WORKERS AHEAD!

You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.

Ticket Registry Replication Encryption

The following ticket registries are able to support secure ticket replication by encrypting and signing tickets:

Hazelcast
Ignite
Redis
MongoDb

Default Behavior

Encryption by default is turned off when you use the above ticket registries. It requires explicit configuration before it can be used.

Configuration

Each ticket registry configuration supports a cipher component that needs to be configured by the deployer. The settings, algorithms and secret keys used for the cipher may be controlled via CAS settings. Refer to the settings allotted for each registry to learn more about ticket encryption.

Additionally, Ignite may be configured to use TLS for replication transport.