nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
admin 2024-07-30 13:41:00 +00:00
parent 10339c67ab
commit ecdb8bdfb5
2 changed files with 135 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-9af6a792e2720efb1d09318c1e3f4a2ab355af31"
tag: "r-a91bcd50897938a040ebdb7d527e880e072a83f7"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
credentials: "git-credentials"
keystores:

168
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -54,7 +54,7 @@
</Domain>
<AuthState name="Auth_Realm_Main_STS_Check_Trusted_Caller" class="ch.nevis.esauth.auth.states.cache.ReadFromCacheState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="miss" next="Auth_Realm_Main_STS_Dispatcher_TokenType"/>
<ResultCond name="miss" next="Auth_Realm_Main_STS_Validation_Client_Cert"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="ok" next="Auth_Realm_Main_STS_Dispatcher_TokenType"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
@ -66,6 +66,25 @@
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:agov.techuser.extId" value="#{request.getActorCertAsString()}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Validation_Client_Cert" class="ch.nevis.idm.authstate.IdmX509State" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="ok" next="Auth_Realm_Main_STS_Validation_Client_Cert_PostProcessing"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Gui name="AuthErrorDialog">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<GuiElem name="lasterror" type="error" label="#{notes.containsKey('lasterror') ? 'error.login.cert.' : ''}#{notes['lasterror']}"/>
</Gui>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="user.certificate" value="#{request.getActorCertAsString()}"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="client.name" value="Default"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Dispatcher_TokenType" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="SamlAssertion" next="Auth_Realm_Main_STS_Service_Provider_State"/>
@ -87,6 +106,38 @@
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="condition:usernameToken" value="${request:currentResource:/nevisauth/services/sts/username:true}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_STS_Audit_Failure" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="error" next="Auth_Realm_Main_STS_Authentication_Failed"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="ok" next="Auth_Realm_Main_STS_Authentication_Failed"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/sts_audit_failure.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Validation_Client_Cert_PostProcessing" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="ok" next="Auth_Realm_Main_STS_Check_Impersonator"/>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="detaillevel.default" value="EXCLUDE"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="chooseDefaultProfile" value="true"/>
</AuthState>
<AuthState name="nevisIDM_Connector" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false">
<!-- source: pattern://8d94681ba6da73f92618e32d -->
<property name="login.service.connection.0" value="https://idm:8989/nevisidm/services/v1/LoginService"/>
<!-- source: pattern://8d94681ba6da73f92618e32d -->
<property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Service_Provider_State" class="ch.nevis.esauth.auth.states.saml.ServiceProviderState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
@ -174,21 +225,6 @@
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="detaillevel.default" value="EXCLUDE"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_STS_Audit_Failure" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="error" next="Auth_Realm_Main_STS_Authentication_Failed"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="ok" next="Auth_Realm_Main_STS_Authentication_Failed"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/sts_audit_failure.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Verify_User_extID" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="clientNotFound" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
@ -207,6 +243,31 @@
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="client.name" value="agov"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Gui name="Error">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Check_Impersonator" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="isImpersonator" next="Auth_Realm_Main_STS_Clear_Session"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="condition:isImpersonator" value="${response/actualRoles/^.*(nevisIdm\.Impersonator).*$}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Verify_Shadow_User_Error" class="ch.nevis.esauth.auth.states.standard.AuthLogout" final="true" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
@ -232,24 +293,6 @@
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="cred.type" value="CONTEXT_PASSWORD"/>
</AuthState>
<AuthState name="nevisIDM_Connector" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false">
<!-- source: pattern://8d94681ba6da73f92618e32d -->
<property name="login.service.connection.0" value="https://idm:8989/nevisidm/services/v1/LoginService"/>
<!-- source: pattern://8d94681ba6da73f92618e32d -->
<property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Gui name="Error">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Verify_User_extID_IdmGetPropertiesState" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="SOAP:showGui" next="Auth_Realm_Main_STS_STS_Audit_Success"/>
@ -271,6 +314,43 @@
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="chooseDefaultProfile" value="true"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Clear_Session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="ok" next="Auth_Realm_Main_STS_Cache_Trusted_Caller"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:agov.techuser.extId" value="${sess:ch.adnovum.nevisidm.user.extId}"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.clientExtId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.clientId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.clientName" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.profileExtId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.profileId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.profileName" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.user.clientExtId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.user.extId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.user.loginId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.userDto" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.adnovum.nevisidm.userExtId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="sess:ch.nevis.idm.User.extId" value=""/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="removeOnEmptyValue" value="true"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_STS_Audit_Success" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="error" next="Auth_Realm_Main_STS_Authentication_Failed"/>
@ -286,6 +366,26 @@
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/sts_audit_success.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Cache_Trusted_Caller" class="ch.nevis.esauth.auth.states.cache.WriteToCacheState" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="failed" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<ResultCond name="ok" next="Auth_Realm_Main_STS_Dispatcher_TokenType"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_ERROR"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="cacheSpace" value="TechAuthCache"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="hashAlgorithm" value="SHA-512"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="maxAge" value="3600"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="maxEntries" value="2"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="overwriteOldEntries" value="false"/>
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<property name="#{request.getActorCertAsString()}" value="${sess:agov.techuser.extId}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_STS_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false" resumeState="true">
<!-- source: pattern://5d7dc3d51416356293a239f7 -->
<Response value="AUTH_DONE">