cas-server-application-dev.yml 7.69 KB
Newer Older
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
1
2
spring:
  cloud:
naji's avatar
naji committed
3
    consul: #disabled for dev
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
4
5
6
7
8
9
      enabled: false
      discovery:
        enabled: false
        register: false


vitam-prg's avatar
vitam-prg committed
10
11
server:
  ssl:
12
13
14
    key-store: ../../dev-deployment/environments/keystores/server/localhost/keystore_cas-server.jks
    key-store-password: changeme
    key-password: changeme
naji's avatar
naji committed
15
16
17
    enabled-protocols: TLSv1.1,TLSv1.2,TLSv1.3
    ciphers: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384

vitam-prg's avatar
vitam-prg committed
18
19
  host: dev.vitamui.com
  port: 8080
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
20
21
22
23
24
25
26
27
28
29
  servlet:
    context-path: /cas


management:
  server:
    port: 7080
    ssl:
      enabled: false
#management.metrics.export.prometheus.enabled: true
vitam-prg's avatar
vitam-prg committed
30
31


Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
32
vitamui.cas.tenant.identifier: -1
vitam-prg's avatar
vitam-prg committed
33
34
35
36
37
38
39
vitamui.cas.identity: cas
iam-client:
  server-host: localhost
  server-port: 8083
  secure: true
  ssl-configuration:
    keystore:
40
41
      key-path: ../../dev-deployment/environments/keystores/server/localhost/keystore_cas-server.jks
      key-password: changeme
vitam-prg's avatar
vitam-prg committed
42
43
      type: JKS
    truststore:
44
45
      key-path: ../../dev-deployment/environments/keystores/server/truststore_server.jks
      key-password: changeme
vitam-prg's avatar
vitam-prg committed
46
47
48
49
50
51
52
53
54
55
    hostname-verification: false


cas.authn.accept.users:


cas.messageBundle.baseNames: classpath:overriden_messages,classpath:messages


cas.tgc.path: /cas
Zerouali's avatar
Zerouali committed
56
cas.tgc.secure: true
vitam-prg's avatar
vitam-prg committed
57
cas.tgc.crypto.enabled: false
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
58
cas.webflow.crypto.enabled: true
vitam-prg's avatar
vitam-prg committed
59
60
61
62
63
cas.authn.pm.reset.crypto.enabled: true

cas.server.prefix: https://dev.vitamui.com:8080/cas
login.url: ${cas.server.prefix}/login

64
cas.serviceRegistry.mongo.clientUri: mongodb://mongod_dbuser_cas:mongod_dbpwd_cas@10.6.10.78:27018/cas
vitam-prg's avatar
vitam-prg committed
65
66
67
68
69
70
71
72
73
74
75
76
77
78

#cas.serviceRegistry.mongo.port: 27018
#cas.serviceRegistry.mongo.databaseName: cas
#cas.serviceRegistry.mongo.authenticationDatabaseName: cas
#cas.serviceRegistry.mongo.replicaSet: rs0
cas.serviceRegistry.mongo.collection: services
#cas.serviceRegistry.mongo.userId: mongod_dbuser_cas
#cas.serviceRegistry.mongo.password: mongod_dbpwd_cas


cas.authn.surrogate.separator: ","
cas.authn.surrogate.sms.attributeName: fakeNameToBeSureToFindNoAttributeAndNeverSendAnSMS


79
80
# 24 hours cache for login delegation
cas.ticket.tst.timeToKillInSeconds: 86400
vitam-prg's avatar
vitam-prg committed
81
82


Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
83
cas.authn.pm.enabled: true
naji's avatar
naji committed
84
cas.authn.pm.policyPattern: '^(?=(.*[$@!%*#£?&=\-\/:;\(\)"\.,\?!''\[\]{}^\+\=_\\\|~<>`]){2,})(?=(?:.*[a-z]){2,})(?=(?:.*[A-Z]){2,})(?=(?:.*[\d]){2,})[A-Za-zÀ-ÿ0-9$@!%*#£?&=\-\/:;\(\)"\.,\?!''\[\]{}^\+\=_\\\|~<>`]{${password.length},}$'
vitam-prg's avatar
vitam-prg committed
85
86
87
cas.authn.pm.reset.mail.subject: Requete de reinitialisation de mot de passe
cas.authn.pm.reset.mail.text: "Changez de mot de passe via le lien: %s"
cas.authn.pm.reset.mail.from: serveur-cas@noreply.com
oussamasic's avatar
oussamasic committed
88
89
# 1 Day : 24 * 60 Minutes to reset password
cas.authn.pm.reset.expirationMinutes: 1440
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
90
cas.authn.pm.reset.mail.attributeName: email
vitam-prg's avatar
vitam-prg committed
91
cas.authn.pm.reset.securityQuestionsEnabled: false
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
92
cas.authn.pm.reset.includeServerIpAddress: false
vitam-prg's avatar
vitam-prg committed
93
94
cas.authn.pm.autoLogin: true

Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
95
96
97
98
99
100
101
102
103

cas.authn.mfa.simple.sms.from: 'changeme'
cas.authn.mfa.simple.sms.text: 'Code : %s'
cas.authn.mfa.simple.sms.attributeName: mobile
cas.authn.mfa.simple.timeToKillInSeconds: 3600
cas.authn.mfa.simple.tokenLength: 4
cas.authn.mfa.globalPrincipalAttributeNameTriggers: computedOtp
cas.authn.mfa.globalPrincipalAttributeValueRegex: 'true'
cas.authn.mfa.simple.mail.text: xxx
vitam-prg's avatar
vitam-prg committed
104
105


Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
106
107
spring.mail.host: localhost
spring.mail.port: 2525
vitam-prg's avatar
vitam-prg committed
108
spring.mail.username: no-reply@vitamui.com
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
109
spring.mail.password: password
vitam-prg's avatar
vitam-prg committed
110
spring.mail.testConnection: false
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
111
112
spring.mail.properties.mail.smtp.auth: false
spring.mail.properties.mail.smtp.starttls.enable: false
vitam-prg's avatar
vitam-prg committed
113
114
115
116
117
118
119
120
121
122
123
124


cas.authn.throttle.failure.threshold: 2
cas.authn.throttle.failure.rangeSeconds: 3


cas:
  logout:
    followServiceRedirects: true
    redirectParameter: next


Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
125
126
127
management.endpoints.enabled-by-default: true
management.endpoints.web.exposure.include: '*'
cas.monitor.endpoints.endpoint.defaults.access[0]: PERMIT
vitam-prg's avatar
vitam-prg committed
128
129
130


# for SMS:
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
131
132
cas.smsProvider.twilio.accountId: changeme
cas.smsProvider.twilio.token: changeme
vitam-prg's avatar
vitam-prg committed
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147


vitamui.portal.url: https://dev.vitamui.com:4200/


token.api.cas: tokcas_ie6UZsEcHIWrfv2x


ip.header: X-Real-IP


# 8 hours in seconds
api.token.ttl: 28800


naji's avatar
naji committed
148
server-identity:
vitam-prg's avatar
vitam-prg committed
149
150
151
152
153
  identityName: CAS
  identityRole: SSO
  identityServerId: 1


Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
154
# Example to override theme colors, logo, favicon, platform name ...
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
155
theme:
naji's avatar
naji committed
156
157
158
159
  #  vitamui-platform-name: VITAM-UI
  #  vitamui-favicon: /absolute/path/to/favicon.ico
  #  vitam-logo: /absolute/path/to/logo.png
  #  vitamui-logo-large: /absolute/path/to/logo.png
160
  primary: '#702382'
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
161
  secondary: '#241f63'
naji's avatar
naji committed
162
  background: '#FFFFFF'
Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
163

youcefxelians's avatar
youcefxelians committed
164
165
166
167
168
169
170
171
172
173
# Jaeger
opentracing:
  jaeger:
    enabled: true
    logSpans: true
    expandExceptionLogs: true
    udp-sender:
      host: localhost
      port: 6831

Makhtar DIAGNE's avatar
Makhtar DIAGNE committed
174
debug: true
vitam-prg's avatar
vitam-prg committed
175
176
177
178
179
180
181
logging:
  config: src/main/config/logback-dev.xml
  level:
    org.springframework.amqp: 'OFF'
    org.springframework.context.annotation: 'OFF'
    org.springframework.boot.devtools: 'OFF'
    org.apereo.inspektr.audit.support: 'OFF'
182
183
184
185

# Cas CORS (necessary for mobile app)
cas.httpWebRequest.cors.enabled: true
cas.httpWebRequest.cors.allowCredentials: false
naji's avatar
naji committed
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
cas.httpWebRequest.cors.allowOrigins: [ '*' ]
cas.httpWebRequest.cors.allowMethods: [ '*' ]
cas.httpWebRequest.cors.allowHeaders: [ '*' ]

# Password configuration
password:
  length: 12 # 8 for custom profile
  max-old-password: 12 # 3 for custom profile
  check-occurrence: true # false for custom profile
  occurrences-chars-number: 3 # absent for custom profile
  profile: "anssi" # default profile is anssi (Agence Nationale de la Sécurité des Systèmes d'Information), custom otherwise
  constraints:
        defaults:
          fr:
            messages:
              - Avoir une taille d'au moins ${password.length} caractères
            special-chars:
              title: 'Contenir au moins 2 caractères issus de chaque catégorie, pour au moins 3 des catégories suivantes:'
              messages:
                - Minuscules (a-z)
                - Majuscules (A-Z)
                - Numériques (0-9)
                - Caractères spéciaux (!"#$%&£'()*+,-./:;<=>?@[]^_`{|}~)
          en:
            messages:
              - Have a size of at least ${password.length} characters
            special-chars:
              title: 'Contain at least 2 characters from each category, for at least 3 of the following categories:'
              messages:
                - Uppercases (a-z)
                - Lowercases (A-Z)
                - Digital (0-9)
                - Special Characters (!"#$%&£'()*+,-./:;<=>?@[]^_`{|}~)
          de:
            messages:
              - Mindestens ${password.length} Zeichen lang sein
            special-chars:
              title: 'Mindestens 2 Zeichen aus jeder Kategorie enthalten, für mindestens 3 der folgenden Kategorien:'
              messages:
                - Großbuchstaben (a-z)
                - Kleinbuchstaben (A-Z)
                - Digital (0-9)
                - Spezielle Charaktere (!"#$%&£'()*+,-./:;<=>?@[]^_`{|}~)
        customs:
          fr:
            title: 'Pour des raisons de sécurité, votre mot de passe doit:'
            messages:
              - Au moins ${password.length} caractères
              - Des minuscules et des majuscules
              - Au moins un chiffre et un caractère spécial (!"#$%&£'()*+,-./:;<=>?@[]^_`{|}~)
          en:
            title: 'For security reasons, your password must:'
            messages:
              - At least ${password.length} characters
              - Lowercase and uppercase
              - At least one number and one special character (!"#$%&£'()*+,-./:;<=>?@[]^_`{|}~)
          de:
            title: 'Aus Sicherheitsgründen muss Ihr Passwort:'
            messages:
              - Mindestens ${password.length} Zeichen
              - Klein- und Großbuchstaben
              - Mindestens eine Zahl und ein Sonderzeichen (!"#$%&£'()*+,-./:;<=>?@[]^_`{|}~)