WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Redis Device Storage - Multifactor Authentication Trusted Device/Browser
User decisions may also be kept inside a Redis instance.
Support is provided via the following module:
1
2
3
4
5
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-trusted-mfa-redis</artifactId>
<version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-trusted-mfa-redis:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
imports {
mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
}
}
dependencies {
implementation "org.apereo.cas:cas-server-support-trusted-mfa-redis"
}
1
2
3
4
5
6
7
8
9
10
dependencies {
/*
The following platform references should be included automatically and are listed here for reference only.
implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
*/
implementation "org.apereo.cas:cas-server-support-trusted-mfa-redis"
}
The following settings and properties are available from the CAS configuration catalog:
- Required
- Optional
- Signing & Encryption
- Hibernate & JDBC
- Email Servers
- Groovy Scripting
- LDAP & Active Directory
- Authentication
- Password Encoding
- Principal Transformation
- Password Policy
- Notes
cas.authn.mfa.trusted.redis.cluster.nodes[0].host=
Server's host address.
CAS Property:
|
1 |
cas.authn.mfa.trusted.redis.cluster.nodes[0].host=... |
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
nodes[0]:
host: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.nodes[0].host="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_NODES[0]_HOST="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.nodes[0].host="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.nodes[0].port=
Server's port number.
org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.nodes[].port
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.nodes[0].port=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
nodes[0]:
port: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.nodes[0].port="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_NODES[0]_PORT="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.nodes[0].port="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.nodes[0].replica-of=
Set the id of the master node.
org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.nodes[].replica-of
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.nodes[0].replica-of=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
nodes[0]:
replica-of: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.nodes[0].replica-of="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_NODES[0]_REPLICA_OF="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.nodes[0].replica-of="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.nodes[0].type=
Indicate the type/role of this node.
Accepted values are: MASTER, REPLICA
.
org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.nodes[].type
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.nodes[0].type=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
nodes[0]:
type: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.nodes[0].type="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_NODES[0]_TYPE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.nodes[0].type="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.password=
The cluster connection's password.
org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.password
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.password=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
password: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.password="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_PASSWORD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.password="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.username=
The cluster connection's username.
org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.username
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.username=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
username: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.username="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_USERNAME="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.username="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.enabled=false
Enable the pooling configuration.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.enabled=...
1
cas:
authn:
mfa:
trusted:
redis:
pool:
enabled: "..."
1
java -Dcas.authn.mfa.trusted.redis.pool.enabled="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_ENABLED="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.enabled="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.sentinel.master=
Name of Redis server.
org.apereo.cas.configuration.model.support.redis.RedisSentinelProperties.
CAS Property: cas.authn.mfa.trusted.redis.sentinel.master
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.sentinel.master=...
1
cas:
authn:
mfa:
trusted:
redis:
sentinel:
master: "..."
1
java -Dcas.authn.mfa.trusted.redis.sentinel.master="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_SENTINEL_MASTER="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.sentinel.master="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.database=0
Database index used by the connection factory.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.database
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.database=0
1
cas:
authn:
mfa:
trusted:
redis:
database: "0"
1
java -Dcas.authn.mfa.trusted.redis.database="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_DATABASE="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.database="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.enabled=true
Whether the module is enabled or not, defaults to true.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.enabled
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.enabled=true
1
cas:
authn:
mfa:
trusted:
redis:
enabled: "true"
1
java -Dcas.authn.mfa.trusted.redis.enabled="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_ENABLED="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.enabled="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.host=localhost
Redis server host.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.host
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.host=localhost
1
cas:
authn:
mfa:
trusted:
redis:
host: "localhost"
1
java -Dcas.authn.mfa.trusted.redis.host="localhost" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_HOST="localhost"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.host="localhost"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.password=
Login password of the redis server.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.password
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.password=...
1
cas:
authn:
mfa:
trusted:
redis:
password: "..."
1
java -Dcas.authn.mfa.trusted.redis.password="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_PASSWORD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.password="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.port=6379
Redis server port.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.port
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.port=6379
1
cas:
authn:
mfa:
trusted:
redis:
port: "6379"
1
java -Dcas.authn.mfa.trusted.redis.port="6379" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_PORT="6379"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.port="6379"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.username=
Login username of the redis server.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.username
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.username=...
1
cas:
authn:
mfa:
trusted:
redis:
username: "..."
1
java -Dcas.authn.mfa.trusted.redis.username="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_USERNAME="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.username="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.adaptive-topology-refresh=false
Whether adaptive topology refreshing using all available refresh triggers should be used.
CAS Property:
|
1 |
cas.authn.mfa.trusted.redis.cluster.adaptive-topology-refresh=... |
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
adaptive-topology-refresh: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.adaptive-topology-refresh="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_ADAPTIVE_TOPOLOGY_REFRESH="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.adaptive-topology-refresh="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.dynamic-refresh-sources=true
Whether to discover and query all cluster nodes for obtaining the cluster topology. When set to false, only the initial seed nodes are used as sources for topology discovery.
org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.dynamic-refresh-sources
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.dynamic-refresh-sources=true
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
dynamic-refresh-sources: "true"
1
java -Dcas.authn.mfa.trusted.redis.cluster.dynamic-refresh-sources="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_DYNAMIC_REFRESH_SOURCES="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.dynamic-refresh-sources="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.max-redirects=0
The max number of redirects to follow.
org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.max-redirects
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.max-redirects=0
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
max-redirects: "0"
1
java -Dcas.authn.mfa.trusted.redis.cluster.max-redirects="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_MAX_REDIRECTS="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.max-redirects="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.nodes=
List of nodes available in the redis cluster.
org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.nodes
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.nodes=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
nodes: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.nodes="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_NODES="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.nodes="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.nodes[0].id=
Identifier of this node.
org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.nodes[].id
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.nodes[0].id=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
nodes[0]:
id: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.nodes[0].id="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_NODES[0]_ID="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.nodes[0].id="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.nodes[0].name=
Name of this node.
org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.nodes[].name
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.nodes[0].name=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
nodes[0]:
name: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.nodes[0].name="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_NODES[0]_NAME="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.nodes[0].name="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.cluster.topology-refresh-period=
Enables periodic refresh of cluster topology and sets the refresh period.
This settings supports the
java.time.Duration
syntax [?].
org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.
CAS Property: cas.authn.mfa.trusted.redis.cluster.topology-refresh-period
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.cluster.topology-refresh-period=...
1
cas:
authn:
mfa:
trusted:
redis:
cluster:
topology-refresh-period: "..."
1
java -Dcas.authn.mfa.trusted.redis.cluster.topology-refresh-period="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CLUSTER_TOPOLOGY_REFRESH_PERIOD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.cluster.topology-refresh-period="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.fairness=false
Returns whether or not the pool serves threads waiting to borrow objects fairly. True means that waiting threads are served as if waiting in a FIFO queue.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.fairness
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.fairness=...
1
cas:
authn:
mfa:
trusted:
redis:
pool:
fairness: "..."
1
java -Dcas.authn.mfa.trusted.redis.pool.fairness="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_FAIRNESS="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.fairness="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.lifo=true
Returns whether the pool has LIFO (last in, first out) behaviour with respect to idle objects - always returning the most recently used object from the pool, or as a FIFO (first in, first out) queue, where the pool always returns the oldest object in the idle object pool.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.lifo
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.lifo=true
1
cas:
authn:
mfa:
trusted:
redis:
pool:
lifo: "true"
1
java -Dcas.authn.mfa.trusted.redis.pool.lifo="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_LIFO="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.lifo="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.max-active=8
Max number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.max-active
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.max-active=8
1
cas:
authn:
mfa:
trusted:
redis:
pool:
max-active: "8"
1
java -Dcas.authn.mfa.trusted.redis.pool.max-active="8" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_MAX_ACTIVE="8"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.max-active="8"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.max-idle=8
Max number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.max-idle
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.max-idle=8
1
cas:
authn:
mfa:
trusted:
redis:
pool:
max-idle: "8"
1
java -Dcas.authn.mfa.trusted.redis.pool.max-idle="8" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_MAX_IDLE="8"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.max-idle="8"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.max-wait=PT5S
Maximum amount of time (in milliseconds) a connection allocation should block before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.
This settings supports the
java.time.Duration
syntax [?].
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.max-wait
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.max-wait=PT5S
1
cas:
authn:
mfa:
trusted:
redis:
pool:
max-wait: "PT5S"
1
java -Dcas.authn.mfa.trusted.redis.pool.max-wait="PT5S" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_MAX_WAIT="PT5S"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.max-wait="PT5S"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.min-evictable-idle-time-millis=0
Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)). When non-positive, no objects will be evicted from the pool due to idle time alone.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.min-evictable-idle-time-millis
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.min-evictable-idle-time-millis=0
1
cas:
authn:
mfa:
trusted:
redis:
pool:
min-evictable-idle-time-millis: "0"
1
java -Dcas.authn.mfa.trusted.redis.pool.min-evictable-idle-time-millis="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_MIN_EVICTABLE_IDLE_TIME_MILLIS="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.min-evictable-idle-time-millis="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.min-idle=0
Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.min-idle
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.min-idle=0
1
cas:
authn:
mfa:
trusted:
redis:
pool:
min-idle: "0"
1
java -Dcas.authn.mfa.trusted.redis.pool.min-idle="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_MIN_IDLE="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.min-idle="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.num-tests-per-eviction-run=0
Sets the maximum number of objects to examine during each run (if any) of the idle object evictor thread. When positive, the number of tests performed for a run will be the minimum of the configured value and the number of idle instances in the pool. When negative, the number of tests performed will be ceil(getNumIdle()/ abs(getNumTestsPerEvictionRun())) which means that when the value is -n roughly one nth of the idle objects will be tested per run.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.num-tests-per-eviction-run
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.num-tests-per-eviction-run=0
1
cas:
authn:
mfa:
trusted:
redis:
pool:
num-tests-per-eviction-run: "0"
1
java -Dcas.authn.mfa.trusted.redis.pool.num-tests-per-eviction-run="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_NUM_TESTS_PER_EVICTION_RUN="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.num-tests-per-eviction-run="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.soft-min-evictable-idle-time-millis=0
Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)), with the extra condition that at least minIdle object instances remain in the pool. This setting is overridden by getMinEvictableIdleTimeMillis() (that is, if getMinEvictableIdleTimeMillis() is positive, then getSoftMinEvictableIdleTimeMillis() is ignored).
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.soft-min-evictable-idle-time-millis
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.soft-min-evictable-idle-time-millis=0
1
cas:
authn:
mfa:
trusted:
redis:
pool:
soft-min-evictable-idle-time-millis: "0"
1
java -Dcas.authn.mfa.trusted.redis.pool.soft-min-evictable-idle-time-millis="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_SOFT_MIN_EVICTABLE_IDLE_TIME_MILLIS="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.soft-min-evictable-idle-time-millis="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.test-on-borrow=false
Returns whether objects borrowed from the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed, and a new attempt will be made to borrow an object from the pool.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.test-on-borrow
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.test-on-borrow=...
1
cas:
authn:
mfa:
trusted:
redis:
pool:
test-on-borrow: "..."
1
java -Dcas.authn.mfa.trusted.redis.pool.test-on-borrow="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_TEST_ON_BORROW="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.test-on-borrow="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.test-on-create=false
Returns whether objects created for the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, then borrowObject() will fail.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.test-on-create
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.test-on-create=...
1
cas:
authn:
mfa:
trusted:
redis:
pool:
test-on-create: "..."
1
java -Dcas.authn.mfa.trusted.redis.pool.test-on-create="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_TEST_ON_CREATE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.test-on-create="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.test-on-return=false
Returns whether objects borrowed from the pool will be validated when they are returned to the pool via the returnObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. Returning objects that fail validation are destroyed rather then being returned the pool.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.test-on-return
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.test-on-return=...
1
cas:
authn:
mfa:
trusted:
redis:
pool:
test-on-return: "..."
1
java -Dcas.authn.mfa.trusted.redis.pool.test-on-return="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_TEST_ON_RETURN="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.test-on-return="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.pool.test-while-idle=false
Returns whether objects sitting idle in the pool will be validated by the idle object evictor ( if any - see setTimeBetweenEvictionRunsMillis(long)). Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed.
org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.
CAS Property: cas.authn.mfa.trusted.redis.pool.test-while-idle
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.pool.test-while-idle=...
1
cas:
authn:
mfa:
trusted:
redis:
pool:
test-while-idle: "..."
1
java -Dcas.authn.mfa.trusted.redis.pool.test-while-idle="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_POOL_TEST_WHILE_IDLE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.pool.test-while-idle="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.sentinel.node=
list of host:port pairs.
org.apereo.cas.configuration.model.support.redis.RedisSentinelProperties.
CAS Property: cas.authn.mfa.trusted.redis.sentinel.node
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.sentinel.node=...
1
cas:
authn:
mfa:
trusted:
redis:
sentinel:
node: "..."
1
java -Dcas.authn.mfa.trusted.redis.sentinel.node="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_SENTINEL_NODE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.sentinel.node="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.sentinel.password=
Login password of the sentinel server.
org.apereo.cas.configuration.model.support.redis.RedisSentinelProperties.
CAS Property: cas.authn.mfa.trusted.redis.sentinel.password
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.sentinel.password=...
1
cas:
authn:
mfa:
trusted:
redis:
sentinel:
password: "..."
1
java -Dcas.authn.mfa.trusted.redis.sentinel.password="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_SENTINEL_PASSWORD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.sentinel.password="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.certificate-file=
May be used when making SSL connections to build the trust manager. Sets the certificate file to use for client authentication. This is typically an X.509
certificate file (or chain file) in PEM format.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.certificate-file
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.certificate-file=...
1
cas:
authn:
mfa:
trusted:
redis:
certificate-file: "..."
1
java -Dcas.authn.mfa.trusted.redis.certificate-file="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CERTIFICATE_FILE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.certificate-file="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.connect-timeout=PT10S
Connection timeout.
This settings supports the
java.time.Duration
syntax [?].
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.connect-timeout
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.connect-timeout=PT10S
1
cas:
authn:
mfa:
trusted:
redis:
connect-timeout: "PT10S"
1
java -Dcas.authn.mfa.trusted.redis.connect-timeout="PT10S" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_CONNECT_TIMEOUT="PT10S"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.connect-timeout="PT10S"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.key-certificate-chain-file=
May be used when making SSL connections to build the key manager. Sets the key certificate file to use for client authentication. This is typically an X.509
certificate file (or chain file) in PEM format.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.key-certificate-chain-file
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.key-certificate-chain-file=...
1
cas:
authn:
mfa:
trusted:
redis:
key-certificate-chain-file: "..."
1
java -Dcas.authn.mfa.trusted.redis.key-certificate-chain-file="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_KEY_CERTIFICATE_CHAIN_FILE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.key-certificate-chain-file="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.key-file=
May be used when making SSL connections. Sets the key file for client authentication. The key is reloaded on each connection attempt that allows to replace certificates during runtime. This is typically a PKCS#8
private key file in PEM format.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.key-file
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.key-file=...
1
cas:
authn:
mfa:
trusted:
redis:
key-file: "..."
1
java -Dcas.authn.mfa.trusted.redis.key-file="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_KEY_FILE="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.key-file="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.key-password=
The password of the #keyFile
, or null
if it's not password-protected.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.key-password
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.key-password=...
1
cas:
authn:
mfa:
trusted:
redis:
key-password: "..."
1
java -Dcas.authn.mfa.trusted.redis.key-password="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_KEY_PASSWORD="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.key-password="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.protocol-version=RESP3
Redis protocol version.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.protocol-version
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.protocol-version=RESP3
1
cas:
authn:
mfa:
trusted:
redis:
protocol-version: "RESP3"
1
java -Dcas.authn.mfa.trusted.redis.protocol-version="RESP3" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_PROTOCOL_VERSION="RESP3"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.protocol-version="RESP3"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.read-from=
Setting that describes how Lettuce routes read operations to replica nodes. Note that modes referencing MASTER/SLAVE are deprecated (but still supported) in the Lettuce redis client dependency so migrate config to UPSTREAM/REPLICA. Available values are as follows:
-
UPSTREAM
: Read from the current upstream node. -
UPSTREAMPREFERRED
: Read from the upstream node, but if it is unavailable, read from replica nodes. -
MASTER
: Read from the current upstream node. -
MASTERPREFERRED
: Read from the upstream node, but if it is unavailable, read from replica nodes. -
SLAVE
: Read from replica nodes. -
SLAVEPREFERRED
: Read from the replica nodes, but if none is unavailable, read from the upstream node. -
REPLICA
: Read from replica nodes. -
REPLICAPREFERRED
: Read from the replica nodes, but if none is unavailable, read from the upstream node. -
ANY
: Read from any node of the cluster. -
ANYREPLICA
: Read from any replica node of the cluster. -
NEAREST
: Read from the nearest node.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.read-from
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.read-from=...
1
cas:
authn:
mfa:
trusted:
redis:
read-from: "..."
1
java -Dcas.authn.mfa.trusted.redis.read-from="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_READ_FROM="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.read-from="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.scan-count=0
Redis scan count option. When and if specified, SCAN operations would be "counted" or limited by this setting. While SCAN does not provide guarantees about the number of elements returned at every iteration, it is possible to empirically adjust the behavior of SCAN using the COUNT option. Basically with COUNT the user specified the amount of work that should be done at every call in order to retrieve elements from the collection. This is just a hint for the implementation, however generally speaking this is what you could expect most of the times from the implementation.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.scan-count
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.scan-count=0
1
cas:
authn:
mfa:
trusted:
redis:
scan-count: "0"
1
java -Dcas.authn.mfa.trusted.redis.scan-count="0" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_SCAN_COUNT="0"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.scan-count="0"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.share-native-connections=
The shared native connection is never closed by Lettuce connection, therefore it is not validated by default when connections are retrieved. If this setting is true
, a shared connection will be used for regular operations and a connection provider will be used to select a connection for blocking and tx operations only, which should not share a connection. If native connection sharing is disabled, new (or pooled) connections will be used for all operations. By default, multiple connections share a single thread-safe native connection. If you enable connection pooling, then native connection sharing will be disabled and the connection pool will be used for all operations. You may however explicitly control connection sharing via this setting as an override.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.share-native-connections
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.share-native-connections=...
1
cas:
authn:
mfa:
trusted:
redis:
share-native-connections: "..."
1
java -Dcas.authn.mfa.trusted.redis.share-native-connections="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_SHARE_NATIVE_CONNECTIONS="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.share-native-connections="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.start-tls=false
Start mutual TLS. In order to support TLS, Redis should be configured with a X.509 certificate and a private key. In addition, it is necessary to specify a CA certificate bundle file or path to be used as a trusted root when validating certificates.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.start-tls
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.start-tls=...
1
cas:
authn:
mfa:
trusted:
redis:
start-tls: "..."
1
java -Dcas.authn.mfa.trusted.redis.start-tls="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_START_TLS="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.start-tls="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.timeout=PT60S
Command timeout.
This settings supports the
java.time.Duration
syntax [?].
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.timeout
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.timeout=PT60S
1
cas:
authn:
mfa:
trusted:
redis:
timeout: "PT60S"
1
java -Dcas.authn.mfa.trusted.redis.timeout="PT60S" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_TIMEOUT="PT60S"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.timeout="PT60S"
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.uri=
Database URI.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.uri
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.uri=...
1
cas:
authn:
mfa:
trusted:
redis:
uri: "..."
1
java -Dcas.authn.mfa.trusted.redis.uri="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_URI="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.uri="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.use-ssl=false
Whether or not to use SSL for connection factory.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.use-ssl
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.use-ssl=...
1
cas:
authn:
mfa:
trusted:
redis:
use-ssl: "..."
1
java -Dcas.authn.mfa.trusted.redis.use-ssl="..." -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_USE_SSL="..."
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.use-ssl="..."
cas.war
with an embedded server container and can be found in the build/libs
directory.
cas.authn.mfa.trusted.redis.verify-peer=true
Control how peer verification is handled with redis connections. Peer verification is a security feature that checks if the host you're connecting to is who it says it is. This is often done by checking a digital certificate.
org.apereo.cas.configuration.model.support.mfa.trusteddevice.RedisTrustedDevicesMultifactorProperties.
CAS Property: cas.authn.mfa.trusted.redis.verify-peer
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
.properties
files:
1
cas.authn.mfa.trusted.redis.verify-peer=true
1
cas:
authn:
mfa:
trusted:
redis:
verify-peer: "true"
1
java -Dcas.authn.mfa.trusted.redis.verify-peer="true" -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory. Note the placement of the system property which must be
specified before the CAS web application is launched.
1
2
3
export CAS_AUTHN_MFA_TRUSTED_REDIS_VERIFY_PEER="true"
java -jar build/libs/cas.war
cas.war
with an embedded server container and can be found in the build/libs
directory.
1
java -jar build/libs/cas.war --cas.authn.mfa.trusted.redis.verify-peer="true"
cas.war
with an embedded server container and can be found in the build/libs
directory.
Configuration Metadata
The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.
Be Selective
This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.
YAGNI
Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.
Naming Convention
Property names can be specified in very relaxed terms. For instance cas.someProperty
, cas.some-property
, cas.some_property
are all valid names. While all
forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where
this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those
that might be presented to the system via an external library or framework such as Spring Boot, etc.
When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value
.
The only possible exception to this rule is when naming actuator endpoints; The name of the
actuator endpoints (i.e. ssoSessions
) MUST remain in camelCase mode.
Settings and properties that are controlled by the CAS platform directly always begin with the prefix cas
. All other settings are controlled and provided
to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with
the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition
or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the
way you intend.
Validation
Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.
Indexed Settings
CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value
. The index [0]
is meant to be
incremented by the adopter to allow for distinct multiple configuration blocks.