nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-12-11 17:20:08 +00:00
parent fed18d33a3
commit e8e30033e6
4 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-5b79a86c337ca1289540ee43be0ddf8d56ce17c3"
tag: "r-5ef0aed7c67a82259525e9e179953cd289458e0c"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
keystores:

28
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -221,7 +221,7 @@
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/mobile_nless_auth.groovy"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
<property name="parameter.agovmeregistrationurl" value="https://me.agov-d.azure.adnovum.net/registration/"/>
<property name="parameter.agovmeregistrationurl" value="https://ob.agov-w.azure.adnovum.net/mock-me/registration"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
<property name="parameter.recoveryurl" value="https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/"/>
</AuthState>
@ -363,7 +363,7 @@
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="spURL" value="https://me.agov-d.azure.adnovum.net/registration/api/login/saml2/sso/agovidpdirect"/>
<property name="spURL" value="https://ob.agov-w.azure.adnovum.net/mock-me/registration"/>
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="acsUrlWhitelist.uris" value="not used"/>
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
@ -385,7 +385,7 @@
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="out.audienceRestriction" value="https://me.agov-d.azure.adnovum.net/registration/api/saml2/service-provider-metadata/agovidpdirect"/>
<property name="out.audienceRestriction" value="https://ob.agov-w.azure.adnovum.net/mock-me/registration"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://826166d230a6a4849f2837ae -->
@ -469,7 +469,7 @@
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="parameter.agovmedirecturl" value="https://me.agov-d.azure.adnovum.net/registration/api/login/saml2/sso/agovidpdirect"/>
<property name="parameter.agovmedirecturl" value="https://ob.agov-w.azure.adnovum.net/mock-me/registration"/>
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy"/>
</AuthState>
@ -1043,7 +1043,7 @@
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="spURL" value="https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect"/>
<property name="spURL" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="acsUrlWhitelist.uris" value="not used"/>
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
@ -1073,7 +1073,7 @@
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="out.audienceRestriction" value="https://me.agov-d.azure.adnovum.net/account/api/saml2/service-provider-metadata/agovidpdirect"/>
<property name="out.audienceRestriction" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Recovery_redirectAgovMe" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="false">
<!-- source: pattern://6061abea33a234fad73897b7 -->
@ -1105,7 +1105,7 @@
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="spURL" value="https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect"/>
<property name="spURL" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="acsUrlWhitelist.uris" value="not used"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
@ -1127,7 +1127,7 @@
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="out.audienceRestriction" value="https://me.agov-d.azure.adnovum.net/account/api/saml2/service-provider-metadata/agovidpdirect"/>
<property name="out.audienceRestriction" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_SendSamlResponseWithAssertion" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
@ -1155,7 +1155,7 @@
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="parameter.agovmedirecturl" value="https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect"/>
<property name="parameter.agovmedirecturl" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirect.groovy"/>
</AuthState>
@ -1170,7 +1170,7 @@
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="parameter.agovmedirecturl" value="https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect"/>
<property name="parameter.agovmedirecturl" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy"/>
</AuthState>
@ -2275,7 +2275,7 @@
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="spURL" value="https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect"/>
<property name="spURL" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="acsUrlWhitelist.uris" value="not used"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
@ -2297,7 +2297,7 @@
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="out.audienceRestriction" value="https://me.agov-d.azure.adnovum.net/account/api/saml2/service-provider-metadata/agovidpdirect"/>
<property name="out.audienceRestriction" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_codeLocked" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true" resumeState="false">
<!-- source: pattern://584964c837512845d7940809 -->
@ -2360,7 +2360,7 @@
<!-- source: pattern://4bc453bf68139ee87966b0c7 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy"/>
<!-- source: pattern://4bc453bf68139ee87966b0c7 -->
<property name="parameter.agovmeregistrationurl" value="https://me.agov-d.azure.adnovum.net/registration/"/>
<property name="parameter.agovmeregistrationurl" value="https://ob.agov-w.azure.adnovum.net/mock-me/registration"/>
<!-- source: pattern://4bc453bf68139ee87966b0c7 -->
<property name="parameter.recoveryurl" value="https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/"/>
</AuthState>
@ -2375,7 +2375,7 @@
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="parameter.agovmedirecturl" value="https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect"/>
<property name="parameter.agovmedirecturl" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
<!-- source: pattern://6061abea33a234fad73897b7 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy"/>
</AuthState>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-bdd002acfcff73d836b81b83744f3ba618e236f8"
tag: "r-5ef0aed7c67a82259525e9e179953cd289458e0c"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials"
keystores:

6
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -473,12 +473,12 @@
<!-- source: pattern://162d4ee18e469c146df153cc -->
<init-param>
<param-name>param_csp</param-name>
<param-value>default-src 'none'; script-src 'wasm-unsafe-eval' 'self' 'sha256-4r4l/2aahtvPIxQP0YmmqfftYXNwNqxxqOUaXVE0FjM=' 'sha256-3sconOU5uxdS6tVa5DhEli3N+/aY9IvYh873WqDptD0=' 'sha256-N3+RfLbnlpBc0lUnNy4soyLbX0tNDqQt5LPzkEsYOHo=' 'sha256-uOoE0nq21NJDv37YLUOxV9aCnNstJ0GK7BiXNMXQAcI='; worker-src blob:; child-src blob:; connect-src 'self' https://eu-api.friendlycaptcha.eu/api/v1/puzzle; img-src 'self'; style-src 'self' 'unsafe-inline' ; form-action 'self' https://trustbroker.agov-d.azure.adnovum.net/ https://me.agov-d.azure.adnovum.net/; font-src 'self';</param-value>
<param-value>default-src 'none'; script-src 'wasm-unsafe-eval' 'self' 'sha256-4r4l/2aahtvPIxQP0YmmqfftYXNwNqxxqOUaXVE0FjM=' 'sha256-3sconOU5uxdS6tVa5DhEli3N+/aY9IvYh873WqDptD0=' 'sha256-N3+RfLbnlpBc0lUnNy4soyLbX0tNDqQt5LPzkEsYOHo=' 'sha256-uOoE0nq21NJDv37YLUOxV9aCnNstJ0GK7BiXNMXQAcI='; worker-src blob:; child-src blob:; connect-src 'self' https://eu-api.friendlycaptcha.eu/api/v1/puzzle; img-src 'self'; style-src 'self' 'unsafe-inline' ; form-action 'self' https://trustbroker.agov-d.azure.adnovum.net/ https://ob.agov-w.azure.adnovum.net/; font-src 'self';</param-value>
</init-param>
<!-- source: pattern://162d4ee18e469c146df153cc -->
<init-param>
<param-name>param_report_only_csp</param-name>
<param-value>default-src 'none'; script-src 'wasm-unsafe-eval' 'self'; worker-src blob:; child-src blob:; connect-src 'self' https://eu-api.friendlycaptcha.eu/api/v1/puzzle; img-src 'self'; style-src 'self' 'unsafe-inline' ; form-action 'self' https://trustbroker.agov-d.azure.adnovum.net/ https://me.agov-d.azure.adnovum.net/; font-src 'self';</param-value>
<param-value>default-src 'none'; script-src 'wasm-unsafe-eval' 'self'; worker-src blob:; child-src blob:; connect-src 'self' https://eu-api.friendlycaptcha.eu/api/v1/puzzle; img-src 'self'; style-src 'self' 'unsafe-inline' ; form-action 'self' https://trustbroker.agov-d.azure.adnovum.net/ https://ob.agov-w.azure.adnovum.net/; font-src 'self';</param-value>
</init-param>
</filter>
<!-- source: pattern://8b8167e5de0e69dedb81cacb, pattern://8b8167e5de0e69dedb81cacb#filters -->
@ -493,7 +493,7 @@
trace = request:getTracer()
if request:getHeader("Origin") then
if not response:getHeader("Access-Control-Allow-Origin") then
domains = {"trustbroker.agov-d.azure.adnovum.net", "auth.agov-w.azure.adnovum.net"}
domains = {"trustbroker.agov-d.azure.adnovum.net", "auth.agov-w.azure.adnovum.net", "ob.agov-w.azure.adnovum.net"}
for k, v in pairs(domains) do
trace:info("Accepted domains="..v)
end