Configure Service Custom Properties
CAS has ability to add arbitrary attributes to a registered service. These attributes are considered extra metadata about the service that indicate settings such as contact phone number, email, etc or extra attributes and fields that may be used by extensions for custom functionality on a per-service basis.
A sample JSON file follows:
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "^https://.+",
"name" : "sample service",
"id" : 100,
"properties" : {
"@class" : "java.util.HashMap",
"email" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "person@place.edu", "admin@place.edu" ] ]
}
}
}
Registered service property values can use the Spring Expression Language syntax.
Note that you may also extend the CAS configuration schema to define your own custom properties.
Supported Properties
The following properties are available and recognized by CAS for various modules and features:
Name | Default Value | Type | Group |
---|---|---|---|
wsfed.relyingPartyIdentifier
|
|
STRING
|
DELEGATED_AUTHN_WSFED
|
jwtAsServiceTicket
|
false
|
BOOLEAN
|
JWT_SERVICE_TICKETS
|
jwtAsServiceTicketCipherStrategyType
|
ENCRYPT_AND_SIGN
|
STRING
|
JWT_SERVICE_TICKETS
|
jwtAsServiceTicketSigningKey
|
|
STRING
|
JWT_SERVICE_TICKETS
|
jwtAsServiceTicketEncryptionKey
|
|
STRING
|
JWT_SERVICE_TICKETS
|
jwtAsServiceTicketEncryptionAlg
|
|
STRING
|
JWT_SERVICE_TICKETS
|
jwtAsServiceTicketSigningEnabled
|
true
|
BOOLEAN
|
JWT_SERVICE_TICKETS
|
jwtAsServiceTicketEncryptionEnabled
|
true
|
BOOLEAN
|
JWT_SERVICE_TICKETS
|
oidcDynamicClientRegistration
|
false
|
BOOLEAN
|
OIDC
|
oidcDynamicClientRegistrationDate
|
|
STRING
|
OIDC
|
oidcResponseModeAsJwtCipherStrategyType
|
|
STRING
|
OIDC
|
oidcResponseModeAsJwtCipherSigningEnabled
|
true
|
BOOLEAN
|
JWT_ACCESS_TOKENS
|
oidcResponseModeAsJwtCipherEncryptionEnabled
|
true
|
BOOLEAN
|
JWT_ACCESS_TOKENS
|
accessTokenAsJwtSigningKey
|
|
STRING
|
JWT_ACCESS_TOKENS
|
accessTokenAsJwtCipherStrategyType
|
ENCRYPT_AND_SIGN
|
STRING
|
JWT_ACCESS_TOKENS
|
accessTokenAsJwtSigningEnabled
|
true
|
BOOLEAN
|
JWT_ACCESS_TOKENS
|
accessTokenAsJwtEncryptionEnabled
|
false
|
BOOLEAN
|
JWT_ACCESS_TOKENS
|
accessTokenAsJwtEncryptionKey
|
|
STRING
|
JWT_ACCESS_TOKENS
|
accessTokenAsJwtEncryptionAlg
|
|
STRING
|
JWT_ACCESS_TOKENS
|
jwtSigningSecret
|
|
STRING
|
JWT_AUTHENTICATION
|
jwtSigningSecretAlg
|
HS256
|
STRING
|
JWT_AUTHENTICATION
|
jwtEncryptionSecret
|
|
STRING
|
JWT_AUTHENTICATION
|
jwtEncryptionSecretAlg
|
|
STRING
|
JWT_AUTHENTICATION
|
jwtEncryptionSecretMethod
|
A192CBC-HS384
|
STRING
|
JWT_AUTHENTICATION
|
jwtSecretsAreBase64Encoded
|
false
|
BOOLEAN
|
JWT_AUTHENTICATION
|
wildcardedServiceDefinition
|
false
|
BOOLEAN
|
REGISTERED_SERVICES
|
internalServiceDefinition
|
false
|
BOOLEAN
|
REGISTERED_SERVICES
|
skipRequiredServiceCheck
|
false
|
BOOLEAN
|
REGISTERED_SERVICES
|
httpHeaderEnableCacheControl
|
true
|
BOOLEAN
|
HTTP_HEADERS
|
httpHeaderEnableXContentOptions
|
true
|
BOOLEAN
|
HTTP_HEADERS
|
httpHeaderEnableStrictTransportSecurity
|
true
|
BOOLEAN
|
HTTP_HEADERS
|
httpHeaderStrictTransportSecurity
|
|
STRING
|
HTTP_HEADERS
|
httpHeaderEnableXFrameOptions
|
true
|
BOOLEAN
|
HTTP_HEADERS
|
httpHeaderXFrameOptions
|
DENY
|
STRING
|
HTTP_HEADERS
|
httpHeaderEnableContentSecurityPolicy
|
true
|
STRING
|
HTTP_HEADERS
|
httpHeaderEnableXSSProtection
|
true
|
BOOLEAN
|
HTTP_HEADERS
|
corsAllowCredentials
|
false
|
BOOLEAN
|
CORS
|
corsMaxAge
|
|
INTEGER
|
CORS
|
corsAllowedOrigins
|
|
STRING
|
CORS
|
corsAllowedOriginPatterns
|
|
STRING
|
CORS
|
corsAllowedMethods
|
|
STRING
|
CORS
|
corsAllowedHeaders
|
|
STRING
|
CORS
|
corsExposedHeaders
|
|
STRING
|
CORS
|
forceAuthn
|
|
BOOLEAN
|
DELEGATED_AUTHN
|
passiveAuthn
|
|
BOOLEAN
|
DELEGATED_AUTHN
|
AuthnRequestBindingType
|
|
STRING
|
DELEGATED_AUTHN_SAML2
|
AssertionConsumerServiceIndex
|
|
LONG
|
DELEGATED_AUTHN_SAML2
|
AttributeConsumingServiceIndex
|
|
LONG
|
DELEGATED_AUTHN_SAML2
|
ComparisonType
|
|
STRING
|
DELEGATED_AUTHN_SAML2
|
NameIdPolicyFormat
|
|
STRING
|
DELEGATED_AUTHN_SAML2
|
NameIdPolicyAllowCreate
|
|
BOOLEAN
|
DELEGATED_AUTHN_SAML2
|
ProviderName
|
|
STRING
|
DELEGATED_AUTHN_SAML2
|
IssuerFormat
|
|
STRING
|
DELEGATED_AUTHN_SAML2
|
UseNameQualifier
|
|
BOOLEAN
|
DELEGATED_AUTHN_SAML2
|
AuthnContextClassRefs
|
|
SET
|
DELEGATED_AUTHN_SAML2
|
NameIdAttribute
|
|
STRING
|
DELEGATED_AUTHN_SAML2
|
WantsAssertionsSigned
|
|
BOOLEAN
|
DELEGATED_AUTHN_SAML2
|
WantsResponsesSigned
|
|
BOOLEAN
|
DELEGATED_AUTHN_SAML2
|
MaximumAuthenticationLifetime
|
|
LONG
|
DELEGATED_AUTHN_SAML2
|
max_age
|
|
INTEGER
|
DELEGATED_AUTHN_OIDC
|
scope
|
|
STRING
|
DELEGATED_AUTHN_OIDC
|
response_type
|
|
STRING
|
DELEGATED_AUTHN_OIDC
|
response_mode
|
|
STRING
|
DELEGATED_AUTHN_OIDC
|
captchaIPAddressPattern
|
true
|
SET
|
RECAPTCHA
|
captchaEnabled
|
true
|
BOOLEAN
|
RECAPTCHA
|
scimOAuthToken
|
|
STRING
|
SCIM
|
scimUsername
|
|
STRING
|
SCIM
|
scimPassword
|
|
STRING
|
SCIM
|
scimTarget
|
|
STRING
|
SCIM
|