Baron, The release note form of the property is correct, The one in the docs has not been updated. This url should bring you to the 7.1 release notes https://apereo.github.io/cas/7.1.x/release_notes/Overview.html
Depending on which endpoints you want to use, some of them will have to be explicitly added to the properties; defaults only covers a few. I never tried the gear icon before; it is definitely not working. Ray ________________________________ From: [email protected] <[email protected]> on behalf of Baron Fujimoto <[email protected]> Sent: August 19, 2025 19:53 To: [email protected] <[email protected]> Subject: Re: [cas-user] Re: Older CAS RC release notes changelog links broken? Thank you! The URL pattern <https://apereo.github.io/cas/7.2.x/release_notes/RC2.html> provides an example of how I can directly access the Release Notes for these versions. However, the documentation for older (7.1, 7.2) links to RC changelogs/release notes still point to the changelogs for 7.3 RC and not the expected older versions. I'm also still somewhat confused by the documentation and/or logged error(s). I have the following in cas.properties (consistent with the information in the Configuration tab information): management.endpoints.web.exposure.include=health,info management.endpoint.health.enabled=true management.endpoint.info.enabled=true I also have: cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1, [...more IP addrs...] I use "defaults" endpoints there because though this isn't discussed in the CAS documentation AFAICT, I think I found the use of the defaults in the spring documentation somewhere (unfortunately I can't locate it again now). Although things appear to work, on startup the following error is logged: ERROR [org.springframework.boot.context.properties.migrator.PropertiesMigrationListener] - < The use of configuration keys that are no longer supported was found in the environment: Property source 'bootstrapProperties-casCompositePropertySource': Key: management.endpoint.health.enabled Reason: Replacement key 'management.endpoint.health.access' uses an incompatible target type Key: management.endpoint.info.enabled Reason: Replacement key 'management.endpoint.info.access' uses an incompatible target type Please refer to the release notes or reference guide for potential alternatives. > I don't understand the references to the replacement keys, because I don't see these discussed in the CAS docs, nor are they present in my cas.properties. Is this an actual error I should be addressing? Finally, another aspect of the documentation I found confusing was that under the Configuration tab, there are gear icon links for each property "How can I configure this property?" that if you click on them does nothing other than clear the popup window and dim the popup parent window with no good/apparent way to cancel/exit that state. On Wed, Aug 13, 2025 at 4:07 PM Ray Bon <[email protected]<mailto:[email protected]>> wrote: Baron, There is this release note about the change https://apereo.github.io/cas/7.2.x/release_notes/RC2.html#actuator-endpoints<https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/release_notes/RC2.html*actuator-endpoints__;Iw!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYbgje3J_$> For a list of values for 'access' see https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Auditevents.html<https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Auditevents.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYaDjms8a$> click on the green book icon beside 'Provides information about ...' then click on the Configuration tab. There is also Management.endpoints.web.exposure.include= [*|comma separated list] Ray ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Baron Fujimoto <[email protected]<mailto:[email protected]>> Sent: August 12, 2025 11:37 To: CAS Community <[email protected]<mailto:[email protected]>> Subject: [cas-user] Re: Older CAS RC release notes changelog links broken? FWIW, I was able to get past this error by removing the deprecated property "management.endpoints.enabled-by-default=true". The error message seems to suggest the property "management.endpoints.access.default" as a replacement, but I can't find information about this property in the CAS documentation. I did find Spring Boot documentation[1] that identifies one possible valid value ("none") for this property, but not any other possible valid values. For CAS, the default appears to be sort of consistent with "none" since it seems I have to explicitly enable any actuator endpoints if I want to use anything besides just "health" and "info" (e.g. "throttles" and "duoPing"). Furthermore the CAS documentation[2] states, "that by default the only endpoints exposed over the web are info, status, health and configurationMetadata." However, even if the status endpoint is explicitly enabled the same way as for health and info, it still rejects access to status. cas.properties: management.endpoints.web.base-path=/actuator management.endpoints.web.exposure.include=health,info,status,throttles,duoPing management.endpoint.health.enabled=true management.endpoint.info.enabled=true management.endpoint.status.enabled=true management.endpoint.throttles.enabled=true management.endpoint.duoPing.enabled=true cas.monitor.endpoints.endpoint.defaults.access=IP_ADDRESS cas.monitor.endpoints.endpoint.defaults.required-ip-addresses=127.0.0.1, [...more IP addrs...] This results in the following logs that demonstrate the difference between attempted access to "health" and "status" endpoints: DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing HEAD /actuator/health> DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured HEAD /actuator/health> DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /actuator/status> DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext> DEBUG [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <Saved request https://cas66.pvt.hawaii.edu:8443/cas/actuator/status?continue to session> DEBUG [org.springframework.security.web.authentication.Http403ForbiddenEntryPoint] - <Pre-authenticated entry point called. Rejecting access> DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /error> DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET /error> I seem to recall the status endpoint may have been deprecated at some point, but I can't find confirmation in the CAS documentation. If so, is the current documentation erroneous in stating that it may be exposed? If not, how do you also get status to work? [1] <https://docs.spring.io/spring-boot/reference/actuator/endpoints.html<https://urldefense.com/v3/__https://docs.spring.io/spring-boot/reference/actuator/endpoints.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYa-Bs3ot$>> [2] Example from the Endpoint details popup window at <https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Info.html<https://urldefense.com/v3/__https://apereo.github.io/cas/7.2.x/monitoring/actuators/Actuator-Endpoint-Info.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYdzZjtPC$>> On Fri, Aug 8, 2025 at 4:37 PM Baron Fujimoto <[email protected]<mailto:[email protected]>> wrote: This is problematic, because when I build and deploy 7.2.5, I now get the following error logged. ===== ERROR [org.springframework.boot.context.properties.migrator.PropertiesMigrationListener] - < The use of configuration keys that are no longer supported was found in the environment: Property source 'bootstrapProperties-casCompositePropertySource': Key: management.endpoints.enabled-by-default Reason: Replacement key 'management.endpoints.access.default' uses an incompatible target type Please refer to the release notes or reference guide for potential alternatives. > ERROR [org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer] - <Error creating bean due to: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]: Error processing condition on org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration caused by MutuallyExclusiveConfigurationPropertiesException: The configuration properties 'management.endpoints.access.default, management.endpoints.enabled-by-default' are mutually exclusive and 'management.endpoints.access.default, management.endpoints.enabled-by-default' have been configured together > DEBUG [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <Application failed to start due to an exception> ERROR [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - < *************************** APPLICATION FAILED TO START *************************** Description: Error creating bean due to: Failed to process import candidates for configuration class [org.apereo.cas.web.CasWebApplication]: Error processing condition on org.springframework.boot.actuate.autoconfigure.audit.AuditEventsEndpointAutoConfiguration caused by MutuallyExclusiveConfigurationPropertiesException: The configuration properties 'management.endpoints.access.default, management.endpoints.enabled-by-default' are mutually exclusive and 'management.endpoints.access.default, management.endpoints.enabled-by-default' have been configured together Action: Review the properties available for the configuration. Enable debug logging on org.apereo.cas.util.spring.boot.BeanDefinitionStoreFailureAnalyzer to see exception stack trace > ===== I believe these are the sorts of issues typically mentioned in the missing changelogs. I seem to recall there also being something about the use of groovy scripts that I cannot currently find. We incorporate a groovy script in some of our service registrations, so this is also a concern. On Thu, Aug 7, 2025 at 10:54 AM Baron Fujimoto <[email protected]<mailto:[email protected]>> wrote: I'm preparing for a CAS upgrade from 7.0.8 to 7.2 and wanted to review the release notes changelogs for anything we needed to be aware of. (I'm not sure why, but it seems like only release candidates really get useful information of this nature.) Currently it appears that all of the documentation for older (7.1, 7.2) RC changelogs only points to the changelogs for 7.3 RC versions. E.g. on the Release Notes page for 7.1.0-RC6 <https://github.com/apereo/cas/releases/tag/v7.1.0-RC6<https://urldefense.com/v3/__https://github.com/apereo/cas/releases/tag/v7.1.0-RC6__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYSFZJ1yL$>>, the linked changelogs for previous RC versions all link to 7.3 changelogs: • <https://apereo.github.io/cas/development/release_notes/RC1.html<https://urldefense.com/v3/__https://apereo.github.io/cas/development/release_notes/RC1.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYYlF7M8h$>> • <https://apereo.github.io/cas/development/release_notes/RC2.html<https://urldefense.com/v3/__https://apereo.github.io/cas/development/release_notes/RC2.html__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYTjQcwOI$>> • etc • Busted portal gun 404 for changelogs that don't yet exist for 7.4 (RC6) Are the older changelogs still available? I seem to recall seeing potentially important items in there when previously skimming them. -- Baron Fujimoto <[email protected]<mailto:[email protected]>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- Baron Fujimoto <[email protected]<mailto:[email protected]>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- Baron Fujimoto <[email protected]<mailto:[email protected]>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas<https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYY8NrfMX$> - List Guidelines: https://goo.gl/1VRrw7<https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYe2dckGb$> - Contributions: https://goo.gl/mh7qDG<https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYfHaIRoQ$> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg%3DtEXYbiguYipRscTz2eA%40mail.gmail.com<https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL0VE779MvaL2oj0Qfpfo9N3Jg*3DtEXYbiguYipRscTz2eA*40mail.gmail.com?utm_medium=email&utm_source=footer__;JSU!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYVaS9zUc$>. -- - Website: https://apereo.github.io/cas<https://urldefense.com/v3/__https://apereo.github.io/cas__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYY8NrfMX$> - List Guidelines: https://goo.gl/1VRrw7<https://urldefense.com/v3/__https://goo.gl/1VRrw7__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYe2dckGb$> - Contributions: https://goo.gl/mh7qDG<https://urldefense.com/v3/__https://goo.gl/mh7qDG__;!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYfHaIRoQ$> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081E136102BABA62F28C6ADCE2AA%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM<https://urldefense.com/v3/__https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081E136102BABA62F28C6ADCE2AA*40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer__;JQ!!PvDODwlR4mBZyAb0!UTr0MO3PEzxfBeIskFhS-Sc6gM9VocGuk6oPRLmtgsefZUgYiG77MULLqNuAwkSEJ8WvYZ7-NNyS$>. -- Baron Fujimoto <[email protected]<mailto:[email protected]>> ::: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum descendus pantorum -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1W90SdsTWxM3ivYH%2BBjUi5A1sYj46-30cNwbnB0bbU%2Bg%40mail.gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL1W90SdsTWxM3ivYH%2BBjUi5A1sYj46-30cNwbnB0bbU%2Bg%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081B21BD029A0EAB8BFD039CE33A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
