Apereo CAS - SMS Notifications via Twilio

Posted by Misagh Moayyed on September 20, 2019 · 4 mins read ·
Content Unavailable
Your browser is blocking content on this website. Please check your browser settings and try again.
This blog post was originally posted on Apereo GitHub Blog.


CAS has the ability to send notifications via SMS for a variety of functions such as one-time passwords for multifactor authentication, service expiration notifications, and more. In this tutorial, we are going to take a look at configuring CAS for SMS notifications via Twilio where we’ll be using notifications to notify relevant contacts when services in the service registry are considered expired.

Our starting position is based on:


Registered Service Policy

Once we have CAS up and running, let’s start with the following sample service file as Sample-100.json in our JSON service registry:

  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^https://app.example.org",
  "name" : "Sample",
  "id" : 100,   
  "contacts": [
    "java.util.ArrayList", [{
        "@class": "org.apereo.cas.services.DefaultRegisteredServiceContact",
        "name": "Misagh Moayyed",
        "phone": "+11234567890"
  "expirationPolicy": {
    "@class": "org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy",
    "notifyWhenExpired": true,   
    "deleteWhenExpired": true,
    "expirationDate": "2019-09-22"

We have set up contacts for our service. These are the folks primarily in charge of this application who shall be notified once the service is considered expired. More importantly, we have set up an expiration policy for the service where it will be considered expired and removed from the registry on the specified expiration date, 2019-09-22.

SMS Configuration via Twilio

Once our overlay is prepped with the configuration module for Twilio, we’ll need to teach CAS about our Twilio subscription using the following settings:

# cas.smsProvider.twilio.accountId=...
# cas.smsProvider.twilio.token=...

So, at this point we have CAS set up with Twilio and all that is left to configure the system for notifications when services are deemed expired:

cas.serviceRegistry.sms.text=The service %s is expired and removed from CAS.

Thou Shall Test

Once CAS is restarted, services in the registry will be reloaded and process to evaluate expiration dates. If an expired service is found, you might see something similar in the logs:

<Registered service ... has expired on [2019-08-22]>
<Contacts for registered service ... will be notified of service expiry>  
<Deleting expired registered service ... from registry.>

At this point, you should have received an SMS from CAS with the message The service Sample is expired and removed from CAS.


I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please know that all other use cases, scenarios, features, and theories certainly are possible as well. Feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed