JAAS Authentication

JAAS is a Java standard authentication and authorization API. JAAS is configured via externalized plain text configuration file. Using JAAS with CAS allows modification of the authentication process without having to rebuild and redeploy CAS and allows for PAM-style multi-module “stacked” authentication.

Configuration

JAAS components are provided in the CAS core module and require no additional dependencies to use. The JAAS handler delegates to the built-in JAAS subsystem to perform authentication according to the directives in the JAAS config file.

The following settings and properties are available from the CAS configuration catalog:

_{The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.}

cas.authn.jaas[0].password-encoder.encoding-algorithm=

The encoding algorithm to use such as MD5. Relevant when the type used is DEFAULT or GLIBC_CRYPT.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value. The only possible exception to this rule is when naming actuator endpoints; The name of the actuator endpoints (i.e. ssoSessions) MUST remain in camelCase mode.

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-encoder.encoding-algorithm=...

This is the most common form of property configuration that is recognized by CAS, regardless of the actual property source, which might in fact be managed separately outside the CAS environment, by another system or cloud framework.

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-encoder: 
        encoding-algorithm: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-encoder.encoding-algorithm="..." -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory. Note the placement of the system property which must be specified before the CAS web application is launched.

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_ENCODER_ENCODING_ALGORITHM="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-encoder.encoding-algorithm="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-encoder.type=NONE

Define the password encoder type to use. Type may be specified as blank or NONE to disable password encoding. It may also refer to a fully-qualified class name that implements the Spring Security's PasswordEncoder interface if you wish you define your own encoder.

The following types may be used:

NONE: No password encoding (i.e. plain-text) takes place.
DEFAULT: Use the DefaultPasswordEncoder of CAS. For message-digest algorithms via character-encoding and encoding-algorithm.
BCRYPT: Use the BCryptPasswordEncoder based on the strength provided and an optional secret.
SCRYPT: Use the SCryptPasswordEncoder.
PBKDF2: Use the Pbkdf2PasswordEncoder based on the strength provided and an optional secret.
STANDARD: Use the StandardPasswordEncoder based on the secret provided.
SSHA: Use the LdapShaPasswordEncoder supports Ldap SHA and SSHA (salted-SHA). The values are base-64 encoded and have the label {SHA} or {SSHA} prepended to the encoded hash.
GLIBC_CRYPT: Use the GlibcCryptPasswordEncoder based on the encoding-algorithm, strength provided and an optional secret.
org.example.MyEncoder: An implementation of PasswordEncoder of your own choosing.
file:///path/to/script.groovy: Path to a Groovy script charged with handling password encoding operations.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-encoder.type=NONE

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-encoder: 
        type: "NONE"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-encoder.type="NONE" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_ENCODER_TYPE="NONE"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-encoder.type="NONE"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].realm=

JAAS realm to use.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].realm=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      realm: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].realm="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_REALM="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].realm="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.groovy.location=

The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

In the event the configured resource is a Groovy script, specially if the script set to reload on changes, you may need to adjust the total number of inotify instances. On Linux, you may need to add the following line to /etc/sysctl.conf: fs.inotify.max_user_instances = 256.

You can check the current value via cat /proc/sys/fs/inotify/max_user_instances.

org.apereo.cas.configuration.model.SpringResourceProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.groovy.location=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        groovy: 
          location: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.groovy.location="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_GROOVY_LOCATION="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.groovy.location="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal-transformation.groovy.location=

The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

You can check the current value via cat /proc/sys/fs/inotify/max_user_instances.

org.apereo.cas.configuration.model.SpringResourceProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal-transformation.groovy.location=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal-transformation: 
        groovy: 
          location: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal-transformation.groovy.location="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_TRANSFORMATION_GROOVY_LOCATION="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal-transformation.groovy.location="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal.principal-transformation.groovy.location=

The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

You can check the current value via cat /proc/sys/fs/inotify/max_user_instances.

org.apereo.cas.configuration.model.SpringResourceProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal.principal-transformation.groovy.location=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal: 
        principal-transformation: 
          groovy: 
            location: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal.principal-transformation.groovy.location="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_PRINCIPAL_TRANSFORMATION_GROOVY_LOCATION="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal.principal-transformation.groovy.location="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

_{The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This
flag indicates that the presence of the setting
is not immediately necessary in the end-user CAS configuration, because a default value is assigned or
the activation of the feature is not conditionally controlled by the setting value. You should only include this field in your
configuration if you need to modify the default value.}

cas.authn.jaas=

Collection of settings related to JAAS authentication. These settings are required to be indexed (i.e. jaas[0].xyz).

org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    jaas: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].credential-criteria=

A number of authentication handlers are allowed to determine whether they can operate on the provided credential and as such lend themselves to be tried and tested during the authentication handler selection phase. The credential criteria may be one of the following options:

1) A regular expression pattern that is tested against the credential identifier.
2) A fully qualified class name of your own design that implements Predicate.
3) Path to an external Groovy script that implements the same interface.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].credential-criteria=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      credential-criteria: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].credential-criteria="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_CREDENTIAL_CRITERIA="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].credential-criteria="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].kerberos-kdc-system-property=

Typically, the default realm and the KDC for that realm are indicated in the Kerberos krb5.conf configuration file. However, if you like, you can instead specify the realm value by setting this following system property value.

If you set the realm property, you SHOULD also configure the kerberos KDC system property.

Also note that if you set these properties, then no cross-realm authentication is possible unless a krb5.conf file is also provided from which the additional information required for cross-realm authentication may be obtained.

If you set values for these properties, then they override the default realm and KDC values specified in krb5.conf (if such a file is found). The krb5.conf file is still consulted if values for items other than the default realm and KDC are needed. If no krb5.conf file is found, then the default values used for these items are implementation-specific.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].kerberos-kdc-system-property=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      kerberos-kdc-system-property: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].kerberos-kdc-system-property="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_KERBEROS_KDC_SYSTEM_PROPERTY="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].kerberos-kdc-system-property="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].kerberos-realm-system-property=

If you set the realm property, you SHOULD also configure the kerberos KDC system property.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].kerberos-realm-system-property=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      kerberos-realm-system-property: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].kerberos-realm-system-property="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_KERBEROS_REALM_SYSTEM_PROPERTY="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].kerberos-realm-system-property="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].login-config-type=

Typically set to JavaLoginConfig which is the default Configuration implementation from the SUN provider. This type accepts a URI/path to a configuration file as a valid parameter type specified via #loginConfigurationFile. If this parameter is not specified, then the configuration information is loaded from the sources described in the ConfigFile class specification. If this parameter is specified, the configuration information is loaded solely from the specified URI.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].login-config-type=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      login-config-type: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].login-config-type="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_LOGIN_CONFIG_TYPE="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].login-config-type="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].login-configuration-file=

Path to the location of configuration file (i.e. jaas.conf) that contains the realms and login modules.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].login-configuration-file=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      login-configuration-file: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].login-configuration-file="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_LOGIN_CONFIGURATION_FILE="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].login-configuration-file="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].name=

Name of the authentication handler.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].name=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      name: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].name="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_NAME="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].name="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].order=MAX_VALUE

Order of the authentication handler in the chain.

org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].order=MAX_VALUE

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      order: "MAX_VALUE"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].order="MAX_VALUE" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_ORDER="MAX_VALUE"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].order="MAX_VALUE"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-encoder.character-encoding=UTF-8

The encoding algorithm to use such as 'UTF-8'. Relevant when the type used is DEFAULT.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-encoder.character-encoding=UTF-8

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-encoder: 
        character-encoding: "UTF-8"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-encoder.character-encoding="UTF-8" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_ENCODER_CHARACTER_ENCODING="UTF-8"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-encoder.character-encoding="UTF-8"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-encoder.hash-length=16

When used by PasswordEncoderTypes#ARGON2, it indicates the hash strength/length.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-encoder.hash-length=16

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-encoder: 
        hash-length: "16"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-encoder.hash-length="16" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_ENCODER_HASH_LENGTH="16"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-encoder.hash-length="16"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-encoder.secret=

Secret to use with PasswordEncoderTypes#STANDARD, PasswordEncoderTypes#PBKDF2, PasswordEncoderTypes#BCRYPT, PasswordEncoderTypes#GLIBC_CRYPT password encoders. Secret usually is an optional setting.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-encoder.secret=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-encoder: 
        secret: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-encoder.secret="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_ENCODER_SECRET="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-encoder.secret="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-encoder.strength=16

Strength or number of iterations to use for password hashing. Usually relevant when dealing with PasswordEncoderTypes#PBKDF2, PasswordEncoderTypes#BCRYPT or PasswordEncoderTypes#GLIBC_CRYPT. When used by PasswordEncoderTypes#ARGON2, it indicates the salt strength.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-encoder.strength=16

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-encoder: 
        strength: "16"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-encoder.strength="16" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_ENCODER_STRENGTH="16"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-encoder.strength="16"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.account-state-handling-enabled=true

Indicates whether account state handling should be enabled to process warnings or errors reported back from the authentication response, produced by the source.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.account-state-handling-enabled=true

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        account-state-handling-enabled: "true"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.account-state-handling-enabled="true" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_ACCOUNT_STATE_HANDLING_ENABLED="true"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.account-state-handling-enabled="true"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.display-warning-on-match=true

Indicates if warning should be displayed, when the ldap attribute value matches the #warningAttributeValue.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.display-warning-on-match=true

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        display-warning-on-match: "true"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.display-warning-on-match="true" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_DISPLAY_WARNING_ON_MATCH="true"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.display-warning-on-match="true"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.enabled=true

Whether password policy should be enabled.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.enabled=true

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        enabled: "true"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.enabled="true" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_ENABLED="true"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.enabled="true"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.login-failures=5

When dealing with FreeIPA, indicates the number of allows login failures.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.login-failures=5

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        login-failures: "5"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.login-failures="5" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_LOGIN_FAILURES="5"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.login-failures="5"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.policy-attributes=

Key-value structure (Map) that indicates a list of boolean attributes as keys. If either attribute value is true, indicating an account state is flagged, the corresponding error can be thrown. Example accountLocked=javax.security.auth.login.AccountLockedException

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.policy-attributes=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        policy-attributes: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.policy-attributes="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_POLICY_ATTRIBUTES="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.policy-attributes="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.strategy=DEFAULT

Decide how authentication should handle password policy changes. Available values are as follows:

DEFAULT: Default option to handle policy changes.
GROOVY: Handle account password policies via Groovy.
REJECT_RESULT_CODE: Strategy to only activate password policy if the authentication response code is not blocked.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.strategy=DEFAULT

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        strategy: "DEFAULT"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.strategy="DEFAULT" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_STRATEGY="DEFAULT"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.strategy="DEFAULT"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.warn-all=

Always display the password expiration warning regardless.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.warn-all=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        warn-all: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.warn-all="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_WARN_ALL="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.warn-all="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.warning-attribute-name=

Used by an account state handling policy that only calculates account warnings in case the entry carries this attribute.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.warning-attribute-name=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        warning-attribute-name: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.warning-attribute-name="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_WARNING_ATTRIBUTE_NAME="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.warning-attribute-name="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.warning-attribute-value=

Used by an account state handling policy that only calculates account warnings in case the entry carries an attribute #warningAttributeName whose value matches this field.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.warning-attribute-value=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        warning-attribute-value: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.warning-attribute-value="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_WARNING_ATTRIBUTE_VALUE="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.warning-attribute-value="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].password-policy.warning-days=30

This is used to calculate a warning period to see if account expiry is within the calculated window.

org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].password-policy.warning-days=30

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      password-policy: 
        warning-days: "30"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].password-policy.warning-days="30" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PASSWORD_POLICY_WARNING_DAYS="30"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].password-policy.warning-days="30"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal-transformation.blocking-pattern=

A regular expression that will be used against the username to match for blocking/forbidden values. If a match is found, an exception will be thrown and principal transformation will fail.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal-transformation.blocking-pattern=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal-transformation: 
        blocking-pattern: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal-transformation.blocking-pattern="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_TRANSFORMATION_BLOCKING_PATTERN="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal-transformation.blocking-pattern="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal-transformation.case-conversion=NONE

Indicate whether the principal identifier should be transformed into upper-case, lower-case, etc. Available values are as follows:

NONE: No conversion.
LOWERCASE: Lowercase conversion.
UPPERCASE: Uppercase conversion.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal-transformation.case-conversion=NONE

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal-transformation: 
        case-conversion: "NONE"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal-transformation.case-conversion="NONE" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_TRANSFORMATION_CASE_CONVERSION="NONE"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal-transformation.case-conversion="NONE"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal-transformation.pattern=

A regular expression that will be used against the provided username for username extractions. On a successful match, the first matched group in the pattern will be used as the extracted username.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal-transformation.pattern=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal-transformation: 
        pattern: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal-transformation.pattern="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_TRANSFORMATION_PATTERN="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal-transformation.pattern="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal-transformation.prefix=

Prefix to add to the principal id prior to authentication.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal-transformation.prefix=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal-transformation: 
        prefix: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal-transformation.prefix="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_TRANSFORMATION_PREFIX="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal-transformation.prefix="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal-transformation.suffix=

Suffix to add to the principal id prior to authentication.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal-transformation.suffix=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal-transformation: 
        suffix: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal-transformation.suffix="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_TRANSFORMATION_SUFFIX="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal-transformation.suffix="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal.active-attribute-repository-ids=

Activated attribute repository identifiers that should be used for fetching attributes if attribute resolution is enabled. The list here may include identifiers separated by comma.

org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal.active-attribute-repository-ids=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal: 
        active-attribute-repository-ids: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal.active-attribute-repository-ids="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_ACTIVE_ATTRIBUTE_REPOSITORY_IDS="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal.active-attribute-repository-ids="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal.attribute-resolution-enabled=UNDEFINED

Whether attribute repositories should be contacted to fetch person attributes. Defaults to true if not set.

org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal.attribute-resolution-enabled=UNDEFINED

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal: 
        attribute-resolution-enabled: "UNDEFINED"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal.attribute-resolution-enabled="UNDEFINED" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_ATTRIBUTE_RESOLUTION_ENABLED="UNDEFINED"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal.attribute-resolution-enabled="UNDEFINED"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal.principal-attribute=

Attribute name to use to indicate the identifier of the principal constructed. If the attribute is blank or has no values, the default principal id will be used determined by the underlying authentication engine. The principal id attribute usually is removed from the collection of attributes collected, though this behavior depends on the schematics of the underlying authentication strategy.

org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal.principal-attribute=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal: 
        principal-attribute: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal.principal-attribute="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_PRINCIPAL_ATTRIBUTE="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal.principal-attribute="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal.principal-resolution-conflict-strategy=last

In the event that the principal resolution engine resolves more than one principal, (specially if such principals in the chain have different identifiers), this setting determines strategy by which the principal id would be chosen from the chain. Accepted values are: last, first.

org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal.principal-resolution-conflict-strategy=last

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal: 
        principal-resolution-conflict-strategy: "last"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal.principal-resolution-conflict-strategy="last" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_PRINCIPAL_RESOLUTION_CONFLICT_STRATEGY="last"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal.principal-resolution-conflict-strategy="last"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.jaas[0].principal.principal-resolution-failure-fatal=UNDEFINED

When true, throws an error back indicating that principal resolution has failed and no principal can be found based on the authentication requirements. Otherwise, logs the condition as an error without raising a catastrophic error.

org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.jaas[0].principal.principal-resolution-failure-fatal=UNDEFINED

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - jaas: 
      principal: 
        principal-resolution-failure-fatal: "UNDEFINED"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.jaas[0].principal.principal-resolution-failure-fatal="UNDEFINED" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_JAAS[0]_PRINCIPAL_PRINCIPAL_RESOLUTION_FAILURE_FATAL="UNDEFINED"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.jaas[0].principal.principal-resolution-failure-fatal="UNDEFINED"

The