From 42684d52715a9bea2b671909be8f504c81d3d149 Mon Sep 17 00:00:00 2001 From: haburger Date: Wed, 4 Sep 2024 14:27:44 +0000 Subject: [PATCH] new configuration version --- ...evisauth-sts-4bad2fe3ccc54716cc87138f.yaml | 4 +- .../var/opt/nevisauth/default/conf/env.conf | 2 +- ...8s-nevisauth-7022472ae407577ae604bbb8.yaml | 4 +- .../var/opt/nevisauth/default/conf/env.conf | 2 +- .../conf/saml_idp_agov_dispatcher.groovy | 41 ++++++++++++++++--- ...uaf-instance-ca92034f995b39fde562293c.yaml | 4 +- ...uaf-database-9385d1b33aefe975fb1c5914.yaml | 2 +- .../var/opt/nevisfido/default/conf/env.conf | 2 +- ...s-nevisfido2-087f275433f3973a1421318f.yaml | 4 +- .../var/opt/nevisfido/default/conf/env.conf | 2 +- ...k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml | 4 +- .../var/opt/nevisidm/default/conf/env.conf | 2 +- ...visproxy-idp-0ceb05c56644a59d648c13b9.yaml | 4 +- 13 files changed, 54 insertions(+), 23 deletions(-) diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml index 43163e4..15e48db 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisAuth" replicas: 1 - version: "8.2405.1" + version: "8.2405.2" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -45,7 +45,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" + tag: "r-be4d7b3836489983642da8c01294cab133468c44" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf index 5cd92a4..755ad38 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf @@ -12,7 +12,7 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}" ) diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml index 8045ba2..37435ee 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisAuth" replicas: 1 - version: "8.2405.1" + version: "8.2405.2" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -45,7 +45,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" + tag: "r-be4d7b3836489983642da8c01294cab133468c44" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf index 000317d..5a048d7 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf @@ -12,7 +12,7 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}" ) diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy index a380a77..c79c6bc 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy @@ -31,16 +31,33 @@ def redirect(String url) { * @return text content of Issuer element converted or null */ String getIssuer(GPathResult xml) { - return (xml.depthFirst().find { GPathResult node -> "Issuer".equalsIgnoreCase(node.name()) } as NodeChild)?.text() + return xml.depthFirst().find { GPathResult node -> { + node.name().endsWith(":Issuer") || node.name().equalsIgnoreCase("Issuer") + } + }?.text() } String getIssuer(String value) { + if (value == null) { + return + } + String text + byte[] decoded def parser = new XmlSlurper() - byte[] decoded = value.decodeBase64() - String text = new String(decoded) + // if value is raw xml then continue otherwise try to parse the base64 encoding + if (value.startsWith("<")) { + text = new String(value) + } + else { + decoded = value.decodeBase64() + text = new String(decoded) + LOG.info("received SAML request $value") + } + + // after decoded, if redirect binding, we need to parse string to xml if (text.startsWith("<")) { - LOG.debug("assuming POST binding") - // plain String (POST parameter) + LOG.debug("assuming POST/SOAP binding") + // plain String (POST/SOAP parameter) def xml = parser.parseText(text) return getIssuer(xml) } @@ -107,6 +124,20 @@ if (inargs.containsKey('SAMLResponse')) { // response to IDP-initiated SAML Logo return } +if (parameters.get('spInitiated') == 'true' && inargs.containsKey('soapheader')) { // SP-initiated SOAP with soapheader + LOG.debug("found soapheader parameter for SP-initiated") + String message = inargs.get('soapheader') + dispatchMessage(i2s, message) + return +} + +if (parameters.get('spInitiated') == 'true' && inargs.containsKey('')) { // SP-initiated SOAP with empty + LOG.debug("found empty parameter for SP-initiated SOAP message") + String message = inargs.get('') + dispatchMessage(i2s, message) + return +} + String issuer = inargs['Issuer'] ?: inargs['issuer'] if (parameters.get('idpInitiated') == 'true' && issuer != null) { // IDP-initiated authentication LOG.debug("found Issuer parameter for IDP-initiated authentication") diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml index 6d64d9a..1b0f7ed 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisFIDO" replicas: 1 - version: "8.2405.1" + version: "8.2405.2" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -46,7 +46,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-f797d55ba2e02a3422ac3de2076ce37a44cd21e5" + tag: "r-be4d7b3836489983642da8c01294cab133468c44" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf" credentials: "git-credentials" database: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml index f45c3ff..4c7dc35 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisFIDO" databaseType: "MariaDB" - version: "8.2405.1" + version: "8.2405.2" url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat" port: 3306 database: "nevisfido_uaf" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf index 573b4f2..98343ff 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf @@ -7,5 +7,5 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME" ) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml index 7720fdc..00e0984 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisFIDO" replicas: 1 - version: "8.2405.1" + version: "8.2405.2" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -46,7 +46,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" + tag: "r-be4d7b3836489983642da8c01294cab133468c44" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf index 2ec24e8..ab08902 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf @@ -6,5 +6,5 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME" ) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml index ab22723..40c31fe 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisIDM" replicas: 1 - version: "8.2405.1" + version: "8.2405.2" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -46,7 +46,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" + tag: "r-be4d7b3836489983642da8c01294cab133468c44" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf index 13dfb9b..6b6fd51 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf @@ -4,5 +4,5 @@ JAVA_OPTS=( "-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-Dotel.javaagent.logging=application" "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties" - "-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" + "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME" ) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml index 113a4f9..15981dc 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml @@ -11,7 +11,7 @@ metadata: spec: type: "NevisProxy" replicas: 1 - version: "8.2405.0" + version: "8.2405.1" gitInitVersion: "1.3.0" runAsNonRoot: true ports: @@ -46,7 +46,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" + tag: "r-be4d7b3836489983642da8c01294cab133468c44" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" credentials: "git-credentials" keystores: