new configuration version
This commit is contained in:
mamo
parent
96016bd8c9
commit
770c1e3598
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-d60aff852dc4f7af70863beb3269b19735cc1b4d"
|
||||
tag: "r-4396841684f093fe9864b188a8a6ea4715ea9a93"
|
||||
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
|
||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
||||
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
|
||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
||||
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
|
||||
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
|
||||
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
|
||||
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
|
||||
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
|
||||
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
|
||||
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
|
||||
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
|
||||
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
|
||||
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
|
||||
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
|
||||
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
|
||||
Ix41vfiHmA==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
|
||||
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
|
||||
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
|
||||
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
|
||||
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
|
||||
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
|
||||
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
|
||||
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
|
||||
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
|
||||
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
|
||||
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
|
||||
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
|
||||
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
|
||||
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
|
||||
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
|
||||
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
|
||||
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
|
||||
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
|
||||
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
|
||||
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
|
||||
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
|
||||
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
|
||||
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
|
||||
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
|
||||
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
|
||||
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
|
||||
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
|
||||
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
#!/bin/bash
|
||||
echo '09I1B4lsP4+KQB8dB3AeEyU4RawLttIo55+0EWPPh0I='
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -1,50 +0,0 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
|
||||
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
|
||||
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
|
||||
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
|
||||
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
|
||||
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
|
||||
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
|
||||
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
|
||||
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
|
||||
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
|
||||
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
|
||||
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
|
||||
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
|
||||
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
|
||||
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
|
||||
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
|
||||
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
|
||||
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
|
||||
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
|
||||
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
|
||||
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
|
||||
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
|
||||
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
|
||||
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
|
||||
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
|
||||
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
|
||||
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
|
||||
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
||||
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
|
||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
||||
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
|
||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
||||
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
|
||||
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
|
||||
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
|
||||
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
|
||||
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
|
||||
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
|
||||
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
|
||||
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
|
||||
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
|
||||
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
|
||||
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
|
||||
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
|
||||
Ix41vfiHmA==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -37,11 +37,6 @@
|
|||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
||||
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
|
||||
</KeyStore>
|
||||
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
|
||||
<KeyStore name="JwtToken">
|
||||
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
|
||||
<KeyObject name="tokensigner" certificate="/var/opt/keys/own/tokensigner/cert.pem" privateKey="/var/opt/keys/own/tokensigner/keystore.jks" passPhrase="pipe:///var/opt/keys/own/tokensigner/keypass"/>
|
||||
</KeyStore>
|
||||
</SessionCoordinator>
|
||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
||||
<LocalOutOfContextDataStore reaperPeriod="60"/>
|
||||
|
|
@ -49,26 +44,26 @@
|
|||
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
|
||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
||||
<Domain name="New_Authentication_Realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
||||
<Entry method="authenticate" state="New_Authentication_Realm_New_JSON_Response_Step"/>
|
||||
<Entry method="authenticate" state="New_Authentication_Realm_New_JSON_Response_Step1"/>
|
||||
<Entry method="stepup" state="New_Authentication_Realm_Selector"/>
|
||||
</Domain>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
||||
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
|
||||
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="authenticate" state="cossa_realm_AuthorizationServer"/>
|
||||
<Entry method="authenticate" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="logout" state="cossa_realm_AuthorizationServer"/>
|
||||
<Entry method="logout" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="stepup" state="cossa_realm_Selector"/>
|
||||
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="stepup" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
</Domain>
|
||||
<AuthState name="New_Authentication_Realm_New_JSON_Response_Step" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
|
||||
<AuthState name="New_Authentication_Realm_New_JSON_Response_Step1" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
|
||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
||||
<Gui name="none"/>
|
||||
</Response>
|
||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
||||
<property name="content" value="file:///var/opt/nevisauth/default/conf/new_authentication_realm_new_json_response_step.json"/>
|
||||
<property name="content" value="file:///var/opt/nevisauth/default/conf/new_authentication_realm_new_json_response_step1.json"/>
|
||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
||||
<property name="contentType" value="application/json"/>
|
||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
||||
|
|
@ -101,100 +96,6 @@
|
|||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
|
||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
|
||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<ResultCond name="ok" next="cossa_realm_CallRestApi"/>
|
||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<Gui name="Default"/>
|
||||
</Response>
|
||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<property name="clientId" value="client1"/>
|
||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<property name="clientSecret" value="clientPassword"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
||||
<Gui name="Error">
|
||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
||||
<GuiElem name="info" type="error" label="error_99"/>
|
||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_CallRestApi" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="failed" next="cossa_realm_Authentication_Failed"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="ok" next="cossa_realm_JwtToken"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Gui name="Default"/>
|
||||
</Response>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="Issuer" value="https://login.sandbox.pre.swissid.ch:443/idp/oauth2"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="clientId" value="klp-client"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="jwkSetURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="httpclient.tls.trustAll" value="true"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Gui name="Error">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<GuiElem name="info" type="error" label="error_99"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<Response value="AUTH_ERROR"/>
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<property name="out.audience" value="https://www.adnovum.ch"/>
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<property name="out.issuer" value="https://my.nevis.server"/>
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<property name="out.time_to_live" value="86400"/>
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<property name="token.algorithm" value="RS256"/>
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<property name="keystoreref" value="JwtToken"/>
|
||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<property name="keyobjectref" value="tokensigner"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_AuthorizationServer" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false" resumeState="true">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
||||
<ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_Prepare_Done"/>
|
||||
|
|
@ -286,6 +187,30 @@
|
|||
<property name="scope.phone.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
||||
<property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
||||
<property name="client.clientId" value="test"/>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
||||
<property name="client.test.type" value="public"/>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
||||
<property name="client.test.grantTypes" value="implicit"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@
|
|||
"policyName": "RULE_AUTH_LEVEL"
|
||||
},
|
||||
{
|
||||
"policyName": "RULE_USER_ACCOUNT_TYPE_MATCH_APPLICATION_ACCOUNT_TYPES"
|
||||
"policyName": "RULE_USER_ACCOUNT_TYPE_MATCH_APPLICATION_ACCOUNT_TYPES1"
|
||||
}
|
||||
],
|
||||
"currentGtcAccepted": false
|
||||
Loading…
Reference in New Issue