nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
admin 2024-07-30 13:32:36 +00:00
parent a3eb2df049
commit 10339c67ab
34 changed files with 366 additions and 312 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisAuth" type: "NevisAuth"
replicas: 1 replicas: 1
version: "7.2402.1" version: "8.2405.1"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -27,20 +27,25 @@ spec:
livenessProbe: livenessProbe:
soap: soap:
tcpSocket: true tcpSocket: true
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 20
timeoutSeconds: 4 timeoutSeconds: 4
readinessProbe: readinessProbe:
management: management:
httpGet: httpGet:
path: "/nevisauth/liveness" path: "/nevisauth/liveness"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/nevisauth/liveness"
periodSeconds: 5
timeoutSeconds: 6
failureThreshold: 50
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf
View File

@ -1,8 +1,8 @@
RTENV_SECURITY_CHECK=no_shell RTENV_SECURITY_CHECK=no_shell
JAVA_OPTS=( JAVA_OPTS=(
"-Dfile.encoding=UTF-8"
"-XX:+UseContainerSupport" "-XX:+UseContainerSupport"
"-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0" "-XX:MaxRAMPercentage=80.0"
"-Djava.net.preferIPv4Stack=true" "-Djava.net.preferIPv4Stack=true"
"-Djava.net.connectionTimeout=10000" "-Djava.net.connectionTimeout=10000"
@ -12,7 +12,7 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
) )

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties
View File

@ -1,4 +1,4 @@
otel.service.name=auth-sts otel.service.name = auth-sts
otel.traces.exporter=none otel.traces.exporter = none
otel.metrics.exporter=none otel.metrics.exporter = none
otel.logs.exporter=none otel.logs.exporter = none

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisAuth" type: "NevisAuth"
replicas: 1 replicas: 1
version: "7.2402.1" version: "8.2405.1"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -27,20 +27,25 @@ spec:
livenessProbe: livenessProbe:
soap: soap:
tcpSocket: true tcpSocket: true
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 20
timeoutSeconds: 4 timeoutSeconds: 4
readinessProbe: readinessProbe:
management: management:
httpGet: httpGet:
path: "/nevisauth/liveness" path: "/nevisauth/liveness"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/nevisauth/liveness"
periodSeconds: 5
timeoutSeconds: 6
failureThreshold: 50
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

35
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem
View File

@ -1,17 +1,22 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln MIIDlDCCAnwCCQC4xKJxfbSLBzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE Y2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmph
AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A a29iLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5m
MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo b0BqYWtvYi5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQwHhcNMjMwMzIxMTUyMjI0
FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A WhcNMjgwMzE5MTUyMjI0WjCBizELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB2Fkbm92
G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmpha29iLmFnb3YtZC5henVyZS5h
4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho ZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5mb0BqYWtvYi5hZ292LWQuYXp1
TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa cmUuYWRub3Z1bS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI 8LPO6Nack2z1whTratLxRD9KraO8QGrVTEa0p+23EKJH4WYE0QGzXbX4oFl2maXE
D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v QDeCBofTnrl8sL3yVxBy56qO8T3VxYtt9akjty6PujO48bgJr2VGjGgtPYPUeOEk
aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J lzCS616732Bnxc2iqo267G/tGooRIOOqefSyhEGmbI3KGv/zYZn/qxQo/A+5f+6y
nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF zEoKdmnBF6vnowvffKfdFKI8udd5eKmfyrc5iNYHXoVP/HmqKbkyrBw1U0ysihRJ
BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo 3vyJVDtirQ5chLn0jOZ4UZ5SBck9+784yrVqpNbsWAe3NU+Vfx4wCk/rPWRDa1E2
MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu fk+gEVvEMUFt4UvU25BdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIxToc9muu9z
OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H d4yycZCgZbDtzrq2Un+m/m3TrBNzLV7UBbGt7HW9/kxvdFJTKgNEj+ZD1cY6O6D7
vrWV0Xb1XPgkaAfypc4Y7IOUTFDR/ib4siP9gPkHvr5WSIip3mFgX9yIV910N/hh
ImE9/Jtf/q9MopBu8J6zRmL/J8mVewVdcU3xqz27OVMMSht0Du8FcpIrNQwqc1LN
tCgdj+pw5vl7NH546WlyYNpLEkAeBpJ3XCBDDwcQftC+/cQ7GKJGtOJ4ODdxWMyX
ThsHJ7MCTiN+MoW5CeioGSmngezh4Gs5SpGAGVvwNvXW2jiGdRDdHmyxDPjCQvYA
wwZrmgtpYE0=
-----END CERTIFICATE----- -----END CERTIFICATE-----

68
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem
View File

@ -1,42 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY----- -----BEGIN ENCRYPTED PRIVATE KEY-----
MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUKIdhme1LQ2vMonbp
fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG aes9/gRupIYCAggAMB0GCWCGSAFlAwQBKgQQeuo/hWDbfC4vCB3F5pfeKgSCBNAR
+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k HeV95Ar67bUkkWrHUC0jCRvnMjh9wyC6w1pFP2nW+++Qkl93v+gIjr4b9Rw9RBTd
Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm QsOVkaB7vvQ5qjvWya9HJ2aHZ6KwMb2GJdY0ouH16ga/YRZFKQ0aCfO9spezUJ7t
Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N 2KesD78IxFbey5mRYXmvTW6+BeUt+d4TQbgR0/PdqC9WOg7H3iBvs61MQgro2Itc
SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq sxQ9SBHa358oyUkGuIz2XKo/enikX49LOjpwB5EdFKky+YhtvGx9NHQIzs8RZqfd
fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ Lpe6VsWXTTSSiXD8r7WEsCnfThpneOE1Pz58woeT3QHt6WscPsUGPx/coQNKzx+R
/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL 0d+gt73kwqFbIbI9DkUoaruv6qsLcZ2yC36YNie7ggaqCC6dhan2tx3U+vRTn6I8
+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk dOCAuP7bx/iQDfHXsUC5Tatu91OkEbGA4Oz3WXpSyhmMXsSrRP7Rjivb0e7rLlde
SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v Q3TWYpa5KWqVeFpZhUFyrwJrtmMwzdu2tLfZDFKEriA/UbB3djHWM/O4/LvFqvpV
RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca VQfKtrD8OcnElGt5nJoFOGO8cXWD4opaZ5nGboLpuLuOtZN59EnZwtI1lyALdrB4
m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G MDENw0tVx7LBo13jvAtgx7vXgSPzNpJvp+A+0V2yeT+cHWeX1T1H79QcNE0vGkr/
agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM aURDUTAEIYO2TOp+14Ag1Y9T8j+z0m6lxqwO33Hf07wqzeVHaNBh3Ckv4+xUNl+U
C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt MDx/ZSmdPe07mvVrleb83XYvkC8rytS43mKxke912l+++GPWHLDl6wz1LwAQbI2b
G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL 5S/iPJI08O3y9cylRMOSBGXnIh8Ml748zEJVeac+B32cqt3nQ16WwCxfF6UjEeEE
MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU aMKhPsdgB0pRRGFL8otK2bheqlJrtFk0FfFJ4B1gbO0oHPCygWvV5Cnz8UcNOMIS
hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU u5rIjD4wz8Gcclk3c5fvfKb9xhcpop3sAJy/srteKRDJrJNlHwleCDgkVE5PkuDP
bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw z0B6OyTsprupTVx3eLbiA1yRT8HzaaGo6xfc7dKwWZW7J+jmbKVsbjcxSo/ChsMg
82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV ZP+cWGh2SLQ04mNkWetOYHMODlSAfrYYRIPkMUyLJCDPgynLeOa0u8xWxpQsmt8x
iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv 6bVhtJhf4NxyZpKYgNfdkYoerqyBOhbUlcfud1qdqRCfp6gq4rBhBktGbGkgaNk0
hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG bGLu+/uWm3pDPSWRWnhC8gXvEwMtr3kMzAe5f0yQ6L/nsBPGs+A8rGTGDg0wfoxW
IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7 Pn+AX9ywY1DWHBCK02QooIJKfvVnwr8qnhHVrqOOJlP5GMIXpx5eYkSrUtDxGwR8
9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t JOgUMAJ9GVwvxqi3g8MFPrb76b6ZheofBU5MI8rzGsXN1qWf7Ml0UQc2PcShvyNX
VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA BW0xuX5dK1UZRKJcDGIWdeFjrnAhXayJCQse0wsXSRt9WUxSNUb/MxhO7BIWrEQf
OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy Famdx2jz/RlnXinUizdlRL+ws8KknA90JdSlT+j+pvsyTHuzJ+Xzex8R+1AmlT2O
wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q 4ZVzzx2JLOcFu5j08t5U5CKbfitsINakPVATekJdov1bCo803dUExfT2OsTxrqR9
2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f mx6GJTWYE32tg/v4PASu1986ojVNLi2WjrX8NJzkqlUE+4xIeVWN0HE1SflJsL6x
Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ YXTHWodpQ9VTd0OliSFvzOjFtV768c1+ySV6QngCOQ==
Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
-----END ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY-----

BIN
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks
View File

Binary file not shown.

BIN
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12
View File

Binary file not shown.

103
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem
View File

@ -1,60 +1,53 @@
-----BEGIN ENCRYPTED PRIVATE KEY----- -----BEGIN ENCRYPTED PRIVATE KEY-----
MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUKIdhme1LQ2vMonbp
fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG aes9/gRupIYCAggAMB0GCWCGSAFlAwQBKgQQeuo/hWDbfC4vCB3F5pfeKgSCBNAR
+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k HeV95Ar67bUkkWrHUC0jCRvnMjh9wyC6w1pFP2nW+++Qkl93v+gIjr4b9Rw9RBTd
Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm QsOVkaB7vvQ5qjvWya9HJ2aHZ6KwMb2GJdY0ouH16ga/YRZFKQ0aCfO9spezUJ7t
Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N 2KesD78IxFbey5mRYXmvTW6+BeUt+d4TQbgR0/PdqC9WOg7H3iBvs61MQgro2Itc
SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq sxQ9SBHa358oyUkGuIz2XKo/enikX49LOjpwB5EdFKky+YhtvGx9NHQIzs8RZqfd
fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ Lpe6VsWXTTSSiXD8r7WEsCnfThpneOE1Pz58woeT3QHt6WscPsUGPx/coQNKzx+R
/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL 0d+gt73kwqFbIbI9DkUoaruv6qsLcZ2yC36YNie7ggaqCC6dhan2tx3U+vRTn6I8
+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk dOCAuP7bx/iQDfHXsUC5Tatu91OkEbGA4Oz3WXpSyhmMXsSrRP7Rjivb0e7rLlde
SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v Q3TWYpa5KWqVeFpZhUFyrwJrtmMwzdu2tLfZDFKEriA/UbB3djHWM/O4/LvFqvpV
RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca VQfKtrD8OcnElGt5nJoFOGO8cXWD4opaZ5nGboLpuLuOtZN59EnZwtI1lyALdrB4
m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G MDENw0tVx7LBo13jvAtgx7vXgSPzNpJvp+A+0V2yeT+cHWeX1T1H79QcNE0vGkr/
agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM aURDUTAEIYO2TOp+14Ag1Y9T8j+z0m6lxqwO33Hf07wqzeVHaNBh3Ckv4+xUNl+U
C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt MDx/ZSmdPe07mvVrleb83XYvkC8rytS43mKxke912l+++GPWHLDl6wz1LwAQbI2b
G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL 5S/iPJI08O3y9cylRMOSBGXnIh8Ml748zEJVeac+B32cqt3nQ16WwCxfF6UjEeEE
MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU aMKhPsdgB0pRRGFL8otK2bheqlJrtFk0FfFJ4B1gbO0oHPCygWvV5Cnz8UcNOMIS
hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU u5rIjD4wz8Gcclk3c5fvfKb9xhcpop3sAJy/srteKRDJrJNlHwleCDgkVE5PkuDP
bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw z0B6OyTsprupTVx3eLbiA1yRT8HzaaGo6xfc7dKwWZW7J+jmbKVsbjcxSo/ChsMg
82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV ZP+cWGh2SLQ04mNkWetOYHMODlSAfrYYRIPkMUyLJCDPgynLeOa0u8xWxpQsmt8x
iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv 6bVhtJhf4NxyZpKYgNfdkYoerqyBOhbUlcfud1qdqRCfp6gq4rBhBktGbGkgaNk0
hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG bGLu+/uWm3pDPSWRWnhC8gXvEwMtr3kMzAe5f0yQ6L/nsBPGs+A8rGTGDg0wfoxW
IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7 Pn+AX9ywY1DWHBCK02QooIJKfvVnwr8qnhHVrqOOJlP5GMIXpx5eYkSrUtDxGwR8
9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t JOgUMAJ9GVwvxqi3g8MFPrb76b6ZheofBU5MI8rzGsXN1qWf7Ml0UQc2PcShvyNX
VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA BW0xuX5dK1UZRKJcDGIWdeFjrnAhXayJCQse0wsXSRt9WUxSNUb/MxhO7BIWrEQf
OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy Famdx2jz/RlnXinUizdlRL+ws8KknA90JdSlT+j+pvsyTHuzJ+Xzex8R+1AmlT2O
wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q 4ZVzzx2JLOcFu5j08t5U5CKbfitsINakPVATekJdov1bCo803dUExfT2OsTxrqR9
2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f mx6GJTWYE32tg/v4PASu1986ojVNLi2WjrX8NJzkqlUE+4xIeVWN0HE1SflJsL6x
Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ YXTHWodpQ9VTd0OliSFvzOjFtV768c1+ySV6QngCOQ==
Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
-----END ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln MIIDlDCCAnwCCQC4xKJxfbSLBzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE Y2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmph
AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A a29iLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5m
MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo b0BqYWtvYi5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQwHhcNMjMwMzIxMTUyMjI0
FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A WhcNMjgwMzE5MTUyMjI0WjCBizELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB2Fkbm92
G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK dW0xDTALBgNVBAsMBGFnb3YxJzAlBgNVBAMMHmpha29iLmFnb3YtZC5henVyZS5h
4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho ZG5vdnVtLm5ldDEyMDAGCSqGSIb3DQEJARYjaW5mb0BqYWtvYi5hZ292LWQuYXp1
TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa cmUuYWRub3Z1bS5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB
7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI 8LPO6Nack2z1whTratLxRD9KraO8QGrVTEa0p+23EKJH4WYE0QGzXbX4oFl2maXE
D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v QDeCBofTnrl8sL3yVxBy56qO8T3VxYtt9akjty6PujO48bgJr2VGjGgtPYPUeOEk
aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J lzCS616732Bnxc2iqo267G/tGooRIOOqefSyhEGmbI3KGv/zYZn/qxQo/A+5f+6y
nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF zEoKdmnBF6vnowvffKfdFKI8udd5eKmfyrc5iNYHXoVP/HmqKbkyrBw1U0ysihRJ
BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo 3vyJVDtirQ5chLn0jOZ4UZ5SBck9+784yrVqpNbsWAe3NU+Vfx4wCk/rPWRDa1E2
MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu fk+gEVvEMUFt4UvU25BdAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIxToc9muu9z
OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H d4yycZCgZbDtzrq2Un+m/m3TrBNzLV7UBbGt7HW9/kxvdFJTKgNEj+ZD1cY6O6D7
vrWV0Xb1XPgkaAfypc4Y7IOUTFDR/ib4siP9gPkHvr5WSIip3mFgX9yIV910N/hh
ImE9/Jtf/q9MopBu8J6zRmL/J8mVewVdcU3xqz27OVMMSht0Du8FcpIrNQwqc1LN
tCgdj+pw5vl7NH546WlyYNpLEkAeBpJ3XCBDDwcQftC+/cQ7GKJGtOJ4ODdxWMyX
ThsHJ7MCTiN+MoW5CeioGSmngezh4Gs5SpGAGVvwNvXW2jiGdRDdHmyxDPjCQvYA
wwZrmgtpYE0=
-----END CERTIFICATE----- -----END CERTIFICATE-----

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties
View File

@ -185,10 +185,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password prompt.newpassword.confirm=Conferma password
prompt.password=Password prompt.password=Password
prompt.userid=Nome utente prompt.userid=Nome utente
pwreset.done.info=Your password was successfully changed. Please click on continue to log in. pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
pwreset.info.linktext=Password forgotten pwreset.info.linktext=Password dimenticata
pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata
recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@ -260,7 +260,7 @@ title.logout.confirmation=Logout
title.logout.reminder=Logout title.logout.reminder=Logout
title.oauth.consent=Autorizzazione del client title.oauth.consent=Autorizzazione del client
title.pwchange.label=Cambiare Password title.pwchange.label=Cambiare Password
title.pwreset=Password Forgotten title.pwreset=Password Dimenticata
title.saml.failed=Error title.saml.failed=Error
title.timeout.page=Logout title.timeout.page=Logout
user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email=Inserire un'e-mail valida.

182
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy
View File

@ -4,6 +4,7 @@ import ch.nevis.idm.client.IdmRestClientFactory
import ch.nevis.idm.client.HTTPRequestWrapper import ch.nevis.idm.client.HTTPRequestWrapper
import groovy.json.JsonSlurper import groovy.json.JsonSlurper
import groovy.xml.XmlSlurper
// Accounting // Accounting
def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
@ -14,112 +15,91 @@ def credentialType = session['authenticatedWith'] ?: 'unknown'
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters) IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId') String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
String userExtId = session.get('ch.adnovum.nevisidm.user.extId') String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
String loginId = session.get('ch.adnovum.nevisidm.user.loginId') String sessionId = session.get('ch.nevis.session.conversationId')
String profileExtId = session.get('ch.adnovum.nevisidm.profileExtId')
String unitExtid= parameters.get('unitExtid') String endPoint = "${parameters.get('utility-service.baseUrl')}/api/v1/recovery/code"
String level100RoleExtid = parameters.get('level100.roleExtid')
String baseUrl = "${parameters.get('idm.baseUrl')}/core/v1/$clientExtId" def userDto = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
boolean audited = false def recoveryCredential = userDto.'**'.find {node -> node.name() == 'credentials' && node.type.text() == 'CONTEXT_PASSWORD' && node.state.text() == 'ACTIVE' && node.context.text() == 'RECOVERY'}
String agovAq100AuthEndpoint = null
String endpoint = null
// 1) create the profile if needed // 1a) check if user has a credential
if (profileExtId == null || profileExtId.isEmpty()) { if ( recoveryCredential != null ) {
LOG.debug("Account '${user}' has an active recovery code, no need to create new code")
endpoint = "${baseUrl}/users/${userExtId}/profiles"
profileExtId = UUID.randomUUID().toString()
def postRequest = new HTTPRequestWrapper()
postRequest.addToHeaders('Content-Type', ['application/json'])
def dto = "{\"extId\":\"${profileExtId}\",\"unitExtId\":\"${unitExtid}\",\"profileState\":\"active\",\"name\":\"Profile-${loginId}\",\"isDefaultProfile\":true,\"modificationComment\":\"Repaired for request ${requestId}\"}"
postRequest.setPayLoad(dto.getBytes('UTF-8'))
def result = idmRestClient.postWithResponse(endpoint, postRequest)
if (result.getStatusCode() != 201) {
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing profile (http status code ${result.getStatusCode()})'")
response.setNote('saml.errorCode', 'Responder')
response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help")
response.setResult('failed')
return
} else {
LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing profile'")
audited = true
}
}
// 2) add level 100 role if needed
if (!Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-Loi.level100')).findAny().isPresent()) {
endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations"
def postRequest = new HTTPRequestWrapper()
postRequest.addToHeaders('Content-Type', ['application/json'])
def dto = "{\"extId\":\"${UUID.randomUUID().toString()}\",\"roleExtId\":\"${level100RoleExtid}\"}"
postRequest.setPayLoad(dto.getBytes('UTF-8'))
def result = idmRestClient.postWithResponse(endpoint, postRequest)
if (result.getStatusCode() != 201) {
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing AGOVaq 100 role (http status code ${result.getStatusCode()})'")
response.setNote('saml.errorCode', 'Responder')
response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help")
response.setResult('failed')
return
} else if (!audited) {
LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing AGOVaq 100 role'")
audited = true
}
agovAq100AuthEndpoint = result.getLocation()
}
// 3) set the AQ level 100 verification to None
if (!session['ch.adnovum.nevisidm.userDto'].contains("<properties><name>idVerification</name><value>None</value><scopeName>AGOV-Loi,level100</scopeName></properties>")) {
if (agovAq100AuthEndpoint == null) {
endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations"
def result = idmRestClient.get(endpoint)
def json = new JsonSlurper().parseText(result)
json['items'].eachWithIndex { az, i ->
if (az.roleExtId == level100RoleExtid) {
agovAq100AuthEndpoint = "${endpoint}/${az.extId}"
}
}
}
endpoint = "${agovAq100AuthEndpoint}/properties"
def patchRequest = new HTTPRequestWrapper()
patchRequest.addToHeaders('Content-Type', ['application/json'])
patchRequest.setPayLoad('{"idVerification":"None"}'.getBytes('UTF-8'))
def result = idmRestClient.patchWithResponse(endpoint, patchRequest)
if (result.getStatusCode() != 200) {
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to patch the AGOVaq 100 role (http status code ${result.getStatusCode()})'")
} else if (!audited) {
LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='patched AGOVaq 100 role with idVerification'")
audited = true
}
}
if (audited) {
response.setResult('reload')
} else {
response.setResult('done') response.setResult('done')
} return
}
// 1b) check if a recovery is ongoing (nothing to do)
if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) {
LOG.debug("Account '${user}' is in recovery, no need to create new code")
response.setResult('done')
return
}
// 2) set cookie for recoveryCode
if (outargs.containsKey('out.JWTToken')) {
def token = outargs.getProperty('out.JWTToken').bytes.encodeBase64().toString()
def agovRecoveryCodeCookie = "agovRecoveryCode=${token }; Domain=${parameters.get('cookie.domain')}; Path=/; SameSite=Strict; Secure; HttpOnly"
response.setHeader('Set-Cookie', agovRecoveryCodeCookie)
outargs.remove('out.JWTToken')
}
// 3) generate code if not yet done
if (!session['agov.new.recovery.code.generated']) {
inargs.remove('submit')
try {
def postRequest = new HTTPRequestWrapper()
postRequest.addToHeaders('Content-Type', ['application/json'])
postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8'))
def result = idmRestClient.postWithResponse(endPoint, postRequest)
if (result.getStatusCode() != 200) {
LOG.debug("Payload: ${new String(postRequest.getPayLoad())}")
LOG.debug("Result: ${result}")
LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})")
response.setResult('failed')
return
}
def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8'))
notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3'))
LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}")
response.setSessionAttribute('agov.new.recovery.code.generated', 'true')
def validTil = "${json['recoveryCode']['validUntil'][2]}.${json['recoveryCode']['validUntil'][1]}.${json['recoveryCode']['validUntil'][0]}"
response.setSessionAttribute('agov.new.recovery.code.validTil', validTil)
response.setSessionAttribute('agov.new.recovery.code.pdfAuthToken', json['authToken'])
LOG.info("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
} catch(Exception e) {
LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${e.getMessage()})")
LOG.error("Recoverycode processing failed: $e")
response.setResult('failed')
return
}
response.setResult('encryptCode')
return
}
if (inargs['submit']) {
def agovRecoveryCodeCookie = "agovRecoveryCode=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
response.setHeader('Set-Cookie', agovRecoveryCodeCookie)
response.setResult('done')
return
}
// show the GUI
response.setStatus(AuthResponse.AUTH_CONTINUE)

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf
View File

@ -1,8 +1,8 @@
RTENV_SECURITY_CHECK=no_shell RTENV_SECURITY_CHECK=no_shell
JAVA_OPTS=( JAVA_OPTS=(
"-Dfile.encoding=UTF-8"
"-XX:+UseContainerSupport" "-XX:+UseContainerSupport"
"-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0" "-XX:MaxRAMPercentage=80.0"
"-Djava.net.preferIPv4Stack=true" "-Djava.net.preferIPv4Stack=true"
"-Djava.net.connectionTimeout=10000" "-Djava.net.connectionTimeout=10000"
@ -12,7 +12,7 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
) )

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties
View File

@ -1,4 +1,4 @@
otel.service.name=auth otel.service.name = auth
otel.traces.exporter=none otel.traces.exporter = none
otel.metrics.exporter=none otel.metrics.exporter = none
otel.logs.exporter=none otel.logs.exporter = none

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisFIDO" type: "NevisFIDO"
replicas: 1 replicas: 1
version: "7.2402.1" version: "8.2405.1"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -28,20 +28,25 @@ spec:
management: management:
httpGet: httpGet:
path: "/nevisfido/liveness" path: "/nevisfido/liveness"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
readinessProbe: readinessProbe:
management: management:
httpGet: httpGet:
path: "/nevisfido/health" path: "/nevisfido/health"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/nevisfido/health"
periodSeconds: 5
timeoutSeconds: 6
failureThreshold: 50
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf
View File

@ -2,10 +2,10 @@ RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml"
JAVA_OPTS=( JAVA_OPTS=(
"-XX:+UseContainerSupport" "-XX:+UseContainerSupport"
"-XX:MaxRAMPercentage=80.0"
"-Dignore.me" "-Dignore.me"
"-XX:MaxRAMPercentage=80.0"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
) )

49
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json
View File

@ -91,6 +91,29 @@
"tcDisplay" : 1, "tcDisplay" : 1,
"tcDisplayContentType" : "text/plain" "tcDisplayContentType" : "text/plain"
}, },
{
"aaid" : "F1D0#0005",
"description" : "Android NEVIS Mobile Authentication Password Authenticator",
"assertionScheme" : "UAFV1TLV",
"attestationRootCertificates" : [],
"attestationTypes" : [ 15880 ],
"upv" : [ {
"major" : 1,
"minor" : 1
} ],
"userVerificationDetails" : [ [ {
"userVerification" : 4
} ] ],
"attachmentHint" : 1,
"authenticationAlgorithm" : 9,
"authenticatorVersion" : 1,
"isSecondFactorOnly" : false,
"keyProtection" : 1,
"matcherProtection" : 1,
"publicKeyAlgAndEncoding" : 256,
"tcDisplay" : 1,
"tcDisplayContentType" : "text/plain"
},
{ {
"aaid" : "F1D0#1001", "aaid" : "F1D0#1001",
"description" : "iOS NEVIS Mobile Authentication PIN Authenticator", "description" : "iOS NEVIS Mobile Authentication PIN Authenticator",
@ -182,5 +205,27 @@
"publicKeyAlgAndEncoding" : 257, "publicKeyAlgAndEncoding" : 257,
"tcDisplay" : 1, "tcDisplay" : 1,
"tcDisplayContentType" : "text/plain" "tcDisplayContentType" : "text/plain"
} },
] {
"aaid" : "F1D0#1005",
"description" : "iOS NEVIS Mobile Authentication Password Authenticator",
"assertionScheme" : "UAFV1TLV",
"attestationRootCertificates" : [],
"attestationTypes" : [ 15880 ],
"upv" : [ {
"major" : 1,
"minor" : 1
} ],
"userVerificationDetails" : [ [ {
"userVerification" : 4
} ] ],
"attachmentHint" : 1,
"authenticationAlgorithm" : 2,
"authenticatorVersion" : 1,
"isSecondFactorOnly" : false,
"keyProtection" : 1,
"matcherProtection" : 1,
"publicKeyAlgAndEncoding" : 257,
"tcDisplay" : 1,
"tcDisplayContentType" : "text/plain"
}]

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties
View File

@ -1,4 +1,4 @@
otel.service.name=fido-uaf otel.service.name = fido-uaf
otel.traces.exporter=none otel.traces.exporter = none
otel.metrics.exporter=none otel.metrics.exporter = none
otel.logs.exporter=none otel.logs.exporter = none

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisFIDO" type: "NevisFIDO"
replicas: 1 replicas: 1
version: "7.2402.1" version: "8.2405.1"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -28,20 +28,25 @@ spec:
management: management:
httpGet: httpGet:
path: "/nevisfido/liveness" path: "/nevisfido/liveness"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
readinessProbe: readinessProbe:
management: management:
httpGet: httpGet:
path: "/nevisfido/health" path: "/nevisfido/health"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/nevisfido/health"
periodSeconds: 5
timeoutSeconds: 6
failureThreshold: 50
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf
View File

@ -6,5 +6,5 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
) )

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties
View File

@ -1,4 +1,4 @@
otel.service.name=fido2 otel.service.name = fido2
otel.traces.exporter=none otel.traces.exporter = none
otel.metrics.exporter=none otel.metrics.exporter = none
otel.logs.exporter=none otel.logs.exporter = none

13
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisIDM" type: "NevisIDM"
replicas: 1 replicas: 1
version: "7.2402.2" version: "8.2405.1"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -28,20 +28,25 @@ spec:
management: management:
httpGet: httpGet:
path: "/liveness" path: "/liveness"
initialDelaySeconds: 40
periodSeconds: 30 periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
readinessProbe: readinessProbe:
management: management:
httpGet: httpGet:
path: "/health" path: "/health"
initialDelaySeconds: 40
periodSeconds: 30 periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/health"
periodSeconds: 30
timeoutSeconds: 6
failureThreshold: 10
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

9
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf
View File

@ -1 +1,8 @@
JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=80.0 -javaagent:/opt/agent/opentelemetry-javaagent.jar -Dotel.javaagent.logging=application -Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties -Dotel.resource.attributes=service.version=7.2402.2,service.instance.id=$HOSTNAME" JAVA_OPTS=(
"-XX:+UseContainerSupport"
"-XX:MaxRAMPercentage=80.0"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
)

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties
View File

@ -89,6 +89,8 @@ server.host=0.0.0.0
# source: pattern://b8a36646f81c3247cdb5d90b # source: pattern://b8a36646f81c3247cdb5d90b
server.tls.enabled=true server.tls.enabled=true
# source: pattern://b8a36646f81c3247cdb5d90b # source: pattern://b8a36646f81c3247cdb5d90b
server.tls.client-auth=requested
# source: pattern://b8a36646f81c3247cdb5d90b
server.tls.keystore=/var/opt/keys/own/idm-default-identity/keystore.p12 server.tls.keystore=/var/opt/keys/own/idm-default-identity/keystore.p12
# source: pattern://b8a36646f81c3247cdb5d90b # source: pattern://b8a36646f81c3247cdb5d90b
server.tls.keystore-passphrase=${exec:/var/opt/keys/own/idm-default-identity/keypass} server.tls.keystore-passphrase=${exec:/var/opt/keys/own/idm-default-identity/keypass}

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties
View File

@ -1,4 +1,4 @@
otel.service.name=idm otel.service.name = idm
otel.traces.exporter=none otel.traces.exporter = none
otel.metrics.exporter=none otel.metrics.exporter = none
otel.logs.exporter=none otel.logs.exporter = none

16
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisLogrend" type: "NevisLogrend"
replicas: 1 replicas: 1
version: "7.2402.0" version: "8.2405.0"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -28,19 +28,23 @@ spec:
management: management:
httpGet: httpGet:
path: "/nevislogrend/liveness" path: "/nevislogrend/liveness"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
readinessProbe: readinessProbe:
server: server:
tcpSocket: true tcpSocket: true
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 20
timeoutSeconds: 4 timeoutSeconds: 4
startupProbe:
server:
tcpSocket: true
periodSeconds: 5
timeoutSeconds: 4
failureThreshold: 50
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
credentials: "git-credentials" credentials: "git-credentials"
podSecurity: podSecurity:

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf
View File

@ -4,11 +4,11 @@ RTENV_SECURITY_CHECK=no_shell
LOGREND_DEPLOY_TYPE=standalone LOGREND_DEPLOY_TYPE=standalone
JAVA_OPTS=( JAVA_OPTS=(
"-Dfile.encoding=UTF-8"
"-XX:+UseContainerSupport" "-XX:+UseContainerSupport"
"-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0" "-XX:MaxRAMPercentage=80.0"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=7.2402.0,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
) )

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties
View File

@ -1,4 +1,4 @@
otel.service.name=logrend otel.service.name = logrend
otel.traces.exporter=none otel.traces.exporter = none
otel.metrics.exporter=none otel.metrics.exporter = none
otel.logs.exporter=none otel.logs.exporter = none

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties
View File

@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password prompt.newpassword.confirm=Conferma password
prompt.password=Password prompt.password=Password
prompt.userid=Nome utente prompt.userid=Nome utente
pwreset.done.info=Your password was successfully changed. Please click on continue to log in. pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
pwreset.info.linktext=Password forgotten pwreset.info.linktext=Password dimenticata
pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal title=NEVIS SSO Portal
title.login=Login title.login=Login
title.pwchange.label=Cambiare Password title.pwchange.label=Cambiare Password
title.pwreset=Password Forgotten title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo. user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo.

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties
View File

@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password prompt.newpassword.confirm=Conferma password
prompt.password=Password prompt.password=Password
prompt.userid=Nome utente prompt.userid=Nome utente
pwreset.done.info=Your password was successfully changed. Please click on continue to log in. pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
pwreset.info.linktext=Password forgotten pwreset.info.linktext=Password dimenticata
pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal title=NEVIS SSO Portal
title.login=Login title.login=Login
title.pwchange.label=Cambiare Password title.pwchange.label=Cambiare Password
title.pwreset=Password Forgotten title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo. user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo.

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties
View File

@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password prompt.newpassword.confirm=Conferma password
prompt.password=Password prompt.password=Password
prompt.userid=Nome utente prompt.userid=Nome utente
pwreset.done.info=Your password was successfully changed. Please click on continue to log in. pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
pwreset.info.linktext=Password forgotten pwreset.info.linktext=Password dimenticata
pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal title=NEVIS SSO Portal
title.login=Login title.login=Login
title.pwchange.label=Cambiare Password title.pwchange.label=Cambiare Password
title.pwreset=Password Forgotten title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo. user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo.

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties
View File

@ -135,10 +135,10 @@ prompt.newpassword=Nuova Password
prompt.newpassword.confirm=Conferma password prompt.newpassword.confirm=Conferma password
prompt.password=Password prompt.password=Password
prompt.userid=Nome utente prompt.userid=Nome utente
pwreset.done.info=Your password was successfully changed. Please click on continue to log in. pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic su continua per accedere.
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
pwreset.info.linktext=Password forgotten pwreset.info.linktext=Password dimenticata
pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
@ -204,7 +204,7 @@ recovery_start_info.title=Il processo di ripristino sta per iniziare.
title=NEVIS SSO Portal title=NEVIS SSO Portal
title.login=Login title.login=Login
title.pwchange.label=Cambiare Password title.pwchange.label=Cambiare Password
title.pwreset=Password Forgotten title.pwreset=Password Dimenticata
user_input.invalid.email=Inserire un'e-mail valida. user_input.invalid.email=Inserire un'e-mail valida.
user_input.invalid.email.required=Campo obbligatorio user_input.invalid.email.required=Campo obbligatorio
user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo. user_input.invalid.email.tooLong=Il testo inserito &egrave; troppo lungo.

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisProxy" type: "NevisProxy"
replicas: 1 replicas: 1
version: "7.2402.1" version: "8.2405.0"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -28,20 +28,25 @@ spec:
management: management:
httpGet: httpGet:
path: "/liveness" path: "/liveness"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
readinessProbe: readinessProbe:
management: management:
httpGet: httpGet:
path: "/readiness" path: "/readiness"
initialDelaySeconds: 40 periodSeconds: 5
periodSeconds: 30
timeoutSeconds: 6 timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/readiness"
periodSeconds: 5
timeoutSeconds: 6
failureThreshold: 50
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-339de78f34b28e0019bb55f9f4fee8b70e264486" tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml
View File

@ -8,7 +8,7 @@
<!-- source: pattern://0ceb05c56644a59d648c13b9 --> <!-- source: pattern://0ceb05c56644a59d648c13b9 -->
<Timer periodicity="60"/> <Timer periodicity="60"/>
<!-- source: pattern://0ceb05c56644a59d648c13b9 --> <!-- source: pattern://0ceb05c56644a59d648c13b9 -->
<Server User="nevis" Group="root" ServerAdmin="admin@company.com" ServerName="proxy-idp" Timeout="30" MaxClients="600" MaxRequestsPerChild="0" KeepAlive="on" KeepAliveTimeout="5" MaxKeepAliveRequests="100" LimitRequestLine="5120" LimitRequestBody="512000" LimitRequestFields="50" LimitRequestFieldsize="5120" ServerRoot="/var/opt/nevisproxy/default" CoreDumpDirectory="" ErrorLog="&quot;|/bin/sed -u s/^/[apache.log]\ /g&quot;" Loglevel="notice" TransferLog="&quot;|/bin/stdbuf -oL /bin/egrep -v GET./.....?ness&quot;" LogFormat="&quot;[access.log] %h %l %u %t \&quot;%r\&quot; %&gt;s %b %{content-length}i %T %v \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot; trID=%{UNIQUE_ID}e&quot;" SSLPassPhraseDialog="builtin" SSLSessionCache="shmcb:/var/opt/nevisproxy/default/run/apache_shmcb"/> <Server User="nevis" Group="root" ServerName="proxy-idp" Timeout="30" MaxClients="600" MaxRequestsPerChild="0" KeepAlive="on" KeepAliveTimeout="5" MaxKeepAliveRequests="100" LimitRequestLine="5120" LimitRequestBody="512000" LimitRequestFields="50" LimitRequestFieldsize="5120" ServerRoot="/var/opt/nevisproxy/default" CoreDumpDirectory="" ErrorLog="&quot;|/bin/sed -u s/^/[apache.log]\ /g&quot;" LogLevel="notice" TransferLog="&quot;|/bin/stdbuf -oL /bin/egrep -v GET./.....?ness&quot;" LogFormat="&quot;[access.log] %h %l %u %t \&quot;%r\&quot; %&gt;s %b %{content-length}i %T %v \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot; trID=%{UNIQUE_ID}e&quot;" SSLPassPhraseDialog="builtin" SSLSessionCache="shmcb:/var/opt/nevisproxy/default/run/apache_shmcb"/>
<!-- source: pattern://0ceb05c56644a59d648c13b9 --> <!-- source: pattern://0ceb05c56644a59d648c13b9 -->
<Connector port="11080" name="management" listen="0.0.0.0:11080"/> <Connector port="11080" name="management" listen="0.0.0.0:11080"/>
<!-- source: pattern://1f0702aaabef60a615abf41f --> <!-- source: pattern://1f0702aaabef60a615abf41f -->

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -652,8 +652,8 @@
</init-param> </init-param>
<!-- source: pattern://cb8c63274fe346280de0ffd5 --> <!-- source: pattern://cb8c63274fe346280de0ffd5 -->
<init-param> <init-param>
<param-name>StateKey</param-name> <param-name>StoreInterceptedRequest</param-name>
<param-value>Auth_Realm_Mobile_FIDO_UAF</param-value> <param-value>false</param-value>
</init-param> </init-param>
</filter> </filter>
<!-- source: pattern://06aeae2d799e492f5580d03b --> <!-- source: pattern://06aeae2d799e492f5580d03b -->
@ -692,8 +692,8 @@
</init-param> </init-param>
<!-- source: pattern://06aeae2d799e492f5580d03b --> <!-- source: pattern://06aeae2d799e492f5580d03b -->
<init-param> <init-param>
<param-name>StateKey</param-name> <param-name>StoreInterceptedRequest</param-name>
<param-value>NotUsed_Auth_Realm</param-value> <param-value>false</param-value>
</init-param> </init-param>
</filter> </filter>
<!-- source: pattern://0d3511bed6798a78cc3237f6 --> <!-- source: pattern://0d3511bed6798a78cc3237f6 -->