I have already reported this in Gitter chat but I've got no response so I'm
posting it here to be sure.
In Apereo CAS:
- It's possible to log URL as part of every message by including this to
the log pattern: %X{requestUri}. See
https://apereo.github.io/cas/5.3.x/installation/Logging.html
- The REST API contains TGT id as part of URL for requesting a service
ticket: /cas/v1/tickets/{TGT id}. See
https://apereo.github.io/cas/5.3.x/protocol/REST-Protocol.html
So as a sideeffect of calling REST API we get a lot of logs containing
something that appears to me as some secret that should be obfuscated but
it is not. I'm not involved directly in deployment of Apereo CAS and I
don't have any experience with it so I may be wrong, but I see it in the
logs and I wonder if it's OK.
František Řezáč
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1929522f-ffc8-45bb-bf12-66f737cd1165%40apereo.org.
