tessl/maven-org-apereo-cas--cas-server-core-webflow-mfa-api
Core API for multifactor authentication webflow configuration in Apereo CAS providing interfaces and base classes for MFA provider integration
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-org-apereo-cas--cas-server-core-webflow-mfa-api@7.2.0index.mddocs/
CAS Server Core Webflow MFA API
The CAS Server Core Webflow MFA API provides the foundational interfaces and base classes for integrating multifactor authentication (MFA) providers into the Apereo Central Authentication Service webflow. This module serves as the core framework for MFA webflow configuration, event resolution, and provider orchestration within CAS deployments.
Package Information
- Package Name: cas-server-core-webflow-mfa-api
- Package Type: maven
- Language: Java 21
- Group ID: org.apereo.cas
- Installation: Include as Maven dependency in CAS modules
Core Imports
import org.apereo.cas.web.flow.configurer.AbstractCasMultifactorWebflowConfigurer;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowConfigurer;
import org.apereo.cas.web.flow.util.MultifactorAuthenticationWebflowUtils;
import org.apereo.cas.web.flow.actions.AbstractMultifactorAuthenticationAction;Basic Usage
// Extend base configurer to create custom MFA webflow
public class MyMfaWebflowConfigurer extends AbstractCasMultifactorWebflowConfigurer {
public MyMfaWebflowConfigurer(
FlowBuilderServices flowBuilderServices,
FlowDefinitionRegistry flowDefinitionRegistry,
ConfigurableApplicationContext applicationContext,
CasConfigurationProperties casProperties,
Optional<FlowDefinitionRegistry> mfaFlowDefinitionRegistry,
List<CasMultifactorWebflowCustomizer> mfaFlowCustomizers) {
super(flowBuilderServices, flowDefinitionRegistry, applicationContext,
casProperties, mfaFlowDefinitionRegistry, mfaFlowCustomizers);
}
@Override
protected void doInitialize() {
val loginFlow = getLoginFlow();
registerMultifactorProviderAuthenticationWebflow(loginFlow, "myMfaProvider");
}
}
// Create custom MFA action
public class MyMfaAction extends AbstractMultifactorAuthenticationAction<MyMfaProvider> {
@Override
protected Event doExecuteInternal(RequestContext context) {
// Access resolved provider via this.provider field
val principal = resolvePrincipal(
WebUtils.getAuthentication(context).getPrincipal(), context);
// Perform MFA-specific logic
return success();
}
}Architecture
The CAS MFA Webflow API is organized into several key architectural layers:
- Configuration Layer: Interfaces and base classes for webflow configuration (
CasMultifactorWebflowConfigurer,AbstractCasMultifactorWebflowConfigurer) - Event Resolution Layer: Components that determine when and which MFA providers should be triggered during authentication flows
- Action Layer: Webflow actions that execute MFA-specific logic during state transitions
- Provider Selection Layer: Specialized components for handling scenarios with multiple available MFA providers
- Utility Layer: Static utility methods for managing MFA-related data in webflow scopes
Capabilities
Webflow Configuration
Core interfaces and base classes for configuring MFA webflows and integrating MFA providers into the CAS authentication flow.
public interface CasMultifactorWebflowConfigurer {
void registerMultifactorProviderAuthenticationWebflow(Flow flow, String subflowId, String providerId);
default void registerMultifactorProviderAuthenticationWebflow(Flow flow, String providerId);
int getOrder();
List<FlowDefinitionRegistry> getMultifactorAuthenticationFlowDefinitionRegistries();
}
public abstract class AbstractCasMultifactorWebflowConfigurer extends AbstractCasWebflowConfigurer
implements CasMultifactorWebflowConfigurer {
public void registerMultifactorProviderAuthenticationWebflow(Flow flow, String subflowId, String providerId);
public List<FlowDefinitionRegistry> getMultifactorAuthenticationFlowDefinitionRegistries();
public int getOrder();
}Event Resolution
Components responsible for determining when MFA should be triggered and which providers should be used based on authentication context and policies.
public abstract class AbstractCasMultifactorAuthenticationWebflowEventResolver
extends AbstractCasWebflowEventResolver {
protected AbstractCasMultifactorAuthenticationWebflowEventResolver(
CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
}
public class RankedMultifactorAuthenticationProviderWebflowEventResolver
extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
public Set<Event> resolveInternal(RequestContext context);
public Event resolveSingle(RequestContext context);
public void addDelegate(CasWebflowEventResolver resolver);
public void addDelegate(CasWebflowEventResolver resolver, int index);
}Webflow Actions
Action classes that execute during webflow state transitions to perform MFA-specific operations like availability checks, bypassing, and failure handling.
public abstract class AbstractMultifactorAuthenticationAction<T extends MultifactorAuthenticationProvider>
extends BaseCasWebflowAction {
protected T provider;
protected Principal resolvePrincipal(Principal principal, RequestContext requestContext);
protected String getThrottledRequestKeyFor(Authentication authentication, RequestContext requestContext);
}
public class MultifactorAuthenticationAvailableAction
extends AbstractMultifactorAuthenticationAction<MultifactorAuthenticationProvider>;
public class MultifactorAuthenticationBypassAction
extends AbstractMultifactorAuthenticationAction<MultifactorAuthenticationProvider>;Provider Selection
Specialized components for handling composite MFA scenarios where multiple providers are available and selection logic is required.
@FunctionalInterface
public interface MultifactorProviderSelectionCriteria {
boolean shouldProceedWithMultifactorProviderSelection(RequestContext requestContext);
static MultifactorProviderSelectionCriteria select();
}
public class MultifactorProviderSelectedAction extends BaseCasWebflowAction {
public static final String PARAMETER_SELECTED_MFA_PROVIDER = "mfaProvider";
protected Event doExecuteInternal(RequestContext requestContext);
protected void rememberSelectedMultifactorAuthenticationProvider(RequestContext context, String providerId);
}Authentication Components
Core authentication and provider selection logic including selectors, resolvers, and transaction management components.
public abstract class BaseMultifactorAuthenticationProviderEventResolver
extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
protected RegisteredService resolveRegisteredServiceInRequestContext(RequestContext requestContext);
}
public class RankedMultifactorAuthenticationProviderSelector
implements MultifactorAuthenticationProviderSelector {
public MultifactorAuthenticationProvider resolve(
Collection<MultifactorAuthenticationProvider> providers,
RegisteredService service,
Principal principal);
}Webflow Utilities
Static utility methods for managing MFA-related data in webflow scopes, device registration, provider selection, and token management.
@UtilityClass
public class MultifactorAuthenticationWebflowUtils {
// Provider management
public static void putMultifactorAuthenticationProvider(RequestContext context, MultifactorAuthenticationProvider provider);
public static String getMultifactorAuthenticationProvider(RequestContext context);
public static void putResolvedMultifactorAuthenticationProviders(RequestContext context, Collection<MultifactorAuthenticationProvider> value);
public static Collection<String> getResolvedMultifactorAuthenticationProviders(RequestContext context);
// Device registration
public static boolean isMultifactorDeviceRegistrationEnabled(RequestContext requestContext);
public static void putMultifactorDeviceRegistrationEnabled(RequestContext requestContext, boolean enabled);
// Provider selection
public static void putSelectableMultifactorAuthenticationProviders(RequestContext requestContext, List<String> mfaProviders);
public static List<String> getSelectableMultifactorAuthenticationProviders(RequestContext requestContext);
}Types
Core Types
// From CAS core authentication API
public interface MultifactorAuthenticationProvider {
String getId();
int getOrder();
String getFriendlyName();
boolean matches(String identifier);
MultifactorAuthenticationFailureMode getFailureMode();
String getFailureModeEvaluator();
MultifactorAuthenticationBypassEvaluator getBypassEvaluator();
}
// From Spring Webflow
public interface RequestContext {
FlowScope getFlowScope();
ConversationScope getConversationScope();
ViewScope getViewScope();
}
public interface Flow {
String getId();
StateDefinition getStartState();
TransitionableState getTransitionableState(String stateId);
}