Most of the configuration is the same. The authn servers have the actuators turned off (only one on is health). Palantir server has access to the same ldap user and service registries, and hazelcast ticket store on the authn servers but does not participate in the cluster. We do not use Palantir for memory / resource use; that is covered by other tooling that is used throughout our data centre.
The different configurations are handled by the Jenkins job. Ray ________________________________ From: [email protected] <[email protected]> on behalf of AJ <[email protected]> Sent: February 27, 2026 09:47 To: [email protected] <[email protected]> Subject: Re: [cas-user] Palantir is unavailable? Ray, Sorry, this is old, but I am just getting around to playing with this in 8.0. How would you do a separate instance for just palantir? How would it read the data on the production instance if it was two war files? ________________________________ From: [email protected] <[email protected]> on behalf of Ray Bon <[email protected]> Sent: Wednesday, August 20, 2025 10:41 AM To: [email protected] <[email protected]> Subject: Re: [cas-user] Palantir is unavailable? You would need to separate auth and palantir so only one gets the custom ui; in other words, two war files, each with their own config. Ray ________________________________ From: 'Andrew Tillinghast' via CAS Community <[email protected]> Sent: August 20, 2025 06:07 To: [email protected] <[email protected]> Subject: Re: [cas-user] Palantir is unavailable? Can we separate the UI for Palantir from the rest of CAS if it is a problem with our UI? On Tue, Aug 19, 2025 at 10:20 PM Ray Bon <[email protected]<mailto:[email protected]>> wrote: Andrew, If you have any UI customizations, comment them out or remove them while setting up palantir. Our UI caused palantir to behave weird. Check the mappings actuator and try all the GETs to be sure they are accessible. Try adding these to build.gradle: implementation "org.apereo.cas:cas-server-support-metrics" implementation "org.apereo.cas:cas-server-core-monitor" And any at the bottom of this page that you use, https://apereo.github.io/cas/7.2.x/monitoring/Configuring-Monitoring.html Ray ________________________________ From: 'Andrew Tillinghast' via CAS Community <[email protected]<mailto:[email protected]>> Sent: August 19, 2025 11:12 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Subject: Re: [cas-user] Palantir is unavailable? Thank you, that made progress. We're able to open Palantir and view/edit services but we can't get to any of the other tabs. Clicking them and nothing happens. The only error in the logs appears to be related to the first tab attempting to load OIDC services, which we don't have enabled. On Tue, Aug 19, 2025 at 12:01 PM Ray Bon <[email protected]<mailto:[email protected]>> wrote: Start with these settings: management.endpoints.web.exposure.include=* management.endpoints.access.default=UNRESTRICTED cas.monitor.endpoints.endpoint.defaults.access=PERMIT These settings will allow you to access actuator endpoints (list below). Then verify that palantir is working as expected. Then change to cas.monitor.endpoints.endpoint.defaults.access=AUTHENTICATED I tried using a list of endpoints, but after adding in more than half, palantir still was not working; and since there was no guarantee that the list below was complete, I went with '*'. For our use case, palantir will be used for service management. We have other systems in place for monitoring performance etc. We have one server with restricted access for palantir, kept seperate from our authentication servers. On authentication servers, only health endpoint available. Ray Here is a list of endpoints I exctracted from actuator/mappings (this actuator will show all of cas enpoints based on config - I think): #attributeDefinitions #auditevents #auditLog #authenticationHandlers #authenticationPolicies #beans #caches #casConfig #casFeatures #casModules #casValidate #conditions #configprops #duoAccountStatus #duoAdmin #duoPing #env #events #features #health #heapdump #httpexchanges #info #integrationgraph #jwtTicketSigningPublicKey #loggers #loggingConfig #mappings #metrics #mfaDevices #multitenancy #oauthTokens #oidcJwks #passwordManagement #personDirectory #quartz #refresh #registeredServices #releaseAttributes #resolveAttributes #samlIdPRegisteredServiceMetadataCache #samlPostProfileResponse #samlValidate #sbom #scheduledtasks #serviceAccess #springWebflow #sso #ssoSessions #statistics #threaddump #throttles #ticketExpirationPolicies #ticketRegistry ________________________________ From: 'atilling' via CAS Community <[email protected]<mailto:[email protected]>> Sent: August 18, 2025 09:10 To: CAS Community <[email protected]<mailto:[email protected]>> Subject: [cas-user] Palantir is unavailable? Trying to use Palantir in CAS 7.2.5 and getting an error Palantir is unavailable! Palantir requires a number of actuator endpoints to be enabled and exposed, and your CAS deployment fails to do so. There is no indication what endpoints aren't enabled in cas.properties I have the follwoing properties and spring user settings management.endpoints.web.exposure.include=*management.endpoint.health.show-details=always cas.monitor.endpoints.endpoint.defaults.access=AUTHENTICATED cas.monitor.endpoints.endpoint.samlIdPRegisteredServiceMetadataCache.access=AUTHENTICATED -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6c8b17b-7dca-4ab0-9b0f-f49e2d0c51b8n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6c8b17b-7dca-4ab0-9b0f-f49e2d0c51b8n%40apereo.org?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008188CCBD50B24DC25ED6C4CE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM<https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008188CCBD50B24DC25ED6C4CE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>. -- [http://www.conncoll.edu/media/website-media/is/images/ETS-logo.png] Andrew Tillinghast Sr. Tech Lead Identity and Access Management [email protected]<mailto:[email protected]> 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-2727 Fax: 860 439-2871 P Think before you print CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DFxGKzEdtrZ2TH0DjdqfhaATmGE3aMrr6qXFP9tYutQQ%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DFxGKzEdtrZ2TH0DjdqfhaATmGE3aMrr6qXFP9tYutQQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081DC824BF5A19A04AA344BCE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM<https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081DC824BF5A19A04AA344BCE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>. -- [http://www.conncoll.edu/media/website-media/is/images/ETS-logo.png] Andrew Tillinghast Sr. Tech Lead Identity and Access Management [email protected]<mailto:[email protected]> 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-2727 Fax: 860 439-2871 P Think before you print CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DQa1O2yt80dNkRV55rqJ5Conh4-F_fpkfWezts6T8OwQ%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DQa1O2yt80dNkRV55rqJ5Conh4-F_fpkfWezts6T8OwQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081BDF16E26A0AECA022BB6CE33A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM<https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081BDF16E26A0AECA022BB6CE33A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/MN6PR18MB5466728A409AE859138FDF34DB73A%40MN6PR18MB5466.namprd18.prod.outlook.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/MN6PR18MB5466728A409AE859138FDF34DB73A%40MN6PR18MB5466.namprd18.prod.outlook.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008149DA146C7C23FB935D60CE73A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
