WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Custom
For an overview of the delegated authentication flow, please see this guide.
Delegated or external identity providers can be customized in a variety of ways. You can customize and modify the configuration of an existing identity provider built by CAS to change or override certain aspects of its behavior, or you could register an entirely new identity provider with CAS.
Existing Identity Provider
To customize and modify the configuration of an existing identity provider, you will need to build and register
the following @Bean
in your project:
1
2
3
4
5
6
7
8
@Bean
public DelegatedClientFactoryCustomizer myCustomizer() {
return client -> {
if (client instanceof MyClient myClient) {
// Customize here...
}
};
}
See this guide to learn more about how to register configurations into the CAS runtime.
New Identity Provider
To register your own external identity provider with CAS, you will need to build and register
the following @Bean
in your project:
1
2
3
4
@Bean
public DelegatedIdentityProviderFactory pac4jDelegatedClientFactory() {
return new MyDelegatedIdentityProviderFactory();
}
The DelegatedIdentityProviderFactory
is responsible for (re)building the delegated identity provider instances. To learn
more about existing options that allow you to register identity providers with CAS,
please see this guide. Just as before,
see this guide to learn more about how to
register configurations into the CAS runtime.
If you don’t wish to build your own factory implementation, there is an easier option that allows you to
rely on the existing DelegatedIdentityProviderFactory
and simply build and supply the identity provider instances:
1
2
3
4
@Bean
public ConfigurableDelegatedClientBuilder myClientBuilder() {
return new MyDelegatedClientBuilder();
}
You may define as many ConfigurableDelegatedClientBuilder
instance you need. The DelegatedIdentityProviderFactory
will then automatically pick up the new identity provider instances, configure and initialize them for use with CAS.