Entity Id Request Parameter - Multifactor Authentication Triggers
In situations where authentication is delegated to CAS, most commonly
via a Shibboleth Identity Provider, the entity id may be passed as
a request parameter to CAS to be treated as a CAS registered service.
This allows one to activate multifactor authentication policies based on the entity id that is registered
This allows one to activate multifactor authentication policies based on the entity id that is registered
in the CAS service registry. As a side benefit, the entity id can take advantage of all other CAS features
such as access strategies and authorization rules because it’s just another service definition known to CAS.
To learn more about integration options and to understand how to delegate authentication to CAS
from a Shibboleth identity provider, please see this guide.
Support is enabled by including the following dependency in the WAR overlay:
1
2
3
4
5
| <dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-shibboleth</artifactId>
<version>${cas.version}</version>
</dependency>
|
1
| implementation "org.apereo.cas:cas-server-support-shibboleth:${project.'cas.version'}"
|
1
2
3
4
5
6
7
8
9
| dependencyManagement {
imports {
mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
}
}
dependencies {
implementation "org.apereo.cas:cas-server-support-shibboleth"
}
|
1
2
3
4
5
6
7
8
9
10
| dependencies {
/*
The following platform references should be included automatically and are listed here for reference only.
implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
*/
implementation "org.apereo.cas:cas-server-support-shibboleth"
}
|
The entityId
parameter may be passed as such:
1
| https://.../cas/login?service=http://idp.example.org&entityId=the-entity-id-passed
|