Apereo CAS - SMS Notifications via Twilio


Collaborate
This blog is managed and hosted on GitHub. If you wish to update the contents of this post or if you have found an inaccuracy and wish to make corrections, we recommend that you please submit a pull request to this repository.

Overview

CAS has the ability to send notifications via SMS for a variety of functions such as one-time passwords for multifactor authentication, service expiration notifications, and more. In this tutorial, we are going to take a look at configuring CAS for SMS notifications via Twilio where we’ll be using notifications to notify relevant contacts when services in the service registry are considered expired.

Our starting position is based on:

Configuration

Registered Service Policy

Once we have CAS up and running, let’s start with the following sample service file as Sample-100.json in our JSON service registry:

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https://app.example.org",
  "name" : "Sample",
  "id" : 100,   
  "contacts": [
    "java.util.ArrayList", [{
        "@class": "org.apereo.cas.services.DefaultRegisteredServiceContact",
        "name": "Misagh Moayyed",
        "phone": "+11234567890"
      }
    ]
  ],
  "expirationPolicy": {
    "@class": "org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy",
    "notifyWhenExpired": true,   
    "deleteWhenExpired": true,
    "expirationDate": "2019-09-22"
  }
}

We have set up contacts for our service. These are the folks primarily in charge of this application who shall be notified once the service is considered expired. More importantly, we have set up an expiration policy for the service where it will be considered expired and removed from the registry on the specified expiration date, 2019-09-22.

SMS Configuration via Twilio

Once our overlay is prepped with the configuration module for Twilio, we’ll need to teach CAS about our Twilio subscription using the following settings:

# cas.smsProvider.twilio.accountId=...
# cas.smsProvider.twilio.token=...

So, at this point we have CAS set up with Twilio and all that is left to configure the system for notifications when services are deemed expired:

cas.service-registry.sms.from=1234567890
cas.service-registry.sms.text=The service %s is expired and removed from CAS.

Thou Shall Test

Once CAS is restarted, services in the registry will be reloaded and process to evaluate expiration dates. If an expired service is found, you might see something similar in the logs:

<Registered service ... has expired on [2019-08-22]>
<Contacts for registered service ... will be notified of service expiry>  
...
<Deleting expired registered service ... from registry.>

At this point, you should have received an SMS from CAS with the message The service Sample is expired and removed from CAS.

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please know that all other use cases, scenarios, features, and theories certainly are possible as well. Feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed

Related Posts

CAS Vulnerability Disclosure

Disclosure of a security issue with the CAS software.

CAS Release Notes Moved

CAS Release Notes are moved to the CAS site.

CAS 6.2.0 RC5 Feature Release

...in which I present an overview of CAS 6.2.0 RC5 release.

CAS 6.2.0 RC4 Feature Release

...in which I present an overview of CAS 6.2.0 RC4 release.

CAS 6.2.0 RC3 Feature Release

...in which I present an overview of CAS 6.2.0 RC3 release.

Apereo CAS - Bootiful CAS Client

Easy to use CAS Client

CAS Vulnerability Disclosure

Disclosure of a security issue with the CAS software.

Checking Out Pull Requests Locally

Check out GitHub pull requests as local branches using a simple bash function.

CAS 6.2.0 RC2 Feature Release

...in which I present an overview of CAS 6.2.0 RC2 release.

Apereo CAS - Authentication Handler Resolution

Learn how to resolve and select authentication handlers based on configurable and flexible filtering criteria.