Our campus is shutting down for the holidays today and it looks like thus far we haven't crashed in almost 24 hours. So FWIW below are my config params in hopes it might help others. I learn best by examples myself. If those on this list have suggestions on better ways to do the things we're doing, please let me know. Happy to learn.
cas.adminPagesSecurity.ip=127.0.0.1
cas.adminPagesSecurity.loginUrl=${cas.server.prefix}/login
cas.adminPagesSecurity.service=${cas.server.prefix}/status/dashboard
cas.adminPagesSecurity.users=file:/etc/cas/config/users.properties
cas.adminPagesSecurity.adminRoles[0]=ROLE_ADMIN
logging.config: file:/etc/cas/config/log4j2.xml
cas.slo.disabled=true
cas.ticket.tgt.maxTimeToLiveInSeconds=36000
cas.ticket.tgt.timeToKillInSeconds=14400
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=<redacted>
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].baseDn=ou=People,dc=uah,dc=edu
cas.authn.ldap[0].userFilter=(|(uid={user})(mail={user}))
cas.authn.ldap[0].bindDn=<redacted>
cas.authn.ldap[0].bindCredential=<redacted>
cas.authn.ldap[0].principalAttributeList=uid,mail
cas.authn.attributeRepository.ldap[0].order=0
cas.authn.attributeRepository.ldap[0].ldapUrl=<redacted>
cas.authn.attributeRepository.ldap[0].useSsl=true
cas.authn.attributeRepository.ldap[0].useStartTls=false
cas.authn.attributeRepository.ldap[0].baseDn=ou=People,dc=uah,dc=edu
cas.authn.attributeRepository.ldap[0].bindDn=<redacted>
cas.authn.attributeRepository.ldap[0].bindCredential=<redacted>
cas.authn.attributeRepository.ldap[0].userFilter=(|(uid={user})(mail={user}))
cas.authn.attributeRepository.ldap[0].attributes.uid=uid
cas.authn.attributeRepository.ldap[0].attributes.ou=ou
cas.authn.attributeRepository.ldap[0].attributes.o=o
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.mail=mail
cas.authn.attributeRepository.ldap[0].attributes.mailLocalAddress=mailLocalAddress
cas.authn.attributeRepository.ldap[0].attributes.member=member
cas.authn.attributeRepository.ldap[0].attributes.memberof=memberof
cas.authn.attributeRepository.ldap[0].attributes.uahUDCID=UDC_IDENTIFIER
cas.authn.attributeRepository.ldap[0].attributes.displayName=displayName
cas.authn.attributeRepository.ldap[0].attributes.givenName=givenName
cas.authn.attributeRepository.ldap[0].attributes.telephoneNumber=telephoneNumber
cas.authn.attributeRepository.ldap[0].attributes.title=title
cas.authn.attributeRepository.ldap[0].attributes.employeeNumber=employeeNumber
cas.authn.attributeRepository.ldap[0].attributes.eduPersonAffiliation=eduPersonAffiliation
cas.authn.attributeRepository.ldap[0].attributes.eduPersonPrimaryAffiliation=eduPersonPrimaryAffiliation
cas.authn.attributeRepository.ldap[0].attributes.eduPersonEntitlement=eduPersonEntitlement
cas.authn.attributeRepository.ldap[0].attributes.eduPersonPrincipalName=eduPersonPrincipalName
cas.authn.attributeRepository.ldap[0].attributes.uahEduHomeLaborAcct=uahEduHomeLaborAcct
cas.authn.attributeRepository.ldap[0].attributes.physicalDeliveryOfficeName=physicalDeliveryOfficeName
cas.personDirectory.principalAttribute=uid,mail
cas.personDirectory.returnNull=false
cas.personDirectory.principalResolutionFailureFatal=false
cas.authn.accept.users=
cas.serviceRegistry.json.location=file:/etc/cas/config/services
cas.serviceRegistry.watcherEnabled=true
cas.serviceRegistry.repeatInterval=240000
cas.serviceRegistry.initFromJson=true
cas.samlSP.inCommon.signatureLocation=/etc/cas/saml/inc-md-public-key.pem
cas.authn.samlIdp.metadata.location=file:/etc/cas/saml
cas.authn.samlIdp.response.useAttributeFriendlyName=true
cas.authn.samlIdp.response.attributeNameFormats=uid->uri,mail->uri
management.contextPath=/status
management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.monitor.endpoints.dashboard.enabled=true
cas.monitor.endpoints.dashboard.sensitive=false
cas.monitor.endpoints.status.enabled=true
cas.monitor.endpoints.status.sensitive=false
Current memory usage: