Hi Andrew, It's working for us using similar settings to Ray's. Here's ours for comparison:
spring.security.user.name=admin spring.security.user.password=*********** spring.security.user.roles=admin cas.monitor.endpoints.endpoint.defaults.access[0]=AUTHENTICATED management.endpoints.web.exposure.include=* management.endpoints.access.default=unrestricted CasFeatureModule.AccountManagement.enabled=true We also keep our CAS management system separate and only allow the health endpoint on our user-facing nodes. On Tue, Aug 19, 2025 at 12:25 PM 'Andrew Tillinghast' via CAS Community < [email protected]> wrote: > Thank you, that made progress. We're able to open Palantir and view/edit > services but we can't get to any of the other tabs. Clicking them and > nothing happens. The only error in the logs appears to be related to the > first tab attempting to load OIDC services, which we don't have enabled. > > On Tue, Aug 19, 2025 at 12:01 PM Ray Bon <[email protected]> wrote: > >> Start with these settings: >> management.endpoints.web.exposure.include=* >> management.endpoints.access.default=UNRESTRICTED >> cas.monitor.endpoints.endpoint.defaults.access=PERMIT >> >> These settings will allow you to access actuator endpoints (list below). >> Then verify that palantir is working as expected. Then change to >> cas.monitor.endpoints.endpoint.defaults.access=AUTHENTICATED >> >> I tried using a list of endpoints, but after adding in more than half, >> palantir still was not working; and since there was no guarantee that the >> list below was complete, I went with '*'. >> >> For our use case, palantir will be used for service management. We have >> other systems in place for monitoring performance etc. >> We have one server with restricted access for palantir, kept seperate >> from our authentication servers. On authentication servers, only health >> endpoint available. >> >> Ray >> >> Here is a list of endpoints I exctracted from actuator/mappings (this >> actuator will show all of cas enpoints based on config - I think): >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *#attributeDefinitions#auditevents#auditLog#authenticationHandlers#authenticationPolicies#beans#caches#casConfig#casFeatures#casModules#casValidate#conditions#configprops#duoAccountStatus#duoAdmin#duoPing#env#events#features#health#heapdump#httpexchanges#info#integrationgraph#jwtTicketSigningPublicKey#loggers#loggingConfig#mappings#metrics#mfaDevices#multitenancy#oauthTokens#oidcJwks#passwordManagement#personDirectory#quartz#refresh#registeredServices#releaseAttributes#resolveAttributes#samlIdPRegisteredServiceMetadataCache#samlPostProfileResponse#samlValidate#sbom#scheduledtasks#serviceAccess#springWebflow#sso#ssoSessions#statistics#threaddump#throttles#ticketExpirationPolicies#ticketRegistry* >> >> >> >> ------------------------------ >> *From:* 'atilling' via CAS Community <[email protected]> >> *Sent:* August 18, 2025 09:10 >> *To:* CAS Community <[email protected]> >> *Subject:* [cas-user] Palantir is unavailable? >> >> Trying to use Palantir in CAS 7.2.5 and getting an error >> Palantir is unavailable! >> Palantir requires a number of actuator endpoints to be enabled and >> exposed, and your CAS deployment fails to do so. >> >> There is no indication what endpoints aren't enabled >> in cas.properties I have the follwoing properties and spring user settings >> management.endpoints.web.exposure.include=* >> management.endpoint.health.show-details=always >> >> cas.monitor.endpoints.endpoint.defaults.access=AUTHENTICATED >> >> >> cas.monitor.endpoints.endpoint.samlIdPRegisteredServiceMetadataCache.access= >> AUTHENTICATED >> >> >> >> -- >> - Website: https://apereo.github.io/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6c8b17b-7dca-4ab0-9b0f-f49e2d0c51b8n%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6c8b17b-7dca-4ab0-9b0f-f49e2d0c51b8n%40apereo.org?utm_medium=email&utm_source=footer> >> . >> >> -- >> - Website: https://apereo.github.io/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008188CCBD50B24DC25ED6C4CE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008188CCBD50B24DC25ED6C4CE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer> >> . >> > > > -- > > Andrew Tillinghast > Sr. Tech Lead Identity and Access Management > [email protected] > 270 Mohegan Avenue > New London, CT 06320-4196 > Ph:860 439-2727 Fax: 860 439-2871 > P > *Think before you print*CONFIDENTIALITY: This email (including any > attachments) may contain confidential, proprietary and privileged > information, and unauthorized disclosure or use is prohibited. If you > received this email in error, please notify the sender and delete this > email from your system. > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DFxGKzEdtrZ2TH0DjdqfhaATmGE3aMrr6qXFP9tYutQQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DFxGKzEdtrZ2TH0DjdqfhaATmGE3aMrr6qXFP9tYutQQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Jonathon Taylor (he/him) Information Security Office [email protected] -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABzqDo-h1ocZ1noC8T3ErSRukKwg3SmqNzps9VWC-UsSgH072w%40mail.gmail.com.
