nevis
/
adn-agov-work-ob-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-12-16 17:58:17 +00:00
parent 81d6dbbdfd
commit 70d7c554fe
7 changed files with 87 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-bba80526cea899b1947578419a14c74492ea501f"
tag: "r-dae56fad4fc89fa982e19ba889c731aafd47de64"
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1"
credentials: "git-credentials"
keystores:

2
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1/var/opt/nevisauth/default/conf/filterRedirectionPaths.groovy
View File

@ -18,7 +18,7 @@ if (request.getSession(false) == null) {
}
def redirectionPath = getPathFromURL(request['currentResource'])
def applicationPaths = ["/nevisauth/","/register/","/pwreset/"]
def applicationPaths = ["/dispatch/authentication","/nevisauth/","/register/","/pwreset/"]
def denyRegexes = [".*[\\n\\r]+.*"]
def denied = false

5
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
View File

@ -47,7 +47,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-69708a47aa5312498a4e703772715421ce56ae7b"
tag: "r-dae56fad4fc89fa982e19ba889c731aafd47de64"
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1"
credentials: "git-credentials"
database:
@ -64,3 +64,6 @@ spec:
policy: "baseline"
automountServiceAccountToken: false
timeZone: "Europe/Zurich"
secrets:
inv-res-secret:
- "a78926e06a159811ee15c224-bdd107d2"

12
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1/var/opt/nevisfido/default/conf/agov-test-f666836d3cb4.json Normal file
View File

@ -0,0 +1,12 @@
{
"type": "service_account",
"project_id": "agov-test",
"private_key_id": "f666836d3cb492a4522c0a8643f8c66453711213",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJLoawpXjS/iL8\nSZxu6O1nsBfOb640eCzD76hKNf37WfBnwbbUkHAONQHfNqSWzeSLXU+JPiOpNERG\nl8OtmV5/j5gZACCeE+dt283QR3was6rvwi97lmgwkfazs+J7ZLnOm2EGPXVWPgTf\nyr6joyufNZsrIgKuBLmviQ9FSt82yj5CeTxjBNyI41xwusZjDR0ftg7Fr1M8ySDy\nizup9/nMX24ALPmwcbJ6FK0Mdj2XmW1POD2BkojHEsYimq4NqaJM8xs3eW+U0NbW\nOVzKpOjuQ/agt0TIm3+nYp7YQMGehp23Efz2gLIYYgkGgT1mTgfAGwVRMLlzLqGe\nTa5fevWhAgMBAAECggEAErVKRmk+1v0Vxwj33Hr537lo/1QUmrG9tPNHfq4uagYr\nNFTX4gSz/Og6PjX8QH9RRFH3LFusUIbpHfjtNAql9l4FrnZ78gNHE0jcRuTs4iVI\nzS6tQHSESBb8vmmJE0Eyw6cgksZaj9xo0uBNUdWBwBaJsU1Ce0j6dPu9gSu1Heiu\npiimccnQVi8fuarA3ixagIU9ONjbzx2H+pgz0fs5Uir38fzU4+JtGqMZbIyUhfND\nTCgn9lL8QVHFDOwmfsCZpWysO6W/jtlQpXcjm4cTZs3Fsc7I+XrezRAGfEXfkz78\nGFDpPHmQs0X3bprjLNXNrY/F/vZl7n3GY+eEv6mTSQKBgQD0c2Zvmn6bzlaL6JRZ\njgk3k6TRJa+yChKgxLvzk5WE8otPgcKRFYw0UTvRH1gdra742/ozXSU5/LCYqxEN\ngXCE6VRwrtn2bt2o1hYU/U/1KkyOs102pEl7YZA8KEzVzsqg3El36fzcKEz4fNl1\nddztxG4skKvfhVBNrMxp+hlzuQKBgQDSr8rtvVMBbluxQw50OmyNaH/KSe4jXXid\n4eMHKNbPi9kfopOO/qME1U3ytqbLENEsMrPAQ+GSWCW0e1NRIQvSJnNzf2ie3umm\nWKdClhohj/H8vYi7pZWeY9+1uc3L7zcby4z1Vehf9IR0q/CY2LGPH1MT2uB7MHyJ\nrAU7oVNVKQKBgQCwChsO7BeZZLL29ns/MwZ4O59J7vXkJVTc6lDgTLw0jea9Txkr\nGnVph8aoBwaR+O400VYRf1a7t7oFd8xECZ9aWB4zN/hHe/etCt/EJdhbGicf7ROH\nsjAo5k3UxMDwiIdr6LgP3zX15h/oIyEHceW0ZO1ispzTz1HRXkunVjDWIQKBgG7K\ncJ0KJP8oqGET0SL/ohvOavzWWbsRKR9lLLyUFjn34YqINK5KazFcdev/bsB0LHrg\ngrPFPnZ1kgZRn+OWzB+LhsSiqEJ7GEUYc4RJaJ5jkq4EgUWj8oTjIj3u4jCur70X\nEh3lOhhTfd/YluHZea24nDhhrhA51BOVeP79e9PZAoGAQHLGk70NNgH3QlmQHQD9\n/ohxOuPYPkD9PNYtSJalpjLbGyOSv05BNCvIsNgA3Oj5qnfHt8R38GChGywIKi65\nHPjVWAd88X2w5zHtTiVpLFCoAzQyLFFbe1FZJHkUZaJ6LXt0Q2ewz7/IyDpdFx1Y\nRh2CJlCcL8bTdWHLjwIreHk=\n-----END PRIVATE KEY-----\n",
"client_email": "agov-dev@agov-test.iam.gserviceaccount.com",
"client_id": "115473580705560962155",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/agov-dev%40agov-test.iam.gserviceaccount.com"
}

7
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1/var/opt/nevisfido/default/conf/nevisfido.yml
View File

@ -35,6 +35,13 @@ fido-uaf:
path: "conf/metadata/metadata.json"
idm-connection-type: "rest"
dispatchers:
- type: "firebase-cloud-messaging"
dry-run: false
service-account-json: "inv-res-secret://a78926e06a159811ee15c224-bdd107d2"
registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
message-ttl: "300s"
- type: "link"
registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"

2
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
View File

@ -47,7 +47,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-dc60a2b08425e5cdcb7a9f6d9c2ec516b52bafeb"
tag: "r-dae56fad4fc89fa982e19ba889c731aafd47de64"
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1"
credentials: "git-credentials"
keystores:

61
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -490,6 +490,62 @@
<param-value>ob-fido-uaf-v1:9443</param-value>
</init-param>
</servlet>
<!-- source: pattern://85908fe367dc54864a6c70bd, pattern://85908fe367dc54864a6c70bd#allowedMethods, pattern://85908fe367dc54864a6c70bd#backends, pattern://85908fe367dc54864a6c70bd#responseRewrite, pattern://85908fe367dc54864a6c70bd#truststore -->
<servlet>
<servlet-name>Connector_ob-fido-uaf-dispatch-rest-service</servlet-name>
<!-- source: pattern://85908fe367dc54864a6c70bd -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
<!-- source: pattern://85908fe367dc54864a6c70bd#allowedMethods -->
<init-param>
<param-name>AllowedMethods</param-name>
<param-value>ALL-HTTP,ALL-WEBDAV,-TRACE,-CONNECT</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd#responseRewrite -->
<init-param>
<param-name>AutoRewrite</param-name>
<param-value>header</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd -->
<init-param>
<param-name>CookieManager</param-name>
<param-value>block:^.*$</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd -->
<init-param>
<param-name>DNSCache.ttl</param-name>
<param-value>60</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd#backends -->
<init-param>
<param-name>InetAddress</param-name>
<param-value>ob-fido-uaf:9443</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd -->
<init-param>
<param-name>MappingType</param-name>
<param-value>requesturi</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd#truststore -->
<init-param>
<param-name>SSLCACertificateFile</param-name>
<param-value>/var/opt/keys/trust/ob-proxy-v1-agov-work-internal-trust-store/truststore.pem</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd -->
<init-param>
<param-name>SSLSNISupport</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd -->
<init-param>
<param-name>URIPrefix</param-name>
<param-value>/nevisfido/token</param-value>
</init-param>
<!-- source: pattern://85908fe367dc54864a6c70bd#backends -->
<init-param>
<param-name>UseSSL</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<!-- source: pattern://14b02056879c3b8991597d2b -->
<servlet>
<servlet-name>Connector_ob-mock-me-realm</servlet-name>
@ -677,6 +733,11 @@
<param-value>/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://85908fe367dc54864a6c70bd, pattern://85908fe367dc54864a6c70bd#path -->
<servlet-mapping>
<servlet-name>Connector_ob-fido-uaf-dispatch-rest-service</servlet-name>
<url-pattern>/dispatch/authentication</url-pattern>
</servlet-mapping>
<!-- source: pattern://ab2d7423513108f96767a0ec -->
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>