WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Service Access Strategy - REST
This strategy allows one to configure a service access strategy with the following properties:
| Field | Description |
|---|---|
endpointUrl |
Endpoint that receives the authorization request from CAS for the authenticated principal. |
acceptableResponseCodes |
Comma-separated response codes that are considered accepted for service access. |
The objective of this policy is to ensure a remote endpoint can make service access decisions by
receiving the CAS authenticated principal as url parameter of a GET request. The response code that
the endpoint returns is then compared against the policy setting and if a match is found, access is granted.
Here is an example of the remote endpoint access strategy authorizing service access based on response code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "^https://app.example.org",
"id" : 1,
"accessStrategy" : {
"@class" : "org.apereo.cas.services.RemoteEndpointServiceAccessStrategy",
"endpointUrl" : "https://somewhere.example.org",
"acceptableResponseCodes" : "200,202",
"method": "GET",
"headers": {
"@class":"java.util.LinkedHashMap",
"Content-Type": "application/json"
}
}
}