Authentication Policy

CAS presents a number of strategies for handling authentication security policies. Policies in general control the following:

  1. Should the authentication chain be stopped after a certain kind of authentication failure?
  2. Given multiple authentication handlers in a chain, what constitutes a successful authentication event?

Policies are typically activated after:

  1. An authentication failure has occurred.
  2. The authentication chain has finished execution.

Typical use cases of authentication policies may include:

  1. Enforce a specific authentication’s successful execution, for the entire authentication event to be considered successful.
  2. Ensure a specific class of failure is not evident in the authentication chain’s execution log.
  3. Ensure that all authentication schemes in the chain are executed successfully, for the entire authentication event to be considered successful.

Actuator Endpoints

The following endpoints are provided by CAS:

 Get available authentication policies.

 Get available authentication policy by name.


Policies

Authentication policies can be managed via the following strategies.

Storage Description
All See this guide.
Any See this guide.
Global See this guide.
Groovy See this guide.
Not Prevented See this guide.
Required See this guide.
REST See this guide.
Source Selection See this guide.
Unique Principal See this guide.

Authentication policies may also be defined on a per application basis. See this guide for more info.