new configuration version

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml

@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-7188c402aab16fcbb1e1435446513b8abc18de8e"
+    tag: "r-bba80526cea899b1947578419a14c74492ea501f"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth-v1/var/opt/nevisauth/default/conf/filterRedirectionPaths.groovy

@@ -18,7 +18,7 @@ if (request.getSession(false) == null) {
 }
 
 def redirectionPath = getPathFromURL(request['currentResource'])
-def applicationPaths = ["/register/","/pwreset/"]
+def applicationPaths = ["/nevisauth/","/register/","/pwreset/"]
 def denyRegexes = [".*[\\n\\r]+.*"]
 
 def denied = false

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1/etc/nevis/k8s-ob-proxy-b4d2da2fa2d0b060752a1fe2.yaml

@@ -47,7 +47,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-7188c402aab16fcbb1e1435446513b8abc18de8e"
+    tag: "r-dc60a2b08425e5cdcb7a9f6d9c2ec516b52bafeb"
     dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1"
     credentials: "git-credentials"
   keystores:
@@ -59,6 +59,7 @@ spec:
   - "ob-proxy-v1-ob-realm-signer-trust"
   - "ob-proxy-v1-ob-mock-me-realm-tls-trust"
   - "ob-proxy-v1-ob-mock-me-realm-signer-trust"
+  - "ob-proxy-v1-agov-work-internal-trust-store"
   ingresses:
   - "ob-proxy-v1"
   podSecurity:

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1/etc/nevis/k8s-ob-proxy-v1-agov-work-internal-trust-store-b4d2da2fa2d0b060752a1fe2.yaml

@@ -0,0 +1,14 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisTrustStore"
+metadata:
+  name: "ob-proxy-v1-agov-work-internal-trust-store"
+  namespace: "adn-agov-nevisidm-ob-01-uat"
+  labels:
+    deploymentTarget: "ob-proxy-v1"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
+    patternId: "b4d2da2fa2d0b060752a1fe2"
+spec:
+  keystores: []
+  extraCerts:
+  - "-----BEGIN CERTIFICATE-----\nMIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw\nFAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0\nMzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9\n04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK\nBggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx\nt2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA==\n-----END CERTIFICATE-----\n"

DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy-v1/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/WEB-INF/web.xml

@@ -398,6 +398,82 @@
     <listener>
         <listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
     </listener>
+    <!-- source: pattern://bcfcb6808653a4ca9054146b, pattern://bcfcb6808653a4ca9054146b#allowedMethods, pattern://bcfcb6808653a4ca9054146b#backends, pattern://bcfcb6808653a4ca9054146b#responseRewrite, pattern://bcfcb6808653a4ca9054146b#truststore -->
+    <servlet>
+        <servlet-name>Connector_ArtifactResolutionService</servlet-name>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b#allowedMethods -->
+        <init-param>
+            <param-name>AllowedMethods</param-name>
+            <param-value>ALL-HTTP,ALL-WEBDAV,-TRACE,-CONNECT</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b#responseRewrite -->
+        <init-param>
+            <param-name>AutoRewrite</param-name>
+            <param-value>header</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>CookieManager</param-name>
+            <param-value>block:^.*$</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>DNSCache.ttl</param-name>
+            <param-value>60</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b#backends -->
+        <init-param>
+            <param-name>InetAddress</param-name>
+            <param-value>auth.adn-agov-nevisidm-01-uat:8991</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>KeepAlive.LifeTime</param-name>
+            <param-value>30</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>RequestTimeout</param-name>
+            <param-value>90000</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>ResourceManager.RetryTimeout</param-name>
+            <param-value>0</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b#truststore -->
+        <init-param>
+            <param-name>SSLCACertificateFile</param-name>
+            <param-value>/var/opt/keys/trust/ob-proxy-v1-agov-work-internal-trust-store/truststore.pem</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>SSLCheckPeerHostname</param-name>
+            <param-value>false</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>SSLClientCertificateFile</param-name>
+            <param-value>/var/opt/keys/own/ob-proxy-v1-ob-realm-identity/cert.pem</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>SSLClientKeyFile</param-name>
+            <param-value>/var/opt/keys/own/ob-proxy-v1-ob-realm-identity/key.pem</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b -->
+        <init-param>
+            <param-name>SSLSNISupport</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <!-- source: pattern://bcfcb6808653a4ca9054146b#backends -->
+        <init-param>
+            <param-name>UseSSL</param-name>
+            <param-value>true</param-value>
+        </init-param>
+    </servlet>
     <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
     <servlet>
         <servlet-name>Connector_NevisFIDO</servlet-name>
@@ -606,6 +682,11 @@
         <servlet-name>Hosting_Default</servlet-name>
         <url-pattern>/mock-me/*</url-pattern>
     </servlet-mapping>
+    <!-- source: pattern://bcfcb6808653a4ca9054146b, pattern://bcfcb6808653a4ca9054146b#path -->
+    <servlet-mapping>
+        <servlet-name>Connector_ArtifactResolutionService</servlet-name>
+        <url-pattern>/nevisauth/*</url-pattern>
+    </servlet-mapping>
     <!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
     <servlet-mapping>
         <servlet-name>Connector_NevisFIDO</servlet-name>