Configuration Server - Standalone Profile

This is the default configuration mode which indicates that CAS does NOT require connections to an external configuration server and will run in an embedded standalone mode. When this option is turned on, CAS by default will attempt to locate settings and properties inside a pre-defined directories and files and otherwise falls back to typically using /etc/cas/config as the configuration directory.

Similar to the Spring Cloud external configuration server, the contents of this directory include (cas|application).(yml|properties) files that can be used to control CAS behavior. Also, note that this configuration directory can be monitored by CAS to auto-pick up changes and refresh the application context as needed. Please review this guide to learn more.

Note that by default, all CAS settings and configuration is controlled via the embedded application.properties file in the CAS server web application. There is also an embedded application.yml file that allows you to override all defaults if you wish to ship the configuration inside the main CAS web application and not rely on externalized configuration files. If you prefer properties to yaml, then application-standalone.properties will override application.properties as well.

Settings found in external configuration files are and will be able to override the defaults provided by CAS. The naming of the configuration files inside the CAS configuration directory follows the below pattern:

  • An application.(properties|yml|yaml) file is always loaded, if found.
  • Settings located inside properties|yml|yaml files whose name matches the value of spring.application.name are loaded (i.e cas.properties) Note: spring.application.name defaults to uppercase CAS but the lowercase name will also be loaded.
  • Settings located inside properties|yml|yaml files whose name matches the value of spring.profiles.active are loaded (i.e ldap.properties).
  • Profile-specific application properties outside of your packaged web application (application-{profile}.properties|yml|yaml) This allows you to, if needed, split your settings into multiple property files and then locate them by assigning their name to the list of active profiles (i.e. spring.profiles.active=standalone,testldap,stagingMfa)

Configuration files are loaded in the following order where spring.profiles.active=standalone,profile1,profile2. Note that the last configuration file loaded will override any duplicate properties from configuration files loaded earlier:

  1. application.(properties|yml|yaml)
  2. (lower case) spring.application.name.(properties|yml|yaml)
  3. spring.application.name.(properties|yml|yaml)
  4. application-standalone.(properties|yml|yaml)
  5. standalone.(properties|yml|yaml)
  6. application-profile1.(properties|yml|yaml)
  7. profile1.(properties|yml|yaml)
  8. application-profile2.(properties|yml|yaml)
  9. profile2.(properties|yml|yaml)

If two configuration files with same base name and different extensions exist, they are processed in the order of properties, yml and then yaml and then groovy (last one processed wins where duplicate properties exist). These external configuration files will override files located in the classpath (e.g. files from src/main/resources in your CAS overlay that end up in WEB-INF/classes) but the internal files are loaded per the Spring Boot rules which differ from the CAS standalone configuration rules described here (e.g. <profile>.properties would not be loaded from classpath but application-<profile>.properties would).

Sources

CAS by default will attempt to locate settings and properties using:

  1. /etc/cas/config
  2. /opt/cas/config
  3. /var/cas/config

CAS has the ability to also load a Groovy file for loading settings. The file is expected to be found at the above matching directory and should be named ${cas-application-name}.groovy, such as cas.groovy. The script is able to combine conditional settings for active profiles and common settings that are applicable to all environments and profiles into one location with a structure that is similar to the below example:

1
2
3
4
5
6
7
8
9
// Settings may be filtered by individual profiles
profiles {
    standalone {
        cas.some.setting="value"
    }
}

// This applies to all profiles and environments
cas.common.setting="value"

You can also use a dedicated configuration file to directly feed a collection of properties to CAS in form of a file or classpath resource. This is specially useful in cases where a bare CAS server is deployed in the cloud without the extra ceremony of a configuration server or an external directory for that matter and the deployer wishes to avoid overriding embedded configuration files.

The following settings and properties are available from the CAS configuration catalog:

The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value. In other words, you should only include this field in your configuration if you need to modify the default value or if you need to turn on the feature controlled by the setting.

  • cas.standalone.configuration-directory=
  • Describes a directory path where CAS configuration may be found.

    org.apereo.cas.configuration.model.core.config.standalone.StandaloneConfigurationProperties.

    How can I configure this property?

  • cas.standalone.configuration-file=
  • Describes a file path where that contains the CAS properties in a single file.

    org.apereo.cas.configuration.model.core.config.standalone.StandaloneConfigurationProperties.

    How can I configure this property?

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc.

    :information_source: Note

    When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value. The only possible exception to this rule is when naming actuator endpoints; The name of the actuator endpoints (i.e. ssoSessions) MUST remain in camelCase mode.

    Settings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Handling Overrides

    :warning: Remember

    You are advised to not overlay or otherwise modify the built in application.properties or bootstrap.properties files. This will only complicate and weaken your deployment. Instead try to comply with the CAS defaults and bootstrap CAS as much as possible via the defaults, override via application.yml, application-standalone.properties or use the outlined strategies. Likewise, try to instruct CAS to locate configuration files external to its own. Premature optimization will only lead to chaos.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value. In other words, you should only include this field in your configuration if you need to modify the default value or if you need to turn on the feature controlled by the setting.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.config.allow-override=true
  • Flag to indicate that #isOverrideSystemProperties() systemPropertiesOverride can be used. Set to false to prevent users from changing the default accidentally. Default true.

    org.springframework.cloud.bootstrap.config.PropertySourceBootstrapProperties.

    How can I configure this property?

  • spring.cloud.config.discovery.enabled=false
  • Flag to indicate that config server discovery is enabled (config server URL will be looked up via discovery).

    org.springframework.cloud.config.client.ConfigClientProperties$Discovery.

    How can I configure this property?

  • spring.cloud.config.discovery.service-id=configserver
  • Service id to locate config server.

    org.springframework.cloud.config.client.ConfigClientProperties$Discovery.

    How can I configure this property?

  • spring.cloud.config.enabled=true
  • Flag to say that remote configuration is enabled. Default true;

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.fail-fast=false
  • Flag to indicate that failure to connect to the server is fatal (default false).

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.headers=
  • Additional headers used to create the client request.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.initialize-on-context-refresh=false
  • Flag to initialize bootstrap configuration on context refresh event. Default false.

    org.springframework.cloud.bootstrap.config.PropertySourceBootstrapProperties.

    How can I configure this property?

  • spring.cloud.config.label=
  • The label name to use to pull remote configuration properties. The default is set on the server (generally "main" for a git based server).

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.media-type=
  • The Accept header media type to send to config server.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.multiple-uri-strategy=
  • The strategy to use when call to server fails and there are multiple URLs configured on the uri property (default MultipleUriStrategy#ALWAYS).

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.name=
  • Name of application used to fetch remote properties.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.override-none=false
  • Flag to indicate that when #setAllowOverride(boolean) allowOverride is true, external properties should take lowest priority and should not override any existing property sources (including local config files). Default false. This will only have an effect when using config first bootstrap.

    org.springframework.cloud.bootstrap.config.PropertySourceBootstrapProperties.

    How can I configure this property?

  • spring.cloud.config.override-system-properties=true
  • Flag to indicate that the external properties should override system properties. Default true.

    org.springframework.cloud.bootstrap.config.PropertySourceBootstrapProperties.

    How can I configure this property?

  • spring.cloud.config.password=
  • The password to use (HTTP Basic) when contacting the remote server.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.profile=default
  • The default profile to use when fetching remote configuration (comma-separated). Default is "default".

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.request-connect-timeout=0
  • timeout on waiting to connect to the Config Server.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.request-read-timeout=0
  • timeout on waiting to read data from the Config Server.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.retry.initial-interval=1000
  • Initial retry interval in milliseconds.

    org.springframework.cloud.config.client.RetryProperties.

    How can I configure this property?

  • spring.cloud.config.retry.max-attempts=6
  • Maximum number of attempts.

    org.springframework.cloud.config.client.RetryProperties.

    How can I configure this property?

  • spring.cloud.config.retry.max-interval=2000
  • Maximum interval for backoff.

    org.springframework.cloud.config.client.RetryProperties.

    How can I configure this property?

  • spring.cloud.config.retry.multiplier=1.1
  • Multiplier for next interval.

    org.springframework.cloud.config.client.RetryProperties.

    How can I configure this property?

  • spring.cloud.config.retry.use-random-policy=false
  • Use a random exponential backoff policy.

    org.springframework.cloud.config.client.RetryProperties.

    How can I configure this property?

  • spring.cloud.config.send-state=true
  • Flag to indicate whether to send state. Default true.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.server.accept-empty=true
  • Flag to indicate that If HTTP 404 needs to be sent if Application is not Found.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.default-label=
  • The default staging label to be used to fetch the secret values. If unset, an active version of the secret will be fetched (AWSCURRENT).

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.endpoint=
  • The endpoint to be used by AWS Secrets Manager client. This can be used to specify an alternate endpoint for the API requests.

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.ignore-label=false
  • Do not set staging label when fetching the secret values.

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.order=
  • The order of the environment repository.

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.origin=aws:secrets:
  • Prefix which indicates the origin of the property. Defaults to "aws:secrets:".

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.prefix=
  • Prefix indicating first level for every property loaded from AWS Secrets Manager. Value must start with a forward slash followed by a valid path segment or be empty. Defaults to "/secret".

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.profile-separator=-
  • String that separates profile from the application name.

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.aws-secretsmanager.region=
  • The region to be used by AWS Secrets Manager client.

    org.springframework.cloud.config.server.environment.AwsSecretsManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.decrypt-values=true
  • Flag to indicate the retrieval of all AWS parameters in a hierarchy with their value decrypted. Defaults to "true".

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.endpoint=
  • The service endpoint to be used by the AWS Parameter Store client.

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.max-results=10
  • The maximum number of items to return for an AWS Parameter Store API call. Defaults to "10".

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.order=
  • The order of the environment repository.

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.origin=aws:ssm:parameter:
  • Prefix indicating the property's origin. Defaults to "aws:ssm:parameter:".

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.prefix=
  • Prefix indicating first level for every property loaded from the AWS Parameter Store. Value must start with a forward slash followed by one or more valid path segments or be empty. Defaults to "/config".

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.profile-separator=-
  • String that separates an appended profile from the context name. Note that an AWS parameter name can only contain dots, dashes and underscores next to alphanumeric characters. Defaults to "-".

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.recursive=true
  • Flag to indicate the retrieval of all AWS parameters within a hierarchy. Defaults to "true".

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awsparamstore.region=
  • The region to be used by the AWS Parameter Store client.

    org.springframework.cloud.config.server.environment.AwsParameterStoreEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awss3.bucket=
  • Name of the S3 bucket that contains config.

    org.springframework.cloud.config.server.environment.AwsS3EnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awss3.endpoint=
  • Adds the ability to override the baseUrl of the s3 client.

    org.springframework.cloud.config.server.environment.AwsS3EnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awss3.order=0
  • org.springframework.cloud.config.server.environment.AwsS3EnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.awss3.region=
  • AWS region that contains config.

    org.springframework.cloud.config.server.environment.AwsS3EnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.bootstrap=false
  • Flag indicating that the config server should initialize its own Environment with properties from the remote repository. Off by default because it delays startup but can be useful when embedding the server in another application.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.credhub.ca-cert-files=
  • org.springframework.credhub.support.ClientOptions.

    How can I configure this property?

  • spring.cloud.config.server.credhub.connection-timeout=
  • org.springframework.credhub.support.ClientOptions.

    How can I configure this property?

  • spring.cloud.config.server.credhub.oauth2.registration-id=
  • org.springframework.credhub.core.CredHubProperties$OAuth2.

    How can I configure this property?

  • spring.cloud.config.server.credhub.order=
  • org.springframework.cloud.config.server.environment.CredhubEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.credhub.read-timeout=
  • org.springframework.credhub.support.ClientOptions.

    How can I configure this property?

  • spring.cloud.config.server.credhub.url=
  • org.springframework.credhub.core.CredHubProperties.

    How can I configure this property?

  • spring.cloud.config.server.default-application-name=application
  • Default application name when incoming requests do not have a specific one.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.default-label=
  • Default repository label when incoming requests do not have a specific label.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.default-profile=default
  • Default application profile when incoming requests do not have a specific one.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.enabled=true
  • Flag indicating config server is enabled.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.encrypt.enabled=true
  • Enable decryption of environment properties before sending to client.

    org.springframework.cloud.config.server.config.ConfigServerProperties$Encrypt.

    How can I configure this property?

  • spring.cloud.config.server.encrypt.plain-text-encrypt=false
  • Enable decryption of environment properties served by plain text endpoint org.springframework.cloud.config.server.resource.ResourceController.

    org.springframework.cloud.config.server.config.ConfigServerProperties$Encrypt.

    How can I configure this property?

  • spring.cloud.config.server.fail-on-composite-error=true
  • Flag indicating that if there are any errors reading properties from a subordinate environment repository in a composite environment repository, then the entire composite read should fail. Useful when set to false when a Vault repository is in the composite to allow clients to still read properties from other repositories without providing a valid Vault token. Defaults to true, resulting in a failure on any error.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.gcp-secret-manager.application-label=application
  • org.springframework.cloud.config.server.environment.GoogleSecretManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.gcp-secret-manager.order=
  • org.springframework.cloud.config.server.environment.GoogleSecretManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.gcp-secret-manager.profile-label=profile
  • org.springframework.cloud.config.server.environment.GoogleSecretManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.gcp-secret-manager.service-account=
  • org.springframework.cloud.config.server.environment.GoogleSecretManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.gcp-secret-manager.token-mandatory=true
  • org.springframework.cloud.config.server.environment.GoogleSecretManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.gcp-secret-manager.version=1
  • org.springframework.cloud.config.server.environment.GoogleSecretManagerEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.basedir=
  • Base directory for local working copy of repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.clone-on-start=false
  • Flag to indicate that the repository should be cloned on startup (not on demand). Generally leads to slower startup but faster first query.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.clone-submodules=false
  • Flag to indicate that the submodules in the repository should be cloned.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.default-label=
  • The default label to be used with the remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.delete-untracked-branches=false
  • Flag to indicate that the branch should be deleted locally if it's origin tracked branch was removed.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.force-pull=false
  • Flag to indicate that the repository should force pull. If true discard any local changes and take from remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.host-key=
  • Valid SSH host key. Must be set if hostKeyAlgorithm is also set.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.host-key-algorithm=
  • One of ssh-dss, ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521. Must be set if hostKey is also set.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.ignore-local-ssh-settings=false
  • If true, use property-based instead of file-based SSH config.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.known-hosts-file=
  • Location of custom .known_hosts file.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.order=
  • The order of the environment repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.passphrase=
  • Passphrase for unlocking your ssh private key.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.password=
  • Password for authentication with remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.preferred-authentications=
  • Override server authentication method order. This should allow for evading login prompts if server has keyboard-interactive authentication before the publickey method.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.private-key=
  • Valid SSH private key. Must be set if ignoreLocalSshSettings is true and Git URI is SSH format.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.proxy=
  • HTTP proxy configuration.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.refresh-rate=0
  • Time (in seconds) between refresh of the git repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.repos=
  • Map of repository identifier to location and other properties.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.search-paths=
  • Search paths to use within local working copy. By default searches only the root.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.skip-ssl-validation=false
  • Flag to indicate that SSL certificate validation should be bypassed when communicating with a repository served over an HTTPS connection.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.strict-host-key-checking=true
  • If false, ignore errors with host key.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.timeout=5
  • Timeout (in seconds) for obtaining HTTP or SSH connection (if applicable), defaults to 5 seconds.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.try-master-branch=true
  • To maintain compatibility we will try the master branch in addition to main when we try to fetch the default branch.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.uri=
  • URI of remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.git.username=
  • Username for authentication with remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.health.down-health-status=
  • org.springframework.cloud.config.server.config.ConfigServerHealthIndicator.

    How can I configure this property?

  • spring.cloud.config.server.health.repositories=
  • org.springframework.cloud.config.server.config.ConfigServerHealthIndicator.

    How can I configure this property?

  • spring.cloud.config.server.jdbc.default-label=master
  • org.springframework.cloud.config.server.environment.JdbcEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.jdbc.enabled=true
  • Flag to indicate that JDBC environment repository configuration is enabled.

    org.springframework.cloud.config.server.environment.JdbcEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.jdbc.fail-on-error=true
  • Flag to determine how to handle query exceptions.

    org.springframework.cloud.config.server.environment.JdbcEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.jdbc.order=0
  • org.springframework.cloud.config.server.environment.JdbcEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.jdbc.sql=SELECT "KEY", "VALUE" from PROPERTIES where APPLICATION=? and PROFILE=? and LABEL=?
  • SQL used to query database for keys and values.

    org.springframework.cloud.config.server.environment.JdbcEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.jdbc.sql-without-profile=SELECT "KEY", "VALUE" from PROPERTIES where APPLICATION=? and PROFILE is null and LABEL=?
  • SQL used to query database for keys and values when profile is null.

    org.springframework.cloud.config.server.environment.JdbcEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.native.add-label-locations=true
  • Flag to determine whether label locations should be added.

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.native.default-label=master
  • org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.native.fail-on-error=false
  • Flag to determine how to handle exceptions during decryption (default false).

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.native.order=
  • org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.native.search-locations=
  • Locations to search for configuration files. Defaults to the same as a Spring Boot app so [classpath:/,classpath:/config/,file:./,file:./config/].

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.native.version=
  • Version string to be reported for native repository.

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.overrides=
  • Extra map for a property source to be sent to all clients unconditionally.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.prefix=
  • Prefix for configuration resource paths (default is empty). Useful when embedding in another application when you don't want to change the context path or servlet path.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.redis.order=
  • org.springframework.cloud.config.server.environment.RedisEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.reverse-location-order=false
  • By default the location order we use in GenericResourceRepository is the order in which they are listed. Prior to Hoxton.SR11 the order used to be reverse. If this property is set to true then we will reverse ther order like it used to be prior to Hoxton.SR11.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.strip-document-from-yaml=true
  • Flag to indicate that YAML documents that are text or collections (not a map) should be returned in "native" form.

    org.springframework.cloud.config.server.config.ConfigServerProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.basedir=
  • Base directory for local working copy of repository.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.default-label=
  • The default label to be used with the remote repository.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.order=
  • The order of the environment repository.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.passphrase=
  • Passphrase for unlocking your ssh private key.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.password=
  • Password for authentication with remote repository.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.search-paths=
  • Search paths to use within local working copy. By default searches only the root.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.strict-host-key-checking=true
  • Reject incoming SSH host keys from remote servers not in the known host list.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.uri=
  • URI of remote repository.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.svn.username=
  • Username for authentication with remote repository.

    org.springframework.cloud.config.server.environment.SvnKitEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.app-role.app-role-path=approle
  • Mount path of the AppRole authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AppRoleProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.app-role.role=
  • Name of the role, optional, used for pull-mode.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AppRoleProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.app-role.role-id=
  • The RoleId.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AppRoleProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.app-role.secret-id=
  • The SecretId.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AppRoleProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.authentication=
  • org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-ec2.aws-ec2-path=aws-ec2
  • Mount path of the AWS-EC2 authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsEc2Properties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-ec2.identity-document=http://169.254.169.254/latest/dynamic/instance-identity/pkcs7
  • URL of the AWS-EC2 PKCS7 identity document.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsEc2Properties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-ec2.nonce=
  • Nonce used for AWS-EC2 authentication. An empty nonce defaults to nonce generation.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsEc2Properties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-ec2.role=
  • Name of the role, optional.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsEc2Properties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-iam.aws-path=aws
  • Mount path of the AWS authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-iam.endpoint-uri=
  • STS server URI. @since 2.2

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-iam.role=
  • Name of the role, optional. Defaults to the friendly IAM name if not set.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.aws-iam.server-name=
  • Name of the server used to set X-Vault-AWS-IAM-Server-ID header in the headers of login requests.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AwsIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.azure-msi.azure-path=azure
  • Mount path of the Azure MSI authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AzureMsiProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.azure-msi.identity-token-service=
  • URI to the Azure MSI Identity Service.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AzureMsiProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.azure-msi.metadata-service=
  • URI to the Azure MSI Metadata Service.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AzureMsiProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.azure-msi.role=
  • Name of the role.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$AzureMsiProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.backend=secret
  • Vault backend. Defaults to secret.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.default-key=application
  • The key in vault shared by all applications. Defaults to application. Set to empty to disable.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-gce.gcp-path=gcp
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpGceProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-gce.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpGceProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-gce.service-account=
  • Optional service account id. Using the default id if left unconfigured.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpGceProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-iam.credentials.encoded-key=
  • The base64 encoded contents of an OAuth2 account private key in JSON format.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpCredentials.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-iam.credentials.location=
  • Location of the OAuth2 credentials private key.

    Since this is a Resource, the private key can be in a multitude of locations, such as a local file system, classpath, URL, etc.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpCredentials.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-iam.gcp-path=gcp
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-iam.jwt-validity=15m
  • Validity of the JWT token.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-iam.project-id=
  • Overrides the GCP project Id.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-iam.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.gcp-iam.service-account-id=
  • Overrides the GCP service account Id.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$GcpIamProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.host=127.0.0.1
  • Vault host. Defaults to 127.0.0.1.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.kubernetes.kubernetes-path=kubernetes
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$KubernetesProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.kubernetes.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$KubernetesProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
  • Path to the service account token file.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$KubernetesProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.kv-version=1
  • Value to indicate which version of Vault kv backend is used. Defaults to 1.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.namespace=
  • The value of the Vault X-Vault-Namespace header. Defaults to null. This a Vault Enterprise feature only.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.order=
  • org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.path-to-key=
  • KV2 API required "data" after "mount-path". There could be folder/path structure, where the keys/applications are grouped. This property is the path after mount-path, under which application(s) are located (appended after "data") Default value is blank, which means all grouped applications are located right under the mount-path

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.pcf.instance-certificate=
  • Path to the instance certificate (PEM). Defaults to CF_INSTANCE_CERT env variable.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$PcfProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.pcf.instance-key=
  • Path to the instance key (PEM). Defaults to CF_INSTANCE_KEY env variable.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$PcfProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.pcf.pcf-path=pcf
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$PcfProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.pcf.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$PcfProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.port=8200
  • Vault port. Defaults to 8200.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.profile-separator=,
  • Vault profile separator. Defaults to comma.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.proxy=
  • HTTP proxy configuration.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.scheme=http
  • Vault scheme. Defaults to http.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.skip-ssl-validation=false
  • Flag to indicate that SSL certificate validation should be bypassed when communicating with a repository served over an HTTPS connection.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.ssl.cert-auth-path=cert
  • Mount path of the TLS cert authentication backend.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$Ssl.

    How can I configure this property?

  • spring.cloud.config.server.vault.ssl.key-store=
  • Trust store that holds certificates and private keys.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$Ssl.

    How can I configure this property?

  • spring.cloud.config.server.vault.ssl.key-store-password=
  • Password used to access the key store.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$Ssl.

    How can I configure this property?

  • spring.cloud.config.server.vault.ssl.trust-store=
  • Trust store that holds SSL certificates.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$Ssl.

    How can I configure this property?

  • spring.cloud.config.server.vault.ssl.trust-store-password=
  • Password used to access the trust store.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties$Ssl.

    How can I configure this property?

  • spring.cloud.config.server.vault.timeout=5
  • Timeout (in seconds) for obtaining HTTP connection, defaults to 5 seconds.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.server.vault.token=
  • Static vault token. Required if #authentication is TOKEN.

    org.springframework.cloud.config.server.environment.VaultEnvironmentProperties.

    How can I configure this property?

  • spring.cloud.config.tls=
  • TLS properties.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.token=
  • Security Token passed thru to underlying environment repository.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.uri=http://localhost:8888
  • The URI of the remote server (default http://localhost:8888).

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

  • spring.cloud.config.username=
  • The username to use (HTTP Basic) when contacting the remote server.

    org.springframework.cloud.config.client.ConfigClientProperties.

    How can I configure this property?

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc.

    :information_source: Note

    When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value. The only possible exception to this rule is when naming actuator endpoints; The name of the actuator endpoints (i.e. ssoSessions) MUST remain in camelCase mode.

    Settings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.