Apereo CAS - Custom Login Fields w/ Dynamic Bindings

The blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.

Despite what you may have heard, I am here to put a stop to all rumors and clarify definitively that this blog post has nothing to do with Taylor Swift. Instead, this post deals with a pretty simple CAS use case, which is:

How does one include additional fields into the login form and get access to field data in a custom CAS authentication handler?

Sounds quite legitimate. Let’s start with the simpler answer, which is that any CAS authentication handler can always directly tap into the HttpServletRequest object to query and fetch parameters passed by the login form and other views. One could do this in Spring Framework speech using something like:

HttpServletRequest request = ((ServletRequestAttributes)
Object parameter = request.getParameter("whatever");

If this feels a bit uncomfortable, let’s dig deeper to see how CAS might accommodate this use case in more official ways.

Our starting position is based on:


CAS presents the ability to augment the login form to include additional custom fields. These fields are taught to CAS using settings that describe modest behavior and tweaks for each and are then processed by the Spring Webflow engine to be bound to the object model that is ultimately in charge of handling and managing user input.


So imagine that in addition to the usual username and password fields you also wanted to ask the user for their phone as a mandatory field. To do this, you’d teach CAS about the new phone field:


The CAS message/language bundle, typically custom_messages.properties file, should also contain the text for the new field:

customFields[phone].required=Telephone number must be specified.

If you build and bring up CAS, you might see something like this:


…and if you attempt to submit the form without the phone field:


Authentication Handling

Next, let’s say you have registered the following authentication handler with CAS:

public class MyAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(
        final UsernamePasswordCredential credential, final String originalPassword) {

To receive and process the new phone field in your custom authentication handler, you would do something like:

protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(
    final UsernamePasswordCredential credential, final String originalPassword) {
    Object phone = credential.getCustomFields().get("phone");


I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.

Misagh Moayyed

Related Posts

CAS 6.1.0 RC5 Feature Release

...in which I present an overview of CAS 6.1.0 RC5 release.

Apereo CAS - Passwordless Authentication

Learn how to modify Apereo CAS to allow users to login without the need to remember a password.

Apereo CAS - Handling Authentication Webflow Errors with Grace

Learn how to modify Apereo CAS to customize exception handling and produce localized error messages for your deployment.

Apereo CAS - Are We Logged In Yet?

Learn how to modify and extend a CAS deployment to determine whether an SSO session is still valid and tied to a user authentication session.

Apereo CAS - REST API Integrations

Learn how to integrate with CAS using its REST API to authenticate, exchange tickets and get access to user profiles and attributes.

CAS 6.1.0 RC4 Feature Release

...in which I present an overview of CAS 6.1.0 RC4 release.

Apereo CAS - Multifactor Provider Selection

Learn how to configure CAS to integrate with and use multiple multifactor providers at the same time. This post also reveals a few super secret and yet open-source strategies one may use to select appropriate providers for authentication attempts, whether automatically or based on a menu.

Apereo CAS - Dockerized Hazelcast Deployments

Learn how to run CAS backed by a Hazelcast cluster in Docker containers and take advantage of the Hazelcast management center to monitor and observer cluster members.

Apereo CAS - Configuration Security w/ Jasypt

Learn how to secure CAS configuration settings and properties with Jasypt.

CAS 6.1.0 RC3 Feature Release

...in which I present an overview of CAS 6.1.0 RC3 release.