adn-post-iam-tknxchng-inv/DEFAULT-ADN-POST-IAM-TKNXCH.../DEFAULT-ADN-POST-IAM-TKNXCH.../nai/var/opt/nevisauth/default/conf/esauth4.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
<esauth-server instance="nai">
    <!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
    <SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
        <!-- source: pattern://6ec6739e824c8e56d9633622 -->
        <LocalSessionStore maxSessions="100000"/>
        <!-- source: pattern://6ec6739e824c8e56d9633622 -->
        <TokenAssembler name="DefaultTokenAssembler">
            <Selector default="true"/>
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <TokenSpec ttl="28800">
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.sessid" as="sessid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.userid" as="userid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.entryid" as="entryid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.loginid" as="loginId"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.domain" as="domain"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.secroles" as="roles"/>
            </TokenSpec>
            <!-- source: pattern://6ec6739e824c8e56d9633622 -->
            <Signer key="DefaultSigner"/>
        </TokenAssembler>
        <!-- source: pattern://6ec6739e824c8e56d9633622 -->
        <KeyStore name="DefaultKeyStore">
            <!-- source: pattern://6ec6739e824c8e56d9633622 -->
            <KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
            <!-- source: pattern://6ec6739e824c8e56d9633622 -->
            <KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
        </KeyStore>
        <!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
        <KeyStore name="JwtToken">
            <!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
            <KeyObject name="New_nevisAuth_KeyObject" certificate="/var/opt/keys/trust/nai-new-nevisauth-keyobject/truststore.jks"/>
        </KeyStore>
    </SessionCoordinator>
    <!-- source: pattern://6ec6739e824c8e56d9633622 -->
    <LocalOutOfContextDataStore reaperPeriod="60"/>
    <!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
    <AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
        <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
        <Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
            <Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
            <Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
            <Entry method="stepup" state="cossa_realm_Selector"/>
            <Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
        </Domain>
        <AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
            <!-- source: pattern://89578db79d2bc15d55e11141 -->
            <ResultCond name="failed" next="cossa_realm_New_Authentication_Failed"/>
            <!-- source: pattern://89578db79d2bc15d55e11141 -->
            <ResultCond name="ok" next="cossa_realm_New_Transform_Variables_Step"/>
            <!-- source: pattern://89578db79d2bc15d55e11141 -->
            <Response value="AUTH_CONTINUE">
                <!-- source: pattern://89578db79d2bc15d55e11141 -->
                <Gui name="Default"/>
            </Response>
            <!-- source: pattern://89578db79d2bc15d55e11141 -->
            <property name="clientId" value="client1"/>
            <!-- source: pattern://89578db79d2bc15d55e11141 -->
            <property name="clientSecret" value="clientPassword"/>
        </AuthState>
        <AuthState name="cossa_realm_New_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
            <!-- source: pattern://72e29eb80a951e518ce123e4 -->
            <Response value="AUTH_ERROR">
                <!-- source: pattern://72e29eb80a951e518ce123e4 -->
                <Gui name="Error">
                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
                    <GuiElem name="info" type="error" label="error_99"/>
                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
                    <GuiElem name="submit" type="button" label="continue.button.label"/>
                </Gui>
            </Response>
        </AuthState>
        <AuthState name="cossa_realm_New_Transform_Variables_Step" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
            <!-- source: pattern://32290d5b7c7cdb369674c3a0 -->
            <ResultCond name="ok" next="cossa_realm_JwtToken"/>
            <!-- source: pattern://32290d5b7c7cdb369674c3a0 -->
            <Response value="AUTH_ERROR">
                <!-- source: pattern://32290d5b7c7cdb369674c3a0 -->
                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
            </Response>
            <!-- source: pattern://32290d5b7c7cdb369674c3a0 -->
            <property name="request:UserId" value="12345"/>
        </AuthState>
        <AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <Response value="AUTH_ERROR"/>
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <property name="out.audience" value="https://www.adnovum.ch"/>
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <property name="out.issuer" value="https://my.nevis.server"/>
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <property name="out.time_to_live" value="86400"/>
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <property name="token.algorithm" value="RS256"/>
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <property name="keystoreref" value="JwtToken"/>
            <!-- source: pattern://a1e5d0192e082e689465a0c9 -->
            <property name="keyobjectref" value="New_nevisAuth_KeyObject"/>
        </AuthState>
        <AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <ResultCond name="default" next="cossa_realm_Auth_Done"/>
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_DONE">
                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                <Gui name="ContinueResponse"/>
            </Response>
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
        </AuthState>
        <AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_DONE">
                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                <Gui name="ContinueResponse"/>
            </Response>
        </AuthState>
        <AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_ERROR">
                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
            </Response>
        </AuthState>
    </AuthEngine>
</esauth-server>
new configuration version 2024-11-04 15:46:00 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">`
			`<esauth-server instance="nai">`
			`<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->`
			`<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<LocalSessionStore maxSessions="100000"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<TokenAssembler name="DefaultTokenAssembler">`
			`<Selector default="true"/>`
			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
			`<TokenSpec ttl="28800">`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.sessid" as="sessid"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.userid" as="userid"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.entryid" as="entryid"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.loginid" as="loginId"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.domain" as="domain"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<field src="session" key="ch.nevis.session.secroles" as="roles"/>`
			`</TokenSpec>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<Signer key="DefaultSigner"/>`
			`</TokenAssembler>`
new configuration version 2024-11-11 09:31:45 +00:00			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<KeyStore name="DefaultKeyStore">`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>`
			`</KeyStore>`
new configuration version 2024-11-11 09:36:30 +00:00			`<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->`
			`<KeyStore name="JwtToken">`
			`<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->`
			`<KeyObject name="New_nevisAuth_KeyObject" certificate="/var/opt/keys/trust/nai-new-nevisauth-keyobject/truststore.jks"/>`
			`</KeyStore>`
new configuration version 2024-11-04 15:46:00 +00:00			`</SessionCoordinator>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622 -->`
			`<LocalOutOfContextDataStore reaperPeriod="60"/>`
			`<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-07 06:53:12 +00:00			`<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">`
new configuration version 2024-11-04 15:46:00 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
			`<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">`
new configuration version 2024-11-07 06:53:12 +00:00			`<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>`
			`<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>`
new configuration version 2024-11-04 15:46:00 +00:00			`<Entry method="stepup" state="cossa_realm_Selector"/>`
new configuration version 2024-11-07 06:53:12 +00:00			`<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>`
new configuration version 2024-11-04 15:46:00 +00:00			`</Domain>`
new configuration version 2024-11-11 09:31:45 +00:00			`<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">`
new configuration version 2024-11-07 06:53:12 +00:00			`<!-- source: pattern://89578db79d2bc15d55e11141 -->`
			`<ResultCond name="failed" next="cossa_realm_New_Authentication_Failed"/>`
			`<!-- source: pattern://89578db79d2bc15d55e11141 -->`
new configuration version 2024-11-11 09:36:30 +00:00			`<ResultCond name="ok" next="cossa_realm_New_Transform_Variables_Step"/>`
new configuration version 2024-11-07 06:53:12 +00:00			`<!-- source: pattern://89578db79d2bc15d55e11141 -->`
			`<Response value="AUTH_CONTINUE">`
			`<!-- source: pattern://89578db79d2bc15d55e11141 -->`
			`<Gui name="Default"/>`
			`</Response>`
			`<!-- source: pattern://89578db79d2bc15d55e11141 -->`
			`<property name="clientId" value="client1"/>`
			`<!-- source: pattern://89578db79d2bc15d55e11141 -->`
			`<property name="clientSecret" value="clientPassword"/>`
			`</AuthState>`
			`<AuthState name="cossa_realm_New_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">`
			`<!-- source: pattern://72e29eb80a951e518ce123e4 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<Response value="AUTH_ERROR">`
new configuration version 2024-11-07 06:53:12 +00:00			`<!-- source: pattern://72e29eb80a951e518ce123e4 -->`
			`<Gui name="Error">`
			`<!-- source: pattern://72e29eb80a951e518ce123e4 -->`
			`<GuiElem name="info" type="error" label="error_99"/>`
			`<!-- source: pattern://72e29eb80a951e518ce123e4 -->`
			`<GuiElem name="submit" type="button" label="continue.button.label"/>`
			`</Gui>`
new configuration version 2024-11-04 15:46:00 +00:00			`</Response>`
			`</AuthState>`
new configuration version 2024-11-11 09:36:30 +00:00			`<AuthState name="cossa_realm_New_Transform_Variables_Step" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">`
			`<!-- source: pattern://32290d5b7c7cdb369674c3a0 -->`
			`<ResultCond name="ok" next="cossa_realm_JwtToken"/>`
			`<!-- source: pattern://32290d5b7c7cdb369674c3a0 -->`
			`<Response value="AUTH_ERROR">`
			`<!-- source: pattern://32290d5b7c7cdb369674c3a0 -->`
			`<Arg name="ch.nevis.isiweb4.response.status" value="403"/>`
			`</Response>`
			`<!-- source: pattern://32290d5b7c7cdb369674c3a0 -->`
			`<property name="request:UserId" value="12345"/>`
			`</AuthState>`
			`<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">`
			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
			`<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>`
			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
			`<Response value="AUTH_ERROR"/>`
			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
			`<property name="out.audience" value="https://www.adnovum.ch"/>`
			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
			`<property name="out.issuer" value="https://my.nevis.server"/>`
			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
new configuration version 2024-11-11 09:48:28 +00:00			`<property name="out.time_to_live" value="86400"/>`
			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
			`<property name="token.algorithm" value="RS256"/>`
new configuration version 2024-11-11 09:59:28 +00:00			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
			`<property name="keystoreref" value="JwtToken"/>`
			`<!-- source: pattern://a1e5d0192e082e689465a0c9 -->`
			`<property name="keyobjectref" value="New_nevisAuth_KeyObject"/>`
new configuration version 2024-11-11 09:36:30 +00:00			`</AuthState>`
new configuration version 2024-11-04 15:46:00 +00:00			`<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">`
new configuration version 2024-11-11 09:31:45 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<ResultCond name="default" next="cossa_realm_Auth_Done"/>`
new configuration version 2024-11-11 09:31:45 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<Response value="AUTH_DONE">`
new configuration version 2024-11-11 09:31:45 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<Gui name="ContinueResponse"/>`
			`</Response>`
new configuration version 2024-11-11 09:31:45 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>`
			`</AuthState>`
			`<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">`
new configuration version 2024-11-11 09:31:45 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<Response value="AUTH_DONE">`
new configuration version 2024-11-11 09:31:45 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<Gui name="ContinueResponse"/>`
			`</Response>`
			`</AuthState>`
			`<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">`
new configuration version 2024-11-11 08:35:11 +00:00			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
new configuration version 2024-11-04 15:46:00 +00:00			`<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>`
			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
			`<Response value="AUTH_ERROR">`
			`<!-- source: pattern://b67f81a971e4c08aa79040a2 -->`
			`<Arg name="ch.nevis.isiweb4.response.status" value="403"/>`
			`</Response>`
new configuration version 2024-11-11 08:35:11 +00:00			`</AuthState>`
new configuration version 2024-11-04 15:46:00 +00:00			`</AuthEngine>`
			`</esauth-server>`