new configuration version
This commit is contained in:
mamo
parent
80ca35eb7a
commit
aabe4abaff
|
|
@ -45,10 +45,11 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-324dffebbf9074ee8e65cdd5bea317dabcc4fc6e"
|
||||
tag: "r-439a003dc0e69fca081bd27a8677edfc5c86894b"
|
||||
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
- "nai-sh4r3d-new-nevis-sectoken-signer"
|
||||
- "nai-default-identity"
|
||||
- "nai-sh4r3d-default-default-signer"
|
||||
truststores:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: "operator.nevis-security.ch/v1"
|
||||
kind: "NevisKeyStore"
|
||||
metadata:
|
||||
name: "nai-sh4r3d-new-nevis-sectoken-signer"
|
||||
namespace: "adn-postit-tknxchng-01-dev"
|
||||
labels:
|
||||
deploymentTarget: "nai"
|
||||
annotations:
|
||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
||||
patternId: "6ec6739e824c8e56d9633622"
|
||||
spec:
|
||||
cn: "New_NEVIS_SecToken"
|
||||
usage: "signer"
|
||||
san:
|
||||
dns: []
|
||||
email: []
|
||||
|
|
@ -30,7 +30,21 @@
|
|||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
||||
<Signer key="DefaultSigner"/>
|
||||
</TokenAssembler>
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<TokenAssembler name="Token_cossa_realm_New_NEVIS_SecToken">
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<Selector default="false"/>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<TokenSpec ttl="28800">
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<field src="session" key="123456" as="userid"/>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<field src="session" key="WEAK" as="authLevel"/>
|
||||
</TokenSpec>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<Signer key="Signer_New_NEVIS_SecToken"/>
|
||||
</TokenAssembler>
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<KeyStore name="DefaultKeyStore">
|
||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
||||
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
|
||||
|
|
@ -38,6 +52,8 @@
|
|||
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
|
||||
<KeyObject name="Signer_New_JWT_Token" certificate="/var/opt/keys/own/new-pem-key-store/cert.pem" privateKey="/var/opt/keys/own/new-pem-key-store/keystore.jks" passPhrase="pipe:///var/opt/keys/own/new-pem-key-store/keypass"/>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<KeyObject name="Signer_New_NEVIS_SecToken" certificate="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keypass"/>
|
||||
</KeyStore>
|
||||
</SessionCoordinator>
|
||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
||||
|
|
@ -110,20 +126,20 @@
|
|||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
|
|
@ -131,6 +147,8 @@
|
|||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="New_JWT_Token" next="cossa_realm_New_JWT_Token"/>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="New_NEVIS_SecToken" next="cossa_realm_New_NEVIS_SecToken"/>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
|
|
@ -139,6 +157,8 @@
|
|||
</Response>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<property name="condition:New_JWT_Token" value="${request:requiredRoles:^token.New_JWT_Token$:true}"/>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<property name="condition:New_NEVIS_SecToken" value="${request:requiredRoles:^token.New_NEVIS_SecToken$:true}"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_New_JWT_Token" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false">
|
||||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
|
||||
|
|
@ -167,5 +187,20 @@
|
|||
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
|
||||
<property name="out.custom.exp" value="test"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_New_NEVIS_SecToken" class="ch.nevis.esauth.auth.states.sectoken.TokenAssemblerState" final="false">
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<ResultCond name="default" next="cossa_realm_Prepare_Done" authLevel="token.New_NEVIS_SecToken"/>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<property name="assembler" value="Token_cossa_realm_New_NEVIS_SecToken"/>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<property name="key" value="token.New_NEVIS_SecToken"/>
|
||||
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
|
||||
<property name="generateNow" value="true"/>
|
||||
</AuthState>
|
||||
</AuthEngine>
|
||||
</esauth-server>
|
||||
|
|
|
|||
Loading…
Reference in New Issue