties.Ldap extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

4666838063728336692L

Serialized Fields

imageAttribute

java.lang.String imageAttribute

Entry attribute that holds the user image.

Package org.apereo.cas.configuration.model.support.hazelcast

Class org.apereo.cas.configuration.model.support.hazelcast.BaseHazelcastProperties extends java.lang.Object implements Serializable

serialVersionUID:

4204884717547468480L

Serialized Fields

cluster

HazelcastClusterProperties cluster

Hazelcast cluster settings if CAS is able to auto-create caches.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastClusterProperties extends java.lang.Object implements Serializable

serialVersionUID:

1817784607045775145L

Serialized Fields

partitionMemberGroupType

java.lang.String partitionMemberGroupType

With PartitionGroupConfig, you can control how primary and backup partitions are mapped to physical Members. Hazelcast will always place partitions on different partition groups so as to provide redundancy. Accepted value are: PER_MEMBER, HOST_AWARE, CUSTOM, ZONE_AWARE, SPI. In all cases a partition will never be created on the same group. If there are more partitions defined than there are partition groups, then only those partitions, up to the number of partition groups, will be created. For example, if you define 2 backups, then with the primary, that makes 3. If you have only two partition groups only two will be created.

• PER_MEMBER Partition Groups}: This is the default partition scheme and is used if no other scheme is defined. Each Member is in a group of its own.
• HOST_AWARE Partition Groups}: In this scheme, a group corresponds to a host, based on its IP address. Partitions will not be written to any other members on the same host. This scheme provides good redundancy when multiple instances are being run on the same host.
• CUSTOM Partition Groups}: In this scheme, IP addresses, or IP address ranges, are allocated to groups. Partitions are not written to the same group. This is very useful for ensuring partitions are written to different racks or even availability zones.
• ZONE_AWARE Partition Groups}: In this scheme, groups are allocated according to the metadata provided by Discovery SPI Partitions are not written to the same group. This is very useful for ensuring partitions are written to availability zones or different racks without providing the IP addresses to the config ahead.
• SPI Partition Groups}: In this scheme, groups are allocated according to the implementation provided by Discovery SPI.

loggingType

java.lang.String loggingType

Hazelcast has a flexible logging configuration and doesn't depend on any logging framework except JDK logging. It has in-built adaptors for a number of logging frameworks and also supports custom loggers by providing logging interfaces. To use built-in adaptors you should set this setting to one of predefined types below.

• jdk: JDK logging
• log4j: Log4j
• slf4j: Slf4j
• none: Disable logging

maxNoHeartbeatSeconds

int maxNoHeartbeatSeconds

Max timeout of heartbeat in seconds for a node to assume it is dead.

instanceName

java.lang.String instanceName

The instance name.

portAutoIncrement

boolean portAutoIncrement

You may also want to choose to use only one port. In that case, you can disable the auto-increment feature of port.

port

int port

You can specify the ports which Hazelcast will use to communicate between cluster members. The name of the parameter for this is port and its default value is 5701. By default, Hazelcast will try 100 ports to bind. Meaning that, if you set the value of port as 5701, as members are joining to the cluster, Hazelcast tries to find ports between 5701 and 5801.

multicastEnabled

boolean multicastEnabled

Enables a multicast configuration using a group address and port. Contains the configuration for the multicast discovery mechanism. With the multicast discovery mechanism Hazelcast allows Hazelcast members to find each other using multicast. So Hazelcast members do not need to know concrete addresses of members, they just multicast to everyone listening. It depends on your environment if multicast is possible or allowed; otherwise you need to have a look at the tcp/ip cluster

tcpipEnabled

boolean tcpipEnabled

Enable TCP/IP config. Contains the configuration for the Tcp/Ip join mechanism. The Tcp/Ip join mechanism relies on one or more well known members. So when a new member wants to join a cluster, it will try to connect to one of the well known members. If it is able to connect, it will now about all members in the cluster and doesn't rely on these well known members anymore.

members

java.util.List<E> members

Sets the well known members. If members is empty, calling this method will have the same effect as calling clear(). A member can be a comma separated string, e..g '10.11.12.1,10.11.12.2' which indicates multiple members are going to be added.

maxHeapSizePercentage

int maxHeapSizePercentage

Sets the maximum size of the map.

maxSizePolicy

java.lang.String maxSizePolicy

• FREE_HEAP_PERCENTAGE: Policy based on minimum free JVM heap memory percentage per JVM.
• FREE_HEAP_SIZE: Policy based on minimum free JVM heap memory in megabytes per JVM.
• FREE_NATIVE_MEMORY_PERCENTAGE: Policy based on minimum free native memory percentage per Hazelcast instance.
• FREE_NATIVE_MEMORY_SIZE: Policy based on minimum free native memory in megabytes per Hazelcast instance.
• PER_NODE: Policy based on maximum number of entries stored per data structure (map, cache etc) on each Hazelcast instance.
• PER_PARTITION: Policy based on maximum number of entries stored per data structure (map, cache etc) on each partition.
• USED_HEAP_PERCENTAGE: Policy based on maximum used JVM heap memory percentage per data structure (map, cache etc) on each Hazelcast instance .
• USED_HEAP_SIZE: Policy based on maximum used JVM heap memory in megabytes per data structure (map, cache etc) on each Hazelcast instance.
• USED_NATIVE_MEMORY_PERCENTAGE: Policy based on maximum used native memory percentage per data structure (map, cache etc) on each Hazelcast instance.
• USED_NATIVE_MEMORY_SIZE: Policy based on maximum used native memory in megabytes per data structure (map, cache etc) on each Hazelcast instance .

evictionPolicy

java.lang.String evictionPolicy

Hazelcast supports policy-based eviction for distributed maps. Currently supported policies are LRU (Least Recently Used) and LFU (Least Frequently Used) and NONE. See this for more info.

backupCount

int backupCount

To provide data safety, Hazelcast allows you to specify the number of backup copies you want to have. That way, data on a cluster member will be copied onto other member(s). To create synchronous backups, select the number of backup copies. When this count is 1, a map entry will have its backup on one other member in the cluster. If you set it to 2, then a map entry will have its backup on two other members. You can set it to 0 if you do not want your entries to be backed up, e.g., if performance is more important than backing up. The maximum value for the backup count is 6. Sync backup operations have a blocking cost which may lead to latency issues.

asyncBackupCount

int asyncBackupCount

Hazelcast supports both synchronous and asynchronous backups. By default, backup operations are synchronous. In this case, backup operations block operations until backups are successfully copied to backup members (or deleted from backup members in case of remove) and acknowledgements are received. Therefore, backups are updated before a put operation is completed, provided that the cluster is stable. Asynchronous backups, on the other hand, do not block operations. They are fire and forget and do not require acknowledgements; the backup operations are performed at some point in time.

timeout

int timeout

Connection timeout in seconds for the TCP/IP config and members joining the cluster.

ipv4Enabled

boolean ipv4Enabled

IPv6 support has been switched off by default, since some platforms have issues in use of IPv6 stack. And some other platforms such as Amazon AWS have no support at all. To enable IPv6 support set this setting to false.

multicastTrustedInterfaces

java.lang.String multicastTrustedInterfaces

Multicast trusted interfaces for discovery. With the multicast auto-discovery mechanism, Hazelcast allows cluster members to find each other using multicast communication. The cluster members do not need to know the concrete addresses of the other members, as they just multicast to all the other members for listening. Whether multicast is possible or allowed depends on your environment.

multicastGroup

java.lang.String multicastGroup

The multicast group address used for discovery. With the multicast auto-discovery mechanism, Hazelcast allows cluster members to find each other using multicast communication. The cluster members do not need to know the concrete addresses of the other members, as they just multicast to all the other members for listening. Whether multicast is possible or allowed depends on your environment.

multicastPort

int multicastPort

The multicast port used for discovery.

multicastTimeout

int multicastTimeout

specifies the time in seconds that a member should wait for a valid multicast response from another member running in the network before declaring itself the leader member (the first member joined to the cluster) and creating its own cluster. This only applies to the startup of members where no leader has been assigned yet. If you specify a high value, such as 60 seconds, it means that until a leader is selected, each member will wait 60 seconds before moving on. Be careful when providing a high value. Also, be careful not to set the value too low, or the members might give up too early and create their own cluster.

multicastTimeToLive

int multicastTimeToLive

Gets the time to live for the multicast package in seconds. This is the default time-to-live for multicast packets sent out on the socket

discovery

HazelcastDiscoveryProperties discovery

Describe discovery strategies for Hazelcast.

Class org.apereo.cas.configuration.model.support.hazelcast.HazelcastTicketRegistryProperties extends BaseHazelcastProperties implements Serializable

serialVersionUID:

-1095208036374406772L

Serialized Fields

pageSize

long pageSize

Page size is used by a special Predicate which helps to get a page-by-page result of a query.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.hazelcast.discovery

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastAwsDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8281247687171101766L

Serialized Fields

accessKey

java.lang.String accessKey

AWS access key.

secretKey

java.lang.String secretKey

AWS secret key.

iamRole

java.lang.String iamRole

If you do not want to use access key and secret key, you can specify iam-role. Hazelcast fetches your credentials by using your IAM role.

region

java.lang.String region

AWS region. i.e. us-east-1. The region where your members are running.

hostHeader

java.lang.String hostHeader

Host header. i.e. ec2.amazonaws.com. The URL that is the entry point for a web service.

securityGroupName

java.lang.String securityGroupName

If a security group is configured, only instances within that security group are selected.

tagKey

java.lang.String tagKey

If a tag key/value is set, only instances with that tag key/value will be selected.

tagValue

java.lang.String tagValue

If a tag key/value is set, only instances with that tag key/value will be selected.

port

int port

Hazelcast port. Typically may be set to 5701. You can set searching for other ports rather than 5701 if you've members on different ports.

connectionTimeoutSeconds

int connectionTimeoutSeconds

The maximum amount of time Hazelcast will try to connect to a well known member before giving up. Setting this value too low could mean that a member is not able to connect to a cluster. Setting the value too high means that member startup could slow down because of longer timeouts (for example, when a well known member is not up). Increasing this value is recommended if you have many IPs listed and the members cannot properly build up the cluster. Its default value is 5.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastAzureDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

3861923784551442190L

Serialized Fields

subscriptionId

java.lang.String subscriptionId

The Azure subscription ID.

clientId

java.lang.String clientId

The Azure Active Directory Service Principal client ID.

clientSecret

java.lang.String clientSecret

The Azure Active Directory Service Principal client secret.

tenantId

java.lang.String tenantId

The Azure Active Directory tenant ID.

clusterId

java.lang.String clusterId

The name of the tag on the hazelcast vm resources. With every Hazelcast Virtual Machine you deploy in your resource group, you need to ensure that each VM is tagged with the value of cluster-id defined in your Hazelcast configuration. The only requirement is that every VM can access each other either by private or public IP address.

groupName

java.lang.String groupName

The Azure resource group name of the cluster. You can find this in the Azure portal or CLI.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8281223487171101795L

Serialized Fields

enabled

boolean enabled

Whether discovery should be enabled via the configured strategies below.

aws

HazelcastAwsDiscoveryProperties aws

Describe discovery strategy based on AWS. The AWS config contains the configuration for AWS join mechanism. What happens behind the scenes is that data about the running AWS instances in a specific region are downloaded using the accesskey/secretkey and are potential Hazelcast members. There are 2 mechanisms for filtering out AWS instances and these mechanisms can be combined (AND).

1. If a security group is configured, only instances within that security group are selected.
2. If a tag key/value is set, only instances with that tag key/value will be selected.

Once Hazelcast has figured out which instances are available, it will use the private IP addresses of these instances to create a TCP/IP-cluster.

jclouds

HazelcastJCloudsDiscoveryProperties jclouds

Describe discovery strategy based on JClouds.

azure

HazelcastAzureDiscoveryProperties azure

Describe discovery strategy based on Azure.

Class org.apereo.cas.configuration.model.support.hazelcast.discovery.HazelcastJCloudsDiscoveryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8281247687171101766L

Serialized Fields

provider

java.lang.String provider

String value that is used to identify ComputeService provider. For example, "google-compute-engine" is used for Google Cloud services. See here for more info.

identity

java.lang.String identity

Cloud Provider identity, can be thought of as a user name for cloud services.

credential

java.lang.String credential

Cloud Provider credential, can be thought of as a password for cloud services.

endpoint

java.lang.String endpoint

Defines the endpoint for a gneric API such as OpenStack or CloudStack (optional).

zones

java.lang.String zones

Defines zone for a cloud service (optional). Can be used with comma separated values for multiple values.

regions

java.lang.String regions

Defines region for a cloud service (optional). Can be used with comma separated values for multiple values.

tagKeys

java.lang.String tagKeys

Filters cloud instances with tags (optional). Can be used with comma separated values for multiple values.

tagValues

java.lang.String tagValues

Filters cloud instances with tags (optional) Can be used with comma separated values for multiple values.

group

java.lang.String group

Filters instance groups (optional). When used with AWS it maps to security group.

port

int port

Port which the hazelcast instance service uses on the cluster member. Default value is 5701. (optional)

roleName

java.lang.String roleName

Used for IAM role support specific to AWS (optional, but if defined, no identity or credential should be defined in the configuration).

credentialPath

java.lang.String credentialPath

Used for cloud providers which require an extra JSON or P12 key file. This denotes the path of that file. Only tested with Google Compute Engine. (Required if Google Compute Engine is used.)

Package org.apereo.cas.configuration.model.support.ignite

Class org.apereo.cas.configuration.model.support.ignite.IgniteProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5259465262649559156L

Serialized Fields

igniteAddress

java.util.List<E> igniteAddress

Used by TcpDiscoveryVmIpFinder which is an IP Finder which works only with pre-configured list of IP addresses specified via this setting. By default, this IP finder is not shared, which means that all grid nodes have to be configured with the same list of IP addresses when this IP finder is used. Parses provided values and initializes the internal collection of addresses. Addresses may be represented as follows:

• IP address (e.g. 127.0.0.1, 9.9.9.9, etc);
• IP address and port (e.g. 127.0.0.1:47500, 9.9.9.9:47501, etc);
• IP address and port range (e.g. 127.0.0.1:47500..47510, 9.9.9.9:47501..47504, etc);
• Hostname (e.g. host1.com, host2, etc);
• Hostname and port (e.g. host1.com:47500, host2:47502, etc).
• Hostname and port range (e.g. host1.com:47500..47510, host2:47502..47508, etc).

If port is 0 or not provided then default port will be used (depends on discovery SPI configuration). If port range is provided (e.g. host:port1..port2) the following should be considered:

• port1 < port2 should be true;
• Both port1 and port2 should be greater than 0.

ticketsCache

IgniteProperties.TicketsCache ticketsCache

Settings related to tickets cache.

keyStoreType

java.lang.String keyStoreType

Keystore type used to create a SSL context for the ticket registry.

keyStoreFilePath

java.lang.String keyStoreFilePath

Keystore file path used to create a SSL context for the ticket registry.

keyStorePassword

java.lang.String keyStorePassword

Keystore password used to create a SSL context for the ticket registry.

trustStoreType

java.lang.String trustStoreType

Truststore type used to create a SSL context for the ticket registry.

protocol

java.lang.String protocol

SSL protocol used to create a SSL context for the ticket registry.

keyAlgorithm

java.lang.String keyAlgorithm

The key algorithm to use when creating SSL context.

trustStoreFilePath

java.lang.String trustStoreFilePath

Truststore file path used to create a SSL context for the ticket registry.

trustStorePassword

java.lang.String trustStorePassword

Truststore password used to create a SSL context for the ticket registry.

ackTimeout

java.lang.String ackTimeout

Sets timeout for receiving acknowledgement for sent message. If acknowledgement is not received within this timeout, sending is considered as failed and SPI tries to repeat message sending.

joinTimeout

java.lang.String joinTimeout

Sets join timeout. If non-shared IP finder is used and node fails to connect to any address from IP finder, node keeps trying to join within this timeout. If all addresses are still unresponsive, exception is thrown and node startup fails.

localAddress

java.lang.String localAddress

Sets local host IP address that discovery SPI uses. If not provided, by default a first found non-loopback address will be used. If there is no non-loopback address available, then InetAddress.getLocalHost() will be used.

localPort

int localPort

Sets local port to listen to.

networkTimeout

java.lang.String networkTimeout

Sets maximum network timeout to use for network operations.

socketTimeout

java.lang.String socketTimeout

Sets socket operations timeout. This timeout is used to limit connection time and write-to-socket time. Note that when running Ignite on Amazon EC2, socket timeout must be set to a value significantly greater than the default (e.g. to 30000).

threadPriority

int threadPriority

Sets thread priority. All threads within SPI will be started with it.

defaultRegionMaxSize

long defaultRegionMaxSize

By default, Ignite nodes consume up to 20% of the RAM available locally, and in most cases, this is the only parameter you might need to change. Using the below setting allows you to change the default region memory size.

defaultPersistenceEnabled

boolean defaultPersistenceEnabled

Ignite native persistence is a distributed ACID and SQL-compliant disk store that transparently integrates with Ignite's durable memory. Ignite persistence is optional and can be turned on and off. When turned off Ignite becomes a pure in-memory store. With the native persistence enabled, Ignite always stores a superset of data on disk, and as much as it can in RAM based on the capacity of the latter. For example, if there are 100 entries and RAM has the capacity to store only 20, then all 100 will be stored on disk and only 20 will be cached in RAM for better performance. Also, it is worth mentioning that as with a pure in-memory use case, when the persistence is turned on, every individual cluster node persists only a subset of the data, only including partitions for which the node is either primary or backup. Collectively, the whole cluster contains the full data set.

clientMode

boolean clientMode

Start in client mode. If true the local node is started as a client.

forceServerMode

boolean forceServerMode

Sets force server mode flag. If true TcpDiscoverySpi is started in server mode regardless of IgniteConfiguration.isClientMode().

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Class org.apereo.cas.configuration.model.support.ignite.IgniteProperties.TicketsCache extends java.lang.Object implements Serializable

serialVersionUID:

4715167757542984471L

Serialized Fields

cacheMode

java.lang.String cacheMode

Specified the caching mode.

• LOCAL: Specifies local-only cache behaviour. In this mode caches residing on different grid nodes will not know about each other. Other than distribution, local caches still have all the caching features, such as eviction, expiration, swapping, querying, etc... This mode is very useful when caching read-only data or data that automatically expires at a certain interval and then automatically reloaded from persistence store.
• REPLICATED: Specifies fully replicated cache behavior. In this mode all the keys are distributed to all participating nodes. User still has affinity control over subset of nodes for any given key via AffinityFunction configuration.
• PARTITIONED: Specifies partitioned cache behaviour. In this mode the overall key set will be divided into partitions and all partitions will be split equally between participating nodes. User has affinity control over key assignment via AffinityFunction configuration. Note that partitioned cache is always fronted by local 'near' cache which stores most recent data. You can configure the size of near cache via NearCacheConfiguration.getNearEvictionPolicy() configuration property.

atomicityMode

java.lang.String atomicityMode

Specifies the atomicity mode.

• ATOMIC: Specifies atomic-only cache behaviour. In this mode distributed transactions and distributed locking are not supported. Disabling transactions and locking allows to achieve much higher performance and throughput ratios. In addition to transactions and locking, one of the main differences in ATOMIC mode is that bulk writes, such as putAll(...), removeAll(...), and transformAll(...) methods, become simple batch operations which can partially fail. In case of partial failure CachePartialUpdateCheckedException will be thrown which will contain a list of keys for which the update failed. It is recommended that bulk writes are used whenever multiple keys need to be inserted or updated in cache, as they reduce number of network trips and provide better performance. Note that even without locking and transactions, ATOMIC mode still provides full consistency guarantees across all cache nodes. Also note that all data modifications in ATOMIC mode are guaranteed to be atomic and consistent with writes to the underlying persistent store, if one is configured.
• TRANSACTIONAL: Specifies fully ACID-compliant transactional cache behavior.

writeSynchronizationMode

java.lang.String writeSynchronizationMode

Mode indicating how Ignite should wait for write replies from other nodes. Default value is FULL_ASYNC}, which means that Ignite will not wait for responses from participating nodes. This means that by default remote nodes may get their state updated slightly after any of the cache write methods complete, or after Transaction.commit() method completes.

• FULL_ASYNC: Flag indicating that Ignite will not wait for write or commit responses from participating nodes, which means that remote nodes may get their state updated a bit after any of the cache write methods complete, or after Transaction.commit() method completes.
• FULL_SYNC: Flag indicating that Ignite should wait for write or commit replies from all nodes. This behavior guarantees that whenever any of the atomic or transactional writes complete, all other participating nodes which cache the written data have been updated.
• PRIMARY_SYNC: This flag only makes sense for CacheMode.PARTITIONED mode. When enabled, Ignite will wait for write or commit to complete on primary node, but will not wait for backups to be updated.

Package org.apereo.cas.configuration.model.support.infinispan

Class org.apereo.cas.configuration.model.support.infinispan.InfinispanProperties extends java.lang.Object implements Serializable

serialVersionUID:

1974626726565626634L

Serialized Fields

cacheName

java.lang.String cacheName

Cache name to create and hold tickets in.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.influxdb

Class org.apereo.cas.configuration.model.support.influxdb.InfluxDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1945287308473842616L

Serialized Fields

url

java.lang.String url

InfluxDb connection url.

username

java.lang.String username

InfluxDb connection username.

password

java.lang.String password

InfluxDb connection password.

database

java.lang.String database

Database name.

retentionPolicy

java.lang.String retentionPolicy

Database retention policy to use.

dropDatabase

boolean dropDatabase

Whether the indicated database should be dropped and recreated.

pointsToFlush

int pointsToFlush

The number of point to flush and write to the database as part of the batch.

batchInterval

java.lang.String batchInterval

The interval used to run batch jobs to flush points.

consistencyLevel

java.lang.String consistencyLevel

Database consistency level. Acceptable values are ALL, ANY, ONE, QUORUM.

• ALL - Write succeeds only if write reached all cluster members.
• ANY - Write succeeds if write reached any cluster members.
• ONE - Write succeeds if write reached at least one cluster members.
• QUORUM - Write succeeds only if write reached a quorum of cluster members.

Package org.apereo.cas.configuration.model.support.interrupt

Class org.apereo.cas.configuration.model.support.interrupt.InterruptProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4945287309473842615L

Serialized Fields

attributeName

java.lang.String attributeName

A regex pattern on the attribute name that if matches will successfully complete the first condition for the interrupt notifications trigger.

attributeValue

java.lang.String attributeValue

A regex pattern on the attribute value that if matches will successfully complete the first condition for the interrupt notifications trigger.

json

InterruptProperties.Json json

Inquire for interrupt using a JSON resource.

groovy

InterruptProperties.Groovy groovy

Inquire for interrupt using a Groovy resource.

rest

InterruptProperties.Rest rest

Inquire for interrupt using a REST resource.

Class org.apereo.cas.configuration.model.support.interrupt.InterruptProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.interrupt.InterruptProperties.Json extends SpringResourceProperties implements Serializable

serialVersionUID:

1079027840047126083L

Class org.apereo.cas.configuration.model.support.interrupt.InterruptProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

1833594332973137011L

Package org.apereo.cas.configuration.model.support.jaas

Class org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4643338626978471986L

Serialized Fields

realm

java.lang.String realm

JAAS realm to use.

kerberosRealmSystemProperty

java.lang.String kerberosRealmSystemProperty

Typically, the default realm and the KDC for that realm are indicated in the Kerberos krb5.conf configuration file. However, if you like, you can instead specify the realm value by setting this following system property value.

If you set the realm property, you SHOULD also configure the kerberos KDC system property.

Also note that if you set these properties, then no cross-realm authentication is possible unless a krb5.conf file is also provided from which the additional information required for cross-realm authentication may be obtained.

If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf (if such a file is found). The krb5.conf file is still consulted if values for items other than the default realm and KDC are needed. If no krb5.conf file is found, then the default values used for these items are implementation-specific.

See Also:

Oracle documentation

kerberosKdcSystemProperty

java.lang.String kerberosKdcSystemProperty

Typically, the default realm and the KDC for that realm are indicated in the Kerberos krb5.conf configuration file. However, if you like, you can instead specify the realm value by setting this following system property value.

If you set the realm property, you SHOULD also configure the kerberos KDC system property.

Also note that if you set these properties, then no cross-realm authentication is possible unless a krb5.conf file is also provided from which the additional information required for cross-realm authentication may be obtained.

If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf (if such a file is found). The krb5.conf file is still consulted if values for items other than the default realm and KDC are needed. If no krb5.conf file is found, then the default values used for these items are implementation-specific.

See Also:

Oracle documentation

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

loginConfigType

java.lang.String loginConfigType

Typically set to JavaLoginConfig which is the default Configuration implementation from the SUN provider. This type accepts a URI/path to a configuration file as a valid parameter type specified via JaasAuthenticationProperties.loginConfigurationFile. If this parameter is not specified, then the configuration information is loaded from the sources described in the ConfigFile class specification. If this parameter is specified, the configuration information is loaded solely from the specified URI.

loginConfigurationFile

java.lang.String loginConfigurationFile

Path to the location of configuration file (i.e. jaas.conf) that contains the realms and login modules.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

passwordPolicy

PasswordPolicyProperties passwordPolicy

Password policy settings.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for JAAS authentication.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal construction settings.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

Package org.apereo.cas.configuration.model.support.jdbc

Class org.apereo.cas.configuration.model.support.jdbc.BindJdbcAuthenticationProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

4268982716707687796L

Serialized Fields

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding strategies for this authentication.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

Class org.apereo.cas.configuration.model.support.jdbc.JdbcAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7199786191466526110L

Serialized Fields

search

java.util.List<E> search

Settings related to search-mode jdbc authentication. Searches for a user record by querying against a username and password; the user is authenticated if at least one result is found.

encode

java.util.List<E> encode

Settings related to query-encode-mode jdbc authentication. A JDBC querying handler that will pull back the password and the private salt value for a user and validate the encoded password using the public salt value. Assumes everything is inside the same database table. Supports settings for number of iterations as well as private salt. This password encoding method combines the private Salt and the public salt which it prepends to the password before hashing. If multiple iterations are used, the byte code hash of the first iteration is rehashed without the salt values. The final hash is converted to hex before comparing it to the database value.

query

java.util.List<E> query

Settings related to query-mode jdbc authentication. Authenticates a user by comparing the user password (which can be encoded with a password encoder) against the password on record determined by a configurable database query.

bind

java.util.List<E> bind

Settings related to bind-mode jdbc authentication. Authenticates a user by attempting to create a database connection using the username and (hashed) password.

Class org.apereo.cas.configuration.model.support.jdbc.QueryEncodeJdbcAuthenticationProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-6647373426301411768L

Serialized Fields

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

algorithmName

java.lang.String algorithmName

Algorithm used for hashing.

sql

java.lang.String sql

SQL query to execute and look up accounts. Example: SELECT * FROM table WHERE username=?.

passwordFieldName

java.lang.String passwordFieldName

Password column name.

saltFieldName

java.lang.String saltFieldName

Field/column name that indicates the salt used for password hashing.

expiredFieldName

java.lang.String expiredFieldName

Column name that indicates whether account is expired.

disabledFieldName

java.lang.String disabledFieldName

Column name that indicates whether account is disabled.

numberOfIterationsFieldName

java.lang.String numberOfIterationsFieldName

Field/column name that indicates the number of iterations used for password hashing.

numberOfIterations

long numberOfIterations

Default number of iterations for hashing.

staticSalt

java.lang.String staticSalt

Static salt to be used for hashing.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding strategies for this authentication.

Class org.apereo.cas.configuration.model.support.jdbc.QueryJdbcAuthenticationProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

7806132208223986680L

Serialized Fields

sql

java.lang.String sql

SQL query to execute. Example: SELECT * FROM table WHERE name=?.

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

fieldPassword

java.lang.String fieldPassword

Password field/column name to retrieve.

fieldExpired

java.lang.String fieldExpired

Boolean field that should indicate whether the account is expired.

fieldDisabled

java.lang.String fieldDisabled

Boolean field that should indicate whether the account is disabled.

principalAttributeList

java.util.List<E> principalAttributeList

List of column names to fetch as user attributes.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding strategies for this authentication.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

Class org.apereo.cas.configuration.model.support.jdbc.SearchJdbcAuthenticationProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

6912107600297453730L

Serialized Fields

fieldUser

java.lang.String fieldUser

Username column name.

fieldPassword

java.lang.String fieldPassword

Password column name.

tableUsers

java.lang.String tableUsers

Table name where accounts are held.

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings for this authentication.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoding strategies for this authentication.

name

java.lang.String name

Name of the authentication handler.

order

int order

Order of the authentication handler in the chain.

Package org.apereo.cas.configuration.model.support.jms

Class org.apereo.cas.configuration.model.support.jms.JmsTicketRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2600525447128979994L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.jpa

Class org.apereo.cas.configuration.model.support.jpa.AbstractJpaProperties extends java.lang.Object implements Serializable

serialVersionUID:

761486823496930920L

Serialized Fields

dialect

java.lang.String dialect

The database dialect is a configuration setting for platform independent software (JPA, Hibernate, etc) which allows such software to translate its generic SQL statements into vendor specific DDL, DML.

ddlAuto

java.lang.String ddlAuto

Hibernate feature to automatically validate and exports DDL to the schema. By default, creates and drops the schema automatically when a session is starts and ends

driverClass

java.lang.String driverClass

The JDBC driver used to connect to the database.

url

java.lang.String url

The database connection URL.

user

java.lang.String user

The database user. The database user must have sufficient permissions to be able to handle schema changes and updates, when needed.

password

java.lang.String password

The database connection password.

defaultCatalog

java.lang.String defaultCatalog

Qualifies unqualified table names with the given catalog in generated SQL.

defaultSchema

java.lang.String defaultSchema

Qualify unqualified table names with the given schema/tablespace in generated SQL.

healthQuery

java.lang.String healthQuery

The SQL query to be executed to test the validity of connections.

idleTimeout

java.lang.String idleTimeout

Controls the maximum amount of time that a connection is allowed to sit idle in the pool.

dataSourceName

java.lang.String dataSourceName

Attempts to do a JNDI data source look up for the data source name specified. Will attempt to locate the data source object as is, or will try to return a proxy instance of it, in the event that AbstractJpaProperties.dataSourceProxy is used.

properties

java.util.Map<K,V> properties

Additional settings provided by Hibernate in form of key-value pairs.

See Also:

AvailableSettings

pool

ConnectionPoolingProperties pool

Database connection pooling settings.

leakThreshold

int leakThreshold

Controls the amount of time that a connection can be out of the pool before a message is logged indicating a possible connection leak.

batchSize

int batchSize

A non-zero value enables use of JDBC2 batch updates by Hibernate. e.g. recommended values between 5 and 30.

failFastTimeout

long failFastTimeout

Set the pool initialization failure timeout.

• Any value greater than zero will be treated as a timeout for pool initialization. The calling thread will be blocked from continuing until a successful connection to the database, or until the timeout is reached. If the timeout is reached, then a PoolInitializationException will be thrown.
• A value of zero will not prevent the pool from starting in the case that a connection cannot be obtained. However, upon start the pool will attempt to obtain a connection and validate that the connectionTestQuery and connectionInitSql are valid. If those validations fail, an exception will be thrown. If a connection cannot be obtained, the validation is skipped and the the pool will start and continue to try to obtain connections in the background. This can mean that callers to DataSource#getConnection() may encounter exceptions.
• A value less than zero will not bypass any connection attempt and validation during startup, and therefore the pool will start immediately. The pool will continue to try to obtain connections in the background. This can mean that callers to DataSource#getConnection() may encounter exceptions.

Note that if this timeout value is greater than or equal to zero (0), and therefore an initial connection validation is performed, this timeout does not override the connectionTimeout or validationTimeout; they will be honored before this timeout is applied. The default value is one millisecond.

isolateInternalQueries

boolean isolateInternalQueries

This property determines whether data source isolates internal pool queries, such as the connection alive test, in their own transaction.

Since these are typically read-only queries, it is rarely necessary to encapsulate them in their own transaction. This property only applies if AbstractJpaProperties.autocommit is disabled.

autocommit

boolean autocommit

The default auto-commit behavior of connections in the pool. Determined whether queries such as update/insert should be immediately executed without waiting for an underlying transaction.

dataSourceProxy

boolean dataSourceProxy

Indicates whether JNDI data sources retrieved should be proxied or returned back verbatim.

Class org.apereo.cas.configuration.model.support.jpa.DatabaseProperties extends java.lang.Object implements Serializable

serialVersionUID:

7740236971148591965L

Serialized Fields

showSql

boolean showSql

Whether SQL queries should be displayed in the console/logs.

genDdl

boolean genDdl

Whether to generate DDL after the EntityManagerFactory has been initialized creating/updating all relevant tables.

Class org.apereo.cas.configuration.model.support.jpa.JpaConfigDataHolder extends java.lang.Object implements Serializable

serialVersionUID:

-3940423575751579622L

Serialized Fields

persistenceUnitName

java.lang.String persistenceUnitName

packagesToScan

java.util.List<E> packagesToScan

Package org.apereo.cas.configuration.model.support.jpa.serviceregistry

Class org.apereo.cas.configuration.model.support.jpa.serviceregistry.JpaServiceRegistryProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

352435146313504995L

Package org.apereo.cas.configuration.model.support.jpa.ticketregistry

Class org.apereo.cas.configuration.model.support.jpa.ticketregistry.JpaTicketRegistryProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

-8053839523783801072L

Serialized Fields

ticketLockType

javax.persistence.LockModeType ticketLockType

Ticket locking type. Acceptable values are READ,WRITE,OPTIMISTIC,OPTIMISTIC_FORCE_INCREMENT,PESSIMISTIC_READ, PESSIMISTIC_WRITE,PESSIMISTIC_FORCE_INCREMENT,NONE.

jpaLockingTimeout

java.lang.String jpaLockingTimeout

Indicates the lock duration when one is about to be acquired by the cleaner.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.ldap

Class org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticationProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

3849857270054289852L

Serialized Fields

type

AbstractLdapAuthenticationProperties.AuthenticationTypes type

The authentication type.

• AD - Users authenticate with sAMAccountName.
• AUTHENTICATED - Manager bind/search
• ANONYMOUS
• DIRECT: Direct Bind - Compute user DN from format string and perform simple bind. This is relevant when no search is required to compute the DN needed for a bind operation. Use cases for this type are: 1) All users are under a single branch in the directory, e.g. ou=Users,dc=example,dc=org. 2) The username provided on the CAS login form is part of the DN, e.g. uid=%s,ou=Users,dc=example,dc=org.

principalAttributePassword

java.lang.String principalAttributePassword

If principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

For the anonymous authentication type, if principalAttributePassword is empty then a user simple bind is done to validate credentials otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.

dnFormat

java.lang.String dnFormat

Specify the dn format accepted by the AD authenticator, etc. Example format might be uid=%s,ou=people,dc=example,dc=org.

enhanceWithEntryResolver

boolean enhanceWithEntryResolver

Whether specific search entry resolvers need to be set on the authenticator, or the default should be used.

derefAliases

java.lang.String derefAliases

Define how aliases are de-referenced. Accepted values are:

• NEVER
• SEARCHING: dereference when searching the entries beneath the starting point but not when searching for the starting entry.
• FINDING: dereference when searching for the starting entry but not when searching the entries beneath the starting point.
• ALWAYS: dereference when searching for the starting entry and when searching the entries beneath the starting point.

searchEntryHandlers

java.util.List<E> searchEntryHandlers

Search entry to define on the authenticator.

Class org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties extends java.lang.Object implements Serializable

serialVersionUID:

2682743362616979324L

Serialized Fields

trustCertificates

java.lang.String trustCertificates

Path of the trust certificates to use for the SSL connection. Ignores keystore-related settings when activated and used.

keystore

java.lang.String keystore

Path to the keystore used for SSL connections. Typically contains SSL certificates for the LDAP server.

keystorePassword

java.lang.String keystorePassword

Keystore password.

keystoreType

java.lang.String keystoreType

The type of keystore. PKCS12 or JKS. If left blank, defaults to the default keystore type indicated by the underlying Java platform.

minPoolSize

int minPoolSize

Minimum LDAP connection pool size. Size the pool should be initialized to and pruned to

maxPoolSize

int maxPoolSize

Maximum LDAP connection pool size which the pool can use to grow.

poolPassivator

java.lang.String poolPassivator

You may receive unexpected LDAP failures, when CAS is configured to authenticate using DIRECT or AUTHENTICATED types and LDAP is locked down to not allow anonymous binds/searches. Every second attempt with a given LDAP connection from the pool would fail if it was on the same connection as a failed login attempt, and the regular connection validator would similarly fail. When a connection is returned back to a pool, it still may contain the principal and credentials from the previous attempt. Before the next bind attempt using that connection, the validator tries to validate the connection again but fails because it’s no longer trying with the configured bind credentials but with whatever user DN was used in the previous step. Given the validation failure, the connection is closed and CAS would deny access by default. Passivators attempt to reconnect to LDAP with the configured bind credentials, effectively resetting the connection to what it should be after each bind request.

validateOnCheckout

boolean validateOnCheckout

Whether connections should be validated when loaned out from the pool.

validatePeriodically

boolean validatePeriodically

Whether connections should be validated periodically when the pool is idle.

validateTimeout

java.lang.String validateTimeout

Period at which validation operations may time out.

validatePeriod

java.lang.String validatePeriod

Period at which pool should be validated.

failFast

boolean failFast

Attempt to populate the connection pool early on startup and fail quickly if something goes wrong.

idleTime

java.lang.String idleTime

Removes connections from the pool based on how long they have been idle in the available queue. Prunes connections that have been idle for more than the indicated amount.

prunePeriod

java.lang.String prunePeriod

Removes connections from the pool based on how long they have been idle in the available queue. Run the pruning process at the indicated interval.

blockWaitTime

java.lang.String blockWaitTime

The length of time the pool will block. By default the pool will block indefinitely and there is no guarantee that waiting threads will be serviced in the order in which they made their request. This option should be used with a blocking connection pool when you need to control the exact number of connections that can be created

connectionStrategy

java.lang.String connectionStrategy

If multiple URLs are provided as the ldapURL this describes how each URL will be processed.

• DEFAULT The default JNDI provider behavior will be used.
• ACTIVE_PASSIVE First LDAP will be used for every request unless it fails and then the next shall be used.
• ROUND_ROBIN For each new connection the next url in the list will be used.
• RANDOM For each new connection a random LDAP url will be selected.
• DNS_SRV LDAP urls based on DNS SRV records of the configured/given LDAP url will be used.

ldapUrl

java.lang.String ldapUrl

The LDAP url to the server. More than one may be specified, separated by space and/or comma.

useSsl

boolean useSsl

If the LDAP connection should be used with SSL enabled.

useStartTls

boolean useStartTls

Whether TLS should be used and enabled when establishing the connection.

connectTimeout

java.lang.String connectTimeout

Sets the maximum amount of time that connects will block.

responseTimeout

java.lang.String responseTimeout

Duration of time to wait for responses.

providerClass

java.lang.String providerClass

LDAP operations are delegated to what we call a provider. This allows developers and deployers to change the underlying library that provides the LDAP implementation without modifying any code. By default the JNDI provider is used, though it may be swapped out for org.ldaptive.provider.unboundid.UnboundIDProvider.

allowMultipleDns

boolean allowMultipleDns

Whether search/query results are allowed to match on multiple DNs, or whether a single unique DN is expected for the result.

bindDn

java.lang.String bindDn

The bind DN to use when connecting to LDAP. LDAP connection configuration injected into the LDAP connection pool can be initialized with the following parameters:

• bindDn/bindCredential provided - Use the provided credentials to bind when initializing connections.
• bindDn/bindCredential set to * - Use a fast-bind strategy to initialize the pool.
• bindDn/bindCredential set to blank - Skip connection initializing; perform operations anonymously.
• SASL mechanism provided - Use the given SASL mechanism to bind when initializing connections.

bindCredential

java.lang.String bindCredential

The bind credential to use when connecting to LDAP.

saslRealm

java.lang.String saslRealm

The SASL realm.

saslMechanism

java.lang.String saslMechanism

The SASL mechanism.

saslAuthorizationId

java.lang.String saslAuthorizationId

SASL authorization id.

saslSecurityStrength

java.lang.String saslSecurityStrength

SASL security strength.

saslMutualAuth

java.lang.Boolean saslMutualAuth

SASL mutual auth is enabled?

saslQualityOfProtection

java.lang.String saslQualityOfProtection

SASL quality of protected.

validator

LdapValidatorProperties validator

LDAP connection validator settings.

name

java.lang.String name

Name of the authentication handler.

Class org.apereo.cas.configuration.model.support.ldap.AbstractLdapSearchProperties extends AbstractLdapProperties implements Serializable

serialVersionUID:

3009946735155362639L

Serialized Fields

searchFilter

java.lang.String searchFilter

User filter to use for searching. Syntax is cn={user} or cn={0}.

subtreeSearch

boolean subtreeSearch

Whether subtree searching is allowed.

baseDn

java.lang.String baseDn

Base DN to use.

Class org.apereo.cas.configuration.model.support.ldap.CaseChangeSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

2420895955116725666L

Serialized Fields

dnCaseChange

java.lang.String dnCaseChange

The Dn case change.

attributeNameCaseChange

java.lang.String attributeNameCaseChange

The Attribute name case change.

attributeValueCaseChange

java.lang.String attributeValueCaseChange

The Attribute value case change.

attributeNames

java.util.List<E> attributeNames

The Attribute names.

Class org.apereo.cas.configuration.model.support.ldap.DnAttributeSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1174594647679213858L

Serialized Fields

dnAttributeName

java.lang.String dnAttributeName

The Dn attribute name.

addIfExists

boolean addIfExists

The Add if exists.

Class org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties extends AbstractLdapAuthenticationProperties implements Serializable

serialVersionUID:

-5357843463521189892L

Serialized Fields

passwordPolicy

LdapPasswordPolicyProperties passwordPolicy

Password policy settings.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for LDAP authentication.

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

principalAttributeId

java.lang.String principalAttributeId

The attribute to use as the principal identifier built during and upon a successful authentication attempt.

principalDnAttributeName

java.lang.String principalDnAttributeName

Name of attribute to be used for principal's DN.

principalAttributeList

java.util.List<E> principalAttributeList

List of attributes to retrieve from LDAP. Attributes can be virtually remapped to multiple names. Example cn:commonName,givenName,eduPersonTargettedId:SOME_IDENTIFIER

allowMultiplePrincipalAttributeValues

boolean allowMultiplePrincipalAttributeValues

Sets a flag that determines whether multiple values are allowed for the LdapAuthenticationProperties.principalAttributeId. This flag only has an effect if LdapAuthenticationProperties.principalAttributeId is configured. If multiple values are detected when the flag is false, the first value is used and a warning is logged. If multiple values are detected when the flag is true, an exception is raised.

additionalAttributes

java.util.List<E> additionalAttributes

List of additional attributes to retrieve, if any.

allowMissingPrincipalAttributeValue

boolean allowMissingPrincipalAttributeValue

Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.

collectDnAttribute

boolean collectDnAttribute

When entry DN should be called as an attribute and stored into the principal.

order

java.lang.Integer order

Order of the authentication handler in the chain.

Class org.apereo.cas.configuration.model.support.ldap.LdapAuthorizationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2680169790567609780L

Serialized Fields

roleAttribute

java.lang.String roleAttribute

Attribute expected to be found on the entry whose value is going to be used to construct roles. The final value is always prefixed with LdapAuthorizationProperties.rolePrefix. This is useful in scenarios where you wish to grant access to a resource to all users who carry a special attribute.

rolePrefix

java.lang.String rolePrefix

Prefix for the role.

allowMultipleResults

boolean allowMultipleResults

Indicate whether the LDAP search query is allowed to return multiple entries.

groupAttribute

java.lang.String groupAttribute

Attribute expected to be found on the entry resulting from the group search whose value is going to be used to construct roles. The final value is always prefixed with LdapAuthorizationProperties.groupPrefix. This is useful in scenarios where you wish to grant access to a resource to all users who a member of a given group.

groupPrefix

java.lang.String groupPrefix

A prefix that is prepended to the group attribute value to construct an authorized role.

groupFilter

java.lang.String groupFilter

Search filter to begin looking for groups.

groupBaseDn

java.lang.String groupBaseDn

Base DN to start the search looking for groups.

baseDn

java.lang.String baseDn

Base DN to start the search.

searchFilter

java.lang.String searchFilter

LDAP search filter to locate accounts.

Class org.apereo.cas.configuration.model.support.ldap.LdapPasswordPolicyProperties extends PasswordPolicyProperties implements Serializable

serialVersionUID:

-1878237508646993100L

Serialized Fields

customPolicyClass

java.lang.String customPolicyClass

An implementation of a policy class that knows how to handle LDAP responses. The class must be an implementation of org.ldaptive.auth.AuthenticationResponseHandler.

type

AbstractLdapProperties.LdapType type

LDAP type. Accepted values are GENERIC,AD,FreeIPA,EDirectory

Class org.apereo.cas.configuration.model.support.ldap.LdapSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5198990160347131821L

Serialized Fields

type

LdapSearchEntryHandlersProperties.SearchEntryHandlerTypes type

The type of search entry handler to choose. Accepted values are OBJECT_GUID,OBJECT_SID,CASE_CHANGE,DN_ATTRIBUTE_ENTRY,MERGE,PRIMARY_GROUP,RANGE_ENTRY,RECURSIVE_ENTRY

casChange

CaseChangeSearchEntryHandlersProperties casChange

Provides the ability to modify the case of search entry DNs, attribute names, and attribute values.

dnAttribute

DnAttributeSearchEntryHandlersProperties dnAttribute

Adds the entry DN as an attribute to the result set. Provides a client side implementation of RFC 5020.

mergeAttribute

MergeAttributesSearchEntryHandlersProperties mergeAttribute

Merges the values of one or more attributes into a single attribute. The merged attribute may or may not already exist on the entry. If it does exist it's existing values will remain intact.

primaryGroupId

PrimaryGroupIdSearchEntryHandlersProperties primaryGroupId

Constructs the primary group SID and then searches for that group and puts it's DN in the 'memberOf' attribute of the original search entry. This handler requires that entries contain both the 'objectSid' and 'primaryGroupID' attributes. If those attributes are not found this handler is a no-op. This handler should be used in conjunction with the ObjectSidHandler to ensure the 'objectSid' attribute is in the proper form. See http://support2.microsoft.com/kb/297951

recursive

RecursiveSearchEntryHandlersProperties recursive

This recursively searches based on a supplied attribute and merges those results into the original entry.

Class org.apereo.cas.configuration.model.support.ldap.LdapValidatorProperties extends java.lang.Object implements Serializable

serialVersionUID:

1150417354213235193L

Serialized Fields

type

java.lang.String type

The following LDAP validators can be used to test connection health status:

• search: Validates a connection is healthy by performing a search operation. Validation is considered successful if the search result size is greater than zero.
• none: No validation takes place.
• compare: Validates a connection is healthy by performing a compare operation.

baseDn

java.lang.String baseDn

Base DN to use for the search request of the search validator.

searchFilter

java.lang.String searchFilter

Search filter to use for the search request of the search validator.

scope

java.lang.String scope

Search scope to use for the search request of the search validator.

attributeName

java.lang.String attributeName

Attribute name to use for the compare validator.

attributeValues

java.util.List<E> attributeValues

Attribute values to use for the compare validator.

dn

java.lang.String dn

DN to compare to use for the compare validator.

Class org.apereo.cas.configuration.model.support.ldap.MergeAttributesSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3988972992084584349L

Serialized Fields

mergeAttributeName

java.lang.String mergeAttributeName

The Merge attribute name.

attributeNames

java.util.List<E> attributeNames

The Attribute names.

Class org.apereo.cas.configuration.model.support.ldap.PrimaryGroupIdSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

539574118704476712L

Serialized Fields

groupFilter

java.lang.String groupFilter

The Group filter.

baseDn

java.lang.String baseDn

The Base dn.

Class org.apereo.cas.configuration.model.support.ldap.RecursiveSearchEntryHandlersProperties extends java.lang.Object implements Serializable

serialVersionUID:

7038108925310792763L

Serialized Fields

searchAttribute

java.lang.String searchAttribute

The Search attribute.

mergeAttributes

java.util.List<E> mergeAttributes

The Merge attributes.

Package org.apereo.cas.configuration.model.support.ldap.serviceregistry

Class org.apereo.cas.configuration.model.support.ldap.serviceregistry.LdapServiceRegistryProperties extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

2372867394066286022L

Serialized Fields

objectClass

java.lang.String objectClass

Object class used for the registered service entry in LDAP.

idAttribute

java.lang.String idAttribute

ID attribute used for the registered service entry in LDAP to keep track of the service numeric identifier.

serviceDefinitionAttribute

java.lang.String serviceDefinitionAttribute

Service definintion attribute used for the registered service entry in LDAP to keep a representation of the service body.

loadFilter

java.lang.String loadFilter

The load filter used to load entries by the LdapServiceRegistryProperties.objectClass. This is typically used to load all definitions that might be mapped to a service definition. The search filter used to load entries by the LdapServiceRegistryProperties.idAttribute. This is typically used to load a specific service definition by its id during search operations.

Package org.apereo.cas.configuration.model.support.memcached

Class org.apereo.cas.configuration.model.support.memcached.BaseMemcachedProperties extends java.lang.Object implements Serializable

serialVersionUID:

514520518053691666L

Serialized Fields

shouldOptimize

boolean shouldOptimize

Set to false if the default operation optimization is not desirable.

daemon

boolean daemon

Set the daemon state of the IO thread (defaults to true).

maxReconnectDelay

long maxReconnectDelay

Set the maximum reconnect delay.

useNagleAlgorithm

boolean useNagleAlgorithm

Set to true if you'd like to enable the Nagle algorithm.

shutdownTimeoutSeconds

long shutdownTimeoutSeconds

The number of seconds to wait for connections to finish before shutting down the client.

timeoutExceptionThreshold

int timeoutExceptionThreshold

Set the maximum timeout exception threshold.

opTimeout

long opTimeout

Set the default operation timeout in milliseconds.

transcoder

java.lang.String transcoder

Indicate the transcoder type. Accepted values are KRYO, SERIAL, WHALIN, WHALINV1. The default is {code KRYO}.

transcoderCompressionThreshold

int transcoderCompressionThreshold

For transcoders other than kryo, determines the compression threshold. Does not apply to kryo.

servers

java.lang.String servers

Comma-separated list of memcached servers.

failureMode

java.lang.String failureMode

Failure mode. Acceptable values are Redistribute,Retry,Cancel.

locatorType

java.lang.String locatorType

Locator mode. Acceptable values are ARRAY_MOD, CONSISTENT, VBUCKET.

hashAlgorithm

java.lang.String hashAlgorithm

Hash algorithm. Acceptable values are NATIVE_HASH,CRC_HASH,FNV1_64_HASH,FNV1A_64_HASH,FNV1_32_HASH,FNV1A_32_HASH,KETAMA_HASH.

maxTotal

int maxTotal

Sets the cap on the number of objects that can be allocated by the pool (checked out to clients, or idle awaiting checkout) at a given time. Use a negative value for no limit.

maxIdle

int maxIdle

Set the value for the maxTotal configuration attribute for pools created with this configuration instance.

minIdle

int minIdle

Get the value for the minIdle configuration attribute for pools created with this configuration instance.

kryoAutoReset

boolean kryoAutoReset

If true, reset is called automatically after an entire object graph has been read or written. If false, reset must be called manually, which allows unregistered class names, references, and other information to span multiple object graphs.

kryoObjectsByReference

boolean kryoObjectsByReference

If true, each appearance of an object in the graph after the first is stored as an integer ordinal. When set to true, MapReferenceResolver is used. This enables references to the same object and cyclic graphs to be serialized, but typically adds overhead of one byte per object.

kryoRegistrationRequired

boolean kryoRegistrationRequired

If true, an exception is thrown when an unregistered class is encountered.

If false, when an unregistered class is encountered, its fully qualified class name will be serialized and the default serializer for the class used to serialize the object. Subsequent appearances of the class within the same object graph are serialized as an int id. Registered classes are serialized as an int id, avoiding the overhead of serializing the class name, but have the drawback of needing to know the classes to be serialized up front. See ComponentSerializationPlan for help here.

Class org.apereo.cas.configuration.model.support.memcached.MemcachedTicketRegistryProperties extends BaseMemcachedProperties implements Serializable

serialVersionUID:

509520518053691786L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.mfa

Class org.apereo.cas.configuration.model.support.mfa.AuthyMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

-3746749663459157641L

Serialized Fields

apiKey

java.lang.String apiKey

Authy API key.

apiUrl

java.lang.String apiUrl

Authy API url.

phoneAttribute

java.lang.String phoneAttribute

Principal attribute used to look up a phone number for credential verification. The attribute value is then used to look up the user record in Authy, or create the user.

mailAttribute

java.lang.String mailAttribute

Principal attribute used to look up an email address for credential verification. The attribute value is then used to look up the user record in Authy, or create the user.

countryCode

java.lang.String countryCode

Phone number country code used to look up and/or create the Authy user account.

forceVerification

boolean forceVerification

Flag authentication requests to authy to force verification of credentials.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.AzureMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

6726032660671158922L

Serialized Fields

phoneAttributeName

java.lang.String phoneAttributeName

The functionality of Azure depends on the availability of a phone number that is resolved as a pre-defined attribute for the CAS principal. This is where you define that attribute.

configDir

java.lang.String configDir

Your Microsoft Azure subscription will provide you with a license and a client certificate. The client certificate is a unique private certificate that was generated especially for you. These configuration files are to be placed in a directory whose path is then taught to CAS here.

privateKeyPassword

java.lang.String privateKeyPassword

Password to the private key provided to you by Microsoft.

mode

AzureMultifactorProperties.AuthenticationModes mode

Available authentication modes supported by CAS and Azure.

allowInternationalCalls

boolean allowInternationalCalls

Whether Azure should be allowed to make international calls.

Class org.apereo.cas.configuration.model.support.mfa.BaseMultifactorProviderProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2690281104343633871L

Serialized Fields

rank

int rank

At times, CAS needs to determine the correct provider when step-up authentication is required. Consider for a moment that CAS already has established an SSO session with/without a provider and has reached a level of authentication. Another incoming request attempts to exercise that SSO session with a different and often competing authentication requirement that may differ from the authentication level CAS has already established. Concretely, examples may be:

• CAS has achieved an SSO session, but a separate request now requires step-up authentication with DuoSecurity.
• CAS has achieved an SSO session with an authentication level satisfied by DuoSecurity, but a separate request now requires step-up authentication with YubiKey.

In certain scenarios, CAS will attempt to rank authentication levels and compare them with each other. If CAS already has achieved a level that is higher than what the incoming request requires, no step-up authentication will be performed. If the opposite is true, CAS will route the authentication flow to the required authentication level and upon success, will adjust the SSO session with the new higher authentication level now satisfied.

Ranking of authentication methods is done per provider via specific properties for each. Note that the higher the rank value is, the higher on the security scale it remains. A provider that ranks higher with a larger weight value trumps and override others with a lower value.

id

java.lang.String id

The identifier for the multifactor provider. In most cases, this need not be configured explicitly, unless multiple instances of the same provider type are configured in CAS.

bypass

MultifactorAuthenticationProviderBypassProperties bypass

Multifactor bypass options for this provider. Each multifactor provider is equipped with options to allow for MFA bypass. Once the provider is chosen to honor the authentication request, bypass rules are then consulted to calculate whether the provider should ignore the request and skip MFA conditionally.

name

java.lang.String name

The name of the authentication handler used to verify credentials in MFA.

Class org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

-4655375354167880807L

Serialized Fields

duoIntegrationKey

java.lang.String duoIntegrationKey

Duo integration key.

duoSecretKey

java.lang.String duoSecretKey

Duo secret key.

duoApplicationKey

java.lang.String duoApplicationKey

The duoApplicationKey is a string, at least 40 characters long, that you generate and keep secret from Duo. You can generate a random string in Python with:

 import os, hashlib
 print hashlib.sha1(os.urandom(32)).hexdigest()
 

duoApiHost

java.lang.String duoApiHost

Duo API host and url.

registrationUrl

java.lang.String registrationUrl

Link to a registration app, typically developed in-house in order to allow new users to sign-up for duo functionality. If the user account status requires enrollment and this link is specified, CAS will redirect the authentication flow to this registration app. Otherwise, the default duo mechanism for new-user registrations shall take over.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.GAuthMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

-7401748853833491119L

Serialized Fields

issuer

java.lang.String issuer

Issuer used in the barcode when dealing with device registration events. Used in the registration URL to identify CAS.

label

java.lang.String label

Label used in the barcode when dealing with device registration events. Used in the registration URL to identify CAS.

codeDigits

int codeDigits

Length of the generated code.

timeStepSize

long timeStepSize

The expiration time of the generated code in seconds.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

windowSize

int windowSize

Since TOTP passwords are time-based, it is essential that the clock of both the server and the client are synchronised within the tolerance defined here as the window size.

mongo

GAuthMultifactorProperties.MongoDb mongo

Store google authenticator devices inside a MongoDb instance.

jpa

GAuthMultifactorProperties.Jpa jpa

Store google authenticator devices inside a jdbc instance.

json

GAuthMultifactorProperties.Json json

Store google authenticator devices inside a json file.

rest

GAuthMultifactorProperties.Rest rest

Store google authenticator devices via a rest interface.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the records.

cleaner

ScheduledJobProperties cleaner

Control how stale expired tokens should be cleared from the underlying store.

Class org.apereo.cas.configuration.model.support.mfa.GAuthMultifactorProperties.Jpa extends AbstractJpaProperties implements Serializable

serialVersionUID:

-2689797889546802618L

Class org.apereo.cas.configuration.model.support.mfa.GAuthMultifactorProperties.Json extends SpringResourceProperties implements Serializable

serialVersionUID:

4303355159388663888L

Class org.apereo.cas.configuration.model.support.mfa.GAuthMultifactorProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-200556119517414696L

Serialized Fields

tokenCollection

java.lang.String tokenCollection

Collection name where tokens are kept to prevent replay attacks.

Class org.apereo.cas.configuration.model.support.mfa.GAuthMultifactorProperties.Rest extends java.lang.Object implements Serializable

serialVersionUID:

4518622579150572559L

Serialized Fields

endpointUrl

java.lang.String endpointUrl

Endpoint url of the REST resource used for tokens that are kept to prevent replay attacks.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

7416521468929733907L

Serialized Fields

authenticationContextAttribute

java.lang.String authenticationContextAttribute

Attribute returned in the final CAS validation payload that indicates the authentication context class satisified in the event of a multifactor authentication attempt.

globalFailureMode

java.lang.String globalFailureMode

Defines the global failure mode for the entire deployment. This is meant to be used a shortcut to define the policy globally rather than per application. Applications registered with CAS can still define a failure mode and override the global.

sessionAttribute

java.lang.String sessionAttribute

MFA can be triggered for a specific authentication request, provided the request contains a session/request attribute that indicates the required MFA authentication flow. The attribute name is configurable, but its value must match the authentication provider id of an available MFA provider.

requestHeader

java.lang.String requestHeader

MFA can be triggered for a specific authentication request, provided the initial request to the CAS /login endpoint contains a request header that indicates the required MFA authentication flow. The header name is configurable, but its value must match the authentication provider id of an available MFA provider.

requestParameter

java.lang.String requestParameter

MFA can be triggered for a specific authentication request, provided the initial request to the CAS /login endpoint contains a parameter that indicates the required MFA authentication flow. The parameter name is configurable, but its value must match the authentication provider id of an available MFA provider.

restEndpoint

java.lang.String restEndpoint

MFA can be triggered based on the results of a remote REST endpoint of your design. If the endpoint is configured, CAS shall issue a POST, providing the principal and the service url. The body of the response in the event of a successful 200 status code is expected to be the MFA provider id which CAS should activate.

globalPrincipalAttributeNameTriggers

java.lang.String globalPrincipalAttributeNameTriggers

MFA can be triggered for all users/subjects carrying a specific attribute that matches one of the conditions below.

• Trigger MFA based on a principal attribute(s) whose value(s) matches a regex pattern. Note that this behavior is only applicable if there is only a single MFA provider configured, since that would allow CAS to know what provider to next activate.
• Trigger MFA based on a principal attribute(s) whose value(s) EXACTLY matches an MFA provider. This option is more relevant if you have more than one provider configured or if you have the flexibility of assigning provider ids to attributes as values.

Needless to say, the attributes need to have been resolved for the principal prior to this step.

globalPrincipalAttributeValueRegex

java.lang.String globalPrincipalAttributeValueRegex

The regular expression that is cross matches against the principal attribute to determine if the account is qualified for multifactor authentication.

globalAuthenticationAttributeNameTriggers

java.lang.String globalAuthenticationAttributeNameTriggers

MFA can be triggered for all users/subjects whose authentication event/metadata has resolved a specific attribute that matches one of the below conditions:

• Trigger MFA based on a authentication attribute(s) whose value(s) matches a regex pattern. Note that this behavior is only applicable if there is only a single MFA provider configured, since that would allow CAS to know what provider to next activate.
• Trigger MFA based on a authentication attribute(s) whose value(s) EXACTLY matches an MFA provider. This option is more relevant if you have more than one provider configured or if you have the flexibility of assigning provider ids to attributes as values.

Needless to say, the attributes need to have been resolved for the authentication event prior to this step. This trigger is generally useful when the underlying authentication engine signals CAS to perform additional validation of credentials. This signal may be captured by CAS as an attribute that is part of the authentication event metadata which can then trigger additional multifactor authentication events.

globalAuthenticationAttributeValueRegex

java.lang.String globalAuthenticationAttributeValueRegex

The regular expression that is cross matches against the authentication attribute to determine if the account is qualified for multifactor authentication.

contentType

java.lang.String contentType

Content-type that is expected to be specified by non-web clients such as curl, etc in the event that the provider supports variations of non-browser based MFA.

globalProviderId

java.lang.String globalProviderId

MFA can be triggered for all applications and users regardless of individual settings. This setting holds the value of an MFA provider that shall be activated for all requests, regardless.

grouperGroupField

java.lang.String grouperGroupField

MFA can be triggered by Grouper groups to which the authenticated principal is assigned. Groups are collected by CAS and then cross-checked against all available/configured MFA providers. The group’s comparing factor MUST be defined in CAS to activate this behavior and it can be based on the group’s name, display name, etc where a successful match against a provider id shall activate the chosen MFA provider.

u2f

U2FMultifactorProperties u2f

Activate and configure a multifactor authentication provider via U2F FIDO.

azure

AzureMultifactorProperties azure

Activate and configure a multifactor authentication provider via Microsoft Azure.

trusted

TrustedDevicesMultifactorProperties trusted

Activate and configure a multifactor authentication with the capability to trust and remember devices.

yubikey

YubiKeyMultifactorProperties yubikey

Activate and configure a multifactor authentication provider via YubiKey.

radius

RadiusMultifactorProperties radius

Activate and configure a multifactor authentication provider via RADIUS.

gauth

GAuthMultifactorProperties gauth

Activate and configure a multifactor authentication provider via Google Authenticator.

duo

java.util.List<E> duo

Activate and configure a multifactor authentication provider via Duo Security.

authy

AuthyMultifactorProperties authy

Activate and configure a multifactor authentication provider via Authy.

swivel

SwivelMultifactorProperties swivel

Activate and configure a multifactor authentication provider via Swivel.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties extends java.lang.Object implements Serializable

serialVersionUID:

-9181362378365850397L

Serialized Fields

type

MultifactorAuthenticationProviderBypassProperties.MultifactorProviderBypassTypes type

Acceptable values are:

• DEFAULT: Default bypass rules to skip provider via attributes, etc.
• GROOVY: Handle bypass decisions via a groovy script.
• REST: Handle bypass rules via a REST endpoint

principalAttributeName

java.lang.String principalAttributeName

Skip multifactor authentication based on designated principal attribute names.

principalAttributeValue

java.lang.String principalAttributeValue

Optionally, skip multifactor authentication based on designated principal attribute values.

authenticationAttributeName

java.lang.String authenticationAttributeName

Skip multifactor authentication based on designated authentication attribute names.

authenticationAttributeValue

java.lang.String authenticationAttributeValue

Optionally, skip multifactor authentication based on designated authentication attribute values.

authenticationHandlerName

java.lang.String authenticationHandlerName

Skip multifactor authentication depending on form of primary authentication execution. Specifically, skip multifactor if the a particular authentication handler noted by its name successfully is able to authenticate credentials in the primary factor.

authenticationMethodName

java.lang.String authenticationMethodName

Skip multifactor authentication depending on method/form of primary authentication execution. Specifically, skip multifactor if the authentication method attribute collected as part of authentication metadata matches a certain value.

credentialClassType

java.lang.String credentialClassType

Skip multifactor authentication depending on form of primary credentials. Value must equal the fully qualified class name of the credential type.

httpRequestRemoteAddress

java.lang.String httpRequestRemoteAddress

Skip multifactor authentication if the http request's remote address or host matches the value defined here. The value may be specified as a regular expression.

httpRequestHeaders

java.lang.String httpRequestHeaders

Skip multifactor authentication if the http request contains the defined header names. Header names may be comma-separated and can be regular expressions; values are ignored.

groovy

MultifactorAuthenticationProviderBypassProperties.Groovy groovy

Handle bypass using a Groovy resource.

rest

MultifactorAuthenticationProviderBypassProperties.Rest rest

Handle bypass using a REST endpoint.

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProviderBypassProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

1833594332973137011L

Class org.apereo.cas.configuration.model.support.mfa.RadiusMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

7021301814775348087L

Serialized Fields

failoverOnException

boolean failoverOnException

In the event that radius authentication fails due to a catastrophic event, fail over to the next server in the list.

failoverOnAuthenticationFailure

boolean failoverOnAuthenticationFailure

In the event that radius authentication fails, fail over to the next server in the list.

server

RadiusServerProperties server

RADIUS server settings.

client

RadiusClientProperties client

RADIUS client settings.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

Class org.apereo.cas.configuration.model.support.mfa.SwivelMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

-7409451053833491119L

Serialized Fields

swivelTuringImageUrl

java.lang.String swivelTuringImageUrl

URL endpoint response to generate a turing image.

swivelUrl

java.lang.String swivelUrl

Swivel endpoint url for verification of credentials.

sharedSecret

java.lang.String sharedSecret

Shared secret to authenticate against the swivel server.

ignoreSslErrors

boolean ignoreSslErrors

Control whether SSL errors should be ignored by the swivel server.

Class org.apereo.cas.configuration.model.support.mfa.TrustedDevicesMultifactorProperties extends java.lang.Object implements Serializable

serialVersionUID:

1505013239016790473L

Serialized Fields

authenticationContextAttribute

java.lang.String authenticationContextAttribute

If an MFA request is bypassed due to a trusted authentication decision, applications will receive a special attribute as part of the validation payload that indicates this behavior. Applications must further account for the scenario where they ask for an MFA mode and yet don’t receive confirmation of it in the response given the authentication session was trusted and MFA bypassed.

deviceRegistrationEnabled

boolean deviceRegistrationEnabled

Indicates whether CAS should ask for device registration consent or execute it automatically.

expiration

long expiration

Indicates how long should record/devices be remembered as trusted devices.

timeUnit

java.util.concurrent.TimeUnit timeUnit

Indicates the time unit by which record/devices are remembered as trusted devices.

rest

TrustedDevicesMultifactorProperties.Rest rest

Store devices records via REST.

jpa

TrustedDevicesMultifactorProperties.Jpa jpa

Store devices records via JDBC resources.

json

TrustedDevicesMultifactorProperties.Json json

Record trusted devices via a JSON resource.

deviceFingerprint

DeviceFingerprintProperties deviceFingerprint

Configure how device fingerprints are generated.

cleaner

ScheduledJobProperties cleaner

Settings that control the background cleaner process.

mongo

TrustedDevicesMultifactorProperties.MongoDb mongo

Store devices records inside MongoDb.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the device records.

Class org.apereo.cas.configuration.model.support.mfa.TrustedDevicesMultifactorProperties.Jpa extends AbstractJpaProperties implements Serializable

serialVersionUID:

-8329950619696176349L

Class org.apereo.cas.configuration.model.support.mfa.TrustedDevicesMultifactorProperties.Json extends SpringResourceProperties implements Serializable

serialVersionUID:

3599367681439517829L

Class org.apereo.cas.configuration.model.support.mfa.TrustedDevicesMultifactorProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

4940497540189318943L

Class org.apereo.cas.configuration.model.support.mfa.TrustedDevicesMultifactorProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

3659099897056632608L

Class org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

6151350313777066398L

Serialized Fields

jpa

U2FMultifactorProperties.Jpa jpa

Store device registration records inside a JDBC resource.

expireRegistrations

long expireRegistrations

Expire and forget device registration requests after this period.

expireRegistrationsTimeUnit

java.util.concurrent.TimeUnit expireRegistrationsTimeUnit

Device registration requests expiration time unit.

expireDevices

long expireDevices

Expire and forget device registration records after this period.

expireDevicesTimeUnit

java.util.concurrent.TimeUnit expireDevicesTimeUnit

Device registration record expiration time unit.

mongo

U2FMultifactorProperties.MongoDb mongo

Store device registration records inside a MongoDb resource.

json

U2FMultifactorProperties.Json json

Store device registration records inside a static JSON resource.

groovy

U2FMultifactorProperties.Groovy groovy

Store device registration records via a Groovy script.

rest

U2FMultifactorProperties.Rest rest

Store device registration records via REST APIs.

cleaner

ScheduledJobProperties cleaner

Clean up expired records via a background cleaner process.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the u2f registration records.

Class org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties.Jpa extends AbstractJpaProperties implements Serializable

serialVersionUID:

-4334840263678287815L

Class org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties.Json extends SpringResourceProperties implements Serializable

serialVersionUID:

-6883660787308509919L

Class org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-7963843335569634144L

Class org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Class org.apereo.cas.configuration.model.support.mfa.YubiKeyMultifactorProperties extends BaseMultifactorProviderProperties implements Serializable

serialVersionUID:

9138057706201201089L

Serialized Fields

clientId

java.lang.Integer clientId

Yubikey client id.

secretKey

java.lang.String secretKey

Yubikey secret key.

allowedDevices

java.util.Map<K,V> allowedDevices

Collection of allowed devices whitelisted per user. This is done using a key-value structure where the key is the user the value is the whitelisted collection of yubikey device ids.

apiUrls

java.util.List<E> apiUrls

YubiKey API urls to contact for verification of credentials.

trustedDeviceEnabled

boolean trustedDeviceEnabled

Indicates whether this provider should support trusted devices.

jpa

YubiKeyMultifactorProperties.Jpa jpa

Keep device registration records inside a JDBC resource.

mongo

YubiKeyMultifactorProperties.MongoDb mongo

Keep device registration records inside a MongoDb resource.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the yubikey registration records.

Class org.apereo.cas.configuration.model.support.mfa.YubiKeyMultifactorProperties.Jpa extends AbstractJpaProperties implements Serializable

serialVersionUID:

-4420099402220880361L

Class org.apereo.cas.configuration.model.support.mfa.YubiKeyMultifactorProperties.MongoDb extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

6876845341227039713L

Package org.apereo.cas.configuration.model.support.mfa.trusteddevice

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.BaseDeviceFingerprintComponentProperties extends java.lang.Object implements Serializable

serialVersionUID:

46126170193036440L

Serialized Fields

enabled

boolean enabled

Is this component enabled or not.

order

int order

Indicates the order of components when generating a device fingerprint.

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties extends java.lang.Object implements Serializable

serialVersionUID:

747021103142441353L

Serialized Fields

componentSeparator

java.lang.String componentSeparator

Component Separator for device fingerprints.

clientIp

DeviceFingerprintProperties.ClientIp clientIp

Configure usage of client ip within trusted device fingerprints.

cookie

DeviceFingerprintProperties.Cookie cookie

Configure usage of a device cookie within trusted device fingerprints.

userAgent

DeviceFingerprintProperties.UserAgent userAgent

Configure usage of User-Agent header within trusted device fingerprints.

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties.ClientIp extends BaseDeviceFingerprintComponentProperties implements Serializable

serialVersionUID:

785014133279201757L

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties.Cookie extends CookieProperties implements Serializable

serialVersionUID:

-9022498833437602657L

Serialized Fields

enabled

boolean enabled

Is this component enabled or not.

order

int order

Indicates the order of components when generating a device fingerprint.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that sign/encrypt the cookie value stored on the client machine.

Class org.apereo.cas.configuration.model.support.mfa.trusteddevice.DeviceFingerprintProperties.UserAgent extends BaseDeviceFingerprintComponentProperties implements Serializable

serialVersionUID:

-5325531035180836136L

Package org.apereo.cas.configuration.model.support.mongo

Class org.apereo.cas.configuration.model.support.mongo.BaseMongoDbProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2471243083598934186L

Serialized Fields

conns

BaseMongoDbProperties.MongoDbConnections conns

core connection-related settings.

clientUri

java.lang.String clientUri

The connection uri to the mongodb instance. This typically takes on the form of mongodb://user:[email protected]:35522/db. If not specified, will fallback onto other individual settings. If specified, takes over all other settings where applicable.

port

int port

MongoDb database port.

userId

java.lang.String userId

MongoDb database user for authentication.

password

java.lang.String password

MongoDb database password for authentication.

host

java.lang.String host

MongoDb database host for authentication. Multiple host addresses may be defined, separated by comma. If more than one host is defined, it is assumed that each host contains the port as well, if any. Otherwise the configuration may fallback onto the port defined.

timeout

java.lang.String timeout

MongoDb database connection timeout.

idleTimeout

java.lang.String idleTimeout

MongoDb database connection idle timeout.

writeConcern

java.lang.String writeConcern

Write concern describes the level of acknowledgement requested from MongoDB for write operations to a standalone mongo db or to replica sets or to sharded clusters. In sharded clusters, mongo db instances will pass the write concern on to the shards.

databaseName

java.lang.String databaseName

MongoDb database instance name.

socketKeepAlive

boolean socketKeepAlive

Whether the database socket connection should be tagged with keep-alive.

authenticationDatabaseName

java.lang.String authenticationDatabaseName

Name of the database to use for authentication.

replicaSet

java.lang.String replicaSet

A replica set in MongoDB is a group of mongod processes that maintain the same data set. Replica sets provide redundancy and high availability, and are the basis for all production deployments.

sslEnabled

boolean sslEnabled

Whether connections require SSL.

Class org.apereo.cas.configuration.model.support.mongo.BaseMongoDbProperties.MongoDbConnections extends java.lang.Object implements Serializable

serialVersionUID:

-2398415870062168474L

Serialized Fields

lifetime

int lifetime

Maximum number of connections to keep around.

perHost

int perHost

Total number of connections allowed per host.

Class org.apereo.cas.configuration.model.support.mongo.MongoAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7304734732383722585L

Serialized Fields

attributes

java.lang.String attributes

Attributes to fetch from Mongo.

collectionName

java.lang.String collectionName

Collection that holds credentials.

mongoHostUri

java.lang.String mongoHostUri

Mongo host uri where accounts are kept.

usernameAttribute

java.lang.String usernameAttribute

Attributes that holds the username.

passwordAttribute

java.lang.String passwordAttribute

Attribute that holds the password.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for the authentication handler.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

name

java.lang.String name

Name of the authentication handler.

Class org.apereo.cas.configuration.model.support.mongo.SingleCollectionMongoDbProperties extends BaseMongoDbProperties implements Serializable

serialVersionUID:

4869686250345657447L

Serialized Fields

collection

java.lang.String collection

MongoDb database collection name to fetch and/or create.

dropCollection

boolean dropCollection

Whether collections should be dropped on startup and re-created.

Package org.apereo.cas.configuration.model.support.mongo.serviceregistry

Class org.apereo.cas.configuration.model.support.mongo.serviceregistry.MongoDbServiceRegistryProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-227092724742371662L

Package org.apereo.cas.configuration.model.support.mongo.ticketregistry

Class org.apereo.cas.configuration.model.support.mongo.ticketregistry.MongoTicketRegistryProperties extends BaseMongoDbProperties implements Serializable

serialVersionUID:

8243690796900311918L

Serialized Fields

dropCollection

boolean dropCollection

Whether collections should be dropped on startup and re-created.

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.ntlm

Class org.apereo.cas.configuration.model.support.ntlm.NtlmProperties extends java.lang.Object implements Serializable

serialVersionUID:

1479912148936123469L

Serialized Fields

domainController

java.lang.String domainController

The domain controller to retrieve if load balanced. Otherwise retrieve the domain controller as a possible NT or workgroup.

includePattern

java.lang.String includePattern

If specified, gets all domain controllers in the specified NtlmProperties.domainController and then filters hosts that match the pattern.

loadBalance

boolean loadBalance

Indicates how the domain controller should be retrieved, whether matched and filtered by a pattern or retrieved as possible NT or workgroup.

name

java.lang.String name

The name of the authentication handler.

Package org.apereo.cas.configuration.model.support.oauth

Class org.apereo.cas.configuration.model.support.oauth.OAuthAccessTokenProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6832081675586528350L

Serialized Fields

maxTimeToLiveInSeconds

java.lang.String maxTimeToLiveInSeconds

Hard timeout to kill the access token and expire it.

timeToKillInSeconds

java.lang.String timeToKillInSeconds

Sliding window for the access token expiration policy. Essentially, this is an idle time out.

releaseProtocolAttributes

boolean releaseProtocolAttributes

Whether CAS authentication/protocol attributes should be released as part of this access token's validation.

Class org.apereo.cas.configuration.model.support.oauth.OAuthCodeProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7687928082301669359L

Serialized Fields

numberOfUses

int numberOfUses

Number of times this code is valid and can be used.

timeToKillInSeconds

long timeToKillInSeconds

Duration in seconds where the code is valid.

Class org.apereo.cas.configuration.model.support.oauth.OAuthGrantsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2246860215082703251L

Serialized Fields

resourceOwner

OAuthGrantsProperties.ResourceOwner resourceOwner

Resource owner grant settings.

Class org.apereo.cas.configuration.model.support.oauth.OAuthGrantsProperties.ResourceOwner extends java.lang.Object implements Serializable

serialVersionUID:

3171206304518294330L

Serialized Fields

requireServiceHeader

boolean requireServiceHeader

Whether using the resource-owner grant should enforce authorization rules and per-service policies based on a service parameter is provided as a header outside the normal semantics of the grant and protocol.

Class org.apereo.cas.configuration.model.support.oauth.OAuthProperties extends java.lang.Object implements Serializable

serialVersionUID:

2677128037234123907L

Serialized Fields

grants

OAuthGrantsProperties grants

Settings related to oauth grants.

code

OAuthCodeProperties code

Settings related to oauth codes.

accessToken

OAuthAccessTokenProperties accessToken

Settings related to oauth access tokens.

refreshToken

OAuthRefreshTokenProperties refreshToken

Settings related to oauth refresh tokens.

userProfileViewType

OAuthProperties.UserProfileViewTypes userProfileViewType

User profile view type determines how the final user profile should be rendered once an access token is "validated".

Class org.apereo.cas.configuration.model.support.oauth.OAuthRefreshTokenProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8328568272835831702L

Serialized Fields

timeToKillInSeconds

java.lang.String timeToKillInSeconds

Hard timeout beyond which the refresh token is considered expired.

Package org.apereo.cas.configuration.model.support.oidc

Class org.apereo.cas.configuration.model.support.oidc.OidcProperties extends java.lang.Object implements Serializable

serialVersionUID:

813028615694269276L

Serialized Fields

jwksCacheInMinutes

int jwksCacheInMinutes

Timeout that indicates how long should the JWKS file be kept in cache.

issuer

java.lang.String issuer

OIDC issuer.

skew

int skew

Skew value used to massage the authentication issue instance.

dynamicClientRegistrationMode

java.lang.String dynamicClientRegistrationMode

Whether dynamic registration operates in OPEN or PROTECTED mode.

scopes

java.util.List<E> scopes

List of supported scopes.

claims

java.util.List<E> claims

List of supported claims.

subjectTypes

java.util.List<E> subjectTypes

List of supported subject types.

userDefinedScopes

java.util.Map<K,V> userDefinedScopes

Mapping of user-defined scopes. Key is the new scope name and value is a comma-separated list of claims mapped to the scope.

claimsMap

java.util.Map<K,V> claimsMap

Map fixed claims to CAS attributes. Key is the existing claim name for a scope and value is the new attribute that should take its place and value.

Package org.apereo.cas.configuration.model.support.openid

Class org.apereo.cas.configuration.model.support.openid.OpenIdProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2935759289483632610L

Serialized Fields

principal

PersonDirectoryPrincipalResolverProperties principal

Principal construction settings.

enforceRpId

boolean enforceRpId

Whether relying party identifies should be enforced. This is used during the realm verification process.

name

java.lang.String name

Name of the underlying authentication handler.

Package org.apereo.cas.configuration.model.support.pac4j

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7885975876831784206L

Serialized Fields

clientName

java.lang.String clientName

Name of the client mostly for UI purposes and uniqueness. This name, with 'non-word' characters converted to '-' (e.g. "This Org (New)" becomes "This-Org--New-") is added to the "class" attribute of the redirect link on the login page, to allow for custom styling of individual IdPs (e.g. for an organization logo).

autoRedirect

boolean autoRedirect

Auto-redirect to this client.

usePathBasedCallbackUrl

boolean usePathBasedCallbackUrl

Create a callback url with the clientId in the path instead of in the querystring.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jCasClientProperties extends Pac4jBaseClientProperties implements Serializable

serialVersionUID:

-2738631545437677447L

Serialized Fields

loginUrl

java.lang.String loginUrl

The CAS server login url.

protocol

java.lang.String protocol

CAS protocol to use. Acceptable values are CAS10, CAS20, CAS20_PROXY, CAS30, CAS30_PROXY, SAML.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

4388567744591488495L

Serialized Fields

typedIdUsed

boolean typedIdUsed

When constructing the final user profile from the delegated provider, determines if the provider id should be combined with the principal id.

principalAttributeId

java.lang.String principalAttributeId

The attribute to use as the principal identifier built during and upon a successful authentication attempt.

facebook

Pac4jDelegatedAuthenticationProperties.Facebook facebook

Settings that deal with having Facebook as an external delegated-to authentication provider.

twitter

Pac4jDelegatedAuthenticationProperties.Twitter twitter

Settings that deal with having Twitter as an external delegated-to authentication provider.

saml

java.util.List<E> saml

Settings that deal with having SAML2 IdPs as an external delegated-to authentication provider.

oidc

java.util.List<E> oidc

Settings that deal with having OpenID Connect Providers as an external delegated-to authentication provider.

oauth2

java.util.List<E> oauth2

Settings that deal with having OAuth2-capable providers as an external delegated-to authentication provider.

cas

java.util.List<E> cas

Settings that deal with having CAS Servers as an external delegated-to authentication provider.

linkedIn

Pac4jDelegatedAuthenticationProperties.LinkedIn linkedIn

Settings that deal with having LinkedIn as an external delegated-to authentication provider.

dropbox

Pac4jDelegatedAuthenticationProperties.Dropbox dropbox

Settings that deal with having Dropbox as an external delegated-to authentication provider.

orcid

Pac4jDelegatedAuthenticationProperties.Orcid orcid

Settings that deal with having Orcid as an external delegated-to authentication provider.

github

Pac4jDelegatedAuthenticationProperties.Github github

Settings that deal with having Github as an external delegated-to authentication provider.

google

Pac4jDelegatedAuthenticationProperties.Google google

Settings that deal with having Google as an external delegated-to authentication provider.

yahoo

Pac4jDelegatedAuthenticationProperties.Yahoo yahoo

Settings that deal with having Yahoo as an external delegated-to authentication provider.

foursquare

Pac4jDelegatedAuthenticationProperties.Foursquare foursquare

Settings that deal with having FourSquare as an external delegated-to authentication provider.

windowsLive

Pac4jDelegatedAuthenticationProperties.WindowsLive windowsLive

Settings that deal with having WindowsLive as an external delegated-to authentication provider.

paypal

Pac4jDelegatedAuthenticationProperties.Paypal paypal

Settings that deal with having Paypal as an external delegated-to authentication provider.

wordpress

Pac4jDelegatedAuthenticationProperties.Wordpress wordpress

Settings that deal with having WordPress as an external delegated-to authentication provider.

bitbucket

Pac4jDelegatedAuthenticationProperties.Bitbucket bitbucket

Settings that deal with having BitBucket as an external delegated-to authentication provider.

name

java.lang.String name

The name of the authentication handler in CAS used for delegation.

cookie

Pac4jDelegatedSessionCookieProperties cookie

Indicates settings related to tracking the delegation cookie.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Bitbucket extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-6189494666598669078L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Dropbox extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-1508055128010569953L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Facebook extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-2737594266552466076L

Serialized Fields

scope

java.lang.String scope

The requested scope.

fields

java.lang.String fields

Custom fields to include in the request.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Foursquare extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-1784820695301605307L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Github extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

9217581995885784515L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Google extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-3023053058552426312L

Serialized Fields

scope

java.lang.String scope

The requested scope from the provider.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.LinkedIn extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

4633395854143281872L

Serialized Fields

scope

java.lang.String scope

The requested scope.

fields

java.lang.String fields

Custom fields to include in the request.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Orcid extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

1337923364401817796L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Paypal extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-5663033494303169583L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Twitter extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

6906343970517008092L

Serialized Fields

includeEmail

boolean includeEmail

Set to true to request the user's email address from the Twitter API. For this to have an effect it must first be enabled in the Twitter developer console.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.WindowsLive extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-1816309711278174847L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Wordpress extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

4636855941699435914L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties.Yahoo extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

8011580257047982361L

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedSessionCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

7392972818105536350L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that determine how the cookie should be signed and encrypted.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jIdentifiableClientProperties extends Pac4jBaseClientProperties implements Serializable

serialVersionUID:

3007013267786902465L

Serialized Fields

id

java.lang.String id

The client id.

secret

java.lang.String secret

The client secret.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jOAuth20ClientProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

-1240711580664148382L

Serialized Fields

authUrl

java.lang.String authUrl

Authorization endpoint of the provider.

tokenUrl

java.lang.String tokenUrl

Token endpoint of the provider.

profileUrl

java.lang.String profileUrl

Profile endpoint of the provider.

profilePath

java.lang.String profilePath

Profile path portion of the profile endpoint of the provider.

profileVerb

java.lang.String profileVerb

Http method to use when asking for profile.

profileAttrs

java.util.Map<K,V> profileAttrs

Profile attributes to request and collect in form of key-value pairs.

customParams

java.util.Map<K,V> customParams

Custsom parameters in form of key-value pairs sent along in authZ requests, etc.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jOidcClientProperties extends Pac4jIdentifiableClientProperties implements Serializable

serialVersionUID:

3359382317533639638L

Serialized Fields

type

java.lang.String type

The type of the provider. "google" and "azure" are also acceptable values.

discoveryUri

java.lang.String discoveryUri

The discovery endpoint to locate the provide metadata.

logoutUrl

java.lang.String logoutUrl

Logout url used for this provider.

useNonce

boolean useNonce

Whether an initial nonce should be to used initially for replay attack mitigation.

scope

java.lang.String scope

Requested scope(s).

preferredJwsAlgorithm

java.lang.String preferredJwsAlgorithm

The JWS algorithm to use forcefully when validating ID tokens. If none is defined, the first algorithm from metadata will be used.

maxClockSkew

int maxClockSkew

Clock skew in order to account for drift, when validating id tokens.

customParams

java.util.Map<K,V> customParams

Custom parameters to send along in authZ requests, etc.

azureTenantId

java.lang.String azureTenantId

Tenant Id as required by Microsoft Azure integrations.

Class org.apereo.cas.configuration.model.support.pac4j.Pac4jSamlClientProperties extends Pac4jBaseClientProperties implements Serializable

serialVersionUID:

-862819796533384951L

Serialized Fields

destinationBinding

java.lang.String destinationBinding

The destination binding to use when creating authentication requests.

keystorePassword

java.lang.String keystorePassword

The password to use when generating the SP/CAS keystore.

privateKeyPassword

java.lang.String privateKeyPassword

The password to use when generating the private key for the SP/CAS keystore.

keystorePath

java.lang.String keystorePath

Location of the keystore to use and generate the SP/CAS keystore.

identityProviderMetadataPath

java.lang.String identityProviderMetadataPath

The metadata location of the identity provider that is to handle authentications.

maximumAuthenticationLifetime

int maximumAuthenticationLifetime

Once you have an authenticated session on the identity provider, usually it won't prompt you again to enter your credentials and it will automatically generate a new assertion for you. By default, the SAML client will accept assertions based on a previous authentication for one hour. You can adjust this behavior by modifying this setting. The unit of time here is seconds.

serviceProviderEntityId

java.lang.String serviceProviderEntityId

The entity id of the SP/CAS that is used in the SP metadata generation process.

serviceProviderMetadataPath

java.lang.String serviceProviderMetadataPath

Location of the SP metadata to use and generate.

forceAuth

boolean forceAuth

Whether authentication requests should be tagged as forced auth.

passive

boolean passive

Whether authentication requests should be tagged as passive.

authnContextClassRef

java.lang.String authnContextClassRef

Requested authentication context class in authn requests.

authnContextComparisonType

java.lang.String authnContextComparisonType

Specifies the comparison rule that should be used to evaluate the specified authentication methods. For example, if exact is specified, the authentication method used must match one of the authentication methods specified by the AuthnContextClassRef elements. AuthContextClassRef element require comparison rule to be used to evaluate the specified authentication methods. If not explicitly specified "exact" rule will be used by default. Other acceptable values are minimum, maximum, better.

keystoreAlias

java.lang.String keystoreAlias

The key alias used in the keystore.

nameIdPolicyFormat

java.lang.String nameIdPolicyFormat

NameID policy to request in the authentication requests.

wantsAssertionsSigned

boolean wantsAssertionsSigned

Whether metadata should be marked to request sign assertions.

attributeConsumingServiceIndex

int attributeConsumingServiceIndex

AttributeConsumingServiceIndex attribute of AuthnRequest element. The given index points out a specific AttributeConsumingService structure, declared into the Service Provider (SP)'s metadata, to be used to specify all the attributes that the Service Provider is asking to be released within the authentication assertion returned by the Identity Provider (IdP). This attribute won't be sent with the request unless a positive value (including 0) is defined.

assertionConsumerServiceIndex

int assertionConsumerServiceIndex

Allows the SAML client to select a specific ACS url from the metadata, if defined. A negative value de-activates the selection process and is the default.

Package org.apereo.cas.configuration.model.support.passwordless

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

8726382874579042117L

Serialized Fields

accounts

PasswordlessAuthenticationProperties.Accounts accounts

Properties to instruct CAS how accounts for passwordless authentication should be located.

tokens

PasswordlessAuthenticationProperties.Tokens tokens

Properties to instruct CAS how tokens for passwordless authentication should be located.

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties.Accounts extends java.lang.Object implements Serializable

serialVersionUID:

-8424650395669337488L

Serialized Fields

rest

PasswordlessAuthenticationProperties.Rest rest

Passwordless authentication settings via REST.

groovy

PasswordlessAuthenticationProperties.Groovy groovy

Passwordless authentication settings via Groovy.

simple

java.util.Map<K,V> simple

Passwordless authentication settings using static accounts. The key is the user identifier, while the value is the form of contact such as email, sms, etc.

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties.RestTokens extends RestEndpointProperties implements Serializable

serialVersionUID:

-8102345678378393382L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings on how to reset the password.

Class org.apereo.cas.configuration.model.support.passwordless.PasswordlessAuthenticationProperties.Tokens extends java.lang.Object implements Serializable

serialVersionUID:

8371063350377031703L

Serialized Fields

expireInSeconds

int expireInSeconds

Indicate how long should the token be considered valid.

rest

PasswordlessAuthenticationProperties.RestTokens rest

Passwordless authentication settings via REST.

mail

EmailProperties mail

Email settings for notifications.

sms

SmsProperties sms

SMS settings for notifications.

Package org.apereo.cas.configuration.model.support.pm

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties extends java.lang.Object implements Serializable

serialVersionUID:

-260644582798411176L

Serialized Fields

enabled

boolean enabled

Flag to indicate if password management facility is enabled.

autoLogin

boolean autoLogin

Flag to indicate whether successful password change should trigger login automatically.

policyPattern

java.lang.String policyPattern

A String value representing password policy regex pattarn.

Minimum 8 and Maximum 10 characters at least 1 Uppercase Alphabet, 1 Lowercase Alphabet, 1 Number and 1 Special Character.

ldap

PasswordManagementProperties.Ldap ldap

Manage account passwords in LDAP.

jdbc

PasswordManagementProperties.Jdbc jdbc

Manage account passwords in database.

rest

PasswordManagementProperties.Rest rest

Manage account passwords via REST.

json

PasswordManagementProperties.Json json

Manage account passwords in JSON resources.

reset

PasswordManagementProperties.Reset reset

Settings related to resetting password.

groovy

PasswordManagementProperties.Groovy groovy

Handle password policy via Groovy script.

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties.Jdbc extends AbstractJpaProperties implements Serializable

serialVersionUID:

4746591112640513465L

Serialized Fields

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder properties.

sqlChangePassword

java.lang.String sqlChangePassword

SQL query to change the password and update.

sqlFindEmail

java.lang.String sqlFindEmail

SQL query to locate the user email address.

sqlSecurityQuestions

java.lang.String sqlSecurityQuestions

SQL query to locate security questions for the account, if any.

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties.Json extends SpringResourceProperties implements Serializable

serialVersionUID:

1129426669588789974L

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties.Ldap extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-2610186056194686825L

Serialized Fields

securityQuestionsAttributes

java.util.Map<K,V> securityQuestionsAttributes

Collection of attribute names that indicate security questions answers. This is done via a key-value structure where the key is the attribute name for the security question and the value is the attribute name for the answer linked to the question.

type

AbstractLdapProperties.LdapType type

The specific variant of LDAP based on which update operations will be constructed.

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties.Reset extends java.lang.Object implements Serializable

serialVersionUID:

3453970349530670459L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings on how to reset the password.

mail

EmailProperties mail

Email settings for notifications.

securityQuestionsEnabled

boolean securityQuestionsEnabled

Whether reset operations require security questions, or should they be marked as optional.

expirationMinutes

float expirationMinutes

How long in minutes should the password expiration link remain valid.

Class org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties.Rest extends java.lang.Object implements Serializable

serialVersionUID:

5262948164099973872L

Serialized Fields

endpointUrlEmail

java.lang.String endpointUrlEmail

Endpoint URL to use when locating email addresses.

endpointUrlSecurityQuestions

java.lang.String endpointUrlSecurityQuestions

Endpoint URL to use when locating security questions.

endpointUrlChange

java.lang.String endpointUrlChange

Endpoint URL to use when updating passwords..

Package org.apereo.cas.configuration.model.support.quartz

Class org.apereo.cas.configuration.model.support.quartz.ScheduledJobProperties extends java.lang.Object implements Serializable

serialVersionUID:

9059671958275130605L

Serialized Fields

schedule

SchedulingProperties schedule

Scheduler settings to indicate how often the job should run.

Class org.apereo.cas.configuration.model.support.quartz.SchedulingProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1522227059439367394L

Serialized Fields

enabled

boolean enabled

Whether scheduler is should schedule the job to run.

startDelay

java.lang.String startDelay

String representation of a start delay of loading data for a data store implementation. This is the delay between scheduler startup and first job’s execution

repeatInterval

java.lang.String repeatInterval

String representation of a repeat interval of re-loading data for an data store implementation. This is the timeout between consecutive job’s executions.

Package org.apereo.cas.configuration.model.support.radius

Class org.apereo.cas.configuration.model.support.radius.RadiusClientProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7961769318651312854L

Serialized Fields

inetAddress

java.lang.String inetAddress

Server address to connect and establish a session.

sharedSecret

java.lang.String sharedSecret

Secret/password to use for the initial bind.

socketTimeout

int socketTimeout

Socket connection timeout in milliseconds.

authenticationPort

int authenticationPort

The authentication port.

accountingPort

int accountingPort

The accounting port.

Class org.apereo.cas.configuration.model.support.radius.RadiusProperties extends java.lang.Object implements Serializable

serialVersionUID:

5244307919878753714L

Serialized Fields

failoverOnException

boolean failoverOnException

Whether catastrophic errors should be skipped and fail over to the next server.

failoverOnAuthenticationFailure

boolean failoverOnAuthenticationFailure

Whether authentication errors should be skipped and fail over to the next server.

server

RadiusServerProperties server

RADIUS server settings.

client

RadiusClientProperties client

RADIUS client settings.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings.

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transoformation settings.

name

java.lang.String name

The name of the authentication handler.

Class org.apereo.cas.configuration.model.support.radius.RadiusServerProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3911282132573730184L

Serialized Fields

protocol

java.lang.String protocol

Radius protocol to use when communicating with the server.

retries

int retries

Number of re-try attempts when dealing with connection and authentication failures.

nasIdentifier

java.lang.String nasIdentifier

The NAS identifier.

nasPort

long nasPort

The NAS port.

nasPortId

long nasPortId

The NAS port id.

nasRealPort

long nasRealPort

The NAS real port.

nasPortType

int nasPortType

The NAS port type.

nasIpAddress

java.lang.String nasIpAddress

The NAS IP address.

nasIpv6Address

java.lang.String nasIpv6Address

The NAS IPv6 address.

Package org.apereo.cas.configuration.model.support.redis

Class org.apereo.cas.configuration.model.support.redis.BaseRedisProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2600996981339638782L

Serialized Fields

database

int database

Database index used by the connection factory.

host

java.lang.String host

Redis server host.

password

java.lang.String password

Login password of the redis server.

port

int port

Redis server port.

timeout

int timeout

Connection timeout in milliseconds.

pool

BaseRedisProperties.Pool pool

Radius connection pool settings.

sentinel

BaseRedisProperties.Sentinel sentinel

Redis Sentinel settings.

usePool

boolean usePool

Whether or not to activate the pool configuration.

useSsl

boolean useSsl

Whether or not to use SSL for connection factory.

Class org.apereo.cas.configuration.model.support.redis.BaseRedisProperties.Pool extends java.lang.Object implements Serializable

serialVersionUID:

8534823157764550894L

Serialized Fields

numTestsPerEvictionRun

int numTestsPerEvictionRun

Sets the maximum number of objects to examine during each run (if any) of the idle object evictor thread. When positive, the number of tests performed for a run will be the minimum of the configured value and the number of idle instances in the pool. When negative, the number of tests performed will be ceil(getNumIdle()/ abs(getNumTestsPerEvictionRun())) which means that when the value is -n roughly one nth of the idle objects will be tested per run.

softMinEvictableIdleTimeMillis

long softMinEvictableIdleTimeMillis

Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)), with the extra condition that at least minIdle object instances remain in the pool. This setting is overridden by getMinEvictableIdleTimeMillis() (that is, if getMinEvictableIdleTimeMillis() is positive, then getSoftMinEvictableIdleTimeMillis() is ignored).

minEvictableIdleTimeMillis

long minEvictableIdleTimeMillis

Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)). When non-positive, no objects will be evicted from the pool due to idle time alone.

lifo

boolean lifo

Returns whether the pool has LIFO (last in, first out) behaviour with respect to idle objects - always returning the most recently used object from the pool, or as a FIFO (first in, first out) queue, where the pool always returns the oldest object in the idle object pool.

fairness

boolean fairness

Returns whether or not the pool serves threads waiting to borrow objects fairly. True means that waiting threads are served as if waiting in a FIFO queue.

testOnCreate

boolean testOnCreate

Returns whether objects created for the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, then borrowObject() will fail.

testOnBorrow

boolean testOnBorrow

Returns whether objects borrowed from the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed, and a new attempt will be made to borrow an object from the pool.

testOnReturn

boolean testOnReturn

Returns whether objects borrowed from the pool will be validated when they are returned to the pool via the returnObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. Returning objects that fail validation are destroyed rather then being returned the pool.

testWhileIdle

boolean testWhileIdle

Returns whether objects sitting idle in the pool will be validated by the idle object evictor ( if any - see setTimeBetweenEvictionRunsMillis(long)). Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed.

maxIdle

int maxIdle

Max number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.

minIdle

int minIdle

Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.

maxActive

int maxActive

Max number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.

maxWait

int maxWait

Maximum amount of time (in milliseconds) a connection allocation should block before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.

Class org.apereo.cas.configuration.model.support.redis.BaseRedisProperties.Sentinel extends java.lang.Object implements Serializable

serialVersionUID:

5434823157764550831L

Serialized Fields

master

java.lang.String master

Name of Redis server.

node

java.util.List<E> node

list of host:port pairs.

Class org.apereo.cas.configuration.model.support.redis.RedisServiceRegistryProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-9012996050439638782L

Class org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties extends BaseRedisProperties implements Serializable

serialVersionUID:

-2600996050439638782L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Crypto settings for the registry.

Package org.apereo.cas.configuration.model.support.rest

Class org.apereo.cas.configuration.model.support.rest.RestAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-6122859176355467060L

Serialized Fields

uri

java.lang.String uri

Endpoint URI to use for verification of credentials.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for REST authentication.

name

java.lang.String name

Name of the authentication handler.

Package org.apereo.cas.configuration.model.support.saml

Class org.apereo.cas.configuration.model.support.saml.SamlCoreProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8505851926931247878L

Serialized Fields

skewAllowance

int skewAllowance

Skew allowance that controls the issue instance of the authentication.

issueLength

int issueLength

Issue length that controls the validity period of the assertion.

attributeNamespace

java.lang.String attributeNamespace

Attribute namespace to use when generating SAML1 responses.

issuer

java.lang.String issuer

Issuer of the assertion when generating SAML1 responses.

ticketidSaml2

boolean ticketidSaml2

Whether ticket ids generated should be saml2 compliant when generating SAML1 responses.

securityManager

java.lang.String securityManager

Qualified name of the security manager class used for creating a SAML parser pool.

Package org.apereo.cas.configuration.model.support.saml.googleapps

Class org.apereo.cas.configuration.model.support.saml.googleapps.GoogleAppsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5133482766495375325L

Serialized Fields

publicKeyLocation

java.lang.String publicKeyLocation

The public key location that is also shared with google apps.

privateKeyLocation

java.lang.String privateKeyLocation

The private key location that is used to sign responses, etc.

keyAlgorithm

java.lang.String keyAlgorithm

Signature algorithm used to generate keys.

Package org.apereo.cas.configuration.model.support.saml.idp

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPAlgorithmsProperties extends java.lang.Object implements Serializable

serialVersionUID:

6547093517788229284L

Serialized Fields

overrideDataEncryptionAlgorithms

java.util.List<E> overrideDataEncryptionAlgorithms

The Override data encryption algorithms.

overrideKeyEncryptionAlgorithms

java.util.List<E> overrideKeyEncryptionAlgorithms

The Override key encryption algorithms.

overrideBlackListedEncryptionAlgorithms

java.util.List<E> overrideBlackListedEncryptionAlgorithms

The Override black listed encryption algorithms.

overrideWhiteListedAlgorithms

java.util.List<E> overrideWhiteListedAlgorithms

The Override white listed algorithms.

overrideSignatureReferenceDigestMethods

java.util.List<E> overrideSignatureReferenceDigestMethods

The Override signature reference digest methods.

overrideSignatureAlgorithms

java.util.List<E> overrideSignatureAlgorithms

The Override signature algorithms.

overrideBlackListedSignatureSigningAlgorithms

java.util.List<E> overrideBlackListedSignatureSigningAlgorithms

The Override black listed signature signing algorithms.

overrideWhiteListedSignatureSigningAlgorithms

java.util.List<E> overrideWhiteListedSignatureSigningAlgorithms

The Override white listed signature signing algorithms.

overrideSignatureCanonicalizationAlgorithm

java.lang.String overrideSignatureCanonicalizationAlgorithm

The Override signature canonicalization algorithm.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPLogoutProperties extends java.lang.Object implements Serializable

serialVersionUID:

-4608824149569614549L

Serialized Fields

forceSignedLogoutRequests

boolean forceSignedLogoutRequests

Whether SLO logout requests are required to be signed.

singleLogoutCallbacksDisabled

boolean singleLogoutCallbacksDisabled

Whether SAML SLO is enabled and processed.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5848075783676789852L

Serialized Fields

attributeQueryProfileEnabled

boolean attributeQueryProfileEnabled

Indicates whether attribute query profile is enabled. Enabling this setting would allow CAS to record SAML responses and have them be made available later for attribute lookups.

entityId

java.lang.String entityId

The SAML entity id for the deployment.

scope

java.lang.String scope

The scope used in generation of metadata.

authenticationContextClassMappings

java.util.List<E> authenticationContextClassMappings

A mapping of authentication context class refs. This is where specific authentication context classes are references and mapped one ones that CAS may support mainly for MFA purposes.

Example might be urn:oasis:names:tc:SAML:2.0:ac:classes:SomeClassName->mfa-duo.

response

SamlIdPResponseProperties response

Settings related to SAML2 responses.

metadata

SamlIdPMetadataProperties metadata

SAML2 metadata related settings.

logout

SamlIdPLogoutProperties logout

SAML2 logout related settings.

algs

SamlIdPAlgorithmsProperties algs

Settings related to algorithms used for signing, etc.

ticket

SamlIdPTicketProperties ticket

Settings related to naming saml cache storages.

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties extends java.lang.Object implements Serializable

serialVersionUID:

7200477683583467619L

Serialized Fields

credentialType

SamlIdPResponseProperties.SignatureCredentialTypes credentialType

Indicate the encoding type of the credential used when rendering the saml response.

skewAllowance

int skewAllowance

Time unit in seconds used to skew authentication dates such as valid-from and valid-until elements.

signError

boolean signError

Whether error responses should be signed.

defaultAuthenticationContextClass

java.lang.String defaultAuthenticationContextClass

The default authentication context class to include in the response if none is specified via the service.

defaultAttributeNameFormat

java.lang.String defaultAttributeNameFormat

Indicates the default name-format for all attributes in case the individual attribute is not individually mapped.

attributeNameFormats

java.util.List<E> attributeNameFormats

Each individual attribute can be mapped to a particular name-format. Example: attributeName->basic|uri|unspecified|custom-format-etc,....

Class org.apereo.cas.configuration.model.support.saml.idp.SamlIdPTicketProperties extends java.lang.Object implements Serializable

serialVersionUID:

6837089259390742073L

Serialized Fields

samlArtifactsCacheStorageName

java.lang.String samlArtifactsCacheStorageName

name that should be given to the saml artifact cache storage name.

samlAttributeQueryCacheStorageName

java.lang.String samlAttributeQueryCacheStorageName

The name that should be given to the saml attribute query cache storage name.

Package org.apereo.cas.configuration.model.support.saml.idp.metadata

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.AmazonS3SamlMetadataProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

352435146313504995L

Serialized Fields

bucketName

java.lang.String bucketName

S3 bucket that contains metadata files.

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.JpaSamlMetadataProperties extends AbstractJpaProperties implements Serializable

serialVersionUID:

352435146313504995L

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.MongoDbSamlMetadataProperties extends SingleCollectionMongoDbProperties implements Serializable

serialVersionUID:

-227092724742371662L

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.RestSamlMetadataProperties extends RestEndpointProperties implements Serializable

serialVersionUID:

-7734304585762871404L

Class org.apereo.cas.configuration.model.support.saml.idp.metadata.SamlIdPMetadataProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1020542741768471305L

Serialized Fields

failFast

boolean failFast

Whether invalid metadata should eagerly fail quickly on startup once the resource is parsed.

requireValidMetadata

boolean requireValidMetadata

Whether valid metadata is required.

cacheExpirationMinutes

long cacheExpirationMinutes

How long should metadata be cached in minutes.

mongo

MongoDbSamlMetadataProperties mongo

Properties pertaining to mongo db saml metadata resolvers.

jpa

JpaSamlMetadataProperties jpa

Properties pertaining to jpa metadata resolution.

rest

RestSamlMetadataProperties rest

Properties pertaining to REST metadata resolution.

amazonS3

AmazonS3SamlMetadataProperties amazonS3

Properties pertaining to AWS S3 metadata resolution.

privateKeyAlgName

java.lang.String privateKeyAlgName

Algorithm name to use when generating private key.

basicAuthnUsername

java.lang.String basicAuthnUsername

Basic auth username in case the metadata instance is connecting to an MDQ server.

basicAuthnPassword

java.lang.String basicAuthnPassword

Basic auth password in case the metadata instance is connecting to an MDQ server.

supportedContentTypes

java.util.List<E> supportedContentTypes

Supported content types in case the metadata instance is connecting to an MDQ server.

Package org.apereo.cas.configuration.model.support.saml.mdui

Class org.apereo.cas.configuration.model.support.saml.mdui.SamlMetadataUIProperties extends java.lang.Object implements Serializable

serialVersionUID:

2113479681245996975L

Serialized Fields

parameter

java.lang.String parameter

The parameter name that indicates the entity id of the service provider submitted to CAS.

maxValidity

long maxValidity

If specified, creates a validity filter on the metadata to check for metadata freshness based on the max validity. Value is specified in seconds.

requireSignedRoot

boolean requireSignedRoot

When parsing metadata, whether the root element is required to be signed.

requireValidMetadata

boolean requireValidMetadata

Whether valid metadata is required when parsing metadata.

resources

java.util.List<E> resources

Metadata resources to load and parse through based on the incoming entity id in order to locate MDUI. Resources can be classpath/file/http resources. If each metadata resource has a signing certificate, they can be added onto the resource with a :: separator. Example: classpath:/sp-metadata.xml::classpath:/pub.key.

schedule

SchedulingProperties schedule

Scheduler settings to indicate how often is metadata reloaded.

Package org.apereo.cas.configuration.model.support.saml.shibboleth

Class org.apereo.cas.configuration.model.support.saml.shibboleth.ShibbolethIdPProperties extends java.lang.Object implements Serializable

serialVersionUID:

1741075420882227768L

Serialized Fields

serverUrl

java.lang.String serverUrl

The server url of the shibboleth idp deployment.

Package org.apereo.cas.configuration.model.support.saml.sps

Class org.apereo.cas.configuration.model.support.saml.sps.AbstractSamlSPProperties extends java.lang.Object implements Serializable

serialVersionUID:

-5381463661659831898L

Serialized Fields

metadata

java.lang.String metadata

The location of the metadata for this service provider. Can be a URL or another form of resource.

name

java.lang.String name

Name of this service provider.

description

java.lang.String description

Description of this service provider as it's stored in the registry.

nameIdAttribute

java.lang.String nameIdAttribute

Attribute to use when generating nameids for this SP.

nameIdFormat

java.lang.String nameIdFormat

The forced nameId format to use when generating a response.

attributes

java.util.List<E> attributes

Set up the attribute release policy for this service. Allow attributes that are to be released to this SP. Attributes should be separated by commas and can be virtually mapped and renamed.

signatureLocation

java.lang.String signatureLocation

Signature location used to verify metadata.

entityIds

java.util.List<E> entityIds

List of entityIds allowed for this service provider. Multiple ids can be specified in the event that the metadata is an aggregate.

signResponses

boolean signResponses

Indicate whether responses should be signed.

signAssertions

boolean signAssertions

Indicate whether assertions should be signed.

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties extends java.lang.Object implements Serializable

serialVersionUID:

8602328179113963081L

Serialized Fields

concurSolutions

SamlServiceProviderProperties.ConcurSolutions concurSolutions

Settings related to ConcurSolutions acting as a SAML service provider.

pollEverywhere

SamlServiceProviderProperties.PollEverywhere pollEverywhere

Settings related to PollEverywhere acting as a SAML service provider.

hipchat

SamlServiceProviderProperties.Hipchat hipchat

Settings related to Hipchat acting as a SAML service provider.

gitlab

SamlServiceProviderProperties.Gitlab gitlab

Settings related to Gitlab acting as a SAML service provider.

dropbox

SamlServiceProviderProperties.Dropbox dropbox

Settings related to Dropbox acting as a SAML service provider.

workday

SamlServiceProviderProperties.Workday workday

Settings related to Workday acting as a SAML service provider.

saManage

SamlServiceProviderProperties.SAManage saManage

Settings related to SA Manage acting as a SAML service provider.

salesforce

SamlServiceProviderProperties.Salesforce salesforce

Settings related to Salesforce acting as a SAML service provider.

serviceNow

SamlServiceProviderProperties.ServiceNow serviceNow

Settings related to ServiceNow acting as a SAML service provider.

box

SamlServiceProviderProperties.Box box

Settings related to Box acting as a SAML service provider.

netPartner

SamlServiceProviderProperties.NetPartner netPartner

Settings related to NetPartner acting as a SAML service provider.

webex

SamlServiceProviderProperties.Webex webex

Settings related to Webex acting as a SAML service provider.

office365

SamlServiceProviderProperties.Office365 office365

Settings related to Office365 acting as a SAML service provider.

testShib

SamlServiceProviderProperties.TestShib testShib

Settings related to TestShib acting as a SAML service provider.

inCommon

SamlServiceProviderProperties.InCommon inCommon

Settings related to InCommon acting as a SAML service provider.

zoom

SamlServiceProviderProperties.Zoom zoom

Settings related to ZOOM acting as a SAML service provider.

evernote

SamlServiceProviderProperties.Evernote evernote

Settings related to Evernote acting as a SAML service provider.

asana

SamlServiceProviderProperties.Asana asana

Settings related to Asana acting as a SAML service provider.

gartner

SamlServiceProviderProperties.Gartner gartner

Settings related to Gartner acting as a SAML service provider.

tableau

SamlServiceProviderProperties.Tableau tableau

Settings related to Tableu acting as a SAML service provider.

webAdvisor

SamlServiceProviderProperties.WebAdvisor webAdvisor

Settings related to WebAdvisor acting as a SAML service provider.

openAthens

SamlServiceProviderProperties.OpenAthens openAthens

Settings related to OpenAthens acting as a SAML service provider.

arcGIS

SamlServiceProviderProperties.ArcGIS arcGIS

Settings related to ArcGIS acting as a SAML service provider.

benefitFocus

SamlServiceProviderProperties.BenefitFocus benefitFocus

Settings related to BenefitFocus acting as a SAML service provider.

adobeCloud

SamlServiceProviderProperties.AdobeCloud adobeCloud

Settings related to Adobe Cloud acting as a SAML service provider.

academicWorks

SamlServiceProviderProperties.AcademicWorks academicWorks

Settings related to Academic Works acting as a SAML service provider.

easyIep

SamlServiceProviderProperties.EasyIep easyIep

Settings related to Easy IEP acting as a SAML service provider.

infiniteCampus

SamlServiceProviderProperties.InfiniteCampus infiniteCampus

Settings related to InfiniteCampus acting as a SAML service provider.

sansSth

SamlServiceProviderProperties.SecuringTheHuman sansSth

Settings related to SecuringTheHuman acting as a SAML service provider.

slack

SamlServiceProviderProperties.Slack slack

Settings related to Slack acting as a SAML service provider.

zendesk

SamlServiceProviderProperties.Zendesk zendesk

Settings related to Zendesk acting as a SAML service provider.

bynder

SamlServiceProviderProperties.Bynder bynder

Settings related to Bynder acting as a SAML service provider.

famis

SamlServiceProviderProperties.Famis famis

Settings related to Famis acting as a SAML service provider.

sserca

SamlServiceProviderProperties.SunshineStateEdResearchAlliance sserca

Settings related to Sunshine state ed/release alliance acting as a SAML service provider.

everBridge

SamlServiceProviderProperties.EverBridge everBridge

Settings related to EverBridge acting as a SAML service provider.

cherWell

SamlServiceProviderProperties.CherWell cherWell

Settings related to CherWell acting as a SAML service provider.

egnyte

SamlServiceProviderProperties.Egnyte egnyte

Settings related to CherWell acting as a SAML service provider.

newRelic

SamlServiceProviderProperties.NewRelic newRelic

Settings related to CherWell acting as a SAML service provider.

yuja

SamlServiceProviderProperties.Yuja yuja

Settings related to Yuja acting as a SAML service provider.

symplicity

SamlServiceProviderProperties.Symplicity symplicity

Settings related to Symplicity acting as a SAML service provider.

appDynamics

SamlServiceProviderProperties.AppDynamics appDynamics

Settings related to AppDynamics acting as a SAML service provider.

amazon

SamlServiceProviderProperties.Amazon amazon

Settings related to Amazon acting as a SAML service provider.

blackBaud

SamlServiceProviderProperties.BlackBaud blackBaud

Settings related to BlackBaud acting as a SAML service provider.

giveCampus

SamlServiceProviderProperties.GiveCampus giveCampus

Settings related to GiveCampus acting as a SAML service provider.

warpWire

SamlServiceProviderProperties.WarpWire warpWire

Settings related to WarpWire acting as a SAML service provider.

rocketChat

SamlServiceProviderProperties.RocketChat rocketChat

Settings related to RocketChat acting as a SAML service provider.

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.AcademicWorks extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

5855725238963607605L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.AdobeCloud extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5466434234795577247L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Amazon extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.AppDynamics extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.ArcGIS extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

2976006720801066953L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Asana extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

6392492484052314295L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.BenefitFocus extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6518570556068267724L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.BlackBaud extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Box extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5320292115253509284L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Bynder extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.CherWell extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.ConcurSolutions extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Dropbox extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-8275173711355379058L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.EasyIep extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

6177866628049579956L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Egnyte extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3168760591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.EverBridge extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Evernote extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1333379518527897627L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Famis extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

4685484530782109454L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Gartner extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Gitlab extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.GiveCampus extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Hipchat extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.InCommon extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6336757169059216490L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.InfiniteCampus extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-9023417844664430533L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.NetPartner extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

5262806306575955633L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.NewRelic extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3268960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Office365 extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

5878458463269060163L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.OpenAthens extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

7295249577313928465L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.PollEverywhere extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.RocketChat extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Salesforce extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

4685484530782109454L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.SAManage extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-8695176237527302883L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.SecuringTheHuman extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1688194227471468248L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.ServiceNow extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

4329681021653966734L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Slack extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1996859011579246804L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.SunshineStateEdResearchAlliance extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-5558960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Symplicity extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-3178960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Tableau extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-2426590644028989950L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.TestShib extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-622256214333755377L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.WarpWire extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-6141931806328699054L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.WebAdvisor extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

8449304623099588610L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Webex extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

1957066095836617091L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Workday extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

3484810792914261584L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Yuja extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-1168960591734555088L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Zendesk extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-4668960591734555087L

Class org.apereo.cas.configuration.model.support.saml.sps.SamlServiceProviderProperties.Zoom extends AbstractSamlSPProperties implements Serializable

serialVersionUID:

-4877129302021248398L

Package org.apereo.cas.configuration.model.support.scim

Class org.apereo.cas.configuration.model.support.scim.ScimProperties extends java.lang.Object implements Serializable

serialVersionUID:

7943229230342691009L

Serialized Fields

version

long version

Indicate what version of the scim protocol is and should be used.

target

java.lang.String target

The SCIM provisioning target URI.

oauthToken

java.lang.String oauthToken

Authenticate into the SCIM server/service via a pre-generated OAuth token.

username

java.lang.String username

Authenticate into the SCIM server with a pre-defined username.

password

java.lang.String password

Authenticate into the SCIM server with a pre-defined password.

Package org.apereo.cas.configuration.model.support.services.json

Class org.apereo.cas.configuration.model.support.services.json.JsonServiceRegistryProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

-3022199446494732533L

Package org.apereo.cas.configuration.model.support.services.stream

Class org.apereo.cas.configuration.model.support.services.stream.BaseStreamServicesProperties extends java.lang.Object implements Serializable

serialVersionUID:

7025417314334269017L

Class org.apereo.cas.configuration.model.support.services.stream.StreamingServiceRegistryProperties extends java.lang.Object implements Serializable

serialVersionUID:

4957127900906059461L

Serialized Fields

replicationMode

StreamingServiceRegistryProperties.ReplicationModes replicationMode

Indicates the replication mode. Accepted values are:

• ACTIVE_ACTIVE: All CAS nodes sync copies of definitions and keep them locally.
• ACTIVE_PASSIVE: One master node keeps definitions and streams changes to other passive nodes

enabled

boolean enabled

Whether service registry events should be streamed and published across a CAS cluster. One typical workflow is to enable the publisher on one master node and simply have others consume definitions and changes from the upstream master node in order to avoid overrides and timing issues as changes may step over each other if the service registry schedule is not timed correctly.

hazelcast

StreamServicesHazelcastProperties hazelcast

Stream services with hazelcast.

Package org.apereo.cas.configuration.model.support.services.stream.hazelcast

Class org.apereo.cas.configuration.model.support.services.stream.hazelcast.StreamServicesHazelcastProperties extends BaseStreamServicesProperties implements Serializable

serialVersionUID:

-1583614089051161614L

Serialized Fields

duration

java.lang.String duration

Duration that indicates how long should items be kept in the hazelcast cache. Note that generally this number needs to be short as once an item is delivered to a target, it is explicitly removed from the cache/queue. This duration needs to be adjusted if the latency between the CAS nodes in the cluster is too large. Having too short a value will cause the record to expire before it reaches other members of the cluster.

config

BaseHazelcastProperties config

Configuration of the hazelcast instance to queue and stream items.

Package org.apereo.cas.configuration.model.support.services.yaml

Class org.apereo.cas.configuration.model.support.services.yaml.YamlServiceRegistryProperties extends SpringResourceProperties implements Serializable

serialVersionUID:

4863603996990314548L

Package org.apereo.cas.configuration.model.support.sms

Class org.apereo.cas.configuration.model.support.sms.AmazonSnsProperties extends BaseAmazonWebServicesProperties implements Serializable

serialVersionUID:

-3366665169030844517L

Serialized Fields

senderId

java.lang.String senderId

A custom ID that contains up to 11 alphanumeric characters, including at least one letter and no spaces. The sender ID is displayed as the message sender on the receiving device. For example, you can use your business brand to make the message source easier to recognize. Support for sender IDs varies by country and/or region. For example, messages delivered to U.S. phone numbers will not display the sender ID. If you do not specify a sender ID, the message will display a long code as the sender ID in supported countries and regions. For countries or regions that require an alphabetic sender ID, the message displays NOTICE as the sender ID.

maxPrice

java.lang.String maxPrice

The maximum amount in USD that you are willing to spend to send the SMS message. Amazon SNS will not send the message if it determines that doing so would incur a cost that exceeds the maximum price. This attribute has no effect if your month-to-date SMS costs have already exceeded the limit set for the MonthlySpendLimit attribute, which you set by using the SetSMSAttributes request. If you are sending the message to an Amazon SNS topic, the maximum price applies to each message delivery to each phone number that is subscribed to the topic.

smsType

java.lang.String smsType

The type of message that you are sending:

• Promotional - Noncritical messages, such as marketing messages. Amazon SNS optimizes the message delivery to incur the lowest cost.
• Transactional – Critical messages that support customer transactions, such as one-time passcodes for multi-factor authentication. Amazon SNS optimizes the message delivery to achieve the highest reliability.

Class org.apereo.cas.configuration.model.support.sms.ClickatellProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2147844690349952176L

Serialized Fields

token

java.lang.String token

Secure token used to establish a handshake with the service.

serverUrl

java.lang.String serverUrl

URL to contact and send messages.

Class org.apereo.cas.configuration.model.support.sms.SmsProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3713886839517507306L

Serialized Fields

text

java.lang.String text

The body of the SMS message.

from

java.lang.String from

The from address for the message.

attributeName

java.lang.String attributeName

Principal attribute name that indicates the destination phone number for this SMS message. The attribute must already be resolved and available to the CAS principal.

Class org.apereo.cas.configuration.model.support.sms.SmsProvidersProperties extends java.lang.Object implements Serializable

serialVersionUID:

-3713886839517507306L

Serialized Fields

twilio

TwilioProperties twilio

Twilio settings.

textMagic

TextMagicProperties textMagic

TextMagic settings.

clickatell

ClickatellProperties clickatell

Clickatell settings.

sns

AmazonSnsProperties sns

SNS settings.

Class org.apereo.cas.configuration.model.support.sms.TextMagicProperties extends java.lang.Object implements Serializable

serialVersionUID:

5645993472155203013L

Serialized Fields

token

java.lang.String token

Secure token used to establish a handshake.

username

java.lang.String username

Username authorized to use the service as the bind account.

url

java.lang.String url

API url, if any.

Class org.apereo.cas.configuration.model.support.sms.TwilioProperties extends java.lang.Object implements Serializable

serialVersionUID:

-7043132225482495229L

Serialized Fields

accountId

java.lang.String accountId

Twilio account identifier used for authentication.

token

java.lang.String token

Twilio secret token used for authentication.

Package org.apereo.cas.configuration.model.support.spnego

Class org.apereo.cas.configuration.model.support.spnego.SpnegoProperties extends java.lang.Object implements Serializable

serialVersionUID:

8084143496524446970L

Serialized Fields

principalWithDomainName

boolean principalWithDomainName

If specified, will create the principal by ths name on successful authentication.

ntlmAllowed

boolean ntlmAllowed

Allows authentication if spnego credential is marked as NTLM.

send401OnAuthenticationFailure

boolean send401OnAuthenticationFailure

If the authenticated principal cannot be determined from the spegno credential, will set the http status code to 401.

hostNameClientActionStrategy

java.lang.String hostNameClientActionStrategy

The bean id of a webflow action whose job is to evaluate the client host to see if the request is authorized for spnego. Supported strategies include hostnameSpnegoClientAction where CAS checks to see if the request’s remote hostname matches a predefine pattern. and ldapSpnegoClientAction where CAS checks an LDAP instance for the remote hostname, to locate a pre-defined attribute whose mere existence would allow the webflow to resume to SPNEGO.

ldap

SpnegoProperties.Ldap ldap

LDAP settings for spnego to validate clients, etc.

jcifsPassword

java.lang.String jcifsPassword

The Jcifs password.

jcifsServicePassword

java.lang.String jcifsServicePassword

The Jcifs service password.

jcifsServicePrincipal

java.lang.String jcifsServicePrincipal

The Jcifs service principal.

kerberosConf

java.lang.String kerberosConf

The Kerberos conf.

kerberosKdc

java.lang.String kerberosKdc

The Kerberos kdc.

kerberosRealm

java.lang.String kerberosRealm

The Kerberos realm.

loginConf

java.lang.String loginConf

The Login conf.

timeout

java.lang.String timeout

Spnego JCIFS timeout.

cachePolicy

long cachePolicy

Jcifs Netbios cache policy.

jcifsNetbiosWins

java.lang.String jcifsNetbiosWins

The Jcifs netbios wins.

jcifsUsername

java.lang.String jcifsUsername

The Jcifs username.

jcifsDomainController

java.lang.String jcifsDomainController

The Jcifs domain controller.

jcifsDomain

java.lang.String jcifsDomain

The Jcifs domain.

kerberosDebug

java.lang.String kerberosDebug

The Kerberos debug.

useSubjectCredsOnly

boolean useSubjectCredsOnly

The Use subject creds only.

dnsTimeout

java.lang.String dnsTimeout

When validating clients, specifies the DNS timeout used to look up an address.

hostNamePatternString

java.lang.String hostNamePatternString

A regex pattern that indicates whether the client host name is allowed for spnego.

ipsToCheckPattern

java.lang.String ipsToCheckPattern

A regex pattern that indicates whether the client IP is allowed for spnego.

alternativeRemoteHostAttribute

java.lang.String alternativeRemoteHostAttribute

Alternative header name to use in order to find the host address.

spnegoAttributeName

java.lang.String spnegoAttributeName

In case LDAP is used to validate clients, this is the attribute that indicates the host.

ntlm

boolean ntlm

Determines the header to set and the message prefix when negotiating spnego.

mixedModeAuthentication

boolean mixedModeAuthentication

If true, does not terminate authentication and allows CAS to resume and fallback to normal authentication means such as uid/psw via the login page. If disallowed, considers spnego authentication to be final in the event of failures.

supportedBrowsers

java.lang.String supportedBrowsers

Begins negotiating spenego if the user-agent is one of the supported browsers.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

principal

PersonDirectoryPrincipalResolverProperties principal

Password encoding settings for this authentication.

name

java.lang.String name

Name of the authentication handler.

Class org.apereo.cas.configuration.model.support.spnego.SpnegoProperties.Ldap extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-8835216200501334936L

Package org.apereo.cas.configuration.model.support.surrogate

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2088813217398883623L

Serialized Fields

separator

java.lang.String separator

The separator character used to distinguish between the surrogate account and the admin account.

simple

SurrogateAuthenticationProperties.Simple simple

Locate surrogate accounts via CAS configuration, hardcoded as properties.

json

SurrogateAuthenticationProperties.Json json

Locate surrogate accounts via a JSON resource.

ldap

SurrogateAuthenticationProperties.Ldap ldap

Locate surrogate accounts via an LDAP server.

jdbc

SurrogateAuthenticationProperties.Jdbc jdbc

Locate surrogate accounts via a JDBC resource.

rest

SurrogateAuthenticationProperties.Rest rest

Locate surrogate accounts via a REST resource.

tgt

SurrogateAuthenticationProperties.Tgt tgt

Settings related to tickets issued for surrogate session, their expiration policy, etc.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal construction settings.

mail

EmailProperties mail

Email settings for notifications.

sms

SmsProperties sms

SMS settings for notifications.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties.Jdbc extends AbstractJpaProperties implements Serializable

serialVersionUID:

8970195444880123796L

Serialized Fields

surrogateSearchQuery

java.lang.String surrogateSearchQuery

Surrogate query to use to determine whether an admin user can impersonate another user. The query must return an integer count of greater than zero.

surrogateAccountQuery

java.lang.String surrogateAccountQuery

SQL query to use in order to retrieve the list of qualified accounts for impersonation for a given admin user.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties.Json extends SpringResourceProperties implements Serializable

serialVersionUID:

3599367681439517829L

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties.Ldap extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-3848837302921751926L

Serialized Fields

surrogateSearchFilter

java.lang.String surrogateSearchFilter

LDAP search filter used to locate the surrogate account.

memberAttributeName

java.lang.String memberAttributeName

Attribute that must be found on the LDAP entry linked to the admin user that tags the account as authorized for impersonation.

memberAttributeValueRegex

java.lang.String memberAttributeValueRegex

A pattern that is matched against the attribute value of the admin user, that allows for further authorization of the admin user and accounts qualified for impersonation. The regular expression pattern is expected to contain at least a single group whose value on a successful match indicates the qualified impersonated user by admin.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties.Rest extends RestEndpointProperties implements Serializable

serialVersionUID:

8152273816132989085L

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties.Simple extends java.lang.Object implements Serializable

serialVersionUID:

16938920863432222L

Serialized Fields

surrogates

java.util.Map<K,V> surrogates

Define the list of accounts that are allowed to impersonate. This is done in a key-value structure where the key is the admin user and the value is a comma-separated list of identifiers that can be impersonated by the admin-user.

Class org.apereo.cas.configuration.model.support.surrogate.SurrogateAuthenticationProperties.Tgt extends java.lang.Object implements Serializable

serialVersionUID:

2077366413438267330L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

Timeout in seconds to kill the surrogate session and consider tickets expired.

Package org.apereo.cas.configuration.model.support.syncope

Class org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-2446926316502297496L

Serialized Fields

name

java.lang.String name

Name of the authentication handler.

domain

java.lang.String domain

Syncope domain used for authentication, etc.

url

java.lang.String url

Syncope instance URL primary used for REST.

passwordEncoder

PasswordEncoderProperties passwordEncoder

Password encoder settings for the authentication handler.

credentialCriteria

java.lang.String credentialCriteria

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

• 1) A regular expression pattern that is tested against the credential identifier.
• 2) A fully qualified class name of your own design that implements Predicate<Credential>.
• 3) Path to an external Groovy script that implements the same interface.

principalTransformation

PrincipalTransformationProperties principalTransformation

This is principal transformation properties.

Package org.apereo.cas.configuration.model.support.themes

Class org.apereo.cas.configuration.model.support.themes.ThemeProperties extends java.lang.Object implements Serializable

serialVersionUID:

2248773823196496599L

Serialized Fields

defaultThemeName

java.lang.String defaultThemeName

The default theme name of this CAS deployment.

paramName

java.lang.String paramName

The parameter name used to switch themes.

Package org.apereo.cas.configuration.model.support.throttle

Class org.apereo.cas.configuration.model.support.throttle.ThrottleProperties extends java.lang.Object implements Serializable

serialVersionUID:

6813165633105563813L

Serialized Fields

failure

ThrottleProperties.Failure failure

Throttling failure events.

jdbc

ThrottleProperties.Jdbc jdbc

Record authentication throttling events in a JDBC resource.

usernameParameter

java.lang.String usernameParameter

Username parameter to use in order to extract the username from the request.

appcode

java.lang.String appcode

Application code used to identify this application in the audit logs.

schedule

SchedulingProperties schedule

Scheduler settings to clean up throttled attempts.

Class org.apereo.cas.configuration.model.support.throttle.ThrottleProperties.Failure extends java.lang.Object implements Serializable

serialVersionUID:

1246256695801461610L

Serialized Fields

code

java.lang.String code

Failure code to record in the audit log. Generally this indicates an authentication failure event.

threshold

int threshold

Number of failed login attempts permitted in the above period. All login throttling components that ship with CAS limit successive failed login attempts that exceed a threshold rate in failures per second.

rangeSeconds

int rangeSeconds

Period of time in seconds during which the threshold applies.

Class org.apereo.cas.configuration.model.support.throttle.ThrottleProperties.Jdbc extends AbstractJpaProperties implements Serializable

serialVersionUID:

-9199878384425691919L

Serialized Fields

auditQuery

java.lang.String auditQuery

Audit query to execute against the database to locate audit records based on IP, user, date and an application code along with the relevant audit action.

Package org.apereo.cas.configuration.model.support.token

Class org.apereo.cas.configuration.model.support.token.TokenAuthenticationProperties extends java.lang.Object implements Serializable

serialVersionUID:

6016124091895278265L

Serialized Fields

principalTransformation

PrincipalTransformationProperties principalTransformation

Principal transformation settings.

crypto

EncryptionOptionalSigningOptionalJwtCryptographyProperties crypto

Crypto settings.

name

java.lang.String name

Name of the authentication handler.

Package org.apereo.cas.configuration.model.support.trusted

Class org.apereo.cas.configuration.model.support.trusted.TrustedAuthenticationProperties extends PersonDirectoryPrincipalResolverProperties implements Serializable

serialVersionUID:

279410895614233349L

Serialized Fields

remotePrincipalHeader

java.lang.String remotePrincipalHeader

Indicates the name of the request header that may be extracted from the request as the indicated authenticated userid from the remote authn system.

name

java.lang.String name

Indicates the name of the authentication handler.

Package org.apereo.cas.configuration.model.support.wsfed

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationDelegatedCookieProperties extends CookieProperties implements Serializable

serialVersionUID:

7392972818105536350L

Serialized Fields

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings that determine how the cookie should be signed and encrypted.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationDelegationProperties extends java.lang.Object implements Serializable

serialVersionUID:

5743971334977239938L

Serialized Fields

identityAttribute

java.lang.String identityAttribute

The attribute extracted from the assertion and used to construct the CAS principal id.

identityProviderIdentifier

java.lang.String identityProviderIdentifier

The entity id or the identifier of the Wsfed instance.

identityProviderUrl

java.lang.String identityProviderUrl

Wsfed identity provider url.

signingCertificateResources

java.lang.String signingCertificateResources

Locations of signing certificates used to verify assertions.

relyingPartyIdentifier

java.lang.String relyingPartyIdentifier

The identifier for CAS (RP) registered with wsfed.

tolerance

java.lang.String tolerance

Tolerance value used to skew assertions to support clock drift.

attributesType

java.lang.String attributesType

Indicates how attributes should be recorded into the principal object. Useful if you wish to additionally resolve attributes on top of what wsfed provides. Accepted values are CAS,WSFED,BOTH.

attributeResolverEnabled

boolean attributeResolverEnabled

Whether CAS should enable its own attribute resolution machinery after having received a response from wsfed.

autoRedirect

boolean autoRedirect

Whether CAS should auto redirect to this wsfed instance.

encryptionPrivateKey

java.lang.String encryptionPrivateKey

The path to the private key used to handle and verify encrypted assertions.

encryptionCertificate

java.lang.String encryptionCertificate

The path to the public key/certificate used to handle and verify encrypted assertions.

encryptionPrivateKeyPassword

java.lang.String encryptionPrivateKeyPassword

The private key password.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal resolution settings.

name

java.lang.String name

Name of the authentication handler.

cookie

WsFederationDelegatedCookieProperties cookie

Signing/encryption settings related to managing the cookie that is used to keep track of the session.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties extends java.lang.Object implements Serializable

serialVersionUID:

-8679379856243224647L

Serialized Fields

idp

WsFederationProperties.IdentityProvider idp

Settings related to the wed-fed identity provider.

sts

WsFederationProperties.SecurityTokenService sts

Settings related to the we-fed security token service.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties.IdentityProvider extends java.lang.Object implements Serializable

serialVersionUID:

5190493517277610788L

Serialized Fields

realm

java.lang.String realm

At this point, by default security token service’s endpoint operate using a single realm configuration and identity provider configuration is only able to recognize and request tokens for a single realm. Registration of clients need to ensure this value is matched.

realmName

java.lang.String realmName

Realm name.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties.SecurityTokenService extends java.lang.Object implements Serializable

serialVersionUID:

-1155140161252595793L

Serialized Fields

subjectNameIdFormat

java.lang.String subjectNameIdFormat

When generating a SAML token, indicates the subject name-id format to use.

encryptTokens

boolean encryptTokens

Whether tokens generated by STS should encrypted.

signingKeystoreFile

java.lang.String signingKeystoreFile

Keystore path used to sign tokens.

signingKeystorePassword

java.lang.String signingKeystorePassword

Keystore password used to sign tokens.

encryptionKeystoreFile

java.lang.String encryptionKeystoreFile

Keystore path used to encrypt tokens.

encryptionKeystorePassword

java.lang.String encryptionKeystorePassword

Keystore password used to encrypt tokens.

crypto

EncryptionJwtSigningJwtCryptographyProperties crypto

Crypto settings used to secure calls between the idp and the sts.

realm

WsFederationProperties.SecurityTokenService.RealmDefinition realm

Realm definition settings that define this CAS server.

Class org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties.SecurityTokenService.RealmDefinition extends java.lang.Object implements Serializable

serialVersionUID:

-2209230334376432934L

Serialized Fields

keystoreFile

java.lang.String keystoreFile

Keystore path associated with the this realm.

keystorePassword

java.lang.String keystorePassword

Keystore password associated with the this realm.

keystoreAlias

java.lang.String keystoreAlias

Key alias associated with the this realm.

keyPassword

java.lang.String keyPassword

Key alias associated with the this realm.

issuer

java.lang.String issuer

Issuer/name of the realm identified and registered with STS.

Package org.apereo.cas.configuration.model.support.x509

Class org.apereo.cas.configuration.model.support.x509.X509Properties extends java.lang.Object implements Serializable

serialVersionUID:

-9032744084671270366L

Serialized Fields

serialNumberPrefix

java.lang.String serialNumberPrefix

The serial number prefix used for principal resolution when type is set to X509Properties.PrincipalTypes.SERIAL_NO_DN.

valueDelimiter

java.lang.String valueDelimiter

Value delimiter used for principal resolution when type is set to X509Properties.PrincipalTypes.SERIAL_NO_DN.

revocationPolicyThreshold

int revocationPolicyThreshold

Threshold value if expired CRL revocation policy is to be handled via threshold.

checkAll

boolean checkAll

Whether revocation checking should check all resources, or stop at first one.

refreshIntervalSeconds

int refreshIntervalSeconds

The refresh interval of the internal scheduler in cases where CRL revocation checking is done via resources.

principalDescriptor

java.lang.String principalDescriptor

The principal descriptor used for principal resolution when type is set to X509Properties.PrincipalTypes.SUBJECT.

throwOnFetchFailure

boolean throwOnFetchFailure

When CRL revocation checking is done via distribution points, decide if fetch failures should throw errors.

principalType

X509Properties.PrincipalTypes principalType

Indicates the type of principal resolution for X509.

• SERIAL_NO: Resolve the principal by the serial number with a configurable radix, ranging from 2 to 36. If radix is 16, then the serial number could be filled with leading zeros to even the number of digits.
• SERIAL_NO_DN: Resolve the principal by serial number and issuer dn.
• SUBJECT: Resolve the principal by extracting one or more attribute values from the certificate subject DN and combining them with intervening delimiters.
• SUBJECT_ALT_NAME: Resolve the principal by the subject alternative name extension.
• SUBJECT_DN: The default type; Resolve the principal by the certificate’s subject dn.

revocationChecker

java.lang.String revocationChecker

Revocation certificate checking can be carried out in one of the following ways:

• NONE: No revocation is performed.
• CRL: The CRL URI(s) mentioned in the certificate cRLDistributionPoints extension field. Caches are available to prevent excessive IO against CRL endpoints; CRL data is fetched if does not exist in the cache or if it is expired.
• RESOURCE: A CRL hosted at a fixed location. The CRL is fetched at periodic intervals and cached.

crlFetcher

java.lang.String crlFetcher

To fetch CRLs, the following options are available:

• RESOURCE: By default, all revocation checks use fixed resources to fetch the CRL resource from the specified location.
• LDAP: A CRL resource may be fetched from a pre-configured attribute, in the event that the CRL resource location is an LDAP URI.

crlResources

java.util.List<E> crlResources

List of CRL resources to use for fetching.

cacheMaxElementsInMemory

int cacheMaxElementsInMemory

When CRLs are cached, indicate maximum number of elements kept in memory.

cacheDiskOverflow

boolean cacheDiskOverflow

When CRLs are cached, indicate whether cache should overflow to disk.

cacheEternal

boolean cacheEternal

When CRLs are cached, indicate if cache items should be eternal.

cacheTimeToLiveSeconds

long cacheTimeToLiveSeconds

When CRLs are cached, indicate the time-to-live of cache items.

cacheTimeToIdleSeconds

long cacheTimeToIdleSeconds

When CRLs are cached, indicate the idle timeout of cache items.

crlResourceUnavailablePolicy

java.lang.String crlResourceUnavailablePolicy

If the CRL resource is unavailable, activate the this policy. Activated if X509Properties.revocationChecker is RESOURCE. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

crlResourceExpiredPolicy

java.lang.String crlResourceExpiredPolicy

If the CRL resource has expired, activate the this policy. Activated if X509Properties.revocationChecker is RESOURCE. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

crlUnavailablePolicy

java.lang.String crlUnavailablePolicy

If the CRL is unavailable, activate the this policy. Activated if X509Properties.revocationChecker is CRL. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

crlExpiredPolicy

java.lang.String crlExpiredPolicy

If the CRL has expired, activate the this policy. Activated if X509Properties.revocationChecker is CRL. Accepted values are:

• ALLOW: Allow authentication to proceed.
• DENY: Deny authentication and block.
• THRESHOLD: Applicable to CRL expiration, throttle the request whereby expired data is permitted up to a threshold period of time but not afterward.

principalSNRadix

int principalSNRadix

Radix used when X509Properties.principalType is X509Properties.PrincipalTypes.SERIAL_NO.

principalHexSNZeroPadding

boolean principalHexSNZeroPadding

If radix hex padding should be used when X509Properties.principalType is X509Properties.PrincipalTypes.SERIAL_NO.

principal

PersonDirectoryPrincipalResolverProperties principal

Principal resolution properties.

ldap

X509Properties.Ldap ldap

LDAP settings when fetching CRLs from LDAP.

regExTrustedIssuerDnPattern

java.lang.String regExTrustedIssuerDnPattern

The compiled pattern supplied by the deployer.

maxPathLength

int maxPathLength

Deployer supplied setting for maximum pathLength in a SUPPLIED certificate.

maxPathLengthAllowUnspecified

boolean maxPathLengthAllowUnspecified

Deployer supplied setting to allow unlimited pathLength in a SUPPLIED certificate.

checkKeyUsage

boolean checkKeyUsage

Deployer supplied setting to check the KeyUsage extension.

requireKeyUsage

boolean requireKeyUsage

Deployer supplied setting to force require the correct KeyUsage extension.

regExSubjectDnPattern

java.lang.String regExSubjectDnPattern

The pattern that authorizes an acceptable certificate by its subject dn.

name

java.lang.String name

The authentication handler name.

extractCert

boolean extractCert

Whether to extract certificate from request. The default implementation extracts certificate from header via Tomcat SSLValve parsing logic and using the X509Properties.DEFAULT_CERT_HEADER_NAME header. Must be false by default because if someone enables it they need to make sure they are behind proxy that won't let the header arrive directly from the browser.

sslHeaderName

java.lang.String sslHeaderName

The name of the header to consult for an X509 cert (e.g. when behind proxy).

Class org.apereo.cas.configuration.model.support.x509.X509Properties.Ldap extends AbstractLdapSearchProperties implements Serializable

serialVersionUID:

-1655068554291000206L

Serialized Fields

certificateAttribute

java.lang.String certificateAttribute

The LDAP attribute that holds the certificate revocation list.

Package org.apereo.cas.configuration.model.webapp

Class org.apereo.cas.configuration.model.webapp.LocaleProperties extends java.lang.Object implements Serializable

serialVersionUID:

-1644471820900213781L

Serialized Fields

paramName

java.lang.String paramName

Parameter name to use when switching locales.

defaultValue

java.lang.String defaultValue

Default locale.

Class org.apereo.cas.configuration.model.webapp.WebflowProperties extends java.lang.Object implements Serializable

serialVersionUID:

4949978905279568311L

Serialized Fields

crypto

EncryptionRandomizedSigningJwtCryptographyProperties crypto

Encryption/signing setting for webflow.

autoconfigure

boolean autoconfigure

Whether CAS should take control of all spring webflow modifications and dynamically alter views, states and actions.

refresh

boolean refresh

Whether webflow should remain in "live reload" mode, able to auto detect changes and react. This is useful if the location of the webflow is externalized and changes are done ad-hoc to the webflow to accommodate changes.

alwaysPauseRedirect

boolean alwaysPauseRedirect

Whether flow executions should redirect after they pause before rendering.

redirectSameState

boolean redirectSameState

Whether flow executions redirect after they pause for transitions that remain in the same view state.

session

WebflowSessionManagementProperties session

Webflow session management settings.

groovy

WebflowProperties.Groovy groovy

Path to groovy resource that may auto-configure the webflow context dynamically creating/removing states and actions.

Class org.apereo.cas.configuration.model.webapp.WebflowProperties.Groovy extends SpringResourceProperties implements Serializable

serialVersionUID:

8079027843747126083L

Class org.apereo.cas.configuration.model.webapp.WebflowSessionManagementProperties extends java.lang.Object implements Serializable

serialVersionUID:

7479028707118198914L

Serialized Fields

lockTimeout

java.lang.String lockTimeout

Sets the time period that can elapse before a timeout occurs on an attempt to acquire a conversation lock. The default is 30 seconds. Only relevant if session storage is done on the server.

maxConversations

int maxConversations

Using the maxConversations property, you can limit the number of concurrently active conversations allowed in a single session. If the maximum is exceeded, the conversation manager will automatically end the oldest conversation. The default is 5, which should be fine for most situations. Set it to -1 for no limit. Setting maxConversations to 1 allows easy resource cleanup in situations where there should only be one active conversation per session. Only relevant if session storage is done on the server.

compress

boolean compress

Whether or not the snapshots should be compressed.

storage

boolean storage

Controls whether spring webflow sessions are to be stored server-side or client side. By default state is managed on the client side, that is also signed and encrypted.

Package org.apereo.cas.configuration.support

Class org.apereo.cas.configuration.support.BaseRestEndpointProperties extends java.lang.Object implements Serializable

serialVersionUID:

2687020856160473089L

Serialized Fields

url

java.lang.String url

The endpoint URL to contact and retrieve attributes.

basicAuthUsername

java.lang.String basicAuthUsername

If REST endpoint is protected via basic authentication, specify the username for authentication.

basicAuthPassword

java.lang.String basicAuthPassword

If REST endpoint is protected via basic authentication, specify the password for authentication.

Class org.apereo.cas.configuration.support.RestEndpointProperties extends BaseRestEndpointProperties implements Serializable

serialVersionUID:

2687020856160473089L

Serialized Fields

method

java.lang.String method

HTTP method to use when contacting the rest endpoint. Examples include GET, POST, etc.

Class org.apereo.cas.configuration.support.SpringResourceProperties extends java.lang.Object implements Serializable

serialVersionUID:

4142130961445546358L

Package org.apereo.cas.consent

Class org.apereo.cas.consent.BaseConsentRepository extends java.lang.Object implements Serializable

serialVersionUID:

1736846688546785564L

Serialized Fields

consentDecisions

java.util.Set<E> consentDecisions

Class org.apereo.cas.consent.DefaultConsentDecisionBuilder extends java.lang.Object implements Serializable

serialVersionUID:

8220243983483982326L

Class org.apereo.cas.consent.DefaultConsentEngine extends java.lang.Object implements Serializable

serialVersionUID:

-617809298856160625L

Serialized Fields

consentRepository

ConsentRepository consentRepository

consentDecisionBuilder

ConsentDecisionBuilder consentDecisionBuilder

Class org.apereo.cas.consent.GroovyConsentRepository extends BaseConsentRepository implements Serializable

serialVersionUID:

3482998768083902246L

Class org.apereo.cas.consent.InMemoryConsentRepository extends BaseConsentRepository implements Serializable

serialVersionUID:

2701737592960770840L

Class org.apereo.cas.consent.JpaConsentRepository extends java.lang.Object implements Serializable

serialVersionUID:

6599902742493270206L

Class org.apereo.cas.consent.JsonConsentRepository extends BaseConsentRepository implements Serializable

serialVersionUID:

-402728417464783825L

Class org.apereo.cas.consent.LdapConsentRepository extends java.lang.Object implements Serializable

serialVersionUID:

8561763114482490L

Serialized Fields

ldap

ConsentProperties.Ldap ldap

searchFilter

java.lang.String searchFilter

Class org.apereo.cas.consent.MongoDbConsentRepository extends java.lang.Object implements Serializable

serialVersionUID:

7734163279139907616L

Serialized Fields

collectionName

java.lang.String collectionName

Class org.apereo.cas.consent.RestConsentRepository extends java.lang.Object implements Serializable

serialVersionUID:

6583408864586270206L

Serialized Fields

endpoint

java.lang.String endpoint

Package org.apereo.cas.couchdb.services

Class org.apereo.cas.couchdb.services.RegisteredServiceDocument extends org.ektorp.support.CouchDbDocument implements Serializable

serialVersionUID:

-6787906520673248670L

Serialized Fields

service

RegisteredService service

Package org.apereo.cas.couchdb.tickets

Class org.apereo.cas.couchdb.tickets.TicketDocument extends org.ektorp.support.CouchDbDocument implements Serializable

serialVersionUID:

-5460618381339711000L

Serialized Fields

ticket

Ticket ticket

Package org.apereo.cas.digest

Class org.apereo.cas.digest.DigestCredential extends AbstractCredential implements Serializable

serialVersionUID:

1523693794392289803L

Serialized Fields

realm

java.lang.String realm

hash

java.lang.String hash

id

java.lang.String id

Package org.apereo.cas.grouper.services

Class org.apereo.cas.grouper.services.GrouperRegisteredServiceAccessStrategy extends TimeBasedRegisteredServiceAccessStrategy implements Serializable

serialVersionUID:

-3557247044344135788L

Serialized Fields

groupField

GrouperGroupField groupField

Package org.apereo.cas.gua.api

Package org.apereo.cas.gua.impl

Class org.apereo.cas.gua.impl.LdapUserGraphicalAuthenticationRepository extends java.lang.Object implements Serializable

serialVersionUID:

421732017215881244L

Serialized Fields

casProperties

CasConfigurationProperties casProperties

Class org.apereo.cas.gua.impl.StaticUserGraphicalAuthenticationRepository extends java.lang.Object implements Serializable

serialVersionUID:

421732017215881244L

Package org.apereo.cas.interrupt

Class org.apereo.cas.interrupt.InterruptResponse extends java.lang.Object implements Serializable

serialVersionUID:

2558836528840508196L

Serialized Fields

message

java.lang.String message

links

java.util.Map<K,V> links

block

boolean block

ssoEnabled

boolean ssoEnabled

interrupt

boolean interrupt

autoRedirect

boolean autoRedirect

autoRedirectAfterSeconds

long autoRedirectAfterSeconds

Package org.apereo.cas.logout

Class org.apereo.cas.logout.DefaultLogoutRequest extends java.lang.Object implements Serializable

serialVersionUID:

-6411421298859045022L

Serialized Fields

ticketId

java.lang.String ticketId

The service ticket id.

service

WebApplicationService service

The service.

status

LogoutRequestStatus status

The status of the logout request.

logoutUrl

java.net.URL logoutUrl

Class org.apereo.cas.logout.LogoutHttpMessage extends HttpMessage implements Serializable

serialVersionUID:

399581521957873727L

Package org.apereo.cas.metadata.rest

Class org.apereo.cas.metadata.rest.ConfigurationMetadataSearchResult extends org.springframework.boot.configurationmetadata.ConfigurationMetadataProperty implements Serializable

serialVersionUID:

7767348341760984539L

Serialized Fields

order

int order

group

java.lang.String group

requiredProperty

boolean requiredProperty

requiredModule

java.lang.String requiredModule

requiredModuleAutomated

boolean requiredModuleAutomated

Package org.apereo.cas.metrics

Class org.apereo.cas.metrics.MongoDbMetric extends java.lang.Object implements Serializable

serialVersionUID:

8587687286389110789L

Serialized Fields

name

java.lang.String name

value

java.lang.Number value

timestamp

java.util.Date timestamp

Package org.apereo.cas.oidc.claims

Class org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-7302163334687300920L

Serialized Fields

allowedAttributes

java.util.List<E> allowedAttributes

scopeName

java.lang.String scopeName

Class org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy extends BaseOidcScopeAttributeReleasePolicy implements Serializable

serialVersionUID:

1532960981124784595L

Serialized Fields

allowedAttributes

java.util.List<E> allowedAttributes

Class org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy extends BaseOidcScopeAttributeReleasePolicy implements Serializable

serialVersionUID:

-8338967628001071540L

Class org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy extends BaseOidcScopeAttributeReleasePolicy implements Serializable

serialVersionUID:

1532960981124784595L

Serialized Fields

allowedAttributes

java.util.List<E> allowedAttributes

Class org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy extends BaseOidcScopeAttributeReleasePolicy implements Serializable

serialVersionUID:

1532960981124784595L

Serialized Fields

allowedAttributes

java.util.List<E> allowedAttributes

Class org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy extends BaseOidcScopeAttributeReleasePolicy implements Serializable

serialVersionUID:

1532960981124784595L

Serialized Fields

allowedAttributes

java.util.List<E> allowedAttributes

Package org.apereo.cas.oidc.dynareg

Class org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequest extends java.lang.Object implements Serializable

serialVersionUID:

1832102135613155844L

Serialized Fields

redirectUris

java.util.List<E> redirectUris

clientName

java.lang.String clientName

subjectType

java.lang.String subjectType

tokenEndpointAuthMethod

java.lang.String tokenEndpointAuthMethod

scope

java.lang.String scope

grantTypes

java.util.List<E> grantTypes

responseTypes

java.util.List<E> responseTypes

jwksUri

java.lang.String jwksUri

sectorIdentifierUri

java.lang.String sectorIdentifierUri

requestObjectSigningAlg

java.lang.String requestObjectSigningAlg

Class org.apereo.cas.oidc.dynareg.OidcClientRegistrationRequestSerializer extends AbstractJacksonBackedStringSerializer<OidcClientRegistrationRequest> implements Serializable

serialVersionUID:

-4029907481854505324L

Class org.apereo.cas.oidc.dynareg.OidcClientRegistrationResponse extends java.lang.Object implements Serializable

serialVersionUID:

1436206039117219598L

Serialized Fields

clientId

java.lang.String clientId

clientSecret

java.lang.String clientSecret

clientName

java.lang.String clientName

applicationType

java.lang.String applicationType

subjectType

java.lang.String subjectType

grantTypes

java.util.List<E> grantTypes

responseTypes

java.util.List<E> responseTypes

redirectUris

java.util.List<E> redirectUris

requestObjectSigningAlg

java.lang.String requestObjectSigningAlg

tokenEndpointAuthMethod

java.lang.String tokenEndpointAuthMethod

Package org.apereo.cas.pm

Class org.apereo.cas.pm.InvalidPasswordException extends java.lang.RuntimeException implements Serializable

serialVersionUID:

458954862481279L

Serialized Fields

code

java.lang.String code

validationMessage

java.lang.String validationMessage

params

java.lang.Object[] params

Class org.apereo.cas.pm.PasswordChangeBean extends java.lang.Object implements Serializable

serialVersionUID:

8885460875620586503L

Serialized Fields

password

java.lang.String password

confirmedPassword

java.lang.String confirmedPassword

Package org.apereo.cas.rest

Class org.apereo.cas.rest.BadRestRequestException extends java.lang.IllegalArgumentException implements Serializable

serialVersionUID:

6852720596988243487L

Package org.apereo.cas.services

Class org.apereo.cas.services.AbstractRegisteredService extends java.lang.Object implements Serializable

serialVersionUID:

7645279151115635245L

Serialized Fields

serviceId

java.lang.String serviceId

The unique identifier for this service.

name

java.lang.String name

theme

java.lang.String theme

informationUrl

java.lang.String informationUrl

privacyUrl

java.lang.String privacyUrl

responseType

java.lang.String responseType

id

long id

description

java.lang.String description

expirationPolicy

RegisteredServiceExpirationPolicy expirationPolicy

proxyPolicy

RegisteredServiceProxyPolicy proxyPolicy

evaluationOrder

int evaluationOrder

usernameAttributeProvider

RegisteredServiceUsernameAttributeProvider usernameAttributeProvider

logoutType

RegisteredService.LogoutType logoutType

requiredHandlers

java.util.HashSet<E> requiredHandlers

attributeReleasePolicy

RegisteredServiceAttributeReleasePolicy attributeReleasePolicy

multifactorPolicy

RegisteredServiceMultifactorPolicy multifactorPolicy

logo

java.lang.String logo

logoutUrl

java.net.URL logoutUrl

accessStrategy

RegisteredServiceAccessStrategy accessStrategy

publicKey

RegisteredServicePublicKey publicKey

properties

java.util.Map<K,V> properties

contacts

java.util.List<E> contacts

Class org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy extends java.lang.Object implements Serializable

serialVersionUID:

5325460875620586503L

Serialized Fields

attributeFilter

RegisteredServiceAttributeFilter attributeFilter

principalAttributesRepository

PrincipalAttributesRepository principalAttributesRepository

consentPolicy

RegisteredServiceConsentPolicy consentPolicy

authorizedToReleaseCredentialPassword

boolean authorizedToReleaseCredentialPassword

authorizedToReleaseProxyGrantingTicket

boolean authorizedToReleaseProxyGrantingTicket

excludeDefaultAttributes

boolean excludeDefaultAttributes

authorizedToReleaseAuthenticationAttributes

boolean authorizedToReleaseAuthenticationAttributes

principalIdAttribute

java.lang.String principalIdAttribute

Class org.apereo.cas.services.AnonymousRegisteredServiceUsernameAttributeProvider extends BaseRegisteredServiceUsernameAttributeProvider implements Serializable

serialVersionUID:

7050462900237284803L

Serialized Fields

persistentIdGenerator

PersistentIdGenerator persistentIdGenerator

Encoder to generate PseudoIds.

Class org.apereo.cas.services.BaseRegisteredServiceUsernameAttributeProvider extends java.lang.Object implements Serializable

serialVersionUID:

-8381275200333399951L

Serialized Fields

canonicalizationMode

java.lang.String canonicalizationMode

encryptUsername

boolean encryptUsername

Class org.apereo.cas.services.BaseSurrogateRegisteredServiceAccessStrategy extends DefaultRegisteredServiceAccessStrategy implements Serializable

serialVersionUID:

-3975861635454453130L

Class org.apereo.cas.services.ChainingAttributeReleasePolicy extends java.lang.Object implements Serializable

serialVersionUID:

3795054936775326709L

Serialized Fields

policies

java.util.List<E> policies

Class org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy extends java.lang.Object implements Serializable

serialVersionUID:

1245279151345635245L

Serialized Fields

order

int order

The sorting/execution order of this strategy.

enabled

boolean enabled

Is the service allowed at all?

ssoEnabled

boolean ssoEnabled

Is the service allowed to use SSO?

unauthorizedRedirectUrl

java.net.URI unauthorizedRedirectUrl

The Unauthorized redirect url.

delegatedAuthenticationPolicy

RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy

The delegated authn policy.

requireAllAttributes

boolean requireAllAttributes

Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.

requiredAttributes

java.util.Map<K,V> requiredAttributes

Collection of required attributes for this service to proceed.

rejectedAttributes

java.util.Map<K,V> rejectedAttributes

Collection of attributes that will be rejected which will cause this policy to refuse access.

caseInsensitive

boolean caseInsensitive

Indicates whether matching on required attribute values should be done in a case-insensitive manner.

Class org.apereo.cas.services.DefaultRegisteredServiceContact extends java.lang.Object implements Serializable

serialVersionUID:

1324660891900737066L

Serialized Fields

id

long id

name

java.lang.String name

email

java.lang.String email

phone

java.lang.String phone

department

java.lang.String department

Class org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy extends java.lang.Object implements Serializable

serialVersionUID:

-784106970642770923L

Serialized Fields

allowedProviders

java.util.Collection<E> allowedProviders

Class org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy extends java.lang.Object implements Serializable

serialVersionUID:

5106652807554743500L

Serialized Fields

deleteWhenExpired

boolean deleteWhenExpired

notifyWhenDeleted

boolean notifyWhenDeleted

expirationDate

java.lang.String expirationDate

Class org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy extends java.lang.Object implements Serializable

serialVersionUID:

-3068390754996358337L

Serialized Fields

multifactorAuthenticationProviders

java.util.Set<E> multifactorAuthenticationProviders

failureMode

RegisteredServiceMultifactorPolicy.FailureModes failureMode

principalAttributeNameTrigger

java.lang.String principalAttributeNameTrigger

principalAttributeValueToMatch

java.lang.String principalAttributeValueToMatch

bypassEnabled

boolean bypassEnabled

Class org.apereo.cas.services.DefaultRegisteredServiceProperty extends java.lang.Object implements Serializable

serialVersionUID:

1349556364689133211L

Serialized Fields

id

long id

values

java.util.HashSet<E> values

Class org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider extends BaseRegisteredServiceUsernameAttributeProvider implements Serializable

serialVersionUID:

5823989148794052951L

Class org.apereo.cas.services.DenyAllAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-6215588543966639050L

Class org.apereo.cas.services.GroovyRegisteredServiceAccessStrategy extends java.lang.Object implements Serializable

serialVersionUID:

-2407494148882123062L

Serialized Fields

order

int order

The sorting/execution order of this strategy.

groovyScript

java.lang.String groovyScript

Class org.apereo.cas.services.GroovyRegisteredServiceMultifactorPolicy extends java.lang.Object implements Serializable

serialVersionUID:

-3075860754996106437L

Serialized Fields

groovyScript

java.lang.String groovyScript

Class org.apereo.cas.services.GroovyRegisteredServiceUsernameProvider extends BaseRegisteredServiceUsernameAttributeProvider implements Serializable

serialVersionUID:

5823989148794052951L

Serialized Fields

groovyScript

java.lang.String groovyScript

Class org.apereo.cas.services.GroovyScriptAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

1703080077563402223L

Serialized Fields

groovyScript

java.lang.String groovyScript

Class org.apereo.cas.services.GroovySurrogateRegisteredServiceAccessStrategy extends BaseSurrogateRegisteredServiceAccessStrategy implements Serializable

serialVersionUID:

-3998531629984937388L

Serialized Fields

groovyScript

java.lang.String groovyScript

Class org.apereo.cas.services.OidcRegisteredService extends OAuthRegisteredService implements Serializable

serialVersionUID:

1310899699465091444L

Serialized Fields

jwks

java.lang.String jwks

signIdToken

boolean signIdToken

encryptIdToken

boolean encryptIdToken

idTokenEncryptionAlg

java.lang.String idTokenEncryptionAlg

idTokenEncryptionEncoding

java.lang.String idTokenEncryptionEncoding

sectorIdentifierUri

java.lang.String sectorIdentifierUri

subjectType

java.lang.String subjectType

dynamicallyRegistered

boolean dynamicallyRegistered

implicit

boolean implicit

dynamicRegistrationDateTime

java.time.ZonedDateTime dynamicRegistrationDateTime

scopes

java.util.HashSet<E> scopes

Class org.apereo.cas.services.PairwiseOidcRegisteredServiceUsernameAttributeProvider extends BaseRegisteredServiceUsernameAttributeProvider implements Serializable

serialVersionUID:

469929103943101717L

Serialized Fields

persistentIdGenerator

PersistentIdGenerator persistentIdGenerator

Class org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider extends BaseRegisteredServiceUsernameAttributeProvider implements Serializable

serialVersionUID:

-3546719400741715137L

Serialized Fields

usernameAttribute

java.lang.String usernameAttribute

Class org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy extends java.lang.Object implements Serializable

serialVersionUID:

-5718445151129901484L

Class org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy extends java.lang.Object implements Serializable

serialVersionUID:

-211069319543047324L

Serialized Fields

pattern

java.lang.String pattern

Class org.apereo.cas.services.RegexRegisteredService extends AbstractRegisteredService implements Serializable

serialVersionUID:

-8258660210826975771L

Class org.apereo.cas.services.RegisteredServicePublicKeyImpl extends java.lang.Object implements Serializable

serialVersionUID:

-8497658523695695863L

Serialized Fields

location

java.lang.String location

algorithm

java.lang.String algorithm

publicKeyFactoryBeanClass

java.lang.Class<T> publicKeyFactoryBeanClass

Class org.apereo.cas.services.RemoteEndpointServiceAccessStrategy extends DefaultRegisteredServiceAccessStrategy implements Serializable

serialVersionUID:

-1108201604115278440L

Serialized Fields

endpointUrl

java.lang.String endpointUrl

acceptableResponseCodes

java.lang.String acceptableResponseCodes

Class org.apereo.cas.services.ReturnAllAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

5519257723778012771L

Class org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-5771481877391140569L

Serialized Fields

allowedAttributes

java.util.List<E> allowedAttributes

Class org.apereo.cas.services.ReturnMappedAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-6249488544306639050L

Serialized Fields

allowedAttributes

java.util.Map<K,V> allowedAttributes

Class org.apereo.cas.services.ReturnRestfulAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-6249488544306639050L

Serialized Fields

endpoint

java.lang.String endpoint

Class org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-979532578142774128L

Serialized Fields

scriptFile

java.lang.String scriptFile

Class org.apereo.cas.services.ScriptedRegisteredServiceUsernameProvider extends BaseRegisteredServiceUsernameAttributeProvider implements Serializable

serialVersionUID:

-678554831202936052L

Serialized Fields

script

java.lang.String script

Class org.apereo.cas.services.SurrogateRegisteredServiceAccessStrategy extends BaseSurrogateRegisteredServiceAccessStrategy implements Serializable

serialVersionUID:

-1688944419711632962L

Serialized Fields

surrogateEnabled

boolean surrogateEnabled

surrogateRequiredAttributes

java.util.Map<K,V> surrogateRequiredAttributes

Class org.apereo.cas.services.TimeBasedRegisteredServiceAccessStrategy extends DefaultRegisteredServiceAccessStrategy implements Serializable

serialVersionUID:

-6180748828025837047L

Serialized Fields

startingDateTime

java.lang.String startingDateTime

endingDateTime

java.lang.String endingDateTime

Class org.apereo.cas.services.UnauthorizedProxyingException extends UnauthorizedServiceException implements Serializable

serialVersionUID:

-7307803750894078575L

Class org.apereo.cas.services.UnauthorizedServiceException extends java.lang.RuntimeException implements Serializable

serialVersionUID:

3905807495715960369L

Serialized Fields

code

java.lang.String code

Class org.apereo.cas.services.UnauthorizedServiceForPrincipalException extends UnauthorizedServiceException implements Serializable

serialVersionUID:

8909291297815558561L

Serialized Fields

registeredService

RegisteredService registeredService

principalId

java.lang.String principalId

attributes

java.util.Map<K,V> attributes

Class org.apereo.cas.services.UnauthorizedSsoServiceException extends UnauthorizedServiceException implements Serializable

serialVersionUID:

8909291297815558561L

Package org.apereo.cas.services.consent

Class org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy extends java.lang.Object implements Serializable

serialVersionUID:

-2771506941879419063L

Serialized Fields

enabled

boolean enabled

excludedAttributes

java.util.Set<E> excludedAttributes

includeOnlyAttributes

java.util.Set<E> includeOnlyAttributes

Package org.apereo.cas.services.support

Class org.apereo.cas.services.support.RegisteredServiceChainingAttributeFilter extends java.lang.Object implements Serializable

serialVersionUID:

903015750234610128L

Serialized Fields

filters

java.util.List<E> filters

Class org.apereo.cas.services.support.RegisteredServiceMappedRegexAttributeFilter extends java.lang.Object implements Serializable

serialVersionUID:

852145306984610128L

Serialized Fields

patterns

java.util.Map<K,V> patterns

excludeUnmappedAttributes

boolean excludeUnmappedAttributes

caseInsensitive

boolean caseInsensitive

completeMatch

boolean completeMatch

order

int order

Class org.apereo.cas.services.support.RegisteredServiceMutantRegexAttributeFilter extends RegisteredServiceMappedRegexAttributeFilter implements Serializable

serialVersionUID:

543145306984660628L

Class org.apereo.cas.services.support.RegisteredServiceRegexAttributeFilter extends java.lang.Object implements Serializable

serialVersionUID:

403015306984610128L

Serialized Fields

compiledPattern

java.util.regex.Pattern compiledPattern

pattern

java.lang.String pattern

order

int order

Class org.apereo.cas.services.support.RegisteredServiceReverseMappedRegexAttributeFilter extends RegisteredServiceMappedRegexAttributeFilter implements Serializable

serialVersionUID:

852145306984610128L

Class org.apereo.cas.services.support.RegisteredServiceScriptedAttributeFilter extends java.lang.Object implements Serializable

serialVersionUID:

122972056984610198L

Serialized Fields

order

int order

script

java.lang.String script

Package org.apereo.cas.services.util

Class org.apereo.cas.services.util.CasAddonsRegisteredServicesJsonSerializer extends DefaultRegisteredServiceJsonSerializer implements Serializable

serialVersionUID:

1874802012930264278L

Serialized Fields

objectMapper

com.fasterxml.jackson.databind.ObjectMapper objectMapper

Class org.apereo.cas.services.util.DefaultRegisteredServiceJsonSerializer extends AbstractJacksonBackedStringSerializer<RegisteredService> implements Serializable

serialVersionUID:

7645698151115635245L

Class org.apereo.cas.services.util.RegisteredServiceYamlSerializer extends DefaultRegisteredServiceJsonSerializer implements Serializable

serialVersionUID:

-6026921045861422473L

Package org.apereo.cas.support.events

Class org.apereo.cas.support.events.AbstractCasEvent extends org.springframework.context.ApplicationEvent implements Serializable

serialVersionUID:

8059647975948452375L

Package org.apereo.cas.support.events.audit

Class org.apereo.cas.support.events.audit.CasAuditActionContextRecordedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-1262975970594313844L

Serialized Fields

auditActionContext

org.apereo.inspektr.audit.AuditActionContext auditActionContext

Package org.apereo.cas.support.events.authentication

Class org.apereo.cas.support.events.authentication.CasAuthenticationPolicyFailureEvent extends CasAuthenticationTransactionFailureEvent implements Serializable

serialVersionUID:

2208076621158767073L

Serialized Fields

authentication

Authentication authentication

Class org.apereo.cas.support.events.authentication.CasAuthenticationPrincipalResolvedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-1862937393594313844L

Serialized Fields

principal

Principal principal

Class org.apereo.cas.support.events.authentication.CasAuthenticationTransactionCompletedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-1862538693590213844L

Serialized Fields

authentication

Authentication authentication

Class org.apereo.cas.support.events.authentication.CasAuthenticationTransactionFailureEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

8059647975948452375L

Serialized Fields

failures

java.util.Map<K,V> failures

credential

java.util.Collection<E> credential

Class org.apereo.cas.support.events.authentication.CasAuthenticationTransactionStartedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-1862937393590213811L

Serialized Fields

credential

Credential credential

Class org.apereo.cas.support.events.authentication.CasAuthenticationTransactionSuccessfulEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

8059647975948452375L

Serialized Fields

credential

Credential credential

Package org.apereo.cas.support.events.authentication.adaptive

Class org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationEvaluationStartedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

748568299766263298L

Serialized Fields

authentication

Authentication authentication

service

RegisteredService service

Class org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationMitigationStartedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

123568299766263298L

Serialized Fields

authentication

Authentication authentication

service

RegisteredService service

score

java.lang.Object score

Class org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationDetectedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

291168297497263298L

Serialized Fields

authentication

Authentication authentication

service

RegisteredService service

score

java.lang.Object score

Class org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationMitigatedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

291198069766263578L

Serialized Fields

authentication

Authentication authentication

service

RegisteredService service

response

java.lang.Object response

Package org.apereo.cas.support.events.authentication.surrogate

Class org.apereo.cas.support.events.authentication.surrogate.CasSurrogateAuthenticationFailureEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

8059647975948452375L

Serialized Fields

principal

Principal principal

surrogate

java.lang.String surrogate

Class org.apereo.cas.support.events.authentication.surrogate.CasSurrogateAuthenticationSuccessfulEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

8059647975948452375L

Serialized Fields

principal

Principal principal

surrogate

java.lang.String surrogate

Package org.apereo.cas.support.events.config

Class org.apereo.cas.support.events.config.CasConfigurationCreatedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-9038763901650896455L

Class org.apereo.cas.support.events.config.CasConfigurationDeletedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-5738769364210896455L

Class org.apereo.cas.support.events.config.CasConfigurationModifiedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-5738763037210896455L

Serialized Fields

override

boolean override

Package org.apereo.cas.support.events.service

Class org.apereo.cas.support.events.service.BaseCasRegisteredServiceEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

7828374109804253319L

Class org.apereo.cas.support.events.service.CasRegisteredServiceDeletedEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

-8963214046458085393L

Serialized Fields

registeredService

RegisteredService registeredService

Class org.apereo.cas.support.events.service.CasRegisteredServiceExpiredEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

291168299766263298L

Serialized Fields

registeredService

RegisteredService registeredService

Class org.apereo.cas.support.events.service.CasRegisteredServiceLoadedEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

290988299766263298L

Serialized Fields

registeredService

RegisteredService registeredService

Class org.apereo.cas.support.events.service.CasRegisteredServicePreDeleteEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

-8964760046458085393L

Serialized Fields

registeredService

RegisteredService registeredService

Class org.apereo.cas.support.events.service.CasRegisteredServicePreSaveEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

290988299766263298L

Serialized Fields

registeredService

RegisteredService registeredService

Class org.apereo.cas.support.events.service.CasRegisteredServiceSavedEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

291168299766263298L

Serialized Fields

registeredService

RegisteredService registeredService

Class org.apereo.cas.support.events.service.CasRegisteredServicesDeletedEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

-8963214046458085393L

Class org.apereo.cas.support.events.service.CasRegisteredServicesLoadedEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

291168299712263298L

Serialized Fields

services

java.util.Collection<E> services

Class org.apereo.cas.support.events.service.CasRegisteredServicesRefreshEvent extends BaseCasRegisteredServiceEvent implements Serializable

serialVersionUID:

291168299766263298L

Package org.apereo.cas.support.events.ticket

Class org.apereo.cas.support.events.ticket.CasProxyGrantingTicketCreatedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-1862937393590213844L

Serialized Fields

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

Class org.apereo.cas.support.events.ticket.CasProxyTicketGrantedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

128616377249711105L

Serialized Fields

proxyGrantingTicket

ProxyGrantingTicket proxyGrantingTicket

proxyTicket

ProxyTicket proxyTicket

Class org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

128616377249711105L

Serialized Fields

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

serviceTicket

ServiceTicket serviceTicket

Class org.apereo.cas.support.events.ticket.CasServiceTicketValidatedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-1218257740549089556L

Serialized Fields

serviceTicket

ServiceTicket serviceTicket

Class org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreatedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

-1862937393590213844L

Serialized Fields

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

Class org.apereo.cas.support.events.ticket.CasTicketGrantingTicketDestroyedEvent extends AbstractCasEvent implements Serializable

serialVersionUID:

584961303690286494L

Serialized Fields

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

Package org.apereo.cas.support.oauth.services

Class org.apereo.cas.support.oauth.services.OAuth20AuthenticationServiceSelectionStrategy extends java.lang.Object implements Serializable

serialVersionUID:

8517547235465666978L

Serialized Fields

callbackUrl

java.lang.String callbackUrl

order

int order

Class org.apereo.cas.support.oauth.services.OAuthRegisteredService extends RegexRegisteredService implements Serializable

serialVersionUID:

5318897374067731021L

Serialized Fields

clientSecret

java.lang.String clientSecret

clientId

java.lang.String clientId

bypassApprovalPrompt

boolean bypassApprovalPrompt

generateRefreshToken

boolean generateRefreshToken

jsonFormat

boolean jsonFormat

supportedGrantTypes

java.util.HashSet<E> supportedGrantTypes

supportedResponseTypes

java.util.HashSet<E> supportedResponseTypes

Package org.apereo.cas.support.oauth.web.flow

Class org.apereo.cas.support.oauth.web.flow.OAuth20RegisteredServiceUIAction extends org.springframework.webflow.action.AbstractAction implements Serializable

serialVersionUID:

5588216693657081923L

Serialized Fields

serviceSelectionStrategy

AuthenticationServiceSelectionStrategy serviceSelectionStrategy

Package org.apereo.cas.support.openid.authentication.principal

Class org.apereo.cas.support.openid.authentication.principal.OpenIdCredential extends java.lang.Object implements Serializable

serialVersionUID:

-6535869729412406133L

Serialized Fields

ticketGrantingTicketId

java.lang.String ticketGrantingTicketId

username

java.lang.String username

Class org.apereo.cas.support.openid.authentication.principal.OpenIdService extends AbstractWebApplicationService implements Serializable

serialVersionUID:

5776500133123291301L

Serialized Fields

identity

java.lang.String identity

Class org.apereo.cas.support.openid.authentication.principal.OpenIdServiceResponseBuilder extends AbstractWebApplicationServiceResponseBuilder implements Serializable

serialVersionUID:

-4581238964007702423L

Serialized Fields

serverManager

org.openid4java.server.ServerManager serverManager

openIdPrefixUrl

java.lang.String openIdPrefixUrl

Package org.apereo.cas.support.openid.web.mvc

Class org.apereo.cas.support.openid.web.mvc.SmartOpenIdController extends AbstractDelegateController implements Serializable

serialVersionUID:

-594058549445950430L

Package org.apereo.cas.support.saml

Class org.apereo.cas.support.saml.SamlException extends RootCasException implements Serializable

serialVersionUID:

801270467754480446L

Class org.apereo.cas.support.saml.ShibbolethIdPEntityIdAuthenticationServiceSelectionStrategy extends java.lang.Object implements Serializable

serialVersionUID:

-2059445756475980894L

Serialized Fields

order

int order

idpServerPrefix

java.lang.String idpServerPrefix

Package org.apereo.cas.support.saml.authentication.principal

Class org.apereo.cas.support.saml.authentication.principal.GoogleAccountsService extends AbstractWebApplicationService implements Serializable

serialVersionUID:

6678711809842282833L

Serialized Fields

relayState

java.lang.String relayState

requestId

java.lang.String requestId

Class org.apereo.cas.support.saml.authentication.principal.GoogleAccountsServiceResponseBuilder extends AbstractWebApplicationServiceResponseBuilder implements Serializable

serialVersionUID:

-4584732364007702423L

Serialized Fields

privateKey

java.security.PrivateKey privateKey

publicKey

java.security.PublicKey publicKey

publicKeyLocation

java.lang.String publicKeyLocation

privateKeyLocation

java.lang.String privateKeyLocation

keyAlgorithm

java.lang.String keyAlgorithm

samlObjectBuilder

GoogleSaml20ObjectBuilder samlObjectBuilder

skewAllowance

int skewAllowance

casServerPrefix

java.lang.String casServerPrefix

Class org.apereo.cas.support.saml.authentication.principal.SamlService extends AbstractWebApplicationService implements Serializable

serialVersionUID:

-6867572626767140223L

Serialized Fields

requestId

java.lang.String requestId

Class org.apereo.cas.support.saml.authentication.principal.SamlServiceResponseBuilder extends AbstractWebApplicationServiceResponseBuilder implements Serializable

serialVersionUID:

-4584738964007702003L

Package org.apereo.cas.support.saml.mdui

Class org.apereo.cas.support.saml.mdui.SamlMetadataUIInfo extends DefaultRegisteredServiceUserInterfaceInfo implements Serializable

serialVersionUID:

-1434801982864628179L

Serialized Fields

locale

java.lang.String locale

Package org.apereo.cas.support.saml.services

Class org.apereo.cas.support.saml.services.BaseSamlRegisteredServiceAttributeReleasePolicy extends ReturnAllowedAttributeReleasePolicy implements Serializable

serialVersionUID:

-3301632236702329694L

Class org.apereo.cas.support.saml.services.GroovySamlRegisteredServiceAttributeReleasePolicy extends BaseSamlRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

3020434998499030162L

Serialized Fields

groovyScript

java.lang.String groovyScript

Class org.apereo.cas.support.saml.services.InCommonRSAttributeReleasePolicy extends MetadataEntityAttributesAttributeReleasePolicy implements Serializable

serialVersionUID:

1532960981124784595L

Serialized Fields

allowedAttributes

java.util.List<E> allowedAttributes

Class org.apereo.cas.support.saml.services.MetadataEntityAttributesAttributeReleasePolicy extends BaseSamlRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-3483733307124962357L

Serialized Fields

entityAttribute

java.lang.String entityAttribute

entityAttributeFormat

java.lang.String entityAttributeFormat

entityAttributeValues

java.util.Set<E> entityAttributeValues

Class org.apereo.cas.support.saml.services.MetadataRequestedAttributesAttributeReleasePolicy extends BaseSamlRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-3483733307124962357L

Serialized Fields

useFriendlyName

boolean useFriendlyName

Class org.apereo.cas.support.saml.services.PatternMatchingEntityIdAttributeReleasePolicy extends BaseSamlRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

2633701342213724854L

Serialized Fields

entityIds

java.lang.String entityIds

fullMatch

boolean fullMatch

Class org.apereo.cas.support.saml.services.SamlIdPEntityIdAuthenticationServiceSelectionStrategy extends java.lang.Object implements Serializable

serialVersionUID:

-2059445756475980894L

Serialized Fields

order

int order

casServiceUrlPattern

java.lang.String casServiceUrlPattern

Class org.apereo.cas.support.saml.services.SamlRegisteredService extends RegexRegisteredService implements Serializable

serialVersionUID:

1218757374062931021L

Serialized Fields

metadataLocation

java.lang.String metadataLocation

metadataMaxValidity

long metadataMaxValidity

Defines a filter that requires the presence of a validUntil attribute on the root element of the metadata document. A maximum validity interval of less than 1 means that no restriction is placed on the metadata's validUntil attribute.

requiredAuthenticationContextClass

java.lang.String requiredAuthenticationContextClass

metadataCriteriaDirection

java.lang.String metadataCriteriaDirection

metadataCriteriaPattern

java.lang.String metadataCriteriaPattern

requiredNameIdFormat

java.lang.String requiredNameIdFormat

metadataSignatureLocation

java.lang.String metadataSignatureLocation

serviceProviderNameIdQualifier

java.lang.String serviceProviderNameIdQualifier

nameIdQualifier

java.lang.String nameIdQualifier

metadataExpirationDuration

java.lang.String metadataExpirationDuration

signAssertions

boolean signAssertions

skipGeneratingAssertionNameId

boolean skipGeneratingAssertionNameId

skipGeneratingSubjectConfirmationInResponseTo

boolean skipGeneratingSubjectConfirmationInResponseTo

skipGeneratingSubjectConfirmationNotOnOrAfter

boolean skipGeneratingSubjectConfirmationNotOnOrAfter

skipGeneratingSubjectConfirmationRecipient

boolean skipGeneratingSubjectConfirmationRecipient

skipGeneratingSubjectConfirmationNotBefore

boolean skipGeneratingSubjectConfirmationNotBefore

signResponses

boolean signResponses

encryptAssertions

boolean encryptAssertions

metadataCriteriaRoles

java.lang.String metadataCriteriaRoles

metadataCriteriaRemoveEmptyEntitiesDescriptors

boolean metadataCriteriaRemoveEmptyEntitiesDescriptors

metadataCriteriaRemoveRolelessEntityDescriptors

boolean metadataCriteriaRemoveRolelessEntityDescriptors

signingCredentialType

java.lang.String signingCredentialType

assertionAudiences

java.lang.String assertionAudiences

attributeNameFormats

java.util.Map<K,V> attributeNameFormats

attributeFriendlyNames

java.util.Map<K,V> attributeFriendlyNames

Package org.apereo.cas.support.saml.services.idp.metadata.cache

Class org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCacheKey extends java.lang.Object implements Serializable

serialVersionUID:

-7238573226470492601L

Serialized Fields

id

java.lang.String id

registeredService

SamlRegisteredService registeredService

Package org.apereo.cas.support.saml.util

Class org.apereo.cas.support.saml.util.AbstractSaml20ObjectBuilder extends AbstractSamlObjectBuilder implements Serializable

serialVersionUID:

-4325127376598205277L

Class org.apereo.cas.support.saml.util.AbstractSamlObjectBuilder extends java.lang.Object implements Serializable

serialVersionUID:

-6833230731146922780L

Serialized Fields

configBean

OpenSamlConfigBean configBean

The Config bean.

Class org.apereo.cas.support.saml.util.GoogleSaml20ObjectBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

2979638064754730668L

Class org.apereo.cas.support.saml.util.Saml10ObjectBuilder extends AbstractSamlObjectBuilder implements Serializable

serialVersionUID:

-4711012620700270554L

Package org.apereo.cas.support.saml.web.idp.profile.builders.assertion

Class org.apereo.cas.support.saml.web.idp.profile.builders.assertion.SamlProfileSamlAssertionBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

-3945938960014421135L

Serialized Fields

casProperties

CasConfigurationProperties casProperties

samlProfileSamlAuthNStatementBuilder

SamlProfileObjectBuilder<T extends org.opensaml.core.xml.XMLObject> samlProfileSamlAuthNStatementBuilder

samlProfileSamlAttributeStatementBuilder

SamlProfileObjectBuilder<T extends org.opensaml.core.xml.XMLObject> samlProfileSamlAttributeStatementBuilder

samlProfileSamlSubjectBuilder

SamlProfileObjectBuilder<T extends org.opensaml.core.xml.XMLObject> samlProfileSamlSubjectBuilder

samlProfileSamlConditionsBuilder

SamlProfileObjectBuilder<T extends org.opensaml.core.xml.XMLObject> samlProfileSamlConditionsBuilder

Package org.apereo.cas.support.saml.web.idp.profile.builders.attr

Class org.apereo.cas.support.saml.web.idp.profile.builders.attr.SamlProfileSamlAttributeStatementBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

1815697787562189088L

Serialized Fields

casProperties

CasConfigurationProperties casProperties

Package org.apereo.cas.support.saml.web.idp.profile.builders.authn

Class org.apereo.cas.support.saml.web.idp.profile.builders.authn.SamlProfileSamlAuthNStatementBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

8761566449790497226L

Serialized Fields

casProperties

CasConfigurationProperties casProperties

Package org.apereo.cas.support.saml.web.idp.profile.builders.conditions

Class org.apereo.cas.support.saml.web.idp.profile.builders.conditions.SamlProfileSamlConditionsBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

126393045912318783L

Serialized Fields

casProperties

CasConfigurationProperties casProperties

Package org.apereo.cas.support.saml.web.idp.profile.builders.nameid

Class org.apereo.cas.support.saml.web.idp.profile.builders.nameid.SamlProfileSamlNameIdBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

-6231886395225437320L

Serialized Fields

persistentIdGenerator

PersistentIdGenerator persistentIdGenerator

Package org.apereo.cas.support.saml.web.idp.profile.builders.response

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.BaseSamlProfileSamlResponseBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

-1891703354216174875L

Serialized Fields

samlObjectSigner

SamlIdPObjectSigner samlObjectSigner

The Saml object encoder.

velocityEngineFactory

org.apache.velocity.app.VelocityEngine velocityEngineFactory

The Velocity engine factory.

casProperties

CasConfigurationProperties casProperties

CAS settings.

samlProfileSamlAssertionBuilder

SamlProfileObjectBuilder<T extends org.opensaml.core.xml.XMLObject> samlProfileSamlAssertionBuilder

samlObjectEncrypter

SamlObjectEncrypter samlObjectEncrypter

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder extends BaseSamlProfileSamlResponseBuilder<org.opensaml.saml.saml2.core.Response> implements Serializable

serialVersionUID:

1488837627964481272L

Package org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactFaultResponseBuilder extends SamlProfileSamlSoap11FaultResponseBuilder implements Serializable

serialVersionUID:

-5582616946993706815L

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.artifact.SamlProfileArtifactResponseBuilder extends SamlProfileSamlSoap11ResponseBuilder implements Serializable

serialVersionUID:

-5582616946993706815L

Package org.apereo.cas.support.saml.web.idp.profile.builders.response.query

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryFaultResponseBuilder extends SamlProfileSamlSoap11FaultResponseBuilder implements Serializable

serialVersionUID:

-5582616946993706815L

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.query.SamlProfileAttributeQueryResponseBuilder extends SamlProfileSamlSoap11ResponseBuilder implements Serializable

serialVersionUID:

-5582616946993706815L

Package org.apereo.cas.support.saml.web.idp.profile.builders.response.soap

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11FaultResponseBuilder extends SamlProfileSamlSoap11ResponseBuilder implements Serializable

serialVersionUID:

-1875903354216171261L

Class org.apereo.cas.support.saml.web.idp.profile.builders.response.soap.SamlProfileSamlSoap11ResponseBuilder extends BaseSamlProfileSamlResponseBuilder<org.opensaml.soap.soap11.Envelope> implements Serializable

serialVersionUID:

-1875903354216171261L

Serialized Fields

saml2ResponseBuilder

SamlProfileObjectBuilder<T extends org.opensaml.core.xml.XMLObject> saml2ResponseBuilder

SAML2 response builder for the soap body.

Package org.apereo.cas.support.saml.web.idp.profile.builders.subject

Class org.apereo.cas.support.saml.web.idp.profile.builders.subject.SamlProfileSamlSubjectBuilder extends AbstractSaml20ObjectBuilder implements Serializable

serialVersionUID:

4782621942035583007L

Serialized Fields

ssoPostProfileSamlNameIdBuilder

SamlProfileObjectBuilder<T extends org.opensaml.core.xml.XMLObject> ssoPostProfileSamlNameIdBuilder

skewAllowance

int skewAllowance

Package org.apereo.cas.support.spnego.authentication.principal

Class org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential extends java.lang.Object implements Serializable

serialVersionUID:

84084596791289548L

Serialized Fields

initToken

byte[] initToken

The SPNEGO Init Token.

nextToken

byte[] nextToken

The SPNEGO Next Token.

principal

Principal principal

The Principal.

isNtlm

boolean isNtlm

The authentication type should be Kerberos or NTLM.

Package org.apereo.cas.support.wsfederation

Class org.apereo.cas.support.wsfederation.WsFederationConfiguration extends java.lang.Object implements Serializable

serialVersionUID:

2310859477512242659L

Serialized Fields

encryptionPrivateKeyPassword

java.lang.String encryptionPrivateKeyPassword

identityAttribute

java.lang.String identityAttribute

identityProviderIdentifier

java.lang.String identityProviderIdentifier

identityProviderUrl

java.lang.String identityProviderUrl

relyingPartyIdentifier

java.lang.String relyingPartyIdentifier

tolerance

long tolerance

autoRedirect

boolean autoRedirect

attributesType

WsFederationConfiguration.WsFedPrincipalResolutionAttributesType attributesType

attributeMutator

WsFederationAttributeMutator attributeMutator

name

java.lang.String name

id

java.lang.String id

Package org.apereo.cas.support.wsfederation.authentication.principal

Class org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential extends java.lang.Object implements Serializable

serialVersionUID:

-824605020472810939L

Serialized Fields

audience

java.lang.String audience

authenticationMethod

java.lang.String authenticationMethod

id

java.lang.String id

issuer

java.lang.String issuer

issuedOn

java.time.ZonedDateTime issuedOn

notBefore

java.time.ZonedDateTime notBefore

notOnOrAfter

java.time.ZonedDateTime notOnOrAfter

retrievedOn

java.time.ZonedDateTime retrievedOn

attributes

java.util.Map<K,V> attributes

Package org.apereo.cas.support.wsfederation.web

Class org.apereo.cas.support.wsfederation.web.WsFederationCookieSerializer extends AbstractJacksonBackedStringSerializer<java.util.Map> implements Serializable

serialVersionUID:

-1152522695984638020L

Package org.apereo.cas.ticket

Class org.apereo.cas.ticket.AbstractTicket extends java.lang.Object implements Serializable

serialVersionUID:

-8506442397878267555L

Serialized Fields

expirationPolicy

ExpirationPolicy expirationPolicy

The ExpirationPolicy this ticket is associated with.

id

java.lang.String id

The unique identifier for this ticket.

lastTimeUsed

java.time.ZonedDateTime lastTimeUsed

The last time this ticket was used.

previousTimeUsed

java.time.ZonedDateTime previousTimeUsed

The previous last time this ticket was used.

creationTime

java.time.ZonedDateTime creationTime

The time the ticket was created.

countOfUses

int countOfUses

The number of times this was used.

expired

java.lang.Boolean expired

Flag to enforce manual expiration.

Class org.apereo.cas.ticket.AbstractTicketException extends RootCasException implements Serializable

serialVersionUID:

-5128676415951733624L

Class org.apereo.cas.ticket.AbstractTicketValidationException extends AbstractTicketException implements Serializable

serialVersionUID:

3257004341537093175L

Serialized Fields

service

Service service

Class org.apereo.cas.ticket.DefaultSecurityTokenTicket extends AbstractTicket implements Serializable

serialVersionUID:

3940671352560102114L

Serialized Fields

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

securityToken

java.lang.String securityToken

Class org.apereo.cas.ticket.InvalidProxyGrantingTicketForServiceTicketException extends AbstractTicketValidationException implements Serializable

serialVersionUID:

2120177571513373134L

Class org.apereo.cas.ticket.InvalidTicketException extends AbstractTicketException implements Serializable

serialVersionUID:

9141891414482490L

Serialized Fields

ticketId

java.lang.String ticketId

Class org.apereo.cas.ticket.ProxyGrantingTicketImpl extends TicketGrantingTicketImpl implements Serializable

serialVersionUID:

-8126909926138945649L

Class org.apereo.cas.ticket.ProxyTicketImpl extends ServiceTicketImpl implements Serializable

serialVersionUID:

-4469960563289285371L

Class org.apereo.cas.ticket.ServiceTicketImpl extends AbstractTicket implements Serializable

serialVersionUID:

-4223319704861765405L

Serialized Fields

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

The TicketGrantingTicket this is associated with.

service

Service service

The service this ticket is valid for.

fromNewLogin

boolean fromNewLogin

Is this service ticket the result of a new login?

grantedTicketAlready

java.lang.Boolean grantedTicketAlready

Class org.apereo.cas.ticket.TicketGrantingTicketImpl extends AbstractTicket implements Serializable

serialVersionUID:

-8608149809180911599L

Serialized Fields

authentication

Authentication authentication

The authenticated object for which this ticket was generated for.

proxiedBy

Service proxiedBy

Service that produced a proxy-granting ticket.

services

java.util.HashMap<K,V> services

The services associated to this ticket.

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

The TicketGrantingTicket this is associated with.

proxyGrantingTickets

java.util.HashMap<K,V> proxyGrantingTickets

The PGTs associated to this ticket.

descendantTickets

java.util.HashSet<E> descendantTickets

The ticket ids which are tied to this ticket.

Class org.apereo.cas.ticket.TransientSessionTicketImpl extends AbstractTicket implements Serializable

serialVersionUID:

7839186396717950243L

Serialized Fields

service

Service service

The Service.

properties

java.util.HashMap<K,V> properties

The Properties.

Class org.apereo.cas.ticket.UnrecognizableServiceForServiceTicketValidationException extends AbstractTicketValidationException implements Serializable

serialVersionUID:

-8076771862820008358L

Class org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException extends AbstractTicketValidationException implements Serializable

serialVersionUID:

-8076771862820008358L

Class org.apereo.cas.ticket.UnsatisfiedAuthenticationPolicyException extends AbstractTicketException implements Serializable

serialVersionUID:

-827432780367197133L

Serialized Fields

policy

ContextualAuthenticationPolicy<T> policy

Unfulfilled policy that caused this exception.

Package org.apereo.cas.ticket.accesstoken

Class org.apereo.cas.ticket.accesstoken.AccessTokenImpl extends OAuthCodeImpl implements Serializable

serialVersionUID:

2339545346159721563L

Class org.apereo.cas.ticket.accesstoken.OAuthAccessTokenExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

-8383186650682727360L

Serialized Fields

maxTimeToLiveInSeconds

long maxTimeToLiveInSeconds

Maximum time this token is valid.

timeToKillInSeconds

long timeToKillInSeconds

Time to kill in seconds.

Class org.apereo.cas.ticket.accesstoken.OAuthAccessTokenExpirationPolicy.OAuthAccessTokenSovereignExpirationPolicy extends OAuthAccessTokenExpirationPolicy implements Serializable

serialVersionUID:

-7768661082888351104L

Package org.apereo.cas.ticket.artifact

Class org.apereo.cas.ticket.artifact.SamlArtifactTicketExpirationPolicy extends HardTimeoutExpirationPolicy implements Serializable

serialVersionUID:

-6574724814970233926L

Class org.apereo.cas.ticket.artifact.SamlArtifactTicketImpl extends AbstractTicket implements Serializable

serialVersionUID:

6276140828446447398L

Serialized Fields

issuer

java.lang.String issuer

relyingPartyId

java.lang.String relyingPartyId

object

java.lang.String object

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

The TicketGrantingTicket this is associated with.

service

Service service

The service this ticket is valid for.

authentication

Authentication authentication

The authenticated object for which this ticket was generated for.

Package org.apereo.cas.ticket.code

Class org.apereo.cas.ticket.code.OAuthCodeExpirationPolicy extends MultiTimeUseOrTimeoutExpirationPolicy implements Serializable

serialVersionUID:

-8383186621682727360L

Class org.apereo.cas.ticket.code.OAuthCodeImpl extends AbstractTicket implements Serializable

serialVersionUID:

-8072724186202305800L

Serialized Fields

scopes

java.util.HashSet<E> scopes

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

The TicketGrantingTicket this is associated with.

service

Service service

The service this ticket is valid for.

authentication

Authentication authentication

The authenticated object for which this ticket was generated for.

Package org.apereo.cas.ticket.proxy

Package org.apereo.cas.ticket.query

Class org.apereo.cas.ticket.query.SamlAttributeQueryTicketExpirationPolicy extends HardTimeoutExpirationPolicy implements Serializable

serialVersionUID:

-6574724814970233926L

Class org.apereo.cas.ticket.query.SamlAttributeQueryTicketImpl extends AbstractTicket implements Serializable

serialVersionUID:

6276140828446447398L

Serialized Fields

relyingParty

java.lang.String relyingParty

object

java.lang.String object

ticketGrantingTicket

TicketGrantingTicket ticketGrantingTicket

The TicketGrantingTicket this is associated with.

service

Service service

The service this ticket is valid for.

Package org.apereo.cas.ticket.refreshtoken

Class org.apereo.cas.ticket.refreshtoken.OAuthRefreshTokenExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

-7144233906843566234L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

The time to kill in milliseconds.

Class org.apereo.cas.ticket.refreshtoken.OAuthRefreshTokenExpirationPolicy.OAuthRefreshTokenSovereignExpirationPolicy extends OAuthRefreshTokenExpirationPolicy implements Serializable

serialVersionUID:

-7768661082888351104L

Class org.apereo.cas.ticket.refreshtoken.RefreshTokenImpl extends OAuthCodeImpl implements Serializable

serialVersionUID:

-3544459978950667758L

Package org.apereo.cas.ticket.registry

Class org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner extends java.lang.Object implements Serializable

serialVersionUID:

-8581398063126547772L

Class org.apereo.cas.ticket.registry.EncodedTicket extends java.lang.Object implements Serializable

serialVersionUID:

-7078771807487764116L

Serialized Fields

id

java.lang.String id

encodedTicket

byte[] encodedTicket

Class org.apereo.cas.ticket.registry.TicketHolder extends java.lang.Object implements Serializable

serialVersionUID:

-4843440028617071224L

Serialized Fields

json

java.lang.String json

ticketId

java.lang.String ticketId

type

java.lang.String type

expireAt

java.util.Date expireAt

Package org.apereo.cas.ticket.registry.queue

Class org.apereo.cas.ticket.registry.queue.AddTicketMessageQueueCommand extends BaseMessageQueueCommand implements Serializable

serialVersionUID:

-7698722632898271240L

Serialized Fields

ticket

Ticket ticket

Class org.apereo.cas.ticket.registry.queue.BaseMessageQueueCommand extends java.lang.Object implements Serializable

serialVersionUID:

7050449807845156228L

Serialized Fields

id

StringBean id

Class org.apereo.cas.ticket.registry.queue.DeleteTicketMessageQueueCommand extends BaseMessageQueueCommand implements Serializable

serialVersionUID:

8183330712274484245L

Serialized Fields

ticketId

java.lang.String ticketId

Class org.apereo.cas.ticket.registry.queue.DeleteTicketsMessageQueueCommand extends BaseMessageQueueCommand implements Serializable

serialVersionUID:

8907022828993467474L

Class org.apereo.cas.ticket.registry.queue.UpdateTicketMessageQueueCommand extends BaseMessageQueueCommand implements Serializable

serialVersionUID:

-4179190682337040669L

Serialized Fields

ticket

Ticket ticket

Package org.apereo.cas.ticket.support

Class org.apereo.cas.ticket.support.AbstractCasExpirationPolicy extends java.lang.Object implements Serializable

serialVersionUID:

8042104336580063690L

Serialized Fields

name

java.lang.String name

Class org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

3836547698242303540L

Class org.apereo.cas.ticket.support.BaseDelegatingExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

5927936344949518688L

Serialized Fields

policies

java.util.Map<K,V> policies

defaultExpirationPolicy

ExpirationPolicy defaultExpirationPolicy

Class org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

6728077010285422290L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

The time to kill in seconds.

Class org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

-5704993954986738308L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

numberOfUses

int numberOfUses

Class org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy.ProxyTicketExpirationPolicy extends MultiTimeUseOrTimeoutExpirationPolicy implements Serializable

serialVersionUID:

-5814201080268311070L

Class org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy.ServiceTicketExpirationPolicy extends MultiTimeUseOrTimeoutExpirationPolicy implements Serializable

serialVersionUID:

-5814201080268311070L

Class org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

3833747698242303540L

Class org.apereo.cas.ticket.support.RememberMeDelegatingExpirationPolicy extends BaseDelegatingExpirationPolicy implements Serializable

serialVersionUID:

-2735975347698196127L

Class org.apereo.cas.ticket.support.SurrogateSessionExpirationPolicy extends BaseDelegatingExpirationPolicy implements Serializable

serialVersionUID:

-2735975347698196127L

Class org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

205979491183779408L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

The time to kill in seconds.

timeInBetweenUsesInSeconds

long timeInBetweenUsesInSeconds

Class org.apereo.cas.ticket.support.TicketGrantingTicketExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

7670537200691354820L

Serialized Fields

maxTimeToLiveInSeconds

long maxTimeToLiveInSeconds

Maximum time this ticket is valid.

timeToKillInSeconds

long timeToKillInSeconds

Time to kill in seconds.

Class org.apereo.cas.ticket.support.TimeoutExpirationPolicy extends AbstractCasExpirationPolicy implements Serializable

serialVersionUID:

-7636642464326939536L

Serialized Fields

timeToKillInSeconds

long timeToKillInSeconds

The time to kill in seconds.

Package org.apereo.cas.token.authentication

Class org.apereo.cas.token.authentication.TokenCredential extends BasicIdentifiableCredential implements Serializable

serialVersionUID:

2749515041385101770L

Serialized Fields

service

Service service

Package org.apereo.cas.token.authentication.principal

Class org.apereo.cas.token.authentication.principal.TokenWebApplicationService extends AbstractWebApplicationService implements Serializable

serialVersionUID:

-8844121291312069964L

Class org.apereo.cas.token.authentication.principal.TokenWebApplicationServiceResponseBuilder extends WebApplicationServiceResponseBuilder implements Serializable

serialVersionUID:

-2863268279032438778L

Package org.apereo.cas.util

Class org.apereo.cas.util.ISOStandardDateFormat extends org.apache.commons.lang3.time.FastDateFormat implements Serializable

serialVersionUID:

9196017562782775535L

Package org.apereo.cas.util.http

Class org.apereo.cas.util.http.HttpMessage extends java.lang.Object implements Serializable

serialVersionUID:

2015460875654586133L

Serialized Fields

url

java.net.URL url

message

java.lang.String message

responseCode

int responseCode

asynchronous

boolean asynchronous

Whether this message should be sent in an asynchronous fashion. Default is true.

contentType

java.lang.String contentType

The content type for this message once submitted. Default is MediaType.APPLICATION_FORM_URLENCODED.

Class org.apereo.cas.util.http.SimpleHttpClient extends java.lang.Object implements Serializable

serialVersionUID:

-4949380008568071855L

Serialized Fields

acceptableCodes

java.util.List<E> acceptableCodes

the acceptable codes supported by this client.

requestExecutorService

org.apache.http.impl.client.FutureRequestExecutionService requestExecutorService

the request executor service for this client.

Package org.apereo.cas.util.serialization

Class org.apereo.cas.util.serialization.AbstractJacksonBackedStringSerializer extends java.lang.Object implements Serializable

serialVersionUID:

-8415599777321259365L

Serialized Fields

objectMapper

com.fasterxml.jackson.databind.ObjectMapper objectMapper

prettyPrinter

com.fasterxml.jackson.core.PrettyPrinter prettyPrinter

Package org.apereo.cas.validation

Class org.apereo.cas.validation.ImmutableAssertion extends java.lang.Object implements Serializable

serialVersionUID:

-3348826049921010423L

Serialized Fields

primaryAuthentication

Authentication primaryAuthentication

Primary authentication.

chainedAuthentications

java.util.List<E> chainedAuthentications

Chained authentications.

fromNewLogin

boolean fromNewLogin

Was this the result of a new login.

service

Service service

The service we are asserting this ticket for.

Class org.apereo.cas.validation.UnauthorizedServiceTicketValidationException extends AbstractTicketValidationException implements Serializable

serialVersionUID:

-8076771862820008358L

Package org.apereo.cas.web.flow

Class org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.ProviderLoginPageConfiguration extends java.lang.Object implements Serializable

serialVersionUID:

6216882278086699364L

Serialized Fields

name

java.lang.String name

redirectUrl

java.lang.String redirectUrl

type

java.lang.String type

cssClass

java.lang.String cssClass

autoRedirect

boolean autoRedirect

Class org.apereo.cas.web.flow.WsFedClient extends java.lang.Object implements Serializable

serialVersionUID:

2733280849157146990L

Serialized Fields

autoRedirect

boolean autoRedirect

id

java.lang.String id

redirectUrl

java.lang.String redirectUrl

name

java.lang.String name

replyingPartyId

java.lang.String replyingPartyId

authorizationUrl

java.lang.String authorizationUrl

Package org.apereo.cas.web.flow.services

Class org.apereo.cas.web.flow.services.DefaultRegisteredServiceUserInterfaceInfo extends java.lang.Object implements Serializable

serialVersionUID:

-2416684486715358748L

Serialized Fields

registeredService

RegisteredService registeredService

the registered service.

Class org.apereo.cas.web.flow.services.DefaultRegisteredServiceUserInterfaceInfo.Logo extends java.lang.Object implements Serializable

serialVersionUID:

-1434231982864628179L

Serialized Fields

url

java.lang.String url

height

long height

width

long width

Package org.apereo.cas.web.pac4j

Class org.apereo.cas.web.pac4j.SessionStoreCookieSerializer extends AbstractJacksonBackedStringSerializer<java.util.Map<java.lang.String,java.lang.Object>> implements Serializable

serialVersionUID:

-1152522695984638020L

Package org.apereo.cas.web.report

Class org.apereo.cas.web.report.DashboardController.EndpointBean extends java.lang.Object implements Serializable

serialVersionUID:

-3446962071459197099L

Serialized Fields

name

java.lang.String name

title

java.lang.String title

Package org.apereo.cas.ws.idp.authentication

Class org.apereo.cas.ws.idp.authentication.WSFederationAuthenticationServiceSelectionStrategy extends java.lang.Object implements Serializable

serialVersionUID:

8035218407906419228L

Serialized Fields

order

int order

Package org.apereo.cas.ws.idp.services

Class org.apereo.cas.ws.idp.services.WSFederationClaimsReleasePolicy extends AbstractRegisteredServiceAttributeReleasePolicy implements Serializable

serialVersionUID:

-2814928645221579489L

Serialized Fields

allowedAttributes

java.util.Map<K,V> allowedAttributes

Class org.apereo.cas.ws.idp.services.WSFederationRegisteredService extends RegexRegisteredService implements Serializable

serialVersionUID:

-3700571300568534062L

Serialized Fields

realm

java.lang.String realm

protocol

java.lang.String protocol

tokenType

java.lang.String tokenType

wsdlLocation

java.lang.String wsdlLocation

namespace

java.lang.String namespace

addressingNamespace

java.lang.String addressingNamespace

policyNamespace

java.lang.String policyNamespace

wsdlService

java.lang.String wsdlService

wsdlEndpoint

java.lang.String wsdlEndpoint

appliesTo

java.lang.String appliesTo