chore(apereo-cas): fix up configuration

- X-Forwarded-Proto support so it knows it's behind TLS - Remove extraneous logs and just log to stdout so it's caught be systemd Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639 Reviewed-on: https://cl.tvl.fyi/c/depot/+/952 Tested-by: BuildkiteCI Reviewed-by: glittershark <grfn@gws.fyi>
2020-07-07 22:54:54 +00:00 · 2020-07-07 22:54:54 +00:00 · 2c7e9986e2
commit 2c7e9986e2
parent 37ec60c706
3 changed files with 9 additions and 35 deletions
--- a/third_party/apereo-cas/overlay/etc/cas/config/cas.properties
+++ b/third_party/apereo-cas/overlay/etc/cas/config/cas.properties
@ -8,6 +8,14 @@ server.port=8443
 server.address=127.0.0.1
 server.ssl.enabled=false

+# Enable X-Forwarded-For using Tomcat.
+server.forward-headers-strategy=NATIVE
+server.tomcat.remoteip.remote-ip-header=x-forwarded-for
+server.tomcat.remoteip.protocol-header=x-forwarded-proto
+
+server.tomcat.basedir=/etc/cas/tomcat
+server.servlet.context-path=/
+
 cas.authn.saml-idp.entity-id=https://login.tvl.fyi

 cas.authn.accept.users=