Some of the settings will not matter because they are for features that you have not enabled. The properties files of interest are; application, bootstrap. I should have included that in the previous email.
Ray On Thu, 2020-05-21 at 21:10 -0700, Root wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. @rbon Thanks for the reply, but these are source files, and there are many, which file to look at? *.properties.? On Thursday, May 21, 2020 at 9:45:13 PM UTC+5:30, rbon wrote: Good question. On startup, there are some log messages printed on startup. I think the default settings are here, https://github.com/apereo/cas/tree/6.1.x/webapp/cas-server-webapp-resources Ray On Wed, 2020-05-20 at 17:08 -0700, Root wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi All, As we know the default CAS comes with "casuser" and "Mellon" credentials, although it can be removed in build, I just want to summarize if there are any other default security settings like these that needs to be taken care of?, as the CAS documentation is very scattered!, it would be good if we can summarize the default loopholes here. Also I use these below dependencies, and if anyone come across such loopholes let us know. compile "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}" compile "org.apereo.cas:cas-server-support-jdbc:${project.'cas.version'}" compile "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}" compile "org.apereo.cas:cas-server-support-pm-webflow:${project.'cas.version'}" compile "org.apereo.cas:cas-server-webapp-config-server:${project.'cas.version'}" compile "org.apereo.cas:cas-server-support-pm-ldap:${project.'cas.version'}" compile "org.apereo.cas:cas-server-support-captcha:${project.'cas.version'}" -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca<javascript:> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0d10a3ff6b41e6612f861f0409e2c5e5f43279df.camel%40uvic.ca.