Compare commits
3 Commits
r-d9f8becb
...
master
| Author | SHA1 | Date |
|---|---|---|
aca
|
07286b9fb4 | |
|
aca
|
81e7ad3071 | |
|
aca
|
2ef76e0d1b |
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisAuth"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.3"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-654fc77cfe9eeb743896b19166144c379a1ad337"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
|
||||
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
|
||||
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisAuth"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.3"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-d9f8becba9a6acfa30f490d16e18038ab79e9d92"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
|
||||
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
|
||||
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -312,6 +312,10 @@
|
|||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.epdMode" value="post"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.atb" value="https://trustbroker.agov-d.azure.adnovum.net"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.epd_atb" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/idp_dispatcher.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Email_Input" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
|
||||
|
|
@ -512,6 +516,8 @@
|
|||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:ch.nevis.idm.User.lastName}"/>
|
||||
|
|
@ -519,8 +525,6 @@
|
|||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker-idp.agov-epr-lab.azure.adnovum.net"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_Artifact_IDP" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
|
|
@ -600,7 +604,7 @@
|
|||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker-idp.agov-epr-lab.azure.adnovum.net"/>
|
||||
<property name="out.audienceRestriction" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
|
|
@ -686,6 +690,8 @@
|
|||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker.agov-d.azure.adnovum.net"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="${sess:ch.nevis.idm.User.email}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance" value="${sess:ch.nevis.idm.User.language}"/>
|
||||
|
|
@ -729,8 +735,6 @@
|
|||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/qa/verificationMethod" value="#{ (sess['agov.appAddressRequired'] == 'true') ? ''.concat(sess.get('agov.adressVerification')).replace('Location', 'Domicile') : '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/countryName" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['agov.countryName'] : ''}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker.agov-epr-lab.azure.adnovum.net"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://826166d230a6a4849f2837ae -->
|
||||
|
|
|
|||
|
|
@ -117,8 +117,8 @@ if (request.getSession(false) == null) {
|
|||
def i2s = new TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER)
|
||||
|
||||
|
||||
i2s.put('https://trustbroker.agov-epr-lab.azure.adnovum.net', 'main')
|
||||
i2s.put('https://trustbroker-idp.agov-epr-lab.azure.adnovum.net', 'epd')
|
||||
i2s.put(parameters.get('atb'), 'main')
|
||||
i2s.put(parameters.get('epd_atb'), 'epd')
|
||||
|
||||
if (parameters.get('spInitiated') == 'true' && inargs.containsKey('SAMLRequest')) { // SP-initiated authentication
|
||||
LOG.debug("found SAMLRequest parameter for SP-initiated authentication")
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisFIDO"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-ba0282a303be16d9f91b594506c93c0ad7c1eefb"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
|
||||
credentials: "git-credentials"
|
||||
database:
|
||||
|
|
|
|||
|
|
@ -7,5 +7,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisFIDO"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-50299cb935be4a677ffbde29128d0706fb4a25d9"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisIDM"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-35527ce0c286b4891eee379a626de7c5db786735"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
|
||||
credentials: "git-credentials"
|
||||
database:
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisLogrend"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -44,7 +44,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-68680b2182672bd8a81d786c163e95b91fb89a64"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
|
||||
credentials: "git-credentials"
|
||||
podSecurity:
|
||||
|
|
|
|||
|
|
@ -10,5 +10,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
Loading…
Reference in New Issue