0
# Tenant Policies
1
2
Complete tenant configuration model with separate policy objects for different aspects of authentication, communication, delegation, and multifactor authentication. Each tenant can have customized policies that control behavior specific to that organization or environment.
3
4
## Capabilities
5
6
### TenantDefinition Class
7
8
The core tenant configuration class that aggregates all policy types and tenant metadata.
9
10
```java { .api }
11
/**
12
* Complete tenant configuration with all policies
13
* Implements Serializable for storage and Jackson annotations for JSON serialization
14
*/
15
public class TenantDefinition implements Serializable {
16
17
/**
18
* Unique identifier for the tenant
19
* @return tenant ID string
20
*/
21
public String getId();
22
public void setId(String id);
23
24
/**
25
* Human-readable description of the tenant
26
* @return tenant description
27
*/
28
public String getDescription();
29
public void setDescription(String description);
30
31
/**
32
* Authentication policy defining authentication handlers and protocols
33
* @return TenantAuthenticationPolicy instance
34
*/
35
public TenantAuthenticationPolicy getAuthenticationPolicy();
36
public void setAuthenticationPolicy(TenantAuthenticationPolicy authenticationPolicy);
37
38
/**
39
* Communication policy for email and messaging configuration
40
* @return TenantCommunicationPolicy instance
41
*/
42
public TenantCommunicationPolicy getCommunicationPolicy();
43
public void setCommunicationPolicy(TenantCommunicationPolicy communicationPolicy);
44
45
/**
46
* Delegated authentication policy for external identity providers
47
* @return TenantDelegatedAuthenticationPolicy instance
48
*/
49
public TenantDelegatedAuthenticationPolicy getDelegatedAuthenticationPolicy();
50
public void setDelegatedAuthenticationPolicy(TenantDelegatedAuthenticationPolicy delegatedAuthenticationPolicy);
51
52
/**
53
* Multifactor authentication policy for MFA provider configuration
54
* @return TenantMultifactorAuthenticationPolicy instance
55
*/
56
public TenantMultifactorAuthenticationPolicy getMultifactorAuthenticationPolicy();
57
public void setMultifactorAuthenticationPolicy(TenantMultifactorAuthenticationPolicy multifactorAuthenticationPolicy);
58
}
59
```
60
61
**Usage Example:**
62
63
```java
64
import org.apereo.cas.multitenancy.*;
65
66
// Create and configure a tenant definition
67
TenantDefinition tenant = new TenantDefinition();
68
tenant.setId("acme-corp");
69
tenant.setDescription("ACME Corporation Tenant");
70
71
// Configure authentication policy
72
DefaultTenantAuthenticationPolicy authPolicy = new DefaultTenantAuthenticationPolicy();
73
authPolicy.setAuthenticationHandlers(Arrays.asList("ldapHandler", "databaseHandler"));
74
tenant.setAuthenticationPolicy(authPolicy);
75
76
// Configure communication policy
77
DefaultTenantCommunicationPolicy commPolicy = new DefaultTenantCommunicationPolicy();
78
TenantEmailCommunicationPolicy emailPolicy = new TenantEmailCommunicationPolicy();
79
emailPolicy.setHost("smtp.acme-corp.com");
80
emailPolicy.setPort(587);
81
emailPolicy.setFrom("noreply@acme-corp.com");
82
commPolicy.setEmailCommunicationPolicy(emailPolicy);
83
tenant.setCommunicationPolicy(commPolicy);
84
```
85
86
## Authentication Policy
87
88
### TenantAuthenticationPolicy Interface
89
90
Defines authentication behavior including allowed handlers and protocol support.
91
92
```java { .api }
93
/**
94
* Policy defining authentication behavior for a tenant
95
*/
96
public interface TenantAuthenticationPolicy extends Serializable {
97
98
/**
99
* Get list of allowed authentication handler names for this tenant
100
* @return List of authentication handler identifiers
101
*/
102
List<String> getAuthenticationHandlers();
103
104
/**
105
* Get authentication protocol policy defining supported CAS protocols
106
* @return TenantAuthenticationProtocolPolicy instance
107
*/
108
TenantAuthenticationProtocolPolicy getAuthenticationProtocolPolicy();
109
}
110
```
111
112
### DefaultTenantAuthenticationPolicy Implementation
113
114
```java { .api }
115
/**
116
* Default implementation of TenantAuthenticationPolicy
117
*/
118
public class DefaultTenantAuthenticationPolicy implements TenantAuthenticationPolicy {
119
120
/**
121
* List of authentication handler names allowed for this tenant
122
*/
123
public List<String> getAuthenticationHandlers();
124
public void setAuthenticationHandlers(List<String> authenticationHandlers);
125
126
/**
127
* Protocol policy for supported authentication protocols
128
*/
129
public TenantAuthenticationProtocolPolicy getAuthenticationProtocolPolicy();
130
public void setAuthenticationProtocolPolicy(TenantAuthenticationProtocolPolicy authenticationProtocolPolicy);
131
}
132
```
133
134
### TenantAuthenticationProtocolPolicy Interface
135
136
```java { .api }
137
/**
138
* Policy for supported CAS protocol versions
139
*/
140
@FunctionalInterface
141
public interface TenantAuthenticationProtocolPolicy extends Serializable {
142
143
/**
144
* Collection of CAS protocol versions that this tenant supports
145
* @return Set of supported protocol version strings (e.g., "CAS30", "CAS20")
146
*/
147
Set<String> getSupportedProtocols();
148
}
149
```
150
151
### TenantCasAuthenticationProtocolPolicy Implementation
152
153
```java { .api }
154
/**
155
* CAS-specific protocol policy implementation
156
*/
157
public class TenantCasAuthenticationProtocolPolicy implements TenantAuthenticationProtocolPolicy {
158
159
/**
160
* Set of supported CAS protocol versions
161
*/
162
public Set<String> getSupportedProtocols();
163
public void setSupportedProtocols(Set<String> supportedProtocols);
164
}
165
```
166
167
**Authentication Policy Usage:**
168
169
```java
170
// Configure authentication policy
171
DefaultTenantAuthenticationPolicy authPolicy = new DefaultTenantAuthenticationPolicy();
172
173
// Set allowed authentication handlers
174
authPolicy.setAuthenticationHandlers(Arrays.asList(
175
"ldapAuthenticationHandler",
176
"databaseAuthenticationHandler",
177
"x509AuthenticationHandler"
178
));
179
180
// Configure protocol support
181
TenantCasAuthenticationProtocolPolicy protocolPolicy = new TenantCasAuthenticationProtocolPolicy();
182
protocolPolicy.setSupportedProtocols(Set.of("CAS30", "CAS20", "SAML11"));
183
authPolicy.setAuthenticationProtocolPolicy(protocolPolicy);
184
```
185
186
## Communication Policy
187
188
### TenantCommunicationPolicy Interface
189
190
```java { .api }
191
/**
192
* Policy for tenant communication settings
193
*/
194
@FunctionalInterface
195
public interface TenantCommunicationPolicy extends Serializable {
196
197
/**
198
* Get email communication configuration for this tenant
199
* @return TenantEmailCommunicationPolicy with SMTP settings
200
*/
201
TenantEmailCommunicationPolicy getEmailCommunicationPolicy();
202
}
203
```
204
205
### DefaultTenantCommunicationPolicy Implementation
206
207
```java { .api }
208
/**
209
* Default implementation of TenantCommunicationPolicy
210
*/
211
public class DefaultTenantCommunicationPolicy implements TenantCommunicationPolicy {
212
213
/**
214
* Email communication policy configuration
215
*/
216
public TenantEmailCommunicationPolicy getEmailCommunicationPolicy();
217
public void setEmailCommunicationPolicy(TenantEmailCommunicationPolicy emailCommunicationPolicy);
218
}
219
```
220
221
### TenantEmailCommunicationPolicy Class
222
223
```java { .api }
224
/**
225
* Email server configuration for tenant communications
226
*/
227
public class TenantEmailCommunicationPolicy implements Serializable {
228
229
/**
230
* SMTP server hostname
231
*/
232
public String getHost();
233
public void setHost(String host);
234
235
/**
236
* SMTP server port number
237
*/
238
public int getPort();
239
public void setPort(int port);
240
241
/**
242
* SMTP authentication username
243
*/
244
public String getUsername();
245
public void setUsername(String username);
246
247
/**
248
* SMTP authentication password
249
*/
250
public String getPassword();
251
public void setPassword(String password);
252
253
/**
254
* From email address for outgoing messages
255
*/
256
public String getFrom();
257
public void setFrom(String from);
258
}
259
```
260
261
**Communication Policy Usage:**
262
263
```java
264
// Configure email communication
265
TenantEmailCommunicationPolicy emailPolicy = new TenantEmailCommunicationPolicy();
266
emailPolicy.setHost("smtp.organization.com");
267
emailPolicy.setPort(587);
268
emailPolicy.setUsername("cas-system");
269
emailPolicy.setPassword("secure-password");
270
emailPolicy.setFrom("noreply@organization.com");
271
272
DefaultTenantCommunicationPolicy commPolicy = new DefaultTenantCommunicationPolicy();
273
commPolicy.setEmailCommunicationPolicy(emailPolicy);
274
```
275
276
## Delegated Authentication Policy
277
278
### TenantDelegatedAuthenticationPolicy Interface
279
280
```java { .api }
281
/**
282
* Policy for external identity provider delegation
283
*/
284
@FunctionalInterface
285
public interface TenantDelegatedAuthenticationPolicy extends Serializable {
286
287
/**
288
* Get list of allowed external identity providers for this tenant
289
* @return List of external provider identifiers (e.g., "Google", "GitHub", "SAML-IDP1")
290
*/
291
List<String> getAllowedProviders();
292
}
293
```
294
295
### DefaultTenantDelegatedAuthenticationPolicy Implementation
296
297
```java { .api }
298
/**
299
* Default implementation of TenantDelegatedAuthenticationPolicy
300
*/
301
public class DefaultTenantDelegatedAuthenticationPolicy implements TenantDelegatedAuthenticationPolicy {
302
303
/**
304
* List of allowed external identity provider identifiers
305
*/
306
public List<String> getAllowedProviders();
307
public void setAllowedProviders(List<String> allowedProviders);
308
}
309
```
310
311
**Delegated Authentication Usage:**
312
313
```java
314
// Configure delegated authentication
315
DefaultTenantDelegatedAuthenticationPolicy delegatedPolicy = new DefaultTenantDelegatedAuthenticationPolicy();
316
delegatedPolicy.setAllowedProviders(Arrays.asList(
317
"GoogleOAuth",
318
"GitHubOAuth",
319
"SAML-Corporate-IDP",
320
"OIDC-Azure-AD"
321
));
322
```
323
324
## Multifactor Authentication Policy
325
326
### TenantMultifactorAuthenticationPolicy Interface
327
328
```java { .api }
329
/**
330
* Policy for multifactor authentication providers
331
*/
332
@FunctionalInterface
333
public interface TenantMultifactorAuthenticationPolicy extends Serializable {
334
335
/**
336
* Get set of global MFA provider IDs enabled for this tenant
337
* @return Set of MFA provider identifiers (e.g., "mfa-duo", "mfa-totp", "mfa-yubikey")
338
*/
339
Set<String> getGlobalProviderIds();
340
}
341
```
342
343
### DefaultTenantMultifactorAuthenticationPolicy Implementation
344
345
```java { .api }
346
/**
347
* Default implementation of TenantMultifactorAuthenticationPolicy
348
*/
349
public class DefaultTenantMultifactorAuthenticationPolicy implements TenantMultifactorAuthenticationPolicy {
350
351
/**
352
* Set of global MFA provider identifiers
353
*/
354
public Set<String> getGlobalProviderIds();
355
public void setGlobalProviderIds(Set<String> globalProviderIds);
356
}
357
```
358
359
**MFA Policy Usage:**
360
361
```java
362
// Configure multifactor authentication
363
DefaultTenantMultifactorAuthenticationPolicy mfaPolicy = new DefaultTenantMultifactorAuthenticationPolicy();
364
mfaPolicy.setGlobalProviderIds(Set.of(
365
"mfa-duo-security",
366
"mfa-google-authenticator",
367
"mfa-yubikey",
368
"mfa-sms"
369
));
370
```
371
372
## Complete Configuration Example
373
374
```java
375
import org.apereo.cas.multitenancy.*;
376
import java.util.*;
377
378
// Create complete tenant definition
379
TenantDefinition tenant = new TenantDefinition();
380
tenant.setId("enterprise-client");
381
tenant.setDescription("Enterprise Client Organization");
382
383
// Authentication policy
384
DefaultTenantAuthenticationPolicy authPolicy = new DefaultTenantAuthenticationPolicy();
385
authPolicy.setAuthenticationHandlers(Arrays.asList("ldap", "database"));
386
387
TenantCasAuthenticationProtocolPolicy protocolPolicy = new TenantCasAuthenticationProtocolPolicy();
388
protocolPolicy.setSupportedProtocols(Set.of("CAS30", "CAS20"));
389
authPolicy.setAuthenticationProtocolPolicy(protocolPolicy);
390
tenant.setAuthenticationPolicy(authPolicy);
391
392
// Communication policy
393
DefaultTenantCommunicationPolicy commPolicy = new DefaultTenantCommunicationPolicy();
394
TenantEmailCommunicationPolicy emailPolicy = new TenantEmailCommunicationPolicy();
395
emailPolicy.setHost("smtp.enterprise.com");
396
emailPolicy.setPort(587);
397
emailPolicy.setFrom("cas@enterprise.com");
398
commPolicy.setEmailCommunicationPolicy(emailPolicy);
399
tenant.setCommunicationPolicy(commPolicy);
400
401
// Delegated authentication policy
402
DefaultTenantDelegatedAuthenticationPolicy delegatedPolicy = new DefaultTenantDelegatedAuthenticationPolicy();
403
delegatedPolicy.setAllowedProviders(Arrays.asList("Corporate-SAML", "Google-OAuth"));
404
tenant.setDelegatedAuthenticationPolicy(delegatedPolicy);
405
406
// MFA policy
407
DefaultTenantMultifactorAuthenticationPolicy mfaPolicy = new DefaultTenantMultifactorAuthenticationPolicy();
408
mfaPolicy.setGlobalProviderIds(Set.of("mfa-duo", "mfa-totp"));
409
tenant.setMultifactorAuthenticationPolicy(mfaPolicy);
410
```