At least in CAS 5.[1-3].x, the /status endpoint itself is secured by the IP
address pattern (and nothing else). It's a Java regular expression, so you
can get pretty fancy with it, though. We use something like this:
cas.adminPagesSecurity.ip:
^192\\.168\\.(1\\.[0-9]{1,3}|2\\.1[45]|3\\.1[56])$
Thank you very much, that did the trick. Your site is a huge help, very
nice to have clear examples and explanations. The only thing I am still not
sure about is how to secure the /status endpoint.
On Fri, Oct 25, 2019 at 3:45 AM David Curry
wrote:
> At first blush it looks like your
At first blush it looks like your cas.properties property names are wrong;
there might be other things too that you didn't happen to quote. Here's a
step-by-step for enabling them all, if you find it helpful:
I have been struggling to get access to development CAS v5.2.4 status
endpoints. I was unable to get them unsecured and went on to add Spring
Security with master user, who it is correctly validating, but somehow my
IP is still not authorized. Following are relevant properties and logs. I'm
