Apache Syncope Authentication
CAS support handling the authentication event via Apache Syncope. This is done by using the rest/users/self REST API that is exposed by a running Syncope instance. As part of a successful authentication attempt, the properties of the provided user object are transformed into CAS attributes that can then be released to applications, etc.
Components
Support is enabled by including the following dependency in the WAR overlay:
1
2
3
4
5
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-syncope-authentication</artifactId>
<version>${cas.version}</version>
</dependency>
To see the relevant list of CAS properties, please review this guide.
Attributes
As part of a successful authentication attempt, the following attributes provided by Apache Syncope are collected by CAS:
| Attribute Name |
|---|
syncopeUserRoles |
syncopeUserSecurityQuestion |
syncopeUserStatus |
syncopeUserRealm |
syncopeUserCreator |
syncopeUserCreationDate |
syncopeUserChangePwdDate |
syncopeUserLastLoginDate |
syncopeUserDynRoles |
syncopeUserDynRealms |
syncopeUserMemberships |
syncopeUserDynMemberships |
syncopeUserDynRelationships |
syncopeUserAttrs |
Note that attributes are only collected if they contain a value.