2024-11-04 15:46:00 +00:00
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
|
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
|
|
|
|
|
<esauth-server instance="nai">
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
|
|
|
|
|
<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<LocalSessionStore maxSessions="100000"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<TokenAssembler name="DefaultTokenAssembler">
|
|
|
|
|
<Selector default="true"/>
|
|
|
|
|
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
|
|
|
<TokenSpec ttl="28800">
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.userid" as="userid"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.entryid" as="entryid"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.loginid" as="loginId"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.domain" as="domain"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<field src="session" key="ch.nevis.session.secroles" as="roles"/>
|
|
|
|
|
</TokenSpec>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<Signer key="DefaultSigner"/>
|
|
|
|
|
</TokenAssembler>
|
2024-11-11 08:35:11 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<TokenAssembler name="Token_cossa_realm_New_NEVIS_SecToken">
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<Selector default="false"/>
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<TokenSpec ttl="28800">
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<field src="session" key="123456" as="userid"/>
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<field src="session" key="WEAK" as="authLevel"/>
|
|
|
|
|
</TokenSpec>
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<Signer key="Signer_New_NEVIS_SecToken"/>
|
|
|
|
|
</TokenAssembler>
|
2024-11-11 08:45:46 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<KeyStore name="DefaultKeyStore">
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
|
2024-11-11 08:35:11 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<KeyObject name="Signer_New_NEVIS_SecToken" certificate="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keypass"/>
|
2024-11-04 15:46:00 +00:00
|
|
|
</KeyStore>
|
2024-11-11 09:07:06 +00:00
|
|
|
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
|
|
|
|
|
<KeyStore name="JwtToken">
|
|
|
|
|
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
|
|
|
|
|
<KeyObject name="New_nevisAuth_KeyObject" certificate="/var/opt/keys/trust/nai-new-nevisauth-keyobject/truststore.jks"/>
|
|
|
|
|
</KeyStore>
|
2024-11-04 15:46:00 +00:00
|
|
|
</SessionCoordinator>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
|
|
|
<LocalOutOfContextDataStore reaperPeriod="60"/>
|
|
|
|
|
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-07 06:53:12 +00:00
|
|
|
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
|
2024-11-04 15:46:00 +00:00
|
|
|
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
|
|
|
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
2024-11-07 06:53:12 +00:00
|
|
|
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
|
|
|
|
|
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
|
2024-11-04 15:46:00 +00:00
|
|
|
<Entry method="stepup" state="cossa_realm_Selector"/>
|
2024-11-07 06:53:12 +00:00
|
|
|
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
|
2024-11-04 15:46:00 +00:00
|
|
|
</Domain>
|
2024-11-07 06:53:12 +00:00
|
|
|
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" final="false" resumeState="true">
|
|
|
|
|
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
|
|
|
<ResultCond name="failed" next="cossa_realm_New_Authentication_Failed"/>
|
|
|
|
|
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
2024-11-11 09:11:19 +00:00
|
|
|
<ResultCond name="ok" next="cossa_realm_JwtToken"/>
|
2024-11-07 06:53:12 +00:00
|
|
|
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
|
|
|
<Response value="AUTH_CONTINUE">
|
|
|
|
|
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
|
|
|
<Gui name="Default"/>
|
|
|
|
|
</Response>
|
|
|
|
|
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
|
|
|
<property name="clientId" value="client1"/>
|
|
|
|
|
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
|
|
|
<property name="clientSecret" value="clientPassword"/>
|
|
|
|
|
</AuthState>
|
|
|
|
|
<AuthState name="cossa_realm_New_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
|
|
|
|
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<Response value="AUTH_ERROR">
|
2024-11-07 06:53:12 +00:00
|
|
|
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
|
|
|
|
<Gui name="Error">
|
|
|
|
|
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
|
|
|
|
<GuiElem name="info" type="error" label="error_99"/>
|
|
|
|
|
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
|
|
|
|
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
|
|
|
|
</Gui>
|
2024-11-04 15:46:00 +00:00
|
|
|
</Response>
|
|
|
|
|
</AuthState>
|
2024-11-11 09:07:06 +00:00
|
|
|
<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
|
|
|
|
|
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
|
|
|
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
|
|
|
|
|
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
|
|
|
<Response value="AUTH_ERROR"/>
|
|
|
|
|
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
|
|
|
<property name="out.audience" value="https://www.adnovum.ch"/>
|
|
|
|
|
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
|
|
|
<property name="out.issuer" value="https://my.nevis.server"/>
|
|
|
|
|
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
|
|
|
<property name="token.key" value="mustFulfillMinimalSizeDependingOnAlgorithmright"/>
|
|
|
|
|
</AuthState>
|
2024-11-04 15:46:00 +00:00
|
|
|
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
2024-11-11 08:45:46 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
|
2024-11-11 08:45:46 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<Response value="AUTH_DONE">
|
2024-11-11 08:45:46 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<Gui name="ContinueResponse"/>
|
|
|
|
|
</Response>
|
2024-11-11 08:45:46 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
|
|
|
|
</AuthState>
|
|
|
|
|
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
2024-11-11 08:45:46 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<Response value="AUTH_DONE">
|
2024-11-11 08:45:46 +00:00
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<Gui name="ContinueResponse"/>
|
|
|
|
|
</Response>
|
|
|
|
|
</AuthState>
|
|
|
|
|
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
|
|
|
|
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-11 08:35:11 +00:00
|
|
|
<ResultCond name="New_NEVIS_SecToken" next="cossa_realm_New_NEVIS_SecToken"/>
|
|
|
|
|
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-04 15:46:00 +00:00
|
|
|
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
|
|
|
|
|
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
|
|
|
<Response value="AUTH_ERROR">
|
|
|
|
|
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
|
|
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
|
|
|
</Response>
|
2024-11-11 07:27:35 +00:00
|
|
|
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
2024-11-11 08:35:11 +00:00
|
|
|
<property name="condition:New_NEVIS_SecToken" value="${request:requiredRoles:^token.New_NEVIS_SecToken$:true}"/>
|
2024-11-11 07:27:35 +00:00
|
|
|
</AuthState>
|
2024-11-11 08:35:11 +00:00
|
|
|
<AuthState name="cossa_realm_New_NEVIS_SecToken" class="ch.nevis.esauth.auth.states.sectoken.TokenAssemblerState" final="false">
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<ResultCond name="default" next="cossa_realm_Prepare_Done" authLevel="token.New_NEVIS_SecToken"/>
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<Response value="AUTH_ERROR">
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
|
|
|
</Response>
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<property name="assembler" value="Token_cossa_realm_New_NEVIS_SecToken"/>
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<property name="key" value="token.New_NEVIS_SecToken"/>
|
|
|
|
|
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
|
|
|
|
<property name="generateNow" value="true"/>
|
|
|
|
|
</AuthState>
|
2024-11-04 15:46:00 +00:00
|
|
|
</AuthEngine>
|
|
|
|
|
</esauth-server>
|
