|
|
|
|
@ -34,8 +34,8 @@ host.name=cas01.example.org
|
|
|
|
|
# JPA Ticket Registry Database Configuration
|
|
|
|
|
#
|
|
|
|
|
# ticketreg.database.ddl.auto=create-drop
|
|
|
|
|
# ticketreg.database.hibernate.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
|
|
|
|
|
# ticketreg.database.hibernate.batchSize=10
|
|
|
|
|
# ticketreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
|
|
|
|
|
# ticketreg.database.batchSize=10
|
|
|
|
|
# ticketreg.database.driverClass=org.hsqldb.jdbcDriver
|
|
|
|
|
# ticketreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
|
|
|
|
|
# ticketreg.database.user=sa
|
|
|
|
|
@ -55,7 +55,7 @@ host.name=cas01.example.org
|
|
|
|
|
# JPA Service Registry Database Configuration
|
|
|
|
|
#
|
|
|
|
|
# svcreg.database.ddl.auto=create-drop
|
|
|
|
|
# svcreg.database.hibernate.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
|
|
|
|
|
# svcreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
|
|
|
|
|
# svcreg.database.hibernate.batchSize=10
|
|
|
|
|
# svcreg.database.driverClass=org.hsqldb.jdbcDriver
|
|
|
|
|
# svcreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
|
|
|
|
|
@ -79,10 +79,10 @@ host.name=cas01.example.org
|
|
|
|
|
# Do note that the following settings MUST be generated per deployment.
|
|
|
|
|
#
|
|
|
|
|
# The encryption secret key. By default, must be a octet string of size 256.
|
|
|
|
|
tgc.encryption.key=1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM
|
|
|
|
|
# tgc.encryption.key=
|
|
|
|
|
|
|
|
|
|
# The signing secret key. By default, must be a octet string of size 512.
|
|
|
|
|
tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w
|
|
|
|
|
# tgc.signing.key=
|
|
|
|
|
|
|
|
|
|
# Decides whether SSO cookie should be created only under secure connections.
|
|
|
|
|
# tgc.secure=true
|
|
|
|
|
@ -96,6 +96,9 @@ tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dW
|
|
|
|
|
# The path to which the SSO cookie will be scoped
|
|
|
|
|
# tgc.path=/cas
|
|
|
|
|
|
|
|
|
|
# The expiration value of the SSO cookie for long-term authentications
|
|
|
|
|
# tgc.remember.me.maxAge=1209600
|
|
|
|
|
|
|
|
|
|
# Decides whether SSO Warning cookie should be created only under secure connections.
|
|
|
|
|
# warn.cookie.secure=true
|
|
|
|
|
|
|
|
|
|
@ -144,7 +147,7 @@ tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dW
|
|
|
|
|
# create.sso.missing.service=true
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# CAS Authentication POlicy
|
|
|
|
|
# CAS Authentication Policy
|
|
|
|
|
#
|
|
|
|
|
# cas.authn.policy.any.tryall=false
|
|
|
|
|
# cas.authn.policy.req.tryall=false
|
|
|
|
|
@ -199,14 +202,11 @@ tgc.signing.key=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dW
|
|
|
|
|
# Define the settings that are required to encrypt and persist the CAS web application session.
|
|
|
|
|
# See the cas-servlet.xml file to understand how these properties are used.
|
|
|
|
|
#
|
|
|
|
|
# cas.webflow.cipher.alg=AES
|
|
|
|
|
# cas.webflow.cipher.mode=CBC
|
|
|
|
|
# cas.webflow.cipher.padding=PKCS7
|
|
|
|
|
# cas.webflow.keystore=classpath:/etc/keystore.jceks
|
|
|
|
|
# cas.webflow.keystore.type=JCEKS
|
|
|
|
|
# cas.webflow.keystore.password=changeit
|
|
|
|
|
# cas.webflow.keyalias=aes128
|
|
|
|
|
# cas.webflow.keypassword=changeit
|
|
|
|
|
# The encryption secret key. By default, must be a octet string of size 256.
|
|
|
|
|
# webflow.encryption.key=
|
|
|
|
|
|
|
|
|
|
# The signing secret key. By default, must be a octet string of size 512.
|
|
|
|
|
# webflow.signing.key=
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Remote User Authentication
|
|
|
|
|
@ -302,14 +302,21 @@ accept.authn.users=casuser::Mellon
|
|
|
|
|
# cas.authn.jaas.kerb.kdc=
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Single Sign-On Session Timeouts
|
|
|
|
|
# Single Sign-On Session TGT Timeouts
|
|
|
|
|
#
|
|
|
|
|
# Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage
|
|
|
|
|
# Inactivity Timeout Policy
|
|
|
|
|
# tgt.timeout.maxTimeToLiveInSeconds=28800
|
|
|
|
|
|
|
|
|
|
# Hard Timeout Policy
|
|
|
|
|
# tgt.timeout.hard.maxTimeToLiveInSeconds
|
|
|
|
|
#
|
|
|
|
|
# Throttled Timeout Policy
|
|
|
|
|
# tgt.throttled.maxTimeToLiveInSeconds=28800
|
|
|
|
|
# tgt.throttled.timeInBetweenUsesInSeconds=5
|
|
|
|
|
|
|
|
|
|
# Default Expiration Policy
|
|
|
|
|
# tgt.maxTimeToLiveInSeconds=28800
|
|
|
|
|
#
|
|
|
|
|
# Idle session timeout
|
|
|
|
|
# tgt.timeToKillInSeconds=7200
|
|
|
|
|
# tgt.timeInBetweenUsesInSeconds=5
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Service Ticket Timeout
|
|
|
|
|
@ -370,10 +377,13 @@ accept.authn.users=casuser::Mellon
|
|
|
|
|
# service.registry.quartz.reloader.repeatInterval=120000
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Log4j
|
|
|
|
|
# It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades.
|
|
|
|
|
log4j.config.location=file:///etc/cas/log4j2.xml
|
|
|
|
|
# log4j.config.location=classpath:log4j2.xml
|
|
|
|
|
# Background Scheduler
|
|
|
|
|
#
|
|
|
|
|
# Wait for scheduler to finish running before shutting down CAS.
|
|
|
|
|
# scheduler.shutdown.wait=true
|
|
|
|
|
#
|
|
|
|
|
# Attempt to interrupt background jobs when shutting down CAS
|
|
|
|
|
# scheduler.shutdown.interruptJobs=true
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Audits
|
|
|
|
|
@ -447,7 +457,7 @@ log4j.config.location=file:///etc/cas/log4j2.xml
|
|
|
|
|
# cas.saml.ticketid.saml2=false
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Drfault Ticket Registry
|
|
|
|
|
# Default Ticket Registry
|
|
|
|
|
#
|
|
|
|
|
# default.ticket.registry.initialcapacity=1000
|
|
|
|
|
# default.ticket.registry.loadfactor=1
|
|
|
|
|
@ -456,8 +466,9 @@ log4j.config.location=file:///etc/cas/log4j2.xml
|
|
|
|
|
##
|
|
|
|
|
# Ticket Registry Cleaner
|
|
|
|
|
#
|
|
|
|
|
# ticket.registry.cleaner.startdelay=20000
|
|
|
|
|
# ticket.registry.cleaner.repeatinterval=5000000
|
|
|
|
|
# Indicates how frequently the Ticket Registry cleaner should run. Configured in seconds.
|
|
|
|
|
# ticket.registry.cleaner.startdelay=20
|
|
|
|
|
# ticket.registry.cleaner.repeatinterval=5000
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# Ticket ID Generation
|
|
|
|
|
@ -496,6 +507,10 @@ log4j.config.location=file:///etc/cas/log4j2.xml
|
|
|
|
|
#
|
|
|
|
|
# Slack dealing with time-drift between the ADFS Server and the CAS Server.
|
|
|
|
|
# cas.wsfed.idp.tolerance=10000
|
|
|
|
|
#
|
|
|
|
|
# Decides which bundle of attributes should be resolved during WS-FED authentication.
|
|
|
|
|
# cas.wsfed.idp.attribute.resolver.enabled=true
|
|
|
|
|
# cas.wsfed.idp.attribute.resolver.type=WSFED
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
# LDAP User Details
|
|
|
|
|
@ -543,11 +558,15 @@ log4j.config.location=file:///etc/cas/log4j2.xml
|
|
|
|
|
##
|
|
|
|
|
# Hazelcast Ticket Registry
|
|
|
|
|
#
|
|
|
|
|
# hz.config.location=file:/etc/cas/hazelcast.xml
|
|
|
|
|
# hz.mapname=tickets
|
|
|
|
|
# hz.cluster.logging.type=slf4j
|
|
|
|
|
# hz.cluster.portAutoIncrement=true
|
|
|
|
|
# hz.cluster.port=5701
|
|
|
|
|
# hz.cluster.multicast.enabled=false
|
|
|
|
|
# hz.cluster.members=cas1.example.com,cas2.example.com
|
|
|
|
|
# hz.cluster.tcpip.enabled=true
|
|
|
|
|
# hz.cluster.multicast.enabled=false
|
|
|
|
|
# hz.cluster.max.heapsize.percentage=85
|
|
|
|
|
# hz.cluster.max.heartbeat.seconds=5
|
|
|
|
|
# hz.cluster.eviction.percentage=10
|
|
|
|
|
|
Misagh Moayyed
Parth Kolekar
Ines WALLON