WORKERS AHEAD!

You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.

Credential Authentication - REST Protocol

Similar to asking for ticket-granting tickets, this endpoint allows one to only verify the validity of provided credentials as they are extracted from the request body:

POST /cas/v1/users HTTP/1.0

username=battags&password=password

You may also specify a service parameter to verify whether the authenticated user may be allowed to access the given service. While the above example shows username and password as the provided credentials, you are practically allowed to provide multiple sets and different types of credentials provided CAS is equipped to extract and recognize those from the request body.

A successful response will produce a 200 OK status code along with a JSON representation of the authentication result, which may include the authentication object, authenticated principal along with any captured attributes and/or metadata fetched for the authenticated user.

Customizations

If you wish to control the REST authentication policy to determine which attempts are allowed to proceed, you may define the following bean definition in your environment:

@AutoConfiguration
public class MyConfiguration {
    @Bean
    public AuthenticationPolicy restAuthenticationPolicy() {
        return new MyAuthenticationPolicy();
    }
}

A more comprehensive option would be to take full control of the REST authentication attempt via the following bean definition:

@AutoConfiguration
public class MyConfiguration {
    @Bean
    public RestAuthenticationService restAuthenticationService() {
        return new MyRestAuthenticationService();
    }
}

See this guide to learn more about how to register configurations into the CAS runtime.