Redis Ticket Registry

Redis integration is enabled by including the following dependency in the WAR overlay:

1
2
3
4
5
<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-support-redis-ticket-registry</artifactId>
  <version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-redis-ticket-registry:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
  imports {
    mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
  }
}

dependencies {  
  implementation "org.apereo.cas:cas-server-support-redis-ticket-registry"
}

This registry stores tickets in one or more Redis instances. CAS presents and uses Redis as a key/value store that accepts String keys and CAS ticket objects as values. The key is started with CAS_TICKET:.

The Redis ticket registry supports Redis Sentinel, which provides high availability for Redis. In practical terms this means that using Sentinel you can create a Redis deployment that resists without human intervention to certain kind of failures. Redis Sentinel also provides other collateral tasks such as monitoring, notifications and acts as a configuration provider for clients.

Configuration

The following settings and properties are available from the CAS configuration catalog:

The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.ticket.registry.redis.crypto.encryption.key=
  • The encryption key. The encryption key by default and unless specified otherwise must be randomly-generated string whose length is defined by the encryption key size setting.

    org.apereo.cas.configuration.model.core.util.EncryptionRandomizedCryptoProperties.

  • cas.ticket.registry.redis.crypto.signing.key=
  • The signing key is a JWT whose length is defined by the signing key size setting.

    org.apereo.cas.configuration.model.core.util.SigningJwtCryptoProperties.

  • cas.ticket.registry.redis.cluster.nodes[0].host=
  • Server's host address.

    org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.

  • cas.ticket.registry.redis.cluster.nodes[0].port=
  • Server's port number.

    org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.

  • cas.ticket.registry.redis.cluster.nodes[0].replica-of=
  • Set the id of the master node.

    org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.

  • cas.ticket.registry.redis.cluster.nodes[0].type=
  • Indicate the type/role of this node. Accepted values are: MASTER, SLAVE.

    org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.

  • cas.ticket.registry.redis.cluster.password=
  • The cluster connection's password.

    org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.

  • cas.ticket.registry.redis.pool.enabled=false
  • Enable the pooling configuration.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.sentinel.master=
  • Name of Redis server.

    org.apereo.cas.configuration.model.support.redis.RedisSentinelProperties.

  • cas.ticket.registry.redis.database=0
  • Database index used by the connection factory.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.enabled=true
  • Whether the module is enabled or not, defaults to true.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.host=localhost
  • Redis server host.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.password=
  • Login password of the redis server.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.port=6379
  • Redis server port.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value. You should only include this field in your configuration if you need to modify the default value.

  • cas.ticket.registry.redis.cache.cache-size=10000
  • This cache size specifies the maximum number of entries the cache may contain. Note that the cache may evict an entry before this limit is exceeded or temporarily exceed the threshold while evicting. As the cache size grows close to the maximum, the cache evicts entries that are less likely to be used again. For example, the cache may evict an entry because it hasn't been used recently or very often. Note: to disable the cache, you may choose a cache size of 0.

    org.apereo.cas.configuration.model.core.cache.SimpleCacheProperties.

  • cas.ticket.registry.redis.cache.initial-capacity=1000
  • This cache capacity sets the minimum total size for the internal data structures. Providing a large enough estimate at construction time avoids the need for expensive resizing operations later, but setting this value unnecessarily high wastes memory.

    org.apereo.cas.configuration.model.core.cache.SimpleCacheProperties.

  • cas.ticket.registry.redis.crypto.alg=AES
  • The signing/encryption algorithm to use.

    org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties.

  • cas.ticket.registry.redis.crypto.enabled=true
  • Whether crypto operations are enabled.

    org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties.

  • cas.ticket.registry.redis.crypto.encryption.key-size=16
  • Encryption key size.

    org.apereo.cas.configuration.model.core.util.EncryptionRandomizedCryptoProperties.

  • cas.ticket.registry.redis.crypto.signing.key-size=512
  • The signing key size.

    org.apereo.cas.configuration.model.core.util.SigningJwtCryptoProperties.

  • cas.ticket.registry.redis.cluster.adaptive-topology-refresh=false
  • Whether adaptive topology refreshing using all available refresh triggers should be used.

    org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.

  • cas.ticket.registry.redis.cluster.dynamic-refresh-sources=true
  • Whether to discover and query all cluster nodes for obtaining the cluster topology. When set to false, only the initial seed nodes are used as sources for topology discovery.

    org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.

  • cas.ticket.registry.redis.cluster.max-redirects=0
  • The max number of redirects to follow.

    org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.

  • cas.ticket.registry.redis.cluster.nodes=
  • List of nodes available in the redis cluster.

    org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.

  • cas.ticket.registry.redis.cluster.nodes[0].id=
  • Identifier of this node.

    org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.

  • cas.ticket.registry.redis.cluster.nodes[0].name=
  • Name of this node.

    org.apereo.cas.configuration.model.support.redis.RedisClusterNodeProperties.

  • cas.ticket.registry.redis.cluster.topology-refresh-period=
  • Enables periodic refresh of cluster topology and sets the refresh period.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.support.redis.RedisClusterProperties.

  • cas.ticket.registry.redis.pool.fairness=false
  • Returns whether or not the pool serves threads waiting to borrow objects fairly. True means that waiting threads are served as if waiting in a FIFO queue.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.lifo=true
  • Returns whether the pool has LIFO (last in, first out) behaviour with respect to idle objects - always returning the most recently used object from the pool, or as a FIFO (first in, first out) queue, where the pool always returns the oldest object in the idle object pool.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.max-active=8
  • Max number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.max-idle=8
  • Max number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.max-wait=-1
  • Maximum amount of time (in milliseconds) a connection allocation should block before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.min-evictable-idle-time-millis=0
  • Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)). When non-positive, no objects will be evicted from the pool due to idle time alone.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.min-idle=0
  • Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.num-tests-per-eviction-run=0
  • Sets the maximum number of objects to examine during each run (if any) of the idle object evictor thread. When positive, the number of tests performed for a run will be the minimum of the configured value and the number of idle instances in the pool. When negative, the number of tests performed will be ceil(getNumIdle()/ abs(getNumTestsPerEvictionRun())) which means that when the value is -n roughly one nth of the idle objects will be tested per run.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.soft-min-evictable-idle-time-millis=0
  • Sets the minimum amount of time an object may sit idle in the pool before it is eligible for eviction by the idle object evictor (if any - see setTimeBetweenEvictionRunsMillis(long)), with the extra condition that at least minIdle object instances remain in the pool. This setting is overridden by getMinEvictableIdleTimeMillis() (that is, if getMinEvictableIdleTimeMillis() is positive, then getSoftMinEvictableIdleTimeMillis() is ignored).

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.test-on-borrow=false
  • Returns whether objects borrowed from the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed, and a new attempt will be made to borrow an object from the pool.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.test-on-create=false
  • Returns whether objects created for the pool will be validated before being returned from the borrowObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, then borrowObject() will fail.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.test-on-return=false
  • Returns whether objects borrowed from the pool will be validated when they are returned to the pool via the returnObject() method. Validation is performed by the validateObject() method of the factory associated with the pool. Returning objects that fail validation are destroyed rather then being returned the pool.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.pool.test-while-idle=false
  • Returns whether objects sitting idle in the pool will be validated by the idle object evictor ( if any - see setTimeBetweenEvictionRunsMillis(long)). Validation is performed by the validateObject() method of the factory associated with the pool. If the object fails to validate, it will be removed from the pool and destroyed.

    org.apereo.cas.configuration.model.support.redis.RedisPoolProperties.

  • cas.ticket.registry.redis.sentinel.node=
  • list of host:port pairs.

    org.apereo.cas.configuration.model.support.redis.RedisSentinelProperties.

  • cas.ticket.registry.redis.connect-timeout=PT10S
  • Connection timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.protocol-version=RESP3
  • Redis protocol version.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.queue-identifier=
  • Identifier for this CAS server node that tags the sender/receiver in the queue and avoid processing of inbound calls. If left blank, an identifier is generated automatically and kept in memory.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.read-from=
  • Setting that describes how Lettuce routes read operations to replica nodes. Note that modes referencing MASTER/SLAVE are deprecated (but still supported) in the Lettuce redis client dependency so migrate config to UPSTREAM/REPLICA. Available values are as follows:

    • UPSTREAM: Read from the current upstream node.
    • UPSTREAMPREFERRED: Read from the upstream node, but if it is unavailable, read from replica nodes.
    • MASTER: Read from the current upstream node.
    • MASTERPREFERRED: Read from the upstream node, but if it is unavailable, read from replica nodes.
    • SLAVE: Read from replica nodes.
    • SLAVEPREFERRED: Read from the replica nodes, but if none is unavailable, read from the upstream node.
    • REPLICA: Read from replica nodes.
    • REPLICAPREFERRED: Read from the replica nodes, but if none is unavailable, read from the upstream node.
    • ANY: Read from any node of the cluster.
    • ANYREPLICA: Read from any replica node of the cluster.
    • NEAREST: Read from the nearest node.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.scan-count=0
  • Redis scan count option. When and if specified, SCAN operations would be "counted" or limited by this serting. While SCAN does not provide guarantees about the number of elements returned at every iteration, it is possible to empirically adjust the behavior of SCAN using the COUNT option. Basically with COUNT the user specified the amount of work that should be done at every call in order to retrieve elements from the collection. This is just a hint for the implementation, however generally speaking this is what you could expect most of the times from the implementation.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.timeout=PT60S
  • Command timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.

  • cas.ticket.registry.redis.use-ssl=false
  • Whether or not to use SSL for connection factory.

    org.apereo.cas.configuration.model.support.redis.RedisTicketRegistryProperties.