new configuration version
This commit is contained in:
parent
8264aaa06f
commit
d0d95ee9ae
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisKeyStore"
|
||||||
|
metadata:
|
||||||
|
name: "auth-sh4r3d-nevisidm-sectoken-signer"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
cn: "signer"
|
||||||
|
usage: "signer"
|
||||||
|
san:
|
||||||
|
dns: []
|
||||||
|
email: []
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "auth-v1-default-default-signer-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
keystores:
|
||||||
|
- name: "auth-sh4r3d-nevisidm-sectoken-signer"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisKeyStore"
|
||||||
|
metadata:
|
||||||
|
name: "auth-v1-default-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
cn: "auth-v1"
|
||||||
|
usage: "<reserved for future use>"
|
||||||
|
san:
|
||||||
|
dns:
|
||||||
|
- "auth-v1"
|
||||||
|
- "auth-v1.adn-agov-nevisidm-admin-01-uat"
|
||||||
|
email: []
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "auth-v1-default-tls-client-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
keystores:
|
||||||
|
- name: "proxy-idm-v1-saml-sp-nevisidm-admin-realm-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
- name: "proxy-sp-v1-saml-sp-nevisidm-operations-realm-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
- name: "proxy-sp-v1-op-onbrdng-authenticationrealm-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "auth-v1-default-tls-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
keystores:
|
||||||
|
- name: "idm-v1-default-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
- name: "idm-job-v1-default-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "auth-v1-saml-idp-admin-connector-trust-store"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
keystores: []
|
||||||
|
extraCerts:
|
||||||
|
- "-----BEGIN CERTIFICATE-----\nMIIEGDCCAwCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJjaDEQ\nMA4GA1UEChMHQWRub3Z1bTEXMBUGA1UEAxMOYml0ZWlhbS1yb290Q0EwHhcNMjAw\nMzA1MTYzMDAwWhcNMzAwMzAzMTYzMDAwWjA0MQswCQYDVQQGEwJjaDEQMA4GA1UE\nChMHQWRub3Z1bTETMBEGA1UEAxMKc2lnbmVyRkVEUzCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJoWqbsYhNXW0mDsDJPAiTN896e4QML9qnt7FIhVKKe3\nT66lT/nfOkFPUZuKejgbjFFDEDChRJf0Achq7lWGKPrNPnrTxZmU7Bcu86BER76L\n4kDcGF/x03W9fgUgQ7X45CXYeq4vqfpzNC+lkZA1OxbpcXZA/4Z39Z3pm7CWXnAg\nv6nFABKJ9kVAyhuPyb5yIuGHcdLL+068aVp5sxY/6HoXf889+iVFDgTwSXVYKMyZ\nnZbvvd/IIod4WuiXsOspPS9yj+E9yMvtsUtChghcQ17ubo7S1P8JxAQWXngopH8Y\nnDeOiesJfR2APDdg7EXWYewARSFr10GxuXoKDjLe148CAwEAAaOCAS8wggErMAkG\nA1UdEwQCMAAwPwYJYIZIAYb4QgENBDIWME5ldmlzIEtleUJveCBHZW5lcmF0ZWQg\nQ2VydGlmaWNhdGUgdXNpbmcgT3BlblNTTDALBgNVHQ8EBAMCA6gwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ4zYpzY1lB5/bKeg3z1kJO\nkkdYgDBoBgNVHSMEYTBfgBRRdKau0TH9VQ0E8ob0J+WyYkcs4aE8pDowODELMAkG\nA1UEBhMCY2gxEDAOBgNVBAoTB0Fkbm92dW0xFzAVBgNVBAMTDmJpdGVpYW0tcm9v\ndENBggkA+97eIJWmttcwEQYJYIZIAYb4QgEBBAQDAgbAMBUGA1UdEQQOMAyCCnNp\nZ25lckZFRFMwDQYJKoZIhvcNAQELBQADggEBAHGHJ7DzRNdPl6Kiy4rCoQR/nhTa\nVbBsAeB070NpWma2iun3Wf5zIoefbSlPoofP4tOVYUoKtMHTWCYAUnHIEg5H985y\nYm2MFY0vwgMZ+Jvcs7NCHzK9O/tN+uUjkFNLSCfzTb+K9vyF6lj4L4lQWa5++DZ6\nkWPaDWvwY/NOSoIehmJupmcJlA1qxzlTc+659xoOk1WyhusNkuiOUjFrLQ+tgRnD\n7dGuzJQyBV1Iy/A4IhpN2ootVgrI7NMJ2YetCq7yuipRZka3RoeVhUs8CWFfYRtc\nsaTCck7atYyMVlPUf03EppC18ILBmbNzYJ58KT2oQywa7+Sdsqx4+5cOOOU=\n-----END CERTIFICATE-----\n"
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "auth-v1-saml-idp-op-connector-trust-store"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
keystores: []
|
||||||
|
extraCerts:
|
||||||
|
- "-----BEGIN CERTIFICATE-----\nMIIEGDCCAwCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJjaDEQ\nMA4GA1UEChMHQWRub3Z1bTEXMBUGA1UEAxMOYml0ZWlhbS1yb290Q0EwHhcNMjAw\nMzA1MTYzMDAwWhcNMzAwMzAzMTYzMDAwWjA0MQswCQYDVQQGEwJjaDEQMA4GA1UE\nChMHQWRub3Z1bTETMBEGA1UEAxMKc2lnbmVyRkVEUzCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAJoWqbsYhNXW0mDsDJPAiTN896e4QML9qnt7FIhVKKe3\nT66lT/nfOkFPUZuKejgbjFFDEDChRJf0Achq7lWGKPrNPnrTxZmU7Bcu86BER76L\n4kDcGF/x03W9fgUgQ7X45CXYeq4vqfpzNC+lkZA1OxbpcXZA/4Z39Z3pm7CWXnAg\nv6nFABKJ9kVAyhuPyb5yIuGHcdLL+068aVp5sxY/6HoXf889+iVFDgTwSXVYKMyZ\nnZbvvd/IIod4WuiXsOspPS9yj+E9yMvtsUtChghcQ17ubo7S1P8JxAQWXngopH8Y\nnDeOiesJfR2APDdg7EXWYewARSFr10GxuXoKDjLe148CAwEAAaOCAS8wggErMAkG\nA1UdEwQCMAAwPwYJYIZIAYb4QgENBDIWME5ldmlzIEtleUJveCBHZW5lcmF0ZWQg\nQ2VydGlmaWNhdGUgdXNpbmcgT3BlblNTTDALBgNVHQ8EBAMCA6gwHQYDVR0lBBYw\nFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ4zYpzY1lB5/bKeg3z1kJO\nkkdYgDBoBgNVHSMEYTBfgBRRdKau0TH9VQ0E8ob0J+WyYkcs4aE8pDowODELMAkG\nA1UEBhMCY2gxEDAOBgNVBAoTB0Fkbm92dW0xFzAVBgNVBAMTDmJpdGVpYW0tcm9v\ndENBggkA+97eIJWmttcwEQYJYIZIAYb4QgEBBAQDAgbAMBUGA1UdEQQOMAyCCnNp\nZ25lckZFRFMwDQYJKoZIhvcNAQELBQADggEBAHGHJ7DzRNdPl6Kiy4rCoQR/nhTa\nVbBsAeB070NpWma2iun3Wf5zIoefbSlPoofP4tOVYUoKtMHTWCYAUnHIEg5H985y\nYm2MFY0vwgMZ+Jvcs7NCHzK9O/tN+uUjkFNLSCfzTb+K9vyF6lj4L4lQWa5++DZ6\nkWPaDWvwY/NOSoIehmJupmcJlA1qxzlTc+659xoOk1WyhusNkuiOUjFrLQ+tgRnD\n7dGuzJQyBV1Iy/A4IhpN2ootVgrI7NMJ2YetCq7yuipRZka3RoeVhUs8CWFfYRtc\nsaTCck7atYyMVlPUf03EppC18ILBmbNzYJ58KT2oQywa7+Sdsqx4+5cOOOU=\n-----END CERTIFICATE-----\n"
|
|
@ -0,0 +1,63 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisComponent"
|
||||||
|
metadata:
|
||||||
|
name: "auth-v1"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "auth-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
spec:
|
||||||
|
type: "NevisAuth"
|
||||||
|
replicas: 1
|
||||||
|
version: "8.2405.2"
|
||||||
|
gitInitVersion: "1.3.0"
|
||||||
|
runAsNonRoot: true
|
||||||
|
ports:
|
||||||
|
management: 9000
|
||||||
|
soap: 8991
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: "2"
|
||||||
|
memory: "2000Mi"
|
||||||
|
requests:
|
||||||
|
cpu: "20m"
|
||||||
|
memory: "1000Mi"
|
||||||
|
livenessProbe:
|
||||||
|
soap:
|
||||||
|
tcpSocket: true
|
||||||
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 4
|
||||||
|
readinessProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/nevisauth/liveness"
|
||||||
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 6
|
||||||
|
startupProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/nevisauth/liveness"
|
||||||
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 6
|
||||||
|
failureThreshold: 50
|
||||||
|
podDisruptionBudget:
|
||||||
|
maxUnavailable: "50%"
|
||||||
|
git:
|
||||||
|
tag: "r-29c1b415348a6c1b8b32c65f6f40449f8c7765b0"
|
||||||
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth-v1"
|
||||||
|
credentials: "git-credentials"
|
||||||
|
keystores:
|
||||||
|
- "auth-v1-default-identity"
|
||||||
|
- "auth-sh4r3d-nevisidm-sectoken-signer"
|
||||||
|
truststores:
|
||||||
|
- "auth-v1-default-tls-client-trust"
|
||||||
|
- "auth-v1-default-tls-trust"
|
||||||
|
- "auth-v1-saml-idp-admin-connector-trust-store"
|
||||||
|
- "auth-v1-saml-idp-op-connector-trust-store"
|
||||||
|
- "auth-v1-default-default-signer-trust"
|
||||||
|
podSecurity:
|
||||||
|
policy: "baseline"
|
||||||
|
automountServiceAccountToken: false
|
||||||
|
timeZone: "Europe/Zurich"
|
|
@ -0,0 +1,18 @@
|
||||||
|
schemaVersion: 1.0
|
||||||
|
instance:
|
||||||
|
type: "nevisauth"
|
||||||
|
name: "default"
|
||||||
|
directory: "/var/opt/nevisauth/default"
|
||||||
|
pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2"
|
||||||
|
source:
|
||||||
|
url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-ADMIN-PROJECT/patterns/ac27dd7daad0ca2b7229bfaf"
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ac27dd7daad0ca2b7229bfaf"
|
||||||
|
patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable"
|
||||||
|
resources:
|
||||||
|
ports:
|
||||||
|
- "0.0.0.0:8991"
|
||||||
|
control:
|
||||||
|
start: "systemctl restart nevisauth@default &"
|
||||||
|
stop: "systemctl stop nevisauth@default"
|
||||||
|
status: "systemctl status nevisauth@default"
|
|
@ -0,0 +1,32 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFiTCCA3GgAwIBAgIUIZmIFu1OifLaIzdQ5H+KT2+9nucwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwVDELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB0Fkbm92dW0xDTALBgNVBAsMBEFH
|
||||||
|
T1YxJDAiBgNVBAMMG29wLmFnb3Ytdy5henVyZS5hZG5vdnVtLm5ldDAeFw0yNDA4
|
||||||
|
MTkwOTUyMTBaFw0zNDA4MTcwOTUyMTBaMFQxCzAJBgNVBAYTAmNoMRAwDgYDVQQK
|
||||||
|
DAdBZG5vdnVtMQ0wCwYDVQQLDARBR09WMSQwIgYDVQQDDBtvcC5hZ292LXcuYXp1
|
||||||
|
cmUuYWRub3Z1bS5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF
|
||||||
|
NEVj7VG5girGp+FWNQ0cJ8Ti4iF79cd0iiqK7J20x8JJng+fdqsNdcFtsAc7vQT9
|
||||||
|
Q/OTC9wHktFrIsJvvBOSbA4zQDY/7uxDM8hlOcqpKYsTE3scc5j6NnPrE7YLbiWc
|
||||||
|
zRwmQAF1He8hrllKX4vKSNmzQuL1Fgr3zv19/kwUk3ug7CxsMqWjyp/p4xxhLaL0
|
||||||
|
RNbQwkdJyQnNqCa/JHPKowcZa7sXusWc0oxKknAqHQCigF1guDZf7yNb7KVaTrJf
|
||||||
|
TMaCXd5DOgbAuwfYDfJxgSSJxp+SgJDcX/NdTTZQSjiyeIAwkJds8iH367nfS8TI
|
||||||
|
Zbxe8RMUsS/V8N7d/CIKiuWI3ImLJNSDdk/5FiNl09Exx/J65LBzzWK7FT4in3vZ
|
||||||
|
VvuEda1dU/nYh9+feHVNZHIFuu1OaAoLMzt7oRukE7rqIE/L7Xr+1QEz37AvS2PB
|
||||||
|
/6p9Dz98BRKjeMiRX/YvEo0beRGQDRsF1PsummZR3D4hbq0WPHj7Yi+vDCFfcmAQ
|
||||||
|
LK28Gtm0Mt1XIwTakf33RbryOSerF/ItbkYxP01T4pI0CLWVs2UDy4fejAH1o6Kp
|
||||||
|
ZvCeBuDDV4Vbgsg2gYdMwoU5sNUJH9vOGKuR3fNAY35ITcubZMe+vOAniZJIYwyy
|
||||||
|
PNE7FrfzXU1kQOkiDKMjVcj4ONKUa16l89Kn9yJQWQIDAQABo1MwUTAdBgNVHQ4E
|
||||||
|
FgQUmq4HxS3h6DMPbAAp7OFRftcLTzowHwYDVR0jBBgwFoAUmq4HxS3h6DMPbAAp
|
||||||
|
7OFRftcLTzowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAbdOP
|
||||||
|
xoTX5oBliYCFqHMAX5HFyRiwkaUgfbeWKfFRMagE6wztXOsypUnJT9zPZ1Vzu7w0
|
||||||
|
EriilvmqEWFEPLnRUwCksaj698gEJpZtjHsmImbUz07psw2w1lbbAdijaVgtajAy
|
||||||
|
0M0g8r8y4eomlGqCjnpvIvhrhcMl2AVW0lW4lFJHrHg2rPtwj0F8jBTBU4ptkg6/
|
||||||
|
XyDaBFKVoCt1ged53Bf2htnkvw8oXqinYzR6qQAUX+dvLu7GH7Nbo2S1dOl2h3Ov
|
||||||
|
g7E6unLS+t5Ys/7FHdJUBXSwKl2/AkRCze159LBxhhrptLkrFrDkWKR+ACsY61a/
|
||||||
|
wxqLxkdPQRfN+c+dUq59oF15/mrgwzj36o70WYT1xoE++jK9HDOr0wifbqe2jMY6
|
||||||
|
Kx66yPvtXEuHcRnzpVrTH+vTCgQ1f/GmIMLHSxEk0roFb/es+kSgHGfMhyXkp8q/
|
||||||
|
iL6uQQz8J1J7vtNhUbCNGcSAReK0MASAsQ34rcFB0XGl/YZ4EJ092XjDXnM9+BmG
|
||||||
|
HScOg0AoGBg/zjLuBRo++jp42GpedLuFlDqlUyFYl9rOGczM9TD4cTvViCvpP/95
|
||||||
|
nSk6WsNrJN+s5SF6plgRBGXDI0AYEaGEhODkR88BzJtmRdxNnoBowFDMVgsgUHzN
|
||||||
|
6AfsSrlJPrOjAiMeUiR+WLuhJVifpT+FIoTb/Ko=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,54 @@
|
||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUSFveca6jQvyQEDNp
|
||||||
|
+SAa7cjgsZkCAggAMB0GCWCGSAFlAwQBKgQQPi0Fa+RJi5NQGegMJMlKbgSCCVBo
|
||||||
|
Yddg8FtVvQgWXWua1XzMpgUiHO8p2/Ka1YnJ5UyoEbhuMD53IFCUVBR8Dh0p5QQR
|
||||||
|
5+3z5KJ7neLtAMAtFb/rdvupGhLqzIBLOTbPLOi3B9gmnzxMRiLbPsgk5jPMG/Xw
|
||||||
|
0KNMOnuKaf4qsGTmBowDIXwahklFFM7USmocxx27zHLjjM+XJecHhOp2kwPMQvts
|
||||||
|
2G0MrYs8+ZdWMOIlgQwxJnCnHmJIaP48ZvrByxR3dNYG8/nhxx/mKx2Qvmd4I4co
|
||||||
|
whJQxa2o/3RqAQuRxckHa2ohzwxhRpPT2peEMtvuKJ7OtPY2dfkLVm0yCjOV6Bvw
|
||||||
|
0O9U3h2NKU9Bk1LVVLqbe6tpWQ/8BPAO5nEn+yU5wP3UbrVKTkTlSYMB5CuG0ZYR
|
||||||
|
62G4esxb7T+zKfkqES68Pzl5KNhaOhBeqmaXAcdryNYsPSVtLX8h+Wjqak0IbTGp
|
||||||
|
bD3T2CGa6JYm9h2FamcNzsUhlEDcDglsvq1sH7KTIJMwGdNwqPpb/bHUaWw6X3Kz
|
||||||
|
AvvP0c4y/bmu02C2PQ2G4BxI/0lBlCzvvwsoqK/NqcyK/d9ffMH1zK2vTErIRroT
|
||||||
|
6fJOAWiNcz1FhuKjZwtH3NQjHtf20YfmGfBx/CBdxnryvIoD+S8uxZojbGGnH/F4
|
||||||
|
qgofCAUxKzATt785ELa8XGsIaTRT4N2vm9TIbzpWAKVx0/GnOu7cIdCUDwD9TNGg
|
||||||
|
eZzCSRkPjXSE6i0QODA7LRxJEfVsWOjOI96sn3qiBjm0ZgrKdwivNQiOyHI58wJR
|
||||||
|
tpT7PgjLGVhy0iVZWm597BNq/wJi4DjshkcixVhYNVi7qXgUd2hsS3oCn8EzJvbO
|
||||||
|
UmzBuTlYkf+AfQMnE2VVCNtPd4V7a1nTJC80uxoqa+GrMBtwqs1Xf8k4cbZDBXBR
|
||||||
|
EOTWF3QhbZachtLkvrNBDfZvj9142PtN6yskRZnSrPNeKYUD1pucOvpqR/AYwqkl
|
||||||
|
fdTzAcuJK7Xrsq6h0lduEeV94VUZU7q3oledjCLK41bp4JdV9eOxYt96Qszx6/eA
|
||||||
|
tTFPTwvRb3SotqwMNhsZIgGb5YKf18n9z59qzAb4komHwYSFMN+6dxyyOqb+ecm9
|
||||||
|
WbGFUji7VaXaAyIfdmGQcyT44wiD0AZ9o8nQ9GZjwwQgy9BpKJbWtaPmBmlw6Eqr
|
||||||
|
nTxDtze6+MfifdO/tRgGq56Oe0Wag+OWk5k4dnst/oZ7QczLx5C1ycsq7ebpZJon
|
||||||
|
p8CHw5biOLHPuQQpWEQv3T1isZit9R3kNDu9c+6+TsaFZWdw6cCvhI6zK4j9fQu9
|
||||||
|
AS1Ab+kabk5Xs/XXQxzB+W2LagK7/jYX8Du/zLTWXfGQnSlu5iZuQiFFzQcR93kS
|
||||||
|
XGlo5FoB/m4tA4vi7j3NV6piKmnuwsK7Mmuxaki3ZDJeVzJ3h01Yzd+mK8cneQB9
|
||||||
|
72j3wQycpcCJX58iNebTUpdpdJ6X3DSh/zjb3HtrAQ6s8AQCagpuP9DMyCFzGShL
|
||||||
|
4a/g8NzN0+sS/LlDx+0im8YAnGkOLkepWTatmbtzW8qYH+vMlAn8hm3Tt/hYlBhg
|
||||||
|
FLJAQxdpahgGfUhnvxHZwiUP8LFy044DSRf0rb5065K62jhGwASZX/2qFnH/z31L
|
||||||
|
GVeDzFET66rSeJr0QXMRWoAPZMLZEH6KPPYDx0uvzFQNvX5V7lzQr+bzlMQMEVuw
|
||||||
|
JeGhwB1Cv9HE5+JE0W7dEeVkXpW91zx6AG3fq1fWngolWhbNDWEw6k3mMOfsUGcd
|
||||||
|
dVtxakzhNEpErILAUZga9g6L7XTjAwy3f5koLl5GgPHl0e0RC9NaxTmJQvR4BBEj
|
||||||
|
tpJLM8/PWMeozIGiDt/hHF80UWLLp/qF4tKHHGDfCquADlbP4n5KeU7NGgbtZqo1
|
||||||
|
6QWGSUUG2xeRWLLVU+RquucfLhPbWmtM5MmtUAoDyXsj/g2Ofj8dHJkFvQjfMDXX
|
||||||
|
xZ8DSabCOaqoA2ld5VXKfDG/QmStb0x1MKue8/v55FkBbOo5jTdAgEyi29+nF7Lo
|
||||||
|
DmIM/Z7H2TR0RIoFltKDm6h3YUgMT80idYWXIFf5J+2JKAdcUP0bzAZEEcsvBEEU
|
||||||
|
YrqyKM3R8JurQsXYyGx3upaxxljDLuLln8uXGUhqEdOXhzzK8cSb7LnQnLqU7OVA
|
||||||
|
IcFb5OgB5qlIs/p3LnI/Lkec4xpledh+xHRG5ADo+/MD1QIwGYvIcgV9/M2UtGEm
|
||||||
|
HAz8RAMnZlnBgvgbzaOax01ls8pLCOyYT5qWjWvAEldop4AOWnnjkkuj89xNrzFA
|
||||||
|
TJj1Z/2dhNJcJyvLQ6GNI5cyI1Y/cQ7UbBffoUmsMGVmwznlwD2ezIVP/KgSuahs
|
||||||
|
G1hT4D08c9Q6rF/dxO3Ithqlmk0AIUO949fiQsw6961QBET1Ttde9BCXg1UeZ9WY
|
||||||
|
1mCU6moNzO9HLPo9FFYQfF5e/LFkyBaraZHzuK2qZTnWXPu/vrHCsKeJAcVy2+X+
|
||||||
|
h5l3r0UICa33+r4DnxUnx1w6/NDZOkNBXTPBkEjL9n7os6fpxqcrqFCEFfPEzjJS
|
||||||
|
Si7scPe0OVVBSSFIGfSUewp12Z42a6WVQjGcAo3bSBioed+Vau7dsQhGfnFkdlEz
|
||||||
|
8ShzLpsCXn1+WnIGJ+Mnp1Eq9SRrLWVvhfK3+nuD+IOQS+Mdy6lZwv7Sh8aw1dah
|
||||||
|
E2lOCLOVZ5Gq2J+RmW9Mfc+XPt+mtgogIPVrB7/zg5iZblarjkNEE/xfgwF7XYRA
|
||||||
|
rzNDOVArYvnupq76BC606M+KrgUVNC4iUiA31o8LE/VN+Hb47LGmE9yw2HDgdYjq
|
||||||
|
QBnsf922zKJdtSdhcnJjKh540LpkMuMxHkBeYgzqGtRca93LIVOeuu/gHZ08Vy0g
|
||||||
|
FsvnSZ2YON2V7mKBM4Mr6PYioysIghFnItOcpybvm+qezmcG8E5icgMqgU9Xx3E0
|
||||||
|
6VYlNineY5LCyVNxahrOPI1lpn7+y0aXqcDmeV844R9sETRK5CtRrD44ZU6blpmp
|
||||||
|
ozqgrXTFGxdmhFIvh4YbmRx8tlPm2O8j3a62d2l8dD+wb6+pSOPdWy8nlZOKNTnu
|
||||||
|
e6+lduIiWz5k9I6i5t5HRFF9Ks3Y9BCWlztvPR/YtKGjb9KWr9Y6Qlusrjhqi+7m
|
||||||
|
Fh8JEy86X6HEZ4HjubYhncujckM9rUD7vpY9c1a1F0yPUbNHx6/lm0NkvSNaTtyX
|
||||||
|
N3AZ41ui96b5jUOgiw2AqyV2NXn35JZnmS0pe/Sjbw==
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
echo 'RkygGwc8Ixv0xWxH7+EB1FeoE2Ako1Loj63V+fDcsQ='
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,87 @@
|
||||||
|
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||||
|
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUSFveca6jQvyQEDNp
|
||||||
|
+SAa7cjgsZkCAggAMB0GCWCGSAFlAwQBKgQQPi0Fa+RJi5NQGegMJMlKbgSCCVBo
|
||||||
|
Yddg8FtVvQgWXWua1XzMpgUiHO8p2/Ka1YnJ5UyoEbhuMD53IFCUVBR8Dh0p5QQR
|
||||||
|
5+3z5KJ7neLtAMAtFb/rdvupGhLqzIBLOTbPLOi3B9gmnzxMRiLbPsgk5jPMG/Xw
|
||||||
|
0KNMOnuKaf4qsGTmBowDIXwahklFFM7USmocxx27zHLjjM+XJecHhOp2kwPMQvts
|
||||||
|
2G0MrYs8+ZdWMOIlgQwxJnCnHmJIaP48ZvrByxR3dNYG8/nhxx/mKx2Qvmd4I4co
|
||||||
|
whJQxa2o/3RqAQuRxckHa2ohzwxhRpPT2peEMtvuKJ7OtPY2dfkLVm0yCjOV6Bvw
|
||||||
|
0O9U3h2NKU9Bk1LVVLqbe6tpWQ/8BPAO5nEn+yU5wP3UbrVKTkTlSYMB5CuG0ZYR
|
||||||
|
62G4esxb7T+zKfkqES68Pzl5KNhaOhBeqmaXAcdryNYsPSVtLX8h+Wjqak0IbTGp
|
||||||
|
bD3T2CGa6JYm9h2FamcNzsUhlEDcDglsvq1sH7KTIJMwGdNwqPpb/bHUaWw6X3Kz
|
||||||
|
AvvP0c4y/bmu02C2PQ2G4BxI/0lBlCzvvwsoqK/NqcyK/d9ffMH1zK2vTErIRroT
|
||||||
|
6fJOAWiNcz1FhuKjZwtH3NQjHtf20YfmGfBx/CBdxnryvIoD+S8uxZojbGGnH/F4
|
||||||
|
qgofCAUxKzATt785ELa8XGsIaTRT4N2vm9TIbzpWAKVx0/GnOu7cIdCUDwD9TNGg
|
||||||
|
eZzCSRkPjXSE6i0QODA7LRxJEfVsWOjOI96sn3qiBjm0ZgrKdwivNQiOyHI58wJR
|
||||||
|
tpT7PgjLGVhy0iVZWm597BNq/wJi4DjshkcixVhYNVi7qXgUd2hsS3oCn8EzJvbO
|
||||||
|
UmzBuTlYkf+AfQMnE2VVCNtPd4V7a1nTJC80uxoqa+GrMBtwqs1Xf8k4cbZDBXBR
|
||||||
|
EOTWF3QhbZachtLkvrNBDfZvj9142PtN6yskRZnSrPNeKYUD1pucOvpqR/AYwqkl
|
||||||
|
fdTzAcuJK7Xrsq6h0lduEeV94VUZU7q3oledjCLK41bp4JdV9eOxYt96Qszx6/eA
|
||||||
|
tTFPTwvRb3SotqwMNhsZIgGb5YKf18n9z59qzAb4komHwYSFMN+6dxyyOqb+ecm9
|
||||||
|
WbGFUji7VaXaAyIfdmGQcyT44wiD0AZ9o8nQ9GZjwwQgy9BpKJbWtaPmBmlw6Eqr
|
||||||
|
nTxDtze6+MfifdO/tRgGq56Oe0Wag+OWk5k4dnst/oZ7QczLx5C1ycsq7ebpZJon
|
||||||
|
p8CHw5biOLHPuQQpWEQv3T1isZit9R3kNDu9c+6+TsaFZWdw6cCvhI6zK4j9fQu9
|
||||||
|
AS1Ab+kabk5Xs/XXQxzB+W2LagK7/jYX8Du/zLTWXfGQnSlu5iZuQiFFzQcR93kS
|
||||||
|
XGlo5FoB/m4tA4vi7j3NV6piKmnuwsK7Mmuxaki3ZDJeVzJ3h01Yzd+mK8cneQB9
|
||||||
|
72j3wQycpcCJX58iNebTUpdpdJ6X3DSh/zjb3HtrAQ6s8AQCagpuP9DMyCFzGShL
|
||||||
|
4a/g8NzN0+sS/LlDx+0im8YAnGkOLkepWTatmbtzW8qYH+vMlAn8hm3Tt/hYlBhg
|
||||||
|
FLJAQxdpahgGfUhnvxHZwiUP8LFy044DSRf0rb5065K62jhGwASZX/2qFnH/z31L
|
||||||
|
GVeDzFET66rSeJr0QXMRWoAPZMLZEH6KPPYDx0uvzFQNvX5V7lzQr+bzlMQMEVuw
|
||||||
|
JeGhwB1Cv9HE5+JE0W7dEeVkXpW91zx6AG3fq1fWngolWhbNDWEw6k3mMOfsUGcd
|
||||||
|
dVtxakzhNEpErILAUZga9g6L7XTjAwy3f5koLl5GgPHl0e0RC9NaxTmJQvR4BBEj
|
||||||
|
tpJLM8/PWMeozIGiDt/hHF80UWLLp/qF4tKHHGDfCquADlbP4n5KeU7NGgbtZqo1
|
||||||
|
6QWGSUUG2xeRWLLVU+RquucfLhPbWmtM5MmtUAoDyXsj/g2Ofj8dHJkFvQjfMDXX
|
||||||
|
xZ8DSabCOaqoA2ld5VXKfDG/QmStb0x1MKue8/v55FkBbOo5jTdAgEyi29+nF7Lo
|
||||||
|
DmIM/Z7H2TR0RIoFltKDm6h3YUgMT80idYWXIFf5J+2JKAdcUP0bzAZEEcsvBEEU
|
||||||
|
YrqyKM3R8JurQsXYyGx3upaxxljDLuLln8uXGUhqEdOXhzzK8cSb7LnQnLqU7OVA
|
||||||
|
IcFb5OgB5qlIs/p3LnI/Lkec4xpledh+xHRG5ADo+/MD1QIwGYvIcgV9/M2UtGEm
|
||||||
|
HAz8RAMnZlnBgvgbzaOax01ls8pLCOyYT5qWjWvAEldop4AOWnnjkkuj89xNrzFA
|
||||||
|
TJj1Z/2dhNJcJyvLQ6GNI5cyI1Y/cQ7UbBffoUmsMGVmwznlwD2ezIVP/KgSuahs
|
||||||
|
G1hT4D08c9Q6rF/dxO3Ithqlmk0AIUO949fiQsw6961QBET1Ttde9BCXg1UeZ9WY
|
||||||
|
1mCU6moNzO9HLPo9FFYQfF5e/LFkyBaraZHzuK2qZTnWXPu/vrHCsKeJAcVy2+X+
|
||||||
|
h5l3r0UICa33+r4DnxUnx1w6/NDZOkNBXTPBkEjL9n7os6fpxqcrqFCEFfPEzjJS
|
||||||
|
Si7scPe0OVVBSSFIGfSUewp12Z42a6WVQjGcAo3bSBioed+Vau7dsQhGfnFkdlEz
|
||||||
|
8ShzLpsCXn1+WnIGJ+Mnp1Eq9SRrLWVvhfK3+nuD+IOQS+Mdy6lZwv7Sh8aw1dah
|
||||||
|
E2lOCLOVZ5Gq2J+RmW9Mfc+XPt+mtgogIPVrB7/zg5iZblarjkNEE/xfgwF7XYRA
|
||||||
|
rzNDOVArYvnupq76BC606M+KrgUVNC4iUiA31o8LE/VN+Hb47LGmE9yw2HDgdYjq
|
||||||
|
QBnsf922zKJdtSdhcnJjKh540LpkMuMxHkBeYgzqGtRca93LIVOeuu/gHZ08Vy0g
|
||||||
|
FsvnSZ2YON2V7mKBM4Mr6PYioysIghFnItOcpybvm+qezmcG8E5icgMqgU9Xx3E0
|
||||||
|
6VYlNineY5LCyVNxahrOPI1lpn7+y0aXqcDmeV844R9sETRK5CtRrD44ZU6blpmp
|
||||||
|
ozqgrXTFGxdmhFIvh4YbmRx8tlPm2O8j3a62d2l8dD+wb6+pSOPdWy8nlZOKNTnu
|
||||||
|
e6+lduIiWz5k9I6i5t5HRFF9Ks3Y9BCWlztvPR/YtKGjb9KWr9Y6Qlusrjhqi+7m
|
||||||
|
Fh8JEy86X6HEZ4HjubYhncujckM9rUD7vpY9c1a1F0yPUbNHx6/lm0NkvSNaTtyX
|
||||||
|
N3AZ41ui96b5jUOgiw2AqyV2NXn35JZnmS0pe/Sjbw==
|
||||||
|
-----END ENCRYPTED PRIVATE KEY-----
|
||||||
|
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFiTCCA3GgAwIBAgIUIZmIFu1OifLaIzdQ5H+KT2+9nucwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwVDELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB0Fkbm92dW0xDTALBgNVBAsMBEFH
|
||||||
|
T1YxJDAiBgNVBAMMG29wLmFnb3Ytdy5henVyZS5hZG5vdnVtLm5ldDAeFw0yNDA4
|
||||||
|
MTkwOTUyMTBaFw0zNDA4MTcwOTUyMTBaMFQxCzAJBgNVBAYTAmNoMRAwDgYDVQQK
|
||||||
|
DAdBZG5vdnVtMQ0wCwYDVQQLDARBR09WMSQwIgYDVQQDDBtvcC5hZ292LXcuYXp1
|
||||||
|
cmUuYWRub3Z1bS5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF
|
||||||
|
NEVj7VG5girGp+FWNQ0cJ8Ti4iF79cd0iiqK7J20x8JJng+fdqsNdcFtsAc7vQT9
|
||||||
|
Q/OTC9wHktFrIsJvvBOSbA4zQDY/7uxDM8hlOcqpKYsTE3scc5j6NnPrE7YLbiWc
|
||||||
|
zRwmQAF1He8hrllKX4vKSNmzQuL1Fgr3zv19/kwUk3ug7CxsMqWjyp/p4xxhLaL0
|
||||||
|
RNbQwkdJyQnNqCa/JHPKowcZa7sXusWc0oxKknAqHQCigF1guDZf7yNb7KVaTrJf
|
||||||
|
TMaCXd5DOgbAuwfYDfJxgSSJxp+SgJDcX/NdTTZQSjiyeIAwkJds8iH367nfS8TI
|
||||||
|
Zbxe8RMUsS/V8N7d/CIKiuWI3ImLJNSDdk/5FiNl09Exx/J65LBzzWK7FT4in3vZ
|
||||||
|
VvuEda1dU/nYh9+feHVNZHIFuu1OaAoLMzt7oRukE7rqIE/L7Xr+1QEz37AvS2PB
|
||||||
|
/6p9Dz98BRKjeMiRX/YvEo0beRGQDRsF1PsummZR3D4hbq0WPHj7Yi+vDCFfcmAQ
|
||||||
|
LK28Gtm0Mt1XIwTakf33RbryOSerF/ItbkYxP01T4pI0CLWVs2UDy4fejAH1o6Kp
|
||||||
|
ZvCeBuDDV4Vbgsg2gYdMwoU5sNUJH9vOGKuR3fNAY35ITcubZMe+vOAniZJIYwyy
|
||||||
|
PNE7FrfzXU1kQOkiDKMjVcj4ONKUa16l89Kn9yJQWQIDAQABo1MwUTAdBgNVHQ4E
|
||||||
|
FgQUmq4HxS3h6DMPbAAp7OFRftcLTzowHwYDVR0jBBgwFoAUmq4HxS3h6DMPbAAp
|
||||||
|
7OFRftcLTzowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAbdOP
|
||||||
|
xoTX5oBliYCFqHMAX5HFyRiwkaUgfbeWKfFRMagE6wztXOsypUnJT9zPZ1Vzu7w0
|
||||||
|
EriilvmqEWFEPLnRUwCksaj698gEJpZtjHsmImbUz07psw2w1lbbAdijaVgtajAy
|
||||||
|
0M0g8r8y4eomlGqCjnpvIvhrhcMl2AVW0lW4lFJHrHg2rPtwj0F8jBTBU4ptkg6/
|
||||||
|
XyDaBFKVoCt1ged53Bf2htnkvw8oXqinYzR6qQAUX+dvLu7GH7Nbo2S1dOl2h3Ov
|
||||||
|
g7E6unLS+t5Ys/7FHdJUBXSwKl2/AkRCze159LBxhhrptLkrFrDkWKR+ACsY61a/
|
||||||
|
wxqLxkdPQRfN+c+dUq59oF15/mrgwzj36o70WYT1xoE++jK9HDOr0wifbqe2jMY6
|
||||||
|
Kx66yPvtXEuHcRnzpVrTH+vTCgQ1f/GmIMLHSxEk0roFb/es+kSgHGfMhyXkp8q/
|
||||||
|
iL6uQQz8J1J7vtNhUbCNGcSAReK0MASAsQ34rcFB0XGl/YZ4EJ092XjDXnM9+BmG
|
||||||
|
HScOg0AoGBg/zjLuBRo++jp42GpedLuFlDqlUyFYl9rOGczM9TD4cTvViCvpP/95
|
||||||
|
nSk6WsNrJN+s5SF6plgRBGXDI0AYEaGEhODkR88BzJtmRdxNnoBowFDMVgsgUHzN
|
||||||
|
6AfsSrlJPrOjAiMeUiR+WLuhJVifpT+FIoTb/Ko=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,252 @@
|
||||||
|
|
||||||
|
accept.button.label=Accept
|
||||||
|
cancel.button.label=Cancel
|
||||||
|
continue.button.label=Continue
|
||||||
|
darkModeSwitch.aria.label=Dark mode toggle
|
||||||
|
deputy.profile.label=(Deputy Profile)
|
||||||
|
error.saml.failed=Please close your browser and try again.
|
||||||
|
error_1=Please check your input.
|
||||||
|
error_10=Please select the correct user account.
|
||||||
|
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
|
||||||
|
error_101=The entered email address is not valid.
|
||||||
|
error_11=Please use another certficate or login with another credential type.
|
||||||
|
error_2=Please select another login name.
|
||||||
|
error_3=Your account will be locked if next authentication fails.
|
||||||
|
error_4=Your new password does not comply with the security policy. Please choose a different password.
|
||||||
|
error_5=Error in password confirmation.
|
||||||
|
error_50=The new password is too short.
|
||||||
|
error_55=The new password has to differ from old passwords.
|
||||||
|
error_6=Password change required.
|
||||||
|
error_7=Change of login ID required.
|
||||||
|
error_8=Your account has been locked due to repeated authentication failures.
|
||||||
|
error_81=No access card found, access from internet denied.
|
||||||
|
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
|
||||||
|
error_9=Session take over failed.
|
||||||
|
error_97=You are not authorized to access this resource.
|
||||||
|
error_98=Your account has been locked.
|
||||||
|
error_99=System problems. Please try later.
|
||||||
|
error_9901=You need a valid on-boarding link to access this page.
|
||||||
|
error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link.
|
||||||
|
error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link.
|
||||||
|
error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists.
|
||||||
|
error_9905=There is a problem with your operations account. Please contact the support.
|
||||||
|
error_9909=An internal error occured. Please ask the support for a new on-boarding link.
|
||||||
|
errors.duplicateValue=Your account is already linked with another operations access.
|
||||||
|
fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below.
|
||||||
|
fido2_auth.instruction1=Click on "Continue"
|
||||||
|
fido2_auth.instruction2=An authentication window will appear
|
||||||
|
fido2_auth.instruction3=Follow the instructions
|
||||||
|
fido2_auth.skipInstructions=Skip instructions next time
|
||||||
|
fido2_auth.switchLogin=SWITCH TO LOGIN WITH
|
||||||
|
footer.link=https://agov.ch/?c=contact&l=en
|
||||||
|
footer.link.label=Contact
|
||||||
|
footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
|
||||||
|
general.AGOVAccessApp=AGOV access app
|
||||||
|
general.accessApp=AGOV access app
|
||||||
|
general.authenticate=Authenticate
|
||||||
|
general.back=Back
|
||||||
|
general.cancel=Cancel
|
||||||
|
general.confirm=Confirm
|
||||||
|
general.contactSupport=Contact Support
|
||||||
|
general.continue=Continue
|
||||||
|
general.edit=Edit
|
||||||
|
general.email=Email
|
||||||
|
general.email.address=Email address
|
||||||
|
general.entryCode=Code entry
|
||||||
|
general.getStarted=Get started
|
||||||
|
general.goAGOVHelp=Go to AGOV help
|
||||||
|
general.goAccessApp=Login with AGOV access
|
||||||
|
general.help=Help
|
||||||
|
general.help.link=https://agov.ch/help
|
||||||
|
general.login=Login
|
||||||
|
general.loginSecurityKey=Start Security key login
|
||||||
|
general.or=OR
|
||||||
|
general.otherOptions=OTHER OPTIONS
|
||||||
|
general.recovery=Recovery
|
||||||
|
general.recoveryOngoing=Ongoing recovery
|
||||||
|
general.register=Register
|
||||||
|
general.registerNow=Register now!
|
||||||
|
general.registration=Registration
|
||||||
|
general.securityKey=Security key
|
||||||
|
general.skip.content=Skip to main content
|
||||||
|
generic.auth.error.message=There was a service interruption. We are working on it.
|
||||||
|
generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
|
||||||
|
generic.auth.error.subtitle=Something went wrong
|
||||||
|
generic.auth.error.title=Error
|
||||||
|
info.logout.confirmation=Please confirm that you want to log out.
|
||||||
|
info.logout.reminder=Your session on this application has expired. Try again with a login.
|
||||||
|
info.oauth.consent=Do you want to authorise this application to access your data?
|
||||||
|
info.timeout.page=Your session on this application has expired. Try again with a login.
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
languageDropdown.aria.label=Select language
|
||||||
|
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||||
|
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||||
|
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||||
|
loainfo.helper=Your data needs to be verified!
|
||||||
|
loainfo.later=Later
|
||||||
|
loainfo.startNow=Do you want to start the process now?
|
||||||
|
loainfo.startVerification=Start verification
|
||||||
|
loainfo.title=Verify your data
|
||||||
|
login.button.label=Login
|
||||||
|
logout.label=Logout
|
||||||
|
logout.text=You have successfully logged out.
|
||||||
|
mauth_usernameless.EID=Continue with CH E-ID
|
||||||
|
mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
|
||||||
|
mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
|
||||||
|
mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
|
||||||
|
mauth_usernameless.cannotLogin=Lost access to your app / security key?
|
||||||
|
mauth_usernameless.hideQR=Hide QR code
|
||||||
|
mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
|
||||||
|
mauth_usernameless.noAccount=Don't have an AGOV-Login yet?
|
||||||
|
mauth_usernameless.showQR=Show QR code
|
||||||
|
mauth_usernameless.startRecovery=Start account recovery
|
||||||
|
mauth_usernameless.useSecurityKey=Use a security key to log in
|
||||||
|
mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone.
|
||||||
|
method.certificate.label=Certificate
|
||||||
|
method.fido.label=Mobile Authentication
|
||||||
|
method.fido2.label=FIDO 2
|
||||||
|
method.mtan.label=mTAN Code
|
||||||
|
method.oath.label=OATH Authenticator App
|
||||||
|
method.otp.label=OTP (One-Time Password)
|
||||||
|
method.recovery.label=Recovery Codes
|
||||||
|
method.safeword.label=SafeWord
|
||||||
|
method.securid.label=SecurID
|
||||||
|
method.ticket.label=Ticket
|
||||||
|
op-admin.login=AGOV op admin
|
||||||
|
op-admin.login.intro.message=Login with your username and password
|
||||||
|
op-admin.login.loginid=LoginId
|
||||||
|
op-admin.login.password=Passwort
|
||||||
|
op-admin.login.title=Login
|
||||||
|
op-admin.logout=AGOV op admin
|
||||||
|
op-admin.logout.message=You have successfully logged out.
|
||||||
|
op-admin.logout.title=Logout
|
||||||
|
op-admin.pwchange.intro.message=Password change required
|
||||||
|
op-admin.pwchange.newpassword=New password
|
||||||
|
op-admin.pwchange.newpassword2=Repeat new password
|
||||||
|
op-admin.pwchange.password=Current password
|
||||||
|
op-admin.pwchange.title=Password Change
|
||||||
|
op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
|
||||||
|
op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
|
||||||
|
op-idmlogin.role.idmcfg-mgmt=IDM set-up
|
||||||
|
op-idmlogin.role.readonly-access=Default access (readonly)
|
||||||
|
op-idmlogin.role.support-basic=Support cases (recovery, ...)
|
||||||
|
op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding)
|
||||||
|
op-idmlogin.role.usr-mgmt=User management (operations)
|
||||||
|
op-idmlogin.role.usr-unit-mgmt=User and organization management (operations)
|
||||||
|
op-idmlogin.select=AGOV idm
|
||||||
|
op-idmlogin.select.intro=Please select one of the profiles below...
|
||||||
|
op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks.
|
||||||
|
op-idmlogin.select.title=Profile selection
|
||||||
|
op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application.
|
||||||
|
op-onboarding.done.title=DONE
|
||||||
|
op-onboarding.failed.title=ERROR
|
||||||
|
op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account.
|
||||||
|
op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication.
|
||||||
|
op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification.
|
||||||
|
op-onboarding.intro.title=START
|
||||||
|
op-onboarding.onboarding=AGOV op on-boarding
|
||||||
|
op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link.
|
||||||
|
outarg.lastLogin.never=Never
|
||||||
|
policyFailure.dictionary=▪ must not be taken from a dictionary.
|
||||||
|
policyFailure.history.History=▪ must be different from previously selected passwords.
|
||||||
|
policyFailure.regex.control=▪ cannot contain more than {0} control characters.
|
||||||
|
policyFailure.regex.lower=▪ must contain at least {0} lower case characters.
|
||||||
|
policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
||||||
|
policyFailure.regex.maxLength=▪ must be at most {0} characters long.
|
||||||
|
policyFailure.regex.minLength=▪ must be at least {0} characters long.
|
||||||
|
policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
||||||
|
policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
||||||
|
policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
||||||
|
policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
||||||
|
policyFailure.regex.numeric=▪ must contain at least {0} numeric characters.
|
||||||
|
policyFailure.regex.upper=▪ must contain at least {0} upper case characters.
|
||||||
|
policyInfo.dictionary=▪ must not be taken from a dictionary.
|
||||||
|
policyInfo.history.History=▪ must be different from previously selected passwords.
|
||||||
|
policyInfo.regex.control=▪ cannot contain more than {0} control characters.
|
||||||
|
policyInfo.regex.lower=▪ must contain at least {0} lower case characters.
|
||||||
|
policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
||||||
|
policyInfo.regex.maxLength=▪ must be at most {0} characters long.
|
||||||
|
policyInfo.regex.minLength=▪ must be at least {0} characters long.
|
||||||
|
policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
||||||
|
policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
||||||
|
policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
||||||
|
policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
||||||
|
policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
|
||||||
|
policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
|
||||||
|
policyInfo.title=The password has to comply with the following password policy:
|
||||||
|
recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
|
||||||
|
recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
|
||||||
|
recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
|
||||||
|
recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
|
||||||
|
recovery_check_code.enterRecoveryCode=Enter recovery code
|
||||||
|
recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
|
||||||
|
recovery_check_code.invalid.code=The code is invalid
|
||||||
|
recovery_check_code.invalid.code.required=Code required
|
||||||
|
recovery_check_code.invalid.code.tooLong=The code is too long
|
||||||
|
recovery_check_code.noAccess=I do not have access to my code
|
||||||
|
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||||
|
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||||
|
recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired.
|
||||||
|
recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||||
|
recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||||
|
recovery_code.banner.error=Please reveal your new code to be able to continue.
|
||||||
|
recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
|
||||||
|
recovery_code.newRecoveryCode=Introducing Recovery Code
|
||||||
|
recovery_code.validUntil=Valid until:
|
||||||
|
recovery_fidokey_auth.button=Start key authentication
|
||||||
|
recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
|
||||||
|
recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process.
|
||||||
|
recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you.
|
||||||
|
recovery_fidokey_auth.keyRegistered=Security key already registered
|
||||||
|
recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
|
||||||
|
recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
|
||||||
|
recovery_intro_email.important=Important:
|
||||||
|
recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
|
||||||
|
recovery_intro_email_sent.banner.button=Didn't receive the email?
|
||||||
|
recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
|
||||||
|
recovery_on_going.finishRecovery=Finish recovery
|
||||||
|
recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well.
|
||||||
|
recovery_on_going.title=Please finish your recovery process.
|
||||||
|
recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery.
|
||||||
|
recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen.
|
||||||
|
recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process
|
||||||
|
recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level)
|
||||||
|
recovery_questionnaire_loginfactor.banner.error=Please select an answer.
|
||||||
|
recovery_questionnaire_loginfactor.no=No
|
||||||
|
recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
|
||||||
|
recovery_questionnaire_loginfactor.yes=Yes
|
||||||
|
recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
|
||||||
|
recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> for support articles.
|
||||||
|
recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> and test if you can log in successfully.
|
||||||
|
recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> to remove the one you have lost access to.
|
||||||
|
recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
|
||||||
|
recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
|
||||||
|
recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
|
||||||
|
recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
|
||||||
|
recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
|
||||||
|
recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
|
||||||
|
recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
|
||||||
|
recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in
|
||||||
|
recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps
|
||||||
|
recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN)
|
||||||
|
recovery_questionnaire_reason_selection.banner.error=Please select a reason.
|
||||||
|
recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process:
|
||||||
|
recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded.
|
||||||
|
recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery.
|
||||||
|
recovery_start_info.title=You are about to start the recovery process
|
||||||
|
reject.button.label=Deny
|
||||||
|
submit.button.label=Submit
|
||||||
|
tan.sent=Please enter the security code which has been sent to your mobile phone.
|
||||||
|
title.login=Login
|
||||||
|
title.logout=Logout
|
||||||
|
title.logout.confirmation=Logout
|
||||||
|
title.logout.reminder=Logout
|
||||||
|
title.oauth.consent=Client Authorization
|
||||||
|
title.saml.failed=Error
|
||||||
|
title.timeout.page=Logout
|
||||||
|
user_input.invalid.email=Please enter a valid email address
|
||||||
|
user_input.invalid.email.required=Field required
|
||||||
|
user_input.invalid.email.tooLong=Input is too long
|
|
@ -0,0 +1,252 @@
|
||||||
|
|
||||||
|
accept.button.label=Akzeptieren
|
||||||
|
cancel.button.label=Abbrechen
|
||||||
|
continue.button.label=Weiter
|
||||||
|
darkModeSwitch.aria.label=Dark-Mode-Schalter
|
||||||
|
deputy.profile.label=(Profil Stellvertreter)
|
||||||
|
error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
|
||||||
|
error_1=Bitte überprüfen Sie Ihre Eingaben.
|
||||||
|
error_10=Bitte wählen Sie das richtige Benutzerkonto aus.
|
||||||
|
error_100=Zertifikat-Upload nicht möglich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk.
|
||||||
|
error_101=Die eingegebene E-Mail-Adresse ist ungültig.
|
||||||
|
error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an.
|
||||||
|
error_2=Bitte wählen Sie einen anderen Login-Namen.
|
||||||
|
error_3=Wenn die nächste Authentifizierung fehlschlägt, wird Ihr Konto gesperrt.
|
||||||
|
error_4=Ihr neues Passwort verstösst gegen die Sicherheitsrichtlinien. Bitte wählen Sie ein anderes Passwort.
|
||||||
|
error_5=Fehler bei der Passwortbestätigung.
|
||||||
|
error_50=Das neue Passwort ist zu kurz.
|
||||||
|
error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden.
|
||||||
|
error_6=Passwortänderung erforderlich.
|
||||||
|
error_7=Änderung der Login-ID erforderlich.
|
||||||
|
error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt.
|
||||||
|
error_81=Keine Zugangskarte gefunden, Zugang über das Internet verweigert.
|
||||||
|
error_83=Ihre Zugangskarte ist nicht mehr gültig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten.
|
||||||
|
error_9=Übernahme der Sitzung fehlgeschlagen.
|
||||||
|
error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen.
|
||||||
|
error_98=Ihr Konto wurde gesperrt.
|
||||||
|
error_99=Systemprobleme: Bitte versuchen Sie es später noch einmal.
|
||||||
|
error_9901=Sie benötigen einen gültigen Onboarding-Link, um auf diese Seite zuzugreifen.
|
||||||
|
error_9902=Die für die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations überein. Bitte fordern Sie einen neuen Onboarding-Link an.
|
||||||
|
error_9903=Der verwendete IdP hat uns keine gültige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an.
|
||||||
|
error_9904=Ihr Link ist nicht mehr gültig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht.
|
||||||
|
error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support.
|
||||||
|
error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link.
|
||||||
|
errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verknüpft.
|
||||||
|
fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschlüssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schlüssel registriert ist und Ihre E-Mail korrekt ist.
|
||||||
|
fido2_auth.instruction1=Klicken Sie auf "Weiter"
|
||||||
|
fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen
|
||||||
|
fido2_auth.instruction3=Folgen Sie den Anweisungen
|
||||||
|
fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen
|
||||||
|
fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT
|
||||||
|
footer.link=https://agov.ch/?c=contact&l=de
|
||||||
|
footer.link.label=Kontakt
|
||||||
|
footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. -
|
||||||
|
general.AGOVAccessApp=AGOV access App
|
||||||
|
general.accessApp=AGOV access App
|
||||||
|
general.authenticate=Authentifizieren
|
||||||
|
general.back=Zurück
|
||||||
|
general.cancel=Abbrechen
|
||||||
|
general.confirm=Bestätigen
|
||||||
|
general.contactSupport=Support kontaktieren
|
||||||
|
general.continue=Weiter
|
||||||
|
general.edit=Ändern
|
||||||
|
general.email=E-Mail
|
||||||
|
general.email.address=E-Mailadresse
|
||||||
|
general.entryCode=Code-Eingabe
|
||||||
|
general.getStarted=Get started
|
||||||
|
general.goAGOVHelp=Weiter zur AGOV help
|
||||||
|
general.goAccessApp=Login mit AGOV access
|
||||||
|
general.help=Hilfe
|
||||||
|
general.help.link=https://agov.ch/help
|
||||||
|
general.login=Login
|
||||||
|
general.loginSecurityKey=Sicherheitsschlüssel-Login starten
|
||||||
|
general.or=ODER
|
||||||
|
general.otherOptions=WEITERE OPTIONEN
|
||||||
|
general.recovery=Wiederherstellung
|
||||||
|
general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
|
||||||
|
general.register=Registrieren
|
||||||
|
general.registerNow=Jetzt registrieren!
|
||||||
|
general.registration=Registrierung
|
||||||
|
general.securityKey=Sicherheitsschlüssel
|
||||||
|
general.skip.content=Direkt zum Hauptteil
|
||||||
|
generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
|
||||||
|
generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
|
||||||
|
generic.auth.error.subtitle=Etwas ist schiefgegangen
|
||||||
|
generic.auth.error.title=Fehler
|
||||||
|
info.logout.confirmation=Bitte bestätigen Sie, dass Sie sich abmelden möchten.
|
||||||
|
info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
|
||||||
|
info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben?
|
||||||
|
info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
languageDropdown.aria.label=Sprache wählen
|
||||||
|
loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
|
||||||
|
loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
|
||||||
|
loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
|
||||||
|
loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
|
||||||
|
loainfo.later=Später
|
||||||
|
loainfo.startNow=Möchten Sie den Prozess jetzt starten?
|
||||||
|
loainfo.startVerification=Verifikation starten
|
||||||
|
loainfo.title=Verifizieren Sie Ihre Daten
|
||||||
|
login.button.label=Login
|
||||||
|
logout.label=Logout
|
||||||
|
logout.text=Sie haben sich erfolgreich abgemeldet.
|
||||||
|
mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
|
||||||
|
mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
|
||||||
|
mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
|
||||||
|
mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
|
||||||
|
mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschlüssel verloren?
|
||||||
|
mauth_usernameless.hideQR=QR-Code ausblenden
|
||||||
|
mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen
|
||||||
|
mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login?
|
||||||
|
mauth_usernameless.showQR=QR-Code anzeigen
|
||||||
|
mauth_usernameless.startRecovery=Kontowiederherstellung starten
|
||||||
|
mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschlüssel, um sich anzumelden
|
||||||
|
mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschlüssel bietet eine sichere Möglichkeit, sich ohne Telefon anzumelden.
|
||||||
|
method.certificate.label=Zertifikat
|
||||||
|
method.fido.label=Mobile Authentication
|
||||||
|
method.fido2.label=FIDO 2
|
||||||
|
method.mtan.label=mTAN-Code
|
||||||
|
method.oath.label=OATH Authenticator-App
|
||||||
|
method.otp.label=OTP (One-Time Passwort)
|
||||||
|
method.recovery.label=Wiederherstellungscodes
|
||||||
|
method.safeword.label=SafeWord
|
||||||
|
method.securid.label=SecurID
|
||||||
|
method.ticket.label=Ticket
|
||||||
|
op-admin.login=AGOV-op-Admin
|
||||||
|
op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort
|
||||||
|
op-admin.login.loginid=LoginID
|
||||||
|
op-admin.login.password=Passwort
|
||||||
|
op-admin.login.title=Login
|
||||||
|
op-admin.logout=AGOV-op-Admin
|
||||||
|
op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt.
|
||||||
|
op-admin.logout.title=Logout
|
||||||
|
op-admin.pwchange.intro.message=Passwortänderung erforderlich
|
||||||
|
op-admin.pwchange.newpassword=Neues Passwort
|
||||||
|
op-admin.pwchange.newpassword2=Neues Passwort wiederholen
|
||||||
|
op-admin.pwchange.password=Aktuelles Passwort
|
||||||
|
op-admin.pwchange.title=Änderung des Passworts
|
||||||
|
op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
|
||||||
|
op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
|
||||||
|
op-idmlogin.role.idmcfg-mgmt=IDM set-up
|
||||||
|
op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung)
|
||||||
|
op-idmlogin.role.support-basic=Supportfälle (Wiederherstellung, ...)
|
||||||
|
op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...)
|
||||||
|
op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb)
|
||||||
|
op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb)
|
||||||
|
op-idmlogin.select=AGOV idm
|
||||||
|
op-idmlogin.select.intro=Bitte wählen Sie ein Profil aus...
|
||||||
|
op-idmlogin.select.note=Mit * markierte Profile sollten nur für bestimmte Support oder Release Aufgaben genutzt werden.
|
||||||
|
op-idmlogin.select.title=Profilauswahl
|
||||||
|
op-onboarding.done.message=Das Onboarding war erfolgreich. Sie können nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen.
|
||||||
|
op-onboarding.done.title=FERTIG
|
||||||
|
op-onboarding.failed.title=FEHLER
|
||||||
|
op-onboarding.intro.message1=Um das Onboarding für Ihren AGOV-Operations-Zugang abzuschliessen, benötigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto.
|
||||||
|
op-onboarding.intro.message2=Wenn Sie auf «Weiter» klicken, werden Sie zur Authentifizierung weitergeleitet.
|
||||||
|
op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die Möglichkeit, die erforderliche Identitätsprüfung zu starten.
|
||||||
|
op-onboarding.intro.title=START
|
||||||
|
op-onboarding.onboarding=AGOV-op-Onboarding
|
||||||
|
op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn nötig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an.
|
||||||
|
outarg.lastLogin.never=Nie
|
||||||
|
policyFailure.dictionary=▪ darf nicht aus einem Wörterbuch stammen.
|
||||||
|
policyFailure.history.History=▪ muss sich von vorhergehenden Passwörtern unterscheiden.
|
||||||
|
policyFailure.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten.
|
||||||
|
policyFailure.regex.lower=▪ muss {0} Kleinbuchstaben enthalten.
|
||||||
|
policyFailure.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten.
|
||||||
|
policyFailure.regex.maxLength=Länge des Passwortes darf höchstens {0} sein.
|
||||||
|
policyFailure.regex.minLength=Länge des Passwortes muss mindestens {0} sein.
|
||||||
|
policyFailure.regex.nonAlnum=▪ muss {0} nicht-alphanumerische Zeichen enthalten.
|
||||||
|
policyFailure.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
|
||||||
|
policyFailure.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten.
|
||||||
|
policyFailure.regex.nonLetter=▪ muss {0} Zeichen enthalten, die keine Buchstaben sind.
|
||||||
|
policyFailure.regex.numeric=▪ muss {0} numerische Zeichen enthalten.
|
||||||
|
policyFailure.regex.upper=▪ muss {0} Grossbuchstaben enthalten.
|
||||||
|
policyInfo.dictionary=▪ darf nicht aus einem Wörterbuch stammen.
|
||||||
|
policyInfo.history.History=▪ darf keines der zuletzt verwendeten Passwörtern sein.
|
||||||
|
policyInfo.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten.
|
||||||
|
policyInfo.regex.lower=▪ muss mindestens {0} Kleinbuchstaben enthalten.
|
||||||
|
policyInfo.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten.
|
||||||
|
policyInfo.regex.maxLength=▪ darf höchstens {0} Zeichen enthalten.
|
||||||
|
policyInfo.regex.minLength=▪ muss mindestens {0} Zeichen enthalten.
|
||||||
|
policyInfo.regex.nonAlnum=▪ muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind.
|
||||||
|
policyInfo.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
|
||||||
|
policyInfo.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten.
|
||||||
|
policyInfo.regex.nonLetter=▪ muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind.
|
||||||
|
policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalten.
|
||||||
|
policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten.
|
||||||
|
policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen:
|
||||||
|
recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
|
||||||
|
recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
|
||||||
|
recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
|
||||||
|
recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
|
||||||
|
recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
|
||||||
|
recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
|
||||||
|
recovery_check_code.invalid.code=Code ist ungültig
|
||||||
|
recovery_check_code.invalid.code.required=Code erforderlich
|
||||||
|
recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
|
||||||
|
recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
|
||||||
|
recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
|
||||||
|
recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||||
|
recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
|
||||||
|
recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
|
||||||
|
recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||||
|
recovery_code.banner.error=Bitte enthüllen Sie den Code, um fortfahren zu können.
|
||||||
|
recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
|
||||||
|
recovery_code.newRecoveryCode=Einführung von Wiederherstellungscode
|
||||||
|
recovery_code.validUntil=Gültig bis:
|
||||||
|
recovery_fidokey_auth.button=Schlüsselauthentifizierung starten
|
||||||
|
recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schlüsselauthentifizierung starten"
|
||||||
|
recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschlüssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
|
||||||
|
recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
|
||||||
|
recovery_fidokey_auth.keyRegistered=Sicherheitsschlüssel schon registriert
|
||||||
|
recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
|
||||||
|
recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken können, mit dem Sie den Wiederherstellungsprozess starten.
|
||||||
|
recovery_intro_email.important=Wichtig:
|
||||||
|
recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gelöschte AGOV access App, verlorener Sicherheitsschlüssel, verlorenes Telefon usw.).
|
||||||
|
recovery_intro_email_sent.banner.button=Keine E-Mail erhalten?
|
||||||
|
recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in Kürze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten.
|
||||||
|
recovery_on_going.finishRecovery=Wiederherstellung abschliessen
|
||||||
|
recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identitätsprüfung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu können, müssen Sie auch die Identitätsprüfung abschliessen.
|
||||||
|
recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab.
|
||||||
|
recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten Fällen für eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode benötigen.
|
||||||
|
recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm.
|
||||||
|
recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden können, um den Wiederherstellungsprozess zu beginnen
|
||||||
|
recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos)
|
||||||
|
recovery_questionnaire_loginfactor.banner.error=Bitte wählen Sie eine Antwort.
|
||||||
|
recovery_questionnaire_loginfactor.no=Nein
|
||||||
|
recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschlüssel) für Ihren AGOV-Login registriert?
|
||||||
|
recovery_questionnaire_loginfactor.yes=Ja
|
||||||
|
recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein.
|
||||||
|
recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen benötigen, besuchen Sie bitte <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> für Support-Artikel.
|
||||||
|
recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden können.
|
||||||
|
recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
|
||||||
|
recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschlüssel habe
|
||||||
|
recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschlüssel)
|
||||||
|
recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
|
||||||
|
recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gelöscht oder zurückgesetzt
|
||||||
|
recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschlüssel verloren
|
||||||
|
recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu übertragen
|
||||||
|
recovery_questionnaire_reason_selection.answer6=Ich habe die PIN für meine AGOV access App vergessen
|
||||||
|
recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschlüssel oder AGOV access Apps, hatte aber Probleme beim Einloggen
|
||||||
|
recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschlüssel und Apps verloren
|
||||||
|
recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gelöscht, zurückgesetzt, vergessene PIN)
|
||||||
|
recovery_questionnaire_reason_selection.banner.error=Bitte wählen Sie einen Grund aus.
|
||||||
|
recovery_questionnaire_reason_selection.instruction=Bitte wählen Sie einen Grund wieso Sie den AGOV recovery Prozess starten:
|
||||||
|
recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist.
|
||||||
|
recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen.
|
||||||
|
recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
|
||||||
|
reject.button.label=Ablehnen
|
||||||
|
submit.button.label=Senden
|
||||||
|
tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
|
||||||
|
title.login=Login
|
||||||
|
title.logout=Logout
|
||||||
|
title.logout.confirmation=Logout
|
||||||
|
title.logout.reminder=Logout
|
||||||
|
title.oauth.consent=Client Authorisierung
|
||||||
|
title.saml.failed=Error
|
||||||
|
title.timeout.page=Logout
|
||||||
|
user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein
|
||||||
|
user_input.invalid.email.required=Erforderliches Feld
|
||||||
|
user_input.invalid.email.tooLong=Eingabe zu lang
|
|
@ -0,0 +1,252 @@
|
||||||
|
|
||||||
|
accept.button.label=Accept
|
||||||
|
cancel.button.label=Cancel
|
||||||
|
continue.button.label=Continue
|
||||||
|
darkModeSwitch.aria.label=Dark mode toggle
|
||||||
|
deputy.profile.label=(Deputy Profile)
|
||||||
|
error.saml.failed=Please close your browser and try again.
|
||||||
|
error_1=Please check your input.
|
||||||
|
error_10=Please select the correct user account.
|
||||||
|
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
|
||||||
|
error_101=The entered email address is not valid.
|
||||||
|
error_11=Please use another certficate or login with another credential type.
|
||||||
|
error_2=Please select another login name.
|
||||||
|
error_3=Your account will be locked if next authentication fails.
|
||||||
|
error_4=Your new password does not comply with the security policy. Please choose a different password.
|
||||||
|
error_5=Error in password confirmation.
|
||||||
|
error_50=The new password is too short.
|
||||||
|
error_55=The new password has to differ from old passwords.
|
||||||
|
error_6=Password change required.
|
||||||
|
error_7=Change of login ID required.
|
||||||
|
error_8=Your account has been locked due to repeated authentication failures.
|
||||||
|
error_81=No access card found, access from internet denied.
|
||||||
|
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
|
||||||
|
error_9=Session take over failed.
|
||||||
|
error_97=You are not authorized to access this resource.
|
||||||
|
error_98=Your account has been locked.
|
||||||
|
error_99=System problems. Please try later.
|
||||||
|
error_9901=You need a valid on-boarding link to access this page.
|
||||||
|
error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link.
|
||||||
|
error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link.
|
||||||
|
error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists.
|
||||||
|
error_9905=There is a problem with your operations account. Please contact the support.
|
||||||
|
error_9909=An internal error occured. Please ask the support for a new on-boarding link.
|
||||||
|
errors.duplicateValue=Your account is already linked with another operations access.
|
||||||
|
fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below.
|
||||||
|
fido2_auth.instruction1=Click on "Continue"
|
||||||
|
fido2_auth.instruction2=An authentication window will appear
|
||||||
|
fido2_auth.instruction3=Follow the instructions
|
||||||
|
fido2_auth.skipInstructions=Skip instructions next time
|
||||||
|
fido2_auth.switchLogin=SWITCH TO LOGIN WITH
|
||||||
|
footer.link=https://agov.ch/?c=contact&l=en
|
||||||
|
footer.link.label=Contact
|
||||||
|
footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
|
||||||
|
general.AGOVAccessApp=AGOV access app
|
||||||
|
general.accessApp=AGOV access app
|
||||||
|
general.authenticate=Authenticate
|
||||||
|
general.back=Back
|
||||||
|
general.cancel=Cancel
|
||||||
|
general.confirm=Confirm
|
||||||
|
general.contactSupport=Contact Support
|
||||||
|
general.continue=Continue
|
||||||
|
general.edit=Edit
|
||||||
|
general.email=Email
|
||||||
|
general.email.address=Email address
|
||||||
|
general.entryCode=Code entry
|
||||||
|
general.getStarted=Get started
|
||||||
|
general.goAGOVHelp=Go to AGOV help
|
||||||
|
general.goAccessApp=Login with AGOV access
|
||||||
|
general.help=Help
|
||||||
|
general.help.link=https://agov.ch/help
|
||||||
|
general.login=Login
|
||||||
|
general.loginSecurityKey=Start Security key login
|
||||||
|
general.or=OR
|
||||||
|
general.otherOptions=OTHER OPTIONS
|
||||||
|
general.recovery=Recovery
|
||||||
|
general.recoveryOngoing=Ongoing recovery
|
||||||
|
general.register=Register
|
||||||
|
general.registerNow=Register now!
|
||||||
|
general.registration=Registration
|
||||||
|
general.securityKey=Security key
|
||||||
|
general.skip.content=Skip to main content
|
||||||
|
generic.auth.error.message=There was a service interruption. We are working on it.
|
||||||
|
generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
|
||||||
|
generic.auth.error.subtitle=Something went wrong
|
||||||
|
generic.auth.error.title=Error
|
||||||
|
info.logout.confirmation=Please confirm that you want to log out.
|
||||||
|
info.logout.reminder=Your session on this application has expired. Try again with a login.
|
||||||
|
info.oauth.consent=Do you want to authorise this application to access your data?
|
||||||
|
info.timeout.page=Your session on this application has expired. Try again with a login.
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
languageDropdown.aria.label=Select language
|
||||||
|
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||||
|
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||||
|
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||||
|
loainfo.helper=Your data needs to be verified!
|
||||||
|
loainfo.later=Later
|
||||||
|
loainfo.startNow=Do you want to start the process now?
|
||||||
|
loainfo.startVerification=Start verification
|
||||||
|
loainfo.title=Verify your data
|
||||||
|
login.button.label=Login
|
||||||
|
logout.label=Logout
|
||||||
|
logout.text=You have successfully logged out.
|
||||||
|
mauth_usernameless.EID=Continue with CH E-ID
|
||||||
|
mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
|
||||||
|
mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
|
||||||
|
mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
|
||||||
|
mauth_usernameless.cannotLogin=Lost access to your app / security key?
|
||||||
|
mauth_usernameless.hideQR=Hide QR code
|
||||||
|
mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
|
||||||
|
mauth_usernameless.noAccount=Don't have an AGOV-Login yet?
|
||||||
|
mauth_usernameless.showQR=Show QR code
|
||||||
|
mauth_usernameless.startRecovery=Start account recovery
|
||||||
|
mauth_usernameless.useSecurityKey=Use a security key to log in
|
||||||
|
mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone.
|
||||||
|
method.certificate.label=Certificate
|
||||||
|
method.fido.label=Mobile Authentication
|
||||||
|
method.fido2.label=FIDO 2
|
||||||
|
method.mtan.label=mTAN Code
|
||||||
|
method.oath.label=OATH Authenticator App
|
||||||
|
method.otp.label=OTP (One-Time Password)
|
||||||
|
method.recovery.label=Recovery Codes
|
||||||
|
method.safeword.label=SafeWord
|
||||||
|
method.securid.label=SecurID
|
||||||
|
method.ticket.label=Ticket
|
||||||
|
op-admin.login=AGOV op admin
|
||||||
|
op-admin.login.intro.message=Login with your username and password
|
||||||
|
op-admin.login.loginid=LoginId
|
||||||
|
op-admin.login.password=Passwort
|
||||||
|
op-admin.login.title=Login
|
||||||
|
op-admin.logout=AGOV op admin
|
||||||
|
op-admin.logout.message=You have successfully logged out.
|
||||||
|
op-admin.logout.title=Logout
|
||||||
|
op-admin.pwchange.intro.message=Password change required
|
||||||
|
op-admin.pwchange.newpassword=New password
|
||||||
|
op-admin.pwchange.newpassword2=Repeat new password
|
||||||
|
op-admin.pwchange.password=Current password
|
||||||
|
op-admin.pwchange.title=Password Change
|
||||||
|
op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
|
||||||
|
op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
|
||||||
|
op-idmlogin.role.idmcfg-mgmt=IDM set-up
|
||||||
|
op-idmlogin.role.readonly-access=Default access (readonly)
|
||||||
|
op-idmlogin.role.support-basic=Support cases (recovery, ...)
|
||||||
|
op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding)
|
||||||
|
op-idmlogin.role.usr-mgmt=User management (operations)
|
||||||
|
op-idmlogin.role.usr-unit-mgmt=User and organization management (operations)
|
||||||
|
op-idmlogin.select=AGOV idm
|
||||||
|
op-idmlogin.select.intro=Please select one of the profiles below...
|
||||||
|
op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks.
|
||||||
|
op-idmlogin.select.title=Profile selection
|
||||||
|
op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application.
|
||||||
|
op-onboarding.done.title=DONE
|
||||||
|
op-onboarding.failed.title=ERROR
|
||||||
|
op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account.
|
||||||
|
op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication.
|
||||||
|
op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification.
|
||||||
|
op-onboarding.intro.title=START
|
||||||
|
op-onboarding.onboarding=AGOV op on-boarding
|
||||||
|
op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link.
|
||||||
|
outarg.lastLogin.never=Never
|
||||||
|
policyFailure.dictionary=▪ must not be taken from a dictionary.
|
||||||
|
policyFailure.history.History=▪ must be different from previously selected passwords.
|
||||||
|
policyFailure.regex.control=▪ cannot contain more than {0} control characters.
|
||||||
|
policyFailure.regex.lower=▪ must contain at least {0} lower case characters.
|
||||||
|
policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
||||||
|
policyFailure.regex.maxLength=▪ must be at most {0} characters long.
|
||||||
|
policyFailure.regex.minLength=▪ must be at least {0} characters long.
|
||||||
|
policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
||||||
|
policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
||||||
|
policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
||||||
|
policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
||||||
|
policyFailure.regex.numeric=▪ must contain at least {0} numeric characters.
|
||||||
|
policyFailure.regex.upper=▪ must contain at least {0} upper case characters.
|
||||||
|
policyInfo.dictionary=▪ must not be taken from a dictionary.
|
||||||
|
policyInfo.history.History=▪ must be different from previously selected passwords.
|
||||||
|
policyInfo.regex.control=▪ cannot contain more than {0} control characters.
|
||||||
|
policyInfo.regex.lower=▪ must contain at least {0} lower case characters.
|
||||||
|
policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
||||||
|
policyInfo.regex.maxLength=▪ must be at most {0} characters long.
|
||||||
|
policyInfo.regex.minLength=▪ must be at least {0} characters long.
|
||||||
|
policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
||||||
|
policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
||||||
|
policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
||||||
|
policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
||||||
|
policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
|
||||||
|
policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
|
||||||
|
policyInfo.title=The password has to comply with the following password policy:
|
||||||
|
recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
|
||||||
|
recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
|
||||||
|
recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
|
||||||
|
recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
|
||||||
|
recovery_check_code.enterRecoveryCode=Enter recovery code
|
||||||
|
recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
|
||||||
|
recovery_check_code.invalid.code=The code is invalid
|
||||||
|
recovery_check_code.invalid.code.required=Code required
|
||||||
|
recovery_check_code.invalid.code.tooLong=The code is too long
|
||||||
|
recovery_check_code.noAccess=I do not have access to my code
|
||||||
|
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||||
|
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||||
|
recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired.
|
||||||
|
recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||||
|
recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||||
|
recovery_code.banner.error=Please reveal your new code to be able to continue.
|
||||||
|
recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
|
||||||
|
recovery_code.newRecoveryCode=Introducing Recovery Code
|
||||||
|
recovery_code.validUntil=Valid until:
|
||||||
|
recovery_fidokey_auth.button=Start key authentication
|
||||||
|
recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
|
||||||
|
recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process.
|
||||||
|
recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you.
|
||||||
|
recovery_fidokey_auth.keyRegistered=Security key already registered
|
||||||
|
recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
|
||||||
|
recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
|
||||||
|
recovery_intro_email.important=Important:
|
||||||
|
recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
|
||||||
|
recovery_intro_email_sent.banner.button=Didn't receive the email?
|
||||||
|
recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
|
||||||
|
recovery_on_going.finishRecovery=Finish recovery
|
||||||
|
recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well.
|
||||||
|
recovery_on_going.title=Please finish your recovery process.
|
||||||
|
recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery.
|
||||||
|
recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen.
|
||||||
|
recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process
|
||||||
|
recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level)
|
||||||
|
recovery_questionnaire_loginfactor.banner.error=Please select an answer.
|
||||||
|
recovery_questionnaire_loginfactor.no=No
|
||||||
|
recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
|
||||||
|
recovery_questionnaire_loginfactor.yes=Yes
|
||||||
|
recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
|
||||||
|
recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> for support articles.
|
||||||
|
recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> and test if you can log in successfully.
|
||||||
|
recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> to remove the one you have lost access to.
|
||||||
|
recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
|
||||||
|
recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
|
||||||
|
recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
|
||||||
|
recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
|
||||||
|
recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
|
||||||
|
recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
|
||||||
|
recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
|
||||||
|
recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in
|
||||||
|
recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps
|
||||||
|
recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN)
|
||||||
|
recovery_questionnaire_reason_selection.banner.error=Please select a reason.
|
||||||
|
recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process:
|
||||||
|
recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded.
|
||||||
|
recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery.
|
||||||
|
recovery_start_info.title=You are about to start the recovery process
|
||||||
|
reject.button.label=Deny
|
||||||
|
submit.button.label=Submit
|
||||||
|
tan.sent=Please enter the security code which has been sent to your mobile phone.
|
||||||
|
title.login=Login
|
||||||
|
title.logout=Logout
|
||||||
|
title.logout.confirmation=Logout
|
||||||
|
title.logout.reminder=Logout
|
||||||
|
title.oauth.consent=Client Authorization
|
||||||
|
title.saml.failed=Error
|
||||||
|
title.timeout.page=Logout
|
||||||
|
user_input.invalid.email=Please enter a valid email address
|
||||||
|
user_input.invalid.email.required=Field required
|
||||||
|
user_input.invalid.email.tooLong=Input is too long
|
|
@ -0,0 +1,252 @@
|
||||||
|
|
||||||
|
accept.button.label=Accepter
|
||||||
|
cancel.button.label=Abandonner
|
||||||
|
continue.button.label=Continuer
|
||||||
|
darkModeSwitch.aria.label=Activer l'apparence sombre
|
||||||
|
deputy.profile.label=(Profil du suppléant)
|
||||||
|
error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
|
||||||
|
error_1=Veuillez vérifier votre saisie.
|
||||||
|
error_10=Veuillez sélectionner le compte d’utilisateur correct.
|
||||||
|
error_100=Le téléchargement du certificat est impossible. Le certificat existe déjà. Veuillez contacter votre service d’assistance.
|
||||||
|
error_101=L’adresse e-mail saisie n’est pas valable.
|
||||||
|
error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d’un autre type de facteur d’authentification.
|
||||||
|
error_2=Veuillez sélectionner un autre nom d’utilisateur.
|
||||||
|
error_3=Votre compte sera bloqué si la prochaine tentative d’authentification échoue.
|
||||||
|
error_4=Votre nouveau mot de passe n’est pas conforme à la politique de sécurité. Veuillez choisir un autre mot de passe.
|
||||||
|
error_5=Erreur de confirmation du mot de passe
|
||||||
|
error_50=Le nouveau mot de passe est trop court.
|
||||||
|
error_55=Le nouveau mot de passe doit être différent des précédents.
|
||||||
|
error_6=Changement de mot de passe requis.
|
||||||
|
error_7=Changement d’identifiant de connexion requis.
|
||||||
|
error_8=Votre compte a été bloqué en raison de plusieurs échecs d’authentification.
|
||||||
|
error_81=Aucune carte d’accès n’a été trouvée, l’accès depuis Internet est refusé.
|
||||||
|
error_83=Votre carte d’accès n’est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d’accès.
|
||||||
|
error_9=La reprise de session a échoué.
|
||||||
|
error_97=Vous n’êtes pas autorisé à accéder à cette ressource.
|
||||||
|
error_98=Votre compte a été bloqué.
|
||||||
|
error_99=Problèmes de système. Veuillez réessayer plus tard.
|
||||||
|
error_9901=Vous devez disposer d’un lien d’enregistrement valable pour accéder à cette page.
|
||||||
|
error_9902=L’adresse e-mail utilisée pour l’authentification ne correspond pas à celle qui est renseignée dans AGOV operations. Veuillez demander un nouveau lien d’enregistrement.
|
||||||
|
error_9903=Le fournisseur d’identité utilisé ne nous a pas envoyé d’assertion valide. Assurez-vous d’utiliser le bon fournisseur d’identité. Demandez un nouveau lien d’enregistrement au service d’assistance.
|
||||||
|
error_9904=Le lien que vous avez suivi n’est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez reçu d’AGOV operations. Demandez un nouveau lien si le problème persiste.
|
||||||
|
error_9905=Il y a un problème avec votre compte AGOV operations. Veuillez contacter le service d’assistance.
|
||||||
|
error_9909=Un problème interne s’est produit. Veuillez demander un nouveau lien d’enregistrement au service d’assistance.
|
||||||
|
errors.duplicateValue=Votre compte est déjà lié à un autre accès à AGOV operations.
|
||||||
|
fido2_auth.cancel.fido=L'authentification avec la clé de sécurité a été interrompue. Veuillez vous assurer que votre clé FIDO est enregistrée et que votre adresse e-mail est correcte, puis suivez les étapes ci-dessous.
|
||||||
|
fido2_auth.instruction1=Cliquez sur "Continuer"
|
||||||
|
fido2_auth.instruction2=Une fenêtre d'authentification s'affichera
|
||||||
|
fido2_auth.instruction3=Suivez les instructions
|
||||||
|
fido2_auth.skipInstructions=Passer les instructions la fois suivante
|
||||||
|
fido2_auth.switchLogin=S'AUTHENTIFIER AVEC
|
||||||
|
footer.link=https://agov.ch/?c=contact&l=fr
|
||||||
|
footer.link.label=Contact
|
||||||
|
footer.text=Service d'authentification des autorités suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration fédérale. -
|
||||||
|
general.AGOVAccessApp=Application AGOV access
|
||||||
|
general.accessApp=Application AGOV access
|
||||||
|
general.authenticate=Authentification
|
||||||
|
general.back=Retour
|
||||||
|
general.cancel=Annuler
|
||||||
|
general.confirm=Confirmer
|
||||||
|
general.contactSupport=Contacter le service d'assistance
|
||||||
|
general.continue=Continuer
|
||||||
|
general.edit=Editer
|
||||||
|
general.email=E-mail
|
||||||
|
general.email.address=Adresse e-mail
|
||||||
|
general.entryCode=Entrer le code
|
||||||
|
general.getStarted=Démarrer
|
||||||
|
general.goAGOVHelp=Rendez-vous sur AGOV help
|
||||||
|
general.goAccessApp=Login avec AGOV access
|
||||||
|
general.help=Aide
|
||||||
|
general.help.link=https://agov.ch/help
|
||||||
|
general.login=Login
|
||||||
|
general.loginSecurityKey=Démarrer la connexion avec la clé de sécurité
|
||||||
|
general.or=OU
|
||||||
|
general.otherOptions=AUTRES OPTIONS
|
||||||
|
general.recovery=Récupération
|
||||||
|
general.recoveryOngoing=Récupération en cours
|
||||||
|
general.register=Créer un compte
|
||||||
|
general.registerNow=Enregistrez-vous dès maintenant!
|
||||||
|
general.registration=Enregistrement
|
||||||
|
general.securityKey=Clé de sécurité
|
||||||
|
general.skip.content=Passer au contenu principal
|
||||||
|
generic.auth.error.message=Une interruption de service s’est produite. Nous nous employons à résoudre le problème.
|
||||||
|
generic.auth.error.next.steps=Veuillez réessayer plus tard. Veuillez vous rendre sur AGOV help si le problème persiste.
|
||||||
|
generic.auth.error.subtitle=Un problème s’est produit
|
||||||
|
generic.auth.error.title=Erreur
|
||||||
|
info.logout.confirmation=Veuillez confirmer que vous souhaitez vous déconnecter.
|
||||||
|
info.logout.reminder=Votre session sur cette application a expirée. Essayez encore avec un login.
|
||||||
|
info.oauth.consent=Voulez-vous autoriser l'application?
|
||||||
|
info.timeout.page=Votre session sur cette application a expirée. Essayez encore avec un login.
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
languageDropdown.aria.label=Sélectionner la langue
|
||||||
|
loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
|
||||||
|
loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
|
||||||
|
loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
|
||||||
|
loainfo.helper=Vos données doivent être vérifiées!
|
||||||
|
loainfo.later=Plus tard
|
||||||
|
loainfo.startNow=Voulez-vous commencer le processus maintenant?
|
||||||
|
loainfo.startVerification=Démarrer la vérification
|
||||||
|
loainfo.title=Vérifiez vos données
|
||||||
|
login.button.label=Login
|
||||||
|
logout.label=Logout
|
||||||
|
logout.text=Au revoir
|
||||||
|
mauth_usernameless.EID=Continuer avec l'e-ID suisse
|
||||||
|
mauth_usernameless.banner.error=Authentification interrompue.<br>Veuillez réessayer lorsque la page sera rechargée.
|
||||||
|
mauth_usernameless.banner.info=Scan réussi!<br> Veuillez continuer dans l'application AGOV access.
|
||||||
|
mauth_usernameless.banner.success=Authentification réussie!<br>Veuillez attendre d'être connecté.
|
||||||
|
mauth_usernameless.cannotLogin=Avez-vous perdu l'accès à votre application / votre clé de sécurité ?
|
||||||
|
mauth_usernameless.hideQR=Cacher le code QR
|
||||||
|
mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access
|
||||||
|
mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ?
|
||||||
|
mauth_usernameless.showQR=Afficher le code QR
|
||||||
|
mauth_usernameless.startRecovery=Commencer la récupération du compte
|
||||||
|
mauth_usernameless.useSecurityKey=Utiliser une clé de sécurité pour se connecter
|
||||||
|
mauth_usernameless.useSecurityKeyInfo=Une clé de sécurité physique offre un moyen sûr de se connecter sans devoir utiliser son téléphone.
|
||||||
|
method.certificate.label=Certificat
|
||||||
|
method.fido.label=Mobile Authentication
|
||||||
|
method.fido2.label=FIDO 2
|
||||||
|
method.mtan.label=Code mTAN
|
||||||
|
method.oath.label=Application d'authentification OATH
|
||||||
|
method.otp.label=OTP (One-Time Password)
|
||||||
|
method.recovery.label=Codes de récupération
|
||||||
|
method.safeword.label=SafeWord
|
||||||
|
method.securid.label=SecurID
|
||||||
|
method.ticket.label=Ticket
|
||||||
|
op-admin.login=Administration de l’accès à AGOV op
|
||||||
|
op-admin.login.intro.message=Connectez-vous avec votre nom d’utilisateur et votre mot de passe
|
||||||
|
op-admin.login.loginid=Identifiant de connexion
|
||||||
|
op-admin.login.password=Mot de passe
|
||||||
|
op-admin.login.title=Connexion
|
||||||
|
op-admin.logout=Administration de l’accès à AGOV op
|
||||||
|
op-admin.logout.message=Vous vous êtes déconnecté avec succès.
|
||||||
|
op-admin.logout.title=Déconnexion
|
||||||
|
op-admin.pwchange.intro.message=Changement de mot de passe requis
|
||||||
|
op-admin.pwchange.newpassword=Nouveau mot de passe
|
||||||
|
op-admin.pwchange.newpassword2=Répéter le nouveau mot de passe
|
||||||
|
op-admin.pwchange.password=Mot de passe actuel
|
||||||
|
op-admin.pwchange.title=Changer de mot de passe
|
||||||
|
op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'accès IDM
|
||||||
|
op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'accès
|
||||||
|
op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM
|
||||||
|
op-idmlogin.role.readonly-access=Accès par défaut (lecture seule)
|
||||||
|
op-idmlogin.role.support-basic=Cas de support (récupération, ...)
|
||||||
|
op-idmlogin.role.support-priv=Support de 3ème niveau (archivage, désinscription)
|
||||||
|
op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (opérations)
|
||||||
|
op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (opérations)
|
||||||
|
op-idmlogin.select=AGOV idm
|
||||||
|
op-idmlogin.select.intro=Veuillez sélectionner l’un des profils ci-dessous...
|
||||||
|
op-idmlogin.select.note=Les profils marqués d'un * ne doivent être utilisés que s'ils sont nécessaires pour des tâches spécifiques de support ou de mise en production.
|
||||||
|
op-idmlogin.select.title=Séléction du profil
|
||||||
|
op-onboarding.done.message=L’enregistrement a été effectué avec succès. Vous disposez maintenant d’un accès à AGOV operations. Veuillez fermer le navigateur avant d’accéder à AGOV operations.
|
||||||
|
op-onboarding.done.title=TERMINÉ
|
||||||
|
op-onboarding.failed.title=ERREUR
|
||||||
|
op-onboarding.intro.message1=Pour terminer l’enregistrement de votre accès à AGOV operations, vous devez disposer d’un compte AGOV ou d’un compte FED-LOGIN.
|
||||||
|
op-onboarding.intro.message2=Après avoir cliqué sur "Continuer", vous serez redirigé vers l’authentification.
|
||||||
|
op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n’a pas encore atteint le niveau de qualité d’authentification requis, vous aurez la possibilité de démarrer la vérification d’identité nécessaire pour l’atteindre.
|
||||||
|
op-onboarding.intro.title=DÉMARRER
|
||||||
|
op-onboarding.onboarding=Enregistrement de l’accès à AGOV op
|
||||||
|
op-onboarding.process.message=Un problème s’est produit. Veuillez contacter le service d’assistance AGOV afin de demander un nouveau lien d’enregistrement.
|
||||||
|
outarg.lastLogin.never=Jamais
|
||||||
|
policyFailure.dictionary=▪ ne peut pas être pris d'un dictionnaire.
|
||||||
|
policyFailure.history.History=▪ doit être différent des mots de passe préalablement sélectionnés.
|
||||||
|
policyFailure.regex.control=▪ ne peut contenir plus de {0} caractères de commande.
|
||||||
|
policyFailure.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s).
|
||||||
|
policyFailure.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère.
|
||||||
|
policyFailure.regex.maxLength=La longueur doit être d'au plus {0}.
|
||||||
|
policyFailure.regex.minLength=La longueur doit être d'au moins {0}.
|
||||||
|
policyFailure.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques.
|
||||||
|
policyFailure.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII ({1}).
|
||||||
|
policyFailure.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables ({1}).
|
||||||
|
policyFailure.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres.
|
||||||
|
policyFailure.regex.numeric=▪ doit comprendre {0} caractères numériques.
|
||||||
|
policyFailure.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
|
||||||
|
policyInfo.dictionary=▪ ne peut pas être pris d'un dictionnaire.
|
||||||
|
policyInfo.history.History=▪ ne peut pas être l' précédemment choisis.
|
||||||
|
policyInfo.regex.control=▪ ne peut contenir plus de {0} caractères de commande.
|
||||||
|
policyInfo.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s).
|
||||||
|
policyInfo.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère.
|
||||||
|
policyInfo.regex.maxLength=▪ la longueur doit être d'au plus {0}.
|
||||||
|
policyInfo.regex.minLength=▪ la longueur doit être d'au moins {0}.
|
||||||
|
policyInfo.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques.
|
||||||
|
policyInfo.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII.
|
||||||
|
policyInfo.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables.
|
||||||
|
policyInfo.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres.
|
||||||
|
policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères numériques.
|
||||||
|
policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
|
||||||
|
policyInfo.title=Le mot de passe doit respecter les règles suivantes:
|
||||||
|
recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée
|
||||||
|
recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération.
|
||||||
|
recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
|
||||||
|
recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer.
|
||||||
|
recovery_check_code.enterRecoveryCode=Saisir le code de récupération
|
||||||
|
recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me.
|
||||||
|
recovery_check_code.invalid.code=Le code est invalide
|
||||||
|
recovery_check_code.invalid.code.required=Code requis
|
||||||
|
recovery_check_code.invalid.code.tooLong=Le code est trop long
|
||||||
|
recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
|
||||||
|
recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
|
||||||
|
recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
|
||||||
|
recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération.
|
||||||
|
recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
|
||||||
|
recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
|
||||||
|
recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
|
||||||
|
recovery_code.instruction=Les codes de récupération vous permettent d'accéder à votre compte au cas où vous auriez perdu tous vos identifiants. Conservez le code de récupération en lieu sûr.
|
||||||
|
recovery_code.newRecoveryCode=Introduction du code de récupération
|
||||||
|
recovery_code.validUntil=Valable jusqu'au:
|
||||||
|
recovery_fidokey_auth.button=Démarrer l'authentification par clé de sécurité
|
||||||
|
recovery_fidokey_auth.fidoInstruction=Cliquez sur "Démarrer l'enregistrement de la clé"
|
||||||
|
recovery_fidokey_auth.instruction1=Vous avez déjà enregistré une nouvelle clé de sécurité !!!SECURITY_KEY_NAME!!! dans le cadre du processus de récupération.
|
||||||
|
recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les étapes ci-dessous afin de vous identifier.
|
||||||
|
recovery_fidokey_auth.keyRegistered=Clé de sécurité déjà enregistrée
|
||||||
|
recovery_intro_email.banner.error=Le lien que vous avez utilisé a expiré. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien.
|
||||||
|
recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de démarrer le processus de récupération.
|
||||||
|
recovery_intro_email.important=Important:
|
||||||
|
recovery_intro_email.process=Le processus de récupération ne doit être utilisé que si vous avez perdu l'accès à vos facteurs de connexion (application AGOV access supprimée, clé de sécurité perdue, téléphone perdu, etc.).
|
||||||
|
recovery_intro_email_sent.banner.button=Vous n’avez pas reçu l'email?
|
||||||
|
recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de récupération et des instructions.
|
||||||
|
recovery_on_going.finishRecovery=Terminer la récupération
|
||||||
|
recovery_on_going.instruction=Vous n’avez pas encore terminé le processus de récupération. Dans le cadre du processus de récupération, votre identité peut faire l’objet d’une vérification. Pour accéder à des applications au moyen de votre identifiant AGOV, vous devez terminer la vérification d’identité.
|
||||||
|
recovery_on_going.title=Veuillez terminer le processus de récupération.
|
||||||
|
recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir accès à votre code de récupération pour que la récupération soit réussie.
|
||||||
|
recovery_questionnaire_instructions.explanation=D'après vos réponses, une récupération de l'identifiant AGOV-Login semble nécessaire. Veuillez cliquer sur continuer et suivre les instructions à l'écran.
|
||||||
|
recovery_questionnaire_instructions.instruction1=Fournissez l'adresse électronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de récupération
|
||||||
|
recovery_questionnaire_instructions.instruction2=Suivez les étapes pour récupérer votre compte (les étapes varient en fonction du niveau de vérification de votre compte)
|
||||||
|
recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une réponse.
|
||||||
|
recovery_questionnaire_loginfactor.no=Non
|
||||||
|
recovery_questionnaire_loginfactor.question=Avez-vous enregistré plus d'un facteur d'authentification (application AGOV access ou clé de sécurité) sur votre compte ?
|
||||||
|
recovery_questionnaire_loginfactor.yes=Oui
|
||||||
|
recovery_questionnaire_no_recovery.explanation1=D'après vos réponses, l'option de récupération d'AGOV ne semble pas nécessaire pour l'instant.
|
||||||
|
recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> pour obtenir des articles de soutien.
|
||||||
|
recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficultés pour vous connecter à une application, visitez <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> et vérifiez si vous pouvez vous connecter avec succès.
|
||||||
|
recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistré plusieurs facteurs de connexion mais que vous avez perdu l'accès à l'un d'entre eux, veuillez consulter <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> pour supprimer celui auquel vous avez perdu l'accès.
|
||||||
|
recovery_questionnaire_reason_selection.answer1=Je n'arrive pas à me connecter, même si j'ai mon application / ma clé de sécurité
|
||||||
|
recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou clé de sécurité)
|
||||||
|
recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
|
||||||
|
recovery_questionnaire_reason_selection.answer3=J'ai supprimé ou réinitialisé mon application AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer4=J'ai perdu mon téléphone / clé de sécurité
|
||||||
|
recovery_questionnaire_reason_selection.answer5=J'ai un nouveau téléphone et j'ai oublié de transférer mon application AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer6=J'ai oublié mon PIN pour l'application AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer7=J'ai mes clés de sécurité ou mes applications, mais j'ai du mal à me connecter
|
||||||
|
recovery_questionnaire_reason_selection.answer8=J'ai perdu l'accès à toutes mes clés de sécurité et aux applications AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer9=J'ai des problèmes avec l'un de mes facteurs d'authentification (effacé, réinitialisé, PIN oublié)
|
||||||
|
recovery_questionnaire_reason_selection.banner.error=Veuillez sélectionner un motif.
|
||||||
|
recovery_questionnaire_reason_selection.instruction=Veuillez sélectionner la raison pour laquelle vous entamez le processus de récupération :
|
||||||
|
recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de récupération n'aura pas été terminé.
|
||||||
|
recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération.
|
||||||
|
recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération.
|
||||||
|
reject.button.label=Refuser
|
||||||
|
submit.button.label=Envoyer
|
||||||
|
tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile.
|
||||||
|
title.login=Login
|
||||||
|
title.logout=Logout
|
||||||
|
title.logout.confirmation=Logout
|
||||||
|
title.logout.reminder=Logout
|
||||||
|
title.oauth.consent=Autorisation du client
|
||||||
|
title.saml.failed=Error
|
||||||
|
title.timeout.page=Logout
|
||||||
|
user_input.invalid.email=Veuillez saisir un e-mail valable.
|
||||||
|
user_input.invalid.email.required=Champ requis
|
||||||
|
user_input.invalid.email.tooLong=La saisie est trop longue
|
|
@ -0,0 +1,252 @@
|
||||||
|
|
||||||
|
accept.button.label=Accettare
|
||||||
|
cancel.button.label=Abortire
|
||||||
|
continue.button.label=Continua
|
||||||
|
darkModeSwitch.aria.label=Attivare la modalità scura
|
||||||
|
deputy.profile.label=(profilo del delegato)
|
||||||
|
error.saml.failed=Chiudi il browser e riprova.
|
||||||
|
error_1=Verificare i dati inseriti.
|
||||||
|
error_10=Scegliere l’account utente corretto.
|
||||||
|
error_100=Impossibile caricare il certificato. Il certificato esiste già. Contattare l’help desk.
|
||||||
|
error_101=L’e-mail inserita non è valida.
|
||||||
|
error_11=Utilizzare un altro certificato o accedere con altre credenziali.
|
||||||
|
error_2=Selezionare un altro nome di accesso.
|
||||||
|
error_3=Se la prossima autenticazione fallisce, l’account sarà bloccato.
|
||||||
|
error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un’altra password.
|
||||||
|
error_5=Errore nella conferma della password.
|
||||||
|
error_50=La nuova password è troppo corta.
|
||||||
|
error_55=La nuova password deve differire da quelle precedenti.
|
||||||
|
error_6=È richiesta la modifica della password.
|
||||||
|
error_7=È richiesta la modifica dell’ID di accesso.
|
||||||
|
error_8=A causa dei ripetuti tentativi di autenticazione falliti, l’account è stato bloccato.
|
||||||
|
error_81=Non è stata trovata alcuna carta di accesso; l’accesso da Internet è negato.
|
||||||
|
error_83=La carta di accesso non è più valida. Per richiedere una nuova carta di accesso, contattare il responsabile.
|
||||||
|
error_9=Takeover di sessione fallito.
|
||||||
|
error_97=Accesso non autorizzato a questa risorsa.
|
||||||
|
error_98=L’account è stato bloccato.
|
||||||
|
error_99=Ci sono problemi di sistema. Riprovare più tardi.
|
||||||
|
error_9901=Per accedere a questa pagina, è necessario un link di registrazione valido.
|
||||||
|
error_9902=L’e-mail utilizzata per l’autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione.
|
||||||
|
error_9903=L’IdP utilizzato non ha inviato un’asserzione valida. Assicurarsi di utilizzare l’IdP corretto. Richiedere al supporto un nuovo link di registrazione.
|
||||||
|
error_9904=Il link non è più valido. Assicurarsi di utilizzare il link più recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link.
|
||||||
|
error_9905=Si è verificato un problema con l’account AGOV operations. Contattare il supporto.
|
||||||
|
error_9909=Si è verificato un errore interno. Richiedere al supporto un nuovo link di registrazione.
|
||||||
|
errors.duplicateValue=Il suo account è già collegato ad un altro accesso operativo.
|
||||||
|
fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza è stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni.
|
||||||
|
fido2_auth.instruction1=Cliccare su "Continua"
|
||||||
|
fido2_auth.instruction2=A breve si aprirà una finestra per l'autenticazione.
|
||||||
|
fido2_auth.instruction3=Seguire le istruzioni.
|
||||||
|
fido2_auth.skipInstructions=Non mostrare più le istruzioni
|
||||||
|
fido2_auth.switchLogin=ACCEDERE CON
|
||||||
|
footer.link=https://agov.ch/?c=contact&l=it
|
||||||
|
footer.link.label=Contatto
|
||||||
|
footer.text=Servizio di autenticazione delle autorità Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. -
|
||||||
|
general.AGOVAccessApp=App AGOV access
|
||||||
|
general.accessApp=App AGOV access
|
||||||
|
general.authenticate=Autentifica
|
||||||
|
general.back=Indietro
|
||||||
|
general.cancel=Annullare
|
||||||
|
general.confirm=Confermare
|
||||||
|
general.contactSupport=Contattare il supporto
|
||||||
|
general.continue=Continuare
|
||||||
|
general.edit=Modificare
|
||||||
|
general.email=e-mail
|
||||||
|
general.email.address=Indirizzo e-mail
|
||||||
|
general.entryCode=Codice
|
||||||
|
general.getStarted=Iniziare
|
||||||
|
general.goAGOVHelp=Vai ad AGOV help
|
||||||
|
general.goAccessApp=Login con AGOV access
|
||||||
|
general.help=Aiuto
|
||||||
|
general.help.link=https://agov.ch/help
|
||||||
|
general.login=Accedere
|
||||||
|
general.loginSecurityKey=Iniziare il login con la chiave di sicurezza
|
||||||
|
general.or=O
|
||||||
|
general.otherOptions=ALTRE OPZIONI
|
||||||
|
general.recovery=Ripristino
|
||||||
|
general.recoveryOngoing=Ripristino in corso
|
||||||
|
general.register=Registrarsi
|
||||||
|
general.registerNow=Si registri ora!
|
||||||
|
general.registration=Registrazione
|
||||||
|
general.securityKey=Chiave di sicurezza
|
||||||
|
general.skip.content=Vai al contenuto principale
|
||||||
|
generic.auth.error.message=Si è verificata un’interruzione. Stiamo lavorando per ripristinare l’esercizio.
|
||||||
|
generic.auth.error.next.steps=Riprovare più tardi. Se il problema persiste, consultare AGOV help.
|
||||||
|
generic.auth.error.subtitle=Qualcosa non ha funzionato.
|
||||||
|
generic.auth.error.title=Errore
|
||||||
|
info.logout.confirmation=Si prega di confermare che si desidera disconnettersi.
|
||||||
|
info.logout.reminder=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login.
|
||||||
|
info.oauth.consent=Vuoi consentire all'applicazione?
|
||||||
|
info.timeout.page=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login.
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
languageDropdown.aria.label=Selezionare la lingua
|
||||||
|
loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
|
||||||
|
loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
|
||||||
|
loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
|
||||||
|
loainfo.helper=I dati devono essere verificati!
|
||||||
|
loainfo.later=Più tardi
|
||||||
|
loainfo.startNow=Iniziare la procedura?
|
||||||
|
loainfo.startVerification=Iniziare la verifica
|
||||||
|
loainfo.title=Verificare i dati.
|
||||||
|
login.button.label=Login
|
||||||
|
logout.label=Logout
|
||||||
|
logout.text=È uscito con successo.
|
||||||
|
mauth_usernameless.EID=Continuare con CH e-ID
|
||||||
|
mauth_usernameless.banner.error=Autenticazione interrotta.<br>Riprovare dopo che la pagina si sarà ricaricata.
|
||||||
|
mauth_usernameless.banner.info=La scansione è stata eseguita.<br>Continuare nell'app AGOV access.
|
||||||
|
mauth_usernameless.banner.success=Autenticazione riuscita!<br>Aspettare di essere connessi.
|
||||||
|
mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza?
|
||||||
|
mauth_usernameless.hideQR=Nascondi il codice QR
|
||||||
|
mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access.
|
||||||
|
mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ?
|
||||||
|
mauth_usernameless.showQR=Visualizza il codice QR
|
||||||
|
mauth_usernameless.startRecovery=Inizia il recupero dell'account
|
||||||
|
mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza.
|
||||||
|
mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono.
|
||||||
|
method.certificate.label=Certificato
|
||||||
|
method.fido.label=Mobile Authentication
|
||||||
|
method.fido2.label=FIDO 2
|
||||||
|
method.mtan.label=Codice mTAN
|
||||||
|
method.oath.label=App di autenticazione OATH
|
||||||
|
method.otp.label=OTP (One-Time Password)
|
||||||
|
method.recovery.label=Codici di ripristino
|
||||||
|
method.safeword.label=SafeWord
|
||||||
|
method.securid.label=SecurID
|
||||||
|
method.ticket.label=Ticket
|
||||||
|
op-admin.login=AGOV op admin
|
||||||
|
op-admin.login.intro.message=Accedere con nome utente e password
|
||||||
|
op-admin.login.loginid=ID di accesso
|
||||||
|
op-admin.login.password=Password
|
||||||
|
op-admin.login.title=Accedere
|
||||||
|
op-admin.logout=AGOV op admin
|
||||||
|
op-admin.logout.message=La sessione è terminata.
|
||||||
|
op-admin.logout.title=Disconnessione
|
||||||
|
op-admin.pwchange.intro.message=È richiesta la modifica della password.
|
||||||
|
op-admin.pwchange.newpassword=Nuova password
|
||||||
|
op-admin.pwchange.newpassword2=Ripetere la nuova password
|
||||||
|
op-admin.pwchange.password=Password attuale
|
||||||
|
op-admin.pwchange.title=Modificare password
|
||||||
|
op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM
|
||||||
|
op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso
|
||||||
|
op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM
|
||||||
|
op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura)
|
||||||
|
op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...)
|
||||||
|
op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding)
|
||||||
|
op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni)
|
||||||
|
op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni)
|
||||||
|
op-idmlogin.select=AGOV idm
|
||||||
|
op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili...
|
||||||
|
op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attività di supporto o rilascio specifiche.
|
||||||
|
op-idmlogin.select.title=Selezione del profilo
|
||||||
|
op-onboarding.done.message=La registrazione è riuscita. Ora l’accesso AGOV operations è pronto. Prima di accedere ad AGOV operations, chiudere il browser.
|
||||||
|
op-onboarding.done.title=FINITO
|
||||||
|
op-onboarding.failed.title=ERRORE
|
||||||
|
op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, è necessario avere un account AGOV o FED-LOGIN.
|
||||||
|
op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si è reindirizzati al servizio di autenticazione.
|
||||||
|
op-onboarding.intro.message3=Se utilizza AGOV e l’account non soddisfa ancora il livello richiesto AGOVaq, potrà avviare la verifica dell’identità richiesta.
|
||||||
|
op-onboarding.intro.title=INIZIARE
|
||||||
|
op-onboarding.onboarding=Registrazione AGOV op
|
||||||
|
op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione.
|
||||||
|
outarg.lastLogin.never=Mai
|
||||||
|
policyFailure.dictionary=▪ non può essere presa da un dizionario.
|
||||||
|
policyFailure.history.History=▪ deve essere diversa da password precedenti.
|
||||||
|
policyFailure.regex.control=▪ non può contenere più di {0} caratteri di controllo.
|
||||||
|
policyFailure.regex.lower=▪ deve conenere almeno {0} caratteri minuscoli.
|
||||||
|
policyFailure.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali.
|
||||||
|
policyFailure.regex.maxLength=▪ deve contenere al massimo {0} caratteri.
|
||||||
|
policyFailure.regex.minLength=▪ deve contenere almeno {0} caratteri.
|
||||||
|
policyFailure.regex.nonAlnum=▪ deve conenere almeno {0} caratteri non alfanumerici.
|
||||||
|
policyFailure.regex.nonAscii=▪ non può contenere più di {0} caratteri non ASCII.
|
||||||
|
policyFailure.regex.nonGraph=▪ non può contenere più di {0} caratteri non stampabili.
|
||||||
|
policyFailure.regex.nonLetter=▪ non può contenere più di {0} numeri o caratteri speciali.
|
||||||
|
policyFailure.regex.numeric=▪ deve contenere {0} caratteri numerici.
|
||||||
|
policyFailure.regex.upper=▪ deve conenere almeno {0} caratteri maiuscoli.
|
||||||
|
policyInfo.dictionary=▪ non può essere presa da un dizionario.
|
||||||
|
policyInfo.history.History=▪ deve essere diversa dalle password precedenti.
|
||||||
|
policyInfo.regex.control=▪ non può contenere più di {0} carattere/i di controllo.
|
||||||
|
policyInfo.regex.lower=▪ deve conenere almeno {0} carattere/i minuscolo/i.
|
||||||
|
policyInfo.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali.
|
||||||
|
policyInfo.regex.maxLength=▪ deve contenere al massimo {0} carattere/i.
|
||||||
|
policyInfo.regex.minLength=▪ deve contenere almeno {0} carattere/i.
|
||||||
|
policyInfo.regex.nonAlnum=▪ deve conenere almeno {0} carattere/i non alfanumerico/i.
|
||||||
|
policyInfo.regex.nonAscii=▪ non può contenere più di {0} carattere/i non ASCII.
|
||||||
|
policyInfo.regex.nonGraph=▪ non può contenere più di {0} carattere/i non stampabile/i.
|
||||||
|
policyInfo.regex.nonLetter=▪ non può contenere più di {0} numero/i o caratere/i speciale/i.
|
||||||
|
policyInfo.regex.numeric=▪ deve contenere un minimo di {0} carattere/i numerico/i.
|
||||||
|
policyInfo.regex.upper=▪ deve conenere almeno {0} carattere/i maiuscolo/i.
|
||||||
|
policyInfo.title=La password deve rispettare le seguenti direttive:
|
||||||
|
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
|
||||||
|
recovery_accessapp_auth.instruction1=Ha già registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
|
||||||
|
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
|
||||||
|
recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare.
|
||||||
|
recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
|
||||||
|
recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
|
||||||
|
recovery_check_code.invalid.code=Il codice non è valido
|
||||||
|
recovery_check_code.invalid.code.required=Codice richiesto
|
||||||
|
recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
|
||||||
|
recovery_check_code.noAccess=Non ho il mio codice.
|
||||||
|
recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
|
||||||
|
recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
|
||||||
|
recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto
|
||||||
|
recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
|
||||||
|
recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
|
||||||
|
recovery_code.banner.error=Per procedere, inserire il nuovo codice.
|
||||||
|
recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
|
||||||
|
recovery_code.newRecoveryCode=Introduzione del codice di ripristino
|
||||||
|
recovery_code.validUntil=Valido fino a:
|
||||||
|
recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave
|
||||||
|
recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave"
|
||||||
|
recovery_fidokey_auth.instruction1=Ha già registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
|
||||||
|
recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti.
|
||||||
|
recovery_fidokey_auth.keyRegistered=Chiave di sicurezza già registrata
|
||||||
|
recovery_intro_email.banner.error=Il link utilizzato è scaduto. Per ricevere un nuovo link, inserire l’indirizzo e-mail.
|
||||||
|
recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l’indirizzo e-mail.
|
||||||
|
recovery_intro_email.important=Importante:
|
||||||
|
recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app AGOV access eliminata, chiave di sicurezza persa, telefono smarrito, ecc.).
|
||||||
|
recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail?
|
||||||
|
recovery_intro_email_sent.banner.success=Grazie! È stata inviata un’e-mail contenente il codice di ripristino e le istruzioni.
|
||||||
|
recovery_on_going.finishRecovery=Completare il ripristino
|
||||||
|
recovery_on_going.instruction=È in corso un processo di ripristino. Il processo di ripristino può includere una verifica dell’identità. Per accedere alle applicazioni con il proprio AGOV-Login, è necessario completare la verifica dell’identità.
|
||||||
|
recovery_on_going.title=Completare il processo di ripristino.
|
||||||
|
recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi è necessario utilizzare il codice di ripristino per un ripristino riuscito.
|
||||||
|
recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo.
|
||||||
|
recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero
|
||||||
|
recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account)
|
||||||
|
recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta.
|
||||||
|
recovery_questionnaire_loginfactor.no=No
|
||||||
|
recovery_questionnaire_loginfactor.question=Ha registrato più di un fattore di accesso (app AGOV access o chiave di sicurezza) al suo account?
|
||||||
|
recovery_questionnaire_loginfactor.yes=Si
|
||||||
|
recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento.
|
||||||
|
recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> per articoli di supporto.
|
||||||
|
recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> e verifichi se può accedere con successo.
|
||||||
|
recovery_questionnaire_no_recovery.instruction2=Se ha registrato più fattori di accesso ma ha perso l'accesso a uno di essi, visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> per rimuovere quello a cui ha perso l'accesso.
|
||||||
|
recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
|
||||||
|
recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
|
||||||
|
recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
|
||||||
|
recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
|
||||||
|
recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere
|
||||||
|
recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app AGOV access
|
||||||
|
recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato)
|
||||||
|
recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo.
|
||||||
|
recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero:
|
||||||
|
recovery_start_info.banner.warning=Non è possibile utilizzare l’account finché il processo di ripristino non sarà concluso.
|
||||||
|
recovery_start_info.instruction=Durante il processo di ripristino sarà registrato un nuovo fattore di accesso. Se l’account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino.
|
||||||
|
recovery_start_info.title=Il processo di ripristino sta per iniziare.
|
||||||
|
reject.button.label=Rifiuti
|
||||||
|
submit.button.label=Continua
|
||||||
|
tan.sent=Inserisci il codice di sicurezza che è stato inviato al tuo telefono cellulare.
|
||||||
|
title.login=Login
|
||||||
|
title.logout=Logout
|
||||||
|
title.logout.confirmation=Logout
|
||||||
|
title.logout.reminder=Logout
|
||||||
|
title.oauth.consent=Autorizzazione del client
|
||||||
|
title.saml.failed=Error
|
||||||
|
title.timeout.page=Logout
|
||||||
|
user_input.invalid.email=Inserire un'e-mail valida.
|
||||||
|
user_input.invalid.email.required=Campo obbligatorio
|
||||||
|
user_input.invalid.email.tooLong=Il testo inserito è troppo lungo.
|
|
@ -0,0 +1,79 @@
|
||||||
|
import ch.nevis.esauth.auth.engine.AuthResponse
|
||||||
|
|
||||||
|
// for autditing
|
||||||
|
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
|
||||||
|
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
|
||||||
|
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
|
||||||
|
|
||||||
|
def minLoi = session['agov.op.onboarding.minLoi'] ?: 'unknown'
|
||||||
|
|
||||||
|
if (session['agov.op.onboarding.process.state'] == null) {
|
||||||
|
// 0) remove SAMLResponse, to avoid multiple processing
|
||||||
|
request.getInArgs().remove("SAMLResponse")
|
||||||
|
|
||||||
|
// check status
|
||||||
|
if (notes['saml.response.statusCode'] == 'urn:oasis:names:tc:SAML:2.0:status:Success') {
|
||||||
|
|
||||||
|
// we have to do the checks.
|
||||||
|
// 1) compare email
|
||||||
|
if (!notes['saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'].equalsIgnoreCase(session['ch.nevis.idm.User.email'])) {
|
||||||
|
|
||||||
|
def lasterrorinfo = "email don't match: idm=${session['ch.nevis.idm.User.email']} idp=${notes['saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress']}"
|
||||||
|
response.setNote('lasterror', '9902')
|
||||||
|
response.setNote('lasterrorinfo', lasterrorinfo)
|
||||||
|
|
||||||
|
LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent=${userAgent}, lasterror=${response.getNote('lasterror')}, lasterrorinfo='${lasterrorinfo}'")
|
||||||
|
|
||||||
|
response.setStatus(AuthResponse.AUTH_ERROR)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
def homeName = notes['saml.attributes.http://schemas.eiam.admin.ch/ws/2013/12/identity/claims/fp/homeName'] ?: 'unknown'
|
||||||
|
def subject = session['ch.nevis.auth.saml.assertion.subject'] ?: 'unknown'
|
||||||
|
if (homeName == 'unknown' || subject == 'unknown') {
|
||||||
|
def lasterrorinfo = "invalid info from IdP: subject=${subject} homeName=${homeName}"
|
||||||
|
response.setNote('lasterror', '9903')
|
||||||
|
response.setNote('lasterrorinfo', lasterrorinfo)
|
||||||
|
|
||||||
|
LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', lasterror=${response.getNote('lasterror')}, lasterrorinfo='${lasterrorinfo}'")
|
||||||
|
|
||||||
|
response.setStatus(AuthResponse.AUTH_ERROR)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// ok - create the credential
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.process.state', 'createCredential')
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.homeName', homeName)
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.subject', subject)
|
||||||
|
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.subject', session['ch.nevis.auth.saml.assertion.subject'] ?: 'unknown')
|
||||||
|
response.setResult('createSamlFedCredential')
|
||||||
|
return
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
def lasterrorinfo = "authentication by IdP failed: ${notes['saml.response.statusCode']}"
|
||||||
|
response.setNote('lasterror', '9903')
|
||||||
|
response.setNote('lasterrorinfo', lasterrorinfo)
|
||||||
|
|
||||||
|
LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', lasterror=${response.getNote('lasterror')}, lasterrorinfo='${lasterrorinfo}'")
|
||||||
|
|
||||||
|
response.setStatus(AuthResponse.AUTH_ERROR)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
} else if (session['agov.op.onboarding.process.state'] == 'createCredential') {
|
||||||
|
// 2 Credential created, we or done
|
||||||
|
def responseId = session['ch.nevis.auth.saml.response.id']
|
||||||
|
def homeName = session['agov.op.onboarding.homeName'] ?: 'unknown'
|
||||||
|
def subject = session['agov.op.onboarding.subject'] ?: 'unknown'
|
||||||
|
|
||||||
|
LOG.info("Event='OP-SUCCESS', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', ResponseID='${responseId}', subject='${subject}', homeName='${homeName}'")
|
||||||
|
response.setResult('done')
|
||||||
|
return
|
||||||
|
|
||||||
|
} else {
|
||||||
|
LOG.error("invalid state: ${session['agov.op.onboarding.process.state']}")
|
||||||
|
response.setNote('lasterror', '9909')
|
||||||
|
response.setNote('lasterrorinfo', 'internal error')
|
||||||
|
response.setResult('failure')
|
||||||
|
}
|
|
@ -0,0 +1,128 @@
|
||||||
|
import ch.nevis.esauth.auth.engine.AuthResponse
|
||||||
|
import groovy.xml.XmlSlurper
|
||||||
|
|
||||||
|
|
||||||
|
// AGOVaq conversion
|
||||||
|
def minLoiRoleToCtxClssConvertorMap = [
|
||||||
|
"level100": "urn:qa.agov.ch:names:tc:ac:classes:100",
|
||||||
|
"level200": "urn:qa.agov.ch:names:tc:ac:classes:200",
|
||||||
|
"level300": "urn:qa.agov.ch:names:tc:ac:classes:300",
|
||||||
|
"level400": "urn:qa.agov.ch:names:tc:ac:classes:400",
|
||||||
|
"level500": "urn:qa.agov.ch:names:tc:ac:classes:500"
|
||||||
|
]
|
||||||
|
|
||||||
|
def cleanSession() {
|
||||||
|
def s = request.getAuthSession(true)
|
||||||
|
|
||||||
|
s.removeAttribute('agov.op.onboarding.ctxClass')
|
||||||
|
s.removeAttribute('agov.op.onboarding.minLoi')
|
||||||
|
s.removeAttribute('agov.op.onboarding.homeName')
|
||||||
|
s.removeAttribute('agov.op.onboarding.subject')
|
||||||
|
s.removeAttribute('agov.op.onboarding.process.state')
|
||||||
|
s.removeAttribute('ch.adnovum.nevisidm.userDto')
|
||||||
|
s.removeAttribute('saml.response.statusCode')
|
||||||
|
if (response.getActualRoles().length > 0) {
|
||||||
|
def actualRoles = Arrays.copyOf(response.getActualRoles(), response.getActualRoles().length)
|
||||||
|
actualRoles.each{ role -> response.removeActualRole(role) }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// for autditing
|
||||||
|
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
|
||||||
|
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
|
||||||
|
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
|
||||||
|
def minLoi = 'unknown'
|
||||||
|
|
||||||
|
// 1) makes sure, that we are or were invoked with a correct URL ticket, set error code, if not
|
||||||
|
if (inargs['cd'] == null && session['agov.op.onboarding.code'] == null) {
|
||||||
|
response.setNote('lasterror', '9901')
|
||||||
|
response.setNote('lasterrorinfo', 'valid on-boarding link required')
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2a) if code as query param, store it to the session, and redirect
|
||||||
|
if (inargs['cd'] != null) {
|
||||||
|
// make sure, we are clean to be able to start over
|
||||||
|
cleanSession()
|
||||||
|
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.code', inargs['cd'])
|
||||||
|
response.setStatus(AuthResponse.AUTH_CONTINUE)
|
||||||
|
response.setTransferDestination('/AUTH/ONBOARDING/')
|
||||||
|
response.setIsRedirectTransfer(true)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// 2b) clean the url, if necessary
|
||||||
|
if (request.currentResource.replaceAll('^https:\\/\\/[^\\/]+\\/AUTH\\/ONBOARDING\\/', '').length() > 0) {
|
||||||
|
|
||||||
|
response.setStatus(AuthResponse.AUTH_CONTINUE)
|
||||||
|
response.setTransferDestination('/AUTH/ONBOARDING/')
|
||||||
|
response.setIsRedirectTransfer(true)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// 3) if SAMLResponse available, process it
|
||||||
|
if (inargs['SAMLResponse'] != null) {
|
||||||
|
// we don't use a RelayState, make sure he is ignored
|
||||||
|
request.getInArgs().remove("RelayState")
|
||||||
|
response.setResult('processResponse')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// 4) check if we could already validate the ticket, and load the user
|
||||||
|
if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null) {
|
||||||
|
try {
|
||||||
|
def userDto = new XmlSlurper().parseText(session['ch.adnovum.nevisidm.userDto'])
|
||||||
|
def userState = userDto.state
|
||||||
|
|
||||||
|
if (userState == 'ACTIVE') {
|
||||||
|
def minLoiList = userDto.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'OP-MinLoi' }.collect({ node -> node.name.text() }).sort()
|
||||||
|
minLoi = minLoiList.isEmpty() ? null : minLoiList.first()
|
||||||
|
|
||||||
|
if (minLoi != null) {
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.minLoi', minLoi)
|
||||||
|
if (minLoiRoleToCtxClssConvertorMap.containsKey(minLoi)) {
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.ctxClass', minLoiRoleToCtxClssConvertorMap[minLoi])
|
||||||
|
} else {
|
||||||
|
LOG.warn("OP-ONBOARDING: Failed to convert '${minLoi}' to AGOVaq, taking 'urn:qa.agov.ch:names:tc:ac:classes:100'")
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.ctxClass', "urn:qa.agov.ch:names:tc:ac:classes:100")
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
LOG.debug("OP-ONBOARDING: no 'OP-MinLoi'-role assigned to user ${user}, using AGOVaq100")
|
||||||
|
minLoi = "level100"
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.minLoi', "level100")
|
||||||
|
response.setSessionAttribute('agov.op.onboarding.ctxClass', "urn:qa.agov.ch:names:tc:ac:classes:100")
|
||||||
|
}
|
||||||
|
LOG.info("Event='OP-AUTHNREQ', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent=${userAgent}")
|
||||||
|
response.setResult('sendAuthnRequest')
|
||||||
|
} else {
|
||||||
|
// state != ACTIVE and no lasterror should not happen
|
||||||
|
LOG.error("On boarding ticket processing failed: state='${userState}' but not lasterror set")
|
||||||
|
response.setNote('lasterror', '9909')
|
||||||
|
response.setNote('lasterrorinfo', 'internal error')
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
LOG.error("On boarding ticket processing failed: Exception " + e)
|
||||||
|
response.setNote('lasterror', '9909')
|
||||||
|
response.setNote('lasterrorinfo', 'internal error')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// 5) validate URL Ticket?
|
||||||
|
if (inargs['submit'] != null && notes['verifyTicket'] == null) {
|
||||||
|
response.setNote('verifyTicket', 'go')
|
||||||
|
response.setResult('verifyTicket')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// 6) if we reach that point, display the GUI
|
||||||
|
if (response.getNote('lasterror') != null) {
|
||||||
|
minLoi = session['agov.op.onboarding.minLoi'] ?: 'unknown'
|
||||||
|
LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent=${userAgent}, lasterror=${response.getNote('lasterror')}, lasterrorinfo='${response.getNote('lasterrorinfo')}'")
|
||||||
|
cleanSession()
|
||||||
|
}
|
||||||
|
|
||||||
|
response.setStatus(AuthResponse.AUTH_CONTINUE)
|
|
@ -0,0 +1 @@
|
||||||
|
bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory
|
|
@ -0,0 +1,19 @@
|
||||||
|
RTENV_SECURITY_CHECK=no_shell
|
||||||
|
|
||||||
|
JAVA_OPTS=(
|
||||||
|
"-XX:+UseContainerSupport"
|
||||||
|
"-Dfile.encoding=UTF-8"
|
||||||
|
"-XX:MaxRAMPercentage=80.0"
|
||||||
|
"-Djava.net.preferIPv4Stack=true"
|
||||||
|
"-Djava.net.connectionTimeout=10000"
|
||||||
|
"-Djava.net.readTimeout=15000"
|
||||||
|
"-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml"
|
||||||
|
"-Djava.awt.headless=true"
|
||||||
|
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||||
|
"-Dotel.javaagent.logging=application"
|
||||||
|
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
||||||
|
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
||||||
|
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-v1-default-tls-trust/truststore.p12"
|
||||||
|
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-v1-default-tls-trust/keypass}"
|
||||||
|
)
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
# this file is generated by nevisAdmin 4
|
||||||
|
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,15 @@
|
||||||
|
try {
|
||||||
|
def session = request.getAuthSession(true)
|
||||||
|
|
||||||
|
def emailFromAssertion = session.getAttribute('emailFromAssertion') ?: 'unknown'
|
||||||
|
def subjectFromAssertion = session.getAttribute('ch.nevis.auth.saml.assertion.subject') ?: 'unknown'
|
||||||
|
def loginId = inargs.getProperty('isiwebuserid') ?: 'unknown'
|
||||||
|
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
|
||||||
|
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
|
||||||
|
|
||||||
|
LOG.warn("Event='IDM-ADMIN-LOGIN', subject from assertion=${subjectFromAssertion}, email from assertion='${emailFromAssertion}', loginId=${loginId}, SourceIp=${sourceIp}, UserAgent='${userAgent}')")
|
||||||
|
response.setResult('ok');
|
||||||
|
} catch(Exception ex) {
|
||||||
|
LOG.error("Exception in logLoginUser groovy script: " + ex)
|
||||||
|
response.setResult('error');
|
||||||
|
}
|
|
@ -0,0 +1,39 @@
|
||||||
|
Configuration:
|
||||||
|
monitorInterval: 60
|
||||||
|
Appenders:
|
||||||
|
Console:
|
||||||
|
- name: "SERVER"
|
||||||
|
target: "SYSTEM_OUT"
|
||||||
|
PatternLayout:
|
||||||
|
pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n"
|
||||||
|
RegexFilter:
|
||||||
|
regex: ".*GET /nevisauth/liveness.*"
|
||||||
|
onMatch: "DENY"
|
||||||
|
onMismatch: "ACCEPT"
|
||||||
|
Loggers:
|
||||||
|
Logger:
|
||||||
|
- name: "EsAuthStart"
|
||||||
|
level: "INFO"
|
||||||
|
- name: "org.apache.catalina.loader.WebappClassLoader"
|
||||||
|
level: "FATAL"
|
||||||
|
- name: "org.apache.catalina.startup.HostConfig"
|
||||||
|
level: "ERROR"
|
||||||
|
- name: "ch.nevis.esauth.events"
|
||||||
|
level: "FATAL"
|
||||||
|
- name: "AGOVOP-ACCT"
|
||||||
|
level: "INFO"
|
||||||
|
- name: "AuthEngine"
|
||||||
|
level: "INFO"
|
||||||
|
- name: "AuthPerf"
|
||||||
|
level: "INFO"
|
||||||
|
- name: "Script"
|
||||||
|
level: "INFO"
|
||||||
|
- name: "StdStates"
|
||||||
|
level: "INFO"
|
||||||
|
- name: "Vars"
|
||||||
|
level: "INFO"
|
||||||
|
Root:
|
||||||
|
level: "WARN"
|
||||||
|
additivity: "false"
|
||||||
|
AppenderRef:
|
||||||
|
- ref: "SERVER"
|
|
@ -0,0 +1,16 @@
|
||||||
|
server:
|
||||||
|
name: "default"
|
||||||
|
protocol: "https"
|
||||||
|
port: "8991"
|
||||||
|
host: "0.0.0.0"
|
||||||
|
tls:
|
||||||
|
keystore: "/var/opt/keys/own/auth-v1-default-identity/keystore.p12"
|
||||||
|
keystore-passphrase: "${exec:/var/opt/keys/own/auth-v1-default-identity/keypass}"
|
||||||
|
client-auth: "required"
|
||||||
|
truststore: "/var/opt/keys/trust/auth-v1-default-tls-client-trust/truststore.p12"
|
||||||
|
truststore-passphrase: "${exec:/var/opt/keys/trust/auth-v1-default-tls-client-trust/keypass}"
|
||||||
|
management:
|
||||||
|
server:
|
||||||
|
port: "9000"
|
||||||
|
healthchecks:
|
||||||
|
enabled: "true"
|
|
@ -0,0 +1,4 @@
|
||||||
|
otel.service.name = auth
|
||||||
|
otel.traces.exporter = none
|
||||||
|
otel.metrics.exporter = none
|
||||||
|
otel.logs.exporter = none
|
|
@ -0,0 +1,23 @@
|
||||||
|
// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth.
|
||||||
|
// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups.
|
||||||
|
|
||||||
|
// restore tokens
|
||||||
|
session.each { key, value ->
|
||||||
|
if (key.startsWith('outarg.token.')) {
|
||||||
|
def name = key.substring(7)
|
||||||
|
if (outargs.containsKey(name)) {
|
||||||
|
LOG.debug("not restoring token (outarg: $name) from session: outarg already set")
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
LOG.debug("restoring token (outarg: $name) from session")
|
||||||
|
outargs.put(name, value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// store tokens
|
||||||
|
outargs.each { name, value ->
|
||||||
|
if (name.startsWith('token.')) {
|
||||||
|
session.put('outarg.' + name, value)
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,22 @@
|
||||||
|
import ch.nevis.esauth.auth.states.saml.util.Communicator
|
||||||
|
import ch.nevis.esauth.auth.states.saml.util.Communicator.RelayStateProtection
|
||||||
|
|
||||||
|
def redirect(location) {
|
||||||
|
outargs.put('nevis.transfer.type', 'redirect')
|
||||||
|
outargs.put('nevis.transfer.destination', location)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServiceProviderState is not a finisher for AUTH_DONE
|
||||||
|
// thus the RelayState is stored in the session and the redirect is done here
|
||||||
|
// this is needed when a post-processing flow is assigned in the SAML SP Realm
|
||||||
|
def encodedRelayState = session.get('cached-RelayState')
|
||||||
|
if (encodedRelayState != null) {
|
||||||
|
def communicator = new Communicator()
|
||||||
|
communicator.setRelayStateProtection(RelayStateProtection.OBFUSCATED_AND_ENCODED)
|
||||||
|
def url = communicator.decodeRelayState(encodedRelayState)
|
||||||
|
if (url != null) {
|
||||||
|
LOG.debug("redirecting to ${url} according to stored RelayState")
|
||||||
|
session.remove('cached-RelayState')
|
||||||
|
redirect(url)
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,51 @@
|
||||||
|
// restore roles and authentication level
|
||||||
|
// which may have been returned in the AuthnContext of the SAML Response
|
||||||
|
// example: saml.assertion.authnContextClassRef = auth.weak,2,urn:nevis:level:2
|
||||||
|
def context = notes['saml.assertion.authnContextClassRef']
|
||||||
|
if (context != null) {
|
||||||
|
LOG.debug("SAML Response contains AuthnContextClassRef: $context")
|
||||||
|
def roles = []
|
||||||
|
Integer maximumLevel = null
|
||||||
|
context.split(',').each { value ->
|
||||||
|
if (value.startsWith('urn:nevis:level:')) {
|
||||||
|
// remove prefix
|
||||||
|
def level = Integer.parseInt(value.substring(16))
|
||||||
|
LOG.debug("found level: $level")
|
||||||
|
if (maximumLevel == null || level > maximumLevel) {
|
||||||
|
maximumLevel = level
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
LOG.debug("adding role $value from SAML Response / AuthnContext")
|
||||||
|
roles.add(value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
response.setAuthLevel("$maximumLevel")
|
||||||
|
if (!roles.isEmpty()) {
|
||||||
|
response.setActualRoles(roles as String[])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// revoke token roles to ensure that Application Access Tokens are recreated (stepup)
|
||||||
|
def roles = []
|
||||||
|
response.actualRoles.each { role ->
|
||||||
|
if (!role.startsWith('token.')) {
|
||||||
|
roles.add(role)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
response.setActualRoles(roles as String[])
|
||||||
|
|
||||||
|
// ensure session exists
|
||||||
|
if (request.getSession(false) == null) {
|
||||||
|
session = request.getSession(true).getData()
|
||||||
|
}
|
||||||
|
|
||||||
|
// store RelayState query parameter in the session to ensure user can be redirected
|
||||||
|
// the redirect is performed by a script in case post-processing steps are assigned
|
||||||
|
if (inargs.containsKey('RelayState')) {
|
||||||
|
def value = inargs.get("RelayState")
|
||||||
|
session.put('cached-RelayState', value)
|
||||||
|
}
|
||||||
|
|
||||||
|
// set transition to signal that the script has been successfully executed
|
||||||
|
response.setResult('ok')
|
|
@ -0,0 +1,62 @@
|
||||||
|
import java.util.zip.Inflater
|
||||||
|
import java.util.zip.InflaterInputStream
|
||||||
|
|
||||||
|
def extractPost(String value) {
|
||||||
|
if (value == null) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
String text
|
||||||
|
if (value.startsWith("<")) {
|
||||||
|
text = value
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
text = new String(value.decodeBase64())
|
||||||
|
}
|
||||||
|
def xml = new groovy.xml.XmlSlurper().parseText(text)
|
||||||
|
// according to the SAML spec Issuer is optional but we need it for dispatching
|
||||||
|
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
||||||
|
session.put("saml.inbound.issuer", issuer)
|
||||||
|
}
|
||||||
|
|
||||||
|
def extractQuery(String value) {
|
||||||
|
byte[] d2 = Base64.getDecoder().decode(value)
|
||||||
|
def d3 = new ByteArrayInputStream(d2)
|
||||||
|
def d4 = new InflaterInputStream(d3, new Inflater(true))
|
||||||
|
def xml = new groovy.xml.XmlSlurper().parse(d4)
|
||||||
|
// according to the SAML spec Issuer is optional but we need it for dispatching
|
||||||
|
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
||||||
|
session.put("saml.inbound.issuer", issuer)
|
||||||
|
}
|
||||||
|
|
||||||
|
def handleMessage(String name) {
|
||||||
|
def value = inargs.get(name)
|
||||||
|
def resource = request.getCurrentResource()
|
||||||
|
def url = new URL(resource)
|
||||||
|
def query = url.getQuery()
|
||||||
|
if (query != null && query.contains(name)) {
|
||||||
|
notes.put("saml.inbound.binding", "redirect")
|
||||||
|
extractQuery(value)
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
notes.put("saml.inbound.binding", "post")
|
||||||
|
extractPost(value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (inargs.containsKey("SAMLResponse")) {
|
||||||
|
handleMessage("SAMLResponse")
|
||||||
|
}
|
||||||
|
else if (inargs.containsKey("SAMLRequest")) {
|
||||||
|
handleMessage("SAMLRequest")
|
||||||
|
}
|
||||||
|
else if (inargs.containsKey("soapheader")) {
|
||||||
|
handleMessage("soapheader")
|
||||||
|
}
|
||||||
|
else { // no incoming message.
|
||||||
|
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
|
||||||
|
LOG.debug("denying request without incoming message on ACS path")
|
||||||
|
return // giving up
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
response.setResult('ok')
|
|
@ -0,0 +1,62 @@
|
||||||
|
import java.util.zip.Inflater
|
||||||
|
import java.util.zip.InflaterInputStream
|
||||||
|
|
||||||
|
def extractPost(String value) {
|
||||||
|
if (value == null) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
String text
|
||||||
|
if (value.startsWith("<")) {
|
||||||
|
text = value
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
text = new String(value.decodeBase64())
|
||||||
|
}
|
||||||
|
def xml = new groovy.xml.XmlSlurper().parseText(text)
|
||||||
|
// according to the SAML spec Issuer is optional but we need it for dispatching
|
||||||
|
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
||||||
|
session.put("saml.inbound.issuer", issuer)
|
||||||
|
}
|
||||||
|
|
||||||
|
def extractQuery(String value) {
|
||||||
|
byte[] d2 = Base64.getDecoder().decode(value)
|
||||||
|
def d3 = new ByteArrayInputStream(d2)
|
||||||
|
def d4 = new InflaterInputStream(d3, new Inflater(true))
|
||||||
|
def xml = new groovy.xml.XmlSlurper().parse(d4)
|
||||||
|
// according to the SAML spec Issuer is optional but we need it for dispatching
|
||||||
|
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
||||||
|
session.put("saml.inbound.issuer", issuer)
|
||||||
|
}
|
||||||
|
|
||||||
|
def handleMessage(String name) {
|
||||||
|
def value = inargs.get(name)
|
||||||
|
def resource = request.getCurrentResource()
|
||||||
|
def url = new URL(resource)
|
||||||
|
def query = url.getQuery()
|
||||||
|
if (query != null && query.contains(name)) {
|
||||||
|
notes.put("saml.inbound.binding", "redirect")
|
||||||
|
extractQuery(value)
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
notes.put("saml.inbound.binding", "post")
|
||||||
|
extractPost(value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (inargs.containsKey("SAMLResponse")) {
|
||||||
|
handleMessage("SAMLResponse")
|
||||||
|
}
|
||||||
|
else if (inargs.containsKey("SAMLRequest")) {
|
||||||
|
handleMessage("SAMLRequest")
|
||||||
|
}
|
||||||
|
else if (inargs.containsKey("soapheader")) {
|
||||||
|
handleMessage("soapheader")
|
||||||
|
}
|
||||||
|
else { // no incoming message.
|
||||||
|
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
|
||||||
|
LOG.debug("denying request without incoming message on ACS path")
|
||||||
|
return // giving up
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
response.setResult('ok')
|
|
@ -0,0 +1,91 @@
|
||||||
|
import ch.nevis.esauth.auth.states.saml.util.Communicator
|
||||||
|
|
||||||
|
boolean isLevel(String role) {
|
||||||
|
if (role != null && role.isNumber()) {
|
||||||
|
def number = Integer.parseInt(role)
|
||||||
|
if (number > 0 && number <= 9) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
def populateRequiredRoles() {
|
||||||
|
def requiredRoles = request.getRequiredRoles()
|
||||||
|
// set required roles on Session Upgrade Path
|
||||||
|
if (requiredRoles == null || requiredRoles.length == 0) {
|
||||||
|
if (inargs.containsKey('level')) {
|
||||||
|
def level = inargs.get('level')
|
||||||
|
LOG.debug("requested authentication level $level on session upgrade path")
|
||||||
|
String[] roles = [ level ]
|
||||||
|
request.setRequiredRoles(roles)
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
LOG.debug('no authentication level requested')
|
||||||
|
// set a dummy role which never exists
|
||||||
|
// to force the SP to send an AuthnRequest to the IDP
|
||||||
|
String[] roles = [ 'dummy' ]
|
||||||
|
request.setRequiredRoles(roles)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// stepup triggered by Authorization Policy with Authentication Level
|
||||||
|
else if (requiredRoles.length > 1) {
|
||||||
|
// we strip this down to send only the desired level to the IDP
|
||||||
|
def level = requiredRoles.min()
|
||||||
|
LOG.debug("required minimum authentication level: $level")
|
||||||
|
String[] roles = [ level ]
|
||||||
|
request.setRequiredRoles(roles)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// redirect back to application if on Session Upgrade Path
|
||||||
|
def handleSessionUpgradePathRelayState() {
|
||||||
|
if (inargs.containsKey('relayState')) {
|
||||||
|
def encodedRelayState = inargs.get('relayState')
|
||||||
|
def communicator = new Communicator()
|
||||||
|
def url = communicator.decodeRelayState(encodedRelayState)
|
||||||
|
if (url != null) {
|
||||||
|
LOG.debug("user will be redirected to $url")
|
||||||
|
outargs.put('nevis.transfer.destination', url)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (inargs.containsKey('SAMLResponse')) {
|
||||||
|
// consume SAML Response from IDP
|
||||||
|
LOG.debug('received SAML Response')
|
||||||
|
return // continue with ResultCond default
|
||||||
|
}
|
||||||
|
|
||||||
|
populateRequiredRoles()
|
||||||
|
|
||||||
|
// if any of the required authentication levels is already achieved
|
||||||
|
// then we can terminate the stepup early
|
||||||
|
// this is a work-around for SecurityRoleFilter
|
||||||
|
// which does not notice when the stepup process ends with AUTH_DONE on a different location
|
||||||
|
for (String role : request.getRequiredRoles()) {
|
||||||
|
if (isLevel(role)) {
|
||||||
|
LOG.debug("found level: $role")
|
||||||
|
def range = Integer.parseInt(role)..9
|
||||||
|
for (Integer level : range) { // higher levels are fine as well
|
||||||
|
LOG.debug("checking if level $level has been reached...")
|
||||||
|
if (response.actualRoles.contains("$level")) {
|
||||||
|
LOG.debug("required level $level has already been reached - skipping session upgrade")
|
||||||
|
handleSessionUpgradePathRelayState()
|
||||||
|
response.setResult('done')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (session.containsKey('force-saml-authn')) {
|
||||||
|
LOG.debug('clearing force-saml-authn flag')
|
||||||
|
// clear marker
|
||||||
|
session.remove('force-saml-authn')
|
||||||
|
handleSessionUpgradePathRelayState()
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
LOG.debug('setting force-saml-authn')
|
||||||
|
session.put('force-saml-authn', 'true')
|
||||||
|
}
|
|
@ -0,0 +1,7 @@
|
||||||
|
try {
|
||||||
|
response.setSessionAttribute('emailFromAssertion', notes['saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'])
|
||||||
|
response.setResult('ok');
|
||||||
|
} catch(Exception ex) {
|
||||||
|
LOG.error("Exception in saveEmailFromAssertionToSession groovy script: " + ex)
|
||||||
|
response.setResult('error');
|
||||||
|
}
|
|
@ -0,0 +1,74 @@
|
||||||
|
import groovy.xml.XmlSlurper
|
||||||
|
|
||||||
|
def idmSeverityRoleMap = [
|
||||||
|
"EnterpriseRoleAdmin": [11, "op-idmlogin.role.accs-mgmt-idm"],
|
||||||
|
"ClientRoot": [12, "op-idmlogin.role.support-priv"],
|
||||||
|
"AppAdmin": [20, "op-idmlogin.role.idmcfg-mgmt"],
|
||||||
|
"AppOwner": [5, "op-idmlogin.role.accs-mgmt-nonidm"],
|
||||||
|
"UserAndUnitAdmin": [7, "op-idmlogin.role.usr-unit-mgmt"],
|
||||||
|
"UserAdmin": [6, "op-idmlogin.role.usr-mgmt"],
|
||||||
|
"TemplateAdmin": [10, "op-idmlogin.role.support-basic"],
|
||||||
|
"Helpdesk": [1, "op-idmlogin.role.readonly-access" ]
|
||||||
|
]
|
||||||
|
|
||||||
|
try {
|
||||||
|
def dtoString = session['ch.adnovum.nevisidm.userDto']
|
||||||
|
|
||||||
|
def idmDto = new XmlSlurper().parseText(dtoString)
|
||||||
|
def idmPrfMap = idmDto.'**'.findAll
|
||||||
|
{ prf -> prf.name() == 'profiles'
|
||||||
|
&& prf.'**'.find
|
||||||
|
{ role -> role.name() == 'roles'
|
||||||
|
&& role.applicationName.text() == 'nevisIdm'
|
||||||
|
}
|
||||||
|
}.collectEntries { prf -> [ prf.extId.text(),
|
||||||
|
prf.'**'.findAll
|
||||||
|
{ role -> role.name() == 'roles'
|
||||||
|
&& role.applicationName.text() == 'nevisIdm'
|
||||||
|
}.collect{ rolePrioEntry -> idmSeverityRoleMap[rolePrioEntry.name.text()] ?: [1000, "DO-NOT-USE(${rolePrioEntry.name.text()})"]
|
||||||
|
}.sort { a, b -> a[0] <=> b[0] // sort by severity
|
||||||
|
}.last()[1] // take label of the ighest one
|
||||||
|
] }
|
||||||
|
|
||||||
|
if ((inargs.getProperty('submit', '') == 'go') && idmPrfMap.containsKey(inargs.getProperty('profile_selection', 'missing'))) {
|
||||||
|
|
||||||
|
// user selected a profile which exists, we take it
|
||||||
|
def operationsProfileExtId = inargs.getProperty('profile_selection', 'missing')
|
||||||
|
LOG.info("User selected profile: ${operationsProfileExtId} '${idmPrfMap.get(operationsProfileExtId)}'")
|
||||||
|
response.setSessionAttribute('operationsProfileExtId', '' + operationsProfileExtId)
|
||||||
|
response.setResult('ok')
|
||||||
|
return
|
||||||
|
|
||||||
|
} else if (idmPrfMap.size() == 1) {
|
||||||
|
|
||||||
|
// we take the only profile, with an IDM role
|
||||||
|
def operationsProfileExtId = idmPrfMap.keySet().first()
|
||||||
|
LOG.info("taking the only profile with an idm role: ${operationsProfileExtId} '${idmPrfMap.get(operationsProfileExtId)}'")
|
||||||
|
response.setSessionAttribute('operationsProfileExtId', '' + operationsProfileExtId)
|
||||||
|
response.setResult('ok')
|
||||||
|
return
|
||||||
|
|
||||||
|
} else if (idmPrfMap.isEmpty()) {
|
||||||
|
|
||||||
|
// no profile with an IDM role, do nothing
|
||||||
|
response.setResult('ok')
|
||||||
|
return
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
|
// user should select a profile
|
||||||
|
response.setGuiName('op_idmlogin_select_profile')
|
||||||
|
idmPrfMap.each {
|
||||||
|
response.addRadioGuiField('profile_selection', it.value, it.key)
|
||||||
|
}
|
||||||
|
response.addButtonGuiField('submit', 'general.continue', 'go')
|
||||||
|
|
||||||
|
response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
def errorMsg = "Failed to process profile selection: ${e.getMessage()}"
|
||||||
|
LOG.error(errorMsg, e)
|
||||||
|
response.setError(9901, errorMsg)
|
||||||
|
response.setResult('error')
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
try {
|
||||||
|
def s = request.getAuthSession(true)
|
||||||
|
|
||||||
|
LOG.info("operationsExtId: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']}")
|
||||||
|
LOG.info("operationsUserProfileExtIdList: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']}")
|
||||||
|
|
||||||
|
|
||||||
|
if (notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'] == null || notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'] == null) {
|
||||||
|
LOG.error("[OPACCESS] User ${notes['saml.assertion.subject']} tried to access without operations account or profile")
|
||||||
|
response.setResult('error');
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
response.setSessionAttribute('operationsExtId', notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'])
|
||||||
|
|
||||||
|
// we take the first one, if there is no profile in the operations unit
|
||||||
|
def unitAndProfileExtidPar = notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']
|
||||||
|
.split(',').find{pairstr -> pairstr.split("\\\\")[1] == "130274ee-7e24-4050-9b94-d5717ef52ade" }
|
||||||
|
?: notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].split(',')[0]
|
||||||
|
|
||||||
|
if (! unitAndProfileExtidPar.contains('130274ee-7e24-4050-9b94-d5717ef52ade') )
|
||||||
|
{
|
||||||
|
LOG.info("[OPACCESS] User ${notes['saml.assertion.subject']} with opaccount ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']} has no operations profile, we use the first one")
|
||||||
|
}
|
||||||
|
|
||||||
|
response.setSessionAttribute('operationsProfileExtId', unitAndProfileExtidPar.split("\\\\")[0])
|
||||||
|
response.setResult('ok');
|
||||||
|
|
||||||
|
} catch(Exception ex) {
|
||||||
|
LOG.warn("Exception in selectProfile groovy script: " + ex)
|
||||||
|
response.setResult('error');
|
||||||
|
}
|
|
@ -0,0 +1,79 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# status.sh - Checks the status of the nevisAuth instance.
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# status.sh
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# Performs periodic checks until the instance is up or broken or timeout is reached.
|
||||||
|
# The script terminates when the process of the instance stops running.
|
||||||
|
# There are no arguments for this script.
|
||||||
|
#
|
||||||
|
# EXIT CODES
|
||||||
|
# 0 Instance is up.
|
||||||
|
# 1 Instance process is not running.
|
||||||
|
# 2 Instance is broken.
|
||||||
|
# 3 Timeout reached.
|
||||||
|
|
||||||
|
# Defines how much we should sleep between checking if the instance is up.
|
||||||
|
interval=1
|
||||||
|
# Defines how much we should wait the instance to start up until we give up and exit.
|
||||||
|
timeout=70
|
||||||
|
((end_time=${SECONDS}+$timeout))
|
||||||
|
|
||||||
|
# Checks if the process of the instance is still running.
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# In case it is running, returns 0, otherwise non-zero (exit code of systemctl).
|
||||||
|
isProcessRunning() {
|
||||||
|
systemctl is-active --quiet nevisauth@default
|
||||||
|
IS_RUNNING=$?
|
||||||
|
return $IS_RUNNING
|
||||||
|
}
|
||||||
|
|
||||||
|
# Checks if the instance is up. (Attempts connecting to the instance)
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# If the connection was successful and the instance up (is not broken), returns 0.
|
||||||
|
# If the connection was not successful, returns 1.
|
||||||
|
checkInstance() {
|
||||||
|
lsof -i :8991 -sTCP:LISTEN
|
||||||
|
EXIT_CODE=$?
|
||||||
|
return $EXIT_CODE
|
||||||
|
}
|
||||||
|
|
||||||
|
# This function encapsulates the logic of checking if the process is running and if the instance is up.
|
||||||
|
# In case the process is not running, exits with exit code 1.
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# If the instance process is running, returns the result of the instance check function.
|
||||||
|
check() {
|
||||||
|
if isProcessRunning
|
||||||
|
then
|
||||||
|
checkInstance
|
||||||
|
CS=$?
|
||||||
|
return $CS
|
||||||
|
else
|
||||||
|
echo "Process is not running."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check the status of the instance periodically.
|
||||||
|
while ((${SECONDS} < ${end_time}))
|
||||||
|
do
|
||||||
|
sleep ${interval}
|
||||||
|
if check
|
||||||
|
then
|
||||||
|
echo "Instance is up."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Exceeded check timeout (70s). Instance is down."
|
||||||
|
exit 3
|
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisKeyStore"
|
||||||
|
metadata:
|
||||||
|
name: "idm-job-v1-default-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-job-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "641ac4edf0c17383d3c0ea38"
|
||||||
|
spec:
|
||||||
|
cn: "idm-job-v1"
|
||||||
|
usage: "<reserved for future use>"
|
||||||
|
san:
|
||||||
|
dns:
|
||||||
|
- "idm-job-v1"
|
||||||
|
- "idm-job-v1.adn-agov-nevisidm-admin-01-uat"
|
||||||
|
- "idm-job-v1-web"
|
||||||
|
- "idm-job-v1-web.adn-agov-nevisidm-admin-01-uat"
|
||||||
|
email: []
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "idm-job-v1-default-signer-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-job-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "641ac4edf0c17383d3c0ea38"
|
||||||
|
spec:
|
||||||
|
keystores: []
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "idm-job-v1-default-tls-client-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-job-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "641ac4edf0c17383d3c0ea38"
|
||||||
|
spec:
|
||||||
|
keystores: []
|
|
@ -0,0 +1,64 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisComponent"
|
||||||
|
metadata:
|
||||||
|
name: "idm-job-v1"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-job-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "641ac4edf0c17383d3c0ea38"
|
||||||
|
spec:
|
||||||
|
type: "NevisIDM"
|
||||||
|
replicas: 1
|
||||||
|
version: "8.2405.2"
|
||||||
|
gitInitVersion: "1.3.0"
|
||||||
|
runAsNonRoot: true
|
||||||
|
ports:
|
||||||
|
management: 8998
|
||||||
|
soap: 8989
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: "1000m"
|
||||||
|
memory: "2200Mi"
|
||||||
|
requests:
|
||||||
|
cpu: "10m"
|
||||||
|
memory: "500Mi"
|
||||||
|
livenessProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/liveness"
|
||||||
|
periodSeconds: 30
|
||||||
|
timeoutSeconds: 6
|
||||||
|
readinessProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/health"
|
||||||
|
periodSeconds: 30
|
||||||
|
timeoutSeconds: 6
|
||||||
|
startupProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/health"
|
||||||
|
periodSeconds: 30
|
||||||
|
timeoutSeconds: 6
|
||||||
|
failureThreshold: 10
|
||||||
|
podDisruptionBudget:
|
||||||
|
maxUnavailable: "50%"
|
||||||
|
git:
|
||||||
|
tag: "r-29c1b415348a6c1b8b32c65f6f40449f8c7765b0"
|
||||||
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job-v1"
|
||||||
|
credentials: "git-credentials"
|
||||||
|
keystores:
|
||||||
|
- "idm-job-v1-default-identity"
|
||||||
|
truststores:
|
||||||
|
- "idm-job-v1-default-tls-client-trust"
|
||||||
|
- "idm-job-v1-default-signer-trust"
|
||||||
|
podSecurity:
|
||||||
|
policy: "baseline"
|
||||||
|
automountServiceAccountToken: false
|
||||||
|
timeZone: "Europe/Zurich"
|
||||||
|
secrets:
|
||||||
|
secret:
|
||||||
|
- "a2068eb83a60702322c13949-27ed70d3"
|
||||||
|
- "c418560f50e0332d087e85bf-89ec31e5"
|
|
@ -0,0 +1,18 @@
|
||||||
|
schemaVersion: 1.0
|
||||||
|
instance:
|
||||||
|
type: "nevisidm"
|
||||||
|
name: "default"
|
||||||
|
directory: "/var/opt/nevisidm/default"
|
||||||
|
pid: "systemctl show nevisidm@default -p MainPID | cut -d '=' -f2"
|
||||||
|
source:
|
||||||
|
url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-ADMIN-PROJECT/patterns/641ac4edf0c17383d3c0ea38"
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "641ac4edf0c17383d3c0ea38"
|
||||||
|
patternClass: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMDeployable"
|
||||||
|
resources:
|
||||||
|
ports:
|
||||||
|
- "0.0.0.0:8989"
|
||||||
|
control:
|
||||||
|
start: "systemctl restart nevisidm@default"
|
||||||
|
stop: "systemctl stop nevisidm@default"
|
||||||
|
status: "systemctl status nevisidm@default"
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
echo 'password'
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,45 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
|
||||||
|
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
||||||
|
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
|
||||||
|
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
|
||||||
|
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
|
||||||
|
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
|
||||||
|
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
|
||||||
|
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
|
||||||
|
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
|
||||||
|
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
|
||||||
|
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
|
||||||
|
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
|
||||||
|
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
|
||||||
|
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
|
||||||
|
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
|
||||||
|
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
|
||||||
|
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
|
||||||
|
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
|
||||||
|
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
|
||||||
|
MrY=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
|
||||||
|
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
|
||||||
|
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
|
||||||
|
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
|
||||||
|
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
|
||||||
|
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
|
||||||
|
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
|
||||||
|
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
|
||||||
|
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
|
||||||
|
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
|
||||||
|
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
|
||||||
|
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
|
||||||
|
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
|
||||||
|
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
|
||||||
|
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
|
||||||
|
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
|
||||||
|
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
|
||||||
|
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
|
||||||
|
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TemplateAdmin=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAdmin=nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Root=nevisIdm.SelfAdmin,nevisIdm.UserAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.MainAppOwner,nevisIdm.AppOwner,nevisIdm.Helpdesk,nevisIdm.TechUser,nevisIdm.AppAdmin,nevisIdm.SoapTechAccess,nevisIdm.SoapTechAccessReadOnly,nevisIdm.Root,nevisIdm.TemplateAdmin,nevisIdm.ClientRoot,nevisIdm.Impersonator,nevisIdm.EnterpriseRoleAdmin,nevisIdm.EnterpriseRoleOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppOwner=nevisIdm.AppOwner,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppAdmin=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccessReadOnly=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TechUser=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.ClientRoot=nevisIdm.ClientRoot,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Impersonator=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleAdmin=nevisIdm.EnterpriseRoleAdmin,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Helpdesk=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.BatchJobAdmin=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.MainAppOwner=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAndUnitAdmin=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SelfAdmin=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccess=nevisIdm.SelfAdmin,nevisIdm.UserAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.MainAppOwner,nevisIdm.AppOwner,nevisIdm.Helpdesk,nevisIdm.TechUser,nevisIdm.AppAdmin,nevisIdm.SoapTechAccess,nevisIdm.SoapTechAccessReadOnly,nevisIdm.TemplateAdmin,nevisIdm.EnterpriseRoleOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleOwner=
|
|
@ -0,0 +1,87 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||||
|
<bean class="org.springframework.scheduling.quartz.SchedulerFactoryBean" id="exportScheduler">
|
||||||
|
<property name="jobDetails">
|
||||||
|
<list>
|
||||||
|
<ref bean="IDM_Prune_History_Job"/>
|
||||||
|
<ref bean="pruneShadowAccountsJob"/>
|
||||||
|
</list>
|
||||||
|
</property>
|
||||||
|
<property name="triggers">
|
||||||
|
<list>
|
||||||
|
<ref bean="IDM_Prune_History_Job_Trigger"/>
|
||||||
|
<ref bean="pruneShadowAccountsJobTrigger"/>
|
||||||
|
</list>
|
||||||
|
</property>
|
||||||
|
<property name="dataSource">
|
||||||
|
<ref bean="dataSource"/>
|
||||||
|
</property>
|
||||||
|
<property name="quartzProperties">
|
||||||
|
<props>
|
||||||
|
<prop key="org.quartz.scheduler.instanceId">AUTO</prop>
|
||||||
|
<prop key="org.quartz.scheduler.instanceName">exportScheduler</prop>
|
||||||
|
<prop key="org.quartz.scheduler.makeSchedulerThreadDaemon">true</prop>
|
||||||
|
<prop key="org.quartz.threadPool.class">org.quartz.simpl.SimpleThreadPool</prop>
|
||||||
|
<prop key="org.quartz.threadPool.makeThreadsDaemons">true</prop>
|
||||||
|
<prop key="org.quartz.threadPool.threadCount">1</prop>
|
||||||
|
<prop key="org.quartz.jobStore.tablePrefix">TIDMQ_</prop>
|
||||||
|
<prop key="org.quartz.jobStore.class">org.springframework.scheduling.quartz.LocalDataSourceJobStore</prop>
|
||||||
|
<prop key="org.quartz.jobStore.driverDelegateClass">#{databaseConfigurationService.getDatabaseType() == T(ch.adnovum.nevisidm.service.properties.DatabaseType).POSTGRESQL ? 'org.quartz.impl.jdbcjobstore.PostgreSQLDelegate' : 'org.quartz.impl.jdbcjobstore.StdJDBCDelegate' }</prop>
|
||||||
|
<prop key="org.quartz.jobStore.isClustered">true</prop>
|
||||||
|
<prop key="org.quartz.jobStore.useProperties">false</prop>
|
||||||
|
</props>
|
||||||
|
</property>
|
||||||
|
<property name="applicationContextSchedulerContextKey" value="applicationContext"/>
|
||||||
|
</bean>
|
||||||
|
<bean class="org.springframework.scheduling.quartz.JobDetailFactoryBean" id="IDM_Prune_History_Job">
|
||||||
|
<property name="name" value="IDM_Prune_History_Job"/>
|
||||||
|
<property name="description" value="Batch Job IDM Prune History Job"/>
|
||||||
|
<property name="group" value="BatchGroup"/>
|
||||||
|
<property name="jobClass" value="ch.nevis.idm.batch.jobs.PruneHistoryJob"/>
|
||||||
|
<property name="durability" value="true"/>
|
||||||
|
<property name="jobDataMap">
|
||||||
|
<bean class="org.quartz.JobDataMap">
|
||||||
|
<constructor-arg>
|
||||||
|
<map>
|
||||||
|
<entry key="days" value="365"/>
|
||||||
|
</map>
|
||||||
|
</constructor-arg>
|
||||||
|
</bean>
|
||||||
|
</property>
|
||||||
|
</bean>
|
||||||
|
<bean class="org.springframework.scheduling.quartz.JobDetailFactoryBean" id="pruneShadowAccountsJob">
|
||||||
|
<property name="description" value="Archive and delete obsolete shadow accounts"/>
|
||||||
|
<property name="jobClass" value="ch.nevis.idm.batch.jobs.UpdateUserStateJob"/>
|
||||||
|
<property name="durability" value="true"/>
|
||||||
|
<property name="jobDataMap">
|
||||||
|
<bean class="org.quartz.JobDataMap">
|
||||||
|
<constructor-arg>
|
||||||
|
<map>
|
||||||
|
<entry key="daysNoActivity" value="-1"/>
|
||||||
|
<entry key="considerUsersNeverLoggedIn" value="true"/>
|
||||||
|
<entry key="sendWarning" value="false"/>
|
||||||
|
<entry key="daysGracePeriod" value="1"/>
|
||||||
|
<entry key="daysStatusDisabled" value="15"/>
|
||||||
|
<entry key="daysStatusArchived" value="85"/>
|
||||||
|
<entry key="disableOutdatedUsers" value="true"/>
|
||||||
|
<entry key="disableNotYetActiveUsers" value="true"/>
|
||||||
|
<entry key="excludeTechnicalUsers" value="true"/>
|
||||||
|
<entry key="restrictToClients" value="9f30aa08-4c53-458c-b144-90c16dc5ed6e"/>
|
||||||
|
</map>
|
||||||
|
</constructor-arg>
|
||||||
|
</bean>
|
||||||
|
</property>
|
||||||
|
</bean>
|
||||||
|
<bean class="org.springframework.scheduling.quartz.CronTriggerFactoryBean" id="IDM_Prune_History_Job_Trigger">
|
||||||
|
<property name="name" value="IDM_Prune_History_Job_Trigger"/>
|
||||||
|
<property name="description" value="Generated by nevisAdmin 4 pattern 0957497767812057fbf138cf"/>
|
||||||
|
<property name="group" value="BatchGroup"/>
|
||||||
|
<property name="jobDetail" ref="IDM_Prune_History_Job"/>
|
||||||
|
<property name="cronExpression" value="0 0 0 * * ?"/>
|
||||||
|
</bean>
|
||||||
|
<bean class="org.springframework.scheduling.quartz.CronTriggerFactoryBean" id="pruneShadowAccountsJobTrigger">
|
||||||
|
<property name="description" value="Archive and delete obsolete shadow accounts"/>
|
||||||
|
<property name="jobDetail" ref="pruneShadowAccountsJob"/>
|
||||||
|
<property name="cronExpression" value="30 0 0 * * ?"/>
|
||||||
|
</bean>
|
||||||
|
</beans>
|
|
@ -0,0 +1,8 @@
|
||||||
|
JAVA_OPTS=(
|
||||||
|
"-XX:+UseContainerSupport"
|
||||||
|
"-XX:MaxRAMPercentage=80.0"
|
||||||
|
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||||
|
"-Dotel.javaagent.logging=application"
|
||||||
|
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
||||||
|
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
||||||
|
)
|
|
@ -0,0 +1,36 @@
|
||||||
|
Configuration:
|
||||||
|
monitorInterval: 60
|
||||||
|
Appenders:
|
||||||
|
Console:
|
||||||
|
- name: "APPLICATION"
|
||||||
|
target: "SYSTEM_OUT"
|
||||||
|
PatternLayout:
|
||||||
|
pattern: "[application.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-40.40c %-5.5p %m%n"
|
||||||
|
RegexFilter:
|
||||||
|
regex: ".*GET /liveness.*"
|
||||||
|
onMatch: "DENY"
|
||||||
|
onMismatch: "ACCEPT"
|
||||||
|
- name: "BATCHJOB"
|
||||||
|
target: "SYSTEM_OUT"
|
||||||
|
PatternLayout:
|
||||||
|
pattern: "[batch.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-40.40c %-5.5p %m%n"
|
||||||
|
RegexFilter:
|
||||||
|
regex: ".*GET /liveness.*"
|
||||||
|
onMatch: "DENY"
|
||||||
|
onMismatch: "ACCEPT"
|
||||||
|
Loggers:
|
||||||
|
Logger:
|
||||||
|
- name: "ch.nevis.idm.batch.jobs"
|
||||||
|
level: "INFO"
|
||||||
|
additivity: "false"
|
||||||
|
AppenderRef:
|
||||||
|
- ref: "BATCHJOB"
|
||||||
|
- name: "ch.nevis.idm.standalone"
|
||||||
|
level: "INFO"
|
||||||
|
- name: "ch.adnovum.nevisidm.service.dbperformance"
|
||||||
|
level: "INFO"
|
||||||
|
Root:
|
||||||
|
level: "WARN"
|
||||||
|
additivity: "false"
|
||||||
|
AppenderRef:
|
||||||
|
- ref: "APPLICATION"
|
|
@ -0,0 +1,118 @@
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
web.gui.languages.default=de
|
||||||
|
# source: pattern://0d4bbba28a4a76094d41df81
|
||||||
|
database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
|
||||||
|
# source: pattern://0d4bbba28a4a76094d41df81
|
||||||
|
database.connection.username=adndbadmin
|
||||||
|
# source: pattern://0d4bbba28a4a76094d41df81
|
||||||
|
database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.mail.smtp.host=greenmail.adn-agov-mail-01-dev.svc
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.mail.smtp.port=3025
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.mail.sender=noreply-agov-dev@adnovum.ch
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.feature.email.validation.enabled=false
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.feature.enterpriserole.enabled=true
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72, pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.feature.multiclientmode.enabled=true
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.application=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.authorization=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.client=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.credential=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.enterpriserole=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.policyconfig=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.profile=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.role=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.template=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.unit=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.generators.extid.user=uuid
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72, pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.auditing.autostartup.enabled=true
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72, pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.auditing.enabled=true
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72, pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.auditing.repeat.count=-1
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72, pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.event.autostartup.enabled=true
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.modules.event.repeat.count=-1
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
application.modules.provisioning.enabled=false
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
database.connection.pool.size.max=5
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
database.connection.pool.size.min=5
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
database.connection.xa.enabled=false
|
||||||
|
# source: pattern://0116b3002d0e713e23e6be72
|
||||||
|
database.transaction.timeout=60
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
management.server.host=0.0.0.0
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
management.server.port=8998
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.batch.context=/var/opt/nevisidm/default/conf/batch.xml
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.config.file.idmrole.authorization=/var/opt/nevisidm/default/conf/authorizationConfig.properties
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.config.file.idmrole.mapping=/var/opt/nevisidm/default/conf/rolesMapping.properties
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.config.file.idmrole.assignment=/var/opt/nevisidm/default/conf/rolesAssignment.properties
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.config.file.attributeaccess=/opt/nevisidm/template/conf/attrAccess.properties
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.config.file.tldlist=/opt/nevisidm/template/conf/tlds-alpha-by-domain.txt
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
messaging.server.port=61616
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.printing.dir.target=/var/opt/nevisidm/default/generated_PDFs
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.auditing.provider=jsonAuditProvider
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
application.modules.auditing.console=true
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.name=default
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.port=8989
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.host=0.0.0.0
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.tls.enabled=true
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.tls.client-auth=requested
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.tls.keystore=/var/opt/keys/own/idm-job-v1-default-identity/keystore.p12
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.tls.keystore-passphrase=${exec:/var/opt/keys/own/idm-job-v1-default-identity/keypass}
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.tls.truststore=/var/opt/keys/trust/idm-job-v1-default-tls-client-trust/truststore.p12
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.tls.truststore-passphrase=${exec:/var/opt/keys/trust/idm-job-v1-default-tls-client-trust/keypass}
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
server.auth.ninja.truststore=/var/opt/keys/trust/idm-job-v1-default-signer-trust/truststore.jks
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
management.healthchecks.enabled=true
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
security.properties.key=secret://c418560f50e0332d087e85bf-89ec31e5
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
security.properties.fallback.enabled=false
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
security.properties.algorithm=AES
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
security.properties.cipher=AES/CBC/PKCS5Padding
|
||||||
|
# source: pattern://641ac4edf0c17383d3c0ea38
|
||||||
|
security.properties.paddinglength=10
|
|
@ -0,0 +1,4 @@
|
||||||
|
otel.service.name = idm-job
|
||||||
|
otel.traces.exporter = none
|
||||||
|
otel.metrics.exporter = none
|
||||||
|
otel.logs.exporter = none
|
|
@ -0,0 +1,34 @@
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TemplateAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Root=nevisIdm.Root
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppOwner=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccessReadOnly=nevisIdm.Root
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TechUser=nevisIdm.Root
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.ClientRoot=nevisIdm.Root,nevisIdm.ClientRoot
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Impersonator=nevisIdm.Root
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Helpdesk=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.BatchJobAdmin=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.MainAppOwner=nevisIdm.Root
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAndUnitAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SelfAdmin=nevisIdm.Root
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccess=nevisIdm.Root
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleOwner=nevisIdm.Root
|
|
@ -0,0 +1,34 @@
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TemplateAdmin=AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationClientView,AccessControl.AuthorizationSearch,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationView,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.CollectionView,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.EntityAttributeAccessOverride,AccessControl.GenerateReport,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertyAttributeAccessOverride,AccessControl.PropertySearch,AccessControl.PropertyValueModify,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.SearchResultsExport,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserModify,AccessControl.UserSearch,AccessControl.UserView,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseRoleView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.HistoryView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAdmin=AccessControl.ApplicationView,AccessControl.AuthorizationSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationClientView,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.CredentialChangeState.14,AccessControl.CredentialCreate.14,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.EntityAttributeAccessOverride,AccessControl.ProfileCreate,AccessControl.ProfileModify,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertySearch,AccessControl.PropertyValueCreate,AccessControl.PropertyValueDelete,AccessControl.PropertyValueModify,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserCreate,AccessControl.UserModify,AccessControl.UserSearch,AccessControl.UserView,AccessControl.PropertyAttributeAccessOverride,AccessControl.CollectionView,AccessControl.GenerateReport,AccessControl.SearchResultsExport,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseRoleView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Root=AccessControl.ApplicationCreate,AccessControl.ApplicationDelete,AccessControl.ApplicationModify,AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.AuthorizationCreate,AccessControl.AuthorizationDelete,AccessControl.AuthorizationModify,AccessControl.AuthorizationSearch,AccessControl.AuthorizationApplCreate,AccessControl.AuthorizationApplDelete,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationClientCreate,AccessControl.AuthorizationClientDelete,AccessControl.AuthorizationClientSearch,AccessControl.AuthorizationClientView,AccessControl.AuthorizationUnitCreate,AccessControl.AuthorizationUnitDelete,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationView,AccessControl.BatchJobExecute,AccessControl.BatchJobView,AccessControl.ClientCreate,AccessControl.ClientDelete,AccessControl.ClientModify,AccessControl.ClientApplAssign,AccessControl.ClientApplDelete,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.CredentialChangeState,AccessControl.CredentialCreate,AccessControl.CredentialDelete,AccessControl.CredentialModify,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.EntityAttributeAccessOverride,AccessControl.PersistentQueueRetry,AccessControl.PersistentQueueDelete,AccessControl.PersistentQueueView,AccessControl.PolicyConfigurationCreate,AccessControl.PolicyConfigurationDelete,AccessControl.PolicyConfigurationModify,AccessControl.PolicyConfigurationSearch,AccessControl.PolicyConfigurationView,AccessControl.ProfileArchive,AccessControl.ProfileCreate,AccessControl.ProfileDelete,AccessControl.ProfileModify,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueCreate,AccessControl.PropertyAllowedValueDelete,AccessControl.PropertyAllowedValueModify,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertyCreate,AccessControl.PropertyDelete,AccessControl.PropertyModify,AccessControl.PropertySearch,AccessControl.PropertyValueCreate,AccessControl.PropertyValueDelete,AccessControl.PropertyValueModify,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleCreate,AccessControl.RoleDelete,AccessControl.RoleModify,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.SelfAdmin,AccessControl.UnitCreate,AccessControl.UnitCreateTopUnit,AccessControl.UnitDelete,AccessControl.UnitModify,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserArchive,AccessControl.UserCreate,AccessControl.UserDelete,AccessControl.UserModify,AccessControl.UserSearch,AccessControl.UserView,AccessControl.PropertyAttributeAccessOverride,AccessControl.HistoryView,AccessControl.LoginIdOverride,AccessControl.TemplateStore,AccessControl.CollectionView,AccessControl.CollectionCreate,AccessControl.CollectionModify,AccessControl.CollectionDelete,AccessControl.TemplateView,AccessControl.TemplateCreate,AccessControl.TemplateModify,AccessControl.TemplateDelete,AccessControl.TemplateTextView,AccessControl.TemplateTextCreate,AccessControl.TemplateTextModify,AccessControl.TemplateTextDelete,AccessControl.GenerateReport,AccessControl.SearchResultsExport,AccessControl.CredentialViewPlainValue,AccessControl.DeputyCreate,AccessControl.DeputyDelete,AccessControl.UnitCredPolicyView,AccessControl.UnitCredPolicyCreate,AccessControl.UnitCredPolicyDelete,AccessControl.UserCreateTechUser,AccessControl.UserModifyTechUser,AccessControl.UserDeleteTechUser,AccessControl.UserArchiveTechUser,AccessControl.CredentialPdfView,AccessControl.EnterpriseAuthorizationCreate,AccessControl.EnterpriseAuthorizationDelete,AccessControl.EnterpriseAuthorizationModify,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.AuthorizationEnterpriseRoleCreate,AccessControl.AuthorizationEnterpriseRoleDelete,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.EnterpriseRoleCreate,AccessControl.EnterpriseRoleModify,AccessControl.EnterpriseRoleDelete,AccessControl.EnterpriseRoleSearch,AccessControl.EnterpriseRoleView,AccessControl.EnterpriseRoleMemberCreate,AccessControl.EnterpriseRoleMemberDelete,AccessControl.EnterpriseRoleMemberSearch,AccessControl.PersonalQuestionSearch,AccessControl.PersonalQuestionView,AccessControl.PersonalQuestionCreate,AccessControl.PersonalQuestionModify,AccessControl.PersonalQuestionDelete,AccessControl.LoginIdModify,AccessControl.TermsView,AccessControl.TermsCreate,AccessControl.TermsModify,AccessControl.TermsDelete,AccessControl.ConsentCreate,AccessControl.ConsentView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppOwner=AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.AuthorizationCreate,AccessControl.AuthorizationDelete,AccessControl.AuthorizationModify,AccessControl.AuthorizationSearch,AccessControl.AuthorizationView,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertySearch,AccessControl.PropertyValueCreate,AccessControl.PropertyValueDelete,AccessControl.PropertyValueModify,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserSearch,AccessControl.UserView,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseRoleView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppAdmin=AccessControl.ApplicationCreate,AccessControl.ApplicationModify,AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.BatchJobExecute,AccessControl.BatchJobView,AccessControl.ClientCreate,AccessControl.ClientModify,AccessControl.ClientApplAssign,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.EntityAttributeAccessOverride,AccessControl.PersistentQueueRetry,AccessControl.PersistentQueueDelete,AccessControl.PersistentQueueView,AccessControl.PolicyConfigurationCreate,AccessControl.PolicyConfigurationModify,AccessControl.PolicyConfigurationSearch,AccessControl.PolicyConfigurationView,AccessControl.PropertyAllowedValueCreate,AccessControl.PropertyAllowedValueDelete,AccessControl.PropertyAllowedValueModify,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertyCreate,AccessControl.PropertyDelete,AccessControl.PropertyModify,AccessControl.PropertySearch,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleCreate,AccessControl.RoleDelete,AccessControl.RoleModify,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.UnitCreate,AccessControl.UnitCreateTopUnit,AccessControl.UnitDelete,AccessControl.UnitModify,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.PropertyAttributeAccessOverride,AccessControl.HistoryView,AccessControl.TemplateStore,AccessControl.CollectionView,AccessControl.CollectionCreate,AccessControl.CollectionModify,AccessControl.CollectionDelete,AccessControl.TemplateView,AccessControl.TemplateCreate,AccessControl.TemplateModify,AccessControl.TemplateDelete,AccessControl.TemplateTextView,AccessControl.TemplateTextCreate,AccessControl.TemplateTextModify,AccessControl.TemplateTextDelete,AccessControl.UnitCredPolicyView,AccessControl.UnitCredPolicyCreate,AccessControl.UnitCredPolicyDelete
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccessReadOnly=AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.AuthorizationSearch,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationView,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertySearch,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.SelfAdmin,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserSearch,AccessControl.UserView,AccessControl.TemplateStore,AccessControl.CollectionView,AccessControl.TemplateView,AccessControl.TemplateTextView,AccessControl.PersistentQueueView,AccessControl.PolicyConfigurationSearch,AccessControl.PolicyConfigurationView,AccessControl.AuthorizationClientSearch,AccessControl.AuthorizationClientView,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.EnterpriseRoleSearch,AccessControl.EnterpriseRoleView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.HistoryView,AccessControl.PersonalQuestionSearch,AccessControl.PersonalQuestionView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TechUser=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.ClientRoot=AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.AuthorizationDelete,AccessControl.AuthorizationSearch,AccessControl.AuthorizationApplDelete,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationClientDelete,AccessControl.AuthorizationClientSearch,AccessControl.AuthorizationClientView,AccessControl.AuthorizationUnitDelete,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationView,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.CredentialChangeState,AccessControl.CredentialDelete,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.EntityAttributeAccessOverride,AccessControl.ProfileArchive,AccessControl.ProfileDelete,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertySearch,AccessControl.PropertyValueDelete,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserArchive,AccessControl.UserModify,AccessControl.UserSearch,AccessControl.UserView,AccessControl.PropertyAttributeAccessOverride,AccessControl.HistoryView,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseRoleView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.HistoryView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Impersonator=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleAdmin=AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationClientCreate,AccessControl.AuthorizationClientDelete,AccessControl.AuthorizationClientSearch,AccessControl.AuthorizationClientView,AccessControl.AuthorizationCreate,AccessControl.AuthorizationDelete,AccessControl.AuthorizationModify,AccessControl.AuthorizationSearch,AccessControl.AuthorizationUnitCreate,AccessControl.AuthorizationUnitDelete,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationApplCreate,AccessControl.AuthorizationApplDelete,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationView,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertySearch,AccessControl.PropertyValueCreate,AccessControl.PropertyValueDelete,AccessControl.PropertyValueModify,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.UnitCredPolicyView,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserSearch,AccessControl.UserView,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseRoleView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Helpdesk=AccessControl.UserSearch,AccessControl.UserView,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.AuthorizationSearch,AccessControl.AuthorizationView,AccessControl.AuthorizationApplView,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.PropertySearch,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyValueSearch,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.SearchResultsExport,AccessControl.ClientApplView,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseRoleView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.HistoryView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.BatchJobAdmin=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.MainAppOwner=AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertySearch,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.UnitSearch,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationApplCreate,AccessControl.AuthorizationApplDelete,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationCreate,AccessControl.AuthorizationDelete,AccessControl.AuthorizationModify,AccessControl.AuthorizationSearch,AccessControl.AuthorizationView,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.UserSearch,AccessControl.UserView,AccessControl.RoleView,AccessControl.AuthorizationUnitCreate,AccessControl.AuthorizationUnitDelete,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.CollectionView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.SearchResultsExport,AccessControl.AuthorizationClientCreate,AccessControl.AuthorizationClientDelete,AccessControl.AuthorizationClientSearch,AccessControl.AuthorizationClientView,AccessControl.ClientApplView,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.EnterpriseRoleSearch,AccessControl.PersonalQuestionSearch,AccessControl.PersonalQuestionView,AccessControl.TermsView,AccessControl.TermsCreate,AccessControl.TermsModify,AccessControl.TermsDelete
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAndUnitAdmin=AccessControl.ApplicationView,AccessControl.AuthorizationSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationClientView,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.CredentialChangeState,AccessControl.CredentialCreate,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.EntityAttributeAccessOverride,AccessControl.ProfileCreate,AccessControl.ProfileModify,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertySearch,AccessControl.PropertyValueCreate,AccessControl.PropertyValueDelete,AccessControl.PropertyValueModify,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.UnitCreate,AccessControl.UnitDelete,AccessControl.UnitModify,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserCreate,AccessControl.UserModify,AccessControl.UserSearch,AccessControl.UserView,AccessControl.PropertyAttributeAccessOverride,AccessControl.CollectionView,AccessControl.GenerateReport,AccessControl.SearchResultsExport,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseRoleView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SelfAdmin=AccessControl.SelfAdmin,AccessControl.LoginIdModify
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccess=AccessControl.ApplicationCreate,AccessControl.ApplicationDelete,AccessControl.ApplicationModify,AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.AuthorizationCreate,AccessControl.AuthorizationDelete,AccessControl.AuthorizationModify,AccessControl.AuthorizationSearch,AccessControl.AuthorizationApplCreate,AccessControl.AuthorizationApplDelete,AccessControl.AuthorizationApplSearch,AccessControl.AuthorizationApplView,AccessControl.AuthorizationUnitCreate,AccessControl.AuthorizationUnitDelete,AccessControl.AuthorizationUnitSearch,AccessControl.AuthorizationUnitView,AccessControl.AuthorizationView,AccessControl.BatchJobExecute,AccessControl.BatchJobView,AccessControl.ClientCreate,AccessControl.ClientDelete,AccessControl.ClientModify,AccessControl.ClientApplAssign,AccessControl.ClientApplDelete,AccessControl.ClientApplView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.CredentialChangeState,AccessControl.CredentialCreate,AccessControl.CredentialDelete,AccessControl.CredentialModify,AccessControl.CredentialSearch,AccessControl.CredentialView,AccessControl.PersistentQueueRetry,AccessControl.PersistentQueueDelete,AccessControl.PersistentQueueView,AccessControl.PolicyConfigurationCreate,AccessControl.PolicyConfigurationDelete,AccessControl.PolicyConfigurationModify,AccessControl.PolicyConfigurationSearch,AccessControl.PolicyConfigurationView,AccessControl.ProfileArchive,AccessControl.ProfileCreate,AccessControl.ProfileDelete,AccessControl.ProfileModify,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.PropertyAllowedValueCreate,AccessControl.PropertyAllowedValueDelete,AccessControl.PropertyAllowedValueModify,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertyCreate,AccessControl.PropertyDelete,AccessControl.PropertyModify,AccessControl.PropertySearch,AccessControl.PropertyValueCreate,AccessControl.PropertyValueDelete,AccessControl.PropertyValueModify,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.PropertyView,AccessControl.RoleCreate,AccessControl.RoleDelete,AccessControl.RoleModify,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.SelfAdmin,AccessControl.UnitCreate,AccessControl.UnitCreateTopUnit,AccessControl.UnitDelete,AccessControl.UnitModify,AccessControl.UnitSearch,AccessControl.UnitView,AccessControl.UserArchive,AccessControl.UserCreate,AccessControl.UserDelete,AccessControl.UserModify,AccessControl.UserSearch,AccessControl.UserView,AccessControl.TemplateStore,AccessControl.CollectionView,AccessControl.CollectionCreate,AccessControl.CollectionModify,AccessControl.CollectionDelete,AccessControl.TemplateView,AccessControl.TemplateCreate,AccessControl.TemplateModify,AccessControl.TemplateDelete,AccessControl.TemplateTextView,AccessControl.TemplateTextCreate,AccessControl.TemplateTextModify,AccessControl.TemplateTextDelete,AccessControl.AuthorizationClientCreate,AccessControl.AuthorizationClientDelete,AccessControl.AuthorizationClientSearch,AccessControl.AuthorizationClientView,AccessControl.CredentialViewPlainValue,AccessControl.UnitCredPolicyView,AccessControl.UnitCredPolicyCreate,AccessControl.UnitCredPolicyDelete,AccessControl.EnterpriseAuthorizationCreate,AccessControl.EnterpriseAuthorizationDelete,AccessControl.EnterpriseAuthorizationModify,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.AuthorizationEnterpriseRoleCreate,AccessControl.AuthorizationEnterpriseRoleDelete,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.EnterpriseRoleCreate,AccessControl.EnterpriseRoleModify,AccessControl.EnterpriseRoleDelete,AccessControl.EnterpriseRoleSearch,AccessControl.EnterpriseRoleView,AccessControl.EnterpriseRoleMemberCreate,AccessControl.EnterpriseRoleMemberDelete,AccessControl.EnterpriseRoleMemberSearch,AccessControl.HistoryView,AccessControl.PersonalQuestionSearch,AccessControl.PersonalQuestionView,AccessControl.PersonalQuestionCreate,AccessControl.PersonalQuestionModify,AccessControl.PersonalQuestionDelete,AccessControl.LoginIdModify,AccessControl.ConsentCreate,AccessControl.ConsentView
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleOwner=AccessControl.EnterpriseRoleSearch,AccessControl.EnterpriseRoleView,AccessControl.EnterpriseRoleMemberSearch,AccessControl.EnterpriseAuthorizationCreate,AccessControl.EnterpriseAuthorizationDelete,AccessControl.EnterpriseAuthorizationModify,AccessControl.EnterpriseAuthorizationSearch,AccessControl.EnterpriseAuthorizationView,AccessControl.AuthorizationEnterpriseRoleSearch,AccessControl.AuthorizationEnterpriseRoleView,AccessControl.AuthorizationSearch,AccessControl.AuthorizationView,AccessControl.ClientSearch,AccessControl.ClientView,AccessControl.UserSearch,AccessControl.UserView,AccessControl.ProfileSearch,AccessControl.ProfileView,AccessControl.UnitSearch,AccessControl.ApplicationSearch,AccessControl.ApplicationView,AccessControl.RoleSearch,AccessControl.RoleView,AccessControl.CollectionView,AccessControl.PropertySearch,AccessControl.PropertyView,AccessControl.PropertyAllowedValueSearch,AccessControl.PropertyAllowedValueView,AccessControl.PropertyValueSearch,AccessControl.PropertyValueView,AccessControl.SearchResultsExport,AccessControl.PersonalQuestionSearch,AccessControl.PersonalQuestionView
|
|
@ -0,0 +1,145 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# NAME
|
||||||
|
# status.sh - Checks the status of the nevisIDM Service.
|
||||||
|
#
|
||||||
|
# SYNOPSIS
|
||||||
|
# status.sh
|
||||||
|
#
|
||||||
|
# DESCRIPTION
|
||||||
|
# Performs periodic checks until the service is up or broken or timeout is reached.
|
||||||
|
# The script terminates when the process of the service stops running.
|
||||||
|
# There are no arguments for this script.
|
||||||
|
#
|
||||||
|
# EXIT CODES
|
||||||
|
# 0 Service is up.
|
||||||
|
# 1 Service process is not running.
|
||||||
|
# 2 Service is broken.
|
||||||
|
# 3 Timeout reached.
|
||||||
|
|
||||||
|
# Defines how much we should sleep between checking if the service is up.
|
||||||
|
interval=1
|
||||||
|
# Defines how much we should wait the service to start up until we give up and exit.
|
||||||
|
timeout=180
|
||||||
|
((end_time=${SECONDS}+$timeout))
|
||||||
|
|
||||||
|
# Checks if the process of the service is still running.
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# In case it is running, returns 0, otherwise non-zero (exit code of systemctl).
|
||||||
|
isProcessRunning() {
|
||||||
|
systemctl is-active --quiet nevisidm@default
|
||||||
|
IS_RUNNING=$?
|
||||||
|
return $IS_RUNNING
|
||||||
|
}
|
||||||
|
|
||||||
|
# Checks if the readiness (/health) management endpoint can be used for checking status.
|
||||||
|
# (nevisIDM introduced the readiness (/health) management endpoint in 2.73.1.15 version.)
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# If the nevisIDM version is at least 2.73.1.15, returns 0.
|
||||||
|
# Otherwise returns 1.
|
||||||
|
canHealthCheckUsed() {
|
||||||
|
minimal=2.73.1.15
|
||||||
|
installed=`readlink -f /opt/nevisidm/bin | awk -F'/' '{print $4}' | sed 's/rc.*//'`
|
||||||
|
|
||||||
|
if [ "$installed" = "`echo -e "$installed\n$minimal" | sort -V | tail -n1`" ]; then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Checks if the service is up.
|
||||||
|
# Based on nevisIDM version uses different nevisIDM endpoints.
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# The result of ServiceCheck function.
|
||||||
|
checkService() {
|
||||||
|
if canHealthCheckUsed; then
|
||||||
|
doServiceCheckHealth
|
||||||
|
return $?
|
||||||
|
else
|
||||||
|
doServiceCheckOld
|
||||||
|
return $?
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Checks if the service is up. (Attempts connecting the service with curl.)
|
||||||
|
# In case the service is broken, exits with exit code 2.
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# If the connection was successful and the service up (is not broken), returns 0.
|
||||||
|
# If the connection was not successful, returns the curl exit code.
|
||||||
|
doServiceCheckOld() {
|
||||||
|
HC=`curl --insecure --silent --output /dev/null --write-out "%{http_code}" https://idm-job-v1:8989/nevisidm/admin/`
|
||||||
|
CON=$?
|
||||||
|
|
||||||
|
if [ "$CON" -ne 0 ]; then
|
||||||
|
EXIT_CODE=$CON
|
||||||
|
elif [ $HC -ge 500 ]; then
|
||||||
|
echo "Service is broken (HTTP code $HC)."
|
||||||
|
exit 2
|
||||||
|
else
|
||||||
|
EXIT_CODE=0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return $EXIT_CODE
|
||||||
|
}
|
||||||
|
|
||||||
|
# Checks if the service is up. (Attempts connecting the service with curl.)
|
||||||
|
# Note: With the health check endpoint there is no way fail early when the endpoint returns HTTP 503, because it can come up
|
||||||
|
# later and then return HTTP 200.
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# If the connection was successful and the service up (is not broken), returns 0.
|
||||||
|
# If the connection was not successful, returns 1.
|
||||||
|
doServiceCheckHealth() {
|
||||||
|
HC=`curl --silent --output /dev/null --write-out "%{http_code}" http://0.0.0.0:8998/health`
|
||||||
|
CON=$?
|
||||||
|
|
||||||
|
if [ $HC -eq 200 ]; then
|
||||||
|
EXIT_CODE=0
|
||||||
|
else
|
||||||
|
EXIT_CODE=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
return $EXIT_CODE
|
||||||
|
}
|
||||||
|
|
||||||
|
# This function encapsulates the logic of checking if the process is running and if the service is up.
|
||||||
|
# In case the process is not running, exits with exit code 1.
|
||||||
|
# Arguments:
|
||||||
|
# None
|
||||||
|
# Returns:
|
||||||
|
# If the service process is running, returns the result of the service check function.
|
||||||
|
check() {
|
||||||
|
if isProcessRunning
|
||||||
|
then
|
||||||
|
checkService
|
||||||
|
CS=$?
|
||||||
|
return $CS
|
||||||
|
else
|
||||||
|
echo "Process is not running."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Check the status of the service periodically.
|
||||||
|
while ((${SECONDS} < ${end_time}))
|
||||||
|
do
|
||||||
|
sleep ${interval}
|
||||||
|
if check
|
||||||
|
then
|
||||||
|
echo "Service is up."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Exceeded check timeout (${timeout}s). Service is down."
|
||||||
|
exit 3
|
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisKeyStore"
|
||||||
|
metadata:
|
||||||
|
name: "idm-v1-default-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ba7c7a3b091df0c4b8ba0bb2"
|
||||||
|
spec:
|
||||||
|
cn: "idm-v1"
|
||||||
|
usage: "<reserved for future use>"
|
||||||
|
san:
|
||||||
|
dns:
|
||||||
|
- "idm-v1"
|
||||||
|
- "idm-v1.adn-agov-nevisidm-admin-01-uat"
|
||||||
|
- "idm-v1-web"
|
||||||
|
- "idm-v1-web.adn-agov-nevisidm-admin-01-uat"
|
||||||
|
email: []
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "idm-v1-default-tls-client-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ba7c7a3b091df0c4b8ba0bb2"
|
||||||
|
spec:
|
||||||
|
keystores: []
|
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "idm-v1-nevisidm-sectoken-truststore"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ba7c7a3b091df0c4b8ba0bb2"
|
||||||
|
spec:
|
||||||
|
keystores:
|
||||||
|
- name: "auth-sh4r3d-nevisidm-sectoken-signer"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
extraCerts:
|
||||||
|
- "-----BEGIN CERTIFICATE-----\nMIIC0TCCAnigAwIBAgIQZvy+UXQEyt5CZ4HHs8QE4DAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUxOTIyMjgzOFoXDTI1MDUxOTIy\nMjgzOFowXjELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT\nMQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzEXMBUGA1UEAwwOTkVWSVNfU2Vj\nVG9rZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBiK7GDqcPYMtt\nhWhmx/HkSzatni8aLjyTOaVV2yfmJaiWCGTKs1MdQmKOGKMwXp3w2abThn0ce7Sl\nGipV8xGeLq1Wjr9UnpSjV2WarS6BXDET7dJ858yYISJwu8bk/rXdvft7NSIbjl2M\n4auf5AyVFFZ1vKLPX9drJmrQCnGZXqGm7BMLAjgh1b+utopfrwqcwWyg5JltTsTd\nN4ytHciAWOgILO9Tut/VHmQLZA7P4rDSRMzKA8OXg1DSImYXlZlUQqSiNjpJuwmz\njhgt+4pwys+xLfkaOic5RzMtv3YDXKgiWRH/m8JKdfLbkNsl3bNkB/2Q1Hb/LBPQ\n/OLxW+QNAgMBAAGjgZIwgY8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG\nAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFM9gPNKd\nzvDU2SS6FLCxzVDyYJwVMC8GA1UdEQQoMCaCDk5FVklTX1NlY1Rva2VugRRub3Jl\ncGx5QGxvY2FsLmRvbWFpbjAKBggqhkjOPQQDAgNHADBEAiAOOc9cD1IjF5MEc2DK\n4D6oQXWVtAiJLVp1zYq11V2e5QIgQ1CyWHKk+HqZJccyGPfnoB19s0X5RvNwUpJ9\nyVhnGXQ=\n-----END CERTIFICATE-----\n"
|
|
@ -0,0 +1,64 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisComponent"
|
||||||
|
metadata:
|
||||||
|
name: "idm-v1"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm-v1"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ba7c7a3b091df0c4b8ba0bb2"
|
||||||
|
spec:
|
||||||
|
type: "NevisIDM"
|
||||||
|
replicas: 1
|
||||||
|
version: "8.2405.2"
|
||||||
|
gitInitVersion: "1.3.0"
|
||||||
|
runAsNonRoot: true
|
||||||
|
ports:
|
||||||
|
management: 8998
|
||||||
|
soap: 8989
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: "1000m"
|
||||||
|
memory: "2200Mi"
|
||||||
|
requests:
|
||||||
|
cpu: "10m"
|
||||||
|
memory: "500Mi"
|
||||||
|
livenessProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/liveness"
|
||||||
|
periodSeconds: 30
|
||||||
|
timeoutSeconds: 6
|
||||||
|
readinessProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/health"
|
||||||
|
periodSeconds: 30
|
||||||
|
timeoutSeconds: 6
|
||||||
|
startupProbe:
|
||||||
|
management:
|
||||||
|
httpGet:
|
||||||
|
path: "/health"
|
||||||
|
periodSeconds: 30
|
||||||
|
timeoutSeconds: 6
|
||||||
|
failureThreshold: 10
|
||||||
|
podDisruptionBudget:
|
||||||
|
maxUnavailable: "50%"
|
||||||
|
git:
|
||||||
|
tag: "r-29c1b415348a6c1b8b32c65f6f40449f8c7765b0"
|
||||||
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-v1"
|
||||||
|
credentials: "git-credentials"
|
||||||
|
keystores:
|
||||||
|
- "idm-v1-default-identity"
|
||||||
|
truststores:
|
||||||
|
- "idm-v1-nevisidm-sectoken-truststore"
|
||||||
|
- "idm-v1-default-tls-client-trust"
|
||||||
|
podSecurity:
|
||||||
|
policy: "baseline"
|
||||||
|
automountServiceAccountToken: false
|
||||||
|
timeZone: "Europe/Zurich"
|
||||||
|
secrets:
|
||||||
|
secret:
|
||||||
|
- "a2068eb83a60702322c13949-27ed70d3"
|
||||||
|
- "c418560f50e0332d087e85bf-89ec31e5"
|
|
@ -0,0 +1,18 @@
|
||||||
|
schemaVersion: 1.0
|
||||||
|
instance:
|
||||||
|
type: "nevisidm"
|
||||||
|
name: "default"
|
||||||
|
directory: "/var/opt/nevisidm/default"
|
||||||
|
pid: "systemctl show nevisidm@default -p MainPID | cut -d '=' -f2"
|
||||||
|
source:
|
||||||
|
url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-ADMIN-PROJECT/patterns/ba7c7a3b091df0c4b8ba0bb2"
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ba7c7a3b091df0c4b8ba0bb2"
|
||||||
|
patternClass: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMDeployable"
|
||||||
|
resources:
|
||||||
|
ports:
|
||||||
|
- "0.0.0.0:8989"
|
||||||
|
control:
|
||||||
|
start: "systemctl restart nevisidm@default"
|
||||||
|
stop: "systemctl stop nevisidm@default"
|
||||||
|
status: "systemctl status nevisidm@default"
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
echo 'password'
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,45 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
|
||||||
|
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
||||||
|
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
|
||||||
|
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
|
||||||
|
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
|
||||||
|
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
|
||||||
|
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
|
||||||
|
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
|
||||||
|
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
|
||||||
|
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
|
||||||
|
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
|
||||||
|
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
|
||||||
|
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
|
||||||
|
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
|
||||||
|
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
|
||||||
|
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
|
||||||
|
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
|
||||||
|
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
|
||||||
|
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
|
||||||
|
MrY=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
|
||||||
|
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
|
||||||
|
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
|
||||||
|
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
|
||||||
|
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
|
||||||
|
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
|
||||||
|
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
|
||||||
|
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
|
||||||
|
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
|
||||||
|
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
|
||||||
|
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
|
||||||
|
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
|
||||||
|
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
|
||||||
|
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
|
||||||
|
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
|
||||||
|
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
|
||||||
|
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
|
||||||
|
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
|
||||||
|
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TemplateAdmin=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAdmin=nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Root=nevisIdm.SelfAdmin,nevisIdm.UserAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.MainAppOwner,nevisIdm.AppOwner,nevisIdm.Helpdesk,nevisIdm.TechUser,nevisIdm.AppAdmin,nevisIdm.SoapTechAccess,nevisIdm.SoapTechAccessReadOnly,nevisIdm.Root,nevisIdm.TemplateAdmin,nevisIdm.ClientRoot,nevisIdm.Impersonator,nevisIdm.EnterpriseRoleAdmin,nevisIdm.EnterpriseRoleOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppOwner=nevisIdm.AppOwner,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.AppAdmin=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccessReadOnly=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.TechUser=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.ClientRoot=nevisIdm.ClientRoot,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Impersonator=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleAdmin=nevisIdm.EnterpriseRoleAdmin,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.Helpdesk=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.BatchJobAdmin=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.MainAppOwner=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.UserAndUnitAdmin=nevisIdm.SelfAdmin
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SelfAdmin=
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.SoapTechAccess=nevisIdm.SelfAdmin,nevisIdm.UserAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.MainAppOwner,nevisIdm.AppOwner,nevisIdm.Helpdesk,nevisIdm.TechUser,nevisIdm.AppAdmin,nevisIdm.SoapTechAccess,nevisIdm.SoapTechAccessReadOnly,nevisIdm.TemplateAdmin,nevisIdm.EnterpriseRoleOwner
|
||||||
|
# source: pattern://50d6c91ace65f52fa56d7113
|
||||||
|
nevisIdm.EnterpriseRoleOwner=
|
|
@ -0,0 +1,8 @@
|
||||||
|
JAVA_OPTS=(
|
||||||
|
"-XX:+UseContainerSupport"
|
||||||
|
"-XX:MaxRAMPercentage=80.0"
|
||||||
|
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||||
|
"-Dotel.javaagent.logging=application"
|
||||||
|
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
||||||
|
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
||||||
|
)
|
|
@ -0,0 +1,828 @@
|
||||||
|
#header > div > div.navbar-header.nav.navbar-nav.mr-auto > span::after {
|
||||||
|
content: "AGOV Operations - WORK";
|
||||||
|
color: #AB47BC;
|
||||||
|
display: inline-block;
|
||||||
|
margin-left: 5px
|
||||||
|
}
|
||||||
|
|
||||||
|
#mainLayoutTable > tbody > tr:nth-child(3) > td.bgCont > footer > img {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.navbar-default li>a {
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* facing.css */
|
||||||
|
body {
|
||||||
|
font-family: "Averta-Regular", 'Helvetica Neue', 'Segoe UI', Helvetica, Arial, sans-serif;
|
||||||
|
font-size: 12px;
|
||||||
|
color: #000;
|
||||||
|
margin-top: 0;
|
||||||
|
margin-left: 0;
|
||||||
|
margin-right: 0;
|
||||||
|
margin-bottom: 0;
|
||||||
|
background-color: #fff;
|
||||||
|
}
|
||||||
|
|
||||||
|
form, div {
|
||||||
|
margin: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
table, img {
|
||||||
|
border: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.frmTable, .tblTable {
|
||||||
|
border: 0px solid #009999;
|
||||||
|
width: 100%;
|
||||||
|
border-spacing: 1px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.border2 {
|
||||||
|
border: 1px solid #a9a9a9;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.bgNavi {
|
||||||
|
height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.navi {
|
||||||
|
width: 210px;
|
||||||
|
border-spacing: 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.bgNavi {
|
||||||
|
height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* - - - - - - - - - - - - - - - - - - NAVI LAYOUT - - - - - - - - - - - - - - - - - - - - - - - */
|
||||||
|
ul.lev01 {
|
||||||
|
list-style: none;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
margin-top: 0.0em;
|
||||||
|
margin-bottom: 0em;
|
||||||
|
padding-left: 0.0em;
|
||||||
|
margin-left: 0px; /*IE needs this */
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev01 {
|
||||||
|
list-style: none;
|
||||||
|
margin: 0px;
|
||||||
|
padding-top: 0.3em;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev01 p.title {
|
||||||
|
padding-top: 1em;
|
||||||
|
padding-bottom: 0.3em;
|
||||||
|
padding-left: 10px;
|
||||||
|
margin: 0px;
|
||||||
|
border-bottom: 1px solid #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul.lev02, ul.lev02active {
|
||||||
|
list-style: none;
|
||||||
|
font-weight: normal;
|
||||||
|
margin-top: 0.0em;
|
||||||
|
margin-bottom: 0em;
|
||||||
|
padding: 0.0em;
|
||||||
|
margin-left: 0px; /*IE needs this */
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02 {
|
||||||
|
list-style: none;
|
||||||
|
margin: 0px;
|
||||||
|
padding-top: 0.0em;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02 p.title {
|
||||||
|
padding-top: 1em;
|
||||||
|
padding-bottom: 0.3em;
|
||||||
|
padding-left: 10px;
|
||||||
|
margin: 0px;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
color: #333;
|
||||||
|
border-bottom: 0px solid #a9a9a9;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02 a {
|
||||||
|
list-style: none;
|
||||||
|
display: block;
|
||||||
|
font-size: 12px;
|
||||||
|
color: #000;
|
||||||
|
text-decoration: none;
|
||||||
|
margin: 0px;
|
||||||
|
padding-top: 0.3em;
|
||||||
|
padding-bottom: 0.3em;
|
||||||
|
padding-left: 10px;
|
||||||
|
height: 1em;
|
||||||
|
/*diese Angabe ist nur fuer den IE, damit die ganze Linkflaeche klickbar ist */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02 a {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02 a:link, li.lev02 a:visited {
|
||||||
|
color: #000;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02 a:active, li.lev02 a:hover {
|
||||||
|
display: block;
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02 a:link, li.lev02 a:visited {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02active {
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02active p.title {
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
border-bottom: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02active a {
|
||||||
|
list-style: none;
|
||||||
|
margin: 0px;
|
||||||
|
padding-top: 0.3em;
|
||||||
|
padding-bottom: 0.3em;
|
||||||
|
padding-left: 10px;
|
||||||
|
height: 1em;
|
||||||
|
/*diese Angabe ist nur fuer den IE, damit die ganze Linkflaeche klickbar ist */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02active a:link, li.lev02active a:visited {
|
||||||
|
display: block;
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
text-decoration: none;
|
||||||
|
height: 1em;
|
||||||
|
/*diese Angabe ist nur fuer den IE, damit die ganze Linkflaeche klickbar ist */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02active a:link, li.lev02active a:visited {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02active a:active, li.lev02active a:hover {
|
||||||
|
display: block;
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
text-decoration: none;
|
||||||
|
height: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev02active a:active, li.lev02active a:hover {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
ul.lev03, ul.lev03active {
|
||||||
|
list-style: none;
|
||||||
|
font-weight: normal;
|
||||||
|
margin-top: 0.0em;
|
||||||
|
margin-bottom: 0em;
|
||||||
|
padding: 0.0em;
|
||||||
|
margin-left: 10px; /*IE needs this */
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03 a {
|
||||||
|
list-style: none;
|
||||||
|
display: block;
|
||||||
|
font-size: 12px;
|
||||||
|
color: #000;
|
||||||
|
text-decoration: none;
|
||||||
|
margin: 0px;
|
||||||
|
padding-top: 0.3em;
|
||||||
|
padding-bottom: 0.3em;
|
||||||
|
padding-left: 20px;
|
||||||
|
height: 1em;
|
||||||
|
/*diese Angabe ist nur fuer den IE, damit die ganze Linkflaeche klickbar ist */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03 a {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03 a:link, li.lev03 a:visited {
|
||||||
|
color: #000;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03 a:active, li.lev03 a:hover {
|
||||||
|
display: block;
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03 a:link, li.lev03 a:visited {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03active a {
|
||||||
|
list-style: none;
|
||||||
|
margin: 0px;
|
||||||
|
padding-top: 0.3em;
|
||||||
|
padding-bottom: 0.3em;
|
||||||
|
padding-left: 20px;
|
||||||
|
height: 1em;
|
||||||
|
/*diese Angabe ist nur fuer den IE, damit die ganze Linkflaeche klickbar ist */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03active a:link, li.lev03active a:visited {
|
||||||
|
display: block;
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
text-decoration: none;
|
||||||
|
height: 1em;
|
||||||
|
/*diese Angabe ist nur fuer den IE, damit die ganze Linkflaeche klickbar ist */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03active a:link, li.lev03active a:visited {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03active a:active, li.lev03active a:hover {
|
||||||
|
display: block;
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
text-decoration: none;
|
||||||
|
height: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
li.lev03active a:active, li.lev03active a:hover {
|
||||||
|
height: auto;
|
||||||
|
/*hebt fuer nicht-IE Browser die Hoehenangabe 1em wieder auf */
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ---------- misc settings ------------- */
|
||||||
|
.bgHeader {
|
||||||
|
vertical-align: top;
|
||||||
|
background-color: #38373b;
|
||||||
|
width: 100%;
|
||||||
|
border-spacing: 0px;
|
||||||
|
border-collapse: collapse;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Header logo styles */
|
||||||
|
.site-logo {
|
||||||
|
background: transparent url("../images/AGOV-Logo.png") left top
|
||||||
|
no-repeat;
|
||||||
|
width: 64px;
|
||||||
|
height: 64px;
|
||||||
|
background-size: 64px 64px;
|
||||||
|
transition: background-size 0.25s linear, width 0.25s linear, height
|
||||||
|
0.25s linear;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Header logo collapsed styles */
|
||||||
|
.scrolled .site-logo {
|
||||||
|
background: transparent url("../images/AGOV-Logo.png") left top
|
||||||
|
no-repeat;
|
||||||
|
width: 36px;
|
||||||
|
height: 36px;
|
||||||
|
background-size: 36px 36px;
|
||||||
|
transition: background-size 0.25s linear, width 0.25s linear, height
|
||||||
|
0.25s linear;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Header component name */
|
||||||
|
.site-title {
|
||||||
|
font-size: 1.7em;
|
||||||
|
align-self: center;
|
||||||
|
margin-left: 0 !important;
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
.scrolled .site-title {
|
||||||
|
font-size: 1.7em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.bgCont {
|
||||||
|
vertical-align: top;
|
||||||
|
background-color: #ffffff;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.bgCont {
|
||||||
|
/*mod teddy for IE6*/
|
||||||
|
width: 100%;
|
||||||
|
padding: 10px;
|
||||||
|
font-size: 12px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*Links*/
|
||||||
|
.bgCont a:link, .bgCont a:visited {
|
||||||
|
font-size: 12px;
|
||||||
|
color: #501eb6;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.bgCont a:active, .bgCont a:hover {
|
||||||
|
font-size: 12px;
|
||||||
|
color: #501eb6;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.Headline {
|
||||||
|
font-size: 20px;
|
||||||
|
color: #000000;
|
||||||
|
padding-bottom: 0px;
|
||||||
|
margin-bottom: 4px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblRowNowrap {
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ---------- color config ---------- */
|
||||||
|
#header {
|
||||||
|
background-color: white;
|
||||||
|
border-bottom: 1px solid #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
#header-navbar-collapse {
|
||||||
|
background-color: #fff;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Menu item basic style */
|
||||||
|
.navbar-default .navbar-nav>li>a {
|
||||||
|
color: #501eb6;
|
||||||
|
font-size: 14px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Header dropdown menu general styles */
|
||||||
|
.nav>li>.dropdown-menu {
|
||||||
|
border: 1px solid #501eb6;
|
||||||
|
border-radius: 3px;
|
||||||
|
padding: 17px 0;
|
||||||
|
margin-top: -5px;
|
||||||
|
right: 0;
|
||||||
|
left: auto;
|
||||||
|
-webkit-box-shadow: 0 6px 12px rgba(0,0,0,.175);
|
||||||
|
box-shadow: 0 6px 12px rgba(0,0,0,.175);
|
||||||
|
line-height: 20px;
|
||||||
|
font-size: 14px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.dropdown-toggle::after {
|
||||||
|
vertical-align: middle;
|
||||||
|
margin-left: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.dropdown-item>a {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.navbar-default .navbar-nav>li>a:hover,
|
||||||
|
.dropdown>a:hover,
|
||||||
|
.dropdown.show>a,
|
||||||
|
a>.fa-question-circle:hover {
|
||||||
|
color: #501eb6;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.dropdown-item {
|
||||||
|
padding: 0;
|
||||||
|
color: #212529;
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.navbar-default .dropdown-menu li>a:focus,
|
||||||
|
.navbar-default .dropdown-menu li>a:hover {
|
||||||
|
background-color: #501eb6;
|
||||||
|
color: white;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Language dropdown */
|
||||||
|
.language-code {
|
||||||
|
text-transform: uppercase;
|
||||||
|
color: #501eb6;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
display: table-cell;
|
||||||
|
/* in order to align the language codes horizontally */
|
||||||
|
width: 23px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Quick Search text field */
|
||||||
|
.navbar-form .form-control {
|
||||||
|
height: 28px;
|
||||||
|
width: 320px;
|
||||||
|
border: 1px solid #501eb6;
|
||||||
|
border-radius: 3px;
|
||||||
|
}
|
||||||
|
|
||||||
|
#header .form-control:focus {
|
||||||
|
box-shadow: inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.navi, span.navi, span.navi a, .tblHeader, .tblFooter, td.frmLabel, td.frmConfirmLabel,
|
||||||
|
td.frmInput, td.frmInputStatus, td.frmInputLegend, td.frmConfirmInput,
|
||||||
|
td.frmLabelMandatory, input, textarea {
|
||||||
|
color: #000000;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.navi, td.navi a:hover {
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.mandatory {
|
||||||
|
color: #c80000;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.tab {
|
||||||
|
background-color: #e3e4e6;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.tabActive, td.frmTitelSmall {
|
||||||
|
background-color: #bacce1;
|
||||||
|
}
|
||||||
|
|
||||||
|
a.tab, a.frmEdit, a.frmEdit:hover {
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
a.tab:hover {
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblTitel, td.frmTitel {
|
||||||
|
color: #38373b;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
border-top: 1px solid #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblSubTitel2, tblSubTitel1, a.frmTitel, a.frmTitel:hover {
|
||||||
|
color: #1d3e9c;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblSubTitel1 {
|
||||||
|
background-color: #cddcec;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblHeader, .tblFooter {
|
||||||
|
background-color: #f0f1f3;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblHeader a img {
|
||||||
|
margin-left: 8px;
|
||||||
|
margin-top: 2px;
|
||||||
|
vertical-align: text-bottom;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*Links auf dunekgrauem BG*/
|
||||||
|
.tblHeader a, td.tblFooter a.tbl, .tblRowOdd a, .tblRowEven a {
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblRowOdd, .tblRowOddNr, .tblRowOddCentered {
|
||||||
|
font-size: 12px;
|
||||||
|
padding: 3px 7px;
|
||||||
|
background-color: #ffffff;
|
||||||
|
word-wrap: break-word;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblRowEven, .tblRowEvenNr, .tblRowEvenCentered {
|
||||||
|
font-size: 12px;
|
||||||
|
padding: 3px 7px;
|
||||||
|
background-color: #f0f1f3;
|
||||||
|
word-wrap: break-word;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblRowOddCentered, .tblRowEvenCentered {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblRowOdd a, .tblRowEven a, a.tbl {
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tblRowOdd a:hover, .tblRowEven a:hover, a.tbl:hover {
|
||||||
|
color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
.deactivated {
|
||||||
|
color: #999;
|
||||||
|
}
|
||||||
|
|
||||||
|
.deactivated a {
|
||||||
|
color: #999;
|
||||||
|
}
|
||||||
|
|
||||||
|
.deactivated a:link, .deactivated a:visited {
|
||||||
|
color: #999;
|
||||||
|
}
|
||||||
|
|
||||||
|
.deactivated a:active, .deactivated a:hover {
|
||||||
|
color: #999;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.frmTitelSmall {
|
||||||
|
color: #1d2f68;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.frmLabel, td.frmLabelMandatory, td.frmLabelHi {
|
||||||
|
border: 1px solid #f0f1f3;
|
||||||
|
background-color: #ffffff;
|
||||||
|
color: #323232;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.frmLabelHi {
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.frmLabelHi {
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.frmConfirmLabel {
|
||||||
|
background-color: #fff4c0;
|
||||||
|
text-align: right;
|
||||||
|
vertical-align: middle;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.frmInput, td.frmInputIcon, td.frmInputStatus {
|
||||||
|
border: 1px solid #f0f1f3;
|
||||||
|
background-color: #ffffff;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
#historyDiffRecordTable td.frmInput,
|
||||||
|
#historyDiffRecordTable td.frmInputIcon,
|
||||||
|
#historyDiffRecordTable td.frmInputStatus {
|
||||||
|
white-space: normal;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.frmConfirmInput {
|
||||||
|
background-color: #fff4c0;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
input {
|
||||||
|
background-color: #ffffff;
|
||||||
|
border: 1px solid #a9a9a9;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
height: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
textarea {
|
||||||
|
background-color: #ffffff;
|
||||||
|
border: 1px solid #a9a9a9;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
resize: vertical;
|
||||||
|
}
|
||||||
|
|
||||||
|
input.submit {
|
||||||
|
font-weight: normal;
|
||||||
|
}
|
||||||
|
|
||||||
|
select {
|
||||||
|
background-color: #ffffff;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* ---------- Breadcrumbs config ---------- */
|
||||||
|
ul.breadcrumbs {
|
||||||
|
padding: 0px;
|
||||||
|
margin-left: 0px;
|
||||||
|
margin-bottom: 4px;
|
||||||
|
margin-right: 90px;
|
||||||
|
margin-top: 4px;
|
||||||
|
font-size: 12px;
|
||||||
|
list-style-type: none;
|
||||||
|
color: #a9a9a9;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul.breadcrumbs li {
|
||||||
|
display: inline;
|
||||||
|
color: #000;
|
||||||
|
}
|
||||||
|
|
||||||
|
.breadcrumbs li a {
|
||||||
|
display: block;
|
||||||
|
color: #501eb6;
|
||||||
|
text-decoration: none;
|
||||||
|
height: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.breadcrumbs li a:link, .breadcrumbs li a:visited {
|
||||||
|
display: inline;
|
||||||
|
color: #501eb6;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.breadcrumbs li a:active, .breadcrumbs li a:hover {
|
||||||
|
color: #501eb6;
|
||||||
|
text-decoration: none;
|
||||||
|
height: 1em;
|
||||||
|
/* diese Angabe ist nur fuer den IE, damit die ganze Linkflaeche klickbar ist */
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Add a lightgrey slash character as breadcrumb separator between breadcrumbs. */
|
||||||
|
.breadcrumbs>li+li::before {
|
||||||
|
padding: 0 5px;
|
||||||
|
color: #ccc;
|
||||||
|
content: "/\00a0";
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Error Message */
|
||||||
|
.error {
|
||||||
|
font-size: 12px;
|
||||||
|
font-style: normal;
|
||||||
|
font-variant: normal;
|
||||||
|
color: #000;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul.error {
|
||||||
|
list-style-type: disc;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
padding: 8px;
|
||||||
|
margin: 0px 20px 0px 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul.error li {
|
||||||
|
line-height: 16px;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.errorBorder {
|
||||||
|
border: 1px solid #ff7700;
|
||||||
|
background-color: #ffeeaa;
|
||||||
|
margin-top: 30px;
|
||||||
|
width: 100%;
|
||||||
|
border-spacing: 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Success Message */
|
||||||
|
.message {
|
||||||
|
font-size: 12px;
|
||||||
|
font-style: normal;
|
||||||
|
color: #000;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul.message {
|
||||||
|
list-style-type: disc;
|
||||||
|
font-weight: bold;
|
||||||
|
font-family: "Averta-Bold", sans-serif;
|
||||||
|
padding: 8px;
|
||||||
|
margin: 0px 20px 0px 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
ul.message li {
|
||||||
|
line-height: 16px;
|
||||||
|
font-size: 12px;
|
||||||
|
}
|
||||||
|
|
||||||
|
table.messageBorder {
|
||||||
|
font-size: 12px;
|
||||||
|
border: 1px solid #501eb6;
|
||||||
|
background-color: #deefee;
|
||||||
|
margin-top: 30px;
|
||||||
|
width: 100%;
|
||||||
|
border-spacing: 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Info message */
|
||||||
|
table.infoBorder {
|
||||||
|
font-size: 12px;
|
||||||
|
border: 1px solid #3783ff;
|
||||||
|
background-color: #3783ff;
|
||||||
|
margin-top: 30px;
|
||||||
|
width: 100%;
|
||||||
|
border-spacing: 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.infoBorder a:link, .infoBorder a:visited {
|
||||||
|
font-size: 12px;
|
||||||
|
color: #fbfbfb;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.infoBorder a:active, .infoBorder a:hover {
|
||||||
|
font-size: 12px;
|
||||||
|
color: #ffffff;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Question message */
|
||||||
|
table.questionBorder {
|
||||||
|
font-size: 12px;
|
||||||
|
border: 1px solid #f4c649;
|
||||||
|
background-color: #fff4c0;
|
||||||
|
margin-top: 30px;
|
||||||
|
width: 100%;
|
||||||
|
border-spacing: 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Navigation Configuration */
|
||||||
|
#nav_user_administration, #nav_new_user, #nav_modify_user,
|
||||||
|
#nav_modify_user, #nav_search_by_profile, #nav_search_by_credential {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#nav_unit_admin, #nav_new_main_unit, #nav_modify_unit {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#nav_system_admin, #nav_applications, #nav_new_application,
|
||||||
|
#nav_modify_application {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#nav_mail_templates, #nav_new_mail_template, #nav_modify_mail_template {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#nav_policies, #nav_new_policy, #nav_modify_policy {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#nav_batch_jobs, #nav_planned_jobs {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#nav_client_administration, #nav_new_client, #nav_modify_client,
|
||||||
|
#nav_assign_roles, #nav_assign_policies, #nav_assign_mail_templates {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#nav_selfadmin, #nav_my_user_data {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.placeholder {
|
||||||
|
color: #aaa;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Quick Search (autocomplete) */
|
||||||
|
.tt-hint {
|
||||||
|
color: #999
|
||||||
|
}
|
||||||
|
|
||||||
|
.tt-menu {
|
||||||
|
width: 320px;
|
||||||
|
padding: 17px 0;
|
||||||
|
background-color: #fff;
|
||||||
|
border: 1px solid #501eb6;
|
||||||
|
border-radius: 3px;
|
||||||
|
box-shadow: 0 6px 12px rgba(0, 0, 0, .175);
|
||||||
|
}
|
||||||
|
|
||||||
|
.tt-suggestion {
|
||||||
|
padding: 3px 28px;
|
||||||
|
line-height: 24px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tt-suggestion:hover {
|
||||||
|
cursor: pointer;
|
||||||
|
color: #fff;
|
||||||
|
background-color: #501eb6;
|
||||||
|
}
|
||||||
|
|
||||||
|
.tt-suggestion.tt-cursor {
|
||||||
|
color: #fff;
|
||||||
|
background-color: #9cc;
|
||||||
|
}
|
||||||
|
|
||||||
|
.empty-message {
|
||||||
|
padding: 3px 28px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* - - - - - - - - - - - - - - - - - - FOOTER - - - - - - - - - - - - - - - - - - - - - - - */
|
||||||
|
.footer {
|
||||||
|
color: #501eb6;
|
||||||
|
background-color: transparent;
|
||||||
|
height: 40px;
|
||||||
|
padding-top: 0;
|
||||||
|
padding-bottom: 24px;
|
||||||
|
margin-top: 36px;
|
||||||
|
border-top: 1px solid #501eb6;
|
||||||
|
}
|
Binary file not shown.
After Width: | Height: | Size: 2.3 KiB |
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "additionalAddress",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "additional address line",
|
||||||
|
"maxLength": "100",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingFri",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "Opening hours for Fridays",
|
||||||
|
"maxLength": "50",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingHol",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "Opening hours for Sundays and Holidays",
|
||||||
|
"maxLength": "50",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingMon",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "Opening hours for Mondays",
|
||||||
|
"maxLength": "50",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingRemarksDe",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "remarks for the opening hours (DE)",
|
||||||
|
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingRemarksEn",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "remarks for the opening hours (EN)",
|
||||||
|
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingRemarksFr",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "remarks for the opening hours (FR)",
|
||||||
|
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingRemarksIt",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "remarks for the opening hours (IT)",
|
||||||
|
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingSat",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "Opening hours for Saturdays",
|
||||||
|
"maxLength": "50",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingThu",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "Opening hours for Thursdays",
|
||||||
|
"maxLength": "50",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingTue",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "Opening hours for Tuesdays",
|
||||||
|
"maxLength": "50",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "openingWed",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "Opening hours for Wednesdays",
|
||||||
|
"maxLength": "50",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "position",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "coordinates of the office (WGS84)",
|
||||||
|
|
||||||
|
"regex": "^\\-?([1-9][0-9]|[0-9])\\.[0-9][0-9][0-9][0-9][0-9],\\s*\\-?(1[0-8][0-9]|[1-9][0-9]|[0-9])\\.[0-9][0-9][0-9][0-9][0-9]$",
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "street",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "address: street and house number",
|
||||||
|
"maxLength": "100",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "town",
|
||||||
|
"scope": "UNIT_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "d9a334a6-b6f5-4982-a24e-13ae095a60fa",
|
||||||
|
"description": "twon, city where the counter is located",
|
||||||
|
"maxLength": "40",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "agovId",
|
||||||
|
"scope": "USER_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_ONLY",
|
||||||
|
"clientExtId": "9f30aa08-4c53-458c-b144-90c16dc5ed6e",
|
||||||
|
|
||||||
|
"maxLength": "36",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "counterExtId",
|
||||||
|
"scope": "USER_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "9f30aa08-4c53-458c-b144-90c16dc5ed6e",
|
||||||
|
"description": "the unitExtId of the counter, that the user selected intially, and visited (might be different)",
|
||||||
|
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{
|
||||||
|
"name": "eIdNumber",
|
||||||
|
"scope": "USER_GLOBAL",
|
||||||
|
"encrypted": false,
|
||||||
|
"propagated": false,
|
||||||
|
|
||||||
|
"accessCreate": "READ_WRITE",
|
||||||
|
"accessModify": "READ_WRITE",
|
||||||
|
"clientExtId": "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720",
|
||||||
|
|
||||||
|
"maxLength": "40",
|
||||||
|
|
||||||
|
"precedence": 100
|
||||||
|
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue