I have already reported this in Gitter chat but I've got no response so I'm posting it here to be sure.
In Apereo CAS: - It's possible to log URL as part of every message by including this to the log pattern: %X{requestUri}. See https://apereo.github.io/cas/5.3.x/installation/Logging.html - The REST API contains TGT id as part of URL for requesting a service ticket: /cas/v1/tickets/{TGT id}. See https://apereo.github.io/cas/5.3.x/protocol/REST-Protocol.html So as a sideeffect of calling REST API we get a lot of logs containing something that appears to me as some secret that should be obfuscated but it is not. I'm not involved directly in deployment of Apereo CAS and I don't have any experience with it so I may be wrong, but I see it in the logs and I wonder if it's OK. František Řezáč -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1929522f-ffc8-45bb-bf12-66f737cd1165%40apereo.org.