From a4bc0c78af141252f0184ab4deb507b0e9fa25fc Mon Sep 17 00:00:00 2001
From: haburger <haburger>
Date: Wed, 28 Aug 2024 11:28:45 +0000
Subject: [PATCH] new configuration version

---
 .../k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml |   2 +-
 .../opt/nevisauth/default/conf/esauth4.xml    |   2 +-
 ...-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml |   3 +--
 ...signer-trust-d990accd4fedae1acbc7109d.yaml |  12 ------------
 .../trust/ob-auth-signer-trust-store/keypass  |   2 ++
 .../ob-auth-signer-trust-store/truststore.jks | Bin 0 -> 814 bytes
 .../ob-auth-signer-trust-store/truststore.p12 | Bin 0 -> 1126 bytes
 .../ob-auth-signer-trust-store/truststore.pem |  18 ++++++++++++++++++
 .../opt/nevisfido/default/conf/nevisfido.yml  |  16 ++++++++--------
 9 files changed, 31 insertions(+), 24 deletions(-)
 delete mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
 create mode 100755 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/keypass
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.jks
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
 create mode 100644 DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.pem

diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
index 6860ff6..162c97f 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
+    tag: "r-0fcea0ae54f7c32644331ee1e07ec004989e173c"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
index c147a6b..209cd34 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
@@ -117,7 +117,7 @@
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
             <property name="chooseDefaultProfile" value="true"/>
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
-            <property name="user.attributes" value="mobile, email, extId"/>
+            <property name="user.attributes" value="extId, loginId, firstName, name, email, language"/>
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
             <property name="detaillevel.default" value="EXCLUDE"/>
             <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
index c120de9..61e1add 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
@@ -46,14 +46,13 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
+    tag: "r-0fcea0ae54f7c32644331ee1e07ec004989e173c"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf"
     credentials: "git-credentials"
   keystores:
   - "ob-fido-uaf-default-server-identity"
   truststores:
   - "ob-fido-uaf-agov-work-internal-trust-store"
-  - "ob-fido-uaf-default-signer-trust"
   - "ob-fido-uaf-default-client-trust"
   podSecurity:
     policy: "baseline"
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
deleted file mode 100644
index 3457a5f..0000000
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisTrustStore"
-metadata:
-  name: "ob-fido-uaf-default-signer-trust"
-  namespace: "adn-agov-nevisidm-ob-01-uat"
-  labels:
-    deploymentTarget: "ob-fido-uaf"
-  annotations:
-    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
-    patternId: "d990accd4fedae1acbc7109d"
-spec:
-  keystores: []
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/keypass b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/keypass
new file mode 100755
index 0000000..5b0d317
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/keypass
@@ -0,0 +1,2 @@
+#!/bin/bash
+echo 'password'
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.jks b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..309012b98c55e991a53f01bedf4f918eaee3d1e1
GIT binary patch
literal 814
zcmezO_TO6u1_mY|W(3n5X_+bcx}}L}K!J%f_Bls0utw;a8dw6=yftWIdI`k+3z(T0
znV1A>kKg@zLsrxNXXAz2OE|iw7;v$1XtjBqvt?msGLSG7GZ0~84rO5$<}FUmNh{7w
z&r40wO-?kB6X!KDF)%eSH8eFfFt&&Sa)BH;*C4`>+kg|KlTDb(*~5?rXe^M!A<XP;
z5e(z8qwu&;c-#=4paDO`dbp1ani!P~c-c6CZfyI`%gD&c%D~*j$j<;2=VEGNWMsHj
z$b90gbJ^L=PuOcZJQ_F5Fp#}{E<!8+rtU_I$Q(0|#)rK>O5)liUvi%|a1JZbx9@oR
z{}tc5rJOgacy4NiOxDvWIWyx(-epzo<0t%-A0D=tW~)4J)$M7omn8p=J@(3JM%cBQ
zeLvQ{FFMHQdP-I~sku|#jDbmQ62~@$hgR8X{H1I14>>6ER$a?Gd{1}r`kz`XLEXg(
z*9#PHc=I^My*=>##;Ry3_PSZ8|LnV1FOcyrY4+qd$!>qF4g?;|-?!|Qcunm)qvi_R
zvs2!rPnxH-+Tp{M-<*cqUc{df5L8?H)XMa*|LbfCHW#JjM?0h0r)-|JoJT>#-hRrm
zx2o~|k$k6bGBGnUFfMLfZ_v2LfDagWviyvU|5<>s$=+Zf3*xJ?fFhMcn~jl`m7SRp
z&SEm)0Z9vklrtGH7|4To$}AEFVhtj{6Q#tI3_nczm{iRD<f2Xe2|m3*10RqAK^9j7
z=O%dcG%3Q8o?c=~o^E1#ewl7wYFTD+W=gKEfgvzWmNbgw<rk$E<WxH3<R>TQ=%wW6
zCT8X#r#og31_M_n1%Y*yCRYv>SKj~bv3cnZv1v!Q#DAE;5z({FZO00U%f}p;6dAq-
z7Du&h%xHFBk$myG%ff3?^L8j+JX4eI=w0&eSo{ss_HZfPAhl=fr>x<upR+8kEW=Q;
F0RX*I6r%tD

literal 0
HcmV?d00001

diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12 b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..7b3eb890d55250a67fba9bbd275ba7a97eec94bb
GIT binary patch
literal 1126
zcmV-s1eyCVf&^j$0Ru3C1PlfVDuzgg_YDCD0ic2d{RDyo`7nY5^)P}1@dgPhhDe6@
z4FLxRpn?P9FoFZ#0s#Opf&<qE2`Yw2hW8Bt2LUi<1_>&LNQU<f0R;^(Sui*T2`Yw2
zhW8Bt1q?7N1Qcu_>ZN+Qe%4v`Ymo-?0Ak?#p(FwVClCSwATSID2r7n1hW8Bu2?YQ!
z9R>+thDZTr0|Wso1Q5rgw9%2daj}};(W9T$ZLNTU17O%?EA{m7=~zp<mP;U)C6(XJ
zDVoibI-~{kyjgbwY3px2l!BNjd%GJ%q1fcz2U3O4PZp~|(r}(Ncy7J~^<sGYMm}AH
z(9EjUot-gnNv0QM>ZpZ>e0sKHA=wRwnp#Oq_ic^36{uEy5kT5@`LS}q_irp9T74s0
zxX4$i{{z~f)t&w|QB6O*y)=0)EsO`gZ@c@F;K%XGL?w;$=R(M-F16f)bcgSaRB6HE
z_lQH-pfR;krROwt2q4x7i{6_r<*<|uQK<+oInb|`JgLd^tq1}tz^Rl=l$u4PhIcPG
z-$}c+AlwcS!7+Qyx=Dz?$aAwLH`XuUk&+Q2n0|jL-R^YYjPc~i#%UrD^y62{0xELf
z&3ZFx8WH|_Lg>iD8H|vN+zJFGZB#0x+upRmB3Gv^8%f8hgAF7PDRr+IhFaaYg~i!+
zGc(zS!5e9kKobn}sIcT4l#CcwL_{Uj%QoRg`*O{tb~+?YDaTW#ZaT0sQ$)U3Mgapo
z2`6TX2Elg>DCSFNq6V3%7S9YvlsKf&P;E>BL%OK<Y!x*Z^;zY(fqsByzIzO-)Oo{f
zH0KqbG)xbl7I!_$Tx!?|3@4_6(>||jj5)z1!Bb$3p0I82-L{QJd33xae31~%BGHUH
zLvuE(<{=;7(W3V>k*xfQZEc35nX;LZBb$dqbABD`Y>)OFN`d0X+d`T$Z_)g_jfy-x
zRPq_zp&@leqR(Tok&zVHo}!#~$1qeqya7%^&a+#lBwxVFos=K+lbORMUhu)&v?DaJ
ze%~#&!UNSBtp91ZxKQ4>a5ElWVyHY2^CAiyF7Hn)u7kTlAU-Y(R>WC-DwHEMi`+xS
zHHvOuHqV5ZMh3$W0nJkNO5GjYHovdR;ll^6s>!+Is{A?IR>Y)V>GqNq1eWEH_l)C3
zguh*^fvV^JJa0C#D54@vgS*^F0&n8vR#{|^9lvLis0*BGscIYp;|;ERuD9=nnEZW5
zRhvH|=5to@KnjG+?<iY@FK9Hu^~n2XFehQQvCMMj6EWd+Q0pC1*`|v!jKXf`No_P-
zC*U5(!W_qx;HP-!DVEK{y9vIFXZ8c(g~=7K^MZ3ffJmi9?1WAa1w>E4@OBhce7U)K
zAzls`B08l6lC1rU(ETt?FflL<1_@w>NC9O71OfpC00bbK@rImM&UQ5{rv4<y5a#Or
satpIIKPv_cEI*(U8#9;$6n4Z6Z-8EGnTfTc*wDFF=Jtd?nF0bQ5CbOz-2eap

literal 0
HcmV?d00001

diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.pem b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.pem
new file mode 100644
index 0000000..0d07b2a
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
+FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
+NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
+MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
+mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
+Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
+g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
+99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
+8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
+AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
+C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
+di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
+BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
+WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
+-----END CERTIFICATE-----
diff --git a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
index 40793ba..cc4f166 100644
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
@@ -68,8 +68,8 @@ fido-uaf:
   authorization:
     registration:
       type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
       truststore-type: pkcs12
       username-attribute-names:
         - loginId
@@ -78,16 +78,16 @@ fido-uaf:
       type: none
     deregistration:
       type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
       truststore-type: pkcs12
       username-attribute-names:
         - loginId
         - userid
     create-dispatch-target:
       type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
       truststore-type: pkcs12
       username-attribute-names:
         - loginId
@@ -96,8 +96,8 @@ fido-uaf:
       type: none
     delete-dispatch-target:
       type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
       truststore-type: pkcs12
       username-attribute-names:
         - userid