Compare commits
20 Commits
r-5e17b7ae
...
master
| Author | SHA1 | Date |
|---|---|---|
haburger
|
fd6690ec85 | |
|
haburger
|
ba48cbb253 | |
|
haburger
|
9a98a657c2 | |
|
haburger
|
fae3a6e302 | |
|
haburger
|
d18a83bb2a | |
|
haburger
|
1b8503773e | |
|
haburger
|
3f615f856b | |
|
haburger
|
8820fd4bb5 | |
|
haburger
|
9d4a5fd184 | |
|
haburger
|
3a2c98739c | |
|
haburger
|
55d5df785c | |
|
haburger
|
75bfa98470 | |
|
haburger
|
7d10c7bdaf | |
|
haburger
|
a3fad2bd5f | |
|
haburger
|
559214b638 | |
|
haburger
|
93eed7e60c | |
|
haburger
|
fdd705eed5 | |
|
haburger
|
c7cbe4fe4d | |
|
haburger
|
5fb9ba8c87 | |
admin
|
3c52d5ff3d |
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-5e17b7ae74eadb8800587a4f4db74406a7e21e95"
|
||||
tag: "r-d6878093aefa2bfb8cc241b61fff5fe94bc95282"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -20,6 +20,8 @@ Configuration:
|
|||
level: "DEBUG"
|
||||
- name: "AgovCaptcha"
|
||||
level: "DEBUG"
|
||||
- name: "ArtifactResolutionService"
|
||||
level: "DEBUG"
|
||||
- name: "AuthEngine"
|
||||
level: "INFO"
|
||||
- name: "AuthPerf"
|
||||
|
|
@ -27,9 +29,11 @@ Configuration:
|
|||
- name: "IdmAuth"
|
||||
level: "DEBUG"
|
||||
- name: "OpTrace"
|
||||
level: "DEBUG"
|
||||
level: "INFO"
|
||||
- name: "Recovery"
|
||||
level: "DEBUG"
|
||||
- name: "Saml"
|
||||
level: "DEBUG"
|
||||
- name: "Script"
|
||||
level: "DEBUG"
|
||||
- name: "SessCoord"
|
||||
|
|
|
|||
|
|
@ -46,9 +46,12 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-5e17b7ae74eadb8800587a4f4db74406a7e21e95"
|
||||
tag: "r-53c09bd6632aebeda2b892197a01a8f7f185561d"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
||||
credentials: "git-credentials"
|
||||
database:
|
||||
name: "auth"
|
||||
requiredVersion: "8.2505.5"
|
||||
keystores:
|
||||
- "auth-sh4r3d-internal-idp-auth-signer"
|
||||
- "auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
apiVersion: "operator.nevis-security.ch/v1"
|
||||
kind: "NevisDatabase"
|
||||
metadata:
|
||||
name: "auth"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
labels:
|
||||
deploymentTarget: "auth"
|
||||
annotations:
|
||||
projectKey: "DEFAULT-ADN-AGOV-PROJECT"
|
||||
patternId: "b7b59e97b3fd18bb60178573"
|
||||
spec:
|
||||
type: "NevisAuth"
|
||||
databaseType: "MariaDB"
|
||||
version: "8.2505.5"
|
||||
url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
|
||||
port: 3306
|
||||
database: "nevisauth"
|
||||
bootstrap: true
|
||||
migrate: true
|
||||
rootCredentials:
|
||||
name: "root-mariadb-session-store"
|
||||
namespace: "adn-agov-nevisidm-ob-01-uat"
|
||||
podSecurity:
|
||||
policy: "baseline"
|
||||
automountServiceAccountToken: false
|
||||
timeZone: "Europe/Zurich"
|
||||
|
|
@ -1,54 +1,54 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
|
||||
DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
|
||||
ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
|
||||
16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
|
||||
O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
|
||||
QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
|
||||
L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
|
||||
kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
|
||||
CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
|
||||
iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
|
||||
IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
|
||||
MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
|
||||
Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
|
||||
h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
|
||||
vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
|
||||
dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
|
||||
179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
|
||||
5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
|
||||
vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
|
||||
t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
|
||||
DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
|
||||
8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
|
||||
zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
|
||||
aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
|
||||
BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
|
||||
wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
|
||||
brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
|
||||
ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
|
||||
0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
|
||||
CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
|
||||
QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
|
||||
JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
|
||||
CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
|
||||
N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
|
||||
SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
|
||||
bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
|
||||
OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
|
||||
vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
|
||||
o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
|
||||
nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
|
||||
wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
|
||||
UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
|
||||
L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
|
||||
zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
|
||||
9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
|
||||
skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
|
||||
x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
|
||||
Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
|
||||
K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
|
||||
hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
|
||||
dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
|
||||
bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
|
||||
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUvdFHAj0YggoFr07l
|
||||
OCEjWZAMT1oCAggAMB0GCWCGSAFlAwQBKgQQc0LHn1pUPI8PXXos61VpwgSCCVBh
|
||||
wA/Ghkde2sb3r+cGG6k7iyM3UWPWu0f0Ac+i4uoKoQhGWlbsMVj/GRgDCcfr5D+C
|
||||
2DOvjttdX17UIbEpSC8qbUsplrlSnZGZrizQN5oS7iKNegFQENUpj7uNjZ7ASJy3
|
||||
ZOIOsCvuNau+7teDrlIfcUe/A7M9Pm+ZkVFhCDEys1igRb9Sv0EBwQ6aYeei2BtF
|
||||
KbnVuEJTi38uGj1VB1E6z8YswlqRIPjcs2UnOUuQ3GBMDLnd4hYGvYOs6Sh8p3kh
|
||||
ELP/vZ7zNtSdKVjmsTLyk7BVFkOI5sdBS6igon1aqDqTsY3POgLoqtqi3fF4BKIZ
|
||||
mhsU7CfF++AutxHaDWXj+0qLcKkA3SSnYdKOJmOBeBEnqqFv5SQ2YZe/DCetfhjS
|
||||
SpY4aST2aCfSAWzK6Amo2/TH7bLqgqwqs+RICcQLpOVD9OLSDX+7vqqo+xWzdONw
|
||||
pm+l/x/9NEgTSEwZv7gJxPg8omBub7HR/SHR7BSb8dsld8wUdgNFeixY6NXTLxHv
|
||||
92HKR6Cw5vFd0OaDGlQL1ay3UAc2SPNE2/0oHEAbwoRPKcNhhHGXl8skhuKHgupp
|
||||
6gWRpsQeKechQCysP/wRMm7v0przBCUm+PSUpbT5aV3j+iQYXGdme9E01TaRaKKb
|
||||
BhiuyzDBPwXeUktBpvpq7d/pOp3eTbF8cbXXDP+DqRl6KcHK5wB+wEavqVo06RGZ
|
||||
NtdHzOJTT1V0cUMobsI7hC0TcB0YeeZBRX66tMIrjCl4QuS2nv8Kn0oz2nZ8htfm
|
||||
5M6cwBd/NymfGIEI2RR53fv5dN917WsagY5n0lQzNV4VAK1WrxfxtbUuQVKK5S02
|
||||
zqGxriMQ9CA1tU86Ec0Gk4mbiEwExArD1YprHl0p8HhEV34J9VjG+GhSXpKp/1zL
|
||||
wl+LChF/GxW6INFxH0qo7ecFodoJPTNdTxFHhzdMBoXf2sXpR9nFMuvuRdlS6rKy
|
||||
zytxZLwT8EF7f4x0BgxCDFD+/1WonSSWahgMWfmthrt9MSFH17ZMd3/aVkJwDxrk
|
||||
61IBEgJI/DhGniNnzK171XiG7cpunwd7TV4RV1i8munPMi4Za1w4rwTzhnLzZ1/R
|
||||
jK5AO5waKqecmrMFOhWrcekwn43Tx0PpOeAA9iDlfGPGrY0mCgKTmlccqgrFKtn6
|
||||
sjNRsRQ8/77cBRbX8Acrc4wG1814ggLMp1RxRgoHLnzIz0tSbay6eE/TuUMqRalQ
|
||||
HAurDKHOJEjS3Kv5SKli0MzsTwGxyoycF6er76CYiIo+n1CBBRrIg/iDaLkKV4TK
|
||||
E56rxVfVKmN1yg5lNYTg+F7DDudY4/R6RGmORi9dsmgGS/qeKcX/ggdXrgt1Hd07
|
||||
0xOQmR1rdKnmNoqJXoYhSmMHvCRBc1Yf4xkfvOsE8LQoG91lpucsWjAJM6FnHZRU
|
||||
TlOXa/Z3DDtbr17arJdFtOSsaYodhZcG42diamhbMvKyoYYTwwXubFKOZCQplrin
|
||||
343cmbhpGfIyhSMerWOsULDffhizfkH8cyXjb2bJZk1zX8/CUtPegAjv0L0zdtv+
|
||||
6A8UZqGDSbzzGuksUtcNLpnaQeDoLm2GlF8r6JCGRt/31ROI2Eqf71hve55s2DE1
|
||||
whdv+YxmphNgnCn095p8gnOZMmYz2tQMEtslKr+TmYWNxSoB9MCtTDAbtRNxkfnn
|
||||
rjZxe2vHNapJ6VmIfDDuyNxz3323Z9sAzLkqGAe83Zx7XLpXjs0HUaG2EQnMffT8
|
||||
Frfr9ptczfav1tkmFQMBmCL5xS4/1gkQyNwB2wy8Kdez0T6Oxm31D63HgwKT9pmE
|
||||
6EGnxUOBvNk3MEeiaC10plR3cl2PxANqfbtwPuor/a2IQq2zABnjaPgrQn1zexB5
|
||||
0ncTjv3OcQLAH0di7V0vKpTIQpUL8QM+Sor5YRSO36CgJxVrS7aKo8W0QRSUwgy9
|
||||
PGEHu3tagqs05ryIcyU0KaO3KJzkGA/in/OGtm2x3/lFogsvTajleIDcqO6rHYGV
|
||||
JYtXn8drG31cbmTtak+N/VfmAVpQ6PJG8b3YevW1W1ySxriTm4jGMvtunDtreyEB
|
||||
MXzSeWhtWot6IBWDMNqh9JIghmG+gwI1xD2AK1BR9ifSgjQ8ZA8mc2C2kinka9wl
|
||||
Sl7/9/rdsQQRJs7inNUvJ8W4eY62ILlRyAe0xaUlo08JUhlK3Xf3LWD4frRfHoBx
|
||||
hCxfOAnlSzaRksatd0N72LiVLIL864peScyMpvS1EaE1aUGhfnFemb5wXIewyY1g
|
||||
Hj6bKTQlt0iB+aVj1EWSfGrZ8sshWB91dBNCssu0q+DHHzAX1wkE0i8eNlLlFcmm
|
||||
aDReRJSS+7qAVGdksEyzE+IGAzbXnYKyWudpdB/WwR+6kDEKsqFv52z0i0JH83Tj
|
||||
QvinHcyh3nLfXf+GV9LYjLhZEOkHm8diHgYdRMsY2d21jd0q6Eo7hiQzF3pSutj2
|
||||
GxDya0+rDK8LP9LboYOUTyJaNZPcqlTrQjQQls55kTnHinImYgiT91w6GhFS4GU4
|
||||
E3KSIsYzBo64HjHl0vLwcfJ6ghvUMu4cTW1z1L0+ieKqiajIMuvQmIxhS9fO2qVg
|
||||
FbsihnJKq/EbeU7uMGq/3FJWJk0D0G8SiJsgP85mbY90qePW3CvnoRnH6PemYCeF
|
||||
T3qJMPFgT2ncLhIrC5cR7F27DCU/CH1jJW4GRx7PeNBeLErWpDghzeJS5IJFW5q8
|
||||
RIw/HJaLd6TmPNnjQ7XXpU6J519EHRmFDnANXooLDFnwDqam0sokdg9ix4yQYw+e
|
||||
jh3mOQJ5lwtccSFpcgGvzApA+xd62//qFixqe0zoq9ThEvPB9wKQe8aAtCsDxrvw
|
||||
PKLbsdy9OdqM1h3TWh+ioWZJb69LRA9MoArAZ8ntpHluQ1amL1wiV8wJReXD4kua
|
||||
fGbf+S1wnUlH4lTkJa0ApTIM0OsWzYFb2F8VDdgvfmtCSYlbS37Qy4+TKJFNtMEA
|
||||
FQyLUmAlgCdgAiBLVrrV9uDYeRnPVUShlsyZCwBUm92cjDiQkSWhDjro7NQTBMfo
|
||||
I4A+5OhaX61eNJYFqXv0KWBTGjRnW/dhAilNlc0QWKO+p4mwtTUlwVe0EMb3naxh
|
||||
9ioJUHlwkcfJWBQAVAR/pbslzlpND8wE8NnH5P6z0H95ft3Q6v+JYD2zdhTTfTlw
|
||||
X/YlQuf14Vuey6B9bnAPHKh2zE5x53MwVL0OvnfVnw==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
|
|
|
|||
|
|
@ -1,56 +1,56 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
|
||||
DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
|
||||
ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
|
||||
16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
|
||||
O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
|
||||
QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
|
||||
L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
|
||||
kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
|
||||
CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
|
||||
iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
|
||||
IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
|
||||
MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
|
||||
Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
|
||||
h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
|
||||
vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
|
||||
dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
|
||||
179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
|
||||
5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
|
||||
vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
|
||||
t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
|
||||
DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
|
||||
8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
|
||||
zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
|
||||
aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
|
||||
BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
|
||||
wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
|
||||
brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
|
||||
ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
|
||||
0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
|
||||
CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
|
||||
QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
|
||||
JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
|
||||
CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
|
||||
N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
|
||||
SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
|
||||
bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
|
||||
OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
|
||||
vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
|
||||
o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
|
||||
nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
|
||||
wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
|
||||
UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
|
||||
L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
|
||||
zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
|
||||
9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
|
||||
skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
|
||||
x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
|
||||
Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
|
||||
K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
|
||||
hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
|
||||
dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
|
||||
bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
|
||||
MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUvdFHAj0YggoFr07l
|
||||
OCEjWZAMT1oCAggAMB0GCWCGSAFlAwQBKgQQc0LHn1pUPI8PXXos61VpwgSCCVBh
|
||||
wA/Ghkde2sb3r+cGG6k7iyM3UWPWu0f0Ac+i4uoKoQhGWlbsMVj/GRgDCcfr5D+C
|
||||
2DOvjttdX17UIbEpSC8qbUsplrlSnZGZrizQN5oS7iKNegFQENUpj7uNjZ7ASJy3
|
||||
ZOIOsCvuNau+7teDrlIfcUe/A7M9Pm+ZkVFhCDEys1igRb9Sv0EBwQ6aYeei2BtF
|
||||
KbnVuEJTi38uGj1VB1E6z8YswlqRIPjcs2UnOUuQ3GBMDLnd4hYGvYOs6Sh8p3kh
|
||||
ELP/vZ7zNtSdKVjmsTLyk7BVFkOI5sdBS6igon1aqDqTsY3POgLoqtqi3fF4BKIZ
|
||||
mhsU7CfF++AutxHaDWXj+0qLcKkA3SSnYdKOJmOBeBEnqqFv5SQ2YZe/DCetfhjS
|
||||
SpY4aST2aCfSAWzK6Amo2/TH7bLqgqwqs+RICcQLpOVD9OLSDX+7vqqo+xWzdONw
|
||||
pm+l/x/9NEgTSEwZv7gJxPg8omBub7HR/SHR7BSb8dsld8wUdgNFeixY6NXTLxHv
|
||||
92HKR6Cw5vFd0OaDGlQL1ay3UAc2SPNE2/0oHEAbwoRPKcNhhHGXl8skhuKHgupp
|
||||
6gWRpsQeKechQCysP/wRMm7v0przBCUm+PSUpbT5aV3j+iQYXGdme9E01TaRaKKb
|
||||
BhiuyzDBPwXeUktBpvpq7d/pOp3eTbF8cbXXDP+DqRl6KcHK5wB+wEavqVo06RGZ
|
||||
NtdHzOJTT1V0cUMobsI7hC0TcB0YeeZBRX66tMIrjCl4QuS2nv8Kn0oz2nZ8htfm
|
||||
5M6cwBd/NymfGIEI2RR53fv5dN917WsagY5n0lQzNV4VAK1WrxfxtbUuQVKK5S02
|
||||
zqGxriMQ9CA1tU86Ec0Gk4mbiEwExArD1YprHl0p8HhEV34J9VjG+GhSXpKp/1zL
|
||||
wl+LChF/GxW6INFxH0qo7ecFodoJPTNdTxFHhzdMBoXf2sXpR9nFMuvuRdlS6rKy
|
||||
zytxZLwT8EF7f4x0BgxCDFD+/1WonSSWahgMWfmthrt9MSFH17ZMd3/aVkJwDxrk
|
||||
61IBEgJI/DhGniNnzK171XiG7cpunwd7TV4RV1i8munPMi4Za1w4rwTzhnLzZ1/R
|
||||
jK5AO5waKqecmrMFOhWrcekwn43Tx0PpOeAA9iDlfGPGrY0mCgKTmlccqgrFKtn6
|
||||
sjNRsRQ8/77cBRbX8Acrc4wG1814ggLMp1RxRgoHLnzIz0tSbay6eE/TuUMqRalQ
|
||||
HAurDKHOJEjS3Kv5SKli0MzsTwGxyoycF6er76CYiIo+n1CBBRrIg/iDaLkKV4TK
|
||||
E56rxVfVKmN1yg5lNYTg+F7DDudY4/R6RGmORi9dsmgGS/qeKcX/ggdXrgt1Hd07
|
||||
0xOQmR1rdKnmNoqJXoYhSmMHvCRBc1Yf4xkfvOsE8LQoG91lpucsWjAJM6FnHZRU
|
||||
TlOXa/Z3DDtbr17arJdFtOSsaYodhZcG42diamhbMvKyoYYTwwXubFKOZCQplrin
|
||||
343cmbhpGfIyhSMerWOsULDffhizfkH8cyXjb2bJZk1zX8/CUtPegAjv0L0zdtv+
|
||||
6A8UZqGDSbzzGuksUtcNLpnaQeDoLm2GlF8r6JCGRt/31ROI2Eqf71hve55s2DE1
|
||||
whdv+YxmphNgnCn095p8gnOZMmYz2tQMEtslKr+TmYWNxSoB9MCtTDAbtRNxkfnn
|
||||
rjZxe2vHNapJ6VmIfDDuyNxz3323Z9sAzLkqGAe83Zx7XLpXjs0HUaG2EQnMffT8
|
||||
Frfr9ptczfav1tkmFQMBmCL5xS4/1gkQyNwB2wy8Kdez0T6Oxm31D63HgwKT9pmE
|
||||
6EGnxUOBvNk3MEeiaC10plR3cl2PxANqfbtwPuor/a2IQq2zABnjaPgrQn1zexB5
|
||||
0ncTjv3OcQLAH0di7V0vKpTIQpUL8QM+Sor5YRSO36CgJxVrS7aKo8W0QRSUwgy9
|
||||
PGEHu3tagqs05ryIcyU0KaO3KJzkGA/in/OGtm2x3/lFogsvTajleIDcqO6rHYGV
|
||||
JYtXn8drG31cbmTtak+N/VfmAVpQ6PJG8b3YevW1W1ySxriTm4jGMvtunDtreyEB
|
||||
MXzSeWhtWot6IBWDMNqh9JIghmG+gwI1xD2AK1BR9ifSgjQ8ZA8mc2C2kinka9wl
|
||||
Sl7/9/rdsQQRJs7inNUvJ8W4eY62ILlRyAe0xaUlo08JUhlK3Xf3LWD4frRfHoBx
|
||||
hCxfOAnlSzaRksatd0N72LiVLIL864peScyMpvS1EaE1aUGhfnFemb5wXIewyY1g
|
||||
Hj6bKTQlt0iB+aVj1EWSfGrZ8sshWB91dBNCssu0q+DHHzAX1wkE0i8eNlLlFcmm
|
||||
aDReRJSS+7qAVGdksEyzE+IGAzbXnYKyWudpdB/WwR+6kDEKsqFv52z0i0JH83Tj
|
||||
QvinHcyh3nLfXf+GV9LYjLhZEOkHm8diHgYdRMsY2d21jd0q6Eo7hiQzF3pSutj2
|
||||
GxDya0+rDK8LP9LboYOUTyJaNZPcqlTrQjQQls55kTnHinImYgiT91w6GhFS4GU4
|
||||
E3KSIsYzBo64HjHl0vLwcfJ6ghvUMu4cTW1z1L0+ieKqiajIMuvQmIxhS9fO2qVg
|
||||
FbsihnJKq/EbeU7uMGq/3FJWJk0D0G8SiJsgP85mbY90qePW3CvnoRnH6PemYCeF
|
||||
T3qJMPFgT2ncLhIrC5cR7F27DCU/CH1jJW4GRx7PeNBeLErWpDghzeJS5IJFW5q8
|
||||
RIw/HJaLd6TmPNnjQ7XXpU6J519EHRmFDnANXooLDFnwDqam0sokdg9ix4yQYw+e
|
||||
jh3mOQJ5lwtccSFpcgGvzApA+xd62//qFixqe0zoq9ThEvPB9wKQe8aAtCsDxrvw
|
||||
PKLbsdy9OdqM1h3TWh+ioWZJb69LRA9MoArAZ8ntpHluQ1amL1wiV8wJReXD4kua
|
||||
fGbf+S1wnUlH4lTkJa0ApTIM0OsWzYFb2F8VDdgvfmtCSYlbS37Qy4+TKJFNtMEA
|
||||
FQyLUmAlgCdgAiBLVrrV9uDYeRnPVUShlsyZCwBUm92cjDiQkSWhDjro7NQTBMfo
|
||||
I4A+5OhaX61eNJYFqXv0KWBTGjRnW/dhAilNlc0QWKO+p4mwtTUlwVe0EMb3naxh
|
||||
9ioJUHlwkcfJWBQAVAR/pbslzlpND8wE8NnH5P6z0H95ft3Q6v+JYD2zdhTTfTlw
|
||||
X/YlQuf14Vuey6B9bnAPHKh2zE5x53MwVL0OvnfVnw==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
#!/bin/bash
|
||||
echo 'password'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,32 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFdzCCA1+gAwIBAgIUdL2pr5w+jKA9HF9llVbMRTK4MO8wDQYJKoZIhvcNAQEL
|
||||
BQAwSzELMAkGA1UEBhMCQ0gxDTALBgNVBAcMBEJlcm4xEjAQBgNVBAoMCUFHT1Yg
|
||||
V29yazEZMBcGA1UEAwwQYXRiLXdvcmstaWRwLWtleTAeFw0yNTA5MDMwNjQ2Mjha
|
||||
Fw0zNTA5MDEwNjQ2MjhaMEsxCzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRIw
|
||||
EAYDVQQKDAlBR09WIFdvcmsxGTAXBgNVBAMMEGF0Yi13b3JrLWlkcC1rZXkwggIi
|
||||
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2s6fPlpWv/1zEnail7TCUphEQ
|
||||
A/dr/uY+qQqA/okB+Okd5hGDow7zBe/zICn7PJlGXzkq87o4Q3ZFvOFLqvlhwprp
|
||||
OQquIviN6VBss2F3c174Zkk7ksciLQzPYjGBgw+l/ZeZY/AOYBeConsrHobTbjPd
|
||||
StI8FZr8zVnamMWd/nBnryA5mZy9+vKz3iPJXPXZmyhBnOJfPZjMmkLvY9wEfGfc
|
||||
rGrbqh6f7grleVNU16Rt46TtJRIqWEAdqi1I81d3kEWuqHkYCZf1ZJpDtprJPVko
|
||||
fWViFzMz7zuAK5kdaGVwu0R7zeKz6FCHWWQ5bqScQbZ53zX6D3sP6ZNnZXdo6n0L
|
||||
i+x17sgZa6VJtWF6s/UUxl8jPteprfRHrgIT3yKK9ewpXEhcc4aNJyCTiXpicOOn
|
||||
QUBkkxyT7MtG1j51GPFcoFsBn4X9A1BXUmz2+YrDfFKtj0LwKZe6naI5v+FGtqeQ
|
||||
/GeRpaFISwg/L5ewHe3NTH//8ZyWQsbJ2FEIff3LM+0+ivrORJs45GW12ny6MDY1
|
||||
Q8PTEsPL/9nhY1Mf99qpB9ivouVF/vGDWont16PhaZ2N31Osbbok3Emfbk0MVfvh
|
||||
MuY0PPX/eWfn+5WlxBegS9PXbrcNW7MV0vsow8Js9+B29nao/VeFOQDfrU9p//xu
|
||||
nDkeh9z5vqRP7clgMQIDAQABo1MwUTAdBgNVHQ4EFgQUqqmWA9MTwbzRFOfxZbu8
|
||||
nIyk4dEwHwYDVR0jBBgwFoAUqqmWA9MTwbzRFOfxZbu8nIyk4dEwDwYDVR0TAQH/
|
||||
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAnh1nayZy7CjTDvXjht0jNEyCPahL
|
||||
/gzcfx173FWnDbG3DMqjKB0u7bbpWIdStvTHpvs4NOg7H1/3Xc3cu3vtw6PF3Tkt
|
||||
ZGJrMgZ5H9BUPW7BeNPqylh0Xj9vWUhxOdRfthzHcuSg2H6k5GBe+ROVIWLcc5g2
|
||||
vIuEEnpL9H5mlt4MofodPJjDrOvbJ5eDOGnNlcSKgPy8ZxrvyesmjFquu9/941p5
|
||||
wOpGhfVRH6U9GBIy1wWjjO4y2oRtgdgV0Dm57VNaxNi4R0cRW+eg7H7jED2gWVdS
|
||||
Zftkrq44/lXFnWZDXWq8JJs0QPPD30i8fbGvZjRbrVQus5wW+dlirSkljQD8WpiY
|
||||
N7PS2y+Io9WDetabxDSkHQGduldlHqnjvvR7TtLBT73fbmrra7nLrxbwAyQs/lp9
|
||||
r2904tzgBfhHb5GCrYE1s3h339eb/HXZlPqG1EcYimsAIyyBQ7WyHOgXq5RqwgbW
|
||||
9O8aQUWPQrdtWrv8BkYSjjgDSxj9Pu7yBFnSdyI879uvBZDYovm/MmgcguAaJ8UC
|
||||
PUcchbvgdLJHnbBA5aFm/Fkhb2WKi3Q0vExUHM3sXazJAAjIplbunHkqf8Wc7lva
|
||||
94y3AXN9dg5LEjcwkjQbyGmmuSFq0Hse0b1KE+4INYUigECUcXuKYWrP0RuPzCKU
|
||||
4g4p3ZpFGmoq4lM=
|
||||
-----END CERTIFICATE-----
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -5,6 +5,8 @@
|
|||
<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
|
||||
<!-- source: pattern://7022472ae407577ae604bbb8 -->
|
||||
<LocalSessionStore maxSessions="100000"/>
|
||||
<!-- source: pattern://b7b59e97b3fd18bb60178573 -->
|
||||
<RemoteSessionStore connectionUser="pipe:///var/opt/nevisauth/default/conf/credentials/dbUser" connectionPassword="pipe:///var/opt/nevisauth/default/conf/credentials/dbPassword" connectionUrl="jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisauth?serverTimezone=UTC&sslMode=disable&autocommit=true" connectionMaxLifeTime="1800000" connectionMaxIdleTime="600000" connectionMinPoolSize="10" connectionMaxPoolSize="10" connectionAutomaticDbSchemaSetup="false" storeUnauthenticatedSessions="true"/>
|
||||
<!-- source: pattern://7022472ae407577ae604bbb8 -->
|
||||
<TokenAssembler name="DefaultTokenAssembler">
|
||||
<Selector default="true"/>
|
||||
|
|
@ -132,6 +134,11 @@
|
|||
<!-- source: pattern://8dbec5bb024707d73fca93ef -->
|
||||
<KeyObject name="https://trustbroker-idp.agov-w.azure.adnovum.net" certificate="/var/opt/keys/trust/idp-pem-atb/truststore.jks"/>
|
||||
</KeyStore>
|
||||
<!-- source: pattern://b09a3092a59797b317c06ae4 -->
|
||||
<KeyStore name="EncryptionKeys">
|
||||
<!-- source: pattern://b09a3092a59797b317c06ae4 -->
|
||||
<KeyObject name="DefaultEncryptionKey" certificate="/var/opt/keys/trust/idp-pem-atb-enc/truststore.jks"/>
|
||||
</KeyStore>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<KeyStore name="Auth_Realm_Mobile_FIDO_UAFKeyStore">
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
|
|
@ -150,8 +157,8 @@
|
|||
<KeyObject name="internal_tls_Truststore" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
|
||||
</KeyStore>
|
||||
</SessionCoordinator>
|
||||
<!-- source: pattern://7022472ae407577ae604bbb8 -->
|
||||
<LocalOutOfContextDataStore reaperPeriod="60"/>
|
||||
<!-- source: pattern://b7b59e97b3fd18bb60178573 -->
|
||||
<RemoteOutOfContextDataStore connectionUser="pipe:///var/opt/nevisauth/default/conf/credentials/dbUser" connectionPassword="pipe:///var/opt/nevisauth/default/conf/credentials/dbPassword" connectionUrl="jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisauth?serverTimezone=UTC&sslMode=disable&autocommit=true" connectionMaxLifeTime="1800000" connectionMaxIdleTime="600000" connectionMinPoolSize="10" connectionMaxPoolSize="10" connectionAutomaticDbSchemaSetup="false"/>
|
||||
<!-- source: pattern://204c22beaccdfd22727af378, pattern://06aeae2d799e492f5580d03b, pattern://7022472ae407577ae604bbb8, pattern://7022472ae407577ae604bbb8, pattern://9a8294b080ea769d22924af0, pattern://f393012a278e525956a362d3, pattern://c686c1bdd5355351f7f98cc8, pattern://7fb39bfd6c34685866a22180, pattern://b8bdab6e4634a1d81f20e5bb, pattern://cb8c63274fe346280de0ffd5, pattern://9a1d3c6052019748d3510261, pattern://ae023be7e097522c74e31d17, pattern://81ae3547acc02160f787a546, pattern://0327ca909dfcaf2d332da104, pattern://584964c837512845d7940809, pattern://e0fda9336be9c69dafc9b69e, pattern://7022472ae407577ae604bbb8, pattern://cb8c63274fe346280de0ffd5, pattern://204c22beaccdfd22727af378, pattern://06aeae2d799e492f5580d03b, pattern://7022472ae407577ae604bbb8 -->
|
||||
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisidmcl/nevisauth/lib:/opt/nevisfidocl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
|
||||
<!-- source: pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
|
|
@ -424,6 +431,8 @@
|
|||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<ResultCond name="main" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<ResultCond name="main_secure" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<Gui name="saml_dispatcher" label="title.saml.failed">
|
||||
|
|
@ -851,6 +860,10 @@
|
|||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="logoutTrigger" value="#{request['currentResource'].contains('logout') || inargs.containsKey('logout') || inargs.containsKey('SAMLLogout')}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="in.verify" value="Assertion, AuthnRequest, ArtifactResolve, ArtifactResponse"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="in.prospectVerification" value="ArtifactResolve"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.binding" value="http-post"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.post.relayStateEncoding" value="HTML"/>
|
||||
|
|
@ -937,6 +950,19 @@
|
|||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2025/07/identity/claims/op/conversationId" value="${inctx:connection.HttpHeader.traceparent:^([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)-([0-9a-f]+)$:$2}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="default" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_post"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="useArtifact" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_artifact"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<Gui name="AuthErrorDialog"/>
|
||||
</Response>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="condition:useArtifact" value="${sess:agov.idp.use.artifact:^true$}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://826166d230a6a4849f2837ae -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
|
|
@ -1192,6 +1218,100 @@
|
|||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_post" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<Gui name="saml_idp" label="title.saml.failed">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<propertyRef name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2SEC/"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.binding" value="http-post"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.post.relayStateEncoding" value="HTML"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.encrypt" value="none"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.encrypt.keystoreref" value="EncryptionKeys"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.encrypt.keyobjectref" value="DefaultEncryptionKey"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC_artifact" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP_SEC"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<Gui name="saml_idp" label="title.saml.failed">
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<propertyRef name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2SEC/"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.binding" value="http-artifact"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.post.relayStateEncoding" value="HTML"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.encrypt" value="none"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.encrypt.keystoreref" value="EncryptionKeys"/>
|
||||
<!-- source: pattern://bb9e7806a04578e0ad468829 -->
|
||||
<property name="out.encrypt.keyobjectref" value="DefaultEncryptionKey"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
|
||||
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
|
||||
<ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
|
||||
|
|
@ -3450,6 +3570,21 @@
|
|||
<!-- source: pattern://ab5a82719993921822e95751 -->
|
||||
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
||||
</WebService>
|
||||
<!-- source: pattern://14efdcb489f3f295fcbdf811 -->
|
||||
<WebService name="IDP_AGOV_SEC_ARS" class="ch.nevis.esauth.auth.adapter.saml.ArtifactResolutionService" uri="/nevisauth/services/ars/sec" SSODomain="Auth_Realm_Main_IDP">
|
||||
<!-- source: pattern://14efdcb489f3f295fcbdf811 -->
|
||||
<property name="issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2SEC/"/>
|
||||
<!-- source: pattern://14efdcb489f3f295fcbdf811 -->
|
||||
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://14efdcb489f3f295fcbdf811 -->
|
||||
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
||||
<!-- source: pattern://14efdcb489f3f295fcbdf811 -->
|
||||
<property name="in.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://14efdcb489f3f295fcbdf811 -->
|
||||
<property name="in.verify" value="ArtifactResolve"/>
|
||||
<!-- source: pattern://14efdcb489f3f295fcbdf811 -->
|
||||
<property name="in.prospectVerification" value=""/>
|
||||
</WebService>
|
||||
<!-- source: pattern://7022472ae407577ae604bbb8 -->
|
||||
<RESTService name="ManagementService" class="ch.nevis.esauth.rest.service.session.ManagementService"/>
|
||||
</esauth-server>
|
||||
|
|
|
|||
|
|
@ -23,54 +23,72 @@ def redirect(String url) {
|
|||
outargs.put('nevis.transfer.destination', url)
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts the content of the Issuer element from a parsed SAML message.
|
||||
* The Issuer is optional according to SAML specification but we need it for dispatching.
|
||||
*
|
||||
* @param xml - as parsed by Groovy XmlSlurper
|
||||
* @return text content of Issuer element converted or null
|
||||
*/
|
||||
String getIssuer(GPathResult xml) {
|
||||
return xml.depthFirst().find { GPathResult node -> {
|
||||
node.name().endsWith(":Issuer") || node.name().equalsIgnoreCase("Issuer")
|
||||
}
|
||||
}?.text()
|
||||
}
|
||||
|
||||
String getIssuer(String value) {
|
||||
if (value == null) {
|
||||
String getNormalisedSamlMessage(String parameter) {
|
||||
if (parameter == null) {
|
||||
return
|
||||
}
|
||||
String text
|
||||
byte[] decoded
|
||||
def parser = new XmlSlurper()
|
||||
// if value is raw xml then continue otherwise try to parse the base64 encoding
|
||||
if (value.startsWith("<")) {
|
||||
text = new String(value)
|
||||
}
|
||||
else {
|
||||
decoded = value.decodeBase64()
|
||||
text = new String(decoded)
|
||||
LOG.info("received SAML request $value")
|
||||
}
|
||||
|
||||
// after decoded, if redirect binding, we need to parse string to xml
|
||||
if (text.startsWith("<")) {
|
||||
LOG.debug("assuming POST/SOAP binding")
|
||||
// plain String (POST/SOAP parameter)
|
||||
def xml = parser.parseText(text)
|
||||
return getIssuer(xml)
|
||||
// if parameter is raw xml then continue otherwise try to parse the base64 encoding
|
||||
if (parameter.startsWith("<")) {
|
||||
text = new String(parameter)
|
||||
}
|
||||
else {
|
||||
LOG.debug("assuming redirect binding")
|
||||
// should be deflate encoded (query parameter)
|
||||
def is = new InflaterInputStream(new ByteArrayInputStream(decoded), new Inflater(true))
|
||||
def xml = parser.parse(is)
|
||||
return getIssuer(xml)
|
||||
decoded = parameter.decodeBase64()
|
||||
text = new String(decoded)
|
||||
}
|
||||
return text
|
||||
}
|
||||
|
||||
def dispatchIssuer(i2s, String issuer) {
|
||||
|
||||
String getNodeText(GPathResult xml, String nodeName) {
|
||||
return xml.depthFirst().find { GPathResult node -> {
|
||||
node.name().endsWith(":${nodeName}") || node.name().equalsIgnoreCase(nodeName)
|
||||
}
|
||||
}?.text()?.trim()
|
||||
}
|
||||
|
||||
String getAttribute(GPathResult xml, String attributeName) {
|
||||
return xml.depthFirst().find { GPathResult node -> {
|
||||
node.attributes().containsKey(attributeName)
|
||||
}
|
||||
}?.attributes()?.get(attributeName)
|
||||
}
|
||||
|
||||
String getNodeText(String parameter, String nodeName) {
|
||||
String samlMessage = getNormalisedSamlMessage(parameter)
|
||||
if (samlMessage == null) {
|
||||
return
|
||||
}
|
||||
def parser = new XmlSlurper()
|
||||
def xml = parser.parseText(samlMessage)
|
||||
return getNodeText(xml, nodeName)
|
||||
}
|
||||
|
||||
String getAttribute(String parameter, String attributeName) {
|
||||
String samlMessage = getNormalisedSamlMessage(parameter)
|
||||
if (samlMessage == null) {
|
||||
return
|
||||
}
|
||||
def parser = new XmlSlurper()
|
||||
def xml = parser.parseText(samlMessage)
|
||||
return getAttribute(xml, attributeName)
|
||||
}
|
||||
|
||||
String getIssuer(String value) {
|
||||
return getNodeText(value, 'Issuer')
|
||||
}
|
||||
|
||||
String getAttributeConsumingServiceIndex(String value) {
|
||||
return getAttribute(value, 'AttributeConsumingServiceIndex')
|
||||
}
|
||||
|
||||
String getProtocolBinding(String value) {
|
||||
return getAttribute(value, 'ProtocolBinding')
|
||||
}
|
||||
|
||||
def dispatchIssuer(i2s, String issuer, boolean secureMode) {
|
||||
def result = i2s.get(issuer)
|
||||
if (result == null) {
|
||||
LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
|
||||
|
|
@ -80,22 +98,33 @@ def dispatchIssuer(i2s, String issuer) {
|
|||
if(parameters.get('epdMode') == 'artifact' && result == 'epd'){
|
||||
LOG.debug("EPD: Artifact mode")
|
||||
result = result + "_artifact"
|
||||
}else{
|
||||
LOG.debug("EPD: POST mode")
|
||||
}
|
||||
} else if (result == 'main' && secureMode) {
|
||||
LOG.debug("AGOV: Secure mode requested")
|
||||
result = result + "_secure"
|
||||
}
|
||||
response.setResult(result)
|
||||
session.put("saml.inbound.issuer", issuer)
|
||||
session.put('saml.inbound.issuer', issuer)
|
||||
session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message
|
||||
|
||||
}
|
||||
|
||||
def dispatchIssuer(i2s, String issuer) {
|
||||
dispatchIssuer(i2s, issuer, false)
|
||||
}
|
||||
|
||||
def dispatchMessage(i2s, String message) {
|
||||
def issuer = getIssuer(message)
|
||||
def secureMode = (getAttributeConsumingServiceIndex(message) == '10101')
|
||||
def useArtifact = ('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' == getProtocolBinding(message))
|
||||
|
||||
LOG.info("secureMode requested: ${secureMode}")
|
||||
|
||||
if (issuer == null) {
|
||||
LOG.info("No issuer found in incoming SAML message. Giving up.")
|
||||
}
|
||||
session.put("saml.inbound.issuer", issuer)
|
||||
dispatchIssuer(i2s, issuer)
|
||||
session.put('saml.inbound.issuer', issuer)
|
||||
session.put('agov.idp.use.artifact', '' + useArtifact)
|
||||
dispatchIssuer(i2s, issuer, secureMode)
|
||||
}
|
||||
|
||||
if (parameters.get('logoutConfirmation') == 'true' && "stepup" == request.getMethod()) {
|
||||
|
|
|
|||
|
|
@ -20,6 +20,8 @@ Configuration:
|
|||
level: "DEBUG"
|
||||
- name: "AgovCaptcha"
|
||||
level: "DEBUG"
|
||||
- name: "ArtifactResolutionService"
|
||||
level: "DEBUG"
|
||||
- name: "AuthEngine"
|
||||
level: "INFO"
|
||||
- name: "AuthPerf"
|
||||
|
|
@ -27,9 +29,11 @@ Configuration:
|
|||
- name: "IdmAuth"
|
||||
level: "DEBUG"
|
||||
- name: "OpTrace"
|
||||
level: "DEBUG"
|
||||
level: "INFO"
|
||||
- name: "Recovery"
|
||||
level: "DEBUG"
|
||||
- name: "Saml"
|
||||
level: "DEBUG"
|
||||
- name: "Script"
|
||||
level: "DEBUG"
|
||||
- name: "SessCoord"
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-5e17b7ae74eadb8800587a4f4db74406a7e21e95"
|
||||
tag: "r-484395a405f9f7123da379fa8df82e197d2dbd71"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
|
||||
credentials: "git-credentials"
|
||||
database:
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ session-repository:
|
|||
max-connection-idle-time: "600s"
|
||||
credential-repository:
|
||||
type: "nevisidm"
|
||||
client-id: 1000
|
||||
client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
|
||||
user-attribute: "extId"
|
||||
rest-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm"
|
||||
keystore: "/var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12"
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-5e17b7ae74eadb8800587a4f4db74406a7e21e95"
|
||||
tag: "r-484395a405f9f7123da379fa8df82e197d2dbd71"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ management:
|
|||
enabled: true
|
||||
credential-repository:
|
||||
type: "nevisidm"
|
||||
client-id: 1000
|
||||
client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
|
||||
rest-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm"
|
||||
keystore: "/var/opt/keys/own/fido2-default-client-identity/keystore.p12"
|
||||
keystore-passphrase: "${exec:/var/opt/keys/own/fido2-default-client-identity/keypass}"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
apiVersion: "operator.nevis-security.ch/v1"
|
||||
kind: "NevisDatabase"
|
||||
metadata:
|
||||
name: "proxy-idp"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
labels:
|
||||
deploymentTarget: "proxy-idp"
|
||||
annotations:
|
||||
projectKey: "DEFAULT-ADN-AGOV-PROJECT"
|
||||
patternId: "699f0a21dd0e852f28d27e9d"
|
||||
spec:
|
||||
type: "NevisProxy"
|
||||
databaseType: "MariaDB"
|
||||
version: "8.2505.5"
|
||||
url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
|
||||
port: 3306
|
||||
database: "workproxy"
|
||||
bootstrap: true
|
||||
migrate: true
|
||||
rootCredentials:
|
||||
name: "root-mariadb-session-store"
|
||||
namespace: "adn-agov-nevisidm-ob-01-uat"
|
||||
podSecurity:
|
||||
policy: "baseline"
|
||||
automountServiceAccountToken: false
|
||||
timeZone: "Europe/Zurich"
|
||||
|
|
@ -47,9 +47,12 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-5e17b7ae74eadb8800587a4f4db74406a7e21e95"
|
||||
tag: "r-0574c5a2098562d6585435194234bdb2b0cf0858"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
|
||||
credentials: "git-credentials"
|
||||
database:
|
||||
name: "proxy-idp"
|
||||
requiredVersion: "8.2505.5"
|
||||
keystores:
|
||||
- "proxy-idp-notused-auth-realm-identity"
|
||||
- "proxy-idp-1f0702aaabef60a615abf41f"
|
||||
|
|
|
|||
|
|
@ -3,15 +3,15 @@ BC.Tracer.LogFile=pipe:///bin/sed -u -e "s/^/[navajo.log] /g" | /bin/egrep --lin
|
|||
# source: pattern://2be125abf4a8be1a0ae5f007
|
||||
BC.Tracer.ThresholdBase=3
|
||||
# source: pattern://2be125abf4a8be1a0ae5f007
|
||||
BC.Tracer.DebugProfile.IW4LuaFlt=4
|
||||
BC.Tracer.DebugProfile.IW4LuaFlt=3
|
||||
# source: pattern://2be125abf4a8be1a0ae5f007
|
||||
BC.Tracer.DebugProfile.IsiwebOp=3
|
||||
# source: pattern://2be125abf4a8be1a0ae5f007
|
||||
BC.Tracer.DebugProfile.NPMySQLSes=3
|
||||
# source: pattern://2be125abf4a8be1a0ae5f007
|
||||
BC.Tracer.DebugProfile.NProxyOp=4
|
||||
BC.Tracer.DebugProfile.NProxyOp=3
|
||||
# source: pattern://2be125abf4a8be1a0ae5f007
|
||||
BC.Tracer.DebugProfile.NavajoOp=3
|
||||
BC.Tracer.DebugProfile.NavajoOp=4
|
||||
# source: pattern://0ceb05c56644a59d648c13b9
|
||||
ch.nevis.nevisproxy.LocalLogFileName=/var/opt/nevisproxy/default/conf/conditionallog.properties
|
||||
# source: pattern://0ceb05c56644a59d648c13b9
|
||||
|
|
|
|||
|
|
@ -1,6 +1,11 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/opt/nevisproxy/dtd/web-app_2_3.dtd">
|
||||
<web-app>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<context-param>
|
||||
<param-name>application-id</param-name>
|
||||
<param-value>auth.agov-w.azure.adnovum.net</param-value>
|
||||
</context-param>
|
||||
<!-- source: pattern://06aeae2d799e492f5580d03b, pattern://4fcfadb4a5c946ead7e6e995, pattern://204c22beaccdfd22727af378 -->
|
||||
<context-param>
|
||||
<param-name>SectokenVerifierCert</param-name>
|
||||
|
|
@ -859,7 +864,7 @@
|
|||
<!-- source: pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<init-param>
|
||||
<param-name>Servlet</param-name>
|
||||
<param-value>LocalSessionStoreServlet</param-value>
|
||||
<param-value>MySQLSessionStoreServlet</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<init-param>
|
||||
|
|
@ -904,7 +909,7 @@
|
|||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<init-param>
|
||||
<param-name>Servlet</param-name>
|
||||
<param-value>LocalSessionStoreServlet</param-value>
|
||||
<param-value>MySQLSessionStoreServlet</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<init-param>
|
||||
|
|
@ -949,7 +954,7 @@
|
|||
<!-- source: pattern://204c22beaccdfd22727af378 -->
|
||||
<init-param>
|
||||
<param-name>Servlet</param-name>
|
||||
<param-value>LocalSessionStoreServlet</param-value>
|
||||
<param-value>MySQLSessionStoreServlet</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://204c22beaccdfd22727af378 -->
|
||||
<init-param>
|
||||
|
|
@ -994,7 +999,7 @@
|
|||
<!-- source: pattern://e0fda9336be9c69dafc9b69e -->
|
||||
<init-param>
|
||||
<param-name>Servlet</param-name>
|
||||
<param-value>LocalSessionStoreServlet</param-value>
|
||||
<param-value>MySQLSessionStoreServlet</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://06aeae2d799e492f5580d03b -->
|
||||
<init-param>
|
||||
|
|
@ -1049,7 +1054,7 @@
|
|||
<filter-mapping>
|
||||
<filter-name>DefaultErrorFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
<exclude-url-regex>^/oidc4vp/.*$|^/resource/utility/.*$</exclude-url-regex>
|
||||
<exclude-url-regex>^/auth/fidouaf$|^/auth/fidouaf/authenticationresponse/.*$|^/nevisfido/devices/credentials/.*$|^/nevisfido/devices/oobOperations/.*$|^/nevisfido/status$|^/nevisfido/token/dispatch/registration$|^/nevisfido/token/dispatch/targets/.*$|^/nevisfido/token/redeem/authentication$|^/nevisfido/token/redeem/registration$|^/nevisfido/uaf/1.1/authentication$|^/nevisfido/uaf/1.1/authentication/.*$|^/nevisfido/uaf/1.1/facets$|^/nevisfido/uaf/1.1/registration/.*$|^/nevisfido/uaf/1.1/request/deregistration/.*$|^/oidc4vp/.*$|^/resource/utility/.*$</exclude-url-regex>
|
||||
</filter-mapping>
|
||||
<!-- source: pattern://ecf4381f4653b0aa9a69b417, pattern://ecf4381f4653b0aa9a69b417#filters -->
|
||||
<filter-mapping>
|
||||
|
|
@ -1636,27 +1641,6 @@
|
|||
<!-- source: pattern://e0fda9336be9c69dafc9b69e, pattern://a6f6dc6affdc7c692ff857b9, pattern://decb9b3f88d430fb5c95f466 -->
|
||||
<servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
|
||||
</servlet>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<servlet>
|
||||
<servlet-name>LocalSessionStoreServlet</servlet-name>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<init-param>
|
||||
<param-name>MaxInactiveInterval</param-name>
|
||||
<param-value>600</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<init-param>
|
||||
<param-name>MaxLifetime</param-name>
|
||||
<param-value>28800</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<init-param>
|
||||
<param-name>MemorySize</param-name>
|
||||
<param-value>512000000</param-value>
|
||||
</init-param>
|
||||
</servlet>
|
||||
<!-- source: pattern://097929211988398a87bcbb0c -->
|
||||
<servlet>
|
||||
<servlet-name>LoginRenderer_nevisLogrend</servlet-name>
|
||||
|
|
@ -1673,6 +1657,72 @@
|
|||
<param-value>remote:NevisLogrendConnector_nevisLogrend:/nevislogrend/index.vm?logrendresourcepath=/nevislogrend</param-value>
|
||||
</init-param>
|
||||
</servlet>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<servlet>
|
||||
<servlet-name>MySQLSessionStoreServlet</servlet-name>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<servlet-class>ch::nevis::nevisproxy::servlet::cache::mysql::MySQLSessionStoreServlet</servlet-class>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>AttributesTableName</param-name>
|
||||
<param-value>attribute</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>ConfigurationsTableName</param-name>
|
||||
<param-value>conf</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>ConnectString</param-name>
|
||||
<param-value>//mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/workproxy?connect_timeout=10&ping_timeout=2</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>DisableDatabaseSchemaCheck</param-name>
|
||||
<param-value>false</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>KeyToIdMapTableName</param-name>
|
||||
<param-value>key_id_map</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>MaxConn</param-name>
|
||||
<param-value>150</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>MaxLimitOnDelete</param-name>
|
||||
<param-value>100</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>MinConn</param-name>
|
||||
<param-value>10</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>Password</param-name>
|
||||
<param-value>${exec:/var/opt/nevisproxy/default/conf/credentials/dbPassword}</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>SessionsTableName</param-name>
|
||||
<param-value>session</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>TimeOut</param-name>
|
||||
<param-value>600</param-value>
|
||||
</init-param>
|
||||
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
|
||||
<init-param>
|
||||
<param-name>UserName</param-name>
|
||||
<param-value>${exec:/var/opt/nevisproxy/default/conf/credentials/dbUser}</param-value>
|
||||
</init-param>
|
||||
</servlet>
|
||||
<!-- source: pattern://097929211988398a87bcbb0c -->
|
||||
<servlet>
|
||||
<servlet-name>NevisLogrendConnector_nevisLogrend</servlet-name>
|
||||
|
|
|
|||
Loading…
Reference in New Issue