2c7e9986e2
- X-Forwarded-Proto support so it knows it's behind TLS - Remove extraneous logs and just log to stdout so it's caught be systemd Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639 Reviewed-on: https://cl.tvl.fyi/c/depot/+/952 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
34 lines
1 KiB
Properties
34 lines
1 KiB
Properties
cas.server.name=https://login.tvl.fyi
|
|
cas.server.prefix=${cas.server.name}
|
|
cas.server.scope=tvl.fyi
|
|
|
|
cas.service-registry.json.location=file:/etc/cas/services
|
|
|
|
server.port=8443
|
|
server.address=127.0.0.1
|
|
server.ssl.enabled=false
|
|
|
|
# Enable X-Forwarded-For using Tomcat.
|
|
server.forward-headers-strategy=NATIVE
|
|
server.tomcat.remoteip.remote-ip-header=x-forwarded-for
|
|
server.tomcat.remoteip.protocol-header=x-forwarded-proto
|
|
|
|
server.tomcat.basedir=/etc/cas/tomcat
|
|
server.servlet.context-path=/
|
|
|
|
cas.authn.saml-idp.entity-id=https://login.tvl.fyi
|
|
|
|
cas.authn.accept.users=
|
|
|
|
cas.authn.attribute-repository.default-attributes-to-release=uid,mail,displayName
|
|
|
|
cas.authn.ldap[0].pool-passivator=NONE
|
|
cas.authn.ldap[0].principal-attribute-list=cn:uid,mail,displayName
|
|
cas.authn.ldap[0].ldap-url=ldap://localhost
|
|
cas.authn.ldap[0].use-start-tls=false
|
|
cas.authn.ldap[0].validator.base-dn=dc=tvl,dc=fyi
|
|
cas.authn.ldap[0].base-dn=dc=tvl,dc=fyi
|
|
cas.authn.ldap[0].search-filter=cn={user}
|
|
cas.authn.ldap[0].dn-format=cn=%s,ou=users,dc=tvl,dc=fyi
|
|
cas.authn.ldap[0].type=DIRECT
|
|
|