diff --git a/bundles.yml b/bundles.yml index 7783fa0..8b092fd 100644 --- a/bundles.yml +++ b/bundles.yml @@ -1,13 +1,13 @@ schemaVersion: "1.0" bundles: -- "nevisadmin-plugin-base-generation:8.2411.2.rc2" -- "nevisadmin-plugin-nevisproxy:8.2411.2.rc2" -- "nevisadmin-plugin-nevisauth:8.2411.2.rc2" -- "nevisadmin-plugin-nevisidm:8.2411.2.rc2" -- "nevisadmin-plugin-mobile-auth:8.2411.2.rc2" -- "nevisadmin-plugin-fido2:8.2411.2.rc2" -- "nevisadmin-plugin-nevisadapt:8.2411.2.rc2" -- "nevisadmin-plugin-nevisdetect:8.2411.2.rc2" -- "nevisadmin-plugin-oauth:8.2411.2.rc2" -- "nevisadmin-plugin-authcloud:8.2411.2.rc2" -- "nevisadmin-plugin-nevisdp:8.2411.2.rc2" +- "nevisadmin-plugin-authcloud:8.2411.2.4" +- "nevisadmin-plugin-base-generation:8.2411.2.4" +- "nevisadmin-plugin-fido2:8.2411.2.4" +- "nevisadmin-plugin-mobile-auth:8.2411.2.4" +- "nevisadmin-plugin-nevisadapt:8.2411.2.4" +- "nevisadmin-plugin-nevisauth:8.2411.2.4" +- "nevisadmin-plugin-nevisdetect:8.2411.2.4" +- "nevisadmin-plugin-nevisdp:8.2411.2.4" +- "nevisadmin-plugin-nevisidm:8.2411.2.4" +- "nevisadmin-plugin-nevisproxy:8.2411.2.4" +- "nevisadmin-plugin-oauth:8.2411.2.4" diff --git a/patterns/0f6977caedca600b17221f0a_authStatesFile/Ident_ProcessAndDispatch.xml b/patterns/0f6977caedca600b17221f0a_authStatesFile/Ident_ProcessAndDispatch.xml new file mode 100644 index 0000000..20d671f --- /dev/null +++ b/patterns/0f6977caedca600b17221f0a_authStatesFile/Ident_ProcessAndDispatch.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/patterns/0f6977caedca600b17221f0a_resources/IdentProcessAndDispatch.groovy b/patterns/0f6977caedca600b17221f0a_resources/IdentProcessAndDispatch.groovy new file mode 100644 index 0000000..15f0f09 --- /dev/null +++ b/patterns/0f6977caedca600b17221f0a_resources/IdentProcessAndDispatch.groovy @@ -0,0 +1,79 @@ +import groovy.json.JsonSlurper + +def cleanSession(boolean rpcodeToo) { + def s = request.getAuthSession(true) + + if (rpcodeToo) { + s.removeAttribute('agov.ident.rpcode.backup') + s.removeAttribute('agov.ident.rpcode') + s.removeAttribute('agov.ident.entityId') + } + def sessionKeySet = new HashSet(session.keySet()) + sessionKeySet.each { key -> + if ( key ==~ /ch.nevis.auth.saml..*/ ) { + LOG.debug("Deleted session attribute '${key}'") + s.removeAttribute(key) + } + } +} + +// for auditing +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' +def referer = request.getLoginContext()['connection.HttpHeader.referer'] ?: request.getLoginContext()['connection.HttpHeader' + + '.Referer'] ?: '-' +def origin = request.getLoginContext()['connection.HttpHeader.origin'] ?: request.getLoginContext()['connection.HttpHeader' + + '.Origin'] ?: '-' + +// 0) clean up, if we have a SAML Response in session +if (session['ch.nevis.auth.saml.response.id']) { + // keep rpcode in session, if retrying after SAML error + def keepRpcode = session['ch.nevis.auth.saml.response.statusCode'] == 'urn:oasis:names:tc:SAML:2.0:status:Responder' + cleanSession(!keepRpcode) +} + +// 1) we need to know the code of the RP +def rpcode = inargs['rpcode'] ?: inargs['RelayState'] ?: session['agov.ident.rpcode'] +def rpcodeBackup = session['agov.ident.rpcode'] +def rpentity = '-' + +if (rpcode) +{ + if (rpcodeBackup) { + response.setSessionAttribute('agov.ident.rpcode.backup', rpcodeBackup) + } + response.setSessionAttribute('agov.ident.rpcode', rpcode) +} else { + cleanSession(true) + LOG.info("Event='IDENT-INVALIDREQ', rpcode='missing', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', Origin='${origin}'") + response.setResult('inavlidurl') + return +} + +// 2) load rp settings in session (if needed) +if (rpcode != rpcodeBackup) { + def slurper = new JsonSlurper() + def rpMap = slurper.parseText(parameters['rpcode.list']) + LOG.debug(">>> rpMaP: ${rpMap}") + if (!rpMap[rpcode]) { + cleanSession(true) + LOG.info("Event='IDENT-INVALIDREQ', rpcode='${rpcode}', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', Origin='${origin}'") + response.setResult('inavlidurl') + return + } + rpentity=rpMap[rpcode] + response.setSessionAttribute('agov.ident.entityId', rpMap[rpcode]) +} + +// 3) if we have a response ... +if (inargs['SAMLResponse']) { + response.setResult('processResponse') + return +} + +// 4) otherwise +LOG.info("Event='IDENT-INITREQ', rpcode='${rpcode}', rpentity='${rpentity}', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', " + + "Origin='${origin}'") +response.setResult('sendAuthnRequest') +return + diff --git a/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip b/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip index 066020a..68613de 100644 Binary files a/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip and b/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip differ diff --git a/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip b/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip index 066020a..68613de 100644 Binary files a/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip and b/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip differ diff --git a/patterns/3fd09bb6cfbd34874595c263_labels/labels.zip b/patterns/3fd09bb6cfbd34874595c263_labels/labels.zip new file mode 100644 index 0000000..d8768dc Binary files /dev/null and b/patterns/3fd09bb6cfbd34874595c263_labels/labels.zip differ diff --git a/patterns/3fd09bb6cfbd34874595c263_template/webdata.zip b/patterns/3fd09bb6cfbd34874595c263_template/webdata.zip new file mode 100644 index 0000000..99fdfca Binary files /dev/null and b/patterns/3fd09bb6cfbd34874595c263_template/webdata.zip differ diff --git a/patterns/6df66943ca713eed2a25d935_labels/labels.zip b/patterns/6df66943ca713eed2a25d935_labels/labels.zip index e3328b9..d8768dc 100644 Binary files a/patterns/6df66943ca713eed2a25d935_labels/labels.zip and b/patterns/6df66943ca713eed2a25d935_labels/labels.zip differ diff --git a/patterns/6df66943ca713eed2a25d935_template/webdata.zip b/patterns/6df66943ca713eed2a25d935_template/webdata.zip index 9c3cd16..99fdfca 100644 Binary files a/patterns/6df66943ca713eed2a25d935_template/webdata.zip and b/patterns/6df66943ca713eed2a25d935_template/webdata.zip differ diff --git a/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip b/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip index e3328b9..d8768dc 100644 Binary files a/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip and b/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip differ diff --git a/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip b/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip index 9c3cd16..99fdfca 100644 Binary files a/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip and b/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip differ diff --git a/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip b/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip index e3328b9..d8768dc 100644 Binary files a/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip and b/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip differ diff --git a/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip b/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip index 9c3cd16..99fdfca 100644 Binary files a/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip and b/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip differ diff --git a/patterns/816a1456192f974b57418ca9_resources/resources-op.zip b/patterns/816a1456192f974b57418ca9_resources/resources-op.zip new file mode 100644 index 0000000..68613de Binary files /dev/null and b/patterns/816a1456192f974b57418ca9_resources/resources-op.zip differ diff --git a/patterns/AGOV_Ident_Signer_KeyStore_f739deb8632efc4ff0c2a21d.yml b/patterns/AGOV_Ident_Signer_KeyStore_f739deb8632efc4ff0c2a21d.yml new file mode 100644 index 0000000..de98b25 --- /dev/null +++ b/patterns/AGOV_Ident_Signer_KeyStore_f739deb8632efc4ff0c2a21d.yml @@ -0,0 +1,9 @@ +schemaVersion: "1.0" +pattern: + id: "f739deb8632efc4ff0c2a21d" + className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.PemKeyStoreProvider" + name: "AGOV_Ident_Signer_KeyStore" + label: "IDENT" + properties: + keystoreFiles: "var://agov_ident_signer_keystore" + keyPass: "var://agov_ident_signer_passphrase" diff --git a/patterns/GreenMail_f010ec68088ebd56349c7135.yml b/patterns/GreenMail_f010ec68088ebd56349c7135.yml index 0f2dab6..f434991 100644 --- a/patterns/GreenMail_f010ec68088ebd56349c7135.yml +++ b/patterns/GreenMail_f010ec68088ebd56349c7135.yml @@ -10,10 +10,10 @@ pattern: realm: - "pattern://7518c6cc61e47eec6322ae17" addons: - - "pattern://4c0d206244a4e16e9aa49f5c" + - "pattern://a6db9f243e2ecabfba832868" backends: "var://greenmail-backend-addresses" hostnameCheck: "disabled" hostHeader: "backend" - responseRewrite: "header" + responseRewrite: "var://greenmail-response-rewriting" csrf: "off" requestValidation: "var://op-admin-mod-security-mode-greenmail" diff --git a/patterns/IDENT-AuthenticationRealm_3fd09bb6cfbd34874595c263.yml b/patterns/IDENT-AuthenticationRealm_3fd09bb6cfbd34874595c263.yml new file mode 100644 index 0000000..cd60384 --- /dev/null +++ b/patterns/IDENT-AuthenticationRealm_3fd09bb6cfbd34874595c263.yml @@ -0,0 +1,16 @@ +schemaVersion: "1.0" +pattern: + id: "3fd09bb6cfbd34874595c263" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm" + name: "IDENT-AuthenticationRealm" + label: "IDENT" + properties: + authenticate: + - "pattern://0f6977caedca600b17221f0a" + auth: + - "pattern://ac27dd7daad0ca2b7229bfaf" + logrend: + - "pattern://8401da6318c6915d689cdfc9" + template: "res://3fd09bb6cfbd34874595c263#template" + labels: "res://3fd09bb6cfbd34874595c263#labels" + defaultProperties: "var://nevislogrend-configuration-logrendproperties" diff --git a/patterns/IDENT-Entry-Point_6977f8a683f63744bbd56d69.yml b/patterns/IDENT-Entry-Point_6977f8a683f63744bbd56d69.yml new file mode 100644 index 0000000..10be980 --- /dev/null +++ b/patterns/IDENT-Entry-Point_6977f8a683f63744bbd56d69.yml @@ -0,0 +1,12 @@ +schemaVersion: "1.0" +pattern: + id: "6977f8a683f63744bbd56d69" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.AuthenticationFlow" + name: "IDENT-Entry-Point" + label: "IDENT" + properties: + host: + - "pattern://816a1456192f974b57418ca9" + path: "exact:/process" + realm: + - "pattern://3fd09bb6cfbd34874595c263" diff --git a/patterns/IDENT-Failed-WithRetry_ea2c110e0adfa95722c2cc99.yml b/patterns/IDENT-Failed-WithRetry_ea2c110e0adfa95722c2cc99.yml new file mode 100644 index 0000000..01234f8 --- /dev/null +++ b/patterns/IDENT-Failed-WithRetry_ea2c110e0adfa95722c2cc99.yml @@ -0,0 +1,11 @@ +schemaVersion: "1.0" +pattern: + id: "ea2c110e0adfa95722c2cc99" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.UserInformation" + name: "IDENT-Failed-WithRetry" + label: "IDENT" + properties: + messageType: "warning" + buttonType: "submit" + onSubmit: + - "pattern://0f6977caedca600b17221f0a" diff --git a/patterns/IDENT-Failed_026e4ae8ef4cc5496a7fe8c6.yml b/patterns/IDENT-Failed_026e4ae8ef4cc5496a7fe8c6.yml new file mode 100644 index 0000000..2e14cb0 --- /dev/null +++ b/patterns/IDENT-Failed_026e4ae8ef4cc5496a7fe8c6.yml @@ -0,0 +1,9 @@ +schemaVersion: "1.0" +pattern: + id: "026e4ae8ef4cc5496a7fe8c6" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.UserInformation" + name: "IDENT-Failed" + label: "IDENT" + properties: + messageType: "error" + buttonType: "none" diff --git a/patterns/IDENT-Process-and-Dispatch_0f6977caedca600b17221f0a.yml b/patterns/IDENT-Process-and-Dispatch_0f6977caedca600b17221f0a.yml new file mode 100644 index 0000000..b8839e2 --- /dev/null +++ b/patterns/IDENT-Process-and-Dispatch_0f6977caedca600b17221f0a.yml @@ -0,0 +1,14 @@ +schemaVersion: "1.0" +pattern: + id: "0f6977caedca600b17221f0a" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep" + name: "IDENT-Process-and-Dispatch" + label: "IDENT" + properties: + authStatesFile: "res://0f6977caedca600b17221f0a#authStatesFile" + onFailure: + - "pattern://026e4ae8ef4cc5496a7fe8c6" + nextSteps: + - "pattern://dce20cc904f88df4b77f93d9" + - "pattern://ac1151fe6a973b135fd4a460" + resources: "res://0f6977caedca600b17221f0a#resources" diff --git a/patterns/IDENT-SamlServiceProvider-AuthnRequest_dce20cc904f88df4b77f93d9.yml b/patterns/IDENT-SamlServiceProvider-AuthnRequest_dce20cc904f88df4b77f93d9.yml new file mode 100644 index 0000000..f85c05d --- /dev/null +++ b/patterns/IDENT-SamlServiceProvider-AuthnRequest_dce20cc904f88df4b77f93d9.yml @@ -0,0 +1,11 @@ +schemaVersion: "1.0" +pattern: + id: "dce20cc904f88df4b77f93d9" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep" + name: "IDENT-SamlServiceProvider-AuthnRequest" + label: "IDENT" + properties: + authStatesFile: "res://dce20cc904f88df4b77f93d9#authStatesFile" + parameters: "var://op-samlserviceprovider-parameters" + keyObjects: + - "pattern://6589067d403de8c65bcdcb16" diff --git a/patterns/IDENT-SamlServiceProvider-ProcessResponse_ac1151fe6a973b135fd4a460.yml b/patterns/IDENT-SamlServiceProvider-ProcessResponse_ac1151fe6a973b135fd4a460.yml new file mode 100644 index 0000000..9ce1b32 --- /dev/null +++ b/patterns/IDENT-SamlServiceProvider-ProcessResponse_ac1151fe6a973b135fd4a460.yml @@ -0,0 +1,13 @@ +schemaVersion: "1.0" +pattern: + id: "ac1151fe6a973b135fd4a460" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep" + name: "IDENT-SamlServiceProvider-ProcessResponse" + label: "IDENT" + properties: + authStatesFile: "res://ac1151fe6a973b135fd4a460#authStatesFile" + parameters: "var://op-samlserviceprovider-parameters" + onSuccess: + - "pattern://5f2cdff72cb899bff468ad90" + onFailure: + - "pattern://ea2c110e0adfa95722c2cc99" diff --git a/patterns/IDENT-Succeeded_5f2cdff72cb899bff468ad90.yml b/patterns/IDENT-Succeeded_5f2cdff72cb899bff468ad90.yml new file mode 100644 index 0000000..802c58c --- /dev/null +++ b/patterns/IDENT-Succeeded_5f2cdff72cb899bff468ad90.yml @@ -0,0 +1,10 @@ +schemaVersion: "1.0" +pattern: + id: "5f2cdff72cb899bff468ad90" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.UserInformation" + name: "IDENT-Succeeded" + label: "IDENT" + properties: + messageType: "info" + label: "not-used" + buttonType: "none" diff --git a/patterns/IDENT_Signer_KeyObject_6589067d403de8c65bcdcb16.yml b/patterns/IDENT_Signer_KeyObject_6589067d403de8c65bcdcb16.yml new file mode 100644 index 0000000..b4719e9 --- /dev/null +++ b/patterns/IDENT_Signer_KeyObject_6589067d403de8c65bcdcb16.yml @@ -0,0 +1,12 @@ +schemaVersion: "1.0" +pattern: + id: "6589067d403de8c65bcdcb16" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.KeyObject" + name: "IDENT_Signer_KeyObject" + label: "IDENT" + properties: + keyObjectId: "AGOV_IDENT_SIGNER" + keyStoreName: "AGOV_IDENT_KS" + type: "keystore" + keyStore: + - "pattern://f739deb8632efc4ff0c2a21d" diff --git a/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml b/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml index 63a9967..0174f52 100644 --- a/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml +++ b/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml @@ -3,6 +3,7 @@ pattern: id: "6df66943ca713eed2a25d935" className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm" name: "OP-ONBRDNG-AuthenticationRealm" + label: "OP-ONBRDNG" properties: authenticate: - "pattern://2787b678d9cce5310a335419" diff --git a/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml b/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml index 3043b28..e2d4ac7 100644 --- a/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml +++ b/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml @@ -3,6 +3,7 @@ pattern: id: "9415bf61610843e0f5c77e39" className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.AuthenticationFlow" name: "OP-ONBRDNG-Entry-Point" + label: "OP-ONBRDNG" properties: host: - "pattern://39ecde9a0d101628fed3e3be" diff --git a/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml b/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml index fd0a821..742fdfe 100644 --- a/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml +++ b/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml @@ -3,6 +3,7 @@ pattern: id: "f02bc0de60aad829670e4c5b" className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.RequestValidationSettings" name: "OP-ONBRDNG-ModSecuritySettings" + label: "OP-ONBRDNG" properties: scope: "all" logOnlyMode: "var://op-admin-mod-security-op-onboarding-log-only-mode" diff --git a/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml b/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml index 3e3253a..eeccc6b 100644 --- a/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml +++ b/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml @@ -3,6 +3,7 @@ pattern: id: "fd3912c7af7a88b6342a4c78" className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep" name: "OP-ONBRDNG-PostProcessing" + label: "OP-ONBRDNG" properties: authStatesFile: "res://fd3912c7af7a88b6342a4c78#authStatesFile" onSuccess: diff --git a/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml b/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml index 2b4ec0a..cf33a6d 100644 --- a/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml +++ b/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml @@ -3,6 +3,7 @@ pattern: id: "2787b678d9cce5310a335419" className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep" name: "OP-ONBRDNG-PreProcessing" + label: "OP-ONBRDNG" properties: authStatesFile: "res://2787b678d9cce5310a335419#authStatesFile" nextSteps: diff --git a/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml b/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml index a5a1d9d..cd7fc05 100644 --- a/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml +++ b/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml @@ -3,6 +3,7 @@ pattern: id: "d56823f55065139ba437dc5c" className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep" name: "OP-ONBRDNG-SamlServiceProvider-AuthnRequest" + label: "OP-ONBRDNG" properties: authStatesFile: "res://d56823f55065139ba437dc5c#authStatesFile" parameters: "var://op-samlserviceprovider-parameters" diff --git a/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml b/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml index f0f0b87..f35eeee 100644 --- a/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml +++ b/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml @@ -3,6 +3,7 @@ pattern: id: "9be76d365909bb2ec294569c" className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep" name: "OP-ONBRDNG-SamlServiceProvider-ProcessResponse" + label: "OP-ONBRDNG" properties: authStatesFile: "res://9be76d365909bb2ec294569c#authStatesFile" parameters: "var://op-samlserviceprovider-parameters" diff --git a/patterns/Virtual_Host_AgovIdent_816a1456192f974b57418ca9.yml b/patterns/Virtual_Host_AgovIdent_816a1456192f974b57418ca9.yml new file mode 100644 index 0000000..db694cb --- /dev/null +++ b/patterns/Virtual_Host_AgovIdent_816a1456192f974b57418ca9.yml @@ -0,0 +1,17 @@ +schemaVersion: "1.0" +pattern: + id: "816a1456192f974b57418ca9" + className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HostContext" + name: "Virtual_Host_AgovIdent" + label: "IDENT" + properties: + proxy: + - "pattern://bd83dfbd467e8211ffe71d28" + addresses: "var://virtual_host_agovident-frontend-addresses" + defaultEntry: "/process" + resources: "res://816a1456192f974b57418ca9#resources" + securityHeaders: "custom" + trailingSlashRedirect: "disabled" + addons: + - "pattern://58ece0328f5bf4d78e1a82d2" + - "pattern://36886a1934993d1f69690e1d" diff --git a/patterns/_GreenMail-OP-Headers_4c0d206244a4e16e9aa49f5c.yml b/patterns/_GreenMail-OP-Headers_a6db9f243e2ecabfba832868.yml similarity index 87% rename from patterns/_GreenMail-OP-Headers_4c0d206244a4e16e9aa49f5c.yml rename to patterns/_GreenMail-OP-Headers_a6db9f243e2ecabfba832868.yml index 4048d52..a84cd7e 100644 --- a/patterns/_GreenMail-OP-Headers_4c0d206244a4e16e9aa49f5c.yml +++ b/patterns/_GreenMail-OP-Headers_a6db9f243e2ecabfba832868.yml @@ -1,6 +1,6 @@ schemaVersion: "1.0" pattern: - id: "4c0d206244a4e16e9aa49f5c" + id: "a6db9f243e2ecabfba832868" className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HeaderCustomization" name: " GreenMail-OP-Headers" properties: diff --git a/patterns/ac1151fe6a973b135fd4a460_authStatesFile/Ident_SamlResponseProcessing.xml b/patterns/ac1151fe6a973b135fd4a460_authStatesFile/Ident_SamlResponseProcessing.xml new file mode 100644 index 0000000..bf6d49d --- /dev/null +++ b/patterns/ac1151fe6a973b135fd4a460_authStatesFile/Ident_SamlResponseProcessing.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/patterns/dce20cc904f88df4b77f93d9_authStatesFile/Ident_SamlServiceProvider.xml b/patterns/dce20cc904f88df4b77f93d9_authStatesFile/Ident_SamlServiceProvider.xml new file mode 100644 index 0000000..9b2afa2 --- /dev/null +++ b/patterns/dce20cc904f88df4b77f93d9_authStatesFile/Ident_SamlServiceProvider.xml @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + + + + + + + + diff --git a/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml b/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml index f83c879..89bf75c 100644 --- a/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml +++ b/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml @@ -6,4 +6,3 @@ pattern: properties: keystore: - "pattern://02cc34b35d83a306f48abe47" - truststoreFile: "var://nevisidm-signer-truststore-trusted-certificates" diff --git a/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml b/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml index ea6e54a..c543971 100644 --- a/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml +++ b/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml @@ -6,6 +6,8 @@ pattern: deploymentHosts: "proxy-sp" label: "Operations" properties: + logging: + - "pattern://92be6cb7c75ce097f0219577" defaultHostContext: - "pattern://39ecde9a0d101628fed3e3be" addons: diff --git a/patterns/operations_nevisProxy_Log_Settings_92be6cb7c75ce097f0219577.yml b/patterns/operations_nevisProxy_Log_Settings_92be6cb7c75ce097f0219577.yml new file mode 100644 index 0000000..5746266 --- /dev/null +++ b/patterns/operations_nevisProxy_Log_Settings_92be6cb7c75ce097f0219577.yml @@ -0,0 +1,10 @@ +schemaVersion: "1.0" +pattern: + id: "92be6cb7c75ce097f0219577" + className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.CustomProxyLogFile" + name: "operations nevisProxy Log Settings" + properties: + logLevel: "NOTICE" + logLevelParameters: + - NavajoRequ: "DEBUG" + - NavajoStar: "DEBUG" diff --git a/variables.yml b/variables.yml index 256473a..9744750 100644 --- a/variables.yml +++ b/variables.yml @@ -18,6 +18,21 @@ variables: - "disabled" value: "disabled" requireOverloading: true + agov_ident_signer_keystore: + className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty" + parameters: + minRequired: 0 + secretPreserving: true + value: null + requireOverloading: true + agov_ident_signer_passphrase: + className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty" + parameters: + minRequired: 0 + maxAllowed: 1 + secret: true + value: "sample password" + requireOverloading: true agov_operations_pem_signer-key-store-content: className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty" parameters: @@ -126,6 +141,18 @@ variables: value: - X-Frame-Options: "DENY" requireOverloading: true + greenmail-response-rewriting: + className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty" + parameters: + minRequired: 0 + maxAllowed: 1 + options: + - "off" + - "header" + - "complete" + - "custom" + value: "header" + requireOverloading: true idm-admin-settings: className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty" parameters: @@ -677,7 +704,8 @@ variables: syntax: "YAML" value: "op.atb.ssoUrl: https://trustbroker.agov-d.azure.adnovum.net/adfs/ls\n\ op.onboarding.issuer: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING\n\ - op.onboarding.consumerURL: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING" + op.onboarding.consumerURL: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING\n\ + op.ident.consumerURL: https://ident.agov-d.azure.adnovum.net/process" requireOverloading: true operations-admin-signer-pem-key-store-private-key-passphrase: className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty" @@ -885,6 +913,17 @@ variables: \ accounts (100d no activity)\"/>\n \n" requireOverloading: true + virtual_host_agovident-frontend-addresses: + className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty" + parameters: + minRequired: 1 + schemeInputMode: "REQUIRED" + allowedSchemes: "http,https" + hostNameInputMode: "REQUIRED" + portInputMode: "OPTIONAL" + pathInputMode: "OPTIONAL" + value: "https://ident.agov-w.azure.adnovum.net/" + requireOverloading: true virtual_host_idmadmin-frontend-addresses: className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty" parameters: