CAS provides a logging facility that logs important informational events like authentication success andfailure; it can be customized to produce additional information for troubleshooting. CAS uses the Slf4JLogging framework as a facade for the Log4J engine by default.

The default log4j configuration file is located in src/main/resources/log4j2.xml.By default logging is set to INFO for all functionality related to org.apereo.cas code.For debugging and diagnostic purposes you may want to set these levels to DEBUG.

You should always run everything underWARN. In productionwarnings and errors are things you care about. Everything else is just diagnostics. Onlyturn up DEBUG or INFO if you need to research a particular issue.

Configuration

In the following table, you can find a list of programs that can open files with.cas extension.This list is created by collecting extension information reported by users through the 'send report' option of FileTypesMan utility. CAS uses sessions to track users and offers a full Security interface to protect data at the file level, as well as the column level. The sessions provide isolation for the user, which protects the integrity of the server. The purpose of connecting to CAS is to execute server requests. A user must create a session to submit a request. Apr 20, 2021 When an objection to CAS jurisdiction is raised, the CAS Court Office or the Panel, if already constituted, shall invite the opposing party (parties) to file written submissions on the matter of CAS jurisdiction. The Panel may rule on its jurisdiction either in a preliminary decision or in an award on the merits.

It is often time helpful to externalize the log4j2.xml file to a system path to preserve settings between upgrades.The location of log4j2.xml file by default is on the runtime classpath and can be controlledvia the CAS properties. To see the relevant list of CAS properties, please review this guide.

The CAS file which is being opened is infected with an undesirable malware. The computer does not have enough hardware resources to cope with the opening of the CAS file. Drivers of equipment used by the computer to open a CAS file are out of date. CAS REGISTRY®, the CAS substance collection, is the premier source relied upon by scientists, manufacturers, regulators, and data scientists worldwide for accurate information on chemical substances.

To review log settings and output, you may also use the CAS administration panels.

Log Levels

While log levels can directly be massaged via the native log4j2.xml syntax, they may also be modifiedusing the usual CAS properties. To see the relevant list of CAS properties, please review this guide.

Refresh Interval

The log4j2.xml itself controls the refresh interval of the logging configuration. Log4j has the abilityto automatically detect changes to the configuration file and reconfigure itself. If the monitorIntervalattribute is specified on the configuration element and is set to a non-zero value then the file will bechecked the next time a log event is evaluated and/or logged and the monitorInterval has elapsed sincethe last check. This will allow you to adjust the log levels and configuration without restarting theserver environment.

Log Patterns

By default most appenders that are provided via the log4j2.xml file usepattern-based layouts to format log messages. The following alternative layouts may also be used:

To learn more about nuances and configuration settings for each, please refer to the official Log4J guides.

Log File Rotation

The default configuration specifies triggering policies for rolling over logs, at startup, size or at specific times. These policies apply to RollingFile appenders.

For example, the following XML fragment defines policies that rollover the log when the JVM starts, when the log size reaches 10 megabytes, and when the current date no longer matches the log’s start date.

The triggering policies determines if a rollover should be performed and rollover strategy can also be design to indicate how that should be done. If no strategy is configured, the default will be used.

To find more a comprehensive documentation, please review the guides here.

Rollover Strategy

Customized rollover strategies provide a delete action that gives users more control over what files are deleted at rollover time than what was possible with the DefaultRolloverStrategy max attribute. The delete action lets users configure one or more conditions that select the files to delete relative to a base directory.

For example, the following appender at rollover time deletes all files under the base directory that match the */*.log glob and are 7 days old or older.

To find more a comprehensive documentation, please review the guides here.

Log Data Sanitation

For security purposes, CAS by default will attempt to remove TGT and PGT ids from all log data.This will of course include messages that are routed to a log destination by the logging framework as well as all audit messages. A sample follows below:

Certain number of characters are left at the trailing end of the ticket id to assist withtroubleshooting and diagnostics.

To see the relevant list of CAS properties, please review this guide.

Routing Logs to Sentry

Log data can be automatically routed to and integrated with Sentry to track and monitor CAS events and errors.

Routing Logs to Papertrail

Papertrail is a cloud-based log management service that provides aggregated logging tools, flexible system groups, team-wide access, long-term archives, charts and analytics exports, monitoring webhooks and more.

See this guide for more info.

Routing Logs to Loggly

Loggly is a cloud-based log management service that makes it easy to access and analyze the mission-critical information within your logs.Log data can be automatically routed to Loggly via Rsyslog. The advantage of using Rsyslog is that it can send TCP events without blocking your application, can optionally encrypt the data, and even queue data to add robustness to network failure.

See this guide for more info.

Routing Logs to CloudWatch

Log data can be automatically routed to AWS CloudWatch. Support is enabled by including the following module in the overlay:

With the above module, you may then declare a specific appender to communicate with AWS CloudWatch:

The AWS credentials for access key, secret key and region, if left undefined, may also be retrieved fromsystem properties via AWS_ACCESS_KEY, AWS_SECRET_KEY and AWS_REGION_NAME.The group name as well as the stream name are automatically created by CAS, if they are not already found.

Routing Logs to Logstash

CAS logging framework has the ability route log messages to a TCP/UDP endpoint.This configuration assumes that the Logstash server has enabled its TCP input on port 9500:

Routing Logs to SysLog

CAS logging framework does have the ability to route messages to an externalsyslog instance. To configure this,you first to configure the SysLogAppender and then specify whichmessages needs to be routed over to this instance:

You can also configure the remote destination output overSSL and specify the related keystore configuration:

Mapped Diagnostic Context

To uniquely stamp each request, CAS puts contextualinformation into the MDC, the abbreviation of Mapped Diagnostic Context. This effectivelytranslates to a number of special variables available to the logging context thatmay convey additional information about the nature of the request or the authentication event.

Additionally, all available request attributes and parameters are exposed as variables.

The above variables may be used in logging patterns:

• Use %X by itself to include all variables.
• Use %X{key} to include the specified variable.

This registry reads services definitions from JSON configuration files at the application context initialization time.JSON files are expected to be found inside a configured directory location and this registry will recursively look through the directory structure to find relevant JSON files.

Support is enabled by adding the following module into the overlay:

A sample JSON file follows:

To see the relevant list of CAS properties, please review this guide.

You MUST consider that if your CAS server deployment is clustered, each CAS node in the cluster must haveaccess to the same set of JSON configuration files as the other, or you may have to devise a strategy to keepchanges synchronized from one node to the next.

The JSON service registry is also able to auto detect changes to the specified directory. It will monitor changes to recognizefile additions, removals and updates and will auto-refresh CAS so changes do happen instantly.

Please make sure all field values in the JSON blob are correctly escaped, specially for the service id. If the service is defined as a regular expression, certain regex constructs such as '.' and 'd' need to be doubly escaped.

The naming convention for new JSON files is recommended to be the following:

Based on the above formula, for example the above JSON snippet shall be named: testJsonFile-103935657744185.json. Remember that because files are created based on the serviceName, you will need to make sure characters considered invalid for file names are not used as part of the name. Furthermore, note that CAS MUST be given full read/write permissions on directory which contains service definition files.

As you add more files to the directory, you need to be absolutely sure that no two service definitionswill have the same id. If this happens, loading one definition will stop loading the other. While service idscan be chosen arbitrarily, make sure all service numeric identifiers are unique. CAS will also output warningsif duplicate data is found.

JSON Syntax

Cas File

CAS uses a version of the JSON syntax that provides a much more relaxedsyntax with the ability to specify comments.

A given JSON file for instance could be formatted as such in CAS:

Note the trailing comma at the end. See the above link for more info on the alternative syntax.

Legacy Syntax

A number of legacy service definitions, supported by CAs automatically, are listed below.

CAS Add-ons

Originally developed as an extension for CAS 3.5.x, this add-on provided JSON syntax support in form of a single file that contained all service definitions. An example legacy JSON file is listed below for reference:

CAS is able to transform this definition into one that is officially supported. The results of transformations are written into a temporary file where the user is warned about the presence of this legacy behavior and the location of the transformed files. Changes should be reviewed and ultimately put into use in the relevant directory location to be loaded by the registry.

To activate support for this legacy syntax, the services registry file needs to be renamed servicesRegistry.json and must be placed in the same directory as all other JSON service definition files.

A few things to note:

• The extraAttributes property is ignored and may not be transformed.
• Service identifier patterns in the legacy syntax may be specified as ant patterns. These patterns are automatically massaged by CAS in small ways during transformations to ensure they are turned into a valid regular expression as much as possible. You should of course review the results and make any manual modifications necessary to make the pattern functional.

Jasig Namespace

Case File Express

CAS automatically should remain backward compatible with service definitionsthat were created by a CAS 4.2.x instance. Warnings should show up in the logswhen such deprecated service definitions are found. Deployers are advised to review each definitionand consult the docs to apply the new syntax.

Cas File Extension

An example legacy JSON file is listed below for reference:

Replication

If CAS is to deployed in a cluster, the service definition files must be kept in sync for all CAS nodes. Please review this guide to learn more about available options.

Auto Initialization

Cas File

Upon startup and configuration permitting, the registry is able to auto initialize itself from default JSON service definitions available to CAS. See this guide for more info.