new configuration version

DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml

@@ -45,11 +45,10 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-0322e6d9e0ec031ec1d368ab3307277dadf0b6a1"
+    tag: "r-4357701f8a1e980fdfdbc9b617da1ac62def41fd"
     dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
     credentials: "git-credentials"
   keystores:
-  - "nai-sh4r3d-new-nevis-sectoken-signer"
   - "nai-default-identity"
   - "nai-sh4r3d-default-default-signer"
   truststores:

DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-sh4r3d-new-nevis-sectoken-signer-6ec6739e824c8e56d9633622.yaml

@@ -1,16 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisKeyStore"
-metadata:
-  name: "nai-sh4r3d-new-nevis-sectoken-signer"
-  namespace: "adn-postit-tknxchng-01-dev"
-  labels:
-    deploymentTarget: "nai"
-  annotations:
-    projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
-    patternId: "6ec6739e824c8e56d9633622"
-spec:
-  cn: "New_NEVIS_SecToken"
-  usage: "signer"
-  san:
-    dns: []
-    email: []

DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml

@@ -30,28 +30,12 @@
             <!-- source: pattern://6ec6739e824c8e56d9633622 -->
             <Signer key="DefaultSigner"/>
         </TokenAssembler>
-        <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-        <TokenAssembler name="Token_cossa_realm_New_NEVIS_SecToken">
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <Selector default="false"/>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <TokenSpec ttl="28800">
-                <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-                <field src="session" key="123456" as="userid"/>
-                <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-                <field src="session" key="WEAK" as="authLevel"/>
-            </TokenSpec>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <Signer key="Signer_New_NEVIS_SecToken"/>
-        </TokenAssembler>
-        <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
+        <!-- source: pattern://6ec6739e824c8e56d9633622 -->
         <KeyStore name="DefaultKeyStore">
             <!-- source: pattern://6ec6739e824c8e56d9633622 -->
             <KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
             <!-- source: pattern://6ec6739e824c8e56d9633622 -->
             <KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <KeyObject name="Signer_New_NEVIS_SecToken" certificate="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keypass"/>
         </KeyStore>
     </SessionCoordinator>
     <!-- source: pattern://6ec6739e824c8e56d9633622 -->
@@ -65,7 +49,7 @@
             <Entry method="stepup" state="cossa_realm_Selector"/>
             <Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
         </Domain>
-        <AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" final="false" resumeState="true">
+        <AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
             <!-- source: pattern://89578db79d2bc15d55e11141 -->
             <ResultCond name="failed" next="cossa_realm_New_Authentication_Failed"/>
             <!-- source: pattern://89578db79d2bc15d55e11141 -->
@@ -93,26 +77,24 @@
             </Response>
         </AuthState>
         <AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
             <ResultCond name="default" next="cossa_realm_Auth_Done"/>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
             <Response value="AUTH_DONE">
-                <!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
+                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                 <Gui name="ContinueResponse"/>
             </Response>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
             <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
         </AuthState>
         <AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
             <Response value="AUTH_DONE">
-                <!-- source: pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
+                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                 <Gui name="ContinueResponse"/>
             </Response>
         </AuthState>
         <AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
-            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-            <ResultCond name="New_NEVIS_SecToken" next="cossa_realm_New_NEVIS_SecToken"/>
             <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
             <ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
             <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
@@ -120,23 +102,6 @@
                 <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                 <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
             </Response>
-            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
-            <property name="condition:New_NEVIS_SecToken" value="${request:requiredRoles:^token.New_NEVIS_SecToken$:true}"/>
-        </AuthState>
-        <AuthState name="cossa_realm_New_NEVIS_SecToken" class="ch.nevis.esauth.auth.states.sectoken.TokenAssemblerState" final="false">
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <ResultCond name="default" next="cossa_realm_Prepare_Done" authLevel="token.New_NEVIS_SecToken"/>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <Response value="AUTH_ERROR">
-                <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
-            </Response>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <property name="assembler" value="Token_cossa_realm_New_NEVIS_SecToken"/>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <property name="key" value="token.New_NEVIS_SecToken"/>
-            <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
-            <property name="generateNow" value="true"/>
         </AuthState>
     </AuthEngine>
 </esauth-server>