new configuration version

2024-11-07 06:53:12 +00:00 · 2024-11-07 06:53:12 +00:00 · d3a64c038c
parent 97f15299bc
commit d3a64c038c
4 changed files with 62 additions and 34 deletions
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
@ -45,7 +45,7 @@ spec:
  podDisruptionBudget:
    maxUnavailable: "50%"
  git:
-    tag: "r-60e8f94e2a0e0799466b7c8fb201c5bf13f0fb59"
+    tag: "r-381ab3bec11e417862b3e34bf6abedfee5f9346e"
    dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
    credentials: "git-credentials"
  keystores:
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
@ -41,57 +41,85 @@
    <!-- source: pattern://6ec6739e824c8e56d9633622 -->
    <LocalOutOfContextDataStore reaperPeriod="60"/>
    <!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
-    <AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisauth/plugin" propagateSession="false">
+    <AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
        <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
        <Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
-            <Entry method="authenticate" state="cossa_realm_IdentityProviderState"/>
-            <Entry method="authenticate" state="cossa_realm_IdentityProviderState" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
+            <Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
+            <Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
            <Entry method="stepup" state="cossa_realm_Selector"/>
-            <Entry method="stepup" state="cossa_realm_IdentityProviderState" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
+            <Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
        </Domain>
-        <AuthState name="cossa_realm_IdentityProviderState" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
-            <!-- source: pattern://da13d0fe10be58add377269b -->
-            <ResultCond name="ok" next="cossa_realm_SecurityTokenServiceClient"/>
-            <!-- source: pattern://da13d0fe10be58add377269b -->
-            <Response value="AUTH_ERROR">
-                <!-- source: pattern://da13d0fe10be58add377269b -->
-                <Gui name="AuthErrorDialog"/>
+        <AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" final="false" resumeState="true">
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <ResultCond name="failed" next="cossa_realm_New_Authentication_Failed"/>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <ResultCond name="ok" next="cossa_realm_IdTokenVerification"/>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://89578db79d2bc15d55e11141 -->
+                <Gui name="Default"/>
            </Response>
-            <!-- source: pattern://da13d0fe10be58add377269b -->
-            <property name="out.binding" value="internal-assertion"/>
-            <!-- source: pattern://da13d0fe10be58add377269b -->
-            <property name="out.attribute.email" value="marco.maurer@adnovum.ch"/>
-            <!-- source: pattern://da13d0fe10be58add377269b -->
-            <property name="out.keyobjectref" value="DefaultSigner"/>
-            <!-- source: pattern://da13d0fe10be58add377269b -->
-            <property name="acsUrlWhitelist.uris" value="DummyValue"/>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <property name="clientId" value="client1"/>
+            <!-- source: pattern://89578db79d2bc15d55e11141 -->
+            <property name="clientSecret" value="clientPassword"/>
        </AuthState>
-        <AuthState name="cossa_realm_SecurityTokenServiceClient" class="ch.nevis.esauth.auth.states.wstrust.SecurityTokenServiceClient" final="false" resumeState="true">
-            <!-- source: pattern://e026d017ea6658b54e0b16cc -->
-            <ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
-            <!-- source: pattern://e026d017ea6658b54e0b16cc -->
+        <AuthState name="cossa_realm_New_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
+            <!-- source: pattern://72e29eb80a951e518ce123e4 -->
            <Response value="AUTH_ERROR">
-                <!-- source: pattern://e026d017ea6658b54e0b16cc -->
-                <Gui name="AuthErrorDialog"/>
+                <!-- source: pattern://72e29eb80a951e518ce123e4 -->
+                <Gui name="Error">
+                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
+                    <GuiElem name="info" type="error" label="error_99"/>
+                    <!-- source: pattern://72e29eb80a951e518ce123e4 -->
+                    <GuiElem name="submit" type="button" label="continue.button.label"/>
+                </Gui>
+            </Response>
+        </AuthState>
+        <AuthState name="cossa_realm_IdTokenVerification" class="ch.adnovum.cossa.IdTokenVerification" final="false" resumeState="true">
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <ResultCond name="failed" next="cossa_realm_Authentication_Failed"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+                <Gui name="Default"/>
+            </Response>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <property name="Issuer" value="client1"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <property name="clientId" value="clientPassword"/>
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <property name="jwkSetURL" value="https://login.sandbox.pre.swissid.ch/idp/oauth2/connect/jwk_uri"/>
+        </AuthState>
+        <AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
+            <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+                <Gui name="Error">
+                    <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+                    <GuiElem name="info" type="error" label="error_99"/>
+                    <!-- source: pattern://a976546c6a56dc04c0d34592 -->
+                    <GuiElem name="submit" type="button" label="continue.button.label"/>
+                </Gui>
            </Response>
-            <!-- source: pattern://e026d017ea6658b54e0b16cc -->
-            <property name="queryValue" value="${request:userId}"/>
        </AuthState>
        <AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
-            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <ResultCond name="default" next="cossa_realm_Auth_Done"/>
-            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_DONE">
-                <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
+                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                <Gui name="ContinueResponse"/>
            </Response>
-            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
        </AuthState>
        <AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
-            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
+            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_DONE">
-                <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
+                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                <Gui name="ContinueResponse"/>
            </Response>
        </AuthState>
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/.empty
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/.empty
--- a/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar
+++ b/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/plugin/cossa-token-exchange-authstates.jar