nevis
/
adn-post-iam-tknxchng-inv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
mamo 2024-11-11 10:18:36 +00:00
parent f27fa6def4
commit 4956b48ff0
4 changed files with 524 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-b0b26fa9649d888b5ea592880dd6fbe6facbc8a3"
tag: "r-c1f967206031c07e593aa2ffabb8e9cd9d52d049"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
credentials: "git-credentials"
keystores:

155
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -42,6 +42,11 @@
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
<KeyObject name="New_nevisAuth_KeyObject" certificate="/var/opt/keys/own/new-pem-key-store/cert.pem" privateKey="/var/opt/keys/own/new-pem-key-store/keystore.jks" passPhrase="pipe:///var/opt/keys/own/new-pem-key-store/keypass"/>
</KeyStore>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<KeyStore name="Store_New_OAuth_2.0_Authorization_Server_OpenID_Provider">
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<KeyObject name="Signer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" certificate="/var/opt/keys/own/new-pem-key-store/cert.pem" privateKey="/var/opt/keys/own/new-pem-key-store/keystore.jks" passPhrase="pipe:///var/opt/keys/own/new-pem-key-store/keypass"/>
</KeyStore>
</SessionCoordinator>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<LocalOutOfContextDataStore reaperPeriod="60"/>
@ -51,8 +56,12 @@
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
<Entry method="authenticate" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/oauth/authorize($|\?.*)$:true}"/>
<Entry method="authenticate" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/oauth/token($|\?.*)$:true}"/>
<Entry method="stepup" state="cossa_realm_Selector"/>
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
<Entry method="stepup" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/oauth/authorize($|\?.*)$:true}"/>
<Entry method="stepup" state="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" selector="${request:currentResource:^http[s]?\u003A//[^/]+/oauth/token($|\?.*)$:true}"/>
</Domain>
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
<!-- source: pattern://89578db79d2bc15d55e11141 -->
@ -112,7 +121,7 @@
</AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
<ResultCond name="default" next="cossa_realm_02_CheckConsent_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
@ -121,6 +130,37 @@
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="cossa_realm_02_CheckConsent_New_OAuth_2.0_Authorization_Server_OpenID_Provider" class="ch.nevis.esauth.auth.states.oauth2.consentstate.ConsentState" final="false">
<ResultCond name="ok" next="cossa_realm_Auth_Done"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<ResultCond name="reject" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<Gui name="oauth_consent" label="title.oauth.consent">
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="prompt" type="info" label="info.oauth.consent"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="accept" type="button" label="accept.button.label" value="approve"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="reject" type="button" label="reject.button.label" value="deny" optional="false"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="clientName" type="info" label="" value="${notes:client_name}" optional="false"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="clientLogo" type="image" label="" value="${notes:logo_uri}" optional="false"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="clientToS" type="link" label="consent.tos.link.label" value="${notes:tos_uri}" optional="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="clientPolicy" type="link" label="consent.policy.link.label" value="${notes:policy_uri}" optional="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="consentInformation" type="hidden" value="${notes:consentInformation}" optional="true"/>
</Gui>
</Response>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="dataSource" value="nevismeta"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="nevismeta.location" value="https://sdfsdfdf.ch:443/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities"/>
</AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
@ -128,6 +168,114 @@
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<Response value="AUTH_ERROR">
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<Gui name="Error">
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false">
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_TokenExchangeEndpoint"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<ResultCond name="invalid-authorization-request" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<ResultCond name="invalid-client" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<ResultCond name="invalid-redirect-uri" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<ResultCond name="invalid-token-request" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<ResultCond name="stepup:valid-authorization-request" next="cossa_realm_Selector"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="keystoreref" value="Store_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="keyobjectref" value="Signer_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="keyID" value="Signer_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="openid.idTokenLifetime" value="600"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="authCodeLifetime" value="60"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="propagationScope" value="session"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="dataSource" value="nevismeta"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="nevismeta.location" value="https://sdfsdfdf.ch:443/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="nevismeta.maxAge" value="600"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="openid.support" value="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="openid.issuerId" value="https://klp.agov-w.azure.adnovum.net"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.openid" value=""/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.openid.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.openid.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.openid.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.openid.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.offline_access" value=""/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.offline_access.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.offline_access.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.offline_access.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.offline_access.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.address" value=""/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.address.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.address.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.address.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.address.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.profile" value=""/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.profile.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.profile.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.profile.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.profile.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.email" value=""/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.email.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.email.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.email.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.email.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.phone" value=""/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.phone.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.phone.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.phone.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
</AuthState>
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
@ -138,4 +286,9 @@
</Response>
</AuthState>
</AuthEngine>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<RESTService name="New OAuth 2.0 / OpenID Connect Token Introspection Endpoint" class="ch.nevis.esauth.rest.service.tokenintrospection.TokenIntrospectionService" path="/oauth/introspect">
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<property name="authstates" value="cossa_realm_AuthorizationServer_New_OAuth_2.0_Authorization_Server_OpenID_Provider"/>
</RESTService>
</esauth-server>

2
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-349deb4960bc8a877066f3a6694b305a59b3388b"
tag: "r-c1f967206031c07e593aa2ffabb8e9cd9d52d049"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi"
credentials: "git-credentials"
keystores:

368
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-klp.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -1,6 +1,71 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/opt/nevisproxy/dtd/web-app_2_3.dtd">
<web-app>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<context-param>
<param-name>SectokenVerifierCert</param-name>
<param-value>/var/opt/keys/trust/npi-cossa-realm-signer-trust/truststore.pem</param-value>
</context-param>
<!-- source: pattern://92e282d1dc2b69d9e4f91fc0, pattern://b67f81a971e4c08aa79040a2 -->
<filter>
<filter-name>AuthenticationService_cossa_realm</filter-name>
<filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>AuthenticationServlet</param-name>
<param-value>Connector_cossa_realm</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>BodyReadSize</param-name>
<param-value>32768</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>EntryPointID</param-name>
<param-value>klp.agov-w.azure.adnovum.net</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>InactiveInterval</param-name>
<param-value>7200</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>InterceptionRedirect</param-name>
<param-value>never</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>LoginRendererServlet</param-name>
<param-value>LoginRenderer_New_nevisLogrend_Instance</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Realm</param-name>
<param-value>cossa_realm</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>RecheckAuthentication</param-name>
<param-value>On</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>RenewIdentification</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>StateKey</param-name>
<param-value>cossa_realm</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>StoreInterceptedRequest</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<!-- source: pattern://3b41ca4ca1c4028117d16f5b -->
<filter>
<filter-name>ErrorHandler_Default</filter-name>
@ -24,6 +89,33 @@
</param-value>
</init-param>
</filter>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<filter>
<filter-name>OAuth_Preflighted_CORS_New OAuth 2.0 Authorization Server / OpenID Provider</filter-name>
<filter-class>ch::nevis::isiweb4::filter::lua::LuaFilter</filter-class>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<init-param>
<param-name>Script</param-name>
<param-value>
function inputHeader(request, response)
response:setHeader("Access-Control-Allow-Origin", "*")
response:setHeader("Access-Control-Allow-Credentials", "true")
response:setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, OPTIONS")
response:setHeader("Access-Control-Allow-Headers", "Authorization")
response:setHeader("Access-Control-Expose-Headers", "*")
response:setHeader("Access-Control-Max-Age", "600")
if request:getMethod() == "OPTIONS" then
response:send(204)
end
end
</param-value>
</init-param>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<init-param>
<param-name>Script.InputHeaderFunctionName</param-name>
<param-value>inputHeader</param-value>
</init-param>
</filter>
<!-- source: pattern://3b41ca4ca1c4028117d16f5b -->
<filter>
<filter-name>ResponseHeader_Default</filter-name>
@ -38,6 +130,51 @@
</param-value>
</init-param>
</filter>
<!-- source: pattern://92e282d1dc2b69d9e4f91fc0, pattern://b67f81a971e4c08aa79040a2 -->
<filter>
<filter-name>SessionHandler_cossa_realm</filter-name>
<filter-class>ch::nevis::nevisproxy::filter::session::SessionManagementFilter</filter-class>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Cookie.ExtraAttributes</param-name>
<param-value>SameSite=None</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Cookie.Name</param-name>
<param-value>Session_cossa_realm</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Cookie.Secure</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Identification</param-name>
<param-value>COOKIE</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MaxInactiveInterval</param-name>
<param-value>600</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MaxLifetime</param-name>
<param-value>28800</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Servlet</param-name>
<param-value>LocalSessionStoreServlet</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>UpdateTimeStampMinInterval</param-name>
<param-value>120</param-value>
</init-param>
</filter>
<!-- source: pattern://3b41ca4ca1c4028117d16f5b -->
<filter-mapping>
<filter-name>ErrorHandler_Default</filter-name>
@ -48,10 +185,241 @@
<filter-name>ResponseHeader_Default</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<filter-mapping>
<filter-name>OAuth_Preflighted_CORS_New OAuth 2.0 Authorization Server / OpenID Provider</filter-name>
<url-pattern>/oauth/authorize</url-pattern>
</filter-mapping>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<filter-mapping>
<filter-name>OAuth_Preflighted_CORS_New OAuth 2.0 Authorization Server / OpenID Provider</filter-name>
<url-pattern>/oauth/token</url-pattern>
</filter-mapping>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<filter-mapping>
<filter-name>SessionHandler_cossa_realm</filter-name>
<url-pattern>/oauth/authorize</url-pattern>
</filter-mapping>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<filter-mapping>
<filter-name>SessionHandler_cossa_realm</filter-name>
<url-pattern>/oauth/token</url-pattern>
</filter-mapping>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<filter-mapping>
<filter-name>AuthenticationService_cossa_realm</filter-name>
<url-pattern>/oauth/authorize</url-pattern>
</filter-mapping>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<filter-mapping>
<filter-name>AuthenticationService_cossa_realm</filter-name>
<url-pattern>/oauth/token</url-pattern>
</filter-mapping>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<listener>
<listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
</listener>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<servlet>
<servlet-name>Connector_cossa_realm</servlet-name>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::soap::esauth4::Esauth4ConnectorServlet</servlet-class>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.DNSCache.ttl</param-name>
<param-value>60</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.InetAddress</param-name>
<param-value>nai:8991</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.KeepAlive.LifeTime</param-name>
<param-value>30</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.RequestTimeout</param-name>
<param-value>90000</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.ResourceManager.RetryTimeout</param-name>
<param-value>0</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.SSLCACertificateFile</param-name>
<param-value>/var/opt/keys/trust/npi-cossa-realm-tls-trust/truststore.pem</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.SSLCheckPeerHostname</param-name>
<param-value>false</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.SSLClientCertificateFile</param-name>
<param-value>/var/opt/keys/own/npi-cossa-realm-identity/cert.pem</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Transport.SSLClientKeyFile</param-name>
<param-value>/var/opt/keys/own/npi-cossa-realm-identity/key.pem</param-value>
</init-param>
</servlet>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<servlet>
<servlet-name>Connector_cossa_realm_REST</servlet-name>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>DNSCache.ttl</param-name>
<param-value>60</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>InetAddress</param-name>
<param-value>nai:8991</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>KeepAlive.LifeTime</param-name>
<param-value>30</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>MappingType</param-name>
<param-value>requesturi</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>RequestTimeout</param-name>
<param-value>90000</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>ResourceManager.RetryTimeout</param-name>
<param-value>0</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>SSLCACertificateFile</param-name>
<param-value>/var/opt/keys/trust/npi-cossa-realm-tls-trust/truststore.pem</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>SSLCheckPeerHostname</param-name>
<param-value>false</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>SSLClientCertificateFile</param-name>
<param-value>/var/opt/keys/own/npi-cossa-realm-identity/cert.pem</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>SSLClientKeyFile</param-name>
<param-value>/var/opt/keys/own/npi-cossa-realm-identity/key.pem</param-value>
</init-param>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<init-param>
<param-name>URIPrefix</param-name>
<param-value>/nevisauth</param-value>
</init-param>
</servlet>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<servlet>
<servlet-name>Hosting_Default</servlet-name>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
</servlet>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<servlet>
<servlet-name>LocalSessionStoreServlet</servlet-name>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MaxInactiveInterval</param-name>
<param-value>600</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MaxLifetime</param-name>
<param-value>28800</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MemorySize</param-name>
<param-value>512000000</param-value>
</init-param>
</servlet>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<servlet>
<servlet-name>LoginRenderer_New_nevisLogrend_Instance</servlet-name>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<servlet-class>ch::nevis::isiweb4::servlet::rendering::LoginRendererServlet</servlet-class>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<init-param>
<param-name>PropagateRemoteHeaders</param-name>
<param-value>Set-Cookie</param-value>
</init-param>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<init-param>
<param-name>RenderingProvider</param-name>
<param-value>remote:NevisLogrendConnector_New_nevisLogrend_Instance:/nevislogrend/index.vm?logrendresourcepath=/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<servlet>
<servlet-name>NevisLogrendConnector_New_nevisLogrend_Instance</servlet-name>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpConnectorServlet</servlet-class>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<init-param>
<param-name>InetAddress</param-name>
<param-value>nli:8988</param-value>
</init-param>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<init-param>
<param-name>MappingType</param-name>
<param-value>pathinfo</param-value>
</init-param>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<init-param>
<param-name>ResourceManager.RetryTimeout</param-name>
<param-value>0</param-value>
</init-param>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<init-param>
<param-name>URIPrefix</param-name>
<param-value>/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<servlet-mapping>
<servlet-name>NevisLogrendConnector_New_nevisLogrend_Instance</servlet-name>
<url-pattern>/nevislogrend/*</url-pattern>
</servlet-mapping>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>
<url-pattern>/oauth/authorize</url-pattern>
</servlet-mapping>
<!-- source: pattern://0daf10449dab098fcc4b9311 -->
<servlet-mapping>
<servlet-name>Connector_cossa_realm_REST</servlet-name>
<url-pattern>/oauth/introspect</url-pattern>
</servlet-mapping>
<!-- source: pattern://b9366aa4b5d4572afa59ea4c -->
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>
<url-pattern>/oauth/token</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>
<url-pattern>/*</url-pattern>