BUNDBITBK-4339

bundles.yml

@@ -1,13 +1,12 @@
 schemaVersion: "1.0"
 bundles:
-- "nevisadmin-plugin-nevisproxy:8.2405.0.6"
-- "nevisadmin-plugin-base-generation:8.2405.0.6"
-- "nevisadmin-plugin-nevisdetect:8.2405.0.6"
-- "nevisadmin-plugin-marketplace:8.2405.0.6"
-- "nevisadmin-plugin-mobile-auth:8.2405.0.6"
-- "nevisadmin-plugin-authcloud:8.2405.0.6"
-- "nevisadmin-plugin-nevisdp:8.2405.0.6"
-- "nevisadmin-plugin-fido2:8.2405.0.6"
-- "nevisadmin-plugin-nevisidm:8.2405.0.6"
-- "nevisadmin-plugin-oauth:8.2405.0.6"
-- "nevisadmin-plugin-nevisauth:8.2405.0.6"
+- "nevisadmin-plugin-oauth:8.2405.3.0"
+- "nevisadmin-plugin-authcloud:8.2405.3.0"
+- "nevisadmin-plugin-nevisidm:8.2405.3.0"
+- "nevisadmin-plugin-mobile-auth:8.2405.3.0"
+- "nevisadmin-plugin-fido2:8.2405.3.0"
+- "nevisadmin-plugin-nevisdp:8.2405.3.0"
+- "nevisadmin-plugin-nevisauth:8.2405.3.0"
+- "nevisadmin-plugin-nevisproxy:8.2405.3.0"
+- "nevisadmin-plugin-nevisdetect:8.2405.3.0"
+- "nevisadmin-plugin-base-generation:8.2405.3.0"

patterns/5f192f6e91687b30b5868750_authStatesFile/ob-realm-dispatch-cred-type.xml

@@ -0,0 +1,12 @@
+<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
+	<ResultCond name="fido2" next="${state.exit.1}"/>
+	<ResultCond name="accessapp" next="${state.exit.2}"/>
+	<ResultCond name="default" next="${state.entry}"/>
+	<Response value="AUTH_CONTINUE">
+		<Gui name="ChooseCredType" label="Choose Credential Type">
+			<GuiElem name="infotext" type="info" label="Choose the type of credential to register"/>
+			<GuiElem name="fido2" type="button" label="FIDO2 Key" value="fido2"/>
+			<GuiElem name="accessapp" type="button" label="AGOV access App" value="accessapp"/>
+		</Gui>
+	</Response>
+</AuthState>

patterns/_ob-realm-accessapp-registration_25bdd7e6f5b76694f6688ab8.yml

@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+  id: "25bdd7e6f5b76694f6688ab8"
+  className: "ch.nevis.admin.v4.plugin.nevisfido.outofband.patterns.OutOfBandMobileRegistration"
+  name: " ob-realm-accessapp-registration"
+  properties:
+    host:
+    - "pattern://346a2bebb04a0b74c7c9b5b9"
+    onSuccess:
+    - "pattern://0955c277bc073d31fb27ef21"
+    onCancel:
+    - "pattern://e1784eecf2db74484dd1e1bb"
+    nevisfido:
+    - "pattern://d990accd4fedae1acbc7109d"

patterns/agov-work-internal-trust-store_6d7b43fa096a87eaa1a44952.yml

@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+  id: "6d7b43fa096a87eaa1a44952"
+  className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.AutomaticTrustStoreProvider"
+  name: "agov-work-internal-trust-store"
+  properties:
+    truststoreFile: "var://agov-work-internal-trust-store-additional-trusted-certificates"

patterns/b10d246bc151306dba28de4a_resources/readme.txt

@@ -0,0 +1 @@
+hello world

patterns/be8f8436b2ec70e9d601fdd3_authStatesFile/ob-mock-me-auth-processor.xml

@@ -0,0 +1,43 @@
+<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
+	<ResultCond name="processResponse" next="${state.entry}_serviceProvider"/>
+	<Response value="AUTH_CONTINUE">
+		<Gui name="AuthErrorDialog"/>
+		<Gui name="op_mock_me_gui" label="AGOV MOCK me">
+			<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}" optional="true"/>
+			<GuiElem name="operation" type="text" label="operation" value="${inctx|connection.actualURL|^https:\/\/[^\/]+\/mock-me\/(.+)$|$1}" optional="true"/>
+			<GuiElem name="subject" type="text" label="subject" value="${notes:saml.assertion.subject}" optional="true"/>
+			<GuiElem name="statusCode" type="text" label="statusCode" value="${notes:saml.response.statusCode}" optional="true"/>
+			<GuiElem name="authnContextClassRef" type="text" label="authnContextClassRef" value="${notes:saml.assertion.authnContextClassRef}" optional="true"/>
+			<GuiElem name="authenticatedWith" type="text" label="authenticatedWith" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith}" optional="true"/>
+			<GuiElem name="requestedRoleLevel" type="text" label="requestedRoleLevel" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/requestedRoleLevel}" optional="true"/>
+			<GuiElem name="rpEntityId" type="text" label="rpEntityId" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/09/identity/claim/rpEntityId}" optional="true"/>
+			<GuiElem name="allowedVerificationMethods" type="text" label="allowedVerificationMethods" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/09/identity/claim/allowedVerificationMethods}" optional="true"/>
+			<GuiElem name="addressRequired" type="text" label="addressRequired" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/09/identity/claims/addressRequired}" optional="true"/>
+			<GuiElem name="currentAgovAq" type="text" label="currentAgovAq" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/11/identity/claims/currentAgovAq}" optional="true"/>
+			<GuiElem name="dateOfVerification" type="text" label="dateOfVerification" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification}" optional="true"/>
+			<GuiElem name="currentIdVerification" type="text" label="currentIdVerification" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2024/01/identity/claims/currentIdVerification}" optional="true"/>
+			<GuiElem name="back" type="button" label="submit.button.label" value="go"/>
+		</Gui>
+	</Response>
+	<property name="script" value="file:///var/opt/nevisauth/default/conf/mock-me-processing.groovy"/>
+	<property name="parameter.idp-sso-url" value="${param.idp-sso-url}"/>
+    <property name="parameter.idp-recovery-url" value="${param.idp-recovery-url}"/>
+</AuthState>
+<AuthState name="${state.entry}_serviceProvider" class="ch.nevis.esauth.auth.states.saml.ServiceProviderState" final="false"  resumeState="false">
+	<ResultCond name="ok" next="${state.entry}"/>
+	<ResultCond name="default" next="${state.entry}"/>
+	<Response value="AUTH_ERROR">
+		<Gui name="AuthErrorDialog"/>
+	</Response>
+	<property name="consumerURL" value="${param.mock-me-acs-url}"/>
+	<property name="idpURL" value="${param.idp-sso-url}"/>
+	<property name="in.verify" value="Response Assertion"/>
+	<property name="in.prospectVerification" value="Response Assertion"/>
+	<property name="in.binding" value="internal"/>
+	<property name="in.internalBindingSource" value="${notes:SAMLResponse}"/>
+	<property name="in.audienceRegex" value="${param.mock-me-audienceRegex}"/>
+	<property name="in.audience.checkrequired" value="false"/>
+	<property name="in.max_age" value="30"/>
+	<property name="in.keystoreref" value="DefaultKeyStore"/>
+	<property name="out.binding" value="none"/>
+</AuthState>

patterns/be8f8436b2ec70e9d601fdd3_resources/mock-me-processing.groovy

@@ -0,0 +1,23 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if (inargs['SAMLResponse']) {
+  response.setNote('SAMLResponse', inargs['SAMLResponse'])
+  request.getInArgs().remove('SAMLResponse')
+  response.setResult('processResponse')
+  return
+}
+
+
+if (inargs['back'] && inargs['back'] == 'go') {
+  response.setStatus(AuthResponse.AUTH_ERROR)
+  if (session['ch.nevis.auth.saml.assertion.authnContextClassRef'] && session['ch.nevis.auth.saml.assertion.authnContextClassRef'] == 'urn:qa.agov.ch:names:tc:ac:classes:recovery') {
+    response.setTransferDestination(parameters['idp-recovery-url'])
+  } else {
+    response.setTransferDestination(parameters['idp-sso-url'])
+  }
+  response.setIsRedirectTransfer(true)
+  return
+}
+
+// if we reach this line, display the GUI
+response.setStatus(AuthResponse.AUTH_CONTINUE)

patterns/nevisFido-techuser-key_540faa8b8de855d32f179dac.yml

@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+  id: "540faa8b8de855d32f179dac"
+  className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.PemKeyStoreProvider"
+  name: "nevisFido-techuser-key"
+  properties:
+    keystoreFiles: "var://nevisfido-techuser-key-key-store-content"
+    keyPass: "var://nevisfido-techuser-key-private-key-passphrase"

patterns/no-LoginRenderer_97ccf58a92ea008e353d6af7.yml

@@ -0,0 +1,6 @@
+schemaVersion: "1.0"
+pattern:
+  id: "97ccf58a92ea008e353d6af7"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisProxyLogrend"
+  name: "no-LoginRenderer"
+  properties: {}

patterns/ob-SecToken-for-work-IDM_1961ee3e6021268b5b99f355.yml

@@ -0,0 +1,6 @@
+schemaVersion: "1.0"
+pattern:
+  id: "1961ee3e6021268b5b99f355"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.SecToken"
+  name: "ob-SecToken-for-work-IDM"
+  properties: {}

patterns/ob-auth-log-settings_25dbf93ef96abab8182ebefc.yml

@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+  id: "25dbf93ef96abab8182ebefc"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.CustomAuthLogFile"
+  name: "ob-auth-log-settings"
+  properties:
+    logLevel: "WARN"
+    levels:
+    - Script: "DEBUG"
+    - OpTrace: "INFO"
+    - AuthEngine: "INFO"
+    - AuthPerf: "INFO"
+    - Vars: "INFO"
+    - HttpClient: "DEBUG"

patterns/ob-auth-signer-trust-store_17743e3041d86717f2697c1c.yml

@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+  id: "17743e3041d86717f2697c1c"
+  className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.PemTrustStoreProvider"
+  name: "ob-auth-signer-trust-store"
+  properties:
+    truststoreFile: "var://ob-auth-signer-trust-store"

patterns/ob-auth-signer_f94db670348c3abce35d473a.yml

@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+  id: "f94db670348c3abce35d473a"
+  className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.PemKeyStoreProvider"
+  name: "ob-auth-signer"
+  properties:
+    keystoreFiles: "var://ob-auth-signer-key-store"
+    keyPass: "var://ob-auth-signer-private-key-passphrase"

patterns/ob-auth_d00b0dcbe241793d30daf91c.yml

@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+  id: "d00b0dcbe241793d30daf91c"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable"
+  name: "ob-auth"
+  deploymentHosts: "ob-auth"
+  properties:
+    logging:
+    - "pattern://25dbf93ef96abab8182ebefc"
+    backendTrustStore:
+    - "pattern://6d7b43fa096a87eaa1a44952"
+    signerKeyStore:
+    - "pattern://f94db670348c3abce35d473a"

patterns/ob-evisIDM-REST-Service_136d83ad842c5b255417cd87.yml

@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+  id: "136d83ad842c5b255417cd87"
+  className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMRESTServiceAccess"
+  name: "ob-evisIDM-REST-Service"
+  properties:
+    host:
+    - "pattern://346a2bebb04a0b74c7c9b5b9"
+    nevisIDM:
+    - "pattern://30b947532c14be9f85f63a55"
+    realm:
+    - "pattern://a005869dc3d479c2323115d0"
+    token:
+    - "pattern://1961ee3e6021268b5b99f355"

patterns/ob-fido-uaf-instance-settings_a3e412c0c4aaf7217c8f5994.yml

@@ -0,0 +1,6 @@
+schemaVersion: "1.0"
+pattern:
+  id: "a3e412c0c4aaf7217c8f5994"
+  className: "ch.nevis.admin.v4.plugin.nevisfido.deployable.patterns.GenericNevisFIDOSettings"
+  name: "ob-fido-uaf-instance-settings"
+  properties: {}

patterns/ob-fido-uaf-log-settings_2c2ffee41da5095996e1f131.yml

@@ -0,0 +1,10 @@
+schemaVersion: "1.0"
+pattern:
+  id: "2c2ffee41da5095996e1f131"
+  className: "ch.nevis.admin.v4.plugin.nevisfido.deployable.patterns.NevisFIDOLogSettings"
+  name: "ob-fido-uaf-log-settings"
+  properties:
+    logLevel: "WARN"
+    levels:
+    - OpTrace: "INFO"
+    - ch.nevis.auth.fido.api.uaf: "DEBUG"

patterns/ob-fido-uaf_d990accd4fedae1acbc7109d.yml

@@ -0,0 +1,24 @@
+schemaVersion: "1.0"
+pattern:
+  id: "d990accd4fedae1acbc7109d"
+  className: "ch.nevis.admin.v4.plugin.nevisfido.deployable.patterns.NevisFIDODeployable"
+  name: "ob-fido-uaf"
+  deploymentHosts: "ob-fido-uaf"
+  properties:
+    logging:
+    - "pattern://2c2ffee41da5095996e1f131"
+    frontendAddress: "https://auth.agov-w.azure.adnovum.net"
+    signerTrustStore:
+    - "pattern://17743e3041d86717f2697c1c"
+    database:
+    - "pattern://e891ec2f4f924135261d22ce"
+    link: "Custom URI"
+    customURILink: "ch.agov.access-t://x-callback-url/authenticate"
+    nevisidm:
+    - "pattern://30b947532c14be9f85f63a55"
+    backendKeyStore:
+    - "pattern://540faa8b8de855d32f179dac"
+    backendTrustStore:
+    - "pattern://6d7b43fa096a87eaa1a44952"
+    addons:
+    - "pattern://a3e412c0c4aaf7217c8f5994"

patterns/ob-fido2_a2d03bb46b87b90160dc83d7.yml

@@ -0,0 +1,19 @@
+schemaVersion: "1.0"
+pattern:
+  id: "a2d03bb46b87b90160dc83d7"
+  className: "ch.nevis.admin.v4.plugin.fido2.patterns.NevisFIDODeployable"
+  name: "ob-fido2"
+  deploymentHosts: "ob-fido2"
+  properties:
+    signerTrustStore:
+    - "pattern://17743e3041d86717f2697c1c"
+    relyingPartyName: "var://nevisfido2-relying-party-name"
+    relyingPartyId: "var://nevisfido2-relying-party-id"
+    relyingPartyOrigins: "var://nevisfido2-relying-party-origins"
+    idm:
+    - "pattern://30b947532c14be9f85f63a55"
+    client: "var://agov-client-id"
+    clientKeyStore:
+    - "pattern://540faa8b8de855d32f179dac"
+    serverTrustStore:
+    - "pattern://6d7b43fa096a87eaa1a44952"

patterns/ob-logrend_bed300e1196a171ca12db431.yml

@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+  id: "bed300e1196a171ca12db431"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisLogrendDeployable"
+  name: "ob-logrend"
+  deploymentHosts: "ob-logrend"
+  properties: {}

patterns/ob-me-mock-application_ab2d7423513108f96767a0ec.yml

@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+  id: "ab2d7423513108f96767a0ec"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.AuthenticationFlow"
+  name: "ob-me-mock-application"
+  properties:
+    host:
+    - "pattern://346a2bebb04a0b74c7c9b5b9"
+    path: "/mock-me/"
+    realm:
+    - "pattern://14b02056879c3b8991597d2b"

patterns/ob-mock-me-auth-processor_be8f8436b2ec70e9d601fdd3.yml

@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+  id: "be8f8436b2ec70e9d601fdd3"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+  name: "ob-mock-me-auth-processor"
+  properties:
+    authStatesFile: "res://be8f8436b2ec70e9d601fdd3#authStatesFile"
+    parameters: "idp-sso-url: https://auth.agov-w.azure.adnovum.net/SAML2/SSO/\nidp-recovery-url:\
+      \ https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/\nmock-me-acs-url: https://ob.agov-w.azure.adnovum.net/mock-me/process\n\
+      mock-me-audienceRegex: https://ob.agov-w.azure.adnovum.net/mock-me/.+"
+    resources: "res://be8f8436b2ec70e9d601fdd3#resources"

patterns/ob-mock-me-realm_14b02056879c3b8991597d2b.yml

@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+  id: "14b02056879c3b8991597d2b"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm"
+  name: "ob-mock-me-realm"
+  properties:
+    authenticate:
+    - "pattern://be8f8436b2ec70e9d601fdd3"
+    auth:
+    - "pattern://d00b0dcbe241793d30daf91c"
+    logrend:
+    - "pattern://bed300e1196a171ca12db431"

patterns/ob-nevisIDM-SOAP-Service_a922939d935fd9bfc7643530.yml

@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+  id: "a922939d935fd9bfc7643530"
+  className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMSOAPServiceAccess"
+  name: "ob-nevisIDM-SOAP-Service"
+  properties:
+    host:
+    - "pattern://346a2bebb04a0b74c7c9b5b9"
+    nevisIDM:
+    - "pattern://30b947532c14be9f85f63a55"
+    realm:
+    - "pattern://a005869dc3d479c2323115d0"
+    token:
+    - "pattern://1961ee3e6021268b5b99f355"

patterns/ob-proxy_b4d2da2fa2d0b060752a1fe2.yml

@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+  id: "b4d2da2fa2d0b060752a1fe2"
+  className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.NevisProxyDeployable"
+  name: "ob-proxy"
+  deploymentHosts: "ob-proxy"
+  properties:
+    defaultHostContext:
+    - "pattern://346a2bebb04a0b74c7c9b5b9"

patterns/ob-realm-dispatch-cred-type_5f192f6e91687b30b5868750.yml

@@ -0,0 +1,10 @@
+schemaVersion: "1.0"
+pattern:
+  id: "5f192f6e91687b30b5868750"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+  name: "ob-realm-dispatch-cred-type"
+  properties:
+    authStatesFile: "res://5f192f6e91687b30b5868750#authStatesFile"
+    nextSteps:
+    - "pattern://3d382e0cf987535b6fa989b4"
+    - "pattern://25bdd7e6f5b76694f6688ab8"

patterns/ob-realm-fido2-registration_3d382e0cf987535b6fa989b4.yml

@@ -0,0 +1,17 @@
+schemaVersion: "1.0"
+pattern:
+  id: "3d382e0cf987535b6fa989b4"
+  className: "ch.nevis.admin.v4.plugin.fido2.patterns.FIDO2Onboarding"
+  name: "ob-realm-fido2-registration"
+  properties:
+    fido:
+    - "pattern://a2d03bb46b87b90160dc83d7"
+    onSuccess:
+    - "pattern://0955c277bc073d31fb27ef21"
+    onUnsupported:
+    - "pattern://e1784eecf2db74484dd1e1bb"
+    onCancel:
+    - "pattern://e1784eecf2db74484dd1e1bb"
+    residentKey: "required"
+    userVerification: "required"
+    attestation: "direct"

patterns/ob-realm-idm-pwd-login_e1784eecf2db74484dd1e1bb.yml

@@ -0,0 +1,22 @@
+schemaVersion: "1.0"
+pattern:
+  id: "e1784eecf2db74484dd1e1bb"
+  className: "ch.nevis.admin.v4.plugin.nevisidm.patterns2.NevisIDMPasswordLogin"
+  name: "ob-realm-idm-pwd-login"
+  properties:
+    nevisIDM:
+    - "pattern://30b947532c14be9f85f63a55"
+    onSuccess:
+    - "pattern://5f192f6e91687b30b5868750"
+    attributes:
+    - "extId"
+    - "loginId"
+    - "firstName"
+    - "name"
+    - "email"
+    - "language"
+    passwordResetEnabled: "enabled"
+    separateScreens: "disabled"
+    clientInput: "enabled"
+    loginType: "EMAIL"
+    useDefaultProfile: "enabled"

patterns/ob-realm-registration-done_0955c277bc073d31fb27ef21.yml

@@ -0,0 +1,6 @@
+schemaVersion: "1.0"
+pattern:
+  id: "0955c277bc073d31fb27ef21"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.AuthenticationDone"
+  name: "ob-realm-registration-done"
+  properties: {}

patterns/ob-realm_6e7b5a087711bd0ada9985fe.yml

@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+  id: "6e7b5a087711bd0ada9985fe"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm"
+  name: "ob-realm"
+  properties:
+    authenticate:
+    - "pattern://e1784eecf2db74484dd1e1bb"
+    auth:
+    - "pattern://d00b0dcbe241793d30daf91c"
+    logrend:
+    - "pattern://bed300e1196a171ca12db431"

patterns/ob-register-service-trigger_54c2d90d05f13df1b90bc6b2.yml

@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+  id: "54c2d90d05f13df1b90bc6b2"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.AuthorizationPolicy"
+  name: "ob-register-service-trigger"
+  properties:
+    level: "2"

patterns/ob-register-service_b10d246bc151306dba28de4a.yml

@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+  id: "b10d246bc151306dba28de4a"
+  className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HostingService"
+  name: "ob-register-service"
+  properties:
+    host:
+    - "pattern://346a2bebb04a0b74c7c9b5b9"
+    path: "/register/"
+    resources: "res://b10d246bc151306dba28de4a#resources"
+    realm:
+    - "pattern://6e7b5a087711bd0ada9985fe"
+    addons:
+    - "pattern://54c2d90d05f13df1b90bc6b2"

patterns/ob-service-auth-realm_a005869dc3d479c2323115d0.yml

@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+  id: "a005869dc3d479c2323115d0"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm"
+  name: "ob-service-auth-realm"
+  properties:
+    authenticate:
+    - "pattern://e1784eecf2db74484dd1e1bb"
+    tokens:
+    - "pattern://1961ee3e6021268b5b99f355"
+    auth:
+    - "pattern://d00b0dcbe241793d30daf91c"
+    logrend:
+    - "pattern://bed300e1196a171ca12db431"

patterns/ob-vhost_346a2bebb04a0b74c7c9b5b9.yml

@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+  id: "346a2bebb04a0b74c7c9b5b9"
+  className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HostContext"
+  name: "ob-vhost"
+  properties:
+    proxy:
+    - "pattern://b4d2da2fa2d0b060752a1fe2"
+    addresses: "https://ob.agov-w.azure.adnovum.net/"

patterns/work-idm-connector_30b947532c14be9f85f63a55.yml

@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+  id: "30b947532c14be9f85f63a55"
+  className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMConnector"
+  name: "work-idm-connector"
+  properties:
+    url: "idm:8989"
+    kubernetes: "other_namespace"
+    kubernetesNamespace: "adn-agov-nevisidm-01-uat"

patterns/work-mariadb-session-store_e891ec2f4f924135261d22ce.yml

@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+  id: "e891ec2f4f924135261d22ce"
+  className: "ch.nevis.admin.v4.plugin.nevisfido.patterns.NevisFIDODatabase"
+  name: "work-mariadb-session-store"
+  properties:
+    type: "MariaDB"
+    hosts: "var://fido-session-store-database-host"
+    database: "var://fido-session-store-database-name-uaf"
+    rootCredential: "var://fido-session-store-root-credential"
+    rootCredentialNamespace: "var://fido-session-store-root-credential-namespace"
+    user: "var://fido-session-store-database-user"
+    password: "var://fido-session-store-database-password"
+    databaseManagement: "complete"

variables.yml

@@ -0,0 +1,120 @@
+schemaVersion: "1.0"
+variables:
+  agov-client-id:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 1
+      maxAllowed: 1
+    value: "100"
+    requireOverloading: true
+  agov-work-internal-trust-store-additional-trusted-certificates:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+    parameters:
+      minRequired: 0
+    value: null
+    requireOverloading: true
+  fido-session-store-database-host:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.HostPortProperty"
+    parameters:
+      minRequired: 0
+      maxAllowed: 2
+      portRequired: false
+    value: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306"
+    requireOverloading: true
+  fido-session-store-database-name-uaf:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 1
+      maxAllowed: 1
+    value: "nevisfido_uaf"
+    requireOverloading: true
+  fido-session-store-database-password:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 0
+      maxAllowed: 1
+      secret: true
+    value: "sample password"
+    requireOverloading: true
+  fido-session-store-database-user:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 0
+      maxAllowed: 1
+    value: "uaf"
+    requireOverloading: true
+  fido-session-store-root-credential:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 0
+      maxAllowed: 1
+    value: "root-mariadb-session-store"
+    requireOverloading: true
+  fido-session-store-root-credential-namespace:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 0
+      maxAllowed: 1
+    value: "ns"
+    requireOverloading: true
+  nevisfido-techuser-key-key-store-content:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+    parameters:
+      minRequired: 0
+      secretPreserving: true
+    value: null
+    requireOverloading: true
+  nevisfido-techuser-key-private-key-passphrase:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 0
+      maxAllowed: 1
+      secret: true
+    value: "sample password"
+    requireOverloading: true
+  nevisfido2-relying-party-id:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.HostProperty"
+    parameters:
+      minRequired: 1
+      maxAllowed: 1
+    value: "adnovum.net"
+    requireOverloading: true
+  nevisfido2-relying-party-name:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 1
+      maxAllowed: 1
+    value: "AGOV"
+    requireOverloading: true
+  nevisfido2-relying-party-origins:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 1
+    value:
+    - "https://ob.agov-w.azure.adnovum.net"
+    - "https://me.agov-w.azure.adnovum.net"
+    - "https://nevisidm.agov-w.azure.adnovum.net"
+    - "https://auth.agov-w.azure.adnovum.net"
+    requireOverloading: true
+  ob-auth-signer-key-store:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+    parameters:
+      minRequired: 0
+      secretPreserving: true
+    value: null
+    requireOverloading: true
+  ob-auth-signer-private-key-passphrase:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 0
+      maxAllowed: 1
+      secret: true
+    value: "sample password"
+    requireOverloading: true
+  ob-auth-signer-trust-store:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+    parameters:
+      minRequired: 0
+      secretPreserving: true
+    value: null
+    requireOverloading: true