nevis
/
adn-agov-work-ob-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-08-26 15:22:04 +00:00
parent e1b1378c18
commit 7a1c12b15a
17 changed files with 518 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd"
tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2"
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth"
credentials: "git-credentials"
keystores:

4
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml
View File

@ -9,4 +9,6 @@ metadata:
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
patternId: "d00b0dcbe241793d30daf91c"
spec:
keystores: []
keystores:
- name: "ob-proxy-ob-realm-identity"
namespace: "adn-agov-nevisidm-ob-01-uat"

5
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml
View File

@ -46,15 +46,14 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd"
tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2"
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2"
credentials: "git-credentials"
keystores:
- "ob-fido2-default-identity"
- "ob-fido2-default-client-identity"
truststores:
- "ob-fido2-agov-work-internal-trust-store"
- "ob-fido2-default-signer-trust"
- "ob-fido2-default-server-trust"
- "ob-fido2-default-tls-client-trust"
podSecurity:
policy: "baseline"

14
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "ob-fido2-agov-work-internal-trust-store"
namespace: "adn-agov-nevisidm-ob-01-uat"
labels:
deploymentTarget: "ob-fido2"
annotations:
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
patternId: "a2d03bb46b87b90160dc83d7"
spec:
keystores: []
extraCerts:
- "-----BEGIN CERTIFICATE-----\nMIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0\nMzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9\n04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK\nBggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx\nt2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA==\n-----END CERTIFICATE-----\n"

18
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
-----END CERTIFICATE-----

30
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9
KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5
XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko
cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o
eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D
QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc
PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4
hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF
Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m
1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr
pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G
ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX
azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY
hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch
lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc
/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY
vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg
3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1
67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1
DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf
o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF
sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI
fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4
tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X
mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF
8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D
pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv
8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w==
-----END ENCRYPTED PRIVATE KEY-----

2
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass Executable file
View File

@ -0,0 +1,2 @@
#!/bin/bash
echo 'Hsk+IJIkp1oGu8i1S+w6p2QMDB+9WFSNjNlSYdUCfA8='

BIN
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.jks Normal file
View File

Binary file not shown.

BIN
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.p12 Normal file
View File

Binary file not shown.

49
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem Normal file
View File

@ -0,0 +1,49 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9
KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5
XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko
cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o
eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D
QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc
PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4
hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF
Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m
1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr
pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G
ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX
azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY
hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch
lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc
/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY
vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg
3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1
67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1
DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf
o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF
sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI
fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4
tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X
mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF
8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D
pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv
8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
-----END CERTIFICATE-----

8
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml
View File

@ -16,10 +16,10 @@ credential-repository:
type: nevisidm
client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
rest-url: https://idm.adn-agov-nevisidm-01-uat:443/nevisidm
keystore: /var/opt/keys/own/ob-fido2-default-client-identity/keystore.p12
keystore-passphrase: ${exec:/var/opt/keys/own/ob-fido2-default-client-identity/keypass}
truststore: /var/opt/keys/trust/ob-fido2-default-server-trust/truststore.p12
truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido2-default-server-trust/keypass}
keystore: /var/opt/keys/own/nevisfido-techuser-key/keystore.p12
keystore-passphrase: ${exec:/var/opt/keys/own/nevisfido-techuser-key/keypass}
truststore: /var/opt/keys/trust/ob-fido2-agov-work-internal-trust-store/truststore.p12
truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido2-agov-work-internal-trust-store/keypass}
user-attribute: extId
session-repository:

6
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml
View File

@ -46,11 +46,15 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd"
tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2"
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy"
credentials: "git-credentials"
keystores:
- "ob-proxy-ob-realm-identity"
- "ob-proxy-346a2bebb04a0b74c7c9b5b9"
truststores:
- "ob-proxy-ob-realm-signer-trust"
- "ob-proxy-ob-realm-tls-trust"
ingresses:
- "ob-proxy"
podSecurity:

12
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml → DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml
View File

@ -1,18 +1,18 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "ob-fido2-default-client-identity"
name: "ob-proxy-ob-realm-identity"
namespace: "adn-agov-nevisidm-ob-01-uat"
labels:
deploymentTarget: "ob-fido2"
deploymentTarget: "ob-proxy"
annotations:
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
patternId: "a2d03bb46b87b90160dc83d7"
patternId: "b4d2da2fa2d0b060752a1fe2"
spec:
cn: "ob-fido2"
cn: "ob-proxy"
usage: "<reserved for future use>"
san:
dns:
- "ob-fido2"
- "ob-fido2.adn-agov-nevisidm-ob-01-uat"
- "ob-proxy"
- "ob-proxy.adn-agov-nevisidm-ob-01-uat"
email: []

6
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml → DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml
View File

@ -1,12 +1,12 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "ob-fido2-default-server-trust"
name: "ob-proxy-ob-realm-signer-trust"
namespace: "adn-agov-nevisidm-ob-01-uat"
labels:
deploymentTarget: "ob-fido2"
deploymentTarget: "ob-proxy"
annotations:
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
patternId: "a2d03bb46b87b90160dc83d7"
patternId: "b4d2da2fa2d0b060752a1fe2"
spec:
keystores: []

14
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "ob-proxy-ob-realm-tls-trust"
namespace: "adn-agov-nevisidm-ob-01-uat"
labels:
deploymentTarget: "ob-proxy"
annotations:
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
patternId: "b4d2da2fa2d0b060752a1fe2"
spec:
keystores:
- name: "ob-auth-default-identity"
namespace: "adn-agov-nevisidm-ob-01-uat"

372
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -1,6 +1,116 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/opt/nevisproxy/dtd/web-app_2_3.dtd">
<web-app>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<context-param>
<param-name>SectokenVerifierCert</param-name>
<param-value>/var/opt/keys/trust/ob-proxy-ob-realm-signer-trust/truststore.pem</param-value>
</context-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<filter>
<filter-name>AuthenticationService_ob-realm</filter-name>
<filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>AuthenticationServlet</param-name>
<param-value>Connector_ob-realm</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>BodyReadSize</param-name>
<param-value>32768</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>EntryPointID</param-name>
<param-value>ob.agov-w.azure.adnovum.net</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>InactiveInterval</param-name>
<param-value>7200</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>InterceptionRedirect</param-name>
<param-value>never</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>LoginRenderer_ob-logrend</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>Realm</param-name>
<param-value>ob-realm</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>RecheckAuthentication</param-name>
<param-value>On</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>RenewIdentification</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>StateKey</param-name>
<param-value>ob-realm</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>StoreInterceptedRequest</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<filter>
<filter-name>Authentication_ob-realm</filter-name>
<filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>AuthenticationServlet</param-name>
<param-value>Connector_ob-realm</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>EntryPointID</param-name>
<param-value>ob.agov-w.azure.adnovum.net</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>InactiveInterval</param-name>
<param-value>7200</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>LoginRenderer_ob-logrend</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Realm</param-name>
<param-value>ob-realm</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>RenewIdentification</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>StateKey</param-name>
<param-value>ob-realm</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>StoreInterceptedRequest</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<!-- source: pattern://346a2bebb04a0b74c7c9b5b9 -->
<filter>
<filter-name>ErrorHandler_Default</filter-name>
@ -24,6 +134,41 @@
</param-value>
</init-param>
</filter>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<filter>
<filter-name>Level_2_ob-realm</filter-name>
<filter-class>ch::nevis::isiweb4::filter::auth::SecurityRoleFilter</filter-class>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<init-param>
<param-name>AuthenticationServlet</param-name>
<param-value>Connector_ob-realm</param-value>
</init-param>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<init-param>
<param-name>DynamicRoleAcquire</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<init-param>
<param-name>DynamicRoleAcquire.CheckRoleRemoval</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<init-param>
<param-name>InterceptionRedirect</param-name>
<param-value>never</param-value>
</init-param>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>LoginRenderer_ob-logrend</param-value>
</init-param>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<init-param>
<param-name>RolesRequired</param-name>
<param-value>2 3 4 5 6 7 8 9</param-value>
</init-param>
</filter>
<!-- source: pattern://346a2bebb04a0b74c7c9b5b9 -->
<filter>
<filter-name>Qos</filter-name>
@ -53,6 +198,51 @@
</param-value>
</init-param>
</filter>
<!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://e1784eecf2db74484dd1e1bb -->
<filter>
<filter-name>SessionHandler_ob-realm</filter-name>
<filter-class>ch::nevis::nevisproxy::filter::session::SessionManagementFilter</filter-class>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>Cookie.ExtraAttributes</param-name>
<param-value>SameSite=None</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>Cookie.Name</param-name>
<param-value>Session_ob-realm</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>Cookie.Secure</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>Identification</param-name>
<param-value>COOKIE</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>MaxInactiveInterval</param-name>
<param-value>600</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>MaxLifetime</param-name>
<param-value>28800</param-value>
</init-param>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<init-param>
<param-name>Servlet</param-name>
<param-value>LocalSessionStoreServlet</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>UpdateTimeStampMinInterval</param-name>
<param-value>120</param-value>
</init-param>
</filter>
<!-- source: pattern://346a2bebb04a0b74c7c9b5b9 -->
<filter-mapping>
<filter-name>ErrorHandler_Default</filter-name>
@ -63,19 +253,184 @@
<filter-name>ResponseHeader_Default</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- source: pattern://be295ae355ca9049599e0285 -->
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<filter-mapping>
<filter-name>SessionHandler_ob-realm</filter-name>
<url-pattern>/register/*</url-pattern>
</filter-mapping>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<filter-mapping>
<filter-name>SessionHandler_ob-realm</filter-name>
<url-pattern>/pwreset/*</url-pattern>
</filter-mapping>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<filter-mapping>
<filter-name>Authentication_ob-realm</filter-name>
<url-pattern>/register/*</url-pattern>
</filter-mapping>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<filter-mapping>
<filter-name>AuthenticationService_ob-realm</filter-name>
<url-pattern>/pwreset/*</url-pattern>
</filter-mapping>
<!-- source: pattern://54c2d90d05f13df1b90bc6b2 -->
<filter-mapping>
<filter-name>Level_2_ob-realm</filter-name>
<url-pattern>/register/*</url-pattern>
</filter-mapping>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<listener>
<listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
</listener>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<servlet>
<servlet-name>Default_New_Default_Service</servlet-name>
<!-- source: pattern://be295ae355ca9049599e0285 -->
<servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
<servlet-name>Connector_ob-realm</servlet-name>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::soap::esauth4::Esauth4ConnectorServlet</servlet-class>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.DNSCache.ttl</param-name>
<param-value>60</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.InetAddress</param-name>
<param-value>ob-auth:8991</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.KeepAlive.LifeTime</param-name>
<param-value>30</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.RequestTimeout</param-name>
<param-value>90000</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.ResourceManager.RetryTimeout</param-name>
<param-value>0</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.SSLCACertificateFile</param-name>
<param-value>/var/opt/keys/trust/ob-proxy-ob-realm-tls-trust/truststore.pem</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.SSLCheckPeerHostname</param-name>
<param-value>false</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.SSLClientCertificateFile</param-name>
<param-value>/var/opt/keys/own/ob-proxy-ob-realm-identity/cert.pem</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>Transport.SSLClientKeyFile</param-name>
<param-value>/var/opt/keys/own/ob-proxy-ob-realm-identity/key.pem</param-value>
</init-param>
</servlet>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<servlet>
<servlet-name>Hosting_Default</servlet-name>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
</servlet>
<!-- source: pattern://be295ae355ca9049599e0285, pattern://be295ae355ca9049599e0285#path -->
<!-- source: pattern://b10d246bc151306dba28de4a -->
<servlet>
<servlet-name>Hosting_ob-register-service</servlet-name>
<!-- source: pattern://b10d246bc151306dba28de4a -->
<servlet-class>ch::nevis::nevisproxy::servlet::file::FileReaderServlet</servlet-class>
<!-- source: pattern://b10d246bc151306dba28de4a -->
<init-param>
<param-name>Profile</param-name>
<param-value>AllowSubDirectories</param-value>
</init-param>
<!-- source: pattern://b10d246bc151306dba28de4a -->
<init-param>
<param-name>RootDirectory</param-name>
<param-value>/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/</param-value>
</init-param>
</servlet>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<servlet>
<servlet-name>LocalSessionStoreServlet</servlet-name>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>MaxInactiveInterval</param-name>
<param-value>600</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>MaxLifetime</param-name>
<param-value>28800</param-value>
</init-param>
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
<init-param>
<param-name>MemorySize</param-name>
<param-value>512000000</param-value>
</init-param>
</servlet>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<servlet>
<servlet-name>LoginRenderer_ob-logrend</servlet-name>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<servlet-class>ch::nevis::isiweb4::servlet::rendering::LoginRendererServlet</servlet-class>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<init-param>
<param-name>PropagateRemoteHeaders</param-name>
<param-value>Set-Cookie</param-value>
</init-param>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<init-param>
<param-name>RenderingProvider</param-name>
<param-value>remote:NevisLogrendConnector_ob-logrend:/nevislogrend/index.vm?logrendresourcepath=/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<servlet>
<servlet-name>NevisLogrendConnector_ob-logrend</servlet-name>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpConnectorServlet</servlet-class>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<init-param>
<param-name>InetAddress</param-name>
<param-value>ob-logrend:8988</param-value>
</init-param>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<init-param>
<param-name>MappingType</param-name>
<param-value>pathinfo</param-value>
</init-param>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<init-param>
<param-name>ResourceManager.RetryTimeout</param-name>
<param-value>0</param-value>
</init-param>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<init-param>
<param-name>URIPrefix</param-name>
<param-value>/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://bed300e1196a171ca12db431 -->
<servlet-mapping>
<servlet-name>Default_New_Default_Service</servlet-name>
<servlet-name>NevisLogrendConnector_ob-logrend</servlet-name>
<url-pattern>/nevislogrend/*</url-pattern>
</servlet-mapping>
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>
<url-pattern>/pwreset/*</url-pattern>
</servlet-mapping>
<!-- source: pattern://b10d246bc151306dba28de4a -->
<servlet-mapping>
<servlet-name>Hosting_ob-register-service</servlet-name>
<url-pattern>/register/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
@ -102,4 +457,9 @@
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<!-- source: pattern://b10d246bc151306dba28de4a -->
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
</web-app>

1
DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt Normal file
View File

@ -0,0 +1 @@
hello world