- "CAS" service entries need to updated from class RegexRegisteredService to CasApplicationService:
db.services.update({_class: 'org.apereo.cas.services.RegexRegisteredService'}, {'$set': { '_class': 'org.apereo.cas.services.CasRegisteredService' } });- Default attribute releases have been removed, must add attribute releases to CAS services entries in CAS Mgmt application. a. Upgrade existing service to support Attribute resolution:
db.services.updateOne({serviceId: '^https?://.*'}, {'$set': { 'attributeReleasePolicy._class': 'org.apereo.cas.services.ReturnAllAttributeReleasePolicy' } });b. Delete the default IMAPS/HTTPS service provided by Apereo:
db.services.deleteOne({serviceId: '^(https|imaps)://.*'})-
Create a Mongo database for Spring Sessions, eg spring-sessions and assign the CAS mongo user readWrite access to it.
-
Update cas-service-registry in mongo:
db.services.update({ "multifactorPolicy.failureMode": "NOT_SET"}, { $set: { "multifactorPolicy.failureMode": "UNDEFINED" } }, { multi: true }); -
Remove existing tickets in mongo (optionally, drop collections as well):
db.ticketGrantingTicketsCollection.remove({})
db.serviceTicketsCollection.remove({})
db.transientSessionTicketsCollection.remove({})
db.proxyGrantingTicketsCollection.remove({})
db.proxyTicketsCollection.remove({})
db.oauthAccessTokensCache.remove({})
db.oauthCodesCache.remove({})
db.oauthDeviceTokensCache.remove({})
db.oauthDeviceUserCodesCache.remove({})
db.oauthRefreshTokensCache.remove({})This is to prevent the ticket cleaner from crashing. To keep tickets, need to figure out the change in date format and write a script to update it on all tickets.
- Generic OIDC callback URLs changed from v5 to v6, need to update your OIDC provider to use https:///cas/login/<oidc_client_name>
- Health checks changed to
/<app>/actuator/health - Drop this index from the services collection:
{
"v" : 2,
"unique" : true,
"key" : {
"serviceId" : 1
},
"name" : "serviceId_1",
"ns" : "cas-service-registry.services"
},