diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml index 8c227af..79c6874 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml @@ -45,7 +45,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-621ede89458f283cbfccdeb8f940bdd13fc87352" + tag: "r-76cf157bd18ad492e7eea17645c765177d3ffea5" dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml index bcbf911..8944eaa 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-default-tls-client-trust-6ec6739e824c8e56d9633622.yaml @@ -12,5 +12,3 @@ spec: keystores: - name: "npi-cossa-realm-identity" namespace: "adn-postit-tknxchng-01-dev" - - name: "npi-mockrelam-identity" - namespace: "adn-postit-tknxchng-01-dev" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml index bb05470..ecb7b07 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml @@ -1,14 +1,14 @@ - + - + @@ -45,87 +45,84 @@ - + - - - - - - - + + - + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + @@ -223,6 +220,16 @@ + + + + + + + + + + @@ -242,18 +249,6 @@ - - - - - - - - - - - - @@ -272,6 +267,27 @@ + + + + + + + + + + + + + + + + + + + + + @@ -283,6 +299,18 @@ + + + + + + + + + + + + diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf new file mode 100644 index 0000000..c9c07b9 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf @@ -0,0 +1,25 @@ +suisseid_auth_address_verified +suisseid_auth_address_required +suisseid_auth_mobile_verified +suisseid_auth_mobile_required +suisseid_auth_phone_required +suisseid_auth +password_auth_address_verified +password_auth_address_required +password_auth_mobile_verified +password_auth_mobile_required +password_auth_phone_required +password_auth +email_auth_address_verified +email_auth_address_required +email_auth_mobile_verified +email_auth_mobile_required +email_auth_phone_required +email_auth +autologin_auth_address_verified +autologin_auth_address_required +autologin_auth_mobile_verified +autologin_auth_mobile_required +autologin_auth_phone_required +autologin_auth +default \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar index 4faa5bc..15d1562 100644 Binary files a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar and b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar differ diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-5a02ce1399ca42298422a320.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-5a02ce1399ca42298422a320.yaml new file mode 100644 index 0000000..161f26e --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-5a02ce1399ca42298422a320.yaml @@ -0,0 +1,60 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisComponent" +metadata: + name: "nai2" + namespace: "adn-postit-tknxchng-01-dev" + labels: + deploymentTarget: "nai2" + annotations: + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" +spec: + type: "NevisAuth" + replicas: 1 + version: "8.2405.2" + gitInitVersion: "1.3.0" + runAsNonRoot: true + ports: + management: 9000 + soap: 8991 + resources: + limits: + cpu: "2" + memory: "2000Mi" + requests: + cpu: "20m" + memory: "1000Mi" + livenessProbe: + soap: + tcpSocket: true + periodSeconds: 5 + timeoutSeconds: 4 + readinessProbe: + management: + httpGet: + path: "/nevisauth/liveness" + periodSeconds: 5 + timeoutSeconds: 6 + startupProbe: + management: + httpGet: + path: "/nevisauth/liveness" + periodSeconds: 5 + timeoutSeconds: 6 + failureThreshold: 50 + podDisruptionBudget: + maxUnavailable: "50%" + git: + tag: "r-76cf157bd18ad492e7eea17645c765177d3ffea5" + dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2" + credentials: "git-credentials" + keystores: + - "nai2-sh4r3d-default-default-signer" + - "nai2-default-identity" + truststores: + - "nai2-default-default-signer-trust" + - "nai2-default-tls-client-trust" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-default-signer-trust-5a02ce1399ca42298422a320.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-default-signer-trust-5a02ce1399ca42298422a320.yaml new file mode 100644 index 0000000..3ce2c67 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-default-signer-trust-5a02ce1399ca42298422a320.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "nai2-default-default-signer-trust" + namespace: "adn-postit-tknxchng-01-dev" + labels: + deploymentTarget: "nai2" + annotations: + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" +spec: + keystores: + - name: "nai2-sh4r3d-default-default-signer" + namespace: "adn-postit-tknxchng-01-dev" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-identity-5a02ce1399ca42298422a320.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-identity-5a02ce1399ca42298422a320.yaml new file mode 100644 index 0000000..4fdba9e --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-identity-5a02ce1399ca42298422a320.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "nai2-default-identity" + namespace: "adn-postit-tknxchng-01-dev" + labels: + deploymentTarget: "nai2" + annotations: + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" +spec: + cn: "nai2" + usage: "" + san: + dns: + - "nai2" + - "nai2.adn-postit-tknxchng-01-dev" + email: [] diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-tls-client-trust-5a02ce1399ca42298422a320.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-tls-client-trust-5a02ce1399ca42298422a320.yaml new file mode 100644 index 0000000..2955595 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-default-tls-client-trust-5a02ce1399ca42298422a320.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "nai2-default-tls-client-trust" + namespace: "adn-postit-tknxchng-01-dev" + labels: + deploymentTarget: "nai2" + annotations: + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" +spec: + keystores: + - name: "npi-mockrelam-identity" + namespace: "adn-postit-tknxchng-01-dev" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-sh4r3d-default-default-signer-5a02ce1399ca42298422a320.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-sh4r3d-default-default-signer-5a02ce1399ca42298422a320.yaml new file mode 100644 index 0000000..87df3f7 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/k8s-nai2-sh4r3d-default-default-signer-5a02ce1399ca42298422a320.yaml @@ -0,0 +1,16 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "nai2-sh4r3d-default-default-signer" + namespace: "adn-postit-tknxchng-01-dev" + labels: + deploymentTarget: "nai2" + annotations: + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" +spec: + cn: "signer" + usage: "signer" + san: + dns: [] + email: [] diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/nevisauth_default.yml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/nevisauth_default.yml new file mode 100644 index 0000000..8411999 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/etc/nevis/nevisauth_default.yml @@ -0,0 +1,18 @@ +schemaVersion: 1.0 +instance: + type: "nevisauth" + name: "default" + directory: "/var/opt/nevisauth/default" + pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/5a02ce1399ca42298422a320" + projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT" + patternId: "5a02ce1399ca42298422a320" + patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable" + resources: + ports: + - "0.0.0.0:8991" + control: + start: "systemctl restart nevisauth@default &" + stop: "systemctl stop nevisauth@default" + status: "systemctl status nevisauth@default" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/keypass b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/keypass new file mode 100755 index 0000000..5b0d317 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/keypass @@ -0,0 +1,2 @@ +#!/bin/bash +echo 'password' \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.jks b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.jks new file mode 100644 index 0000000..d0ebc27 Binary files /dev/null and b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.jks differ diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.p12 b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.p12 new file mode 100644 index 0000000..47fcca3 Binary files /dev/null and b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.p12 differ diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.pem b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.pem new file mode 100644 index 0000000..28d21f4 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/keys/trust/tls-swissid/truststore.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGkzCCBHugAwIBAgIULa4PojoMOF/785XA2QNkLRQYTS4wDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE +AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2Mjkw +OTMwNDdaFw0zNjA2MjkwOTMwNDdaMFAxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxT +d2lzc1NpZ24gQUcxKjAoBgNVBAMTIVN3aXNzU2lnbiBSU0EgVExTIEVWIElDQSAy +MDIyIC0gMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL61hlRf7Jxo +0msjavo1pgChwWBDYix5Zd0CnhciVYUCk30Ko6BxFBICoSsZ1gXGqlT20g/AYqYL +xuKcdNNAJ/LHT6k2zL3UhSpx+eHjeTGQ7id2jC1HKRZ9zA8YXdhtY3oJom7B3ykE +d/j0KVmHy9tP1A0rt3ntbJLfLIS6uWogx2KfFs8MwtoAZLiGvp49SHly6p450fcz +payPIWu12PfVQjLg7b9NitlDlYEWiCAL7R3jINw2yMwcdBvq2gy+ZZsiYkSb1m+h +ABOGxU6SCN6w7GgRWWveSaJBvRokUvIon/wsZK51j8RM4TsoR60Wei8ftSBL75BI +g9Us8dkBXDa8vqoDVpc9zs6pan5XN8KymNT52j4gEe161eYTtbiME4KdSWtVsA7e +rdkHsXKJTRIxxdpUkQXxhLXEoyDed/BVgV1yhTeN6YCFX7AiocAi5rPUplc6LV58 +CCUWFMSWEJxOYQUrwWFLNzQMnE969hnvdhuO8ZeqtpwFwX/OLryWoil+jGobRm/1 +OQS9+urcVygrzZ9Dy9Q/OF/oq9NeaijvL2Ncjkj5f6uJzgXkm7PwjnHrL2FWBkhp +oM/vyT1VAgWNoku3jIyedtyJ9lUECwPIzQuddQYOL8FwhaFmvtHnOLpiy2ctbwir +gJW+KcsNkpHg0N5stJcPzPvlssmNBHbNAgMBAAGjggFiMIIBXjBcBggrBgEFBQcB +AQRQME4wTAYIKwYBBQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci1h +ZWZmMzc0ZC0wZjdhLTRjNTUtYTAzNC0xNDQwMjkwY2ZhMzIwEgYDVR0TAQH/BAgw +BgEB/wIBADAoBgNVHSAEITAfMAcGBWeBDAEBMAgGBgQAj3oBBDAKBghghXQBWQIB +AzBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAt +OTY2MWMyOWYtOTEyMS00ZjQ2LWFjZDgtZWFkNGEyMmY3MTYwMB0GA1UdJQQWMBQG +CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFElS +3zCGkllfNJwlSCSrwOvRBvLWMB8GA1UdIwQYMBaAFG+OYouTQ7DhQPanw/3xD7gP +FTilMA0GCSqGSIb3DQEBCwUAA4ICAQBugn943V4fbEbG+Leb4YXTWLLfPIC+mrdc +H6v1+Iws+XCzoKthaDk0c346mSaXZM9to5xDOWgfEnBYbVioMyI/5EABbg4ARkgp +dj50FPe9MtLD4kOZFv/8LoRH+WdAfQUsxS1RQincUnYWAxmRNOHLdnbyiQt3sYDl +6tZzURSMnMUec4stxfLT4VQE1Ew6Phr06CouYOd5ON+mWkFhROz3jx5PTXcECrqQ +IT27wJ4mzKA6W9p69ZDFi/+FcpN9vCjzksi0w8i62DwtbO8Pj3ZEOL8z6+cwXyT7 +X7Zt96vufj+bsxFo1IXQ6cb2i13qpThSHL4NA1NhUbB/ipMbxNtBJ4fwtcG8SAUs +jRXgG/RYrXRorG90KU/dcezixY4yKnlIdkkhpV7h8jY2+XS7GbjaKee8pPeAFXgs +Hzdi+EhZvHOVfshaKL2CAELrYn8Tzo2Zt9zsbif8L7bPJROS3xqzn+GbCFt67/8Y +jTh84Taa4D49H6V+p01QPkvG7ub7Rw52fm56zY3mabbhbsREOceswsfunxSN/SOE +pLKVMopuVnRcwVIWmnzH9BlBhIzLqOS4kCYA5E5Irw217j/JTGVWEdMN0ar09nGh +WA2Eq8aDANjAP1bao/4nmxsFU2zKbTR40Tb7/HKB5jaItYdkz6ppnxQDLTWe7T6+ +nGZwqmYtbQ== +-----END CERTIFICATE----- diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict.properties new file mode 100644 index 0000000..a482f9b --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accept +cancel.button.label=Cancel +continue.button.label=Continue +deputy.profile.label=(Deputy Profile) +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_de.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_de.properties new file mode 100644 index 0000000..6b68fda --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_de.properties @@ -0,0 +1,80 @@ + +accept.button.label=Akzeptieren +cancel.button.label=Abbrechen +continue.button.label=Weiter +deputy.profile.label=(Profil Stellvertreter) +error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut. +error_1=Bitte überprüfen Sie Ihre Eingabe. +error_10=Bitte wählen Sie den gewünschten Benutzer. +error_100=Zertifikat-Upload nicht möglich. Zertifikat bereits vorhanden. Bitte kontaktieren Sie Ihren Helpdesk. +error_101=Die angegebene E-Mail Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder ein alternatives Authentisierungsmittel. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Falls Ihr nächster Login fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort wurde nicht akzeptiert. Bitte wählen Sie eines, das den Passwortvorgaben entspricht. +error_5=Die Eingabe zur Bestätigung des Passwortes ist falsch. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortwechsel erforderlich. +error_7=Wechsel der Login-ID erforderlich. +error_8=Ihr Konto wurde infolge wiederholt fehlgeschlagener Authentisierung gesperrt. +error_81=Keine Rasterkarte gefunden, Zugang vom Internet verweigert. +error_83=Ihre Rasterkarte ist aufgebraucht. Bitte kontaktieren Sie Ihren Berater, um eine neue zu erhalten. +error_9=Die SSO-Session konnte nicht übernommen werden. +error_97=Sie verfügen nicht über die für den Zugriff auf diese Ressource benötigte Berechtigung. +error_98=Ihr Konto ist gesperrt. +error_99=Systemfehler. Bitte versuchen Sie es später. +info.logout.confirmation=Bitte bestätigen Sie, dass Sie sich abmelden möchten. +info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben? +info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +login.button.label=Login +logout.label=Logout +logout.text=Sie haben sich erfolgreich abgemeldet. +method.certificate.label=Zertifikat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN-Code +method.oath.label=OATH Authenticator-App +method.otp.label=OTP (One-Time Passwort) +method.recovery.label=Wiederherstellungscodes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Nie +policyFailure.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyFailure.history.History=▪ muss sich von vorhergehenden Passwörtern unterscheiden. +policyFailure.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyFailure.regex.lower=▪ muss {0} Kleinbuchstaben enthalten. +policyFailure.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyFailure.regex.maxLength=Länge des Passwortes darf höchstens {0} sein. +policyFailure.regex.minLength=Länge des Passwortes muss mindestens {0} sein. +policyFailure.regex.nonAlnum=▪ muss {0} nicht-alphanumerische Zeichen enthalten. +policyFailure.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyFailure.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyFailure.regex.nonLetter=▪ muss {0} Zeichen enthalten, die keine Buchstaben sind. +policyFailure.regex.numeric=▪ muss {0} numerische Zeichen enthalten. +policyFailure.regex.upper=▪ muss {0} Grossbuchstaben enthalten. +policyInfo.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyInfo.history.History=▪ darf keines der zuletzt verwendeten Passwörtern sein. +policyInfo.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyInfo.regex.lower=▪ muss mindestens {0} Kleinbuchstaben enthalten. +policyInfo.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyInfo.regex.maxLength=▪ darf höchstens {0} Zeichen enthalten. +policyInfo.regex.minLength=▪ muss mindestens {0} Zeichen enthalten. +policyInfo.regex.nonAlnum=▪ muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind. +policyInfo.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyInfo.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyInfo.regex.nonLetter=▪ muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind. +policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalten. +policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten. +policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen: +reject.button.label=Ablehnen +submit.button.label=Senden +tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorisierung +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_en.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_en.properties new file mode 100644 index 0000000..a482f9b --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_en.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accept +cancel.button.label=Cancel +continue.button.label=Continue +deputy.profile.label=(Deputy Profile) +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_fr.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_fr.properties new file mode 100644 index 0000000..fc392a3 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_fr.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accepter +cancel.button.label=Abandonner +continue.button.label=Continuer +deputy.profile.label=(Profil du suppléant) +error.saml.failed=Fermez votre navigateur et r;eacute;essayez. +error_1=Veuillez vérifier vos données, s.v.p. +error_10=Choisissez votre compte. +error_100=Téléchargement du certificat pas possible. Certificat existe déjà. Veuillez contacter le helpdesk s.v.p. +error_101=L'adresse e-mail é n'est pas valide. +error_11=Choisissez un autre certificat, s.v.p. +error_2=Choisissez un autre nom, s.v.p. +error_3=Si l'authentification ne réussit pas au prochain essai, votre compte sera bloqué. +error_4=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error_5=Votre confirmation du mot de passe ne correspond pas au mot de passe donné. +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit différer de l'ancien. +error_6=Veuillez changer votre mot de passe, s.v.p. +error_7=Veuillez changer votre login ID, s.v.p. +error_8=Votre compte n'est pas active. +error_81=Pas d'access card trouvé, l'accès par l'internet est refusé. +error_83=Votre access card n'est plus valable, veuillez contacter votre gestionnaire. +error_9=Il n'est pas possible de transmettre la session. +error_97=Vous n'avez pas les autorisations nécessaires pour accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problème technique. Veuillez essayer plus tard, s.v.p. +info.logout.confirmation=Veuillez confirmer que vous souhaitez vous déconnecter. +info.logout.reminder=Votre session sur cette application a expirée. Essayez encore avec un login. +info.oauth.consent=Voulez-vous autoriser l'application? +info.timeout.page=Votre session sur cette application a expirée. Essayez encore avec un login. +login.button.label=Login +logout.label=Logout +logout.text=Au revoir +method.certificate.label=Certificat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Code mTAN +method.oath.label=Application d'authentification OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codes de récupération +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Jamais +policyFailure.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyFailure.history.History=▪ doit être différent des mots de passe préalablement sélectionnés. +policyFailure.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyFailure.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyFailure.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyFailure.regex.maxLength=La longueur doit être d'au plus {0}. +policyFailure.regex.minLength=La longueur doit être d'au moins {0}. +policyFailure.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyFailure.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII ({1}). +policyFailure.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables ({1}). +policyFailure.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyFailure.regex.numeric=▪ doit comprendre {0} caractères numériques. +policyFailure.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyInfo.history.History=▪ ne peut pas être l' précédemment choisis. +policyInfo.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyInfo.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyInfo.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyInfo.regex.maxLength=▪ la longueur doit être d'au plus {0}. +policyInfo.regex.minLength=▪ la longueur doit être d'au moins {0}. +policyInfo.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyInfo.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII. +policyInfo.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables. +policyInfo.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères numériques. +policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.title=Le mot de passe doit respecter les règles suivantes: +reject.button.label=Refuser +submit.button.label=Envoyer +tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorisation du client +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_it.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_it.properties new file mode 100644 index 0000000..2744457 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/LitDict_it.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accettare +cancel.button.label=Abortire +continue.button.label=Continua +deputy.profile.label=(profilo del delegato) +error.saml.failed=Chiudi il browser e riprova. +error_1=Verificare i dati immessi. +error_10=Per favore selezionare il conto utente corretto. +error_100=Impossibile caricare il certificato. Questo certificato esiste già. La preghiamo di contattare il Suo help desk. +error_101=L'indirizzo e-mail inserito non è valido. +error_11=Scegliere un altro certificato. +error_2=Per favore scegliere un altro nome. +error_3=Il conto verrà bloccato se il prossimo login non andrà a buon fine. +error_4=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error_5=La conferma della password è errata. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve essere diversa dalla vecchia. +error_6=È necessario modificare la password. +error_7=Set up inizale dell'account per il portale necessario. +error_8=L'account è stato bloccato. Rivolgersi al servizio assistenza oppure provare con un altro strumento di autenticazione. +error_81=Nessuna carta di accesso trovata, accesso da internet rifiutato. +error_83=La sua carta di accesso non è più valida. Per favore contatti il suo assistente per ricevere una nuova carta di accesso. +error_9=La sessione non può essere ripresa. +error_97=Non si dispone delle autorizzazioni necessarie per accedere a questa risorsa. +error_98=L'account è stato bloccato. +error_99=Errore di sistema. Riprovare. +info.logout.confirmation=Si prega di confermare che si desidera disconnettersi. +info.logout.reminder=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +info.oauth.consent=Vuoi consentire all'applicazione? +info.timeout.page=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +login.button.label=Login +logout.label=Logout +logout.text=È uscito con successo. +method.certificate.label=Certificato +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Codice mTAN +method.oath.label=App di autenticazione OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codici di ripristino +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Mai +policyFailure.dictionary=▪ non può essere presa da un dizionario. +policyFailure.history.History=▪ deve essere diversa da password precedenti. +policyFailure.regex.control=▪ non può contenere più di {0} caratteri di controllo. +policyFailure.regex.lower=▪ deve conenere almeno {0} caratteri minuscoli. +policyFailure.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyFailure.regex.maxLength=▪ deve contenere al massimo {0} caratteri. +policyFailure.regex.minLength=▪ deve contenere almeno {0} caratteri. +policyFailure.regex.nonAlnum=▪ deve conenere almeno {0} caratteri non alfanumerici. +policyFailure.regex.nonAscii=▪ non può contenere più di {0} caratteri non ASCII. +policyFailure.regex.nonGraph=▪ non può contenere più di {0} caratteri non stampabili. +policyFailure.regex.nonLetter=▪ non può contenere più di {0} numeri o caratteri speciali. +policyFailure.regex.numeric=▪ deve contenere {0} caratteri numerici. +policyFailure.regex.upper=▪ deve conenere almeno {0} caratteri maiuscoli. +policyInfo.dictionary=▪ non può essere presa da un dizionario. +policyInfo.history.History=▪ deve essere diversa dalle password precedenti. +policyInfo.regex.control=▪ non può contenere più di {0} carattere/i di controllo. +policyInfo.regex.lower=▪ deve conenere almeno {0} carattere/i minuscolo/i. +policyInfo.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyInfo.regex.maxLength=▪ deve contenere al massimo {0} carattere/i. +policyInfo.regex.minLength=▪ deve contenere almeno {0} carattere/i. +policyInfo.regex.nonAlnum=▪ deve conenere almeno {0} carattere/i non alfanumerico/i. +policyInfo.regex.nonAscii=▪ non può contenere più di {0} carattere/i non ASCII. +policyInfo.regex.nonGraph=▪ non può contenere più di {0} carattere/i non stampabile/i. +policyInfo.regex.nonLetter=▪ non può contenere più di {0} numero/i o caratere/i speciale/i. +policyInfo.regex.numeric=▪ deve contenere un minimo di {0} carattere/i numerico/i. +policyInfo.regex.upper=▪ deve conenere almeno {0} carattere/i maiuscolo/i. +policyInfo.title=La password deve rispettare le seguenti direttive: +reject.button.label=Rifiuti +submit.button.label=Continua +tan.sent=Inserisci il codice di sicurezza che è stato inviato al tuo telefono cellulare. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorizzazione del client +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/bc.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/bc.properties new file mode 100644 index 0000000..c399a82 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/bc.properties @@ -0,0 +1 @@ +bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/env.conf new file mode 100644 index 0000000..2a747a1 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/env.conf @@ -0,0 +1,19 @@ +RTENV_SECURITY_CHECK=no_shell + +JAVA_OPTS=( + "-XX:+UseContainerSupport" + "-Dfile.encoding=UTF-8" + "-XX:MaxRAMPercentage=80.0" + "-Djava.net.preferIPv4Stack=true" + "-Djava.net.connectionTimeout=10000" + "-Djava.net.readTimeout=15000" + "-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml" + "-Djava.awt.headless=true" + "-javaagent:/opt/agent/opentelemetry-javaagent.jar" + "-Dotel.javaagent.logging=application" + "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" + "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME" + "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/tls-swissid/truststore.p12" + "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/tls-swissid/keypass}" +) + diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.security b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.security new file mode 100644 index 0000000..fffe1dd --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.security @@ -0,0 +1,2 @@ +# this file is generated by nevisAdmin 4 +security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.xml new file mode 100644 index 0000000..47274f2 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/esauth4.xml @@ -0,0 +1,121 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/logging.yml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/logging.yml new file mode 100644 index 0000000..a097b89 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/logging.yml @@ -0,0 +1,51 @@ +Configuration: + monitorInterval: 60 + Appenders: + Console: + - name: "SERVER" + target: "SYSTEM_OUT" + PatternLayout: + pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n" + RegexFilter: + regex: ".*GET /nevisauth/liveness.*" + onMatch: "DENY" + onMismatch: "ACCEPT" + Loggers: + Logger: + - name: "EsAuthStart" + level: "INFO" + - name: "org.apache.catalina.loader.WebappClassLoader" + level: "FATAL" + - name: "org.apache.catalina.startup.HostConfig" + level: "ERROR" + - name: "ch.nevis.esauth.events" + level: "FATAL" + - name: "AuthEngine" + level: "INFO" + - name: "HttpClient" + level: "TRACE" + - name: "OAuth2" + level: "DEBUG" + - name: "StdStates" + level: "DEBUG" + - name: "Vars" + level: "INFO" + - name: "ch.adnovum.cossa.CallPolicyVerificationAPI" + level: "DEBUG" + - name: "ch.adnovum.cossa.IdTokenVerification" + level: "DEBUG" + - name: "ch.adnovum.cossa.KLPScopeToProfileBinding" + level: "DEBUG" + - name: "ch.adnovum.cossa.SimpleIDTokenValidator" + level: "DEBUG" + - name: "ch.adnovum.cossa.TokenExchangeEndpoint" + level: "DEBUG" + - name: "ch.adnovum.cossa.TokenExchangeEndpointRefresh" + level: "DEBUG" + - name: "ch.adnovum.cossa.TokenGenerator" + level: "DEBUG" + Root: + level: "WARN" + additivity: "false" + AppenderRef: + - ref: "SERVER" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_jwkmock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_jwkmock.json new file mode 100644 index 0000000..05e711d --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_jwkmock.json @@ -0,0 +1 @@ +{"keys":[{"kty":"RSA","kid":"yTX9hiBfyqkvtil57ivmlbK7a6c=","use":"sig","x5t":"9WDlp2619xwm3BQd1Xrx4cTAs1Y","x5c":["MIIDXzCCAkegAwIBAgIEXhUdxzANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVSzEQMA4GA1UECBMHQnJpc3RvbDEQMA4GA1UEBxMHQnJpc3RvbDESMBAGA1UEChMJRm9yZ2VSb2NrMRkwFwYDVQQDExByc2Fqd3RzaWduaW5na2V5MB4XDTIwMTExMzExMjMxOFoXDTMwMTExMTExMjMxOFowYDELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZvcmdlUm9jazEZMBcGA1UEAxMQcnNhand0c2lnbmluZ2tleTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI8q9sa2tIzt0BT1A1aRBZaMa7Y1jHYNi94na4/9txTekY6CyKm0RsYg4ImBJlbu3KkF6TUnIo3YCC8Mcxc2W3FCxP74Y7PwxqKz9wGshE+Tj2GkDR438apq2ckB/uN/vEcHts6Vd/yBUaVxwBqYU2wjKAh8X+sFiPWSO+RsZxNQo3IF0JrjzgzVmR+7tU+voXvnL785J6eXAvGune+CsvgDxn2xuMGXhAeZKL5ZvToT62aucMxbiUY+CSyWvPILzwxllAVspwE+gP/pMJly52sE0ya72VbqTJPhSrDhhl68FAS43yv52Fv4khS6La79ShZPv0fk3VUKKfZOta6CZWcCAwEAAaMhMB8wHQYDVR0OBBYEFP3hiLj4fppAnV6ILez0WZN2W2DYMA0GCSqGSIb3DQEBCwUAA4IBAQBt6KLUwIsI6gP6tpU/Ppli/xpzY/Z3d/wf8ezYPI6tBr3S2iN0CmSNlvn1jfGVplCjVUBIfKGKtycBiUoADWSGMIn33CJuM5hFewKJzldYwkY1QVVxcRRVKVNBVzF7AazVj1KMT+IKqbFAjuZvniraTaV4I1WA5innUzkCZ2MwUacwUDhGKSXVWLtgCP4k/PfUS++i/TpI/mSGcReL8JJ1Q7YNUwz8qfisQvr2d21xPk6uPK24Jq9ZdSb7IZ+hDbGa4RlzOHDFXfU1ht33IKbHqc/RkGJVfU7GAbo1thlNJdlYcF+OjAnuruvwyCB0wi/O4I0JRuoeXSyD7AOfNM4V"],"n":"jyr2xra0jO3QFPUDVpEFloxrtjWMdg2L3idrj_23FN6RjoLIqbRGxiDgiYEmVu7cqQXpNScijdgILwxzFzZbcULE_vhjs_DGorP3AayET5OPYaQNHjfxqmrZyQH-43-8Rwe2zpV3_IFRpXHAGphTbCMoCHxf6wWI9ZI75GxnE1CjcgXQmuPODNWZH7u1T6-he-cvvzknp5cC8a6d74Ky-APGfbG4wZeEB5kovlm9OhPrZq5wzFuJRj4JLJa88gvPDGWUBWynAT6A_-kwmXLnawTTJrvZVupMk-FKsOGGXrwUBLjfK_nYW_iSFLotrv1KFk-_R-TdVQop9k61roJlZw","e":"AQAB"}]} \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json similarity index 100% rename from DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json rename to DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_klpapimock.json diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json similarity index 100% rename from DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json rename to DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_metadatamock.json diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json new file mode 100644 index 0000000..1050bb1 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json @@ -0,0 +1 @@ +{"request_parameter_supported":true,"pushed_authorization_request_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/par","introspection_encryption_alg_values_supported":["ECDH-ES+A256KW","ECDH-ES+A192KW","RSA-OAEP","ECDH-ES+A128KW","RSA-OAEP-256","A128KW","A256KW","ECDH-ES","dir","A192KW"],"claims_parameter_supported":true,"introspection_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/introspect","issuer":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2","id_token_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"authorization_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/authorize","authorization_encryption_alg_values_supported":["ECDH-ES+A256KW","ECDH-ES+A192KW","RSA-OAEP","ECDH-ES+A128KW","RSA-OAEP-256","A128KW","A256KW","ECDH-ES","dir","A192KW"],"introspection_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"claims_supported":["urn:swissid:identity_id","gender","urn:swissid:place_of_birth","language","urn:swissid:identification_date","urn:swissid:identity_valid_until","urn:swissid:nationality","urn:swissid:identity_check_date","urn:swissid:doc_hash","updated_at","urn:swissid:age_over","urn:swissid:doc_name","urn:swissid:suisseid_number","urn:swissid:cid","email","urn:swissid:identity_number","urn:swissid:first_name","email_verified","address","urn:swissid:place_of_origin","urn:swissid:date_of_birth","phone_number_verified","given_name","urn:swissid:complies_with","urn:swissid:qor","phone_number","urn:swissid:document_country","family_name","urn:swissid:identity_document_type"],"rcs_request_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none","client_secret_basic"],"tls_client_certificate_bound_access_tokens":true,"response_modes_supported":["form_post","fragment.jwt","query","query.jwt","fragment","jwt","form_post.jwt"],"backchannel_logout_session_supported":true,"token_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/access_token","response_types_supported":["code token id_token","code","code id_token","id_token","code token","token","token id_token"],"authorization_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"revocation_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","self_signed_tls_client_auth","tls_client_auth","none","client_secret_basic"],"request_uri_parameter_supported":true,"grant_types_supported":["implicit","refresh_token","urn:ietf:params:oauth:grant-type:saml2-bearer","password","client_credentials","urn:ietf:params:oauth:grant-type:device_code","authorization_code","urn:openid:params:grant-type:ciba","urn:ietf:params:oauth:grant-type:uma-ticket","urn:ietf:params:oauth:grant-type:token-exchange","urn:ietf:params:oauth:grant-type:jwt-bearer"],"version":"3.0","prompt_values_supported":["none","login","consent"],"userinfo_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/userinfo","require_request_uri_registration":true,"code_challenge_methods_supported":["plain","S256"],"id_token_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","A256KW","RSA1_5","dir","A192KW"],"authorization_signing_alg_values_supported":["PS384","RS384","EdDSA","ES384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"request_object_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"request_object_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","RSA1_5","A256KW","dir","A192KW"],"rcs_response_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"introspection_signing_alg_values_supported":["PS384","RS384","EdDSA","ES384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"check_session_iframe":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/connect/checkSession","scopes_supported":["identity_documents","photoid_selfie","address","internal_id_claims","openid","profile","photoid","usm_api","suisseid_number","swissid_signature","id_transfer","phone","sub_lookup","email"],"backchannel_logout_supported":true,"acr_values_supported":["loa-2","loa-1","qoa1.4","qoa2.3","qoa2.4","qoa1.1","qoa1.2","qoa2.1","idaas","qoa2.2","loa-2.2","loa-1.2","loa-2.1","loa-1.1","qoa2","qoa1","pwless","loa-2.3","reg-webauthn"],"request_object_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"rcs_request_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","RSA1_5","A256KW","dir","A192KW"],"userinfo_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"require_pushed_authorization_requests":false,"rcs_response_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"userinfo_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","A256KW","RSA1_5","dir","A192KW"],"end_session_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/connect/endSession","rcs_request_encryption_enc_values_supported":["A256GCM","A192GCM","A128GCM","A128CBC-HS256","A192CBC-HS384","A256CBC-HS512"],"revocation_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/token/revoke","rcs_response_encryption_alg_values_supported":["RSA-OAEP","RSA-OAEP-256","A128KW","A256KW","RSA1_5","dir","A192KW"],"token_endpoint_auth_signing_alg_values_supported":["PS384","RS384","ES384","HS256","HS512","ES256","RS256","HS384","ES512","PS256","PS512","RS512"],"jwks_uri":"https://klp.agov-w.azure.adnovum.net/jwk","subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["ES384","HS256","HS512","ES256","RS256","HS384","ES512"],"registration_endpoint":"https://login.sandbox.pre.swissid.ch:443/idp/oauth2/register"} \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/nevisauth.yml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/nevisauth.yml new file mode 100644 index 0000000..6688a81 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/nevisauth.yml @@ -0,0 +1,16 @@ +server: + name: "default" + protocol: "https" + port: "8991" + host: "0.0.0.0" + tls: + keystore: "/var/opt/keys/own/nai2-default-identity/keystore.p12" + keystore-passphrase: "${exec:/var/opt/keys/own/nai2-default-identity/keypass}" + client-auth: "required" + truststore: "/var/opt/keys/trust/nai2-default-tls-client-trust/truststore.p12" + truststore-passphrase: "${exec:/var/opt/keys/trust/nai2-default-tls-client-trust/keypass}" +management: + server: + port: "9000" + healthchecks: + enabled: "true" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/otel.properties new file mode 100644 index 0000000..4e53a58 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/otel.properties @@ -0,0 +1,4 @@ +otel.service.name = nai2 +otel.traces.exporter = none +otel.metrics.exporter = none +otel.logs.exporter = none diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/prepare_done.groovy b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/prepare_done.groovy new file mode 100644 index 0000000..e916e2a --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/conf/prepare_done.groovy @@ -0,0 +1,23 @@ +// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth. +// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups. + +// restore tokens +session.each { key, value -> + if (key.startsWith('outarg.token.')) { + def name = key.substring(7) + if (outargs.containsKey(name)) { + LOG.debug("not restoring token (outarg: $name) from session: outarg already set") + } + else { + LOG.debug("restoring token (outarg: $name) from session") + outargs.put(name, value) + } + } +} + +// store tokens +outargs.each { name, value -> + if (name.startsWith('token.')) { + session.put('outarg.' + name, value) + } +} diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/log/.empty b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/log/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar new file mode 100644 index 0000000..4faa5bc Binary files /dev/null and b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar differ diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/run/.empty b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/run/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/status.sh b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/status.sh new file mode 100755 index 0000000..0569031 --- /dev/null +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/status.sh @@ -0,0 +1,79 @@ +#!/bin/bash +# +# NAME +# status.sh - Checks the status of the nevisAuth instance. +# +# SYNOPSIS +# status.sh +# +# DESCRIPTION +# Performs periodic checks until the instance is up or broken or timeout is reached. +# The script terminates when the process of the instance stops running. +# There are no arguments for this script. +# +# EXIT CODES +# 0 Instance is up. +# 1 Instance process is not running. +# 2 Instance is broken. +# 3 Timeout reached. + +# Defines how much we should sleep between checking if the instance is up. +interval=1 +# Defines how much we should wait the instance to start up until we give up and exit. +timeout=70 +((end_time=${SECONDS}+$timeout)) + +# Checks if the process of the instance is still running. +# Arguments: +# None +# Returns: +# In case it is running, returns 0, otherwise non-zero (exit code of systemctl). +isProcessRunning() { + systemctl is-active --quiet nevisauth@default + IS_RUNNING=$? + return $IS_RUNNING +} + +# Checks if the instance is up. (Attempts connecting to the instance) +# Arguments: +# None +# Returns: +# If the connection was successful and the instance up (is not broken), returns 0. +# If the connection was not successful, returns 1. +checkInstance() { + lsof -i :8991 -sTCP:LISTEN + EXIT_CODE=$? + return $EXIT_CODE +} + +# This function encapsulates the logic of checking if the process is running and if the instance is up. +# In case the process is not running, exits with exit code 1. +# Arguments: +# None +# Returns: +# If the instance process is running, returns the result of the instance check function. +check() { + if isProcessRunning + then + checkInstance + CS=$? + return $CS + else + echo "Process is not running." + exit 1 + fi +} + +# Check the status of the instance periodically. +while ((${SECONDS} < ${end_time})) +do + sleep ${interval} + if check + then + echo "Instance is up." + exit 0 + fi +done + +echo "Exceeded check timeout (70s). Instance is down." +exit 3 \ No newline at end of file diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/tmp/.empty b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2/var/opt/nevisauth/default/tmp/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml index e1650d0..71bb045 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml @@ -46,7 +46,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-9cad45a7b0512ebf6892f792c3aa8ba7cd7e169b" + tag: "r-76cf157bd18ad492e7eea17645c765177d3ffea5" dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-signer-trust-92e282d1dc2b69d9e4f91fc0.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-signer-trust-92e282d1dc2b69d9e4f91fc0.yaml index b427f36..9bf6ce8 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-signer-trust-92e282d1dc2b69d9e4f91fc0.yaml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-signer-trust-92e282d1dc2b69d9e4f91fc0.yaml @@ -10,5 +10,5 @@ metadata: patternId: "92e282d1dc2b69d9e4f91fc0" spec: keystores: - - name: "nai-sh4r3d-default-default-signer" + - name: "nai2-sh4r3d-default-default-signer" namespace: "adn-postit-tknxchng-01-dev" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-tls-trust-92e282d1dc2b69d9e4f91fc0.yaml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-tls-trust-92e282d1dc2b69d9e4f91fc0.yaml index 288cd8b..7f43bc1 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-tls-trust-92e282d1dc2b69d9e4f91fc0.yaml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-mockrelam-tls-trust-92e282d1dc2b69d9e4f91fc0.yaml @@ -10,5 +10,5 @@ metadata: patternId: "92e282d1dc2b69d9e4f91fc0" spec: keystores: - - name: "nai-default-identity" + - name: "nai2-default-identity" namespace: "adn-postit-tknxchng-01-dev" diff --git a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-klp.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-klp.agov-w.azure.adnovum.net/WEB-INF/web.xml index 55f3109..31b37c0 100644 --- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-klp.agov-w.azure.adnovum.net/WEB-INF/web.xml +++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-klp.agov-w.azure.adnovum.net/WEB-INF/web.xml @@ -177,7 +177,7 @@ Transport.InetAddress - nai:8991 + nai2:8991