Can we separate the UI for Palantir from the rest of CAS if it is a problem with our UI?
On Tue, Aug 19, 2025 at 10:20 PM Ray Bon <[email protected]> wrote: > Andrew, > > If you have any UI customizations, comment them out or remove them while > setting up palantir. Our UI caused palantir to behave weird. > Check the mappings actuator and try all the GETs to be sure they are > accessible. > Try adding these to build.gradle: > implementation "org.apereo.cas:cas-server-support-metrics" > implementation "org.apereo.cas:cas-server-core-monitor" > And any at the bottom of this page that you use, > https://apereo.github.io/cas/7.2.x/monitoring/Configuring-Monitoring.html > > Ray > ------------------------------ > *From:* 'Andrew Tillinghast' via CAS Community <[email protected]> > *Sent:* August 19, 2025 11:12 > *To:* [email protected] <[email protected]> > *Subject:* Re: [cas-user] Palantir is unavailable? > > Thank you, that made progress. We're able to open Palantir and view/edit > services but we can't get to any of the other tabs. Clicking them and > nothing happens. The only error in the logs appears to be related to the > first tab attempting to load OIDC services, which we don't have enabled. > > On Tue, Aug 19, 2025 at 12:01 PM Ray Bon <[email protected]> wrote: > > Start with these settings: > management.endpoints.web.exposure.include=* > management.endpoints.access.default=UNRESTRICTED > cas.monitor.endpoints.endpoint.defaults.access=PERMIT > > These settings will allow you to access actuator endpoints (list below). > Then verify that palantir is working as expected. Then change to > cas.monitor.endpoints.endpoint.defaults.access=AUTHENTICATED > > I tried using a list of endpoints, but after adding in more than half, > palantir still was not working; and since there was no guarantee that the > list below was complete, I went with '*'. > > For our use case, palantir will be used for service management. We have > other systems in place for monitoring performance etc. > We have one server with restricted access for palantir, kept seperate from > our authentication servers. On authentication servers, only health endpoint > available. > > Ray > > Here is a list of endpoints I exctracted from actuator/mappings (this > actuator will show all of cas enpoints based on config - I think): > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > *#attributeDefinitions#auditevents#auditLog#authenticationHandlers#authenticationPolicies#beans#caches#casConfig#casFeatures#casModules#casValidate#conditions#configprops#duoAccountStatus#duoAdmin#duoPing#env#events#features#health#heapdump#httpexchanges#info#integrationgraph#jwtTicketSigningPublicKey#loggers#loggingConfig#mappings#metrics#mfaDevices#multitenancy#oauthTokens#oidcJwks#passwordManagement#personDirectory#quartz#refresh#registeredServices#releaseAttributes#resolveAttributes#samlIdPRegisteredServiceMetadataCache#samlPostProfileResponse#samlValidate#sbom#scheduledtasks#serviceAccess#springWebflow#sso#ssoSessions#statistics#threaddump#throttles#ticketExpirationPolicies#ticketRegistry* > > > > ------------------------------ > *From:* 'atilling' via CAS Community <[email protected]> > *Sent:* August 18, 2025 09:10 > *To:* CAS Community <[email protected]> > *Subject:* [cas-user] Palantir is unavailable? > > Trying to use Palantir in CAS 7.2.5 and getting an error > Palantir is unavailable! > Palantir requires a number of actuator endpoints to be enabled and > exposed, and your CAS deployment fails to do so. > > There is no indication what endpoints aren't enabled > in cas.properties I have the follwoing properties and spring user settings > management.endpoints.web.exposure.include=* > management.endpoint.health.show-details=always > > cas.monitor.endpoints.endpoint.defaults.access=AUTHENTICATED > > > cas.monitor.endpoints.endpoint.samlIdPRegisteredServiceMetadataCache.access= > AUTHENTICATED > > > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6c8b17b-7dca-4ab0-9b0f-f49e2d0c51b8n%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b6c8b17b-7dca-4ab0-9b0f-f49e2d0c51b8n%40apereo.org?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008188CCBD50B24DC25ED6C4CE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB008188CCBD50B24DC25ED6C4CE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer> > . > > > > -- > > Andrew Tillinghast > Sr. Tech Lead Identity and Access Management > [email protected] > 270 Mohegan Avenue > New London, CT 06320-4196 > Ph:860 439-2727 Fax: 860 439-2871 > P > *Think before you print *CONFIDENTIALITY: This email (including any > attachments) may contain confidential, proprietary and privileged > information, and unauthorized disclosure or use is prohibited. If you > received this email in error, please notify the sender and delete this > email from your system. > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DFxGKzEdtrZ2TH0DjdqfhaATmGE3aMrr6qXFP9tYutQQ%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DFxGKzEdtrZ2TH0DjdqfhaATmGE3aMrr6qXFP9tYutQQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081DC824BF5A19A04AA344BCE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081DC824BF5A19A04AA344BCE30A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer> > . > -- Andrew Tillinghast Sr. Tech Lead Identity and Access Management [email protected] 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-2727 Fax: 860 439-2871 P *Think before you print*CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGA6n_%3DQa1O2yt80dNkRV55rqJ5Conh4-F_fpkfWezts6T8OwQ%40mail.gmail.com.
