nevis
/
adn-post-iam-tknxchng-inv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
mamo 2024-11-18 11:47:28 +00:00
parent 1eec857dbf
commit c4ab8e0963
2 changed files with 52 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-3d141afd3ffc3d627e8f33a1c77ed93cd66a0b52"
tag: "r-c747b60bdc7d9fb53cb1d2f40bed482eef1074c2"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
credentials: "git-credentials"
keystores:

167
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -54,12 +54,12 @@
</Domain>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="authenticate" state="cossa_realm_AuthorizationServer1"/>
<Entry method="authenticate" state="cossa_realm_AuthorizationServer1" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="logout" state="cossa_realm_AuthorizationServer1"/>
<Entry method="logout" state="cossa_realm_AuthorizationServer1" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="stepup" state="cossa_realm_Selector"/>
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="stepup" state="cossa_realm_AuthorizationServer1" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
</Domain>
<AuthState name="MockRelam_DispatchMockRequests" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://1641a38402138546573b7e71 -->
@ -127,119 +127,6 @@
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="ok" next="cossa_realm_IdTokenVerification"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<Gui name="Default"/>
</Response>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<property name="clientId" value="client1"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<property name="clientSecret" value="clientPassword"/>
</AuthState>
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Gui name="Error">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_IdTokenVerification" class="ch.adnovum.cossa.IdTokenVerification" final="false" resumeState="false">
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="failed" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="ok" next="cossa_realm_CallRestApi"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<Gui name="Default"/>
</Response>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="Issuer" value="https://login.sandbox.pre.swissid.ch:443/idp/oauth2"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="clientId" value="klp-client"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="jwkSetURL" value="https://login.sandbox.pre.swissid.ch/idp/oauth2/connect/jwk_uri"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="httpclient.tls.trustAll" value="true"/>
</AuthState>
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
<Gui name="Error">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79, pattern://a976546c6a56dc04c0d34592 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_CallRestApi" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="failed" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="ok" next="cossa_realm_JwtToken"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Gui name="Default"/>
</Response>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="Issuer" value="https://login.sandbox.pre.swissid.ch:443/idp/oauth2"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="clientId" value="klp-client"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="jwkSetURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="httpclient.tls.trustAll" value="true"/>
</AuthState>
<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<Response value="AUTH_ERROR"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.audience" value="https://www.adnovum.ch"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.issuer" value="https://my.nevis.server"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.time_to_live" value="86400"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="token.algorithm" value="RS256"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="keystoreref" value="JwtToken"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="keyobjectref" value="tokensigner"/>
</AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_AuthorizationServer1" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false" resumeState="true">
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_New_Test_Login"/>
@ -366,6 +253,54 @@
<!-- source: pattern://635e4d617af6818edc9ae7c9 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/new_test_login.groovy"/>
</AuthState>
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Gui name="Error">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<Response value="AUTH_ERROR"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.audience" value="https://www.adnovum.ch"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.issuer" value="https://my.nevis.server"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.time_to_live" value="86400"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="token.algorithm" value="RS256"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="keystoreref" value="JwtToken"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="keyobjectref" value="tokensigner"/>
</AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>