tessl/maven-org-apereo-cas--cas-server-core-multitenancy
Apereo CAS Core Multitenancy library providing tenant management capabilities for Central Authentication Service
—
Pending
tenant-policies.mddocs/
Tenant Policies
Complete tenant configuration model with separate policy objects for different aspects of authentication, communication, delegation, and multifactor authentication. Each tenant can have customized policies that control behavior specific to that organization or environment.
Capabilities
TenantDefinition Class
The core tenant configuration class that aggregates all policy types and tenant metadata.
/**
* Complete tenant configuration with all policies
* Implements Serializable for storage and Jackson annotations for JSON serialization
*/
public class TenantDefinition implements Serializable {
/**
* Unique identifier for the tenant
* @return tenant ID string
*/
public String getId();
public void setId(String id);
/**
* Human-readable description of the tenant
* @return tenant description
*/
public String getDescription();
public void setDescription(String description);
/**
* Authentication policy defining authentication handlers and protocols
* @return TenantAuthenticationPolicy instance
*/
public TenantAuthenticationPolicy getAuthenticationPolicy();
public void setAuthenticationPolicy(TenantAuthenticationPolicy authenticationPolicy);
/**
* Communication policy for email and messaging configuration
* @return TenantCommunicationPolicy instance
*/
public TenantCommunicationPolicy getCommunicationPolicy();
public void setCommunicationPolicy(TenantCommunicationPolicy communicationPolicy);
/**
* Delegated authentication policy for external identity providers
* @return TenantDelegatedAuthenticationPolicy instance
*/
public TenantDelegatedAuthenticationPolicy getDelegatedAuthenticationPolicy();
public void setDelegatedAuthenticationPolicy(TenantDelegatedAuthenticationPolicy delegatedAuthenticationPolicy);
/**
* Multifactor authentication policy for MFA provider configuration
* @return TenantMultifactorAuthenticationPolicy instance
*/
public TenantMultifactorAuthenticationPolicy getMultifactorAuthenticationPolicy();
public void setMultifactorAuthenticationPolicy(TenantMultifactorAuthenticationPolicy multifactorAuthenticationPolicy);
}Usage Example:
import org.apereo.cas.multitenancy.*;
// Create and configure a tenant definition
TenantDefinition tenant = new TenantDefinition();
tenant.setId("acme-corp");
tenant.setDescription("ACME Corporation Tenant");
// Configure authentication policy
DefaultTenantAuthenticationPolicy authPolicy = new DefaultTenantAuthenticationPolicy();
authPolicy.setAuthenticationHandlers(Arrays.asList("ldapHandler", "databaseHandler"));
tenant.setAuthenticationPolicy(authPolicy);
// Configure communication policy
DefaultTenantCommunicationPolicy commPolicy = new DefaultTenantCommunicationPolicy();
TenantEmailCommunicationPolicy emailPolicy = new TenantEmailCommunicationPolicy();
emailPolicy.setHost("smtp.acme-corp.com");
emailPolicy.setPort(587);
emailPolicy.setFrom("noreply@acme-corp.com");
commPolicy.setEmailCommunicationPolicy(emailPolicy);
tenant.setCommunicationPolicy(commPolicy);Authentication Policy
TenantAuthenticationPolicy Interface
Defines authentication behavior including allowed handlers and protocol support.
/**
* Policy defining authentication behavior for a tenant
*/
public interface TenantAuthenticationPolicy extends Serializable {
/**
* Get list of allowed authentication handler names for this tenant
* @return List of authentication handler identifiers
*/
List<String> getAuthenticationHandlers();
/**
* Get authentication protocol policy defining supported CAS protocols
* @return TenantAuthenticationProtocolPolicy instance
*/
TenantAuthenticationProtocolPolicy getAuthenticationProtocolPolicy();
}DefaultTenantAuthenticationPolicy Implementation
/**
* Default implementation of TenantAuthenticationPolicy
*/
public class DefaultTenantAuthenticationPolicy implements TenantAuthenticationPolicy {
/**
* List of authentication handler names allowed for this tenant
*/
public List<String> getAuthenticationHandlers();
public void setAuthenticationHandlers(List<String> authenticationHandlers);
/**
* Protocol policy for supported authentication protocols
*/
public TenantAuthenticationProtocolPolicy getAuthenticationProtocolPolicy();
public void setAuthenticationProtocolPolicy(TenantAuthenticationProtocolPolicy authenticationProtocolPolicy);
}TenantAuthenticationProtocolPolicy Interface
/**
* Policy for supported CAS protocol versions
*/
@FunctionalInterface
public interface TenantAuthenticationProtocolPolicy extends Serializable {
/**
* Collection of CAS protocol versions that this tenant supports
* @return Set of supported protocol version strings (e.g., "CAS30", "CAS20")
*/
Set<String> getSupportedProtocols();
}TenantCasAuthenticationProtocolPolicy Implementation
/**
* CAS-specific protocol policy implementation
*/
public class TenantCasAuthenticationProtocolPolicy implements TenantAuthenticationProtocolPolicy {
/**
* Set of supported CAS protocol versions
*/
public Set<String> getSupportedProtocols();
public void setSupportedProtocols(Set<String> supportedProtocols);
}Authentication Policy Usage:
// Configure authentication policy
DefaultTenantAuthenticationPolicy authPolicy = new DefaultTenantAuthenticationPolicy();
// Set allowed authentication handlers
authPolicy.setAuthenticationHandlers(Arrays.asList(
"ldapAuthenticationHandler",
"databaseAuthenticationHandler",
"x509AuthenticationHandler"
));
// Configure protocol support
TenantCasAuthenticationProtocolPolicy protocolPolicy = new TenantCasAuthenticationProtocolPolicy();
protocolPolicy.setSupportedProtocols(Set.of("CAS30", "CAS20", "SAML11"));
authPolicy.setAuthenticationProtocolPolicy(protocolPolicy);Communication Policy
TenantCommunicationPolicy Interface
/**
* Policy for tenant communication settings
*/
@FunctionalInterface
public interface TenantCommunicationPolicy extends Serializable {
/**
* Get email communication configuration for this tenant
* @return TenantEmailCommunicationPolicy with SMTP settings
*/
TenantEmailCommunicationPolicy getEmailCommunicationPolicy();
}DefaultTenantCommunicationPolicy Implementation
/**
* Default implementation of TenantCommunicationPolicy
*/
public class DefaultTenantCommunicationPolicy implements TenantCommunicationPolicy {
/**
* Email communication policy configuration
*/
public TenantEmailCommunicationPolicy getEmailCommunicationPolicy();
public void setEmailCommunicationPolicy(TenantEmailCommunicationPolicy emailCommunicationPolicy);
}TenantEmailCommunicationPolicy Class
/**
* Email server configuration for tenant communications
*/
public class TenantEmailCommunicationPolicy implements Serializable {
/**
* SMTP server hostname
*/
public String getHost();
public void setHost(String host);
/**
* SMTP server port number
*/
public int getPort();
public void setPort(int port);
/**
* SMTP authentication username
*/
public String getUsername();
public void setUsername(String username);
/**
* SMTP authentication password
*/
public String getPassword();
public void setPassword(String password);
/**
* From email address for outgoing messages
*/
public String getFrom();
public void setFrom(String from);
}Communication Policy Usage:
// Configure email communication
TenantEmailCommunicationPolicy emailPolicy = new TenantEmailCommunicationPolicy();
emailPolicy.setHost("smtp.organization.com");
emailPolicy.setPort(587);
emailPolicy.setUsername("cas-system");
emailPolicy.setPassword("secure-password");
emailPolicy.setFrom("noreply@organization.com");
DefaultTenantCommunicationPolicy commPolicy = new DefaultTenantCommunicationPolicy();
commPolicy.setEmailCommunicationPolicy(emailPolicy);Delegated Authentication Policy
TenantDelegatedAuthenticationPolicy Interface
/**
* Policy for external identity provider delegation
*/
@FunctionalInterface
public interface TenantDelegatedAuthenticationPolicy extends Serializable {
/**
* Get list of allowed external identity providers for this tenant
* @return List of external provider identifiers (e.g., "Google", "GitHub", "SAML-IDP1")
*/
List<String> getAllowedProviders();
}DefaultTenantDelegatedAuthenticationPolicy Implementation
/**
* Default implementation of TenantDelegatedAuthenticationPolicy
*/
public class DefaultTenantDelegatedAuthenticationPolicy implements TenantDelegatedAuthenticationPolicy {
/**
* List of allowed external identity provider identifiers
*/
public List<String> getAllowedProviders();
public void setAllowedProviders(List<String> allowedProviders);
}Delegated Authentication Usage:
// Configure delegated authentication
DefaultTenantDelegatedAuthenticationPolicy delegatedPolicy = new DefaultTenantDelegatedAuthenticationPolicy();
delegatedPolicy.setAllowedProviders(Arrays.asList(
"GoogleOAuth",
"GitHubOAuth",
"SAML-Corporate-IDP",
"OIDC-Azure-AD"
));Multifactor Authentication Policy
TenantMultifactorAuthenticationPolicy Interface
/**
* Policy for multifactor authentication providers
*/
@FunctionalInterface
public interface TenantMultifactorAuthenticationPolicy extends Serializable {
/**
* Get set of global MFA provider IDs enabled for this tenant
* @return Set of MFA provider identifiers (e.g., "mfa-duo", "mfa-totp", "mfa-yubikey")
*/
Set<String> getGlobalProviderIds();
}DefaultTenantMultifactorAuthenticationPolicy Implementation
/**
* Default implementation of TenantMultifactorAuthenticationPolicy
*/
public class DefaultTenantMultifactorAuthenticationPolicy implements TenantMultifactorAuthenticationPolicy {
/**
* Set of global MFA provider identifiers
*/
public Set<String> getGlobalProviderIds();
public void setGlobalProviderIds(Set<String> globalProviderIds);
}MFA Policy Usage:
// Configure multifactor authentication
DefaultTenantMultifactorAuthenticationPolicy mfaPolicy = new DefaultTenantMultifactorAuthenticationPolicy();
mfaPolicy.setGlobalProviderIds(Set.of(
"mfa-duo-security",
"mfa-google-authenticator",
"mfa-yubikey",
"mfa-sms"
));Complete Configuration Example
import org.apereo.cas.multitenancy.*;
import java.util.*;
// Create complete tenant definition
TenantDefinition tenant = new TenantDefinition();
tenant.setId("enterprise-client");
tenant.setDescription("Enterprise Client Organization");
// Authentication policy
DefaultTenantAuthenticationPolicy authPolicy = new DefaultTenantAuthenticationPolicy();
authPolicy.setAuthenticationHandlers(Arrays.asList("ldap", "database"));
TenantCasAuthenticationProtocolPolicy protocolPolicy = new TenantCasAuthenticationProtocolPolicy();
protocolPolicy.setSupportedProtocols(Set.of("CAS30", "CAS20"));
authPolicy.setAuthenticationProtocolPolicy(protocolPolicy);
tenant.setAuthenticationPolicy(authPolicy);
// Communication policy
DefaultTenantCommunicationPolicy commPolicy = new DefaultTenantCommunicationPolicy();
TenantEmailCommunicationPolicy emailPolicy = new TenantEmailCommunicationPolicy();
emailPolicy.setHost("smtp.enterprise.com");
emailPolicy.setPort(587);
emailPolicy.setFrom("cas@enterprise.com");
commPolicy.setEmailCommunicationPolicy(emailPolicy);
tenant.setCommunicationPolicy(commPolicy);
// Delegated authentication policy
DefaultTenantDelegatedAuthenticationPolicy delegatedPolicy = new DefaultTenantDelegatedAuthenticationPolicy();
delegatedPolicy.setAllowedProviders(Arrays.asList("Corporate-SAML", "Google-OAuth"));
tenant.setDelegatedAuthenticationPolicy(delegatedPolicy);
// MFA policy
DefaultTenantMultifactorAuthenticationPolicy mfaPolicy = new DefaultTenantMultifactorAuthenticationPolicy();
mfaPolicy.setGlobalProviderIds(Set.of("mfa-duo", "mfa-totp"));
tenant.setMultifactorAuthenticationPolicy(mfaPolicy);Install with Tessl CLI
npx tessl i tessl/maven-org-apereo-cas--cas-server-core-multitenancy