Published docs from master to [gh-pages]. Build 17108 - Updated: code…

… cleanup and styling; fixes test cases
apereo · Feb 12, 2020 · 9bcb38a · 9bcb38a
1 parent 1e4198b
commit 9bcb38a
Show file tree

Hide file tree

Showing 5 changed files with 106 additions and 25 deletions.
diff --git a/development/configuration/Configuration-Properties-Common.md b/development/configuration/Configuration-Properties-Common.md
@@ -186,6 +186,15 @@ def byte[] run(final Object... args) {
     logger.debug("Encoding password...")
     return ...
 }
+
+def Boolean matches(final Object... args) {
+    def rawPassword = args[0]
+    def encodedPassword = args[1]
+    def logger = args[2]
+    def casApplicationContext = args[3]
+
+   logger.debug("Does match or not ?");
+   return ...
 ```
 
 ## Authentication Principal Transformation
@@ -512,13 +521,13 @@ More advanced Hazelcast configuration settings are listed below, given the compo
 # ${configurationKey}.cluster.tcpipEnabled=true
 
 # ${configurationKey}.cluster.partitionMemberGroupType=HOST_AWARE|CUSTOM|PER_MEMBER|ZONE_AWARE|SPI
-# ${configurationKey}.cluster.mapMergePolicy=com.hazelcast.map.merge.PutIfAbsentMapMergePolicy
+# ${configurationKey}.cluster.mapMergePolicy=PUT_IF_ABSENT|HIGHER_HITS|DISCARD|PASS_THROUGH|EXPIRATION_TIME|LATEST_UPDATE|LATEST_ACCESS
 
 # ${configurationKey}.cluster.evictionPolicy=LRU
 # ${configurationKey}.cluster.maxNoHeartbeatSeconds=300
 # ${configurationKey}.cluster.loggingType=slf4j
 # ${configurationKey}.cluster.portAutoIncrement=true
-# ${configurationKey}.cluster.maxHeapSizePercentage=85
+# ${configurationKey}.cluster.maxSize=85
 # ${configurationKey}.cluster.backupCount=1
 # ${configurationKey}.cluster.asyncBackupCount=0
 # ${configurationKey}.cluster.maxSizePolicy=USED_HEAP_PERCENTAGE
@@ -530,32 +539,27 @@ More advanced Hazelcast configuration settings are listed below, given the compo
 # ${configurationKey}.cluster.outboundPorts[0]=45000
 ```
 
-### Management Center
-
-```properties
-# ${configurationKey}.managementCenter.url=
-# ${configurationKey}.managementCenter.enabled=false
-# ${configurationKey}.managementCenter.updateInterval=5
-```
-
 ### Static WAN Replication
 
 ```properties
 # ${configurationKey}.cluster.wanReplication.enabled=false
 # ${configurationKey}.cluster.wanReplication.replicationName=CAS
 
-# ${configurationKey}.cluster.wanReplication[0].groupName=
-# ${configurationKey}.cluster.wanReplication[0].groupPassword=
-# ${configurationKey}.cluster.wanReplication[0].endpoints=1.2.3.4,4.5.6.7
-# ${configurationKey}.cluster.wanReplication[0].publisherClassName=com.hazelcast.enterprise.wan.replication.WanBatchReplication
-# ${configurationKey}.cluster.wanReplication[0].queueFullBehavior=THROW_EXCEPTION
-# ${configurationKey}.cluster.wanReplication[0].acknowledgeType=ACK_ON_OPERATION_COMPLETE
-# ${configurationKey}.cluster.wanReplication[0].queueCapacity=10000
-# ${configurationKey}.cluster.wanReplication[0].batchSize=500
-# ${configurationKey}.cluster.wanReplication[0].snapshotEnabled=false
-# ${configurationKey}.cluster.wanReplication[0].batchMaximumDelayMilliseconds=1000
-# ${configurationKey}.cluster.wanReplication[0].responseTimeoutMilliseconds=60000
-# ${configurationKey}.cluster.wanReplication[0].executorThreadCount=2
+# ${configurationKey}.cluster.wanReplication.targets[0].endpoints=1.2.3.4,4.5.6.7
+# ${configurationKey}.cluster.wanReplication.targets[0].publisherClassName=com.hazelcast.enterprise.wan.replication.WanBatchReplication
+# ${configurationKey}.cluster.wanReplication.targets[0].queueFullBehavior=THROW_EXCEPTION
+# ${configurationKey}.cluster.wanReplication.targets[0].acknowledgeType=ACK_ON_OPERATION_COMPLETE
+# ${configurationKey}.cluster.wanReplication.targets[0].queueCapacity=10000
+# ${configurationKey}.cluster.wanReplication.targets[0].batchSize=500
+# ${configurationKey}.cluster.wanReplication.targets[0].snapshotEnabled=false
+# ${configurationKey}.cluster.wanReplication.targets[0].batchMaximumDelayMilliseconds=1000
+# ${configurationKey}.cluster.wanReplication.targets[0].responseTimeoutMilliseconds=60000
+# ${configurationKey}.cluster.wanReplication.targets[0].executorThreadCount=2
+
+# ${configurationKey}.cluster.wanReplication.targets[0].consistencyCheckStrategy=NONE|MERKLE_TREES
+# ${configurationKey}.cluster.wanReplication.targets[0].clusterName=
+# ${configurationKey}.cluster.wanReplication.targets[0].publisherId=
+# ${configurationKey}.cluster.wanReplication.targets[0].properties=
 ```
 
 ### Multicast Discovery
@@ -1092,7 +1096,15 @@ The following options are shared and apply when CAS is configured to send SMS no
 
 You will also need to ensure a provider is defined that is able to send SMS messages. To learn more about this 
 topic, [please review this guide](../notifications/SMS-Messaging-Configuration.html).
-
+
+## Webflow Auto Configuration
+
+Control aspects of webflow that relate to auto-configuration of webflow states, transitions and execution order.
+
+```properties
+# ${configurationKey}.order=
+``` 
+
 ## Delegated Authentication Settings
 
 The following options are shared and apply when CAS is configured to delegate authentication 

diff --git a/development/configuration/Configuration-Properties.md b/development/configuration/Configuration-Properties.md
@@ -281,6 +281,18 @@ are available [here](Configuration-Properties-Common.html#database-settings) und
 # cas.spring.cloud.jdbc.sql=SELECT id, name, value FROM CAS_SETTINGS_TABLE
 ```
 
+### REST
+
+Allow the CAS Spring Cloud configuration server to load settings from a REST API.
+
+```properties
+# cas.spring.cloud.rest.url=
+# cas.spring.cloud.rest.basicAuthUsername=
+# cas.spring.cloud.rest.basicAuthPassword=
+# cas.spring.cloud.rest.method=
+# cas.spring.cloud.rest.headers=Header1:Value1;Header2:Value2
+```
+
 ## Configuration Security
 
 To learn more about how sensitive CAS settings can be
@@ -2159,6 +2171,11 @@ Principal resolution and Person Directory settings for this feature are availabl
 # cas.authn.spnego.ntlm=false
 ```
 
+### Webflow configuration
+
+Webflow auto-configuration settings for this feature are available [here](Configuration-Properties-Common.html#webflow-auto-configuration) under 
+the configuration key `cas.authn.spnego.webflow`.
+
 ### System Settings
 
 ```properties
@@ -2268,6 +2285,11 @@ To learn more about this topic, [please review this guide](../installation/JWT-A
 # cas.authn.token.name=
 ```
 
+### Webflow configuration
+
+Webflow auto-configuration settings for this feature are available [here](Configuration-Properties-Common.html#webflow-auto-configuration) under 
+the configuration key `cas.authn.token.webflow`.
+
 ### JWT Tickets
 
 Allow CAS tickets through various protocol channels to be created as JWTs. See [this guide](../installation/Configure-ServiceTicket-JWT.html) 
@@ -2421,6 +2443,11 @@ Password encoding settings for this feature are available [here](Configuration-P
 
 To learn more about this topic, [please review this guide](../installation/X509-Authentication.html).
 
+### Webflow configuration
+
+Webflow auto-configuration settings for this feature are available [here](Configuration-Properties-Common.html#webflow-auto-configuration) under 
+the configuration key `cas.authn.x509.webflow`.
+
 ### Principal Resolution
 
 X.509 principal resolution can act on the following principal types:
@@ -5178,6 +5205,11 @@ To learn more about this topic, [please review this guide](../integration/Attrib
 
 Signing & encryption settings for this feature are available [here](Configuration-Properties-Common.html#signing--encryption) under the configuration key `cas.consent`. The signing and encryption keys [are both JWKs](Configuration-Properties-Common.html#signing--encryption) of size `512` and `256`.
 
+### Webflow configuration
+
+Webflow auto-configuration settings for this feature are available [here](Configuration-Properties-Common.html#webflow-auto-configuration) under 
+the configuration key `cas.consent.webflow`.
+
 ### JSON Attribute Consent
 
 ```properties
@@ -5276,6 +5308,11 @@ available [here](Configuration-Properties-Common.html#sms-notifications) under t
 The signing and encryption keys [are both JWKs](Configuration-Properties-Common.html#signing--encryption) of size `512` and `256`.
 The encryption algorithm is set to `AES_128_CBC_HMAC_SHA_256`. Signing & encryption settings for this feature are available [here](Configuration-Properties-Common.html#signing--encryption) under the configuration key `cas.authn.pm.reset`.
 
+### Webflow configuration
+
+Webflow auto-configuration settings for this feature are available [here](Configuration-Properties-Common.html#webflow-auto-configuration) under 
+the configuration key `cas.authn.pm.webflow`.
+
 ### Password History
 
 To learn more about this topic, [please review this guide](../installation/Password-Policy-Enforcement.html).

diff --git a/development/configuration/Configuration-Server-Management.md b/development/configuration/Configuration-Server-Management.md
@@ -401,6 +401,24 @@ Support is provided via the following dependency in the WAR overlay:
 By default, settings are expected to be found under a `CAS_SETTINGS_TABLE` that contains the fields: `id`, `name` and `value`.
 To see the relevant list of CAS properties for this feature, please [review this guide](Configuration-Properties.html#jdbc).
 
+##### REST
+
+CAS is also able to locate properties and settings using a REST API.
+
+Support is provided via the following dependency in the WAR overlay:
+
+```xml
+<dependency>
+     <groupId>org.apereo.cas</groupId>
+     <artifactId>cas-server-support-configuration-cloud-rest</artifactId>
+     <version>${cas.version}</version>
+</dependency>
+```
+
+The REST endpoint is expected to produce a `Map` in the payload with keys as the setting names
+and values as the setting value. To see the relevant list of CAS properties for this 
+feature, please [review this guide](Configuration-Properties.html#rest).
+
 #### CAS Server Cloud Configuration
 
 The cloud configuration modules provided above on this page by the CAS project directly may also be used verbatim inside 

diff --git a/development/installation/Passwordless-Authentication.md b/development/installation/Passwordless-Authentication.md
@@ -84,7 +84,8 @@ def run(Object[] args) {
     account.setName("TestUser")
     account.setPhone("123-456-7890") 
     account.setAttributes(Map.of("...", List.of("...", "...")) 
-    account.setMultifactorAuthenticationEligible(false)
+    account.setMultifactorAuthenticationEligible(false)  
+    account.setRequestPassword(false)
     return account
 }
 ```
@@ -102,7 +103,8 @@ would produce a response body similar to the following:
   "phone" : "123-456-7890",
   "name" : "CASUser",        
   "multifactorAuthenticationEligible": false,  
-  "delegatedAuthenticationEligible": false,
+  "delegatedAuthenticationEligible": false,  
+  "requestPassword": false,
   "attributes":{ "lastName" : ["...", "..."] }
 }
 ```
@@ -180,6 +182,13 @@ Users may be notified of tokens via text messages, mail, etc.
 To learn more about available options, please [see this guide](../notifications/SMS-Messaging-Configuration.html)
 or [this guide](../notifications/Sending-Email-Configuration.html).
 
+## Disabling Passwordless Authentication Flow
+
+Passwordless authentication can be disabled conditionally on a per-user basis. If the passwordless account retrieved from the account store
+carries a user whose `requestPassword` is set to `true`, the passwordless flow (i.e. as described above with token generation, etc) will
+be disabled and skipped in favor of the more usual CAS authentication flow, challenging the user for a password. Support for this behavior may depend
+on each individual account store implementation.
+
 ## Multifactor Authentication Integration
 
 Passwordless authentication can be integrated with [CAS multifactor authentication providers](../mfa/Configuring-Multifactor-Authentication.html). In this scenario,

diff --git a/development/protocol/OpenID-Protocol.md b/development/protocol/OpenID-Protocol.md
@@ -9,6 +9,11 @@ category: Protocols
 OpenID is an open, decentralized, free framework for user-centric digital identity. Users represent
 themselves using URIs. For more information see the [http://www.openid.net](http://www.openid.net).
 
+<div class="alert alert-warning"><strong>Usage</strong>
+<p><strong>This feature is deprecated and is scheduled to be removed in the future.</strong> If you can, consider using
+a more mainstream and recent authentication protocol.</p>
+</div>
+
 CAS supports both the "dumb" and "smart" modes of the OpenID protocol. Dumb mode acts in a similar fashion
 to the existing CAS protocol. The smart mode differs in that it establishes an association between the client and
 the openId provider (OP) at the beginning. Thanks to that association and the key exchange done during association,