Commit 390c3cf9 authored by Misagh Moayyed's avatar Misagh Moayyed
Browse files

Merge branch '4.1'

Conflicts:
	README.md
	etc/cas.properties
	pom.xml
	src/main/webapp/WEB-INF/deployerConfigContext.xml
parents e7850319 43a9788b
......@@ -5,7 +5,7 @@ Generic CAS maven war overlay to exercise the latest versions of CAS 4.x line. T
# Versions
```xml
<cas.version>4.0.4</cas.version>
<cas.version>4.1.0-RC2</cas.version>
```
# Recommended Requirements
......
......@@ -19,13 +19,22 @@
server.name=http://localhost:8080
server.prefix=${server.name}/cas
# IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information
cas.securityContext.status.allowedSubnet=127.0.0.1
# Spring Security's EL-based access rules for the /status URI of CAS that exposes health check information
cas.securityContext.status.access=hasIpAddress('127.0.0.1')
# Spring Security's EL-based access rules for the /statistics URI of CAS that exposes stats about the CAS server
cas.securityContext.statistics.access=hasIpAddress('127.0.0.1')
cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views
# Path prefix for where views are to be found
# cas.viewResolver.defaultViewsPathPrefix=/WEB-INF/view/jsp/default/ui/
# Location of the Spring xml config file where views may be collected
# cas.viewResolver.xmlFile=/META-INF/spring/views.xml
##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific
......@@ -40,6 +49,20 @@ host.name=cas01.example.org
# database.hibernate.dialect=org.hibernate.dialect.OracleDialect
# database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
# database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
# database.hibernate.batchSize=10
##
# CAS SSO Cookie Generation & Security
# See https://github.com/mitreid-connect/json-web-key-generator
#
# Do note that the following settings MUST be generated per deployment.
#
# Defaults at spring-configuration/ticketGrantingTicketCookieGenerator.xml
# The encryption secret key. By default, must be a octet string of size 256.
tgc.encryption.key=1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM
# The signing secret key. By default, must be a octet string of size 512.
tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w##
##
# CAS Logout Behavior
......@@ -48,6 +71,35 @@ host.name=cas01.example.org
# Specify whether CAS should redirect to the specified service parameter on /logout requests
# cas.logout.followServiceRedirects=false
##
# CAS Cached Attributes Timeouts
# Controls the cached attribute expiration policy
#
# Notes the duration in which attributes will be kept alive
# cas.attrs.timeToExpireInHours=2
##
# Single Sign-On Session
#
# Indicates whether an SSO session should be created for renewed authentication requests.
# create.sso.renewed.authn=true
#
# Indicates whether an SSO session can be created if no service is present.
# create.sso.missing.service=true
##
# Spring Webflow Web Application Session
# Define the settings that are required to encrypt and persist the CAS web application session.
# See the cas-servlet.xml file to understand how these properties are used.
#
# cas.webflow.cipher.alg=AES
# cas.webflow.cipher.mode=CBC
# cas.webflow.cipher.padding=PKCS7
# cas.webflow.keystore=classpath:/etc/keystore.jceks
# cas.webflow.keystore.type=JCEKS
# cas.webflow.keystore.password=changeit
# cas.webflow.keyalias=aes128
# cas.webflow.keypassword=changeit
##
# Single Sign-On Session Timeouts
# Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
......@@ -67,12 +119,49 @@ host.name=cas01.example.org
# increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools
# st.timeToKillInSeconds=10
##
# Http Client Timeouts
#
# The http client read timeout in milliseconds
# http.client.read.timeout=5000
# The http client connection timeout in milliseconds
# http.client.connection.timeout=5000
#
# The http client truststore file, in addition to the default's
# http.client.truststore.file=classpath:truststore.jks
#
# The http client truststore's password
# http.client.truststore.psw=changeit
##
# Single Logout Out Callbacks
# Default sourced from WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
#
# To turn off all back channel SLO requests set slo.disabled to true
# To turn off all back channel SLO requests set this to true
# slo.callbacks.disabled=false
#
# To send callbacks to endpoints synchronously, set this to false
# slo.callbacks.asynchronous=true
##
# CAS Protocol Security Filter
#
# Are multi-valued parameters accepted?
# cas.http.allow.multivalue.params=false
# Define the list of request parameters to examine for sanity
# cas.http.check.params=ticket,service,renew,gateway,warn,target,SAMLart,pgtUrl,pgt,pgtId,pgtIou,targetService
# Define the list of request parameters only allowed via POST
# cas.http.allow.post.params=username,password
##
# JSON Service Registry
#
# Directory location where JSON service files may be found.
# service.registry.config.location=classpath:services
##
# Service Registry Periodic Reloading Scheduler
......@@ -80,7 +169,7 @@ host.name=cas01.example.org
#
# Force a startup delay of 2 minutes.
# service.registry.quartz.reloader.startDelay=120000
#
#
# Reload services every 2 minutes
# service.registry.quartz.reloader.repeatInterval=120000
......@@ -88,20 +177,45 @@ host.name=cas01.example.org
# Log4j
# Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml:
#
# It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades.
# e.g. log4j.config.location=/etc/cas/log4j.xml
log4j.config.location=/etc/cas/log4j.xml
# log4j refresh interval in millis
# It is ofttimes helpful to externalize log4j2.xml to a system path to preserve settings between upgrades.
# e.g. log4j.config.location=file:///etc/cas/log4j2.xml
log4j.config.location=file:///etc/cas/log4j2.xml
#
log4j refresh interval in millis
log4j.refresh.interval=60000
##
# Metrics
# Default sourced from WEB-INF/spring-configuration/metricsConfiguration.xml:
#
# Define how often should metric data be reported. Default is 30 seconds.
# metrics.refresh.internal=30s
##
# Encoding
#
# Set the encoding to use for requests. Default is UTF-8
# httprequest.web.encoding=UTF-8
# Default is true. Switch this to "false" to not enforce the specified encoding in any case,
# applying it as default response encoding as well.
# httprequest.web.encoding.force=true
##
# Reports
#
# Setting to whether include the ticket granting ticket id in the report
# sso.sessions.include.tgt=false
##
# Password Policy
#
# Warn all users of expiration date regardless of warningDays value.
password.policy.warnAll=false
# password.policy.warnAll=false
# Threshold number of days to begin displaying password expiration warnings.
password.policy.warningDays=30
# password.policy.warningDays=30
# URL to which the user will be redirected to change the password.
# password.policy.url=https://password.example.edu/change
# URL to which the user will be redirected to change the passsword.
password.policy.url=https://password.example.edu/change
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration debug="false" xmlns:log4j="http://jakarta.apache.org/log4j/">
<!--
This default ConsoleAppender is used to log all NON perf4j messages
to System.out
-->
<appender name="console" class="org.apache.log4j.ConsoleAppender">
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %p [%c] - &lt;%m&gt;%n"/>
</layout>
</appender>
<appender name="cas" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="/var/log/cas/cas.log" />
<param name="MaxFileSize" value="512KB" />
<param name="MaxBackupIndex" value="3" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %p [%c] - %m%n"/>
</layout>
</appender>
<!--
WARNING: Setting the org.springframework logger to DEBUG displays debug information about
the request parameter values being bound to the command objects. This could expose your
password in the log file. If you are sharing your log files, it is recommend you selectively
apply DEBUG level logging on a an org.springframework.* package level (i.e. org.springframework.dao)
-->
<logger name="org.springframework">
<level value="WARN" />
</logger>
<logger name="org.springframework.webflow">
<level value="WARN" />
</logger>
<logger name="org.jasig" additivity="true">
<level value="DEBUG" />
<appender-ref ref="cas" />
</logger>
<logger name="net.unicon.cas" additivity="true">
<level value="DEBUG" />
<appender-ref ref="cas" />
</logger>
<logger name="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager">
<level value="INFO" />
<appender-ref ref="cas" />
</logger>
<!--
WARNING: Setting the flow package to DEBUG will display
the parameters posted to the login servlet including
cleartext authentication credentials
-->
<logger name="org.jasig.cas.web.flow" additivity="true">
<level value="INFO" />
<appender-ref ref="cas" />
</logger>
<logger name="org.opensaml">
<level value="OFF" />
</logger>
<logger name="org.apache.xml">
<level value="OFF" />
</logger>
<!--
The root logger sends all log statements EXCEPT those sent to the perf4j
logger to System.out.
-->
<root>
<level value="DEBUG" />
<appender-ref ref="console" />
</root>
</log4j:configuration>
<?xml version="1.0" encoding="UTF-8" ?>
<!--
Licensed to Apereo under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Apereo licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!-- Specify the refresh internal in seconds. -->
<Configuration monitorInterval="60">
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
</Console>
<RollingFile name="file" fileName="cas.log" append="true"
filePattern="cas-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="perfFileAppender" fileName="perfStats.log" append="true"
filePattern="perfStats-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
</Appenders>
<Loggers>
<Logger name="org.jasig" level="info" additivity="false">
<AppenderRef ref="console"/>
<AppenderRef ref="file"/>
</Logger>
<Logger name="org.springframework" level="warn" />
<Logger name="org.springframework.webflow" level="warn" />
<Logger name="org.springframework.web" level="warn" />
<Logger name="org.springframework.security" level="warn" />
<Logger name="perfStatsLogger" level="info" additivity="false">
<AppenderRef ref="perfFileAppender"/>
</Logger>
<Logger name="org.jasig.cas.web.flow" level="info" additivity="true">
<AppenderRef ref="file"/>
</Logger>
<Logger name="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" level="info">
<AppenderRef ref="file"/>
</Logger>
<Root level="error">
<AppenderRef ref="console"/>
</Root>
</Loggers>
</Configuration>
......@@ -22,7 +22,7 @@
<artifactId>cas-server-webapp</artifactId>
<excludes>
<exclude>WEB-INF/cas.properties</exclude>
<exclude>WEB-INF/classes/log4j.xml</exclude>
<exclude>WEB-INF/classes/log4j2.xml</exclude>
</excludes>
</overlay>
</overlays>
......@@ -31,7 +31,11 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.2</version>
<version>3.3</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
......@@ -46,11 +50,10 @@
<type>war</type>
<scope>runtime</scope>
</dependency>
</dependencies>
<properties>
<cas.version>4.0.4</cas.version>
<cas.version>4.1.0-RC2</cas.version>
<maven.compiler.source>1.7</maven.compiler.source>
<maven.compiler.target>1.7</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
......
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to Jasig under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Jasig licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<description>
This file lets CAS know where you've stored the cas.properties file which details some of the configuration options
that are specific to your environment. You can specify the location of the file here. You may wish to place the file outside
of the Servlet context if you have options that are specific to a tier (i.e. test vs. production) so that the WAR file
can be moved between tiers without modification.
</description>
<util:properties id="casProperties" location="file:/etc/cas/cas.properties" />
<context:property-placeholder location="file:/etc/cas/cas.properties"/>
<context:property-placeholder properties-ref="casProperties" />
</beans>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment