LDAP Authentication

LDAP integration is enabled by including the following dependency in the overlay:

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-ldap</artifactId>
    <version>${cas.version}</version>
</dependency>

implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"

dependencyManagement {
    imports {
        mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
    }
}

dependencies {
    implementation "org.apereo.cas:cas-server-support-ldap"
}

dependencies {
    /*
    The following platform references should be included automatically and are listed here for reference only.
            
    implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
    implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
    */

    implementation "org.apereo.cas:cas-server-support-ldap"
}

Configuration

CAS authenticates a username/password against an LDAP directory such as Active Directory or OpenLDAP. There are numerous directory architectures and we provide configuration for four common cases.

Note that CAS will automatically create the appropriate components internally based on the settings specified below. If you wish to authenticate against more than one LDAP server, increment the index and specify the settings for the next LDAP server.

Note: Attributes retrieved as part of LDAP authentication are merged with all attributes retrieved from other attribute repository sources, if any. Attributes retrieved directly as part of LDAP authentication trump all other attributes.

The following settings and properties are available from the CAS configuration catalog:

_{The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.}

cas.authn.ldap[0].password-encoder.encoding-algorithm=

The encoding algorithm to use such as MD5. Relevant when the type used is DEFAULT or GLIBC_CRYPT.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value. The only possible exception to this rule is when naming actuator endpoints; The name of the actuator endpoints (i.e. ssoSessions) MUST remain in camelCase mode.

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].password-encoder.encoding-algorithm=...

This is the most common form of property configuration that is recognized by CAS, regardless of the actual property source, which might in fact be managed separately outside the CAS environment, by another system or cloud framework.

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      password-encoder: 
        encoding-algorithm: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].password-encoder.encoding-algorithm="..." -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory. Note the placement of the system property which must be specified before the CAS web application is launched.

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PASSWORD_ENCODER_ENCODING_ALGORITHM="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].password-encoder.encoding-algorithm="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].password-encoder.type=NONE

Define the password encoder type to use. Type may be specified as blank or NONE to disable password encoding. It may also refer to a fully-qualified class name that implements the Spring Security's PasswordEncoder interface if you wish you define your own encoder.

The following types may be used:

NONE: No password encoding (i.e. plain-text) takes place.
DEFAULT: Use the DefaultPasswordEncoder of CAS. For message-digest algorithms via character-encoding and encoding-algorithm.
BCRYPT: Use the BCryptPasswordEncoder based on the strength provided and an optional secret.
SCRYPT: Use the SCryptPasswordEncoder.
PBKDF2: Use the Pbkdf2PasswordEncoder based on the strength provided and an optional secret.
STANDARD: Use the StandardPasswordEncoder based on the secret provided.
SSHA: Use the LdapShaPasswordEncoder supports Ldap SHA and SSHA (salted-SHA). The values are base-64 encoded and have the label {SHA} or {SSHA} prepended to the encoded hash.
GLIBC_CRYPT: Use the GlibcCryptPasswordEncoder based on the encoding-algorithm, strength provided and an optional secret.
org.example.MyEncoder: An implementation of PasswordEncoder of your own choosing.
file:///path/to/script.groovy: Path to a Groovy script charged with handling password encoding operations.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].password-encoder.type=NONE

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      password-encoder: 
        type: "NONE"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].password-encoder.type="NONE" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PASSWORD_ENCODER_TYPE="NONE"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].password-encoder.type="NONE"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].password-policy.groovy.location=

The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

In the event the configured resource is a Groovy script, specially if the script set to reload on changes, you may need to adjust the total number of inotify instances. On Linux, you may need to add the following line to /etc/sysctl.conf: fs.inotify.max_user_instances = 256.

You can check the current value via cat /proc/sys/fs/inotify/max_user_instances.

org.apereo.cas.configuration.model.SpringResourceProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].password-policy.groovy.location=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      password-policy: 
        groovy: "..."          location: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].password-policy.groovy.location="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PASSWORD_POLICY_GROOVY_LOCATION="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].password-policy.groovy.location="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].principal-transformation.groovy.location=

The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

You can check the current value via cat /proc/sys/fs/inotify/max_user_instances.

org.apereo.cas.configuration.model.SpringResourceProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].principal-transformation.groovy.location=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      principal-transformation: 
        groovy: "..."          location: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].principal-transformation.groovy.location="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PRINCIPAL_TRANSFORMATION_GROOVY_LOCATION="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].principal-transformation.groovy.location="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].base-dn=

Base DN to use. There may be scenarios where different parts of a single LDAP tree could be considered as base-dns. Rather than duplicating the LDAP configuration block for each individual base-dn, each entry can be specified and joined together using a special delimiter character. The user DN is retrieved using the combination of all base-dn and DN resolvers in the order defined. DN resolution should fail if multiple DNs are found. Otherwise the first DN found is returned. Usual syntax is: subtreeA,dc=example,dc=net|subtreeC,dc=example,dc=net.

org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].base-dn=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      base-dn: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].base-dn="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_BASE_DN="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].base-dn="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].bind-credential=

The bind credential to use when connecting to LDAP.

org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].bind-credential=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      bind-credential: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].bind-credential="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_BIND_CREDENTIAL="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].bind-credential="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].bind-dn=

The bind DN to use when connecting to LDAP. LDAP connection configuration injected into the LDAP connection pool can be initialized with the following parameters:

bindDn/bindCredential provided - Use the provided credentials to bind when initializing connections.
bindDn/bindCredential set to * - Use a fast-bind strategy to initialize the pool.
bindDn/bindCredential set to blank - Skip connection initializing; perform operations anonymously.
SASL mechanism provided - Use the given SASL mechanism to bind when initializing connections.

org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].bind-dn=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      bind-dn: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].bind-dn="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_BIND_DN="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].bind-dn="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].ldap-url=

The LDAP url to the server. More than one may be specified, separated by space and/or comma.

org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].ldap-url=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      ldap-url: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].ldap-url="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_LDAP_URL="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].ldap-url="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].search-filter=

User filter to use for searching. Syntax is cn={user} or cn={0}.

You may also provide an external groovy script in the syntax of file:/path/to/GroovyScript.groovy to fully build the final filter template dynamically.

org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].search-filter=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      search-filter: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].search-filter="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_SEARCH_FILTER="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].search-filter="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].type=AUTHENTICATED

The authentication type.

AD - Users authenticate with sAMAccountName.
AUTHENTICATED - Manager bind/search type of authentication. If {} principalAttributePassword} is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.</li>
ANONYMOUS: Similar semantics as AUTHENTICATED except no bindDn and bindCredential may be specified to initialize the connection. If principalAttributePassword is empty then a user simple bind is done to validate credentials. Otherwise the given attribute is compared with the given principalAttributePassword using the SHA encrypted value of it.



DIRECT: Direct Bind - Compute user DN from format string and perform simple bind.
This is relevant when no search is required to compute the DN needed for a bind operation.
Use cases for this type are:
1) All users are under a single branch in the directory, e.g. ou=Users,dc=example,dc=org.
2) The username provided on the CAS login form is part of the DN, e.g.
uid=%s,ou=Users,dc=example,dc=org.

</ul>
Available values are as follows:
AD: Active Directory.
AUTHENTICATED: Authenticated Search.
DIRECT: Direct Bind.
ANONYMOUS: Anonymous Search.
                    </p>
 org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

                    _{How can I configure this property?}
                    

                    

                        
                            
                                
                                    CAS Property: cas.authn.ldap[].type
                                    
                                
                                
                                    Configuration properties can be included and activated using the following strategies.
                                    
                                    
:information_source: Note 
                                        When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.
                                        The only possible exception to this rule is when naming actuator endpoints; The name of the
                                        actuator endpoints (i.e. ssoSessions) MUST remain in camelCase mode.
                                    
                                    
                                    
                                        
                                            Java Property
                                        
                                        
                                            YAML Property
                                        
                                        
                                            System Property
                                        
                                        
                                            Environment Variable
                                        
                                        
                                            Commandline Argument
                                        
                                    
                                    
                                        
                                        

                                            CAS properties can be specified using the Java configuration property syntax in any and all
                                            .properties files:
                                            
1
cas.authn.ldap[0].type=AUTHENTICATED



                                            
                                            This is the most common form of property configuration that is recognized by CAS, regardless
                                            of the actual property source, which might in fact be managed separately outside the CAS environment, by another system
                                            or cloud framework.
                                        
                                        CAS properties can be specified using the YAML syntax:
1
cas: 
  authn: 
    - ldap: 
      type: 



                                            

                                            
                                            Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result
                                            with your YAML validator of choice.
                                        
                                        
                                            CAS properties can be passed to the CAS web application as system properties, when the application is launched:
                                            
1
java -Dcas.authn.ldap[0].type="AUTHENTICATED" -jar build/libs/cas.war


                                            
                                            The above example assumes that the CAS web application is packaged as cas.war
                                            with an embedded server container and can be found in the build/libs directory. Note the placement of the system property which must be
                                            specified before the CAS web application is launched.
                                        
                                        
                                            CAS properties can specified as system environment variables before the CAS web application is launched:
                                            

1
2
3
export CAS_AUTHN_LDAP[0]_TYPE="AUTHENTICATED"

java -jar build/libs/cas.war


                                            
                                            The above example assumes that the CAS web application is packaged as cas.war
                                            with an embedded server container  and can be found in the build/libs directory.
                                        
                                        
                                            CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:
                                            
1
java -jar build/libs/cas.war --cas.authn.ldap[0].type="AUTHENTICATED"



                                            
                                            The above example assumes that the CAS web application is packaged as cas.war
                                            with an embedded server container and can be found in the build/libs directory.
                                        
                                    
                                
                            
                        
                    
                    
        </div></td>
</tr>

_{The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This
flag indicates that the presence of the setting
is not immediately necessary in the end-user CAS configuration, because a default value is assigned or
the activation of the feature is not conditionally controlled by the setting value. You should only include this field in your
configuration if you need to modify the default value.}

cas.authn.ldap=

Collection of settings related to LDAP authentication. These settings are required to be indexed (i.e. ldap[0].xyz).

org.apereo.cas.configuration.model.core.authentication.AuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    ldap: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].password-encoder.character-encoding=UTF-8

The encoding algorithm to use such as 'UTF-8'. Relevant when the type used is DEFAULT.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].password-encoder.character-encoding=UTF-8

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      password-encoder: 
        character-encoding: "UTF-8"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].password-encoder.character-encoding="UTF-8" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PASSWORD_ENCODER_CHARACTER_ENCODING="UTF-8"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].password-encoder.character-encoding="UTF-8"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].password-encoder.hash-length=16

When used by PasswordEncoderTypes#ARGON2, it indicates the hash strength/length.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].password-encoder.hash-length=16

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      password-encoder: 
        hash-length: "16"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].password-encoder.hash-length="16" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PASSWORD_ENCODER_HASH_LENGTH="16"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].password-encoder.hash-length="16"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].password-encoder.secret=

Secret to use with PasswordEncoderTypes#STANDARD, PasswordEncoderTypes#PBKDF2, PasswordEncoderTypes#BCRYPT, PasswordEncoderTypes#GLIBC_CRYPT password encoders. Secret usually is an optional setting.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].password-encoder.secret=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      password-encoder: 
        secret: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].password-encoder.secret="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PASSWORD_ENCODER_SECRET="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].password-encoder.secret="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].password-encoder.strength=16

Strength or number of iterations to use for password hashing. Usually relevant when dealing with PasswordEncoderTypes#PBKDF2, PasswordEncoderTypes#BCRYPT or PasswordEncoderTypes#GLIBC_CRYPT. When used by PasswordEncoderTypes#ARGON2, it indicates the salt strength.

org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].password-encoder.strength=16

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      password-encoder: 
        strength: "16"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].password-encoder.strength="16" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PASSWORD_ENCODER_STRENGTH="16"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].password-encoder.strength="16"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].principal-transformation.blocking-pattern=

A regular expression that will be used against the username to match for blocking/forbidden values. If a match is found, an exception will be thrown and principal transformation will fail.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].principal-transformation.blocking-pattern=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      principal-transformation: 
        blocking-pattern: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].principal-transformation.blocking-pattern="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PRINCIPAL_TRANSFORMATION_BLOCKING_PATTERN="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].principal-transformation.blocking-pattern="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].principal-transformation.case-conversion=NONE

Indicate whether the principal identifier should be transformed into upper-case, lower-case, etc. Available values are as follows:

NONE: No conversion.
LOWERCASE: Lowercase conversion.
UPPERCASE: Uppercase conversion.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].principal-transformation.case-conversion=NONE

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      principal-transformation: 
        case-conversion: "NONE"

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].principal-transformation.case-conversion="NONE" -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PRINCIPAL_TRANSFORMATION_CASE_CONVERSION="NONE"

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].principal-transformation.case-conversion="NONE"

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].principal-transformation.pattern=

A regular expression that will be used against the provided username for username extractions. On a successful match, the first matched group in the pattern will be used as the extracted username.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].principal-transformation.pattern=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      principal-transformation: 
        pattern: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].principal-transformation.pattern="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PRINCIPAL_TRANSFORMATION_PATTERN="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].principal-transformation.pattern="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].principal-transformation.prefix=

Prefix to add to the principal id prior to authentication.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].principal-transformation.prefix=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      principal-transformation: 
        prefix: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].principal-transformation.prefix="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PRINCIPAL_TRANSFORMATION_PREFIX="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].principal-transformation.prefix="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].principal-transformation.suffix=

Suffix to add to the principal id prior to authentication.

org.apereo.cas.configuration.model.core.authentication.PrincipalTransformationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].principal-transformation.suffix=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      principal-transformation: 
        suffix: "..."

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].principal-transformation.suffix="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_PRINCIPAL_TRANSFORMATION_SUFFIX="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].principal-transformation.suffix="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].additional-attributes=

List of additional attributes to retrieve, if any.

org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].additional-attributes=...

CAS properties can be specified using the YAML syntax:

cas: 
  authn: 
    - ldap: 
      additional-attributes: 

Note that YAML is very specific about structure and indentation. Be sure to verify the correctness of the final result with your YAML validator of choice.

CAS properties can be passed to the CAS web application as system properties, when the application is launched:

java -Dcas.authn.ldap[0].additional-attributes="..." -jar build/libs/cas.war

CAS properties can specified as system environment variables before the CAS web application is launched:

export CAS_AUTHN_LDAP[0]_ADDITIONAL_ATTRIBUTES="..."

java -jar build/libs/cas.war

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

CAS properties can be passed to the CAS web application as command-line arguments, when the application is launched:

java -jar build/libs/cas.war --cas.authn.ldap[0].additional-attributes="..."

The above example assumes that the CAS web application is packaged as cas.war with an embedded server container and can be found in the build/libs directory.

cas.authn.ldap[0].allow-missing-principal-attribute-value=true

Flag to indicate whether CAS should block authentication if a specific/configured principal id attribute is not found.

org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties.

_{How can I configure this property?}

Configuration properties can be included and activated using the following strategies.

:information_source: Note

CAS properties can be specified using the Java configuration property syntax in any and all .properties files:

cas.authn.ldap[0].allow-missing-principal-attribute-value=true