I have already reported this in Gitter chat but I've got no response so I'm
posting it here to be sure.
In Apereo CAS:
- It's possible to log URL as part of every message by including this to
the log pattern: %X{requestUri}. See
https://apereo.github.io/cas/5.3.x/installation/Logging.html
- The REST API contains TGT id as part of URL for requesting a service
ticket: /cas/v1/tickets/{TGT id}. See
https://apereo.github.io/cas/5.3.x/protocol/REST-Protocol.html
So as a sideeffect of calling REST API we get a lot of logs containing
something that appears to me as some secret that should be obfuscated but
it is not. I'm not involved directly in deployment of Apereo CAS and I
don't have any experience with it so I may be wrong, but I see it in the
logs and I wonder if it's OK.
František Řezáč
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1929522f-ffc8-45bb-bf12-66f737cd1165%40apereo.org.
