From 7a1c12b15aa66e928161911660d58051b39aabba Mon Sep 17 00:00:00 2001 From: haburger Date: Mon, 26 Aug 2024 15:22:04 +0000 Subject: [PATCH] new configuration version --- .../k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml | 2 +- ...client-trust-d00b0dcbe241793d30daf91c.yaml | 4 +- ...k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml | 5 +- ...-trust-store-a2d03bb46b87b90160dc83d7.yaml | 14 + .../keys/own/nevisfido-techuser-key/cert.pem | 18 + .../keys/own/nevisfido-techuser-key/key.pem | 30 ++ .../keys/own/nevisfido-techuser-key/keypass | 2 + .../own/nevisfido-techuser-key/keystore.jks | Bin 0 -> 2100 bytes .../own/nevisfido-techuser-key/keystore.p12 | Bin 0 -> 2578 bytes .../own/nevisfido-techuser-key/keystore.pem | 49 +++ .../opt/nevisfido/default/conf/nevisfido.yml | 8 +- ...k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml | 6 +- ...lm-identity-b4d2da2fa2d0b060752a1fe2.yaml} | 12 +- ...igner-trust-b4d2da2fa2d0b060752a1fe2.yaml} | 6 +- ...lm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml | 14 + .../WEB-INF/web.xml | 372 +++++++++++++++++- .../register/readme.txt | 1 + 17 files changed, 518 insertions(+), 25 deletions(-) create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem create mode 100755 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.jks create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.p12 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem rename DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/{ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml => ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml} (57%) rename DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/{ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml => ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml} (65%) create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml index 4ef0b2d..92c4523 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml @@ -45,7 +45,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd" + tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2" dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml index 0ede942..853a278 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-default-tls-client-trust-d00b0dcbe241793d30daf91c.yaml @@ -9,4 +9,6 @@ metadata: projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT" patternId: "d00b0dcbe241793d30daf91c" spec: - keystores: [] + keystores: + - name: "ob-proxy-ob-realm-identity" + namespace: "adn-agov-nevisidm-ob-01-uat" diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml index dbf096a..3323ddb 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-a2d03bb46b87b90160dc83d7.yaml @@ -46,15 +46,14 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd" + tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2" dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2" credentials: "git-credentials" keystores: - "ob-fido2-default-identity" - - "ob-fido2-default-client-identity" truststores: + - "ob-fido2-agov-work-internal-trust-store" - "ob-fido2-default-signer-trust" - - "ob-fido2-default-server-trust" - "ob-fido2-default-tls-client-trust" podSecurity: policy: "baseline" diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml new file mode 100644 index 0000000..1315110 --- /dev/null +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-agov-work-internal-trust-store-a2d03bb46b87b90160dc83d7.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "ob-fido2-agov-work-internal-trust-store" + namespace: "adn-agov-nevisidm-ob-01-uat" + labels: + deploymentTarget: "ob-fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT" + patternId: "a2d03bb46b87b90160dc83d7" +spec: + keystores: [] + extraCerts: + - "-----BEGIN CERTIFICATE-----\nMIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0\nMzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9\n04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK\nBggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx\nt2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA==\n-----END CERTIFICATE-----\n" diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem new file mode 100644 index 0000000..0d07b2a --- /dev/null +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw +FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1 +NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT +MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw +mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST +Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi +g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A +99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA +8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ +AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz +C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv +di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49 +BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz +WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU= +-----END CERTIFICATE----- diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem new file mode 100644 index 0000000..2637d2f --- /dev/null +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/key.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9 +KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5 +XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko +cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o +eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D +QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc +PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4 +hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF +Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m +1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr +pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G +ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX +azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY +hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch +lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc +/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY +vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg +3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1 +67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1 +DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf +o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF +sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI +fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4 +tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X +mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF +8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D +pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv +8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass new file mode 100755 index 0000000..85ccc28 --- /dev/null +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keypass @@ -0,0 +1,2 @@ +#!/bin/bash +echo 'Hsk+IJIkp1oGu8i1S+w6p2QMDB+9WFSNjNlSYdUCfA8=' \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.jks b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..9641839d465e096b8b277f9d0668390e3abd4462 GIT binary patch literal 2100 zcmY+Fc{J4PAIE32?~yDKBV-%j(TqfsJ+j6$g^Fe@L)kKxJDD5C7FwoBbA^;GF0zdz zr(|iwP?3^7M#`RknT-98d(Z9s?jP@SKCkEbJfG(|=lz_|XKP_=0R#d;_yYee=tX}r zKfZPISl3|?NB{~@VcUSDps1c87zWmb$bi8DAQ%-kH`G0TYt#u#2%57rvW6|H>Z{u> zcU@@Pd`pSE%juD`ybeys&p$Z(nxo*4Eksse-?lK6*DNw4_3o;;{?y!Cv)XS}bzX;T zRj9W7YHxTx*KW2`3nCmcjVOu9Q&Ua0aKR> zJ(fS(uj^W_Wtg0^c_yG*X|_&TgE^iRl)MoeG2p_S;?-Gg!}rBjZy}1L^okZMm1i5) z5N8Tjx?*TgQ=be}*_8>9s)o@t7nU%4`G~J z&c79)eI3IWC%9<5QtmV7x``dXwbqbIAP&fG6eFa88=VETejUt^@H)4(v-ax+qJB?N zNQq-=Zn{{h3^a0$u0w!b-<59HGO?KRS##0t^u!0+A9I6Ql-im6n9m!q2JY2%v#UAx+?CpF1{YXNm z;=A&s_SZj{iJGMvt@~Me@#-e7B{`Lb?ObB)r|=3)#bcOYPJx8qe7*iIsm3Ra1?3lB z%$XJ5ZL_Y3$=-M7e<~f?5ORV~w%$WmKgYOx_kHnS=A3L9)60FP3;7h}z(^UdIyN&M zCt7%P21QFrz9Dm=8Rc&r*EynLRvxmY-FlMJqgLzay(oKH8_x(dqeFSAxqAmwU=`Zr zUb&M=-o*sfve)zVoZzRoT&$P?p;zqO9G80fnOZfqaEH|8 z5*DS@(zVEy*X1kKI7nx{Prt<=9+lN@WU=k;#7&zjDShW=iq^BgAZ!oT_4fp9HkhCA z+~nMswQ9^*Mcs069Cz~&4JQTqjFyuSAKZG_kI`|a;5rQYTYkQCYIOONwbIHjNAIAv zvw^Qh)#)9Un8(?377jQ<6FHv^j+s)!b6arg{(&~v$myv~6hU}*JJB(6yTHF4l(!!3 zblv?DG_IMkeNNg{=Pb?Ws^?Tdh4}$uv-}+j=tPVQmLsp0^Xa$^xm&^Pt8*8RLf&oF zI})w6>G@*b#CdF;I*mV?5O=c%GiiF1MSXsVH#FM}2PZ{KL}f?muN^ll_HJ9a&#l5r z^zCl}Ar^N#XhW+AWo;BUY#(4iR zfZBz#VJqYkUzDBiFIb_f6Z+FG|12Byr!vy%v9ztWjPWDT=(Q^)G&qTEX@A&wQ=x5y z((_0)aqj`?ar&v21&dL|$$D6E@e{{{ntLI4G%JRm0s#lfJm z5+wiN08$V!)Zfp*7Z0fJkuX95XaJ2wqk)4aUVP-kF9bZ0Vt~lbNkLhNwLMatUzQKT zvQS48?7t-R9}@i!iTy(|fYd+N3kL-Gg&9QQ0{|)*4oC=!@ZXrSA_3m%=TItG3dCO* zg;2p@Q2!-p$7}28*UZmCl&kg$)mebb@EZ@^ut9?w6VG5{`-F+>yh!g9#Tl_K!1`3U zq50LR?ODmnVv&K%;)A*;ZzJ?0yR%+~_G#+9>TuDRXft78H1f)Z8FNLx>*v~Mt+Gz_ zQ<`{{-y&KhZP_Xsgv2y$V-Q4(E?loRVR|t@Dykx^)k0n3a(`&sm_cFHsxHhugLM95 zxcY#jxTW_(^U6Tk86}}B*Zfki-erp^S;M6Oq<-2tFwE|NkA-9t7Az)TArP zsQ0ZT@~0JhW^sc&gH`9VL=*P7R)4IaRH3ik0-_G$x{}ngmL|LNC+D-Hly@$AJBx+cl*sF`WSb|`c=we;qVR<&&Ez}9*lxqj%jBEqk^faMd8!{0Texi_TL++p7veIu>fTk`&mOZ5(8tPs2*USLq4kSG`R#I&m2t&Heme4pUp@7ORJa?X7DEzrUsawV*TW0QL< z#?`KaC!DYv?H-z43R1&I12dc&vT4^m3Er6Yb!*BEJo z*;3yUyd$6nIDV^nvWTFeQ1Tn&tTy!po}7Z450mYx-OZUkBJRe}YK#oI=>o!4j0~LA()m5DZlNL~axO0wBN6poWfcJ)V=FAVbq5_C zX$K#}In**u2Gc3I$23KhHm%mf#UF~-6i)Q_iQMbD1HBLUVT@x-lsU6;{CHYZhDc5` znU(yJK0-Is;jvqE{&pREu5<{s6VnCd>=RDu0&Cj0E{7tr_E`VIi;rhW z3G@h~(E(gVrrP@H&C&sQ_bXmZcZ(!0d=$D2e5SO)Sz7L&y5Wt{{30~rA4yf8?0at| zGP5c~->y5_fYehb2ntGg#`*=kT2twQt(8lnjIjNr7Vsu=b zCA~nKVScF7vPHg4kpS!2@}2V}%lWrANW5OkCdazhJ{Jnk#GZ3?By|h3J)B1oX{wGL zOdF)U%K7M~-G;`}cB-BIXkkhc`*C*UGv-fQ5Lo7}dtatNa@NJ=WPhC)?I zdk;gclKt_(^z)%Y)73AcU)u&)h#%T|)T5g<)CW_9`{OJ&b=Isk`*6-doKp+IcHdQ< zwbDMMG_HIHE%1I3To$u&s>5}DLw81C)+{s6@NV9qz@_Nf>|B2_p2`n;FZrir z!iE#E2c?`YmR}3CXkLa?A;vV@<(@E=EOhs!?PDSiA_lZPVea1%u*LqJtj|01q7BQ% zig^}bANP_+6X%Yc3Lqzen*mnu(l?{c?I@Ww`5AA#Kl=9hz@@_LBOA=ZxQ0OUZ!P+0 z3YYCGY%u2|kL~t&=^g7sNs$PrBNa_+2d7ECuh9>cWOsnux8xRk-)vJls}*=_|;v(tTE}@R!I-$=)A8IoRg^$DqIez@`-E zI`^jYZLPC%+X+YGfR2Dd$)-vMy}(l(`1V{F)VDyqZ51pk82e1Lrzjz@Q2j|)o%4Ye zlM&-=#IV9>pk*0-p_n^OBfj86akdY97p4iq^@#x2uOIav-}&UuNVncs#DS2i4NCzpAZ~wVR1? zML_jBs|xGV;70yWv6g)4z{QLG} z_`Y|wI2Ut_h6~ba8tLjyIFvc49*};b9W}q&p;ARQh)aH^`Qj#RZhd$aD6O;vQEYYF zR0s~;BUzJ7XRRflb{$7`-I}g4Un}wPVG$!YSIy(U1gJtkKw8V%R|w3ja*C6oZTXWL2^`+Zcd)U+VMfJ z%Df_}-$c=pf|DuvLcRmbhzAsh4UgM|U0a2vua@%}q6f`eOCjyEm~{@ouHk;64s6!k z)?>mCSm@XLe!Q|pl0;`J=)BQpJr(nW&cX1~=%R6X3gY-ix6`KiV;{sw)U2D`WN2NG zP7pg1Z%+i-H!OhWDiai1oag+5x|R9BK=az}H3X}La7_#scl?-qZa9<>GeT2LkKG4J#IW&#*Ian=}33JX{=H-Q|UN)aZLqc1b5ae>m$+>RA~7g(}@B7gc}v=wRUf5jauFSJat-o%L-0t0r;WTB6RJj`c9A%6`qZoeu zNz?!^6-c19Wz!;9+Vm(RhWX1v7V}(KpT)2P*1@4tMjRHqXnY04sxf?cO2h^W)&S|D Qk`Jd|-RN8i{MU*94QW)JQ2+n{ literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem new file mode 100644 index 0000000..0127d82 --- /dev/null +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/keys/own/nevisfido-techuser-key/keystore.pem @@ -0,0 +1,49 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUWtp2pbSNdJCf9jA9 +KTzjbdorVLQCAggAMB0GCWCGSAFlAwQBKgQQb0NJGFGc8MxZaCZ71uYlEASCBND5 +XhsSZKjT6CN02euPCcN5ssgXTfOlHG5hl4KcpNl/K61CH+gNH3rTzzao8utmd5ko +cWbl6o6nj2IdiU8IlaqI+VIR2nfHaqoGhJHfLbvPu/SItKTFjFTRRKddyKTIjN0o +eVbHMzt8pHvNKnNK2JmKQ+TqphGTaDIgEEqPRSniE6WHLGuCfG/VdaeRxTZldj9D +QDR41gC2kgDbsenkZZjhGEJpgM4g3mD7bc0IHMRG1wfSW8qyd+S+XxjYdgMJmffc +PCMPv3TJ0Xbxfw+BKED9WeSIaXfCFmVprNXhWhMMN8Z7o3WxigVo2oRkHWbhSff4 +hFy4AQgyq8TOE1C2xeAcADEFagCHDdf0cs5LgwytpH5/0oTsm0+pFol6yEa7X1rF +Eu7NT8zLxXxqUdlCJ1A2AWbi17ER6snst4RfT7cCiI3d6q6IO2dsfuHSs17AHY2m +1KSfgVwH05o3W58ADUVuoZxtqCS0xMv2mvlTJ7xSb90R4hz5w1JBKjrYqq1Xy1Lr +pDc9kBEwJKtN9V63veUnHR5tFku9mVTEK6iykYWRNORexNEas5wsiuxrgaXtGN5G +ouhq9MCe5DI0coQOHM0Bvw1zfQ+wj8RUgrt0290WF0VtHW+zH0qbVHYZ6dKRY5YX +azzLvyu5AlH9p2MZr/+oZn6lgjmVEYq0UbsUvFoZy65qwi2XqL7FvXIVSVTgr7YY +hiODL4FBWJEevE+MujfOpOftzivdx1+/cuiQHcbqKlPQLnQXaUKI337u2o8uAEch +lP3AvI4DVi4m6IC9lo6657r8MqwMGmdEK9PRDPHUf7SP3HGX8fYArwRWILtHrcmc +/kHhKUkMxHduFb0nYQTVFnlpLEidcv6gYIVsh8Fx5pQWW+HyBD4sJuG7mLMgtmtY +vk9zayWbq0lw0Bb+E83vk9xtE0tUoFF/Wcl2nBf5PjfCqesGqr9CHElcQGfcINCg +3llXoeceN868e5DKgtQE6Fp5KukclgeeeX4kPj+UK7x4UGtdGcdghwH6EO7McQX1 +67kyLDcF4p5HnrzEhP2CVcVDHXoeykMCitvHaInwmJQsR209PVa/XxXB8YoMAAV1 +DB3GT024dAxFEl5r1HJm3A7BiFFuvQdUi+recFGKfmSNZ1Pwp2+8DV7UiAYLJ5Wf +o/aAwUQByITI3fBPvmEAA86FeWwtQ5BG5e+q7imH1ooOzrHQzaqwzQKU+IQCzaDF +sAqMtSD/hzIRjMKOSAL8bA2SVIXlLUnulWjPwW9zhUTv9yS1q2EsiFUJnOyq7iAI +fX72qEBvBXLFBdGhotMAXeg1YsXLUxbldqAWuPxpZMQ5S6J7GZZloXSe1Gy/ZZh4 +tKD8qQTS5Rfwiqxxo3kgaB/z0qG99pTB/wWv4fwnv6lFjJRjgyGONRYIGCVCFH2X +mdV2rTUxtwB1cIr71ksA64O3YkUObyfT8gSbLjPoBDBBPQQ3crbaQdiOjGUE9zUF +8kp3/mVj/kBCNtlc4dR/lJGuM97h2OpR5sLvb/5TN9C3tcXUyRmDjqJY/eX9ui0D +pEe6juN9Wy1yZtHauTIK0dqol+DJr56mMdMzBBmDagdr17Q2XK+GKrp5Z9rPbXJv +8qjMHKVFlbQRMtOY8N/PQenRyl1XmZIPk9HWj+9+6w== +-----END ENCRYPTED PRIVATE KEY----- + +-----BEGIN CERTIFICATE----- +MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw +FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1 +NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT +MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw +mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST +Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi +g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A +99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA +8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ +AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz +C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv +di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49 +BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz +WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU= +-----END CERTIFICATE----- diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml index 690b160..2cb576d 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/var/opt/nevisfido/default/conf/nevisfido.yml @@ -16,10 +16,10 @@ credential-repository: type: nevisidm client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720 rest-url: https://idm.adn-agov-nevisidm-01-uat:443/nevisidm - keystore: /var/opt/keys/own/ob-fido2-default-client-identity/keystore.p12 - keystore-passphrase: ${exec:/var/opt/keys/own/ob-fido2-default-client-identity/keypass} - truststore: /var/opt/keys/trust/ob-fido2-default-server-trust/truststore.p12 - truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido2-default-server-trust/keypass} + keystore: /var/opt/keys/own/nevisfido-techuser-key/keystore.p12 + keystore-passphrase: ${exec:/var/opt/keys/own/nevisfido-techuser-key/keypass} + truststore: /var/opt/keys/trust/ob-fido2-agov-work-internal-trust-store/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido2-agov-work-internal-trust-store/keypass} user-attribute: extId session-repository: diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml index 9574c60..f77b04e 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml @@ -46,11 +46,15 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd" + tag: "r-f65a315ec4cfd8575904ed12349257a59adbd1e2" dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy" credentials: "git-credentials" keystores: + - "ob-proxy-ob-realm-identity" - "ob-proxy-346a2bebb04a0b74c7c9b5b9" + truststores: + - "ob-proxy-ob-realm-signer-trust" + - "ob-proxy-ob-realm-tls-trust" ingresses: - "ob-proxy" podSecurity: diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml similarity index 57% rename from DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml rename to DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml index 5062fda..6233f87 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-client-identity-a2d03bb46b87b90160dc83d7.yaml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-identity-b4d2da2fa2d0b060752a1fe2.yaml @@ -1,18 +1,18 @@ apiVersion: "operator.nevis-security.ch/v1" kind: "NevisKeyStore" metadata: - name: "ob-fido2-default-client-identity" + name: "ob-proxy-ob-realm-identity" namespace: "adn-agov-nevisidm-ob-01-uat" labels: - deploymentTarget: "ob-fido2" + deploymentTarget: "ob-proxy" annotations: projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT" - patternId: "a2d03bb46b87b90160dc83d7" + patternId: "b4d2da2fa2d0b060752a1fe2" spec: - cn: "ob-fido2" + cn: "ob-proxy" usage: "" san: dns: - - "ob-fido2" - - "ob-fido2.adn-agov-nevisidm-ob-01-uat" + - "ob-proxy" + - "ob-proxy.adn-agov-nevisidm-ob-01-uat" email: [] diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml similarity index 65% rename from DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml rename to DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml index 2d65989..a342d41 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido2/etc/nevis/k8s-ob-fido2-default-server-trust-a2d03bb46b87b90160dc83d7.yaml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-signer-trust-b4d2da2fa2d0b060752a1fe2.yaml @@ -1,12 +1,12 @@ apiVersion: "operator.nevis-security.ch/v1" kind: "NevisTrustStore" metadata: - name: "ob-fido2-default-server-trust" + name: "ob-proxy-ob-realm-signer-trust" namespace: "adn-agov-nevisidm-ob-01-uat" labels: - deploymentTarget: "ob-fido2" + deploymentTarget: "ob-proxy" annotations: projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT" - patternId: "a2d03bb46b87b90160dc83d7" + patternId: "b4d2da2fa2d0b060752a1fe2" spec: keystores: [] diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml new file mode 100644 index 0000000..72b56e3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/etc/nevis/k8s-ob-proxy-ob-realm-tls-trust-b4d2da2fa2d0b060752a1fe2.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "ob-proxy-ob-realm-tls-trust" + namespace: "adn-agov-nevisidm-ob-01-uat" + labels: + deploymentTarget: "ob-proxy" + annotations: + projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT" + patternId: "b4d2da2fa2d0b060752a1fe2" +spec: + keystores: + - name: "ob-auth-default-identity" + namespace: "adn-agov-nevisidm-ob-01-uat" diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml index 4a70a68..4d3c3a4 100644 --- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml @@ -1,6 +1,116 @@ + + + SectokenVerifierCert + /var/opt/keys/trust/ob-proxy-ob-realm-signer-trust/truststore.pem + + + + AuthenticationService_ob-realm + ch::nevis::isiweb4::filter::auth::IdentityCreationFilter + + + AuthenticationServlet + Connector_ob-realm + + + + BodyReadSize + 32768 + + + + EntryPointID + ob.agov-w.azure.adnovum.net + + + + InactiveInterval + 7200 + + + + InterceptionRedirect + never + + + + LoginRendererServlet + LoginRenderer_ob-logrend + + + + Realm + ob-realm + + + + RecheckAuthentication + On + + + + RenewIdentification + true + + + + StateKey + ob-realm + + + + StoreInterceptedRequest + false + + + + + Authentication_ob-realm + ch::nevis::isiweb4::filter::auth::IdentityCreationFilter + + + AuthenticationServlet + Connector_ob-realm + + + + EntryPointID + ob.agov-w.azure.adnovum.net + + + + InactiveInterval + 7200 + + + + LoginRendererServlet + LoginRenderer_ob-logrend + + + + Realm + ob-realm + + + + RenewIdentification + true + + + + StateKey + ob-realm + + + + StoreInterceptedRequest + false + + ErrorHandler_Default @@ -24,6 +134,41 @@ + + + Level_2_ob-realm + ch::nevis::isiweb4::filter::auth::SecurityRoleFilter + + + AuthenticationServlet + Connector_ob-realm + + + + DynamicRoleAcquire + true + + + + DynamicRoleAcquire.CheckRoleRemoval + true + + + + InterceptionRedirect + never + + + + LoginRendererServlet + LoginRenderer_ob-logrend + + + + RolesRequired + 2 3 4 5 6 7 8 9 + + Qos @@ -53,6 +198,51 @@ + + + SessionHandler_ob-realm + ch::nevis::nevisproxy::filter::session::SessionManagementFilter + + + Cookie.ExtraAttributes + SameSite=None + + + + Cookie.Name + Session_ob-realm + + + + Cookie.Secure + true + + + + Identification + COOKIE + + + + MaxInactiveInterval + 600 + + + + MaxLifetime + 28800 + + + + Servlet + LocalSessionStoreServlet + + + + UpdateTimeStampMinInterval + 120 + + ErrorHandler_Default @@ -63,19 +253,184 @@ ResponseHeader_Default /* - + + + SessionHandler_ob-realm + /register/* + + + + SessionHandler_ob-realm + /pwreset/* + + + + Authentication_ob-realm + /register/* + + + + AuthenticationService_ob-realm + /pwreset/* + + + + Level_2_ob-realm + /register/* + + + + ch::nevis::isiweb4::listener::SessionListener + + - Default_New_Default_Service - - ch::nevis::isiweb4::servlet::defaults::DefaultServlet + Connector_ob-realm + + ch::nevis::isiweb4::servlet::connector::soap::esauth4::Esauth4ConnectorServlet + + + Transport.DNSCache.ttl + 60 + + + + Transport.InetAddress + ob-auth:8991 + + + + Transport.KeepAlive.LifeTime + 30 + + + + Transport.RequestTimeout + 90000 + + + + Transport.ResourceManager.RetryTimeout + 0 + + + + Transport.SSLCACertificateFile + /var/opt/keys/trust/ob-proxy-ob-realm-tls-trust/truststore.pem + + + + Transport.SSLCheckPeerHostname + false + + + + Transport.SSLClientCertificateFile + /var/opt/keys/own/ob-proxy-ob-realm-identity/cert.pem + + + + Transport.SSLClientKeyFile + /var/opt/keys/own/ob-proxy-ob-realm-identity/key.pem + + Hosting_Default + ch::nevis::isiweb4::servlet::defaults::DefaultServlet - + + + Hosting_ob-register-service + + ch::nevis::nevisproxy::servlet::file::FileReaderServlet + + + Profile + AllowSubDirectories + + + + RootDirectory + /var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/ + + + + + LocalSessionStoreServlet + + ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet + + + MaxInactiveInterval + 600 + + + + MaxLifetime + 28800 + + + + MemorySize + 512000000 + + + + + LoginRenderer_ob-logrend + + ch::nevis::isiweb4::servlet::rendering::LoginRendererServlet + + + PropagateRemoteHeaders + Set-Cookie + + + + RenderingProvider + remote:NevisLogrendConnector_ob-logrend:/nevislogrend/index.vm?logrendresourcepath=/nevislogrend + + + + + NevisLogrendConnector_ob-logrend + + ch::nevis::isiweb4::servlet::connector::http::HttpConnectorServlet + + + InetAddress + ob-logrend:8988 + + + + MappingType + pathinfo + + + + ResourceManager.RetryTimeout + 0 + + + + URIPrefix + /nevislogrend + + + - Default_New_Default_Service + NevisLogrendConnector_ob-logrend + /nevislogrend/* + + + + Hosting_Default + /pwreset/* + + + + Hosting_ob-register-service /register/* @@ -102,4 +457,9 @@ html text/html + + + txt + text/plain + diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt new file mode 100644 index 0000000..95d09f2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/readme.txt @@ -0,0 +1 @@ +hello world \ No newline at end of file