config.sample.properties

# Directory of Tomcat webapps
deploy.dir=/home/cas/webapps/cas
management.deploy.dir=/home/cas/webapps/cas-management

# Server protocol (Always use https on production)
server.protocol=http
# server host (auth.univ.fr)
server.host=localhost
# The port (empty or must start with :)
server.port=:8080
# Server context (/cas or empty)
server.uri=/cas
# Unic server id (default is server host) 
server.id=${server.host}

# Server Management context (default is /cas-management)
management.server.uri=/cas-management

# Default CAS theme name (default are theme=esup-theme and views=default)
theme=esup-theme
views=default

# Default CAS locale/language (default is fr)
default.locale=fr

# Directory of log files
log.dir=${catalina.base}/logs
			
# Handler to use (cf cas\WEB-INF\*.auth.xml to find id)
# - ldapFastBindHandler : make a fast bind in ldap (AD or direct bind configuration)
# - ldapFullBindHandler : make a search after a bind with find dn (OpenLdap or anonymous configuration)
# - fileEncAuthHandler : use a flat encoded file
# - filePlainAuthHandler : use a flat plaintext file
#authHandlers=fileEncAuthHandler
# IF USE ldapFullBindHandler
authHandlers=fileEncAuthHandler,ldapFullBindHandler

#authResolvers=primaryPrincipalResolver
# IF USE ldapFullBindHandler
authResolvers=primaryPrincipalResolver,ldapPrincipalResolver
defaultResolver=primaryPrincipalResolver


# CAS admin login User (service management)
adminuser=admin


# IF USE ldapFastBindHandler or ldapFullBindHandler (format du type : ldap://ldap1.univ.fr:389)
ldap.hosts=ldap://ldap1.univ.fr:389
# LDAP connection timeout in milliseconds
ldap.connect.timeout=3000


## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
## Uncomment sslConfig in ldap-auth.xml
ldap.sslConfig=certificateTrust
# Whether SSL should be used directly (default is false ; use TLS instead of SSL) 
ldap.ssl=false
# Whether StartTLS should be used after connecting with LDAP alone (default is true)
ldap.useStartTLS=false
## If using certificateTrust above, set to the trusted certificate's path
# SSL certificate of LDAP directory to trust
ldap.cert=file:/etc/pki/tls/certs/ldapCert.pem
## If using keyStoreTrust above, set to the truststore path, type (JKS) and password (changeit)
ldap.keyStore=file:/usr/local/certificates/keystore.jks
ldap.keyStoreType=JKS
ldap.keyStorePassword=changeit

# IF USE LdapFastBindHandler or ldapFullBindHandler 
# Directory attribute, e.g. userPrincipalName, for the NetID (for example AD : sAMAccountName ; anonymous, direct bind : uid or mail )
ldap.userPrincipalName=uid

# IF USE LdapUsername (default is anonymous : LdapAnonymous)
# Uncomment bindConnectionInitializer in ldap-auth.xml
ldap.userDn=uid=USER,ou=Machines,dc=univ,dc=fr
ldap.bindPasswd=PASSWORD

# Base DN of users to be authenticated
ldap.baseDn=ou=people,dc=univ,dc=fr

# IF USE ldapFastBindHandler
# AD %s@domain.univ.fr
# Direct bind uid=%s,${ldap.basedn}
ldap.fastbind-exp=uid=%s@domain.univ.fr

# IF USE ldapFullBindHandler
#ldap.fullbind.filter=(&(uid={user})(!(pwdReset=TRUE)))
ldap.fullbind.filter=uid={user}

# IF USE Attribute Search (with SAML 1.1 or CAS 3.0 protocols)
ldap.searchFilter=uid={0}

# IF USE fileEncAuthHandler or filePlainAuthHandler
# changer le contenu du fichier passfile.location !
passfile.location=classpath:/../usersFile

# IF USE fileEncAuthHandler SHA-1, SHA-256, MD5
# vous pouvez générez des hash
# cd cas-toolbox-core
# mvn compile exec:java
# ask password and generate hash
passfile.encode-algo=SHA-256


# Tickets expiration
expiration.serviceTicketUsable=1
expiration.serviceTicketExpiration=10000
expiration.grantingTicket=7200000

# CAS cookie domain (default is server host)
cookieDomain=${server.host}


# IF USE ESUP stats
stats.enabled=true


# IF USE ESUP blockAttack
# Utilisation de Throttling Login Attempts
 # Temps entre 2 passages du thread de nettoyage (en ms). Ce temps devrait être inférieur à la période de vérification
block.cleanExecution=10000
 # Période pendant laquelle le seuil d'échec s'applique (en s)
block.failureRangeInSeconds=5
 # Seuil d'échec d'authentification avant de déclencher le bloquage
block.failureThreshold=1


# IF USE ESUP TraceMe
trace.enabled=true
 # 
trace.cookieSecure=false
 # temps de validité du cookie (5j * 24h * 60mn * 60s) (en s)
trace.cookieMaxAge=432000
 # nom du cookie déposé
trace.cookieName=AGIMUS
 # path du cookie (laisser a /)
trace.cookiePath=/
 # domaine du cookie (doit commencer par un .)
trace.cookieDomain=.univ.fr
 # longueur maximum de la partie aléatoire de l'id unique utilisé pour nommer le cookie (type int, default is : 50)
trace.ramdomMaxLength=50

# IF USE memcache (old simple 3.4 memcached configuration)
memcache.server=localhost
memcache.port=11211
memcache.TGT.timeout=21600
memcache.ST.timeout=120

# IF USE memcached (new 4.0 memcached configuration)
# It is common to run memcached on every CAS node (format : cas-1.example.org:11211,cas-2.example.org:11211,cas-3.example.org:11211)
memcached.servers=localhost:11211
memcached.hashAlgorithm=FNV1_64_HASH
memcached.protocol=BINARY
memcached.locatorType=ARRAY_MOD
memcached.failureMode=Redistribute
tgt.maxTimeToLiveInSeconds=28800
st.timeToKillInSeconds=10

#IF USE clearpass (use memcached Map)
 # liste des serveurs memcache utilisés pour clearpass (format: host1:port,host2:port ; port par défaut 11211)
clearpass.memcache.servers=localhost:11211
clearpass.memcache.timeout=7200
clearpass.memcache.keysPrefix=clearPass_
clearpass.credentialsCache.salt=salt4321
clearpass.credentialsCache.secretKey=seCretKey6543210
 # liste des services autorisés à utiliser clearpass en mode proxy (par exemple uPortal)
clearpass.proxyList.value1=https://localhost/proxyCallback
 # Les autres valeurs de la liste sont à ajouter ou décommenter dans clearpass-configuration.xml
clearpass.proxyList.value2=