Enterprise Single Sign-On for All

View on GitHub

WORKERS AHEAD!

You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.

To view the documentation for a specific Apereo CAS server release, please choose an appropriate version. The release schedule is available here.

Git Service Registry

This registry reads services definitions from remote or local git repositories. Service definition files are expected to be either JSON or YAML files. The contents of the repository is pulled at defined intervals and changes to service definitions are committed and pushed to the defined remotes.

Support is enabled by adding the following module into the overlay:

implementation "org.apereo.cas:cas-server-support-git-service-registry:${project.'cas.version'}"

<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-git-service-registry</artifactId>
  <version>${cas.version}</version>
</dependency>

dependencyManagement {
  imports {
    mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
  }
}

dependencies {  
  implementation "org.apereo.cas:cas-server-support-git-service-registry"
}

The following settings and properties are available from the CAS configuration catalog:

_{The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.}

cas.service-registry.git.clone-directory.location=

The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

This setting is owned by org.apereo.cas.configuration.model.SpringResourceProperties.

cas.service-registry.git.private-key.location=

The location of the resource. Resources can be URLS, or files found either on the classpath or outside somewhere in the file system.

This setting is owned by org.apereo.cas.configuration.model.SpringResourceProperties.

cas.service-registry.git.active-branch=master

The branch to checkout and activate, defaults to master.

This setting supports the Spring Expression Language.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.branches-to-clone=*

If the repository is to be cloned, this will allow a select list of branches to be fetched. List the branch names separated by commas or use * to clone all branches. Defaults to all branches.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.repository-url=

The address of the git repository. Could be a URL or a file-system path.

This setting supports the Spring Expression Language.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

_{The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.}

cas.service-registry.git.clear-existing-identities=false

When establishing an ssh session, determine if default identities loaded on the machine should be excluded/removed and identity should only be limited to those loaded from given keys.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.group-by-type=true

Determine whether service definitions in the git repository should be located/stored in groups and separate folder structures based on the service type. @see #getRootDirectory()

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.http-client-type=JDK

Implementation of HTTP client to use when doing git operations via http/https. The jgit library sets the connection factory statically (globally) so this property should be set to the same value for all git repositories (services, saml, etc). Not doing so might result in one connection factory being used for clone and another for subsequent fetches. Available values are as follows:

JDK: Built-in JDK http/https client.
HTTP_CLIENT: Apache HTTP Client http/https client.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.password=

Password used to access or push to the repository.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.private-key-passphrase=

Password for the SSH private key.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.push-changes=false

Decide whether changes should be pushed back into the remote repository.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.root-directory=

Root directory in the git repository structure to track service definition files. This might be most useful if the git repository is tasked with other types of files and configurations and allowing a separate root directory for service definitions provide a clean separation between services files and everything else. This setting may work in concert with #isGroupByType(). If left blank, the root folder of the git repository itself is used as the root directory for service definitions.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.sign-commits=false

Whether or not commits should be signed.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.ssh-session-password=

As with using SSH with public keys, an SSH session with ssh://user@example.com/repo.git must be specified to use password-secured SSH connections.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.strict-host-key-checking=true

Whether on not to turn on strict host key checking. true will be "yes", false will be "no", "ask" not supported.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.timeout=PT10S

Timeout for git operations such as push and pull in seconds.

This settings supports the java.time.Duration syntax ^[?].

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.

cas.service-registry.git.username=

Username used to access or push to the repository.

This setting is owned by org.apereo.cas.configuration.model.support.git.services.GitServiceRegistryProperties.