new configuration version

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml

@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-bba80526cea899b1947578419a14c74492ea501f"
+    tag: "r-dae56fad4fc89fa982e19ba889c731aafd47de64"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1/var/opt/nevisauth/default/conf/filterRedirectionPaths.groovy

@@ -18,7 +18,7 @@ if (request.getSession(false) == null) {
 }
 
 def redirectionPath = getPathFromURL(request['currentResource'])
-def applicationPaths = ["/nevisauth/","/register/","/pwreset/"]
+def applicationPaths = ["/dispatch/authentication","/nevisauth/","/register/","/pwreset/"]
 def denyRegexes = [".*[\\n\\r]+.*"]
 
 def denied = false

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml

@@ -47,7 +47,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-69708a47aa5312498a4e703772715421ce56ae7b"
+    tag: "r-dae56fad4fc89fa982e19ba889c731aafd47de64"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1"
     credentials: "git-credentials"
   database:
@@ -64,3 +64,6 @@ spec:
     policy: "baseline"
     automountServiceAccountToken: false
   timeZone: "Europe/Zurich"
+  secrets:
+    inv-res-secret:
+    - "a78926e06a159811ee15c224-bdd107d2"

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1/var/opt/nevisfido/default/conf/agov-test-f666836d3cb4.json

@@ -0,0 +1,12 @@
+{
+  "type": "service_account",
+  "project_id": "agov-test",
+  "private_key_id": "f666836d3cb492a4522c0a8643f8c66453711213",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJLoawpXjS/iL8\nSZxu6O1nsBfOb640eCzD76hKNf37WfBnwbbUkHAONQHfNqSWzeSLXU+JPiOpNERG\nl8OtmV5/j5gZACCeE+dt283QR3was6rvwi97lmgwkfazs+J7ZLnOm2EGPXVWPgTf\nyr6joyufNZsrIgKuBLmviQ9FSt82yj5CeTxjBNyI41xwusZjDR0ftg7Fr1M8ySDy\nizup9/nMX24ALPmwcbJ6FK0Mdj2XmW1POD2BkojHEsYimq4NqaJM8xs3eW+U0NbW\nOVzKpOjuQ/agt0TIm3+nYp7YQMGehp23Efz2gLIYYgkGgT1mTgfAGwVRMLlzLqGe\nTa5fevWhAgMBAAECggEAErVKRmk+1v0Vxwj33Hr537lo/1QUmrG9tPNHfq4uagYr\nNFTX4gSz/Og6PjX8QH9RRFH3LFusUIbpHfjtNAql9l4FrnZ78gNHE0jcRuTs4iVI\nzS6tQHSESBb8vmmJE0Eyw6cgksZaj9xo0uBNUdWBwBaJsU1Ce0j6dPu9gSu1Heiu\npiimccnQVi8fuarA3ixagIU9ONjbzx2H+pgz0fs5Uir38fzU4+JtGqMZbIyUhfND\nTCgn9lL8QVHFDOwmfsCZpWysO6W/jtlQpXcjm4cTZs3Fsc7I+XrezRAGfEXfkz78\nGFDpPHmQs0X3bprjLNXNrY/F/vZl7n3GY+eEv6mTSQKBgQD0c2Zvmn6bzlaL6JRZ\njgk3k6TRJa+yChKgxLvzk5WE8otPgcKRFYw0UTvRH1gdra742/ozXSU5/LCYqxEN\ngXCE6VRwrtn2bt2o1hYU/U/1KkyOs102pEl7YZA8KEzVzsqg3El36fzcKEz4fNl1\nddztxG4skKvfhVBNrMxp+hlzuQKBgQDSr8rtvVMBbluxQw50OmyNaH/KSe4jXXid\n4eMHKNbPi9kfopOO/qME1U3ytqbLENEsMrPAQ+GSWCW0e1NRIQvSJnNzf2ie3umm\nWKdClhohj/H8vYi7pZWeY9+1uc3L7zcby4z1Vehf9IR0q/CY2LGPH1MT2uB7MHyJ\nrAU7oVNVKQKBgQCwChsO7BeZZLL29ns/MwZ4O59J7vXkJVTc6lDgTLw0jea9Txkr\nGnVph8aoBwaR+O400VYRf1a7t7oFd8xECZ9aWB4zN/hHe/etCt/EJdhbGicf7ROH\nsjAo5k3UxMDwiIdr6LgP3zX15h/oIyEHceW0ZO1ispzTz1HRXkunVjDWIQKBgG7K\ncJ0KJP8oqGET0SL/ohvOavzWWbsRKR9lLLyUFjn34YqINK5KazFcdev/bsB0LHrg\ngrPFPnZ1kgZRn+OWzB+LhsSiqEJ7GEUYc4RJaJ5jkq4EgUWj8oTjIj3u4jCur70X\nEh3lOhhTfd/YluHZea24nDhhrhA51BOVeP79e9PZAoGAQHLGk70NNgH3QlmQHQD9\n/ohxOuPYPkD9PNYtSJalpjLbGyOSv05BNCvIsNgA3Oj5qnfHt8R38GChGywIKi65\nHPjVWAd88X2w5zHtTiVpLFCoAzQyLFFbe1FZJHkUZaJ6LXt0Q2ewz7/IyDpdFx1Y\nRh2CJlCcL8bTdWHLjwIreHk=\n-----END PRIVATE KEY-----\n",
+  "client_email": "agov-dev@agov-test.iam.gserviceaccount.com",
+  "client_id": "115473580705560962155",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/agov-dev%40agov-test.iam.gserviceaccount.com"
+}

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf-v1/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -35,6 +35,13 @@ fido-uaf:
     path: "conf/metadata/metadata.json"
   idm-connection-type: "rest"
   dispatchers:
+  - type: "firebase-cloud-messaging"
+    dry-run: false
+    service-account-json: "inv-res-secret://a78926e06a159811ee15c224-bdd107d2"
+    registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
+    authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
+    deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
+    message-ttl: "300s"
   - type: "link"
     registration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/registration"
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml

@@ -47,7 +47,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-dc60a2b08425e5cdcb7a9f6d9c2ec516b52bafeb"
+    tag: "r-dae56fad4fc89fa982e19ba889c731aafd47de64"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml

@@ -490,6 +490,62 @@
             <param-value>ob-fido-uaf-v1:9443</param-value>
         </init-param>
     </servlet>
+    <!-- source: pattern://85908fe367dc54864a6c70bd, pattern://85908fe367dc54864a6c70bd#allowedMethods, pattern://85908fe367dc54864a6c70bd#backends, pattern://85908fe367dc54864a6c70bd#responseRewrite, pattern://85908fe367dc54864a6c70bd#truststore -->
+    <servlet>
+        <servlet-name>Connector_ob-fido-uaf-dispatch-rest-service</servlet-name>
+        <!-- source: pattern://85908fe367dc54864a6c70bd -->
+        <servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
+        <!-- source: pattern://85908fe367dc54864a6c70bd#allowedMethods -->
+        <init-param>
+            <param-name>AllowedMethods</param-name>
+            <param-value>ALL-HTTP,ALL-WEBDAV,-TRACE,-CONNECT</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd#responseRewrite -->
+        <init-param>
+            <param-name>AutoRewrite</param-name>
+            <param-value>header</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd -->
+        <init-param>
+            <param-name>CookieManager</param-name>
+            <param-value>block:^.*$</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd -->
+        <init-param>
+            <param-name>DNSCache.ttl</param-name>
+            <param-value>60</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd#backends -->
+        <init-param>
+            <param-name>InetAddress</param-name>
+            <param-value>ob-fido-uaf:9443</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd -->
+        <init-param>
+            <param-name>MappingType</param-name>
+            <param-value>requesturi</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd#truststore -->
+        <init-param>
+            <param-name>SSLCACertificateFile</param-name>
+            <param-value>/var/opt/keys/trust/ob-proxy-v1-agov-work-internal-trust-store/truststore.pem</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd -->
+        <init-param>
+            <param-name>SSLSNISupport</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd -->
+        <init-param>
+            <param-name>URIPrefix</param-name>
+            <param-value>/nevisfido/token</param-value>
+        </init-param>
+        <!-- source: pattern://85908fe367dc54864a6c70bd#backends -->
+        <init-param>
+            <param-name>UseSSL</param-name>
+            <param-value>true</param-value>
+        </init-param>
+    </servlet>
     <!-- source: pattern://14b02056879c3b8991597d2b -->
     <servlet>
         <servlet-name>Connector_ob-mock-me-realm</servlet-name>
@@ -677,6 +733,11 @@
             <param-value>/nevislogrend</param-value>
         </init-param>
     </servlet>
+    <!-- source: pattern://85908fe367dc54864a6c70bd, pattern://85908fe367dc54864a6c70bd#path -->
+    <servlet-mapping>
+        <servlet-name>Connector_ob-fido-uaf-dispatch-rest-service</servlet-name>
+        <url-pattern>/dispatch/authentication</url-pattern>
+    </servlet-mapping>
     <!-- source: pattern://ab2d7423513108f96767a0ec -->
     <servlet-mapping>
         <servlet-name>Hosting_Default</servlet-name>