Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #
- # Licensed to Apereo under one or more contributor license
- # agreements. See the NOTICE file distributed with this work
- # for additional information regarding copyright ownership.
- # Apereo licenses this file to you under the Apache License,
- # Version 2.0 (the "License"); you may not use this file
- # except in compliance with the License. You may obtain a
- # copy of the License at the following location:
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing,
- # software distributed under the License is distributed on an
- # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- # KIND, either express or implied. See the License for the
- # specific language governing permissions and limitations
- # under the License.
- #
- server.name=http://localhost:8080
- server.prefix=${server.name}/cas
- # security configuration based on IP address to access the /status and /statistics pages
- # cas.securityContext.adminpages.ip=127\.0\.0\.1
- ##
- # Unique CAS node name
- # host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific
- # hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
- # host.name=
- ##
- # JPA Ticket Registry Database Configuration
- #
- # ticketreg.database.ddl.auto=create-drop
- # ticketreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
- # ticketreg.database.batchSize=10
- # ticketreg.database.driverClass=org.hsqldb.jdbcDriver
- # ticketreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
- # ticketreg.database.user=sa
- # ticketreg.database.password=
- # ticketreg.database.pool.minSize=6
- # ticketreg.database.pool.maxSize=18
- # ticketreg.database.pool.maxWait=10000
- # ticketreg.database.pool.maxIdleTime=120
- # ticketreg.database.pool.acquireIncrement=6
- # ticketreg.database.pool.idleConnectionTestPeriod=30
- # ticketreg.database.pool.connectionHealthQuery=select 1
- # ticketreg.database.pool.acquireRetryAttempts=5
- # ticketreg.database.pool.acquireRetryDelay=2000
- # ticketreg.database.pool.connectionHealthQuery=select 1
- ##
- # JPA Service Registry Database Configuration
- #
- # svcreg.database.ddl.auto=create-drop
- # svcreg.database.hibernate.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
- # svcreg.database.hibernate.batchSize=10
- # svcreg.database.driverClass=org.hsqldb.jdbcDriver
- # svcreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
- # svcreg.database.user=sa
- # svcreg.database.password=
- # svcreg.database.pool.minSize=6
- # svcreg.database.pool.maxSize=18
- # svcreg.database.pool.maxWait=10000
- # svcreg.database.pool.maxIdleTime=120
- # svcreg.database.pool.acquireIncrement=6
- # svcreg.database.pool.idleConnectionTestPeriod=30
- # svcreg.database.pool.connectionHealthQuery=select 1
- # svcreg.database.pool.acquireRetryAttempts=5
- # svcreg.database.pool.acquireRetryDelay=2000
- # svcreg.database.pool.connectionHealthQuery=select 1
- ##
- # CAS SSO Cookie Generation & Security
- # See https://github.com/mitreid-connect/json-web-key-generator
- #
- # Do note that the following settings MUST be generated per deployment.
- #
- # The encryption secret key. By default, must be a octet string of size 256.
- # tgc.encryption.key=
- # The signing secret key. By default, must be a octet string of size 512.
- # tgc.signing.key=
- # Decides whether SSO cookie should be created only under secure connections.
- # tgc.secure=true
- # The expiration value of the SSO cookie
- # tgc.maxAge=-1
- # The name of the SSO cookie
- # tgc.name=TGC
- # The path to which the SSO cookie will be scoped
- # tgc.path=/cas
- # The expiration value of the SSO cookie for long-term authentications
- # tgc.remember.me.maxAge=1209600
- # Decides whether SSO Warning cookie should be created only under secure connections.
- # warn.cookie.secure=true
- # The expiration value of the SSO Warning cookie
- # warn.cookie.maxAge=-1
- # The name of the SSO Warning cookie
- # warn.cookie.name=CASPRIVACY
- # The path to which the SSO Warning cookie will be scoped
- # warn.cookie.path=/cas
- # Whether we should track the most recent session by keeping the latest service ticket
- # tgt.onlyTrackMostRecentSession = true
- ##
- # CAS UI Theme Resolution
- #
- # cas.themeResolver.defaultThemeName=cas-theme-default
- # cas.themeResolver.pathprefix=/WEB-INF/view/jsp/
- # cas.themeResolver.param.name=theme
- # Location of the Spring xml config file where views may be collected
- # cas.viewResolver.xmlFile=/META-INF/spring/views.xml
- ##
- # CAS Logout Behavior
- # WEB-INF/cas-servlet.xml
- #
- # Specify whether CAS should redirect to the specified service parameter on /logout requests
- # cas.logout.followServiceRedirects=false
- ##
- # CAS Cached Attributes Timeouts
- # Controls the cached attribute expiration policy
- #
- # Notes the duration in which attributes will be kept alive
- # cas.attrs.timeToExpireInHours=2
- ##
- # Single Sign-On Session
- #
- # Indicates whether an SSO session should be created for renewed authentication requests.
- # create.sso.renewed.authn=true
- #
- # Indicates whether an SSO session can be created if no service is present.
- # create.sso.missing.service=true
- ##
- # CAS Authentication Policy
- #
- # cas.authn.policy.any.tryall=false
- # cas.authn.policy.req.tryall=false
- # cas.authn.policy.req.handlername=handlerName
- ##
- # CAS PersonDirectory Principal Resolution
- #
- # cas.principal.resolver.persondir.principal.attribute=cn
- # cas.principal.resolver.persondir.return.null=false
- ##
- # CAS Internationalization
- #
- # locale.default=en
- # locale.param.name=locale
- # message.bundle.encoding=UTF-8
- # message.bundle.cacheseconds=180
- # message.bundle.fallback.systemlocale=false
- # message.bundle.usecode.message=true
- # message.bundle.basenames=classpath:custom_messages,classpath:messages
- ##
- # CAS Authentication Throttling
- #
- #cas.throttle.failure.threshold=
- #cas.throttle.failure.range.seconds=
- #cas.throttle.username.parameter=
- #cas.throttle.appcode=
- #cas.throttle.authn.failurecode=
- #cas.throttle.audit.query=
- ##
- # CAS Health Monitoring
- #
- # cas.monitor.st.warn.threshold=5000
- # cas.monitor.tgt.warn.threshold=10000
- # cas.monitor.free.mem.threshold=10
- ##
- # CAS MongoDB Service Registry
- #
- # mongodb.host=mongodb database url
- # mongodb.port=mongodb database port
- # mongodb.userId=mongodb userid to bind
- # mongodb.userPassword=mongodb password to bind
- # cas.service.registry.mongo.db=Collection name to store service definitions
- # mongodb.timeout=5000
- ##
- # Spring Webflow Web Application Session
- # Define the settings that are required to encrypt and persist the CAS web application session.
- # See the cas-servlet.xml file to understand how these properties are used.
- #
- # The encryption secret key. By default, must be a octet string of size 256.
- # webflow.encryption.key=
- # The signing secret key. By default, must be a octet string of size 512.
- # webflow.signing.key=
- ##
- # Remote User Authentication
- #
- # ip.address.range=
- ##
- # Apache Shiro Authentication
- #
- # shiro.authn.requiredRoles=
- # shiro.authn.requiredPermissions=
- # shiro.authn.config.file=classpath:shiro.ini
- ##
- # YubiKey Authentication
- #
- # yubikey.client.id=
- # yubikey.secret.key=
- ##
- # JDBC Authentication
- #
- # cas.jdbc.authn.query.encode.sql=
- # cas.jdbc.authn.query.encode.alg=
- # cas.jdbc.authn.query.encode.salt.static=
- # cas.jdbc.authn.query.encode.password=
- # cas.jdbc.authn.query.encode.salt=
- # cas.jdbc.authn.query.encode.iterations.field=
- # cas.jdbc.authn.query.encode.iterations=
- # cas.jdbc.authn.query.sql=
- # cas.jdbc.authn.search.password=
- # cas.jdbc.authn.search.user=
- # cas.jdbc.authn.search.table=
- ##
- # Duo security 2fa authentication provider
- # https://www.duosecurity.com/docs/duoweb#1.-generate-an-akey
- #
- # cas.duo.api.host=
- # cas.duo.integration.key=
- # cas.duo.secret.key=
- # cas.duo.application.key=
- ##
- # File Authentication
- #
- # file.authn.filename=classpath:people.txt
- # file.authn.separator=::
- ##
- # General Authentication
- #
- # cas.principal.transform.upperCase=false
- # cas.authn.password.encoding.char=UTF-8
- # cas.authn.password.encoding.alg=SHA-256
- # cas.principal.transform.prefix=
- # cas.principal.transform.suffix=
- ##
- # X509 Authentication
- #
- # cas.x509.authn.crl.checkAll=false
- # cas.x509.authn.crl.throw.failure=true
- # cas.x509.authn.crl.refresh.interval=
- # cas.x509.authn.revocation.policy.threshold=
- # cas.x509.authn.trusted.issuer.dnpattern=
- # cas.x509.authn.max.path.length=
- # cas.x509.authn.max.path.length.unspecified=
- # cas.x509.authn.check.key.usage=
- # cas.x509.authn.require.key.usage=
- # cas.x509.authn.subject.dnpattern=
- # cas.x509.authn.principal.descriptor=
- # cas.x509.authn.principal.serial.no.prefix=
- # cas.x509.authn.principal.value.delim=
- ##
- # Accepted Users Authentication
- #
- accept.authn.users=casuser::Mellon
- ##
- # Rejected Users Authentication
- #
- # reject.authn.users=
- ##
- # JAAS Authentication
- #
- # cas.authn.jaas.realm=CAS
- # cas.authn.jaas.kerb.realm=
- # cas.authn.jaas.kerb.kdc=
- ##
- # Single Sign-On Session TGT Timeouts
- #
- # Inactivity Timeout Policy
- # tgt.timeout.maxTimeToLiveInSeconds=28800
- # Hard Timeout Policy
- # tgt.timeout.hard.maxTimeToLiveInSeconds
- #
- # Throttled Timeout Policy
- # tgt.throttled.maxTimeToLiveInSeconds=28800
- # tgt.throttled.timeInBetweenUsesInSeconds=5
- # Default Expiration Policy
- # tgt.maxTimeToLiveInSeconds=28800
- # tgt.timeToKillInSeconds=7200
- ##
- # Service Ticket Timeout
- #
- # st.timeToKillInSeconds=10
- # st.numberOfUses=1
- ##
- # Http Client Settings
- #
- # The http client read timeout in milliseconds
- # http.client.read.timeout=5000
- # The http client connection timeout in milliseconds
- # http.client.connection.timeout=5000
- #
- # The http client truststore file, in addition to the default's
- # http.client.truststore.file=classpath:truststore.jks
- #
- # The http client truststore's password
- # http.client.truststore.psw=changeit
- ##
- # Single Logout Out Callbacks
- #
- # To turn off all back channel SLO requests set this to true
- # slo.callbacks.disabled=false
- #
- # To send callbacks to endpoints synchronously, set this to false
- # slo.callbacks.asynchronous=true
- ##
- # CAS Protocol Security Filter
- #
- # Are multi-valued parameters accepted?
- # cas.http.allow.multivalue.params=false
- # Define the list of request parameters to examine for sanity
- # cas.http.check.params=ticket,service,renew,gateway,warn,target,SAMLart,pgtUrl,pgt,pgtId,pgtIou,targetService
- # Define the list of request parameters only allowed via POST
- # cas.http.allow.post.params=username,password
- ##
- # JSON Service Registry
- #
- # Directory location where JSON service files may be found.
- # service.registry.config.location=classpath:services
- ##
- # Service Registry Periodic Reloading Scheduler
- # Default sourced from WEB-INF/spring-configuration/applicationContext.xml
- #
- # Force a startup delay of 2 minutes.
- # service.registry.quartz.reloader.startDelay=120000
- #
- # Reload services every 2 minutes
- # service.registry.quartz.reloader.repeatInterval=120000
- ##
- # Background Scheduler
- #
- # Wait for scheduler to finish running before shutting down CAS.
- # scheduler.shutdown.wait=true
- #
- # Attempt to interrupt background jobs when shutting down CAS
- # scheduler.shutdown.interruptJobs=true
- ##
- # Audits
- #
- # Use single line format for audit blocks
- # cas.audit.singleline=true
- # Separator to use between each fields in a single audit event
- # cas.audit.singleline.separator=|
- # Application code for audits
- # cas.audit.appcode=CAS
- #
- ## JDBC Audits
- #
- #cas.audit.max.agedays=
- #cas.audit.database.dialect=
- #cas.audit.database.batchSize=
- #cas.audit.database.ddl.auto=
- #cas.audit.database.gen.ddl=
- #cas.audit.database.show.sql=
- #cas.audit.database.driverClass=
- #cas.audit.database.url=
- #cas.audit.database.user=
- #cas.audit.database.password=
- #cas.audit.database.pool.minSize=
- #cas.audit.database.pool.minSize=
- #cas.audit.database.pool.maxSize=
- #cas.audit.database.pool.maxIdleTime=
- #cas.audit.database.pool.maxWait=
- #cas.audit.database.pool.acquireIncrement=
- #cas.audit.database.pool.acquireRetryAttempts=
- #cas.audit.database.pool.acquireRetryDelay=
- #cas.audit.database.pool.idleConnectionTestPeriod=
- #cas.audit.database.pool.connectionHealthQuery=
- ##
- # Metrics
- # Default sourced from WEB-INF/spring-configuration/metricsConfiguration.xml:
- #
- # Define how often should metric data be reported. Default is 30 seconds.
- # metrics.refresh.interval=30s
- ##
- # Encoding
- #
- # Set the encoding to use for requests. Default is UTF-8
- # httprequest.web.encoding=UTF-8
- # Default is true. Switch this to "false" to not enforce the specified encoding in any case,
- # applying it as default response encoding as well.
- # httprequest.web.encoding.force=true
- ##
- # Response Headers
- #
- # httpresponse.header.cache=false
- # httpresponse.header.hsts=false
- # httpresponse.header.xframe=false
- # httpresponse.header.xcontent=false
- # httpresponse.header.xss=false
- ##
- # SAML
- #
- # Indicates the SAML response issuer
- # cas.saml.response.issuer=localhost
- #
- # Indicates the skew allowance which controls the issue instant of the SAML response
- # cas.saml.response.skewAllowance=0
- #
- # Indicates whether SAML ticket id generation should be saml2-compliant.
- # cas.saml.ticketid.saml2=false
- ##
- # Default Ticket Registry
- #
- # default.ticket.registry.initialcapacity=1000
- # default.ticket.registry.loadfactor=1
- # default.ticket.registry.concurrency=20
- ##
- # Ticket Registry Cleaner
- #
- # Indicates how frequently the Ticket Registry cleaner should run. Configured in seconds.
- # ticket.registry.cleaner.startdelay=20
- # ticket.registry.cleaner.repeatinterval=5000
- ##
- # Ticket ID Generation
- #
- # lt.ticket.maxlength=20
- # st.ticket.maxlength=20
- # tgt.ticket.maxlength=50
- # pgt.ticket.maxlength=50
- ##
- # Google Apps public/private key
- #
- # cas.saml.googleapps.publickey.file=file:/etc/cas/public.key
- # cas.saml.googleapps.privatekey.file=file:/etc/cas/private.p8
- # cas.saml.googleapps.key.alg=RSA
- ##
- # WS-FED
- #
- # The claim from ADFS that should be used as the user's identifier.
- # cas.wsfed.idp.idattribute=upn
- #
- # Federation Service identifier
- # cas.wsfed.idp.id=https://adfs.example.org/adfs/services/trust
- #
- # The ADFS login url.
- # cas.wsfed.idp.url=https://adfs.example.org/adfs/ls/
- #
- # Identifies resource(s) that point to ADFS's signing certificates.
- # These are used verify the WS Federation token that is returned by ADFS.
- # Multiple certificates may be separated by comma.
- # cas.wsfed.idp.signingcerts=classpath:adfs-signing.crt
- #
- # Unique identifier that will be set in the ADFS configuration.
- # cas.wsfed.rp.id=urn:cas:localhost
- #
- # Slack dealing with time-drift between the ADFS Server and the CAS Server.
- # cas.wsfed.idp.tolerance=10000
- #
- # Decides which bundle of attributes should be resolved during WS-FED authentication.
- # cas.wsfed.idp.attribute.resolver.enabled=true
- # cas.wsfed.idp.attribute.resolver.type=WSFED
- #
- # Private/Public keypair used to decrypt assertions, if any.
- # cas.wsfed.idp.enc.privateKey=classpath:private.key
- # cas.wsfed.idp.enc.cert=classpath:certificate.crt
- # cas.wsfed.idp.enc.privateKeyPassword=NONE
- ##
- # LDAP User Details
- #
- # ldap.userdetails.service.user.attr=
- # ldap.userdetails.service.role.attr=
- ##
- # LDAP Service Registry
- #
- # svcreg.ldap.baseDn=dc=example,dc=org
- ##
- # Password Policy
- #
- # Warn all users of expiration date regardless of warningDays value.
- # password.policy.warnAll=false
- # Threshold number of days to begin displaying password expiration warnings.
- # password.policy.warningDays=30
- # URL to which the user will be redirected to change the password.
- # password.policy.url=https://password.example.edu/change
- # password.policy.warn.attribute.name=attributeName
- # password.policy.warn.attribute.value=attributeValue
- # password.policy.warn.display.matched=true
- ##
- # CAS REST API Services
- #
- # cas.rest.services.attributename=
- # cas.rest.services.attributevalue=
- ##
- # Ticket Registry
- #
- # Secret key to use when encrypting tickets in a distributed ticket registry.
- # ticket.encryption.secretkey=C@$W3bSecretKey!
- # Secret key to use when signing tickets in a distributed ticket registry.
- # By default, must be a octet string of size 512.
- # ticket.signing.secretkey=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w
- # Secret key algorithm used
- # ticket.secretkey.alg=AES
- ##
- # Hazelcast Ticket Registry
- #
- # hz.config.location=file:/etc/cas/hazelcast.xml
- # hz.mapname=tickets
- # hz.cluster.logging.type=slf4j
- # hz.cluster.portAutoIncrement=true
- # hz.cluster.port=5701
- # hz.cluster.multicast.enabled=false
- # hz.cluster.members=cas1.example.com,cas2.example.com
- # hz.cluster.tcpip.enabled=true
- # hz.cluster.multicast.enabled=false
- # hz.cluster.max.heapsize.percentage=85
- # hz.cluster.max.heartbeat.seconds=300
- # hz.cluster.eviction.percentage=10
- # hz.cluster.eviction.policy=LRU
- # hz.cluster.instance.name=${host.name}
- ##
- # Ehcache Ticket Registry
- #
- # ehcache.config.file=classpath:ehcache-replicated.xml
- # ehcache.cachemanager.shared=false
- # ehcache.cachemanager.name=ticketRegistryCacheManager
- # ehcache.disk.expiry.interval.seconds=0
- # ehcache.disk.persistent=false
- # ehcache.eternal=false
- # ehcache.max.elements.memory=10000
- # ehcache.max.elements.disk=0
- # ehcache.eviction.policy=LRU
- # ehcache.overflow.disk=false
- # ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket
- # ehcache.cache.st.timeIdle=0
- # ehcache.cache.st.timeAlive=300
- # ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket
- # ehcache.cache.tgt.timeIdle=7201
- # ehcache.cache.tgt.timeAlive=0
- # ehcache.cache.loader.async=true
- # ehcache.cache.loader.chunksize=5000000
- # ehcache.repl.async.interval=10000
- # ehcache.repl.async.batch.size=100
- # ehcache.repl.sync.puts=true
- # ehcache.repl.sync.putscopy=true
- # ehcache.repl.sync.updates=true
- # ehcache.repl.sync.updatesCopy=true
- # ehcache.repl.sync.removals=true
- ##
- # Ehcache Monitoring
- #
- # cache.monitor.warn.free.threshold=10
- # cache.monitor.eviction.threshold=0
- ##
- # Memcached Ticket Registry
- #
- # memcached.servers=localhost:11211
- # memcached.hashAlgorithm=FNV1_64_HASH
- # memcached.protocol=BINARY
- # memcached.locatorType=ARRAY_MOD
- # memcached.failureMode=Redistribute
- ##
- # Memcached Monitoring
- #
- # cache.monitor.warn.free.threshold=10
- # cache.monitor.eviction.threshold=0
- ##
- # RADIUS Authentication Server
- #
- # cas.radius.client.inetaddr=localhost
- # cas.radius.client.port.acct=
- # cas.radius.client.socket.timeout=60
- # cas.radius.client.port.authn=
- # cas.radius.client.sharedsecret=N0Sh@ar3d$ecReT
- # cas.radius.server.protocol=EAP_MSCHAPv2
- # cas.radius.server.retries=3
- # cas.radius.server.nasIdentifier=
- # cas.radius.server.nasPort=-1
- # cas.radius.server.nasPortId=-1
- # cas.radius.server.nasRealPort=-1
- # cas.radius.server.nasPortType=-1
- # cas.radius.server.nasIpAddress=
- # cas.radius.server.nasIpv6Address=
- # cas.radius.failover.authn=false
- # cas.radius.failover.exception=false
- ##
- # SPNEGO Authentication
- #
- # cas.spnego.ldap.attribute=spnegoattribute
- # cas.spnego.ldap.filter=host={0}
- # cas.spnego.ldap.basedn=
- # cas.spnego.hostname.pattern=.+
- # cas.spnego.ip.pattern=
- # cas.spnego.alt.remote.host.attribute
- # cas.spengo.use.principal.domain=false
- # cas.spnego.ntlm.allowed=true
- # cas.spnego.kerb.debug=false
- # cas.spnego.kerb.realm=EXAMPLE.COM
- # cas.spnego.kerb.kdc=172.10.1.10
- # cas.spnego.login.conf.file=/path/to/login
- # cas.spnego.jcifs.domain=
- # cas.spnego.jcifs.domaincontroller=
- # cas.spnego.jcifs.netbios.cache.policy:600
- # cas.spnego.jcifs.netbios.wins=
- # cas.spnego.jcifs.password=
- # cas.spnego.jcifs.service.password=
- # cas.spnego.jcifs.socket.timeout:300000
- # cas.spnego.jcifs.username=
- # cas.spnego.kerb.conf=
- # cas.spnego.ntlm=false
- # cas.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
- # cas.spnego.mixed.mode.authn=false
- # cas.spnego.send.401.authn.failure=false
- # cas.spnego.principal.resolver.transform=NONE
- # cas.spnego.service.principal=HTTP/cas.example.com@EXAMPLE.COM
- ##
- # NTLM Authentication
- #
- # ntlm.authn.domain.controller=
- # ntlm.authn.include.pattern=
- # ntlm.authn.load.balance=true
- ##
- # Authentication delegation using pac4j
- #
- # cas.pac4j.client.authn.typedidused=true
- # cas.pac4j.facebook.id=
- # cas.pac4j.facebook.secret=
- # cas.pac4j.facebook.scope=
- # cas.pac4j.facebook.fields=
- # cas.pac4j.twitter.id=
- # cas.pac4j.twitter.secret=
- # cas.pac4j.saml.keystorePassword=
- # cas.pac4j.saml.privateKeyPassword=
- # cas.pac4j.saml.keystorePath=
- # cas.pac4j.saml.identityProviderMetadataPath=
- # cas.pac4j.saml.maximumAuthenticationLifetime=
- # cas.pac4j.saml.serviceProviderEntityId=
- # cas.pac4j.saml.serviceProviderMetadataPath=
- # cas.pac4j.cas.loginUrl=
- # cas.pac4j.cas.protocol=
- # cas.pac4j.oidc.id=
- # cas.pac4j.oidc.secret=
- # cas.pac4j.oidc.discoveryUri=
- # cas.pac4j.oidc.useNonce=
- # cas.pac4j.oidc.preferredJwsAlgorithm=
- # cas.pac4j.oidc.maxClockSkew=
- # cas.pac4j.oidc.customParamKey1=
- # cas.pac4j.oidc.customParamValue1=
- # cas.pac4j.oidc.customParamKey2=
- # cas.pac4j.oidc.customParamValue2=
- ##
- # CAS Acceptable Usage Policy Settings
- #
- # cas.aup.ldap.search.filter=cn={0}
- # cas.aup.ldap.url=ldap://127.0.0.1:1389
- # cas.aup.ldap.ssl=false
- # cas.aup.ldap.startTLS=false
- # cas.aup.ldap.basedn=dc=example,dc=org
- # cas.aup.attribute=
- #========================================
- # General properties
- #========================================
- ldap.url=ldaps://dc.domain.com
- # Start TLS for SSL connections
- ldap.useStartTLS=false
- # Use SSL
- ldap.useSSL=true
- # Directory root DN
- ldap.rootDn=dc=domain,dc=com
- # Base DN of users to be authenticated
- ldap.baseDn=dc=domain,dc=com
- # LDAP connection timeout in milliseconds
- ldap.connectTimeout=3000
- # Manager credential DN
- ldap.managerDn=casUser
- # Manager credential password
- ldap.managerPassword=casPassword
- #========================================
- # LDAP connection pool configuration
- #========================================
- ldap.pool.minSize=1
- ldap.pool.maxSize=10
- ldap.pool.validateOnCheckout=false
- ldap.pool.validatePeriodically=true
- # Amount of time in milliseconds to block on pool exhausted condition
- # before giving up.
- ldap.pool.blockWaitTime=3000
- # Frequency of connection validation in seconds
- # Only applies if validatePeriodically=true
- ldap.pool.validatePeriod=300
- # Attempt to prune connections every N seconds
- ldap.pool.prunePeriod=300
- # Maximum amount of time an idle connection is allowed to be in
- # pool before it is liable to be removed/destroyed
- ldap.pool.idleTime=600
- #========================================
- # Authentication
- #========================================
- ldap.authn.searchFilter=(sAMAccountName={user})
- # Ldap domain used to resolve dn
- ldap.domain=domain.com
- # Should LDAP Password Policy be enabled?
- ldap.usePpolicy=false
- # Allow multiple DNs during authentication?
- ldap.allowMultipleDns=false
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement