Thank you! The URL pattern <
https://apereo.github.io/cas/7.2.x/release_notes/RC2.html> provides an
example of how I can directly access the Release Notes for these versions.
However, the documentation for older (7.1, 7.2) links to RC
changelogs/release notes still point to the changelogs for 7.3 RC and not
the expected older versions.
I'm also still somewhat confused by the documentation and/or
logged error(s). I have the following in cas.properties (consistent with
the information in the Configuration tab information):
management.endpoints.web.exposure.include=health,info
management.endpoint.health.enabled=true
management.endpoint.info.enabled=true
I also have:
cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS
cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1,
[...more IP addrs...]
I use "defaults" endpoints there because though this isn't discussed in the
CAS documentation AFAICT, I think I found the use of the defaults in the
spring documentation somewhere (unfortunately I can't locate it again now).
Although things appear to work, on startup the following error is logged:
ERROR
[org.springframework.boot.context.properties.migrator.PropertiesMigrationListener]
- <
The use of configuration keys that are no longer supported was found in the
environment:
Property source 'bootstrapProperties-casCompositePropertySource':
Key: management.endpoint.health.enabled
Reason: Replacement key 'management.endpoint.health.access'
uses an incompatible target type
Key: management.endpoint.info.enabled
Reason: Replacement key 'management.endpoint.info.access'
uses an incompatible target type
Please refer to the release notes or reference guide for potential
alternatives.
>
I don't understand the references to the replacement keys, because I don't
see these discussed in the CAS docs, nor are they present in my
cas.properties. Is this an actual error I should be addressing?
Finally, another aspect of the documentation I found confusing was that
under the Configuration tab, there are gear icon links for each property
"How can I configure this property?" that if you click on them does nothing
other than clear the popup window and dim the popup parent window with no
good/apparent way to cancel/exit that state.
On Wed, Aug 13, 2025 at 4:07 PM Ray Bon <[email protected]> wrote:
> Baron,
>
> There is this release note about the change
> https://apereo.github.io/cas/7.2.x/release_notes/RC2.html#actuator-endpoints
> <https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/release_notes/RC2.html*actuator-endpoints__;Iw!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYbgje3J_$>
> For a list of values for 'access' see
> https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Auditevents.html
> <https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Auditevents.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYaDjms8a$>
> click
> on the green book icon beside 'Provides information about ...' then click
> on the Configuration tab.
>
> There is also
> Management.endpoints.web.exposure.include= [*|comma separated list]
>
> Ray
> ------------------------------
> *From:* [email protected] <[email protected]> on behalf of Baron
> Fujimoto <[email protected]>
> *Sent:* August 12, 2025 11:37
> *To:* CAS Community <[email protected]>
> *Subject:* [cas-user] Re: Older CAS RC release notes changelog links
> broken?
>
> FWIW, I was able to get past this error by removing the deprecated
> property "management.endpoints.enabled-by-default=true". The error message
> seems to suggest the property "management.endpoints.access.default" as a
> replacement, but I can't find information about this property in the CAS
> documentation.
>
> I did find Spring Boot documentation[1] that identifies one possible valid
> value ("none") for this property, but not any other possible valid values.
>
> For CAS, the default appears to be sort of consistent with "none" since it
> seems I have to explicitly enable any actuator endpoints if I want to use
> anything besides just "health" and "info" (e.g. "throttles" and "duoPing").
>
> Furthermore the CAS documentation[2] states, "that by default the only
> endpoints exposed over the web are info, status, health and
> configurationMetadata." However, even if the status endpoint is explicitly
> enabled the same way as for health and info, it still rejects access to
> status.
>
> cas.properties:
>
> management.endpoints.web.base-path=/actuator
>
> management.endpoints.web.exposure.include=health,info,status,throttles,duoPing
> management.endpoint.health.enabled=true
> management.endpoint.info.enabled=true
> management.endpoint.status.enabled=true
> management.endpoint.throttles.enabled=true
> management.endpoint.duoPing.enabled=true
> cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS
> cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1,
> [...more IP addrs...]
>
> This results in the following logs that demonstrate the difference between
> attempted access to "health" and "status" endpoints:
>
> DEBUG
> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
> - <Set SecurityContextHolder to anonymous SecurityContext>
> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing HEAD
> /actuator/health>
> DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured HEAD
> /actuator/health>
> DEBUG
> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
> - <Set SecurityContextHolder to anonymous SecurityContext>
> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET
> /actuator/status>
> DEBUG
> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]
> - <Set SecurityContextHolder to anonymous SecurityContext>
> DEBUG
> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] -
> <Saved request
> https://cas66.pvt.hawaii.edu:8443/cas/actuator/status?continue to session>
> DEBUG
> [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint]
> - <Pre-authenticated entry point called. Rejecting access>
> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET
> /error>
> DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET
> /error>
>
> I seem to recall the status endpoint may have been deprecated at some
> point, but I can't find confirmation in the CAS documentation. If so, is
> the current documentation erroneous in stating that it may be exposed? If
> not, how do you also get status to work?
>
> [1] <https://docs.spring.io/spring-boot/reference/actuator/endpoints.html
> <https://urldefense.com/v3/__https://docs.spring.io/spring-boot/reference/actuator/endpoints.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYa-Bs3ot$>
> >
> [2] Example from the Endpoint details popup window at <
> https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Info.html
> <https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Info.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYdzZjtPC$>
> >
>
>
>
> On Fri, Aug 8, 2025 at 4:37 PM Baron Fujimoto <[email protected]> wrote:
>
> This is problematic, because when I build and deploy 7.2.5, I now get the
> following error logged.
>
> =====
> ERROR
> [org.springframework.boot.context.properties.migrator.PropertiesMigrationListener]
> - <
> The use of configuration keys that are no longer supported was found in
> the environment:
>
> Property source 'bootstrapProperties-casCompositePropertySource':
> Key: management.endpoints.enabled-by-default
> Reason: Replacement key
> 'management.endpoints.access.default' uses an incompatible target type
>
>
> Please refer to the release notes or reference guide for potential
> alternatives.
> >
> ERROR [org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer]
> - <Error creating bean due to: Failed to process import candidates for
> configuration class [org.apereo.cas.web.CasWebApplication]: Error
> processing condition on
> org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration
> caused by MutuallyExclusiveConfigurationPropertiesException: The
> configuration properties 'management.endpoints.access.default,
> management.endpoints.enabled-by-default' are mutually exclusive and
> 'management.endpoints.access.default,
> management.endpoints.enabled-by-default' have been configured together >
> DEBUG
> [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] -
> <Application failed to start due to an exception>
> ERROR
> [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <
>
> ***************************
> APPLICATION FAILED TO START
> ***************************
>
> Description:
>
> Error creating bean due to: Failed to process import candidates for
> configuration class [org.apereo.cas.web.CasWebApplication]: Error
> processing condition on
> org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration
> caused by MutuallyExclusiveConfigurationPropertiesException: The
> configuration properties 'management.endpoints.access.default,
> management.endpoints.enabled-by-default' are mutually exclusive and
> 'management.endpoints.access.default,
> management.endpoints.enabled-by-default' have been configured together
>
> Action:
>
> Review the properties available for the configuration. Enable debug
> logging on
> org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer to see
> exception stack trace
> >
> =====
>
> I believe these are the sorts of issues typically mentioned in the missing
> changelogs. I seem to recall there also being something about the use of
> groovy scripts that I cannot currently find. We incorporate a groovy script
> in some of our service registrations, so this is also a concern.
>
>
> On Thu, Aug 7, 2025 at 10:54 AM Baron Fujimoto <[email protected]> wrote:
>
> I'm preparing for a CAS upgrade from 7.0.8 to 7.2 and wanted to review the
> release notes changelogs for anything we needed to be aware of. (I'm not
> sure why, but it seems like only release candidates really get useful
> information of this nature.)
>
> Currently it appears that all of the documentation for older (7.1, 7.2) RC
> changelogs only points to the changelogs for 7.3 RC versions.
>
> E.g. on the Release Notes page for 7.1.0-RC6 <
> https://github.com/apereo/cas/releases/tag/v7.1.0-RC6
> <https://urldefense.com/v3/__https://github.com/apereo/cas/releases/tag/v7.1.0-RC6__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYSFZJ1yL$>>,
> the linked changelogs for previous RC versions all link to 7.3 changelogs:
> • <https://apereo.github.io/cas/development/release_notes/RC1.html
> <https://urldefense.com/v3/__https://apereo.github.io/cas/development/release_notes/RC1.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYYlF7M8h$>
> >
> • <https://apereo.github.io/cas/development/release_notes/RC2.html
> <https://urldefense.com/v3/__https://apereo.github.io/cas/development/release_notes/RC2.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYTjQcwOI$>
> >
> • etc
> • Busted portal gun 404 for changelogs that don't yet exist for 7.4 (RC6)
>
> Are the older changelogs still available? I seem to recall seeing
> potentially important items in there when previously skimming them.
> --
> Baron Fujimoto <[email protected]> ::: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
>
>
>
> --
> Baron Fujimoto <[email protected]> ::: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
>
>
>
> --
> Baron Fujimoto <[email protected]> ::: UH Information Technology Services
> minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
>
> --
> - Website: https://apereo.github.io/cas
> <https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYY8NrfMX$>
> - List Guidelines: https://goo.gl/1VRrw7
> <https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYe2dckGb$>
> - Contributions: https://goo.gl/mh7qDG
> <https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYfHaIRoQ$>
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg%3DtEXYbiguYipRscTz2eA%40mail.gmail.com
> <https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg*3DtEXYbiguYipRscTz2eA*40mail.gmail.com?utm_medium=email&utm_source=footer__;JSU!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYVaS9zUc$>
> .
>
> --
> - Website: https://apereo.github.io/cas
> <https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYY8NrfMX$>
> - List Guidelines: https://goo.gl/1VRrw7
> <https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYe2dckGb$>
> - Contributions: https://goo.gl/mh7qDG
> <https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYfHaIRoQ$>
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081E136102BABA62F28C6ADCE2AA%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM
> <https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081E136102BABA62F28C6ADCE2AA*40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer__;JQ!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYZ7-NNyS$>
> .
>
--
Baron Fujimoto <[email protected]> ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1W90SdsTWxM3ivYH%2BBjUi5A1sYj46-30cNwbnB0bbU%2Bg%40mail.gmail.com.
