Security module: (v5.0)

The pac4j-config module:

<dependency>
    <groupId>org.pac4j</groupId>
    <artifactId>pac4j-config</artifactId>
    <version>${pac4j.version}</version>
</dependency>

gathers all the pac4j facilities to define this Config object. Currently, there is only one component which allows you to build the clients from a set of properties: the PropertiesConfigFactory.

Notice that dependencies must be explicitly declared when necessary (the pac4j-saml module if you want to use SAML, the pac4j-oauth module if you want to use OAuth...)

Example (YAML dropwizard configuration file):

pac4j:
  callbackUrl: /callback
  clientsProperties:
    facebook.id: 145278422258960
    facebook.secret: be21409ba8f39b5dae2a7de525484da8
    saml.keystorePath: resource:samlKeystore.jks
    saml.keystorePassword: pac4j-demo-passwd
    saml.privateKeyPassword: pac4j-demo-passwd
    saml.identityProviderMetadataPath: resource:metadata-okta.xml
    saml.maximumAuthenticationLifetime: 3600
    saml.serviceProviderEntityId: http://localhost:8080/callback?client_name=SAML2Client
    saml.serviceProviderMetadataPath: sp-metadata.xml
    anonymous: fakevalue
    ldap.type: direct
    ldap.url: ldap://ldap.jumpcloud.com:389
    ldap.useStartTls: false
    ldap.dnFormat: uid=%s,ou=Users,o=58e69adc0914b437324e7632,dc=jumpcloud,dc=com
    ldap.usersDn: ou=Users,o=58e69adc0914b437324e7632,dc=jumpcloud,dc=com
    ldap.principalAttributeId: uid
    ldap.principalAttributes: firstName,lastName
    ldap.enhanceWithEntryResolver: false
    formClient.loginUrl: /login.html
    formClient.authenticator: ldap

Here are the properties you can use to define the clients (, authenticators and password encoders):

Available properties	Usage
`encoder.spring.type` (`bcrypt`, `noop`, `pbkdf2`, `scrypt` or `standard`), `encoder.spring.bcrypt.length`, `encoder.spring.pbkdf2.secret`, `encoder.spring.pbkdf2.iterations`, `encoder.spring.pbkdf2.hashWidth`, `encoder.spring.scrypt.cpuCost`, `encoder.spring.scrypt.memoryCost`, `encoder.spring.scrypt.parallelization`, `encoder.spring.scrypt.keyLength`, `encoder.spring.scrypt.saltLength` and `encoder.spring.standard.secret`	To define a `SpringPasswordEncoder` based on the provided properties and named `encoder.spring` or `encoder.spring.N`
`encoder.shiro` (if no specific properties are required), `encoder.shiro.generatePublicSalt`, `encoder.shiro.hashAlgorithmName`, `encoder.shiro.hashIterations` and `encoder.shiro.privateSalt`	To define a `ShiroPasswordEncoder` based on the provided properties and named `encoder.shiro` or `encoder.shiro.N`
`ldap.type`, `ldap.dnFormat`, `ldap.principalAttributes`,`ldap.principalAttributeId`, `ldap.principalAttributePassword`, `ldap.subtreeSearch`, `ldap.usersDn`, `ldap.userFilter`, `ldap.enhanceWithEntryResolver`, `ldap.trustCertificates`, `ldap.keystore`, `ldap.keystorePassword`, `ldap.keystoreType`, `ldap.minPoolSize`, `ldap.maxPoolSize`, `ldap.poolPassivator`, `ldap.validateOnCheckout`, `ldap.validatePeriodically`, `ldap.validatePeriod`, `ldap.failFast`, `ldap.idleTime`, `ldap.prunePeriod`, `ldap.blockWaitTime`, `ldap.url`, `ldap.useStartTls`, `ldap.connectTimeout`, `ldap.providerClass`, `ldap.allowMultipleDns`, `ldap.bindDn`, `ldap.bindCredential`, `ldap.saslRealm`, `ldap.saslMechanism`, `ldap.saslAuthorizationId`, `ldap.saslSecurityStrength` and `ldap.saslQualityOfProtection`	To define a `LdapAuthenticator` based on the provided properties and named `ldap` or `ldap.N`
`db.dataSourceClassName`, `db.jdbcUrl`, `db.userAttributes`, `db.userIdAttribute`, `db.usernameAttribute`, `db.userPasswordAttribute`, `db.usersTable`, `db.username`, `db.password`, `db.autoCommit`, `db.connectionTimeout`, `db.idleTimeout`, `db.maxLifetime`, `db.connectionTestQuery`, `db.minimumIdle`, `db.maximumPoolSize`, `db.poolName`, `db.initializationFailTimeout`, `db.isolateInternalQueries`, `db.allowPoolSuspension`, `db.readOnly`, `db.registerMbeans`, `db.catalog`, `db.connectionInitSql`, `db.driverClassName`, `db.transactionIsolation`, `db.validationTimeout`, `db.leakDetectionThreshold`, `db.customParamKey`, `db.customParamValue`, `db.loginTimeout`, `db.dataSourceJndi` and `db.passwordEncoder`	To define a `DbAuthenticator` based on the provided properties and named `db` or `db.N`
`rest.url`	To define a `RestAuthenticator` based on the provided properties and named `rest` or `rest.N`
`anonymous`	To define the `AnonymousClient`, the value is ignored
`directBasicAuth.authenticator`	To define a `DirectBasicAuthClient` based on the provided properties
`saml.keystorePassword`, `saml.privateKeyPassword`, `saml.keystorePath`, `saml.identityProviderMetadataPath`, `saml.maximumAuthenticationLifetime`, `saml.serviceProviderEntityId`, `saml.serviceProviderMetadataPath`, `saml.destinationBindingType`, `saml.keystoreAlias`	To define a `SAML2Client` based on the provided properties
`cas.loginUrl`, `cas.protocol`	To define a `CasClient` based on the provided properties
`oidc.type` (`google` or `azure`), `oidc.azure.tenant` (for the AzureAD tenant), `oidc.id`, `oidc.secret`, `oidc.scope`, `oidc.discoveryUri`, `oidc.useNonce`, `oidc.preferredJwsAlgorithm`, `oidc.maxClockSkew`, `oidc.clientAuthenticationMethod`, `oidc.customParamKey1`, `oidc.customParamValue1`, `oidc.customParamKey2`,`oidc.customParamValue2`	To define an OpenID connect client based on the provided properties
`formClient.authenticator`, `formClient.loginUrl`, `formClient.usernameParameter` `formClient.passwordParameter`	To define a `FormClient` based on the provided properties
`indirectBasicAuth.authenticator`, `indirectBasicAuth.realName`	To define an `IndirectBasicAuthClient` based on the provided properties
`facebook.id`, `facebook.secret`, `facebook.scope`, `facebook.fields`	To define a `FacebookClient` based on the provided properties
`twitter.id`, `twitter.secret`	To define a `TwitterClient` based on the provided properties
`github.id`, `github.secret`	To define a `GitHubClient` based on the provided properties
`dropbox.id`, `dropbox.secret`	To define a `DropBoxClient` based on the provided properties
`windowslive.id`, `windowslive.secret`	To define a `WindowsLiveClient` based on the provided properties
`yahoo.id`, `yahoo.secret`	To define a `YahooClient` based on the provided properties
`linkedin.id`, `linkedin.secret`, `linkedin.fields`, `linkedin.scope`	To define a `LinkedIn2Client` based on the provided properties
`foursquare.id`, `foursquare.secret`	To define a `FoursquareClient` based on the provided properties
`google.id`, `google.secret`, `google.scope`	To define a `Google2Client` based on the provided properties
`oauth2.id`, `oauth2.secret`, `oauth2.authUrl`, `oauth2.tokenUrl`, `oauth2.profileUrl`, `oauth2.profilePath`, `oauth2.profileId`, `oauth2.scope`, `oauth2.withState`, `oauth2.clientAuthenticationMethod`	To define a `GenericOAuth20Client` based on the provided properties

Notice that:

you can define multiple clients of the same type by adding a number at the end of the properties: cas.loginUrl.2, oidc.type.5…
the .passwordEncoder property must be set to the name of an already defined PasswordEncoder like encoder.spring or encoder.shiro.3
the .authenticator property must be set to the name of an already defined Authenticator like ldap or db.1 or the implicit values: testUsernamePassword or testToken (for test authenticators).