QR Code Authentication

QR Code authentication is a strategy that allows the user to scan a QR code, generated by the CAS server, using a mobile device and subsequently login after having successfully validated it.

The QR code contains a special identifier embedded within that allows the mobile device to establish a communication channel using web sockets to the CAS server. Once established, the mobile device may collect credentials from the user and submit those to CAS for verification. The return result, expected as a JWT that is generated by CAS, is then passed along to the web socket channel for verification and successful login. Subsequent login attempts can allow for a completely passwordless scenario such that the mobile device can continue to re-use the JWT for authentication attempts, allowing the end user to scan and proceed.

Support is enabled by including the following dependency in the WAR overlay:

1
2
3
4
5
<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-qr-authentication</artifactId>
  <version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-qr-authentication:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
  imports {
    mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
  }
}

dependencies {  
  implementation "org.apereo.cas:cas-server-support-qr-authentication"
}

Actuator Endpoints

The following endpoints are provided by CAS: