From 10339c67abbd6d9c0fd424f36559463cd356f4c7 Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 30 Jul 2024 13:32:36 +0000 Subject: [PATCH] new configuration version --- ...evisauth-sts-4bad2fe3ccc54716cc87138f.yaml | 17 +- .../var/opt/nevisauth/default/conf/env.conf | 4 +- .../nevisauth/default/conf/otel.properties | 8 +- ...8s-nevisauth-7022472ae407577ae604bbb8.yaml | 17 +- .../var/opt/keys/own/idp-pem-signer/cert.pem | 35 ++-- .../var/opt/keys/own/idp-pem-signer/key.pem | 68 +++---- .../opt/keys/own/idp-pem-signer/keystore.jks | Bin 2636 -> 2268 bytes .../opt/keys/own/idp-pem-signer/keystore.p12 | Bin 3122 -> 2754 bytes .../opt/keys/own/idp-pem-signer/keystore.pem | 103 +++++----- .../default/conf/LitDict_it.properties | 8 +- .../default/conf/ensureAccountState.groovy | 182 ++++++++---------- .../var/opt/nevisauth/default/conf/env.conf | 4 +- .../nevisauth/default/conf/otel.properties | 8 +- ...uaf-instance-ca92034f995b39fde562293c.yaml | 17 +- .../var/opt/nevisfido/default/conf/env.conf | 4 +- .../default/conf/metadata/metadata.json | 49 ++++- .../nevisfido/default/conf/otel.properties | 8 +- ...s-nevisfido2-087f275433f3973a1421318f.yaml | 17 +- .../var/opt/nevisfido/default/conf/env.conf | 2 +- .../nevisfido/default/conf/otel.properties | 8 +- ...k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml | 13 +- .../var/opt/nevisidm/default/conf/env.conf | 9 +- .../default/conf/nevisidm-prod.properties | 2 + .../opt/nevisidm/default/conf/otel.properties | 8 +- ...nevislogrend-097929211988398a87bcbb0c.yaml | 16 +- .../opt/nevislogrend/default/conf/env.conf | 4 +- .../nevislogrend/default/conf/otel.properties | 8 +- .../resources/conf/text_it.properties | 8 +- .../resources/conf/text_it.properties | 8 +- .../resources/conf/text_it.properties | 8 +- .../resources/conf/text_it.properties | 8 +- ...visproxy-idp-0ceb05c56644a59d648c13b9.yaml | 17 +- .../opt/nevisproxy/default/conf/navajo.xml | 2 +- .../WEB-INF/web.xml | 8 +- 34 files changed, 366 insertions(+), 312 deletions(-) diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml index 3e7a98a..6f05430 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisAuth" replicas: 1 - version: "7.2402.1" + version: "8.2405.1" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -27,20 +27,25 @@ spec: livenessProbe: soap: tcpSocket: true - initialDelaySeconds: 40 - periodSeconds: 20 + periodSeconds: 5 timeoutSeconds: 4 readinessProbe: management: httpGet: path: "/nevisauth/liveness" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 + startupProbe: + management: + httpGet: + path: "/nevisauth/liveness" + periodSeconds: 5 + timeoutSeconds: 6 + failureThreshold: 50 podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" + tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf index c7a71a4..5cd92a4 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf @@ -1,8 +1,8 @@ RTENV_SECURITY_CHECK=no_shell JAVA_OPTS=( - "-Dfile.encoding=UTF-8" "-XX:+UseContainerSupport" + "-Dfile.encoding=UTF-8" "-XX:MaxRAMPercentage=80.0" "-Djava.net.preferIPv4Stack=true" "-Djava.net.connectionTimeout=10000" @@ -12,7 +12,7 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}" ) diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties index 67787db..5ba3ee1 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties @@ -1,4 +1,4 @@ -otel.service.name=auth-sts -otel.traces.exporter=none -otel.metrics.exporter=none -otel.logs.exporter=none +otel.service.name = auth-sts +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml index 6af89b6..f69fb9f 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisAuth" replicas: 1 - version: "7.2402.1" + version: "8.2405.1" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -27,20 +27,25 @@ spec: livenessProbe: soap: tcpSocket: true - initialDelaySeconds: 40 - periodSeconds: 20 + periodSeconds: 5 timeoutSeconds: 4 readinessProbe: management: httpGet: path: "/nevisauth/liveness" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 + startupProbe: + management: + httpGet: + path: "/nevisauth/liveness" + periodSeconds: 5 + timeoutSeconds: 6 + failureThreshold: 50 podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" + tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem index 2970f68..fc03136 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem @@ -1,17 +1,22 @@ -----BEGIN CERTIFICATE----- -MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln -bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE -AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A -MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo -FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A -G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK -4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho -TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa -7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI -D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v -aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J -nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF -BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo -MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu -OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H +MIIDlDCCAnwCCQC4xKJxfbSLBzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC +Y2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmph +a29iLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5m +b0BqYWtvYi5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQwHhcNMjMwMzIxMTUyMjI0 +WhcNMjgwMzE5MTUyMjI0WjCBizELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB2Fkbm92 +dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmpha29iLmFnb3YtZC5henVyZS5h +ZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5mb0BqYWtvYi5hZ292LWQuYXp1 +cmUuYWRub3Z1bS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB +8LPO6Nack2z1whTratLxRD9KraO8QGrVTEa0p+23EKJH4WYE0QGzXbX4oFl2maXE +QDeCBofTnrl8sL3yVxBy56qO8T3VxYtt9akjty6PujO48bgJr2VGjGgtPYPUeOEk +lzCS616732Bnxc2iqo267G/tGooRIOOqefSyhEGmbI3KGv/zYZn/qxQo/A+5f+6y +zEoKdmnBF6vnowvffKfdFKI8udd5eKmfyrc5iNYHXoVP/HmqKbkyrBw1U0ysihRJ +3vyJVDtirQ5chLn0jOZ4UZ5SBck9+784yrVqpNbsWAe3NU+Vfx4wCk/rPWRDa1E2 +fk+gEVvEMUFt4UvU25BdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIxToc9muu9z +d4yycZCgZbDtzrq2Un+m/m3TrBNzLV7UBbGt7HW9/kxvdFJTKgNEj+ZD1cY6O6D7 +vrWV0Xb1XPgkaAfypc4Y7IOUTFDR/ib4siP9gPkHvr5WSIip3mFgX9yIV910N/hh +ImE9/Jtf/q9MopBu8J6zRmL/J8mVewVdcU3xqz27OVMMSht0Du8FcpIrNQwqc1LN +tCgdj+pw5vl7NH546WlyYNpLEkAeBpJ3XCBDDwcQftC+/cQ7GKJGtOJ4ODdxWMyX +ThsHJ7MCTiN+MoW5CeioGSmngezh4Gs5SpGAGVvwNvXW2jiGdRDdHmyxDPjCQvYA +wwZrmgtpYE0= -----END CERTIFICATE----- \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem index 199759d..b1f8ff8 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem @@ -1,42 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX -fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG -+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k -Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm -Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N -SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq -fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ -/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL -+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk -SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v -RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca -m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G -agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM -C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt -G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL -MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU -hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU -bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw -82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV -iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv -hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG -IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7 -9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t -VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA -OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy -wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q -2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f -Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ -Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo -F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP -8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv -yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb -cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy -cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm -w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4 -ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz -T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg -5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi -lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF -zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ== +MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUKIdhme1LQ2vMonbp +aes9/gRupIYCAggAMB0GCWCGSAFlAwQBKgQQeuo/hWDbfC4vCB3F5pfeKgSCBNAR +HeV95Ar67bUkkWrHUC0jCRvnMjh9wyC6w1pFP2nW+++Qkl93v+gIjr4b9Rw9RBTd +QsOVkaB7vvQ5qjvWya9HJ2aHZ6KwMb2GJdY0ouH16ga/YRZFKQ0aCfO9spezUJ7t +2KesD78IxFbey5mRYXmvTW6+BeUt+d4TQbgR0/PdqC9WOg7H3iBvs61MQgro2Itc +sxQ9SBHa358oyUkGuIz2XKo/enikX49LOjpwB5EdFKky+YhtvGx9NHQIzs8RZqfd +Lpe6VsWXTTSSiXD8r7WEsCnfThpneOE1Pz58woeT3QHt6WscPsUGPx/coQNKzx+R +0d+gt73kwqFbIbI9DkUoaruv6qsLcZ2yC36YNie7ggaqCC6dhan2tx3U+vRTn6I8 +dOCAuP7bx/iQDfHXsUC5Tatu91OkEbGA4Oz3WXpSyhmMXsSrRP7Rjivb0e7rLlde +Q3TWYpa5KWqVeFpZhUFyrwJrtmMwzdu2tLfZDFKEriA/UbB3djHWM/O4/LvFqvpV +VQfKtrD8OcnElGt5nJoFOGO8cXWD4opaZ5nGboLpuLuOtZN59EnZwtI1lyALdrB4 +MDENw0tVx7LBo13jvAtgx7vXgSPzNpJvp+A+0V2yeT+cHWeX1T1H79QcNE0vGkr/ +aURDUTAEIYO2TOp+14Ag1Y9T8j+z0m6lxqwO33Hf07wqzeVHaNBh3Ckv4+xUNl+U +MDx/ZSmdPe07mvVrleb83XYvkC8rytS43mKxke912l+++GPWHLDl6wz1LwAQbI2b +5S/iPJI08O3y9cylRMOSBGXnIh8Ml748zEJVeac+B32cqt3nQ16WwCxfF6UjEeEE +aMKhPsdgB0pRRGFL8otK2bheqlJrtFk0FfFJ4B1gbO0oHPCygWvV5Cnz8UcNOMIS +u5rIjD4wz8Gcclk3c5fvfKb9xhcpop3sAJy/srteKRDJrJNlHwleCDgkVE5PkuDP +z0B6OyTsprupTVx3eLbiA1yRT8HzaaGo6xfc7dKwWZW7J+jmbKVsbjcxSo/ChsMg +ZP+cWGh2SLQ04mNkWetOYHMODlSAfrYYRIPkMUyLJCDPgynLeOa0u8xWxpQsmt8x +6bVhtJhf4NxyZpKYgNfdkYoerqyBOhbUlcfud1qdqRCfp6gq4rBhBktGbGkgaNk0 +bGLu+/uWm3pDPSWRWnhC8gXvEwMtr3kMzAe5f0yQ6L/nsBPGs+A8rGTGDg0wfoxW +Pn+AX9ywY1DWHBCK02QooIJKfvVnwr8qnhHVrqOOJlP5GMIXpx5eYkSrUtDxGwR8 +JOgUMAJ9GVwvxqi3g8MFPrb76b6ZheofBU5MI8rzGsXN1qWf7Ml0UQc2PcShvyNX +BW0xuX5dK1UZRKJcDGIWdeFjrnAhXayJCQse0wsXSRt9WUxSNUb/MxhO7BIWrEQf +Famdx2jz/RlnXinUizdlRL+ws8KknA90JdSlT+j+pvsyTHuzJ+Xzex8R+1AmlT2O +4ZVzzx2JLOcFu5j08t5U5CKbfitsINakPVATekJdov1bCo803dUExfT2OsTxrqR9 +mx6GJTWYE32tg/v4PASu1986ojVNLi2WjrX8NJzkqlUE+4xIeVWN0HE1SflJsL6x +YXTHWodpQ9VTd0OliSFvzOjFtV768c1+ySV6QngCOQ== -----END ENCRYPTED PRIVATE KEY----- diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks index 940bfe4e6b4a1f7531fec07b3be5b724be31cdf2..c6353e22a74b4d6a5e21846cbe22312083ddcc38 100644 GIT binary patch literal 2268 zcmd5-S5Om(7EK5Q6B0m*N=HFMjY;Sw8bB!lK|oOHfk5a;4}uATXoMi*E+9pE2aydR z#g!%zK|mBK4}u^Tia}|SC~a|P=goe-@Aq+M?m07O?wvDt&fQ(!T?POEJo^RwyFdZn zG5dWw=~@GhY8Lp&$gm7fTah3Tnu@kW+f zsn4AOnFr?ZxQZ9%c{x_s%3k-^`WZcSEhBjJl3wQJ$V|>AVXR{EGV0<<5uhOem;zCg zkcMmI+n5!!L>$Vftr|N3mCAWzJ*^02OI0COp#_hLz0H~a;oZ0FPp+Nnj-n3}Der4k zl=}cKrK{zJJE*sL^w_1{Sew2vXVz+Q&nfWf)DOocM}KGW@yQzH34pMwjM;xGGIsKI zC)v`Unsd#3hNiNih>5|(^6R-T4NB%T!;CuJE-qXMWauxZXAYWlT2(hQ30U7@xPm;6 zdFo1L(ou-EXR4VSsfE=+T@j(#bd=wcmqH|a+ecn)hi@e7WhFA9l5e9 zDi4f%hkMZO@HQvIK9`gbV5 zEyS8 z;1YSPr9q_w$t+6rog8}6;v=nhdmb+r+ZQ^25}*CV^Uw3wu5$g%I0ZS-oknZqCD^1L1o}Cml*by;!jgAni7u<8+wuV)Cb}^kio82$XR^iOc8W!*cof!D{ zkj3%62k|~CJnV8J?Q-5J9a50lX}R|%sdrp`+6NfatuF#O zw_$WphpV$_vA5iJ>a0Rvj6J?&rp9q}Nm9_X|Gc*=G5hA}1`*Efbv31;&0v|lq@_-%8>PFVraDyMkr${hL*wX&`@iSz?n2`O>dq4>8+pkAO^Wv%Q1OCVZko0*Jf%D z&3##7s(!*sOW)y_f{YDJlphdMt!}q0O-M;vmI!FE!`V3L)EJXLZ&YNzyRy{tHKOoU z`NES<$Gy(J*?D(JE!Jn(^1j$iOPi^)v>cJRRQ5f z4E0L<&(+L#(K1RD%fSMh@pA2qPW_>=@A1cb*Oe1vWqs3CFVDLAxl;Emq=W7<6HD82 z>`cEZP==cr8u@%?N)Hre>>C8l>BXKnavNxM=<6^a7 zUi4<11{=0S)T3KI=F6mb&TSR3AIF=Ijmo>pu<4HUEm7n*g78c36J5owi!@f4EV+S2 z5NfyWwh#-O&3i;@7|XH}(3ywZa_>){Wzb;Hs2Ak%LQHX-@$-SR+EUY3)NEEvA~F{j z`C6vT%UBO2l${o_O$7D9zUwE*68!aI4d`Qxk%hfse?1j1ADVy{NLnO!+`&uX@WaLW zs2Rb!B9*#=W~iakmypD~IYo83E|IKLN+Yo{mY(9!YmF)VC^#6Ra?||gCL9P9*bmI>DQE!{1PpTE1&i`{`J#pQ<8vQC zVf+MQa7a{S5E_mW_{9jocnPGCC^Q0f{1*hlWc>*NA)d%zq&g8vxEdMejr>Q04EByd zV^FC7j)DLWDfk8Zgy8%VG1bbgm|AHqd#l=HF^hNG zw=WoYJ`{Ah(YitZOt#IpF~<=d&dt~?+h0Qhf*_785~As~QmU-ZhS?OS*>oe_Gs(7S$lsO_;GwR|^dq*gRs z-R&*k9}n4)Pj{_CBJAu{KxfiEn~Xl!Hz?d{Z_0Qb#c|;(`tq-p4IN=8{%&>t_3jBS zLt!WW2Y-9JqdBeW9l^t$MY}j1p~EE{BVf04-FF{Z72geB$!{?A+(Yzb#PYd@o?ETK zKGCy>;iV!3zww3LQ`Lg0gxd`^D#@fRUHSYYR+B zSwqN2g!weKiD6uI?z!jwxj&wB-sfG;`{RAid0q~K!vFvPpaTH^0POD_eGsS5PzwV9 z0B%DRky{VN%LP~F0z!aFAbuba3V;x~6*r|UrHRnR`#SA=^bLFKj)4Jr+j&9p@-{h) zzV7GVvxn20>3yyzMhu6K8l=NBG_eDzBAYmJ|!mbc~WJ{}|IT1GTc>!&VyFRt!7L6QW8>uVjv?)e!hz zm}BM`M&ws))|kc}Oxj6X(eHB^FJ|*{g0_0QzqjiS84eXj3n`eC@%e@c`HgDeF&2-m zP4G}oHi{LOJgPKynaz}5L(mw5iE05ketnT%z5gm-V%+L`-7=5(vK8J|26#ZLbG9bvYP8DF8*f!~tMD47zXc_MN~cXOTSV*nUo-;r@?S@~VhAcnsi z+-O&4v%DJQlbRPhkM+@7OpATEh*P}Dr|x#Q5&UT^xvsUZ!`9H~B1X*#ExnO8a#Hb9 zsL{A$_XYQmMVkv9Xx?jPgf++n+)>2X5szDk)dFcVNSIX48~x&+##Kn(g&VY;M*mwB zXRmdK6i{)_F}h0lma|q%Rl$N+&DC!p$QP=abx$SyIk+>7Um>RIn#<#<@u^s*knG#l zh92Fn=?stzM;@lEDNd=Ls$b5m9)hyvkP@y$sW^2bAhja=na5stxv#Fn zxJnE?fmSX9V7rkGeZ86)yg{aK3))Fd%Y!DSnEp~JwErT7N6+Jl4BM`OWgnAuQW%r& z({{CNq9;<}o7v=B>|*{J;(S_^l>l5W6oqGEFIH61 zCOo56v|!rGF`x2lL8jb*yn}HLU-H)j>g!B&WfCMho^uSWEU-f2JCmQTvWD1C1#!RF zMTp>G_Rz$!JK*CT=T0#AL*zd+L=!6G%5Ubsd17(X{bgT|q$Boc`Bxvm9_oO3g}8LbI}x&Jy~%d0L8+Pabc z;Mlpa!zh7K6&W(~e!Oa@}tv8y;{5KO|KlFIAb$VVZ*2bK=-ygcO_fT58NP^ z*q?5-nZ;i>Zi!gR@@=GKU`DE@G&zkDVr6`{cgn<$ zKiS~K5%DkB*_EIOR*Z%~x^lC1R1NC8rSjF1Gri9RhL7!fvt2Sc``#&GdWeVgca&+q za#bOW#B~aGdH>lp!L#Rb(I~K!GVR6YjHw*u&Ko7aXH_cg+$teamf)k(W0FuP&gSXu z=XFfsNYMZ#(~VSLuE#}3>o&c3C)t{N)}+v%D^TMX1 zRpf^wsOYx6g@-l`KjaGF#}~#5D(W#4n?DH1rIj+uj_>D7xm$%I+gfsqK4m8C+G!ns zT}>P77TB=VF)m1h#>A$$TH=3wj2P9FhvZsi|HGYXMO5F~5;FYoL$=uylHBCuFxL;H zU11IwJG;3`cKhw&xj&dz2zw9Jdno}$lNlBH zu5qhoI1}|Mr)w-zj&Hlj%h7tceW&@g(!!&k)#4j_T-4TRaJ;v!*pCKr64aq_&a?y) z(QSjQP9~>Cx2|IUP7U?J%4`b88Z*b%ezVvwB~rNS3(3v%-Rn)iqs`N%x_>k_>Q^nGq_dY>QJ zW*?TtKP~TA86%#rGg9hRZI@`xtx_5R-KT?3D`o~qFj;d!+ItM;WM-f5o2kcnXYl-Qq1gdpDQ`k%oN)o_n6Rgb@dBUEv|C?c>F#lr&`UVAssMJ`*-ie$`gZoXZqVxNCSk@@pfl%`@O-CijM!*j`G5-m}-O z1vdbqvmWQEmW18sc^)CEUE`g43%1m1gMVJlG>67?w@psX#QFP}SBTwLd|l^*bvh6K zhHdd_*AYXG46~9tm032rtEI1-_3)w(RS(;B+%8cXmjK)o^X;i zFC3gTw1A<%(i+@tTr{nYFa0+>TbDtqHJ;zGjOBH#rg zd@{x@X0KMrvR}WJkxvnImcuQ){c(#PzW9eFSP^XCiR;C}q1tGJc;=Tq5EuvmKE|LfqYfY3 zQTzzxKoH;xl=yEV3;C^!LkB+?6v_<-{x<@lPW&$OLy#yT;{Un(|L6;R5r8rUNdX>I z&G+0RgB=8|MHN`Z>)ehf4Y%WpVi(ytj;h*fk+6f7_~efnYp_>2^R8iIqLFX;3Q&r5 lNoTr{XJyBj3c;#LaS>}p`D^cMzUZ8~tM9_Mt-_bj_iuqs%Ul2e diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 index f2ffa49c4f74c3a892f3b865b113acecb8d6a5ff..f2d6f082bbf57e9e01cfb2314781ab448295ae01 100644 GIT binary patch delta 2623 zcmV-F3c&TU7{V1+FoFuc0s#Xsf(mE`2`Yw2hW8Bt2LYgh3Rwh#3RN(I3Q;hE1*irI zDuzgg_YDCD0ic2fnFN9bl`w(@kuZVGArUtevM{6s8-Vn7b zc;UUh6jPQ8r)*9$tJ|a z@N*m5xV32ZyZ|U8o59ZNy(mFc=OvlffU`^|^KiDPnI}&Sk}ZHJ^(P0rvIHb-#xHV<3Sc@l7|V%NbrkU z^r6hR@Lh^I+=#m^-Tk;^stKZZ3L1$#^7|#dq1N@m)|3~;p=5^y$u9BD3oza8T`7hn zQ&k%V4Q5JWA)*Ok7uL|A`+T)SR~G-L&#`Bq=V7x=XuRe@>S>}S*!#49^4cxT($%aq zxEAvY&cv3;5IbI_*qJU?YVdc%F4NaV@~z$k#ajFF4-QyOqdTHq>Gz*<D7=3%HAhWlcRS)~%FZ=50A8fyG5M7B^Esp5z8z#fp;B zXrxLNI52km9=%MY8&Ws|$~rO?$UbyJ<|jgQ7jKbE9}RuU%CV_s$;r_t=ROm;D+W=YnR}MRD=#z7&TwAA;ZP=E zp&cE71eEC!tCyQ#8hvekyqH(0y+3H^F*b46ou3f}bE1xR`7ZZ~9&p(m0j?ftaR`AN zaRn|H@)293J=Ac2@;z@Q0+6*KO|XP26_uA5?ay<~GeEq2#MryobES6R)C?6(aQps2 z(eDPDM~}L_%3Z|b-xZsbL;~bFa(9fCrD#epbJpBfXIu{MM-*Qfo6G@R8Zq$2ZbjX* z(4TPNW=LK!s4!)*-%Annf#Dk_B?oqTmGz-PL0R*N&H~6PJ|Ck z+k^0EVtCD)h5O*cs=ny;7oz{_E=kaf{pJDYSqturKTg5LU-7YdY9DwHmf(WP+Xcdk zc_-4%rSJACml`R)rg@tkmY9yZ)Pj4_yWaEmsa*k$oa(4pLAy5`0B@WWbUX9-(PEX2 z2Vf11{cq8KHvVR92{i*@c^&2Q#x@35pH%C2DePqE%y=qWd057GeusoO+oHRhGDC@G zw?Xm?a*sxuzeb2b*v!_z>`IdKi+N~d$j=CoQ1y>g|+Sf;8zBTOf5I34tn&UucN*d;md{~of2qb?Nl0Tw?-sBRXLAC4Ovc(>Nf&>tMurbjr zkWj2|^MeXt+9KDH{kyw3eRHb)o7tG>p5u*MopX}0%xC(E(l zi6#DkQN;+t!qq(HlYr9zWTVtqp0|(qbQJ#SyeKmFf?C25OSeQViJGo zB>*dii=x-oS6feV1eA;F?JX*j-|IsM7%B@ng?YEA| zfIVUgx%}@~e)qNoK`9qi12H?Y#o8R0-63zT%Wih;&@LB1p952LUn`1pwG_JlYpNl+ z3F8wen6{=~msh2LYPM|!KSMwqT~>c)?iaZ;HhE`=y^~`;I`l@His%-_1$+jnU{kNb z3H{q5t2>bN1{7-umNnq#m7?Gd6w8TEF*6Edu5@@dO7$5)d@jxR*E>_|Avk6wz zZurWT6GGb2pqRz1hhhH@oxySF_Bk9i%wGoILNXrSADs}i;b>q8ZEVaN=s1_k1&OP+NP zb=EOz734aFJ-y{Y=PvNusWME`ivg$KZ$xzo{pw}x$k`QTaTuIkYZbTdd2P`Jp}+S$ zNRiQOf4W?N4o-=P5AxAG5sZI+Mw&lX$Mo1SmoAjAtMD7j@p$N3h*Sb1R9_}dG^=ue zJm1>A9V_8}8?*Rxdj)rU+o+{dN1P&mq2J6trkNPbzRBaV~^B2;e*WvK;Q++ILC?MX^A0W*d_VO@MCU*8MAG8rgqbx<|4Jr6}BkP)@D#c zZ%`aJv|TYXZ`tQhO3r_PaTm?wt?}yPgCvsid7K!>m1B(+kCV##GWr9oz&)wlspS); z8P@M-EX<72+|XDAs2IRfVk={^qYpel3p0T&GUmIAm}Sa;&n0dD@YKPmP=H+r9HQX$ zMl!vDcO8=DA*MjD@Z+_2%PosdcJAiN>j9?&D}vfmTcn7lEYN>lEi)1y8AOoiWHlok zhPqJ)Y7gEk5`S#w#T)i*K#Rv;025k3zVPv^=bUGLZV>uAmb_vtA+W5yP$nQE?OcTT zI>@TF{I7Go$7NSg-F`Fd9b;g{&ErHnc7l~8QfG_y!Umr>H%XL@>0R0Q0@1MIb{DC5 z$SDHGT{O86-^Y9P=q}#~Pyqhrg>aD$zfSWC?Ns@ClLAT^R55@ delta 2977 zcmV;S3tsfX6|xvsFoFy&0s#Xsf(zIN2`Yw2hW8Bt2LYgh3&{k63&k*k3&Ajg2j~U~ zDuzgg_YDCD0ic2h*#v?I)i8nw(J+Ds%?1l9hDe6@4FL=a0Ro_c2Y@hw2Yi$F1t1jr zPV_N^WkDhj3QZEH6fQfqf*CK9D+VNg(jNGg(qO%U7B&^*-k#pA1cC<;e@e*}Ojvlg z9JgsoP;+gA!YUp+Le}%FO^Dv}ARW65y~TtU24wU+n5CCft`oblV7mPI?8@vt9xnNU z;C4lE5WC{Kl&pU@`t@2AN#0*;NnNRgH>mbu7HdA0>D*&@fn{scI96q=YBgL;t(~z_`1|5dD3NXe+gFL;%6sq z^cat~nT&4MAiitC%q@P{F2bP20$qOnbvV6!G=#vSaGH~3p*-h8Bruqn3Pxs%{v&>-$%ND~aC9CV7jl2h3=ngfm^T%qQn6PgX)1o929 zR|t`}uQCl1<;8dq+3eeY80Hd{=eHN`hFC0*^ZA~Tnk7%VHKd;;d@&oufDwfI0ozgU z-)Z@b7KJ?OxXVBrHfUsB z1az~Hb_LR8AXl`|VHUy3j8@_{Ul=!xmJAiUyi+8HEfyq&V{9pZfawtxKKRqyQM@en zNasisaW>a5khI89i&Arqtp75FMN-e^L67q`-H1F9txgJ}qqH74gz1vik z9)`zrXVX^3v88fbL6T?;8^D*@w2x`+)mZY8>aNdzbak$O^qCSVpWHT@R|W+dJ^=H( zsvVPNFoE_y=mp3ezn>S{idkqEnZ^Twk)98p526TtD`gHsL)E#+u-4t;Dld! zHTRNA1;RU~PY#^;OWmw)sIG7Xa&@MXZ+B$TjHJru-aZ5bgnz+#ufZmdYa|2 zXMWQa{0*<>^lT!n*8H6W z7K8vzpqp_!iEUJ7-ib~{#1A7$hJL4i-*_YRa0!B<%=E8FhD&<4*g>2+=M2MjBwq|; zv07BR|2X{_JqEe{__36@_(hY{l@Ez?NkwT(rOy4z2Q4=YyU&Lj@cg%EHIj<+OR$z) zo)@2g!=?MVNyS#R!FK(G?6rYo?B@xK*owzGjd#K~(8w^1lY)Hx0qM09dkX*4?cp}; zya(Mi-7zjicKq~5nplyN4-ViuI7d+p{B~-{cOR%SGF-;8S0^YxZ32u!2Vfoi^%ih`=pb{J z2%I8>0=Ge3f74FCJD76Gh+BKH|FMVPLVNjo$8Z7A)y~=d7$wpyfK=`j8?YTF|dOm{_R{Fj1Y5@yW;~=fDL<8vCx+Z5{lN+1Y~q0Cz2N#9%(|EGu_tyEeYM+nLrp6`*?gY zSQG1WjvY43V-sZw=~=)#(Qk``5!-4;Lbs^Zv~G6MR|ul+4;I!QKP@Mvb{Bq z29wZ?p-~JM1TCCEKYy=s@}Sa(9IX&I=$U|G9Aq;D+FXR)ZxZcw&aw$p*BLgmWV}N} zJ0v(CZ7FJpsKZs;oX+BPAf6?6{T~?-(uDGTPI`Z0=N-)mN$pEh8HZ!HlL)n%lmwjD zY@NwmSvhR}sQRag7MFVw zee}YqBHSfJDLq@8WgOs(>1A3EJkvkfq&h6NMfF&*-*|o8Crm|0VLwJAqnG8&d%bUV zkyxX2VLV}Pdo}OrdkBFond&~C_fltt<zRF6Rs#cT zv??H@X1ZA8R(}OZ2)N(Gd-?0rkcb(J=L$&+axG{|l}XO95jklS0r zabSHFpod59=mk9brN4xk09c*T?;buAnW zZbP6r&8QMA+sn``CxzOwrjGXJ(s$-Y>VnenT+G3V)ZMp|I&1 zyNZk>5J1$2)8;BQUGQb?Mk8w4jtzJdrz06Rq~&fro;)8bhZSme)KUn%N3V!Kc8smn z9#4ERUVm?tIL=NxevWfYGcz!huhdS&%dKZq&^Et3lm+_r6rc1}9IE*(e|IHB&7+62 zJTYe`_2}v3`spn+-!(gc;eOm}L6=&Dw5OJ?ZMYH1p}p9jG%9;Xc!?`*gSm@Pgg@+!j$bRy>}RWudm@5Jn&SKfE;~d0s node.name() == 'credentials' && node.type.text() == 'CONTEXT_PASSWORD' && node.state.text() == 'ACTIVE' && node.context.text() == 'RECOVERY'} -// 1) create the profile if needed -if (profileExtId == null || profileExtId.isEmpty()) { - - endpoint = "${baseUrl}/users/${userExtId}/profiles" - profileExtId = UUID.randomUUID().toString() - - def postRequest = new HTTPRequestWrapper() - postRequest.addToHeaders('Content-Type', ['application/json']) - - def dto = "{\"extId\":\"${profileExtId}\",\"unitExtId\":\"${unitExtid}\",\"profileState\":\"active\",\"name\":\"Profile-${loginId}\",\"isDefaultProfile\":true,\"modificationComment\":\"Repaired for request ${requestId}\"}" - postRequest.setPayLoad(dto.getBytes('UTF-8')) - - def result = idmRestClient.postWithResponse(endpoint, postRequest) - if (result.getStatusCode() != 201) { - LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing profile (http status code ${result.getStatusCode()})'") - - response.setNote('saml.errorCode', 'Responder') - response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help") - - response.setResult('failed') - return - } else { - LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing profile'") - audited = true - } -} - - -// 2) add level 100 role if needed -if (!Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-Loi.level100')).findAny().isPresent()) { - endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations" - def postRequest = new HTTPRequestWrapper() - postRequest.addToHeaders('Content-Type', ['application/json']) - - def dto = "{\"extId\":\"${UUID.randomUUID().toString()}\",\"roleExtId\":\"${level100RoleExtid}\"}" - postRequest.setPayLoad(dto.getBytes('UTF-8')) - - def result = idmRestClient.postWithResponse(endpoint, postRequest) - if (result.getStatusCode() != 201) { - LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing AGOVaq 100 role (http status code ${result.getStatusCode()})'") - - response.setNote('saml.errorCode', 'Responder') - response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help") - - response.setResult('failed') - return - } else if (!audited) { - LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing AGOVaq 100 role'") - audited = true - } - agovAq100AuthEndpoint = result.getLocation() -} - - -// 3) set the AQ level 100 verification to None -if (!session['ch.adnovum.nevisidm.userDto'].contains("idVerificationNoneAGOV-Loi,level100")) { - - if (agovAq100AuthEndpoint == null) { - endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations" - - def result = idmRestClient.get(endpoint) - def json = new JsonSlurper().parseText(result) - - json['items'].eachWithIndex { az, i -> - if (az.roleExtId == level100RoleExtid) { - agovAq100AuthEndpoint = "${endpoint}/${az.extId}" - } - } - } - - endpoint = "${agovAq100AuthEndpoint}/properties" - - def patchRequest = new HTTPRequestWrapper() - patchRequest.addToHeaders('Content-Type', ['application/json']) - - patchRequest.setPayLoad('{"idVerification":"None"}'.getBytes('UTF-8')) - - def result = idmRestClient.patchWithResponse(endpoint, patchRequest) - - if (result.getStatusCode() != 200) { - LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to patch the AGOVaq 100 role (http status code ${result.getStatusCode()})'") - - } else if (!audited) { - LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='patched AGOVaq 100 role with idVerification'") - audited = true - } -} - - -if (audited) { - response.setResult('reload') -} else { +// 1a) check if user has a credential +if ( recoveryCredential != null ) { + LOG.debug("Account '${user}' has an active recovery code, no need to create new code") response.setResult('done') -} \ No newline at end of file + return +} + +// 1b) check if a recovery is ongoing (nothing to do) +if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) { + LOG.debug("Account '${user}' is in recovery, no need to create new code") + response.setResult('done') + return +} + + +// 2) set cookie for recoveryCode +if (outargs.containsKey('out.JWTToken')) { + def token = outargs.getProperty('out.JWTToken').bytes.encodeBase64().toString() + def agovRecoveryCodeCookie = "agovRecoveryCode=${token }; Domain=${parameters.get('cookie.domain')}; Path=/; SameSite=Strict; Secure; HttpOnly" + response.setHeader('Set-Cookie', agovRecoveryCodeCookie) + outargs.remove('out.JWTToken') +} + +// 3) generate code if not yet done +if (!session['agov.new.recovery.code.generated']) { + inargs.remove('submit') + try { + def postRequest = new HTTPRequestWrapper() + postRequest.addToHeaders('Content-Type', ['application/json']) + + postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8')) + + def result = idmRestClient.postWithResponse(endPoint, postRequest) + if (result.getStatusCode() != 200) { + LOG.debug("Payload: ${new String(postRequest.getPayLoad())}") + LOG.debug("Result: ${result}") + LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})") + response.setResult('failed') + return + } + + def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8')) + + notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3')) + LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}") + + response.setSessionAttribute('agov.new.recovery.code.generated', 'true') + def validTil = "${json['recoveryCode']['validUntil'][2]}.${json['recoveryCode']['validUntil'][1]}.${json['recoveryCode']['validUntil'][0]}" + response.setSessionAttribute('agov.new.recovery.code.validTil', validTil) + response.setSessionAttribute('agov.new.recovery.code.pdfAuthToken', json['authToken']) + + LOG.info("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + } catch(Exception e) { + LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${e.getMessage()})") + LOG.error("Recoverycode processing failed: $e") + response.setResult('failed') + return + } + + response.setResult('encryptCode') + return +} + +if (inargs['submit']) { + def agovRecoveryCodeCookie = "agovRecoveryCode=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly" + response.setHeader('Set-Cookie', agovRecoveryCodeCookie) + response.setResult('done') + return +} + +// show the GUI +response.setStatus(AuthResponse.AUTH_CONTINUE) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf index c77ba59..000317d 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf @@ -1,8 +1,8 @@ RTENV_SECURITY_CHECK=no_shell JAVA_OPTS=( - "-Dfile.encoding=UTF-8" "-XX:+UseContainerSupport" + "-Dfile.encoding=UTF-8" "-XX:MaxRAMPercentage=80.0" "-Djava.net.preferIPv4Stack=true" "-Djava.net.connectionTimeout=10000" @@ -12,7 +12,7 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}" ) diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties index db61b17..87fd6ba 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties @@ -1,4 +1,4 @@ -otel.service.name=auth -otel.traces.exporter=none -otel.metrics.exporter=none -otel.logs.exporter=none +otel.service.name = auth +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml index 0346408..656fc26 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisFIDO" replicas: 1 - version: "7.2402.1" + version: "8.2405.1" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -28,20 +28,25 @@ spec: management: httpGet: path: "/nevisfido/liveness" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 readinessProbe: management: httpGet: path: "/nevisfido/health" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 + startupProbe: + management: + httpGet: + path: "/nevisfido/health" + periodSeconds: 5 + timeoutSeconds: 6 + failureThreshold: 50 podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" + tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf index 6986fb2..573b4f2 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf @@ -2,10 +2,10 @@ RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml" JAVA_OPTS=( "-XX:+UseContainerSupport" - "-XX:MaxRAMPercentage=80.0" "-Dignore.me" + "-XX:MaxRAMPercentage=80.0" "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" ) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json index eedb085..7a83c28 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json @@ -91,6 +91,29 @@ "tcDisplay" : 1, "tcDisplayContentType" : "text/plain" }, + { + "aaid" : "F1D0#0005", + "description" : "Android NEVIS Mobile Authentication Password Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 4 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 9, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 1, + "matcherProtection" : 1, + "publicKeyAlgAndEncoding" : 256, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, { "aaid" : "F1D0#1001", "description" : "iOS NEVIS Mobile Authentication PIN Authenticator", @@ -182,5 +205,27 @@ "publicKeyAlgAndEncoding" : 257, "tcDisplay" : 1, "tcDisplayContentType" : "text/plain" - } -] \ No newline at end of file + }, + { + "aaid" : "F1D0#1005", + "description" : "iOS NEVIS Mobile Authentication Password Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 4 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 2, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 1, + "matcherProtection" : 1, + "publicKeyAlgAndEncoding" : 257, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }] \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties index 3fd0432..b7036e4 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties @@ -1,4 +1,4 @@ -otel.service.name=fido-uaf -otel.traces.exporter=none -otel.metrics.exporter=none -otel.logs.exporter=none +otel.service.name = fido-uaf +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml index 0164e1c..ec459b7 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisFIDO" replicas: 1 - version: "7.2402.1" + version: "8.2405.1" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -28,20 +28,25 @@ spec: management: httpGet: path: "/nevisfido/liveness" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 readinessProbe: management: httpGet: path: "/nevisfido/health" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 + startupProbe: + management: + httpGet: + path: "/nevisfido/health" + periodSeconds: 5 + timeoutSeconds: 6 + failureThreshold: 50 podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" + tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf index 38a74f2..2ec24e8 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf @@ -6,5 +6,5 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" ) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties index 4c09cf3..dad8976 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties @@ -1,4 +1,4 @@ -otel.service.name=fido2 -otel.traces.exporter=none -otel.metrics.exporter=none -otel.logs.exporter=none +otel.service.name = fido2 +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml index 80ee006..3cd5b9e 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisIDM" replicas: 1 - version: "7.2402.2" + version: "8.2405.1" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -28,20 +28,25 @@ spec: management: httpGet: path: "/liveness" - initialDelaySeconds: 40 periodSeconds: 30 timeoutSeconds: 6 readinessProbe: management: httpGet: path: "/health" - initialDelaySeconds: 40 periodSeconds: 30 timeoutSeconds: 6 + startupProbe: + management: + httpGet: + path: "/health" + periodSeconds: 30 + timeoutSeconds: 6 + failureThreshold: 10 podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" + tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf index b4f49aa..13dfb9b 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf @@ -1 +1,8 @@ -JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=80.0 -javaagent:/opt/agent/opentelemetry-javaagent.jar -Dotel.javaagent.logging=application -Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties -Dotel.resource.attributes=service.version=7.2402.2,service.instance.id=$HOSTNAME" \ No newline at end of file +JAVA_OPTS=( + "-XX:+UseContainerSupport" + "-XX:MaxRAMPercentage=80.0" + "-javaagent:/opt/agent/opentelemetry-javaagent.jar" + "-Dotel.javaagent.logging=application" + "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties" + "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" +) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties index 348948d..9efba64 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties @@ -89,6 +89,8 @@ server.host=0.0.0.0 # source: pattern://b8a36646f81c3247cdb5d90b server.tls.enabled=true # source: pattern://b8a36646f81c3247cdb5d90b +server.tls.client-auth=requested +# source: pattern://b8a36646f81c3247cdb5d90b server.tls.keystore=/var/opt/keys/own/idm-default-identity/keystore.p12 # source: pattern://b8a36646f81c3247cdb5d90b server.tls.keystore-passphrase=${exec:/var/opt/keys/own/idm-default-identity/keypass} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties index 73cea86..ae663a6 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties @@ -1,4 +1,4 @@ -otel.service.name=idm -otel.traces.exporter=none -otel.metrics.exporter=none -otel.logs.exporter=none +otel.service.name = idm +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml index e2e8306..c926517 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisLogrend" replicas: 1 - version: "7.2402.0" + version: "8.2405.0" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -28,19 +28,23 @@ spec: management: httpGet: path: "/nevislogrend/liveness" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 readinessProbe: server: tcpSocket: true - initialDelaySeconds: 40 - periodSeconds: 20 + periodSeconds: 5 timeoutSeconds: 4 + startupProbe: + server: + tcpSocket: true + periodSeconds: 5 + timeoutSeconds: 4 + failureThreshold: 50 podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" + tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend" credentials: "git-credentials" podSecurity: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf index bca2aec..1e7049e 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf @@ -4,11 +4,11 @@ RTENV_SECURITY_CHECK=no_shell LOGREND_DEPLOY_TYPE=standalone JAVA_OPTS=( - "-Dfile.encoding=UTF-8" "-XX:+UseContainerSupport" + "-Dfile.encoding=UTF-8" "-XX:MaxRAMPercentage=80.0" "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=7.2402.0,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME" ) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties index 010a13d..38c0aa7 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties @@ -1,4 +1,4 @@ -otel.service.name=logrend -otel.traces.exporter=none -otel.metrics.exporter=none -otel.logs.exporter=none +otel.service.name = logrend +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties index 3535726..8ab2dd7 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties @@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password prompt.newpassword.confirm=Conferma password prompt.password=Password prompt.userid=Nome utente -pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. -pwreset.info.linktext=Password forgotten -pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +pwreset.info.linktext=Password dimenticata +pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo. recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. @@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare. title=NEVIS SSO Portal title.login=Login title.pwchange.label=Cambiare Password -title.pwreset=Password Forgotten +title.pwreset=Password Dimenticata user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties index 3535726..8ab2dd7 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties @@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password prompt.newpassword.confirm=Conferma password prompt.password=Password prompt.userid=Nome utente -pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. -pwreset.info.linktext=Password forgotten -pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +pwreset.info.linktext=Password dimenticata +pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo. recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. @@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare. title=NEVIS SSO Portal title.login=Login title.pwchange.label=Cambiare Password -title.pwreset=Password Forgotten +title.pwreset=Password Dimenticata user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties index 3535726..8ab2dd7 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties @@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password prompt.newpassword.confirm=Conferma password prompt.password=Password prompt.userid=Nome utente -pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. -pwreset.info.linktext=Password forgotten -pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +pwreset.info.linktext=Password dimenticata +pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo. recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. @@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare. title=NEVIS SSO Portal title.login=Login title.pwchange.label=Cambiare Password -title.pwreset=Password Forgotten +title.pwreset=Password Dimenticata user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties index 3535726..8ab2dd7 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties @@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password prompt.newpassword.confirm=Conferma password prompt.password=Password prompt.userid=Nome utente -pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. -pwreset.info.linktext=Password forgotten -pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +pwreset.info.linktext=Password dimenticata +pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo. recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. @@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare. title=NEVIS SSO Portal title.login=Login title.pwchange.label=Cambiare Password -title.pwreset=Password Forgotten +title.pwreset=Password Dimenticata user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml index 0964206..04beca8 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisProxy" replicas: 1 - version: "7.2402.1" + version: "8.2405.0" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -28,20 +28,25 @@ spec: management: httpGet: path: "/liveness" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 readinessProbe: management: httpGet: path: "/readiness" - initialDelaySeconds: 40 - periodSeconds: 30 + periodSeconds: 5 timeoutSeconds: 6 + startupProbe: + management: + httpGet: + path: "/readiness" + periodSeconds: 5 + timeoutSeconds: 6 + failureThreshold: 50 podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" + tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml index 5247c3a..a7cd351 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml @@ -8,7 +8,7 @@ - + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml index 47331e0..f047523 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml @@ -652,8 +652,8 @@ - StateKey - Auth_Realm_Mobile_FIDO_UAF + StoreInterceptedRequest + false @@ -692,8 +692,8 @@ - StateKey - NotUsed_Auth_Realm + StoreInterceptedRequest + false