nevis
/
adn-post-iam-tknxchng-inv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
mamo 2024-12-06 07:50:51 +00:00
parent 56c41234f6
commit 5f24fa34a0
5 changed files with 39 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-8950749940d49f045219bc99b37db559a44d5e9d"
tag: "r-5598339b780360ceea49d4cbef981b929354ff54"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
credentials: "git-credentials"
keystores:

142
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -54,12 +54,12 @@
</Domain>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="authenticate" state="cossa_realm_AuthorizationServer"/>
<Entry method="authenticate" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="logout" state="cossa_realm_AuthorizationServer"/>
<Entry method="logout" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="stepup" state="cossa_realm_Selector"/>
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="stepup" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
</Domain>
<AuthState name="MockRelam_DispatchMockRequests" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://1641a38402138546573b7e71 -->
@ -127,74 +127,6 @@
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_client" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_grant" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_request" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_scope" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="ok" next="cossa_realm_IdTokenVerification"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="refresh_token" next="cossa_realm_RewriteRequestForAuthorizationServerAuthstate"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="unauthorized_client" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="unsupported_grant_type" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<Gui name="Default"/>
</Response>
<propertyRef name="cossa_realm_AuthorizationServer"/>
</AuthState>
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Gui name="Error">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_IdTokenVerification" class="ch.adnovum.cossa.IdTokenVerification" final="false" resumeState="false">
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="invalid_grant" next="cossa_realm_auth_failed"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="ok" next="cossa_realm_New_Transform_Variables_Step"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<Gui name="Default"/>
</Response>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="well_known_url" value="https://login.sandbox.pre.swissid.ch/idp/oauth2/.well-known/openid-configuration"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="httpclient.tls.trustAll" value="true"/>
</AuthState>
<AuthState name="cossa_realm_RewriteRequestForAuthorizationServerAuthstate" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<ResultCond name="ok" next="cossa_realm_AuthorizationServer"/>
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<Response value="AUTH_ERROR">
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<property name="inargs:grant_type" value="refresh_token"/>
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<property name="inargs:refresh_token" value="${inargs:subject_token}"/>
</AuthState>
<AuthState name="cossa_realm_AuthorizationServer" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false" resumeState="true">
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_New_Test_Login"/>
@ -289,19 +221,6 @@
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
</AuthState>
<AuthState name="cossa_realm_New_Transform_Variables_Step" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://f1c445634ed60460be12043e -->
<ResultCond name="ok" next="cossa_realm_klpscope"/>
<!-- source: pattern://f1c445634ed60460be12043e -->
<Response value="AUTH_ERROR">
<!-- source: pattern://f1c445634ed60460be12043e -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://f1c445634ed60460be12043e -->
<property name="notes:scope" value="notesscope"/>
<!-- source: pattern://f1c445634ed60460be12043e -->
<property name="sess:scope" value="testklp"/>
</AuthState>
<AuthState name="cossa_realm_New_Test_Login" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://635e4d617af6818edc9ae7c9 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done" authLevel="1"/>
@ -324,6 +243,18 @@
<!-- source: pattern://635e4d617af6818edc9ae7c9 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/new_test_login.groovy"/>
</AuthState>
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Gui name="Error">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
@ -342,16 +273,6 @@
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="keyobjectref" value="tokensigner"/>
</AuthState>
<AuthState name="cossa_realm_klpscope" class="ch.adnovum.cossa.KLPScopeToProfileBinding" final="false" resumeState="true">
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<ResultCond name="default" next="cossa_realm_CallPolicyVerificationAPI"/>
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<property name="prioritiesSource" value="klp-profiles.conf"/>
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<property name="profileExpression" value="oauth2.scope.${session:scope}.metadata.klp_profile"/>
</AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
@ -363,27 +284,6 @@
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="cossa_realm_CallPolicyVerificationAPI" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="multiple_profiles" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="no_valid_profile" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Gui name="Default"/>
</Response>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="evaluatePoliciesForAllProfiles" value="false"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="klpURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="basicAuthUsername" value="testbasicauth"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="basicAuthPassword" value="testtesttest"/>
</AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
@ -391,18 +291,6 @@
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Gui name="Error">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>

25
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/klp-profiles.conf
View File

@ -1,25 +0,0 @@
suisseid_auth_address_verified
suisseid_auth_address_required
suisseid_auth_mobile_verified
suisseid_auth_mobile_required
suisseid_auth_phone_required
suisseid_auth
password_auth_address_verified
password_auth_address_required
password_auth_mobile_verified
password_auth_mobile_required
password_auth_phone_required
password_auth
email_auth_address_verified
email_auth_address_required
email_auth_mobile_verified
email_auth_mobile_required
email_auth_phone_required
email_auth
autologin_auth_address_verified
autologin_auth_address_required
autologin_auth_mobile_verified
autologin_auth_mobile_required
autologin_auth_phone_required
autologin_auth
default

2
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/etc/nevis/k8s-npi-92e282d1dc2b69d9e4f91fc0.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-40073193a13a24d627f024cfd3f98904980f1598"
tag: "r-5598339b780360ceea49d4cbef981b929354ff54"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi"
credentials: "git-credentials"
keystores:

84
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/npi/var/opt/nevisproxy/default/host-cossa.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -1,11 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "/opt/nevisproxy/dtd/web-app_2_3.dtd">
<web-app>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<context-param>
<param-name>application-id</param-name>
<param-value>cossa.agov-w.azure.adnovum.net</param-value>
</context-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<context-param>
<param-name>SectokenVerifierCert</param-name>
@ -170,7 +165,7 @@
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>Servlet</param-name>
<param-value>MySQLSessionStoreServlet</param-value>
<param-value>LocalSessionStoreServlet</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
@ -345,6 +340,27 @@
<!-- source: pattern://4b8f4de5fefd5f33774df841 -->
<servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
</servlet>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<servlet>
<servlet-name>LocalSessionStoreServlet</servlet-name>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MaxInactiveInterval</param-name>
<param-value>600</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MaxLifetime</param-name>
<param-value>28800</param-value>
</init-param>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<init-param>
<param-name>MemorySize</param-name>
<param-value>512000000</param-value>
</init-param>
</servlet>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<servlet>
<servlet-name>LoginRenderer_nli</servlet-name>
@ -361,62 +377,6 @@
<param-value>remote:NevisLogrendConnector_nli:/nevislogrend/index.vm?logrendresourcepath=/nevislogrend</param-value>
</init-param>
</servlet>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<servlet>
<servlet-name>MySQLSessionStoreServlet</servlet-name>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<servlet-class>ch::nevis::nevisproxy::servlet::cache::mysql::MySQLSessionStoreServlet</servlet-class>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>AttributesTableName</param-name>
<param-value>attribute</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>ConfigurationsTableName</param-name>
<param-value>conf</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>ConnectString</param-name>
<param-value>//mariadb-agov-uat.mariadb.database.azure.com:3306/idp_replicated_session_store?connect_timeout=10&amp;ping_timeout=2</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>DisableDatabaseSchemaCheck</param-name>
<param-value>true</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>KeyToIdMapTableName</param-name>
<param-value>key_id_map</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>MaxAttributeSize</param-name>
<param-value>60000</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>MaxLimitOnDelete</param-name>
<param-value>100</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>Password</param-name>
<param-value>secret://8a9eac60eb3fca0470bb380e</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>SessionsTableName</param-name>
<param-value>session</param-value>
</init-param>
<!-- source: pattern://699f0a21dd0e852f28d27e9d -->
<init-param>
<param-name>UserName</param-name>
<param-value>adndbadmin</param-value>
</init-param>
</servlet>
<!-- source: pattern://7dc20659babc66c4401ce0dd -->
<servlet>
<servlet-name>NevisLogrendConnector_nli</servlet-name>