new configuration version
This commit is contained in:
mamo
parent
9505a5e88c
commit
d808a0f652
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-d0fcdd146e6d2ceaeed05fc802d74e40687e78d7"
|
||||
tag: "r-633e0687b81f1eb5e13a7f8be2937d86df5b271a"
|
||||
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -54,12 +54,12 @@
|
|||
</Domain>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
||||
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
|
||||
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="authenticate" state="cossa_realm_CheckTokenTypeToBeReplaced"/>
|
||||
<Entry method="authenticate" state="cossa_realm_CheckTokenTypeToBeReplaced" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="logout" state="cossa_realm_AuthorizationServer"/>
|
||||
<Entry method="logout" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="stepup" state="cossa_realm_Selector"/>
|
||||
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
<Entry method="stepup" state="cossa_realm_CheckTokenTypeToBeReplaced" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
||||
</Domain>
|
||||
<AuthState name="MockRelam_DispatchMockRequests" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
||||
|
|
@ -127,6 +127,25 @@
|
|||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_CheckTokenTypeToBeReplaced" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<ResultCond name="nomatch" next="cossa_realm_TokenExchangeEndpoint"/>
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<ResultCond name="requestContainsIdToken,isTokenExchangeRequest" next="cossa_realm_TokenExchangeEndpoint"/>
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<ResultCond name="requestContainsRefreshToken,isTokenExchangeRequest" next="cossa_realm_RewriteRequestForAuthorizationServerAuthstate"/>
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<property name="condition:isTokenExchangeRequest" value="#{inargs.getOrDefault("grant_type","").equals("urn:ietf:params:oauth:grant-type:token-exchange")}"/>
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<property name="condition:requestContainsIdToken" value="#{inargs.getOrDefault("subject_token_type","").equals("urn:ietf:params:oauth:token-type:id_token")}"/>
|
||||
<!-- source: pattern://9d599416f43a2414f36426a2 -->
|
||||
<property name="condition:requestContainsRefreshToken" value="#{inargs.getOrDefault("subject_token_type","").equals("urn:ietf:params:oauth:token-type:refresh_token")}"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
|
||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
|
||||
|
|
@ -154,6 +173,19 @@
|
|||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
||||
<property name="nevismeta.location" value="https://hans.agov-d.azure.adnovum.net/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities/"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_RewriteRequestForAuthorizationServerAuthstate" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
||||
<ResultCond name="ok" next="cossa_realm_AuthorizationServer"/>
|
||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
||||
<property name="inargs:grant_type" value="refresh_token"/>
|
||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
||||
<property name="inargs:refresh_token" value="${inargs:subject_token}"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
|
|
@ -183,53 +215,6 @@
|
|||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
||||
<property name="httpclient.tls.trustAll" value="true"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_CallPolicyVerificationAPI" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="multiple_profiles" next="cossa_realm_Authentication_Failed"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="no_valid_profile" next="cossa_realm_Authentication_Failed"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Gui name="Default"/>
|
||||
</Response>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="evaluatePoliciesForAllProfiles" value="false"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="klpURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Gui name="Error">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<GuiElem name="info" type="error" label="error_99"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_AuthorizationServer" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false" resumeState="true">
|
||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
||||
<ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_New_Test_Login"/>
|
||||
|
|
@ -324,6 +309,23 @@
|
|||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
||||
<property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_CallPolicyVerificationAPI" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="multiple_profiles" next="cossa_realm_Authentication_Failed"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="no_valid_profile" next="cossa_realm_Authentication_Failed"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Gui name="Default"/>
|
||||
</Response>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="evaluatePoliciesForAllProfiles" value="false"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<property name="klpURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_New_Test_Login" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://635e4d617af6818edc9ae7c9 -->
|
||||
<ResultCond name="ok" next="cossa_realm_Prepare_Done" authLevel="1"/>
|
||||
|
|
@ -364,6 +366,36 @@
|
|||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
||||
<property name="keyobjectref" value="tokensigner"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<Gui name="Error">
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<GuiElem name="info" type="error" label="error_99"/>
|
||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
||||
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
|
||||
|
|
|
|||
Loading…
Reference in New Issue