Compare commits

..

319 Commits
main ... master

Author SHA1 Message Date
admin ed91fd1f64 new configuration version 2025-01-07 07:32:24 +00:00
admin 33675f25bf new configuration version 2025-01-07 07:29:25 +00:00
thb 317b9c0bc5 new configuration version 2025-01-07 07:21:06 +00:00
mamo bab4431ea6 new configuration version 2024-12-19 14:01:01 +00:00
thb f9855e2c66 new configuration version 2024-12-19 13:52:05 +00:00
admin 9621a07163 new configuration version 2024-12-12 14:50:57 +00:00
thb e09f4dc314 new configuration version 2024-12-12 14:47:31 +00:00
admin e54d833029 new configuration version 2024-12-12 14:31:53 +00:00
admin 3172ff82c7 new configuration version 2024-12-12 11:10:32 +00:00
admin c548316135 new configuration version 2024-12-12 11:07:54 +00:00
admin 807774a380 new configuration version 2024-12-12 08:57:06 +00:00
admin 3e77030397 new configuration version 2024-12-12 08:55:41 +00:00
admin 08fb6a792a new configuration version 2024-12-12 08:53:19 +00:00
admin e77c52d897 new configuration version 2024-12-12 08:51:27 +00:00
thb 1dc364b95c new configuration version 2024-12-12 08:48:33 +00:00
thb 3542fe6754 new configuration version 2024-12-12 08:45:40 +00:00
mamo a39960ad3a new configuration version 2024-12-11 10:16:40 +00:00
mamo 8d95c80bb4 new configuration version 2024-12-11 10:12:26 +00:00
thb ac463836d0 new configuration version 2024-12-10 13:57:59 +00:00
thb 531d401550 new configuration version 2024-12-10 13:52:19 +00:00
mamo 5027acbffa new configuration version 2024-12-10 10:12:34 +00:00
mamo cba0dfd4a3 new configuration version 2024-12-10 08:59:57 +00:00
mamo c9dcf8320b new configuration version 2024-12-10 08:58:46 +00:00
mamo 52ee1ad5ed new configuration version 2024-12-10 08:57:47 +00:00
mamo 8734163035 new configuration version 2024-12-10 08:55:49 +00:00
mamo c18165ad3f new configuration version 2024-12-10 08:54:59 +00:00
mamo 7c0391727e new configuration version 2024-12-10 07:43:14 +00:00
mamo 95c8857b0f new configuration version 2024-12-10 07:37:32 +00:00
mamo 6f091e5a5f new configuration version 2024-12-10 07:35:44 +00:00
mamo 8f6448fe33 new configuration version 2024-12-09 14:45:34 +00:00
mamo 7953d6974f new configuration version 2024-12-09 14:44:48 +00:00
mamo 2a14904970 new configuration version 2024-12-09 14:36:22 +00:00
mamo f57172a30e new configuration version 2024-12-09 14:29:04 +00:00
mamo ae72c51e77 new configuration version 2024-12-09 13:40:02 +00:00
mamo 7f2e66391b new configuration version 2024-12-09 13:34:10 +00:00
mamo 2d29c3494a new configuration version 2024-12-09 13:02:01 +00:00
mamo e404fb3b79 new configuration version 2024-12-09 12:59:17 +00:00
mamo 1e1e7bceb8 new configuration version 2024-12-09 12:33:22 +00:00
mamo 3d90c7a6f0 new configuration version 2024-12-09 12:19:05 +00:00
mamo 1d12880f2a new configuration version 2024-12-09 10:53:19 +00:00
mamo 40c7b6c181 new configuration version 2024-12-09 10:51:57 +00:00
mamo edda98ea06 new configuration version 2024-12-09 10:50:15 +00:00
mamo 28cc26c304 new configuration version 2024-12-09 10:46:15 +00:00
mamo 159b3f2069 new configuration version 2024-12-09 10:18:53 +00:00
mamo 242c92b753 new configuration version 2024-12-09 10:14:21 +00:00
mamo 90f81dfd6e new configuration version 2024-12-09 10:05:55 +00:00
mamo 6eb063e092 new configuration version 2024-12-09 09:35:09 +00:00
mamo 55ee38f4ab new configuration version 2024-12-09 09:32:53 +00:00
mamo ab79a31adb new configuration version 2024-12-06 10:34:57 +00:00
mamo 2b91ad6abb new configuration version 2024-12-06 09:26:50 +00:00
mamo 25c3c37c30 new configuration version 2024-12-06 09:21:23 +00:00
mamo 54898f5f5a new configuration version 2024-12-06 09:19:09 +00:00
mamo 8cac8b9684 new configuration version 2024-12-06 09:13:22 +00:00
mamo 0e8e1e7626 new configuration version 2024-12-06 09:08:27 +00:00
mamo 2df59af00e new configuration version 2024-12-06 09:03:34 +00:00
mamo 32277c08f8 new configuration version 2024-12-06 09:00:18 +00:00
mamo 0e31cebb71 new configuration version 2024-12-06 08:55:18 +00:00
mamo 2deca4122d new configuration version 2024-12-06 08:30:28 +00:00
mamo ee0923879c new configuration version 2024-12-06 07:59:14 +00:00
mamo 5f24fa34a0 new configuration version 2024-12-06 07:50:51 +00:00
mamo 56c41234f6 new configuration version 2024-12-06 07:36:04 +00:00
mamo c898c20165 new configuration version 2024-12-06 07:30:25 +00:00
mamo f73e349dcf new configuration version 2024-12-06 07:13:03 +00:00
mamo 0439c590c1 new configuration version 2024-12-06 07:10:41 +00:00
mamo 7e19208011 new configuration version 2024-12-06 07:08:15 +00:00
mamo f3b59b42ec new configuration version 2024-12-06 07:03:25 +00:00
mamo 084f922318 new configuration version 2024-12-06 07:00:39 +00:00
mamo d6fff574d6 new configuration version 2024-12-05 16:28:15 +00:00
mamo 1207e91ce9 new configuration version 2024-12-05 16:26:41 +00:00
mamo c1d1387fff new configuration version 2024-12-05 16:24:35 +00:00
mamo ac15590f05 new configuration version 2024-12-05 16:19:14 +00:00
mamo dfedaf3727 new configuration version 2024-12-05 16:09:53 +00:00
mamo 451e3fda70 new configuration version 2024-12-05 16:07:41 +00:00
mamo 3cf7532be0 new configuration version 2024-12-05 15:37:51 +00:00
mamo 2fb78ded6d new configuration version 2024-12-05 15:36:41 +00:00
mamo cdaab5f1c6 new configuration version 2024-12-05 15:32:10 +00:00
thb 01075b4d8c new configuration version 2024-12-05 12:27:42 +00:00
mamo 87b42e249a new configuration version 2024-12-05 12:26:31 +00:00
thb 77115b4078 new configuration version 2024-12-05 10:44:15 +00:00
thb 26c0ccae76 new configuration version 2024-12-05 10:37:56 +00:00
mamo 1f250e698b new configuration version 2024-12-05 10:35:36 +00:00
thb fce1f6967f new configuration version 2024-12-05 10:29:01 +00:00
mamo 7a49e293c9 new configuration version 2024-12-05 10:17:40 +00:00
mamo 7206cf09d9 new configuration version 2024-12-05 10:16:52 +00:00
thb 5e1e3173d1 new configuration version 2024-12-05 10:15:36 +00:00
mamo 93abb55de0 new configuration version 2024-12-05 09:53:00 +00:00
thb d7590ab693 new configuration version 2024-12-05 09:47:58 +00:00
mamo 91b8193688 new configuration version 2024-12-05 09:16:43 +00:00
mamo 129fdf7516 new configuration version 2024-12-05 08:56:23 +00:00
mamo 079282fb6b new configuration version 2024-12-05 06:36:09 +00:00
mamo 449f170c71 new configuration version 2024-12-05 06:33:24 +00:00
mamo 86f75b2791 new configuration version 2024-12-05 06:31:18 +00:00
mamo 43f6a2f0db new configuration version 2024-12-05 06:29:45 +00:00
mamo 0791df249d new configuration version 2024-12-04 13:56:45 +00:00
mamo 1627c8fda2 new configuration version 2024-12-04 12:32:43 +00:00
thb f77ffdaf60 new configuration version 2024-12-04 12:31:01 +00:00
thb 1484c09b65 new configuration version 2024-12-04 11:56:51 +00:00
mamo a1e5826ae2 new configuration version 2024-12-04 11:41:55 +00:00
thb 4fe19d4619 new configuration version 2024-12-04 07:39:48 +00:00
mamo b2bd0b2117 new configuration version 2024-12-03 16:08:37 +00:00
mamo 589740e5a7 new configuration version 2024-12-03 15:51:07 +00:00
mamo c6f0350492 new configuration version 2024-12-03 15:49:29 +00:00
mamo f86d5f07e7 new configuration version 2024-12-03 13:52:18 +00:00
mamo 690b6a69b9 new configuration version 2024-12-03 13:49:56 +00:00
thb dc9583db2e new configuration version 2024-12-03 13:46:41 +00:00
thb 2f4c80edff new configuration version 2024-12-03 12:28:36 +00:00
thb e703b111f5 new configuration version 2024-12-03 09:11:19 +00:00
mamo f643d64f52 new configuration version 2024-12-03 09:00:22 +00:00
mamo 45ec5bc32f new configuration version 2024-12-03 08:16:59 +00:00
mamo 691ef7d630 new configuration version 2024-12-03 06:46:24 +00:00
thb f7f24f6f3a new configuration version 2024-12-03 06:44:27 +00:00
mamo d808a0f652 new configuration version 2024-12-02 11:46:14 +00:00
thb 9505a5e88c new configuration version 2024-12-02 11:42:17 +00:00
thb a36889f287 new configuration version 2024-11-28 14:40:55 +00:00
thb de9875f8ba new configuration version 2024-11-28 14:38:49 +00:00
thb 30cd06d050 new configuration version 2024-11-28 14:17:31 +00:00
mamo fc32acb030 new configuration version 2024-11-28 13:47:41 +00:00
thb 7a420b2584 new configuration version 2024-11-28 13:43:23 +00:00
thb 9ed0ac1b6a new configuration version 2024-11-28 13:11:21 +00:00
mamo 71bc331597 new configuration version 2024-11-28 12:38:48 +00:00
thb 558f074e55 new configuration version 2024-11-28 12:36:07 +00:00
thb b39727c156 new configuration version 2024-11-28 12:34:58 +00:00
thb 79a670b527 new configuration version 2024-11-28 12:22:46 +00:00
thb 97009cb2da new configuration version 2024-11-28 12:20:32 +00:00
mamo 3f200b3476 new configuration version 2024-11-28 12:16:37 +00:00
mamo b2d7a082b1 new configuration version 2024-11-28 12:14:32 +00:00
mamo c1e65e5c2e new configuration version 2024-11-28 12:12:18 +00:00
mamo 3c73f1015e new configuration version 2024-11-28 12:06:52 +00:00
mamo ebaf1052cb new configuration version 2024-11-28 12:05:32 +00:00
mamo e72ff52025 new configuration version 2024-11-28 11:58:47 +00:00
mamo 7b7680f9e3 new configuration version 2024-11-28 11:57:08 +00:00
mamo 3954e3bb70 new configuration version 2024-11-28 11:43:06 +00:00
mamo 48c697e702 new configuration version 2024-11-28 11:40:42 +00:00
mamo 958451993a new configuration version 2024-11-28 10:52:17 +00:00
mamo 02004adb0c new configuration version 2024-11-28 10:49:27 +00:00
thb e64fa8cd41 new configuration version 2024-11-28 10:39:11 +00:00
thb 5f3633871e new configuration version 2024-11-27 14:24:26 +00:00
mamo 8b755bdd0e new configuration version 2024-11-27 13:52:23 +00:00
mamo 3945d71d74 new configuration version 2024-11-27 13:50:44 +00:00
mamo f28baf9944 new configuration version 2024-11-27 13:47:34 +00:00
mamo f4606c76cb new configuration version 2024-11-27 13:22:31 +00:00
mamo 16ba13ee30 new configuration version 2024-11-26 13:25:05 +00:00
mamo 49b9884448 new configuration version 2024-11-22 13:47:53 +00:00
mamo 5725fee8b4 new configuration version 2024-11-22 08:46:43 +00:00
mamo 6f8a1cc9e8 new configuration version 2024-11-22 08:44:40 +00:00
mamo 024e39f5b0 new configuration version 2024-11-22 08:27:46 +00:00
mamo 4624a2bf8a new configuration version 2024-11-22 08:14:35 +00:00
thb de281d93a2 new configuration version 2024-11-21 15:36:01 +00:00
thb c7e75c46ce new configuration version 2024-11-21 15:01:31 +00:00
thb 0616dcabad new configuration version 2024-11-21 14:58:35 +00:00
mamo 3fb482ca8a new configuration version 2024-11-21 14:52:28 +00:00
thb 3e2c5bbaec new configuration version 2024-11-21 14:51:13 +00:00
thb d83b87d7ac new configuration version 2024-11-21 14:44:10 +00:00
thb c53b7a8459 new configuration version 2024-11-21 14:41:31 +00:00
thb dd2c484c0a new configuration version 2024-11-21 14:40:05 +00:00
mamo fed1c9900e new configuration version 2024-11-21 14:26:57 +00:00
thb 6292f1b33e new configuration version 2024-11-21 14:25:37 +00:00
thb aaa3de3fe6 new configuration version 2024-11-21 14:23:17 +00:00
thb 067fdc0857 new configuration version 2024-11-21 14:20:15 +00:00
thb 8afd7aaa9e new configuration version 2024-11-21 14:16:31 +00:00
thb 1df1407e2e new configuration version 2024-11-21 14:06:32 +00:00
thb 4f619b7173 new configuration version 2024-11-21 14:02:16 +00:00
thb f91a67bd0c new configuration version 2024-11-21 13:57:20 +00:00
thb 8c1e05e4d9 new configuration version 2024-11-21 13:38:57 +00:00
thb aea114b744 new configuration version 2024-11-21 13:29:41 +00:00
mamo b82a67a0e2 new configuration version 2024-11-21 13:16:08 +00:00
mamo 3715c79b8f new configuration version 2024-11-21 13:13:35 +00:00
mamo a25a1c1102 new configuration version 2024-11-21 13:10:41 +00:00
thb c4cdf814a7 new configuration version 2024-11-21 13:05:32 +00:00
thb 64d2931641 new configuration version 2024-11-21 12:49:21 +00:00
mamo 4bcaeede3e new configuration version 2024-11-21 11:40:07 +00:00
thb 54567e7b74 new configuration version 2024-11-21 10:56:36 +00:00
thb 9bd5510e90 new configuration version 2024-11-21 10:54:03 +00:00
thb 06c2138138 new configuration version 2024-11-21 10:50:00 +00:00
thb 9ced74bb2c new configuration version 2024-11-21 10:40:18 +00:00
thb 2a82c35f47 new configuration version 2024-11-21 10:37:17 +00:00
mamo c0c01554e3 new configuration version 2024-11-21 10:32:10 +00:00
mamo b4976c1718 new configuration version 2024-11-21 10:27:31 +00:00
mamo 9b107cd6c7 new configuration version 2024-11-21 10:25:46 +00:00
mamo 4355d3d6c8 new configuration version 2024-11-21 10:21:36 +00:00
mamo be341e8181 new configuration version 2024-11-21 10:12:20 +00:00
thb 17ced0d6a0 new configuration version 2024-11-21 10:00:14 +00:00
thb 86229b077c new configuration version 2024-11-21 06:42:03 +00:00
thb 22f664f0e9 new configuration version 2024-11-21 06:37:57 +00:00
thb 4898dcd183 new configuration version 2024-11-21 06:34:48 +00:00
thb 50155d0b53 new configuration version 2024-11-21 06:28:18 +00:00
thb 206f41eb70 new configuration version 2024-11-20 14:57:05 +00:00
thb 583a9e8f85 new configuration version 2024-11-20 14:53:24 +00:00
thb ed2a609a44 new configuration version 2024-11-20 14:47:46 +00:00
thb 24b99a58ed new configuration version 2024-11-20 12:10:03 +00:00
thb 5b131affd8 new configuration version 2024-11-20 11:41:19 +00:00
thb b269e93876 new configuration version 2024-11-20 11:38:37 +00:00
thb 6e99492d39 new configuration version 2024-11-20 11:35:48 +00:00
thb 0e815109fe new configuration version 2024-11-20 11:30:42 +00:00
thb 99cd5ff82f new configuration version 2024-11-20 10:45:46 +00:00
thb 96b48f47af new configuration version 2024-11-20 10:40:55 +00:00
thb bb74c3d462 new configuration version 2024-11-20 10:29:14 +00:00
thb 8d427fa57f new configuration version 2024-11-20 10:27:26 +00:00
thb 75979d004f new configuration version 2024-11-20 10:24:41 +00:00
thb 8ef969a882 new configuration version 2024-11-20 10:16:57 +00:00
thb 5889ce54ba new configuration version 2024-11-20 10:12:21 +00:00
thb 185061f459 new configuration version 2024-11-20 10:07:50 +00:00
thb a6713b1c85 new configuration version 2024-11-20 10:04:10 +00:00
mamo 3b0974b124 new configuration version 2024-11-20 09:39:39 +00:00
thb 817ea3f569 new configuration version 2024-11-20 08:51:52 +00:00
thb 793f83f43c new configuration version 2024-11-20 08:42:06 +00:00
thb 955246e7f3 new configuration version 2024-11-20 08:34:58 +00:00
thb b4932fa85c new configuration version 2024-11-20 08:30:54 +00:00
thb a2cada3efa new configuration version 2024-11-20 07:57:12 +00:00
thb 679b0b9d44 new configuration version 2024-11-20 07:52:26 +00:00
thb 05beaba3f8 new configuration version 2024-11-20 07:44:56 +00:00
thb 2c4dc0a550 new configuration version 2024-11-19 15:21:52 +00:00
thb a6c7860446 new configuration version 2024-11-19 15:18:43 +00:00
thb 62d3b72a28 new configuration version 2024-11-19 15:16:07 +00:00
thb 160e83a735 new configuration version 2024-11-19 14:48:30 +00:00
mamo f818603c16 new configuration version 2024-11-19 14:33:36 +00:00
thb e290809e8c new configuration version 2024-11-19 14:31:41 +00:00
mamo f3b6f0d294 new configuration version 2024-11-19 14:09:29 +00:00
mamo b9279876c3 new configuration version 2024-11-19 14:06:12 +00:00
thb 0e5a25c7d6 new configuration version 2024-11-19 13:58:49 +00:00
thb b3ed74da7d new configuration version 2024-11-19 13:54:41 +00:00
thb 04fad5ddb7 new configuration version 2024-11-19 13:40:14 +00:00
thb f5b48496d0 new configuration version 2024-11-19 13:37:02 +00:00
thb a31a9ee0e4 new configuration version 2024-11-19 13:33:36 +00:00
mamo fa07f29f32 new configuration version 2024-11-19 12:58:04 +00:00
thb 2efbe779f7 new configuration version 2024-11-19 12:52:10 +00:00
thb a80fb90e19 new configuration version 2024-11-19 12:46:07 +00:00
thb cfe0a6cecc new configuration version 2024-11-19 12:38:38 +00:00
thb 8915ace33f new configuration version 2024-11-19 12:33:50 +00:00
thb 84bcdd0d9e new configuration version 2024-11-19 12:28:30 +00:00
thb 7896ad2b82 new configuration version 2024-11-19 12:12:03 +00:00
thb 5bbe7ea2b7 new configuration version 2024-11-19 12:09:34 +00:00
thb e09bd3b075 new configuration version 2024-11-19 12:05:10 +00:00
thb 97fa8329d6 new configuration version 2024-11-19 12:02:30 +00:00
thb dcf16e389a new configuration version 2024-11-19 10:46:31 +00:00
thb e48e267f16 new configuration version 2024-11-18 16:02:40 +00:00
thb 7811281d73 new configuration version 2024-11-18 16:00:54 +00:00
thb b8f6c5a061 new configuration version 2024-11-18 15:58:24 +00:00
thb e951e601f6 new configuration version 2024-11-18 15:13:12 +00:00
thb 87bc7cd076 new configuration version 2024-11-18 15:09:04 +00:00
thb 0563212f5c new configuration version 2024-11-18 15:06:06 +00:00
thb 1363358f9e new configuration version 2024-11-18 15:01:00 +00:00
thb 0ef7472472 new configuration version 2024-11-18 14:56:40 +00:00
thb 4113ebdfe2 new configuration version 2024-11-18 14:52:24 +00:00
mamo e23a4e49d1 new configuration version 2024-11-18 14:42:12 +00:00
mamo 009c7653eb new configuration version 2024-11-18 13:04:31 +00:00
mamo fc1475e00d new configuration version 2024-11-18 12:59:03 +00:00
mamo 2f6367888a new configuration version 2024-11-18 12:49:05 +00:00
mamo c5d0e43a4d new configuration version 2024-11-18 12:43:40 +00:00
mamo 9f67b134b5 new configuration version 2024-11-18 12:33:38 +00:00
mamo b1e841126a new configuration version 2024-11-18 12:19:35 +00:00
mamo 2abdc19e40 new configuration version 2024-11-18 11:49:36 +00:00
mamo c4ab8e0963 new configuration version 2024-11-18 11:47:28 +00:00
mamo 1eec857dbf new configuration version 2024-11-18 10:37:18 +00:00
mamo a9491b38cd new configuration version 2024-11-18 10:13:50 +00:00
mamo 1ebd9fd845 new configuration version 2024-11-18 10:04:15 +00:00
mamo a812b8fba9 new configuration version 2024-11-18 09:56:23 +00:00
mamo d448f67b4e new configuration version 2024-11-18 08:47:13 +00:00
mamo fcc6f8921e new configuration version 2024-11-15 18:43:35 +00:00
mamo b649ce96ac new configuration version 2024-11-15 18:38:09 +00:00
mamo 55462c4879 new configuration version 2024-11-15 18:34:24 +00:00
mamo f20140676e new configuration version 2024-11-15 18:29:17 +00:00
mamo e331d26c9f new configuration version 2024-11-15 18:27:03 +00:00
mamo 5dd8f9b1e4 new configuration version 2024-11-15 18:23:59 +00:00
mamo 6e50067b38 new configuration version 2024-11-15 18:04:08 +00:00
mamo 6c9bd90d4a new configuration version 2024-11-15 18:00:00 +00:00
mamo 770c1e3598 new configuration version 2024-11-15 17:58:01 +00:00
mamo 96016bd8c9 new configuration version 2024-11-12 20:32:17 +00:00
mamo 46ef1877b4 new configuration version 2024-11-12 20:04:49 +00:00
mamo 6f459fed98 new configuration version 2024-11-12 19:59:08 +00:00
mamo b547be5118 new configuration version 2024-11-12 19:49:38 +00:00
mamo 2df58947c4 new configuration version 2024-11-12 14:48:39 +00:00
mamo 0490fefe47 new configuration version 2024-11-12 14:45:33 +00:00
mamo ac34686014 new configuration version 2024-11-12 13:04:30 +00:00
mamo 7df39f92cb new configuration version 2024-11-11 12:08:31 +00:00
mamo a3b255953b new configuration version 2024-11-11 11:59:26 +00:00
mamo 989bc944ba new configuration version 2024-11-11 11:51:47 +00:00
mamo ef1371e1f8 new configuration version 2024-11-11 11:49:22 +00:00
mamo d5c39cfdb5 new configuration version 2024-11-11 10:43:10 +00:00
mamo 41a02209c4 new configuration version 2024-11-11 10:41:28 +00:00
mamo 6163a1422b new configuration version 2024-11-11 10:39:25 +00:00
mamo 54a020bfd6 new configuration version 2024-11-11 10:31:24 +00:00
mamo 8fac4d4910 new configuration version 2024-11-11 10:21:11 +00:00
mamo 4956b48ff0 new configuration version 2024-11-11 10:18:36 +00:00
mamo f27fa6def4 new configuration version 2024-11-11 10:07:23 +00:00
mamo fcaffbf66c new configuration version 2024-11-11 09:59:28 +00:00
mamo 4f788c9256 new configuration version 2024-11-11 09:54:30 +00:00
mamo f84ac1d280 new configuration version 2024-11-11 09:48:28 +00:00
mamo 3889bd15bc new configuration version 2024-11-11 09:36:30 +00:00
mamo 388b4b81c4 new configuration version 2024-11-11 09:31:45 +00:00
mamo c933b9119e new configuration version 2024-11-11 09:21:23 +00:00
mamo aa67d5138f new configuration version 2024-11-11 09:11:19 +00:00
mamo fdecf5aab2 new configuration version 2024-11-11 09:07:06 +00:00
mamo 2b202d39c9 new configuration version 2024-11-11 08:45:46 +00:00
mamo aabe4abaff new configuration version 2024-11-11 08:35:11 +00:00
mamo 80ca35eb7a new configuration version 2024-11-11 08:16:46 +00:00
mamo 9ac94a193f new configuration version 2024-11-11 07:55:17 +00:00
mamo 260a42d757 new configuration version 2024-11-11 07:44:36 +00:00
mamo 976c2d9d62 new configuration version 2024-11-11 07:36:29 +00:00
mamo e357e6f702 new configuration version 2024-11-11 07:27:35 +00:00
mamo 3ed6824f75 new configuration version 2024-11-07 09:36:09 +00:00
mamo cad768c774 new configuration version 2024-11-07 09:25:21 +00:00
mamo 98b93e1d13 new configuration version 2024-11-07 09:14:56 +00:00
mamo 906367dd8f new configuration version 2024-11-07 09:13:40 +00:00
mamo 3cc17fbf3e new configuration version 2024-11-07 09:12:28 +00:00
mamo 125422c9e4 new configuration version 2024-11-07 08:56:06 +00:00
mamo 92624216ac new configuration version 2024-11-07 08:50:02 +00:00
mamo 7d3d41f5a7 new configuration version 2024-11-07 08:45:52 +00:00
mamo 3e431ac0a4 new configuration version 2024-11-07 07:07:11 +00:00
mamo f77baed26b new configuration version 2024-11-07 07:04:48 +00:00
mamo db66835959 new configuration version 2024-11-07 07:00:26 +00:00
mamo 9cd6875813 new configuration version 2024-11-07 06:56:29 +00:00
mamo d3a64c038c new configuration version 2024-11-07 06:53:12 +00:00
mamo 97f15299bc new configuration version 2024-11-05 08:15:06 +00:00
mamo 62ef974a8c new configuration version 2024-11-05 07:50:51 +00:00
mamo 25df33c3d5 new configuration version 2024-11-04 15:46:00 +00:00
mamo 3cc57959b7 new configuration version 2024-11-04 14:47:41 +00:00
mamo 166270dc12 new configuration version 2024-11-04 14:36:39 +00:00
gitea_admin 28fbedcc5a Add README.MD 2024-11-04 14:34:32 +00:00
271 changed files with 84398 additions and 105 deletions

View File

@ -0,0 +1,60 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisComponent"
metadata:
name: "nai"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "6ec6739e824c8e56d9633622"
spec:
type: "NevisAuth"
replicas: 1
version: "8.2405.2"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
management: 9000
soap: 8991
resources:
limits:
cpu: "2"
memory: "2000Mi"
requests:
cpu: "20m"
memory: "1000Mi"
livenessProbe:
soap:
tcpSocket: true
periodSeconds: 5
timeoutSeconds: 4
readinessProbe:
management:
httpGet:
path: "/nevisauth/liveness"
periodSeconds: 5
timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/nevisauth/liveness"
periodSeconds: 5
timeoutSeconds: 6
failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-dc9307ba6bf7a7040f9e613d9fe7672b32664333"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
credentials: "git-credentials"
keystores:
- "nai-default-identity"
- "nai-sh4r3d-default-default-signer"
truststores:
- "nai-default-tls-client-trust"
- "nai-default-default-signer-trust"
podSecurity:
policy: "baseline"
automountServiceAccountToken: false
timeZone: "Europe/Zurich"

View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "nai-default-default-signer-trust"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "6ec6739e824c8e56d9633622"
spec:
keystores:
- name: "nai-sh4r3d-default-default-signer"
namespace: "adn-postit-tknxchng-01-dev"

View File

@ -0,0 +1,18 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "nai-default-identity"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "6ec6739e824c8e56d9633622"
spec:
cn: "nai"
usage: "<reserved for future use>"
san:
dns:
- "nai"
- "nai.adn-postit-tknxchng-01-dev"
email: []

View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "nai-default-tls-client-trust"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "6ec6739e824c8e56d9633622"
spec:
keystores:
- name: "npi-cossa-realm-identity"
namespace: "adn-postit-tknxchng-01-dev"

View File

@ -0,0 +1,16 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "nai-sh4r3d-default-default-signer"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "6ec6739e824c8e56d9633622"
spec:
cn: "signer"
usage: "signer"
san:
dns: []
email: []

View File

@ -0,0 +1,18 @@
schemaVersion: 1.0
instance:
type: "nevisauth"
name: "default"
directory: "/var/opt/nevisauth/default"
pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2"
source:
url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/6ec6739e824c8e56d9633622"
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "6ec6739e824c8e56d9633622"
patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable"
resources:
ports:
- "0.0.0.0:8991"
control:
start: "systemctl restart nevisauth@default &"
stop: "systemctl stop nevisauth@default"
status: "systemctl status nevisauth@default"

View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
Ix41vfiHmA==
-----END CERTIFICATE-----

View File

@ -0,0 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
-----END ENCRYPTED PRIVATE KEY-----

View File

@ -0,0 +1,2 @@
#!/bin/bash
echo '09I1B4lsP4+KQB8dB3AeEyU4RawLttIo55+0EWPPh0I='

View File

@ -0,0 +1,50 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
Ix41vfiHmA==
-----END CERTIFICATE-----

View File

@ -0,0 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGkzCCBHugAwIBAgIULa4PojoMOF/785XA2QNkLRQYTS4wDQYJKoZIhvcNAQEL
BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE
AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2Mjkw
OTMwNDdaFw0zNjA2MjkwOTMwNDdaMFAxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxT
d2lzc1NpZ24gQUcxKjAoBgNVBAMTIVN3aXNzU2lnbiBSU0EgVExTIEVWIElDQSAy
MDIyIC0gMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL61hlRf7Jxo
0msjavo1pgChwWBDYix5Zd0CnhciVYUCk30Ko6BxFBICoSsZ1gXGqlT20g/AYqYL
xuKcdNNAJ/LHT6k2zL3UhSpx+eHjeTGQ7id2jC1HKRZ9zA8YXdhtY3oJom7B3ykE
d/j0KVmHy9tP1A0rt3ntbJLfLIS6uWogx2KfFs8MwtoAZLiGvp49SHly6p450fcz
payPIWu12PfVQjLg7b9NitlDlYEWiCAL7R3jINw2yMwcdBvq2gy+ZZsiYkSb1m+h
ABOGxU6SCN6w7GgRWWveSaJBvRokUvIon/wsZK51j8RM4TsoR60Wei8ftSBL75BI
g9Us8dkBXDa8vqoDVpc9zs6pan5XN8KymNT52j4gEe161eYTtbiME4KdSWtVsA7e
rdkHsXKJTRIxxdpUkQXxhLXEoyDed/BVgV1yhTeN6YCFX7AiocAi5rPUplc6LV58
CCUWFMSWEJxOYQUrwWFLNzQMnE969hnvdhuO8ZeqtpwFwX/OLryWoil+jGobRm/1
OQS9+urcVygrzZ9Dy9Q/OF/oq9NeaijvL2Ncjkj5f6uJzgXkm7PwjnHrL2FWBkhp
oM/vyT1VAgWNoku3jIyedtyJ9lUECwPIzQuddQYOL8FwhaFmvtHnOLpiy2ctbwir
gJW+KcsNkpHg0N5stJcPzPvlssmNBHbNAgMBAAGjggFiMIIBXjBcBggrBgEFBQcB
AQRQME4wTAYIKwYBBQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci1h
ZWZmMzc0ZC0wZjdhLTRjNTUtYTAzNC0xNDQwMjkwY2ZhMzIwEgYDVR0TAQH/BAgw
BgEB/wIBADAoBgNVHSAEITAfMAcGBWeBDAEBMAgGBgQAj3oBBDAKBghghXQBWQIB
AzBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAt
OTY2MWMyOWYtOTEyMS00ZjQ2LWFjZDgtZWFkNGEyMmY3MTYwMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFElS
3zCGkllfNJwlSCSrwOvRBvLWMB8GA1UdIwQYMBaAFG+OYouTQ7DhQPanw/3xD7gP
FTilMA0GCSqGSIb3DQEBCwUAA4ICAQBugn943V4fbEbG+Leb4YXTWLLfPIC+mrdc
H6v1+Iws+XCzoKthaDk0c346mSaXZM9to5xDOWgfEnBYbVioMyI/5EABbg4ARkgp
dj50FPe9MtLD4kOZFv/8LoRH+WdAfQUsxS1RQincUnYWAxmRNOHLdnbyiQt3sYDl
6tZzURSMnMUec4stxfLT4VQE1Ew6Phr06CouYOd5ON+mWkFhROz3jx5PTXcECrqQ
IT27wJ4mzKA6W9p69ZDFi/+FcpN9vCjzksi0w8i62DwtbO8Pj3ZEOL8z6+cwXyT7
X7Zt96vufj+bsxFo1IXQ6cb2i13qpThSHL4NA1NhUbB/ipMbxNtBJ4fwtcG8SAUs
jRXgG/RYrXRorG90KU/dcezixY4yKnlIdkkhpV7h8jY2+XS7GbjaKee8pPeAFXgs
Hzdi+EhZvHOVfshaKL2CAELrYn8Tzo2Zt9zsbif8L7bPJROS3xqzn+GbCFt67/8Y
jTh84Taa4D49H6V+p01QPkvG7ub7Rw52fm56zY3mabbhbsREOceswsfunxSN/SOE
pLKVMopuVnRcwVIWmnzH9BlBhIzLqOS4kCYA5E5Irw217j/JTGVWEdMN0ar09nGh
WA2Eq8aDANjAP1bao/4nmxsFU2zKbTR40Tb7/HKB5jaItYdkz6ppnxQDLTWe7T6+
nGZwqmYtbQ==
-----END CERTIFICATE-----

View File

@ -0,0 +1,80 @@
accept.button.label=Accept
cancel.button.label=Cancel
continue.button.label=Continue
deputy.profile.label=(Deputy Profile)
error.saml.failed=Please close your browser and try again.
error_1=Please check your input.
error_10=Please select the correct user account.
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
error_101=The entered email address is not valid.
error_11=Please use another certficate or login with another credential type.
error_2=Please select another login name.
error_3=Your account will be locked if next authentication fails.
error_4=Your new password does not comply with the security policy. Please choose a different password.
error_5=Error in password confirmation.
error_50=The new password is too short.
error_55=The new password has to differ from old passwords.
error_6=Password change required.
error_7=Change of login ID required.
error_8=Your account has been locked due to repeated authentication failures.
error_81=No access card found, access from internet denied.
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
error_9=Session take over failed.
error_97=You are not authorized to access this resource.
error_98=Your account has been locked.
error_99=System problems. Please try later.
info.logout.confirmation=Please confirm that you want to log out.
info.logout.reminder=Your session on this application has expired. Try again with a login.
info.oauth.consent=Do you want to authorise this application to access your data?
info.timeout.page=Your session on this application has expired. Try again with a login.
login.button.label=Login
logout.label=Logout
logout.text=You have successfully logged out.
method.certificate.label=Certificate
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=mTAN Code
method.oath.label=OATH Authenticator App
method.otp.label=OTP (One-Time Password)
method.recovery.label=Recovery Codes
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Never
policyFailure.dictionary=&#9642; must not be taken from a dictionary.
policyFailure.history.History=&#9642; must be different from previously selected passwords.
policyFailure.regex.control=&#9642; cannot contain more than {0} control characters.
policyFailure.regex.lower=&#9642; must contain at least {0} lower case characters.
policyFailure.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyFailure.regex.maxLength=&#9642; must be at most {0} characters long.
policyFailure.regex.minLength=&#9642; must be at least {0} characters long.
policyFailure.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyFailure.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyFailure.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyFailure.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyFailure.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyFailure.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.dictionary=&#9642; must not be taken from a dictionary.
policyInfo.history.History=&#9642; must be different from previously selected passwords.
policyInfo.regex.control=&#9642; cannot contain more than {0} control characters.
policyInfo.regex.lower=&#9642; must contain at least {0} lower case characters.
policyInfo.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyInfo.regex.maxLength=&#9642; must be at most {0} characters long.
policyInfo.regex.minLength=&#9642; must be at least {0} characters long.
policyInfo.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyInfo.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyInfo.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyInfo.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyInfo.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyInfo.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.title=The password has to comply with the following password policy:
reject.button.label=Deny
submit.button.label=Submit
tan.sent=Please enter the security code which has been sent to your mobile phone.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Client Authorization
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Akzeptieren
cancel.button.label=Abbrechen
continue.button.label=Weiter
deputy.profile.label=(Profil Stellvertreter)
error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
error_1=Bitte &uuml;berpr&uuml;fen Sie Ihre Eingabe.
error_10=Bitte w&auml;hlen Sie den gew&uuml;nschten Benutzer.
error_100=Zertifikat-Upload nicht m&ouml;glich. Zertifikat bereits vorhanden. Bitte kontaktieren Sie Ihren Helpdesk.
error_101=Die angegebene E-Mail Adresse ist ung&uuml;ltig.
error_11=Bitte verwenden Sie ein anderes Zertifikat oder ein alternatives Authentisierungsmittel.
error_2=Bitte w&auml;hlen Sie einen anderen Login-Namen.
error_3=Falls Ihr n&auml;chster Login fehlschl&auml;gt, wird Ihr Konto gesperrt.
error_4=Ihr neues Passwort wurde nicht akzeptiert. Bitte w&auml;hlen Sie eines, das den Passwortvorgaben entspricht.
error_5=Die Eingabe zur Best&auml;tigung des Passwortes ist falsch.
error_50=Das neue Passwort ist zu kurz.
error_55=Das neue Passwort muss sich von alten Passw&ouml;rtern unterscheiden.
error_6=Passwortwechsel erforderlich.
error_7=Wechsel der Login-ID erforderlich.
error_8=Ihr Konto wurde infolge wiederholt fehlgeschlagener Authentisierung gesperrt.
error_81=Keine Rasterkarte gefunden, Zugang vom Internet verweigert.
error_83=Ihre Rasterkarte ist aufgebraucht. Bitte kontaktieren Sie Ihren Berater, um eine neue zu erhalten.
error_9=Die SSO-Session konnte nicht &uuml;bernommen werden.
error_97=Sie verf&uuml;gen nicht &uuml;ber die f&uuml;r den Zugriff auf diese Ressource ben&ouml;tigte Berechtigung.
error_98=Ihr Konto ist gesperrt.
error_99=Systemfehler. Bitte versuchen Sie es sp&auml;ter.
info.logout.confirmation=Bitte best&auml;tigen Sie, dass Sie sich abmelden m&ouml;chten.
info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben?
info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
login.button.label=Login
logout.label=Logout
logout.text=Sie haben sich erfolgreich abgemeldet.
method.certificate.label=Zertifikat
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=mTAN-Code
method.oath.label=OATH Authenticator-App
method.otp.label=OTP (One-Time Passwort)
method.recovery.label=Wiederherstellungscodes
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Nie
policyFailure.dictionary=&#9642; darf nicht aus einem W&ouml;rterbuch stammen.
policyFailure.history.History=&#9642; muss sich von vorhergehenden Passw&ouml;rtern unterscheiden.
policyFailure.regex.control=&#9642; darf h&ouml;chstens {0} Kontrollzeichen enthalten.
policyFailure.regex.lower=&#9642; muss {0} Kleinbuchstaben enthalten.
policyFailure.regex.maxCharacterRepetitions=&#9642; darf nicht eine Sequenz l&auml;nger als {0} des gleichen Zeichens enthalten.
policyFailure.regex.maxLength=L&auml;nge des Passwortes darf h&ouml;chstens {0} sein.
policyFailure.regex.minLength=L&auml;nge des Passwortes muss mindestens {0} sein.
policyFailure.regex.nonAlnum=&#9642; muss {0} nicht-alphanumerische Zeichen enthalten.
policyFailure.regex.nonAscii=&#9642; darf h&ouml;chstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
policyFailure.regex.nonGraph=&#9642; darf h&ouml;chstens {0} nicht-druckende Zeichen enthalten.
policyFailure.regex.nonLetter=&#9642; muss {0} Zeichen enthalten, die keine Buchstaben sind.
policyFailure.regex.numeric=&#9642; muss {0} numerische Zeichen enthalten.
policyFailure.regex.upper=&#9642; muss {0} Grossbuchstaben enthalten.
policyInfo.dictionary=&#9642; darf nicht aus einem W&ouml;rterbuch stammen.
policyInfo.history.History=&#9642; darf keines der zuletzt verwendeten Passw&ouml;rtern sein.
policyInfo.regex.control=&#9642; darf h&ouml;chstens {0} Kontrollzeichen enthalten.
policyInfo.regex.lower=&#9642; muss mindestens {0} Kleinbuchstaben enthalten.
policyInfo.regex.maxCharacterRepetitions=&#9642; darf nicht eine Sequenz l&auml;nger als {0} des gleichen Zeichens enthalten.
policyInfo.regex.maxLength=&#9642; darf h&ouml;chstens {0} Zeichen enthalten.
policyInfo.regex.minLength=&#9642; muss mindestens {0} Zeichen enthalten.
policyInfo.regex.nonAlnum=&#9642; muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind.
policyInfo.regex.nonAscii=&#9642; darf h&ouml;chstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
policyInfo.regex.nonGraph=&#9642; darf h&ouml;chstens {0} nicht-druckende Zeichen enthalten.
policyInfo.regex.nonLetter=&#9642; muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind.
policyInfo.regex.numeric=&#9642; muss mindestens {0} numerische Zeichen enthalten.
policyInfo.regex.upper=&#9642; muss mindestens {0} Grossbuchstaben enthalten.
policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen:
reject.button.label=Ablehnen
submit.button.label=Senden
tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Client Authorisierung
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Accept
cancel.button.label=Cancel
continue.button.label=Continue
deputy.profile.label=(Deputy Profile)
error.saml.failed=Please close your browser and try again.
error_1=Please check your input.
error_10=Please select the correct user account.
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
error_101=The entered email address is not valid.
error_11=Please use another certficate or login with another credential type.
error_2=Please select another login name.
error_3=Your account will be locked if next authentication fails.
error_4=Your new password does not comply with the security policy. Please choose a different password.
error_5=Error in password confirmation.
error_50=The new password is too short.
error_55=The new password has to differ from old passwords.
error_6=Password change required.
error_7=Change of login ID required.
error_8=Your account has been locked due to repeated authentication failures.
error_81=No access card found, access from internet denied.
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
error_9=Session take over failed.
error_97=You are not authorized to access this resource.
error_98=Your account has been locked.
error_99=System problems. Please try later.
info.logout.confirmation=Please confirm that you want to log out.
info.logout.reminder=Your session on this application has expired. Try again with a login.
info.oauth.consent=Do you want to authorise this application to access your data?
info.timeout.page=Your session on this application has expired. Try again with a login.
login.button.label=Login
logout.label=Logout
logout.text=You have successfully logged out.
method.certificate.label=Certificate
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=mTAN Code
method.oath.label=OATH Authenticator App
method.otp.label=OTP (One-Time Password)
method.recovery.label=Recovery Codes
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Never
policyFailure.dictionary=&#9642; must not be taken from a dictionary.
policyFailure.history.History=&#9642; must be different from previously selected passwords.
policyFailure.regex.control=&#9642; cannot contain more than {0} control characters.
policyFailure.regex.lower=&#9642; must contain at least {0} lower case characters.
policyFailure.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyFailure.regex.maxLength=&#9642; must be at most {0} characters long.
policyFailure.regex.minLength=&#9642; must be at least {0} characters long.
policyFailure.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyFailure.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyFailure.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyFailure.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyFailure.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyFailure.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.dictionary=&#9642; must not be taken from a dictionary.
policyInfo.history.History=&#9642; must be different from previously selected passwords.
policyInfo.regex.control=&#9642; cannot contain more than {0} control characters.
policyInfo.regex.lower=&#9642; must contain at least {0} lower case characters.
policyInfo.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyInfo.regex.maxLength=&#9642; must be at most {0} characters long.
policyInfo.regex.minLength=&#9642; must be at least {0} characters long.
policyInfo.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyInfo.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyInfo.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyInfo.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyInfo.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyInfo.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.title=The password has to comply with the following password policy:
reject.button.label=Deny
submit.button.label=Submit
tan.sent=Please enter the security code which has been sent to your mobile phone.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Client Authorization
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Accepter
cancel.button.label=Abandonner
continue.button.label=Continuer
deputy.profile.label=(Profil du suppl&eacute;ant)
error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
error_1=Veuillez v&eacute;rifier vos donn&eacute;es, s.v.p.
error_10=Choisissez votre compte.
error_100=T&eacute;l&eacute;chargement du certificat pas possible. Certificat existe d&eacute;j&agrave;. Veuillez contacter le helpdesk s.v.p.
error_101=L&#39;adresse e-mail &eacute; n&#39;est pas valide.
error_11=Choisissez un autre certificat, s.v.p.
error_2=Choisissez un autre nom, s.v.p.
error_3=Si l&#39;authentification ne r&eacute;ussit pas au prochain essai, votre compte sera bloqu&eacute;.
error_4=Votre nouveau mot de passe ne conforme pas aux mesures de s&eacute;curit&eacute;
error_5=Votre confirmation du mot de passe ne correspond pas au mot de passe donn&eacute;.
error_50=Le nouveau mot de passe est trop court.
error_55=Le nouveau mot de passe doit diff&eacute;rer de l&#39;ancien.
error_6=Veuillez changer votre mot de passe, s.v.p.
error_7=Veuillez changer votre login ID, s.v.p.
error_8=Votre compte n&#39;est pas active.
error_81=Pas d&#39;access card trouv&eacute;, l&#39;acc&egrave;s par l&#39;internet est refus&eacute;.
error_83=Votre access card n&#39;est plus valable, veuillez contacter votre gestionnaire.
error_9=Il n&#39;est pas possible de transmettre la session.
error_97=Vous n&#39;avez pas les autorisations n&eacute;cessaires pour acc&eacute;der &agrave; cette ressource.
error_98=Votre compte a &eacute;t&eacute; bloqu&eacute;.
error_99=Probl&egrave;me technique. Veuillez essayer plus tard, s.v.p.
info.logout.confirmation=Veuillez confirmer que vous souhaitez vous d&eacute;connecter.
info.logout.reminder=Votre session sur cette application a expir&eacute;e. Essayez encore avec un login.
info.oauth.consent=Voulez-vous autoriser l&#39;application?
info.timeout.page=Votre session sur cette application a expir&eacute;e. Essayez encore avec un login.
login.button.label=Login
logout.label=Logout
logout.text=Au revoir
method.certificate.label=Certificat
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=Code mTAN
method.oath.label=Application d'authentification OATH
method.otp.label=OTP (One-Time Password)
method.recovery.label=Codes de r&eacute;cup&eacute;ration
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Jamais
policyFailure.dictionary=&#9642; ne peut pas &ecirc;tre pris d&#39;un dictionnaire.
policyFailure.history.History=&#9642; doit &ecirc;tre diff&eacute;rent des mots de passe pr&eacute;alablement s&eacute;lectionn&eacute;s.
policyFailure.regex.control=&#9642; ne peut contenir plus de {0} caract&egrave;res de commande.
policyFailure.regex.lower=&#9642; doit contenir au moins {0} caract&egrave;re(s) minuscule(s).
policyFailure.regex.maxCharacterRepetitions=&#9642; ne peut contenir une s&eacute;quence de plus de {0} du m&ecirc;me caract&egrave;re.
policyFailure.regex.maxLength=La longueur doit &ecirc;tre d&#39;au plus {0}.
policyFailure.regex.minLength=La longueur doit &ecirc;tre d&#39;au moins {0}.
policyFailure.regex.nonAlnum=&#9642; doit contenir au moins {0} caract&egrave;res non alphanum&eacute;riques.
policyFailure.regex.nonAscii=&#9642; ne peut contenir plus de {0} caract&egrave;res non ASCII ({1}).
policyFailure.regex.nonGraph=&#9642; ne peut contenir plus de {0} caract&egrave;res non imprimables ({1}).
policyFailure.regex.nonLetter=&#9642; doit contenir au moins {0} caract&egrave;res qui ne sont pas des lettres.
policyFailure.regex.numeric=&#9642; doit comprendre {0} caract&#232;res num&#233;riques.
policyFailure.regex.upper=&#9642; doit contenir au moins {0} caract&egrave;re(s) majuscule(s).
policyInfo.dictionary=&#9642; ne peut pas &ecirc;tre pris d&#39;un dictionnaire.
policyInfo.history.History=&#9642; ne peut pas &ecirc;tre l&#39; pr&eacute;c&eacute;demment choisis.
policyInfo.regex.control=&#9642; ne peut contenir plus de {0} caract&egrave;res de commande.
policyInfo.regex.lower=&#9642; doit contenir au moins {0} caract&egrave;re(s) minuscule(s).
policyInfo.regex.maxCharacterRepetitions=&#9642; ne peut contenir une s&eacute;quence de plus de {0} du m&ecirc;me caract&egrave;re.
policyInfo.regex.maxLength=&#9642; la longueur doit &ecirc;tre d&#39;au plus {0}.
policyInfo.regex.minLength=&#9642; la longueur doit &ecirc;tre d&#39;au moins {0}.
policyInfo.regex.nonAlnum=&#9642; doit contenir au moins {0} caract&egrave;res non alphanum&eacute;riques.
policyInfo.regex.nonAscii=&#9642; ne peut contenir plus de {0} caract&egrave;res non ASCII.
policyInfo.regex.nonGraph=&#9642; ne peut contenir plus de {0} caract&egrave;res non imprimables.
policyInfo.regex.nonLetter=&#9642; doit contenir au moins {0} caract&egrave;res qui ne sont pas des lettres.
policyInfo.regex.numeric=&#9642; doit comprendre au minimum {0} caract&#232;res num&#233;riques.
policyInfo.regex.upper=&#9642; doit contenir au moins {0} caract&egrave;re(s) majuscule(s).
policyInfo.title=Le mot de passe doit respecter les r&egrave;gles suivantes:
reject.button.label=Refuser
submit.button.label=Envoyer
tan.sent=Veuillez saisir le code de s&eacute;curit&eacute; que vous avez re&ccedil;u au votre t&eacute;l&eacute;phone mobile.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Autorisation du client
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Accettare
cancel.button.label=Abortire
continue.button.label=Continua
deputy.profile.label=(profilo del delegato)
error.saml.failed=Chiudi il browser e riprova.
error_1=Verificare i dati immessi.
error_10=Per favore selezionare il conto utente corretto.
error_100=Impossibile caricare il certificato. Questo certificato esiste gi&agrave;. La preghiamo di contattare il Suo help desk.
error_101=L&#39;indirizzo e-mail inserito non &egrave; valido.
error_11=Scegliere un altro certificato.
error_2=Per favore scegliere un altro nome.
error_3=Il conto verr&agrave; bloccato se il prossimo login non andr&agrave; a buon fine.
error_4=La nuova password non &egrave; stata accettata. Scegliere una password che sia conforme ai criteri di password.
error_5=La conferma della password &egrave; errata.
error_50=La nuova password &egrave; troppo corta.
error_55=La nuova password deve essere diversa dalla vecchia.
error_6=&Egrave; necessario modificare la password.
error_7=Set up inizale dell&#39;account per il portale necessario.
error_8=L&#39;account &egrave; stato bloccato. Rivolgersi al servizio assistenza oppure provare con un altro strumento di autenticazione.
error_81=Nessuna carta di accesso trovata, accesso da internet rifiutato.
error_83=La sua carta di accesso non &egrave; pi&ugrave; valida. Per favore contatti il suo assistente per ricevere una nuova carta di accesso.
error_9=La sessione non pu&ograve; essere ripresa.
error_97=Non si dispone delle autorizzazioni necessarie per accedere a questa risorsa.
error_98=L&#39;account &egrave; stato bloccato.
error_99=Errore di sistema. Riprovare.
info.logout.confirmation=Si prega di confermare che si desidera disconnettersi.
info.logout.reminder=La sessione su questa applicazione &#x26;egrave; scaduta. Prova ancora con un login.
info.oauth.consent=Vuoi consentire all&#39;applicazione?
info.timeout.page=La sessione su questa applicazione &#x26;egrave; scaduta. Prova ancora con un login.
login.button.label=Login
logout.label=Logout
logout.text=&Egrave; uscito con successo.
method.certificate.label=Certificato
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=Codice mTAN
method.oath.label=App di autenticazione OATH
method.otp.label=OTP (One-Time Password)
method.recovery.label=Codici di ripristino
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Mai
policyFailure.dictionary=&#9642; non pu&ograve; essere presa da un dizionario.
policyFailure.history.History=&#9642; deve essere diversa da password precedenti.
policyFailure.regex.control=&#9642; non pu&ograve; contenere pi&ugrave; di {0} caratteri di controllo.
policyFailure.regex.lower=&#9642; deve conenere almeno {0} caratteri minuscoli.
policyFailure.regex.maxCharacterRepetitions=&#9642; non pu&ograve; contentere una sequenza pi&ugrave; lunga di {0} caratteri uguali.
policyFailure.regex.maxLength=&#9642; deve contenere al massimo {0} caratteri.
policyFailure.regex.minLength=&#9642; deve contenere almeno {0} caratteri.
policyFailure.regex.nonAlnum=&#9642; deve conenere almeno {0} caratteri non alfanumerici.
policyFailure.regex.nonAscii=&#9642; non pu&ograve; contenere pi&ugrave; di {0} caratteri non ASCII.
policyFailure.regex.nonGraph=&#9642; non pu&ograve; contenere pi&ugrave; di {0} caratteri non stampabili.
policyFailure.regex.nonLetter=&#9642; non pu&ograve; contenere pi&ugrave; di {0} numeri o caratteri speciali.
policyFailure.regex.numeric=&#9642; deve contenere {0} caratteri numerici.
policyFailure.regex.upper=&#9642; deve conenere almeno {0} caratteri maiuscoli.
policyInfo.dictionary=&#9642; non pu&ograve; essere presa da un dizionario.
policyInfo.history.History=&#9642; deve essere diversa dalle password precedenti.
policyInfo.regex.control=&#9642; non pu&ograve; contenere pi&ugrave; di {0} carattere/i di controllo.
policyInfo.regex.lower=&#9642; deve conenere almeno {0} carattere/i minuscolo/i.
policyInfo.regex.maxCharacterRepetitions=&#9642; non pu&ograve; contentere una sequenza pi&ugrave; lunga di {0} caratteri uguali.
policyInfo.regex.maxLength=&#9642; deve contenere al massimo {0} carattere/i.
policyInfo.regex.minLength=&#9642; deve contenere almeno {0} carattere/i.
policyInfo.regex.nonAlnum=&#9642; deve conenere almeno {0} carattere/i non alfanumerico/i.
policyInfo.regex.nonAscii=&#9642; non pu&ograve; contenere pi&ugrave; di {0} carattere/i non ASCII.
policyInfo.regex.nonGraph=&#9642; non pu&ograve; contenere pi&ugrave; di {0} carattere/i non stampabile/i.
policyInfo.regex.nonLetter=&#9642; non pu&ograve; contenere pi&ugrave; di {0} numero/i o caratere/i speciale/i.
policyInfo.regex.numeric=&#9642; deve contenere un minimo di {0} carattere/i numerico/i.
policyInfo.regex.upper=&#9642; deve conenere almeno {0} carattere/i maiuscolo/i.
policyInfo.title=La password deve rispettare le seguenti direttive:
reject.button.label=Rifiuti
submit.button.label=Continua
tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Autorizzazione del client
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1 @@
bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory

View File

@ -0,0 +1,19 @@
RTENV_SECURITY_CHECK=no_shell
JAVA_OPTS=(
"-XX:+UseContainerSupport"
"-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0"
"-Djava.net.preferIPv4Stack=true"
"-Djava.net.connectionTimeout=10000"
"-Djava.net.readTimeout=15000"
"-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml"
"-Djava.awt.headless=true"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/tls-swissid/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/tls-swissid/keypass}"
)

View File

@ -0,0 +1,2 @@
# this file is generated by nevisAdmin 4
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

View File

@ -0,0 +1,338 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
<esauth-server instance="nai">
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<LocalSessionStore maxSessions="100000"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<TokenAssembler name="DefaultTokenAssembler">
<Selector default="true"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<TokenSpec ttl="28800">
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.userid" as="userid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.entryid" as="entryid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.loginid" as="loginId"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.domain" as="domain"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.secroles" as="roles"/>
</TokenSpec>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<Signer key="DefaultSigner"/>
</TokenAssembler>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyStore name="DefaultKeyStore">
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
</KeyStore>
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
<KeyStore name="JwtToken">
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
<KeyObject name="tokensigner" certificate="/var/opt/keys/own/tokensigner/cert.pem" privateKey="/var/opt/keys/own/tokensigner/keystore.jks" passPhrase="pipe:///var/opt/keys/own/tokensigner/keypass"/>
</KeyStore>
</SessionCoordinator>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<LocalOutOfContextDataStore reaperPeriod="60"/>
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="logout" state="cossa_realm_AuthorizationServer"/>
<Entry method="logout" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
<Entry method="stepup" state="cossa_realm_Selector"/>
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
</Domain>
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_client" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_grant" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_request" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="invalid_scope" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="ok" next="cossa_realm_IdTokenVerification"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="refresh_token" next="cossa_realm_RewriteRequestForAuthorizationServerAuthstate"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="unauthorized_client" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<ResultCond name="unsupported_grant_type" next="cossa_realm_auth_failed"/>
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://89578db79d2bc15d55e11141 -->
<Gui name="Default"/>
</Response>
<propertyRef name="cossa_realm_AuthorizationServer"/>
</AuthState>
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<Gui name="Error">
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_IdTokenVerification" class="ch.adnovum.cossa.IdTokenVerification" final="false" resumeState="false">
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="invalid_grant" next="cossa_realm_auth_failed"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<ResultCond name="ok" next="cossa_realm_klpscope"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<Gui name="Default"/>
</Response>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="well_known_url" value="https://login.sandbox.pre.swissid.ch/idp/oauth2/.well-known/openid-configuration"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="httpclient.tls.trustAll" value="true"/>
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
<property name="use_caching" value="false"/>
</AuthState>
<AuthState name="cossa_realm_RewriteRequestForAuthorizationServerAuthstate" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<ResultCond name="ok" next="cossa_realm_AuthorizationServer"/>
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<Response value="AUTH_ERROR">
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<property name="inargs:grant_type" value="refresh_token"/>
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
<property name="inargs:refresh_token" value="${inargs:subject_token}"/>
</AuthState>
<AuthState name="cossa_realm_AuthorizationServer" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false" resumeState="true">
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_simulatelogin"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="invalid-authorization-request" next="cossa_realm_auth_failed"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="invalid-client" next="cossa_realm_JwtToken"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="invalid-redirect-uri" next="cossa_realm_auth_failed"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="invalid-token-request" next="cossa_realm_auth_failed"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<ResultCond name="stepup:valid-authorization-request" next="cossa_realm_simulatelogin"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="keystoreref" value="JwtToken"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="jwt.bearer.aud" value="testaudience"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="keyobjectref" value="tokensigner"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="keyID" value="tokensigner"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="openid.idTokenLifetime" value="600"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="authCodeLifetime" value="60"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="propagationScope" value="session"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="dataSource" value="nevisMeta"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="nevismeta.location" value="https://hans.agov-d.azure.adnovum.net/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities/"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="openid.support" value="true"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="openid.issuerId" value="https://cossa.agov-w.azure.adnovum.net"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.openid" value=""/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.openid.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.openid.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.openid.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.openid.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.offline_access" value=""/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.offline_access.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.offline_access.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.offline_access.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.offline_access.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.address" value=""/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.address.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.address.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.address.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.address.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.profile" value=""/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.profile.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.profile.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.profile.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.profile.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.email" value=""/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.email.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.email.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.email.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.email.clientCredentialsFlowPolicy" value="true"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.phone" value=""/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.phone.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.phone.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.phone.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
<property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
</AuthState>
<AuthState name="cossa_realm_klpscope" class="ch.adnovum.cossa.KLPScopeToProfileBinding" final="false" resumeState="true">
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<ResultCond name="default" next="cossa_realm_CallPolicyVerificationAPI"/>
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<property name="prioritiesSource" value="klp-profiles.conf"/>
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
<property name="profileExpression" value="oauth2.scope.${notes:scope}.metadata.klp_profile"/>
</AuthState>
<AuthState name="cossa_realm_simulatelogin" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<Response value="AUTH_ERROR">
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<property name="request:UserId" value="39c985c5-a1e8-4c64-8c34-aeac0cd82109"/>
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<property name="roles:add" value="1"/>
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<property name="session:ch.adnovum.nevisidm.clientId" value="100"/>
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<property name="session:ch.adnovum.nevisidm.profileId" value="a6d8860a-26b7-420c-8c3d-1f531d9fd968"/>
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
<property name="session:ch.nevis.session.loginid" value="meta.admin@adnovum.ch"/>
</AuthState>
<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<Response value="AUTH_ERROR"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.audience" value="https://www.adnovum.ch"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.issuer" value="https://my.nevis.server"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="out.time_to_live" value="86400"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="token.algorithm" value="RS256"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="keystoreref" value="JwtToken"/>
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
<property name="keyobjectref" value="tokensigner"/>
</AuthState>
<AuthState name="cossa_realm_CallPolicyVerificationAPI" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="multiple_profiles" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="no_valid_profile" next="cossa_realm_Authentication_Failed"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Gui name="Default"/>
</Response>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="evaluatePoliciesForAllProfiles" value="false"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="klpURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="basicAuthUsername" value="testbasicauth"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<property name="basicAuthPassword" value="testtesttest"/>
</AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<Gui name="Error">
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<GuiElem name="info" type="error" label="error_99"/>
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
<GuiElem name="submit" type="button" label="continue.button.label"/>
</Gui>
</Response>
</AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
</AuthState>
</AuthEngine>
<!-- source: pattern://b0fedec4607e1e69103b8497 -->
<RESTService name="rest" class="ch.nevis.esauth.rest.service.tokenintrospection.TokenIntrospectionService" path="/oauth/introspect2/">
<!-- source: pattern://b0fedec4607e1e69103b8497 -->
<property name="authstates" value="cossa_realm_AuthorizationServer"/>
</RESTService>
</esauth-server>

View File

@ -0,0 +1,25 @@
suisseid_auth_address_verified
suisseid_auth_address_required
suisseid_auth_mobile_verified
suisseid_auth_mobile_required
suisseid_auth_phone_required
suisseid_auth
password_auth_address_verified
password_auth_address_required
password_auth_mobile_verified
password_auth_mobile_required
password_auth_phone_required
password_auth
email_auth_address_verified
email_auth_address_required
email_auth_mobile_verified
email_auth_mobile_required
email_auth_phone_required
email_auth
autologin_auth_address_verified
autologin_auth_address_required
autologin_auth_mobile_verified
autologin_auth_mobile_required
autologin_auth_phone_required
autologin_auth
default

View File

@ -0,0 +1,57 @@
Configuration:
monitorInterval: 60
Appenders:
Console:
- name: "SERVER"
target: "SYSTEM_OUT"
PatternLayout:
pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n"
RegexFilter:
regex: ".*GET /nevisauth/liveness.*"
onMatch: "DENY"
onMismatch: "ACCEPT"
Loggers:
Logger:
- name: "EsAuthStart"
level: "INFO"
- name: "org.apache.catalina.loader.WebappClassLoader"
level: "FATAL"
- name: "org.apache.catalina.startup.HostConfig"
level: "ERROR"
- name: "ch.nevis.esauth.events"
level: "FATAL"
- name: "AuthEngine"
level: "INFO"
- name: "HttpClient"
level: "TRACE"
- name: "OAuth2"
level: "DEBUG"
- name: "StdStates"
level: "DEBUG"
- name: "Vars"
level: "INFO"
- name: "ch.adnovum.cossa.CachingIDTokenVerifier"
level: "DEBUG"
- name: "ch.adnovum.cossa.CallPolicyVerificationAPI"
level: "DEBUG"
- name: "ch.adnovum.cossa.IDTokenVerifier"
level: "DEBUG"
- name: "ch.adnovum.cossa.IdTokenVerification"
level: "DEBUG"
- name: "ch.adnovum.cossa.KLPScopeToProfileBinding"
level: "DEBUG"
- name: "ch.adnovum.cossa.SimpleIDTokenValidator"
level: "DEBUG"
- name: "ch.adnovum.cossa.SimpleIDTokenVerifier"
level: "DEBUG"
- name: "ch.adnovum.cossa.TokenExchangeEndpoint"
level: "DEBUG"
- name: "ch.adnovum.cossa.TokenExchangeEndpointRefresh"
level: "DEBUG"
- name: "ch.adnovum.cossa.TokenGenerator"
level: "DEBUG"
Root:
level: "WARN"
additivity: "false"
AppenderRef:
- ref: "SERVER"

View File

@ -0,0 +1,16 @@
server:
name: "default"
protocol: "https"
port: "8991"
host: "0.0.0.0"
tls:
keystore: "/var/opt/keys/own/nai-default-identity/keystore.p12"
keystore-passphrase: "${exec:/var/opt/keys/own/nai-default-identity/keypass}"
client-auth: "required"
truststore: "/var/opt/keys/trust/nai-default-tls-client-trust/truststore.p12"
truststore-passphrase: "${exec:/var/opt/keys/trust/nai-default-tls-client-trust/keypass}"
management:
server:
port: "9000"
healthchecks:
enabled: "true"

View File

@ -0,0 +1,4 @@
otel.service.name = nai
otel.traces.exporter = none
otel.metrics.exporter = none
otel.logs.exporter = none

View File

@ -0,0 +1,23 @@
// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth.
// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups.
// restore tokens
session.each { key, value ->
if (key.startsWith('outarg.token.')) {
def name = key.substring(7)
if (outargs.containsKey(name)) {
LOG.debug("not restoring token (outarg: $name) from session: outarg already set")
}
else {
LOG.debug("restoring token (outarg: $name) from session")
outargs.put(name, value)
}
}
}
// store tokens
outargs.each { name, value ->
if (name.startsWith('token.')) {
session.put('outarg.' + name, value)
}
}

View File

@ -0,0 +1,79 @@
#!/bin/bash
#
# NAME
# status.sh - Checks the status of the nevisAuth instance.
#
# SYNOPSIS
# status.sh
#
# DESCRIPTION
# Performs periodic checks until the instance is up or broken or timeout is reached.
# The script terminates when the process of the instance stops running.
# There are no arguments for this script.
#
# EXIT CODES
# 0 Instance is up.
# 1 Instance process is not running.
# 2 Instance is broken.
# 3 Timeout reached.
# Defines how much we should sleep between checking if the instance is up.
interval=1
# Defines how much we should wait the instance to start up until we give up and exit.
timeout=70
((end_time=${SECONDS}+$timeout))
# Checks if the process of the instance is still running.
# Arguments:
# None
# Returns:
# In case it is running, returns 0, otherwise non-zero (exit code of systemctl).
isProcessRunning() {
systemctl is-active --quiet nevisauth@default
IS_RUNNING=$?
return $IS_RUNNING
}
# Checks if the instance is up. (Attempts connecting to the instance)
# Arguments:
# None
# Returns:
# If the connection was successful and the instance up (is not broken), returns 0.
# If the connection was not successful, returns 1.
checkInstance() {
lsof -i :8991 -sTCP:LISTEN
EXIT_CODE=$?
return $EXIT_CODE
}
# This function encapsulates the logic of checking if the process is running and if the instance is up.
# In case the process is not running, exits with exit code 1.
# Arguments:
# None
# Returns:
# If the instance process is running, returns the result of the instance check function.
check() {
if isProcessRunning
then
checkInstance
CS=$?
return $CS
else
echo "Process is not running."
exit 1
fi
}
# Check the status of the instance periodically.
while ((${SECONDS} < ${end_time}))
do
sleep ${interval}
if check
then
echo "Instance is up."
exit 0
fi
done
echo "Exceeded check timeout (70s). Instance is down."
exit 3

View File

@ -0,0 +1,60 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisComponent"
metadata:
name: "nai2"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai2"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "5a02ce1399ca42298422a320"
spec:
type: "NevisAuth"
replicas: 1
version: "8.2405.2"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
management: 9000
soap: 8991
resources:
limits:
cpu: "2"
memory: "2000Mi"
requests:
cpu: "20m"
memory: "1000Mi"
livenessProbe:
soap:
tcpSocket: true
periodSeconds: 5
timeoutSeconds: 4
readinessProbe:
management:
httpGet:
path: "/nevisauth/liveness"
periodSeconds: 5
timeoutSeconds: 6
startupProbe:
management:
httpGet:
path: "/nevisauth/liveness"
periodSeconds: 5
timeoutSeconds: 6
failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-a70c85a598c6206ebfce3d9c27f4334238313639"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2"
credentials: "git-credentials"
keystores:
- "nai2-sh4r3d-default-default-signer"
- "nai2-default-identity"
truststores:
- "nai2-default-default-signer-trust"
- "nai2-default-tls-client-trust"
podSecurity:
policy: "baseline"
automountServiceAccountToken: false
timeZone: "Europe/Zurich"

View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "nai2-default-default-signer-trust"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai2"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "5a02ce1399ca42298422a320"
spec:
keystores:
- name: "nai2-sh4r3d-default-default-signer"
namespace: "adn-postit-tknxchng-01-dev"

View File

@ -0,0 +1,18 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "nai2-default-identity"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai2"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "5a02ce1399ca42298422a320"
spec:
cn: "nai2"
usage: "<reserved for future use>"
san:
dns:
- "nai2"
- "nai2.adn-postit-tknxchng-01-dev"
email: []

View File

@ -0,0 +1,14 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "nai2-default-tls-client-trust"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai2"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "5a02ce1399ca42298422a320"
spec:
keystores:
- name: "npi-mockrelam-identity"
namespace: "adn-postit-tknxchng-01-dev"

View File

@ -0,0 +1,16 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "nai2-sh4r3d-default-default-signer"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai2"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "5a02ce1399ca42298422a320"
spec:
cn: "signer"
usage: "signer"
san:
dns: []
email: []

View File

@ -0,0 +1,18 @@
schemaVersion: 1.0
instance:
type: "nevisauth"
name: "default"
directory: "/var/opt/nevisauth/default"
pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2"
source:
url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/5a02ce1399ca42298422a320"
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "5a02ce1399ca42298422a320"
patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable"
resources:
ports:
- "0.0.0.0:8991"
control:
start: "systemctl restart nevisauth@default &"
stop: "systemctl stop nevisauth@default"
status: "systemctl status nevisauth@default"

View File

@ -0,0 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIGkzCCBHugAwIBAgIULa4PojoMOF/785XA2QNkLRQYTS4wDQYJKoZIhvcNAQEL
BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE
AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2Mjkw
OTMwNDdaFw0zNjA2MjkwOTMwNDdaMFAxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxT
d2lzc1NpZ24gQUcxKjAoBgNVBAMTIVN3aXNzU2lnbiBSU0EgVExTIEVWIElDQSAy
MDIyIC0gMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL61hlRf7Jxo
0msjavo1pgChwWBDYix5Zd0CnhciVYUCk30Ko6BxFBICoSsZ1gXGqlT20g/AYqYL
xuKcdNNAJ/LHT6k2zL3UhSpx+eHjeTGQ7id2jC1HKRZ9zA8YXdhtY3oJom7B3ykE
d/j0KVmHy9tP1A0rt3ntbJLfLIS6uWogx2KfFs8MwtoAZLiGvp49SHly6p450fcz
payPIWu12PfVQjLg7b9NitlDlYEWiCAL7R3jINw2yMwcdBvq2gy+ZZsiYkSb1m+h
ABOGxU6SCN6w7GgRWWveSaJBvRokUvIon/wsZK51j8RM4TsoR60Wei8ftSBL75BI
g9Us8dkBXDa8vqoDVpc9zs6pan5XN8KymNT52j4gEe161eYTtbiME4KdSWtVsA7e
rdkHsXKJTRIxxdpUkQXxhLXEoyDed/BVgV1yhTeN6YCFX7AiocAi5rPUplc6LV58
CCUWFMSWEJxOYQUrwWFLNzQMnE969hnvdhuO8ZeqtpwFwX/OLryWoil+jGobRm/1
OQS9+urcVygrzZ9Dy9Q/OF/oq9NeaijvL2Ncjkj5f6uJzgXkm7PwjnHrL2FWBkhp
oM/vyT1VAgWNoku3jIyedtyJ9lUECwPIzQuddQYOL8FwhaFmvtHnOLpiy2ctbwir
gJW+KcsNkpHg0N5stJcPzPvlssmNBHbNAgMBAAGjggFiMIIBXjBcBggrBgEFBQcB
AQRQME4wTAYIKwYBBQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci1h
ZWZmMzc0ZC0wZjdhLTRjNTUtYTAzNC0xNDQwMjkwY2ZhMzIwEgYDVR0TAQH/BAgw
BgEB/wIBADAoBgNVHSAEITAfMAcGBWeBDAEBMAgGBgQAj3oBBDAKBghghXQBWQIB
AzBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAt
OTY2MWMyOWYtOTEyMS00ZjQ2LWFjZDgtZWFkNGEyMmY3MTYwMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFElS
3zCGkllfNJwlSCSrwOvRBvLWMB8GA1UdIwQYMBaAFG+OYouTQ7DhQPanw/3xD7gP
FTilMA0GCSqGSIb3DQEBCwUAA4ICAQBugn943V4fbEbG+Leb4YXTWLLfPIC+mrdc
H6v1+Iws+XCzoKthaDk0c346mSaXZM9to5xDOWgfEnBYbVioMyI/5EABbg4ARkgp
dj50FPe9MtLD4kOZFv/8LoRH+WdAfQUsxS1RQincUnYWAxmRNOHLdnbyiQt3sYDl
6tZzURSMnMUec4stxfLT4VQE1Ew6Phr06CouYOd5ON+mWkFhROz3jx5PTXcECrqQ
IT27wJ4mzKA6W9p69ZDFi/+FcpN9vCjzksi0w8i62DwtbO8Pj3ZEOL8z6+cwXyT7
X7Zt96vufj+bsxFo1IXQ6cb2i13qpThSHL4NA1NhUbB/ipMbxNtBJ4fwtcG8SAUs
jRXgG/RYrXRorG90KU/dcezixY4yKnlIdkkhpV7h8jY2+XS7GbjaKee8pPeAFXgs
Hzdi+EhZvHOVfshaKL2CAELrYn8Tzo2Zt9zsbif8L7bPJROS3xqzn+GbCFt67/8Y
jTh84Taa4D49H6V+p01QPkvG7ub7Rw52fm56zY3mabbhbsREOceswsfunxSN/SOE
pLKVMopuVnRcwVIWmnzH9BlBhIzLqOS4kCYA5E5Irw217j/JTGVWEdMN0ar09nGh
WA2Eq8aDANjAP1bao/4nmxsFU2zKbTR40Tb7/HKB5jaItYdkz6ppnxQDLTWe7T6+
nGZwqmYtbQ==
-----END CERTIFICATE-----

View File

@ -0,0 +1,80 @@
accept.button.label=Accept
cancel.button.label=Cancel
continue.button.label=Continue
deputy.profile.label=(Deputy Profile)
error.saml.failed=Please close your browser and try again.
error_1=Please check your input.
error_10=Please select the correct user account.
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
error_101=The entered email address is not valid.
error_11=Please use another certficate or login with another credential type.
error_2=Please select another login name.
error_3=Your account will be locked if next authentication fails.
error_4=Your new password does not comply with the security policy. Please choose a different password.
error_5=Error in password confirmation.
error_50=The new password is too short.
error_55=The new password has to differ from old passwords.
error_6=Password change required.
error_7=Change of login ID required.
error_8=Your account has been locked due to repeated authentication failures.
error_81=No access card found, access from internet denied.
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
error_9=Session take over failed.
error_97=You are not authorized to access this resource.
error_98=Your account has been locked.
error_99=System problems. Please try later.
info.logout.confirmation=Please confirm that you want to log out.
info.logout.reminder=Your session on this application has expired. Try again with a login.
info.oauth.consent=Do you want to authorise this application to access your data?
info.timeout.page=Your session on this application has expired. Try again with a login.
login.button.label=Login
logout.label=Logout
logout.text=You have successfully logged out.
method.certificate.label=Certificate
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=mTAN Code
method.oath.label=OATH Authenticator App
method.otp.label=OTP (One-Time Password)
method.recovery.label=Recovery Codes
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Never
policyFailure.dictionary=&#9642; must not be taken from a dictionary.
policyFailure.history.History=&#9642; must be different from previously selected passwords.
policyFailure.regex.control=&#9642; cannot contain more than {0} control characters.
policyFailure.regex.lower=&#9642; must contain at least {0} lower case characters.
policyFailure.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyFailure.regex.maxLength=&#9642; must be at most {0} characters long.
policyFailure.regex.minLength=&#9642; must be at least {0} characters long.
policyFailure.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyFailure.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyFailure.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyFailure.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyFailure.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyFailure.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.dictionary=&#9642; must not be taken from a dictionary.
policyInfo.history.History=&#9642; must be different from previously selected passwords.
policyInfo.regex.control=&#9642; cannot contain more than {0} control characters.
policyInfo.regex.lower=&#9642; must contain at least {0} lower case characters.
policyInfo.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyInfo.regex.maxLength=&#9642; must be at most {0} characters long.
policyInfo.regex.minLength=&#9642; must be at least {0} characters long.
policyInfo.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyInfo.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyInfo.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyInfo.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyInfo.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyInfo.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.title=The password has to comply with the following password policy:
reject.button.label=Deny
submit.button.label=Submit
tan.sent=Please enter the security code which has been sent to your mobile phone.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Client Authorization
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Akzeptieren
cancel.button.label=Abbrechen
continue.button.label=Weiter
deputy.profile.label=(Profil Stellvertreter)
error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
error_1=Bitte &uuml;berpr&uuml;fen Sie Ihre Eingabe.
error_10=Bitte w&auml;hlen Sie den gew&uuml;nschten Benutzer.
error_100=Zertifikat-Upload nicht m&ouml;glich. Zertifikat bereits vorhanden. Bitte kontaktieren Sie Ihren Helpdesk.
error_101=Die angegebene E-Mail Adresse ist ung&uuml;ltig.
error_11=Bitte verwenden Sie ein anderes Zertifikat oder ein alternatives Authentisierungsmittel.
error_2=Bitte w&auml;hlen Sie einen anderen Login-Namen.
error_3=Falls Ihr n&auml;chster Login fehlschl&auml;gt, wird Ihr Konto gesperrt.
error_4=Ihr neues Passwort wurde nicht akzeptiert. Bitte w&auml;hlen Sie eines, das den Passwortvorgaben entspricht.
error_5=Die Eingabe zur Best&auml;tigung des Passwortes ist falsch.
error_50=Das neue Passwort ist zu kurz.
error_55=Das neue Passwort muss sich von alten Passw&ouml;rtern unterscheiden.
error_6=Passwortwechsel erforderlich.
error_7=Wechsel der Login-ID erforderlich.
error_8=Ihr Konto wurde infolge wiederholt fehlgeschlagener Authentisierung gesperrt.
error_81=Keine Rasterkarte gefunden, Zugang vom Internet verweigert.
error_83=Ihre Rasterkarte ist aufgebraucht. Bitte kontaktieren Sie Ihren Berater, um eine neue zu erhalten.
error_9=Die SSO-Session konnte nicht &uuml;bernommen werden.
error_97=Sie verf&uuml;gen nicht &uuml;ber die f&uuml;r den Zugriff auf diese Ressource ben&ouml;tigte Berechtigung.
error_98=Ihr Konto ist gesperrt.
error_99=Systemfehler. Bitte versuchen Sie es sp&auml;ter.
info.logout.confirmation=Bitte best&auml;tigen Sie, dass Sie sich abmelden m&ouml;chten.
info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben?
info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
login.button.label=Login
logout.label=Logout
logout.text=Sie haben sich erfolgreich abgemeldet.
method.certificate.label=Zertifikat
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=mTAN-Code
method.oath.label=OATH Authenticator-App
method.otp.label=OTP (One-Time Passwort)
method.recovery.label=Wiederherstellungscodes
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Nie
policyFailure.dictionary=&#9642; darf nicht aus einem W&ouml;rterbuch stammen.
policyFailure.history.History=&#9642; muss sich von vorhergehenden Passw&ouml;rtern unterscheiden.
policyFailure.regex.control=&#9642; darf h&ouml;chstens {0} Kontrollzeichen enthalten.
policyFailure.regex.lower=&#9642; muss {0} Kleinbuchstaben enthalten.
policyFailure.regex.maxCharacterRepetitions=&#9642; darf nicht eine Sequenz l&auml;nger als {0} des gleichen Zeichens enthalten.
policyFailure.regex.maxLength=L&auml;nge des Passwortes darf h&ouml;chstens {0} sein.
policyFailure.regex.minLength=L&auml;nge des Passwortes muss mindestens {0} sein.
policyFailure.regex.nonAlnum=&#9642; muss {0} nicht-alphanumerische Zeichen enthalten.
policyFailure.regex.nonAscii=&#9642; darf h&ouml;chstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
policyFailure.regex.nonGraph=&#9642; darf h&ouml;chstens {0} nicht-druckende Zeichen enthalten.
policyFailure.regex.nonLetter=&#9642; muss {0} Zeichen enthalten, die keine Buchstaben sind.
policyFailure.regex.numeric=&#9642; muss {0} numerische Zeichen enthalten.
policyFailure.regex.upper=&#9642; muss {0} Grossbuchstaben enthalten.
policyInfo.dictionary=&#9642; darf nicht aus einem W&ouml;rterbuch stammen.
policyInfo.history.History=&#9642; darf keines der zuletzt verwendeten Passw&ouml;rtern sein.
policyInfo.regex.control=&#9642; darf h&ouml;chstens {0} Kontrollzeichen enthalten.
policyInfo.regex.lower=&#9642; muss mindestens {0} Kleinbuchstaben enthalten.
policyInfo.regex.maxCharacterRepetitions=&#9642; darf nicht eine Sequenz l&auml;nger als {0} des gleichen Zeichens enthalten.
policyInfo.regex.maxLength=&#9642; darf h&ouml;chstens {0} Zeichen enthalten.
policyInfo.regex.minLength=&#9642; muss mindestens {0} Zeichen enthalten.
policyInfo.regex.nonAlnum=&#9642; muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind.
policyInfo.regex.nonAscii=&#9642; darf h&ouml;chstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
policyInfo.regex.nonGraph=&#9642; darf h&ouml;chstens {0} nicht-druckende Zeichen enthalten.
policyInfo.regex.nonLetter=&#9642; muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind.
policyInfo.regex.numeric=&#9642; muss mindestens {0} numerische Zeichen enthalten.
policyInfo.regex.upper=&#9642; muss mindestens {0} Grossbuchstaben enthalten.
policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen:
reject.button.label=Ablehnen
submit.button.label=Senden
tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Client Authorisierung
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Accept
cancel.button.label=Cancel
continue.button.label=Continue
deputy.profile.label=(Deputy Profile)
error.saml.failed=Please close your browser and try again.
error_1=Please check your input.
error_10=Please select the correct user account.
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
error_101=The entered email address is not valid.
error_11=Please use another certficate or login with another credential type.
error_2=Please select another login name.
error_3=Your account will be locked if next authentication fails.
error_4=Your new password does not comply with the security policy. Please choose a different password.
error_5=Error in password confirmation.
error_50=The new password is too short.
error_55=The new password has to differ from old passwords.
error_6=Password change required.
error_7=Change of login ID required.
error_8=Your account has been locked due to repeated authentication failures.
error_81=No access card found, access from internet denied.
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
error_9=Session take over failed.
error_97=You are not authorized to access this resource.
error_98=Your account has been locked.
error_99=System problems. Please try later.
info.logout.confirmation=Please confirm that you want to log out.
info.logout.reminder=Your session on this application has expired. Try again with a login.
info.oauth.consent=Do you want to authorise this application to access your data?
info.timeout.page=Your session on this application has expired. Try again with a login.
login.button.label=Login
logout.label=Logout
logout.text=You have successfully logged out.
method.certificate.label=Certificate
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=mTAN Code
method.oath.label=OATH Authenticator App
method.otp.label=OTP (One-Time Password)
method.recovery.label=Recovery Codes
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Never
policyFailure.dictionary=&#9642; must not be taken from a dictionary.
policyFailure.history.History=&#9642; must be different from previously selected passwords.
policyFailure.regex.control=&#9642; cannot contain more than {0} control characters.
policyFailure.regex.lower=&#9642; must contain at least {0} lower case characters.
policyFailure.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyFailure.regex.maxLength=&#9642; must be at most {0} characters long.
policyFailure.regex.minLength=&#9642; must be at least {0} characters long.
policyFailure.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyFailure.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyFailure.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyFailure.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyFailure.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyFailure.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.dictionary=&#9642; must not be taken from a dictionary.
policyInfo.history.History=&#9642; must be different from previously selected passwords.
policyInfo.regex.control=&#9642; cannot contain more than {0} control characters.
policyInfo.regex.lower=&#9642; must contain at least {0} lower case characters.
policyInfo.regex.maxCharacterRepetitions=&#9642; characters must not occur more than {0} time(s) consecutively.
policyInfo.regex.maxLength=&#9642; must be at most {0} characters long.
policyInfo.regex.minLength=&#9642; must be at least {0} characters long.
policyInfo.regex.nonAlnum=&#9642; must contain at least {0} non-alphanumeric characters.
policyInfo.regex.nonAscii=&#9642; cannot contain more than {0} non-ASCII characters.
policyInfo.regex.nonGraph=&#9642; cannot contain more than {0} non-printable characters.
policyInfo.regex.nonLetter=&#9642; must contain at least {0} non-letter characters.
policyInfo.regex.numeric=&#9642; must contain at least {0} numeric characters.
policyInfo.regex.upper=&#9642; must contain at least {0} upper case characters.
policyInfo.title=The password has to comply with the following password policy:
reject.button.label=Deny
submit.button.label=Submit
tan.sent=Please enter the security code which has been sent to your mobile phone.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Client Authorization
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Accepter
cancel.button.label=Abandonner
continue.button.label=Continuer
deputy.profile.label=(Profil du suppl&eacute;ant)
error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
error_1=Veuillez v&eacute;rifier vos donn&eacute;es, s.v.p.
error_10=Choisissez votre compte.
error_100=T&eacute;l&eacute;chargement du certificat pas possible. Certificat existe d&eacute;j&agrave;. Veuillez contacter le helpdesk s.v.p.
error_101=L&#39;adresse e-mail &eacute; n&#39;est pas valide.
error_11=Choisissez un autre certificat, s.v.p.
error_2=Choisissez un autre nom, s.v.p.
error_3=Si l&#39;authentification ne r&eacute;ussit pas au prochain essai, votre compte sera bloqu&eacute;.
error_4=Votre nouveau mot de passe ne conforme pas aux mesures de s&eacute;curit&eacute;
error_5=Votre confirmation du mot de passe ne correspond pas au mot de passe donn&eacute;.
error_50=Le nouveau mot de passe est trop court.
error_55=Le nouveau mot de passe doit diff&eacute;rer de l&#39;ancien.
error_6=Veuillez changer votre mot de passe, s.v.p.
error_7=Veuillez changer votre login ID, s.v.p.
error_8=Votre compte n&#39;est pas active.
error_81=Pas d&#39;access card trouv&eacute;, l&#39;acc&egrave;s par l&#39;internet est refus&eacute;.
error_83=Votre access card n&#39;est plus valable, veuillez contacter votre gestionnaire.
error_9=Il n&#39;est pas possible de transmettre la session.
error_97=Vous n&#39;avez pas les autorisations n&eacute;cessaires pour acc&eacute;der &agrave; cette ressource.
error_98=Votre compte a &eacute;t&eacute; bloqu&eacute;.
error_99=Probl&egrave;me technique. Veuillez essayer plus tard, s.v.p.
info.logout.confirmation=Veuillez confirmer que vous souhaitez vous d&eacute;connecter.
info.logout.reminder=Votre session sur cette application a expir&eacute;e. Essayez encore avec un login.
info.oauth.consent=Voulez-vous autoriser l&#39;application?
info.timeout.page=Votre session sur cette application a expir&eacute;e. Essayez encore avec un login.
login.button.label=Login
logout.label=Logout
logout.text=Au revoir
method.certificate.label=Certificat
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=Code mTAN
method.oath.label=Application d'authentification OATH
method.otp.label=OTP (One-Time Password)
method.recovery.label=Codes de r&eacute;cup&eacute;ration
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Jamais
policyFailure.dictionary=&#9642; ne peut pas &ecirc;tre pris d&#39;un dictionnaire.
policyFailure.history.History=&#9642; doit &ecirc;tre diff&eacute;rent des mots de passe pr&eacute;alablement s&eacute;lectionn&eacute;s.
policyFailure.regex.control=&#9642; ne peut contenir plus de {0} caract&egrave;res de commande.
policyFailure.regex.lower=&#9642; doit contenir au moins {0} caract&egrave;re(s) minuscule(s).
policyFailure.regex.maxCharacterRepetitions=&#9642; ne peut contenir une s&eacute;quence de plus de {0} du m&ecirc;me caract&egrave;re.
policyFailure.regex.maxLength=La longueur doit &ecirc;tre d&#39;au plus {0}.
policyFailure.regex.minLength=La longueur doit &ecirc;tre d&#39;au moins {0}.
policyFailure.regex.nonAlnum=&#9642; doit contenir au moins {0} caract&egrave;res non alphanum&eacute;riques.
policyFailure.regex.nonAscii=&#9642; ne peut contenir plus de {0} caract&egrave;res non ASCII ({1}).
policyFailure.regex.nonGraph=&#9642; ne peut contenir plus de {0} caract&egrave;res non imprimables ({1}).
policyFailure.regex.nonLetter=&#9642; doit contenir au moins {0} caract&egrave;res qui ne sont pas des lettres.
policyFailure.regex.numeric=&#9642; doit comprendre {0} caract&#232;res num&#233;riques.
policyFailure.regex.upper=&#9642; doit contenir au moins {0} caract&egrave;re(s) majuscule(s).
policyInfo.dictionary=&#9642; ne peut pas &ecirc;tre pris d&#39;un dictionnaire.
policyInfo.history.History=&#9642; ne peut pas &ecirc;tre l&#39; pr&eacute;c&eacute;demment choisis.
policyInfo.regex.control=&#9642; ne peut contenir plus de {0} caract&egrave;res de commande.
policyInfo.regex.lower=&#9642; doit contenir au moins {0} caract&egrave;re(s) minuscule(s).
policyInfo.regex.maxCharacterRepetitions=&#9642; ne peut contenir une s&eacute;quence de plus de {0} du m&ecirc;me caract&egrave;re.
policyInfo.regex.maxLength=&#9642; la longueur doit &ecirc;tre d&#39;au plus {0}.
policyInfo.regex.minLength=&#9642; la longueur doit &ecirc;tre d&#39;au moins {0}.
policyInfo.regex.nonAlnum=&#9642; doit contenir au moins {0} caract&egrave;res non alphanum&eacute;riques.
policyInfo.regex.nonAscii=&#9642; ne peut contenir plus de {0} caract&egrave;res non ASCII.
policyInfo.regex.nonGraph=&#9642; ne peut contenir plus de {0} caract&egrave;res non imprimables.
policyInfo.regex.nonLetter=&#9642; doit contenir au moins {0} caract&egrave;res qui ne sont pas des lettres.
policyInfo.regex.numeric=&#9642; doit comprendre au minimum {0} caract&#232;res num&#233;riques.
policyInfo.regex.upper=&#9642; doit contenir au moins {0} caract&egrave;re(s) majuscule(s).
policyInfo.title=Le mot de passe doit respecter les r&egrave;gles suivantes:
reject.button.label=Refuser
submit.button.label=Envoyer
tan.sent=Veuillez saisir le code de s&eacute;curit&eacute; que vous avez re&ccedil;u au votre t&eacute;l&eacute;phone mobile.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Autorisation du client
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1,80 @@
accept.button.label=Accettare
cancel.button.label=Abortire
continue.button.label=Continua
deputy.profile.label=(profilo del delegato)
error.saml.failed=Chiudi il browser e riprova.
error_1=Verificare i dati immessi.
error_10=Per favore selezionare il conto utente corretto.
error_100=Impossibile caricare il certificato. Questo certificato esiste gi&agrave;. La preghiamo di contattare il Suo help desk.
error_101=L&#39;indirizzo e-mail inserito non &egrave; valido.
error_11=Scegliere un altro certificato.
error_2=Per favore scegliere un altro nome.
error_3=Il conto verr&agrave; bloccato se il prossimo login non andr&agrave; a buon fine.
error_4=La nuova password non &egrave; stata accettata. Scegliere una password che sia conforme ai criteri di password.
error_5=La conferma della password &egrave; errata.
error_50=La nuova password &egrave; troppo corta.
error_55=La nuova password deve essere diversa dalla vecchia.
error_6=&Egrave; necessario modificare la password.
error_7=Set up inizale dell&#39;account per il portale necessario.
error_8=L&#39;account &egrave; stato bloccato. Rivolgersi al servizio assistenza oppure provare con un altro strumento di autenticazione.
error_81=Nessuna carta di accesso trovata, accesso da internet rifiutato.
error_83=La sua carta di accesso non &egrave; pi&ugrave; valida. Per favore contatti il suo assistente per ricevere una nuova carta di accesso.
error_9=La sessione non pu&ograve; essere ripresa.
error_97=Non si dispone delle autorizzazioni necessarie per accedere a questa risorsa.
error_98=L&#39;account &egrave; stato bloccato.
error_99=Errore di sistema. Riprovare.
info.logout.confirmation=Si prega di confermare che si desidera disconnettersi.
info.logout.reminder=La sessione su questa applicazione &#x26;egrave; scaduta. Prova ancora con un login.
info.oauth.consent=Vuoi consentire all&#39;applicazione?
info.timeout.page=La sessione su questa applicazione &#x26;egrave; scaduta. Prova ancora con un login.
login.button.label=Login
logout.label=Logout
logout.text=&Egrave; uscito con successo.
method.certificate.label=Certificato
method.fido.label=Mobile Authentication
method.fido2.label=FIDO 2
method.mtan.label=Codice mTAN
method.oath.label=App di autenticazione OATH
method.otp.label=OTP (One-Time Password)
method.recovery.label=Codici di ripristino
method.safeword.label=SafeWord
method.securid.label=SecurID
method.ticket.label=Ticket
outarg.lastLogin.never=Mai
policyFailure.dictionary=&#9642; non pu&ograve; essere presa da un dizionario.
policyFailure.history.History=&#9642; deve essere diversa da password precedenti.
policyFailure.regex.control=&#9642; non pu&ograve; contenere pi&ugrave; di {0} caratteri di controllo.
policyFailure.regex.lower=&#9642; deve conenere almeno {0} caratteri minuscoli.
policyFailure.regex.maxCharacterRepetitions=&#9642; non pu&ograve; contentere una sequenza pi&ugrave; lunga di {0} caratteri uguali.
policyFailure.regex.maxLength=&#9642; deve contenere al massimo {0} caratteri.
policyFailure.regex.minLength=&#9642; deve contenere almeno {0} caratteri.
policyFailure.regex.nonAlnum=&#9642; deve conenere almeno {0} caratteri non alfanumerici.
policyFailure.regex.nonAscii=&#9642; non pu&ograve; contenere pi&ugrave; di {0} caratteri non ASCII.
policyFailure.regex.nonGraph=&#9642; non pu&ograve; contenere pi&ugrave; di {0} caratteri non stampabili.
policyFailure.regex.nonLetter=&#9642; non pu&ograve; contenere pi&ugrave; di {0} numeri o caratteri speciali.
policyFailure.regex.numeric=&#9642; deve contenere {0} caratteri numerici.
policyFailure.regex.upper=&#9642; deve conenere almeno {0} caratteri maiuscoli.
policyInfo.dictionary=&#9642; non pu&ograve; essere presa da un dizionario.
policyInfo.history.History=&#9642; deve essere diversa dalle password precedenti.
policyInfo.regex.control=&#9642; non pu&ograve; contenere pi&ugrave; di {0} carattere/i di controllo.
policyInfo.regex.lower=&#9642; deve conenere almeno {0} carattere/i minuscolo/i.
policyInfo.regex.maxCharacterRepetitions=&#9642; non pu&ograve; contentere una sequenza pi&ugrave; lunga di {0} caratteri uguali.
policyInfo.regex.maxLength=&#9642; deve contenere al massimo {0} carattere/i.
policyInfo.regex.minLength=&#9642; deve contenere almeno {0} carattere/i.
policyInfo.regex.nonAlnum=&#9642; deve conenere almeno {0} carattere/i non alfanumerico/i.
policyInfo.regex.nonAscii=&#9642; non pu&ograve; contenere pi&ugrave; di {0} carattere/i non ASCII.
policyInfo.regex.nonGraph=&#9642; non pu&ograve; contenere pi&ugrave; di {0} carattere/i non stampabile/i.
policyInfo.regex.nonLetter=&#9642; non pu&ograve; contenere pi&ugrave; di {0} numero/i o caratere/i speciale/i.
policyInfo.regex.numeric=&#9642; deve contenere un minimo di {0} carattere/i numerico/i.
policyInfo.regex.upper=&#9642; deve conenere almeno {0} carattere/i maiuscolo/i.
policyInfo.title=La password deve rispettare le seguenti direttive:
reject.button.label=Rifiuti
submit.button.label=Continua
tan.sent=Inserisci il codice di sicurezza che &egrave; stato inviato al tuo telefono cellulare.
title.logout=Logout
title.logout.confirmation=Logout
title.logout.reminder=Logout
title.oauth.consent=Autorizzazione del client
title.saml.failed=Error
title.timeout.page=Logout

View File

@ -0,0 +1 @@
bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory

View File

@ -0,0 +1,19 @@
RTENV_SECURITY_CHECK=no_shell
JAVA_OPTS=(
"-XX:+UseContainerSupport"
"-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0"
"-Djava.net.preferIPv4Stack=true"
"-Djava.net.connectionTimeout=10000"
"-Djava.net.readTimeout=15000"
"-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml"
"-Djava.awt.headless=true"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/tls-swissid/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/tls-swissid/keypass}"
)

View File

@ -0,0 +1,2 @@
# this file is generated by nevisAdmin 4
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

View File

@ -0,0 +1,151 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
<esauth-server instance="nai2">
<!-- source: pattern://5a02ce1399ca42298422a320, pattern://8523f0587aa8cfa7008f8171 -->
<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<LocalSessionStore maxSessions="100000"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<TokenAssembler name="DefaultTokenAssembler">
<Selector default="true"/>
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<TokenSpec ttl="28800">
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.userid" as="userid"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.entryid" as="entryid"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.loginid" as="loginId"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.domain" as="domain"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<field src="session" key="ch.nevis.session.secroles" as="roles"/>
</TokenSpec>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<Signer key="DefaultSigner"/>
</TokenAssembler>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<KeyStore name="DefaultKeyStore">
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai2-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai2-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai2-sh4r3d-default-default-signer/keypass"/>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai2-default-default-signer-trust/truststore.jks"/>
</KeyStore>
</SessionCoordinator>
<!-- source: pattern://5a02ce1399ca42298422a320 -->
<LocalOutOfContextDataStore reaperPeriod="60"/>
<!-- source: pattern://5a02ce1399ca42298422a320, pattern://8523f0587aa8cfa7008f8171 -->
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<Domain name="MockRelam" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="MockRelam_DispatchMockRequests"/>
<Entry method="stepup" state="MockRelam_Selector"/>
</Domain>
<AuthState name="MockRelam_DispatchMockRequests" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://1641a38402138546573b7e71 -->
<ResultCond name="jwk" next="MockRelam_jwkMock"/>
<!-- source: pattern://1641a38402138546573b7e71 -->
<ResultCond name="metadata" next="MockRelam_MetadataMock"/>
<!-- source: pattern://1641a38402138546573b7e71 -->
<ResultCond name="nomatch" next="MockRelam_KlpApiMock"/>
<!-- source: pattern://1641a38402138546573b7e71 -->
<ResultCond name="wellknown" next="MockRelam_wellKownMock"/>
<!-- source: pattern://1641a38402138546573b7e71 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://1641a38402138546573b7e71 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://1641a38402138546573b7e71 -->
<property name="condition:jwk" value="${request:currentResource:/jwk:true}"/>
<!-- source: pattern://1641a38402138546573b7e71 -->
<property name="condition:metadata" value="${request:currentResource:/metadata:true}"/>
<!-- source: pattern://1641a38402138546573b7e71 -->
<property name="condition:wellknown" value="${request:currentResource:/.well-known:true}"/>
</AuthState>
<AuthState name="MockRelam_jwkMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
<!-- source: pattern://02267b7a9895eef024fd806b -->
<Response value="AUTH_ERROR">
<!-- source: pattern://02267b7a9895eef024fd806b -->
<Gui name="none"/>
</Response>
<!-- source: pattern://02267b7a9895eef024fd806b -->
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_jwkmock.json"/>
<!-- source: pattern://02267b7a9895eef024fd806b -->
<property name="contentType" value="application/json"/>
<!-- source: pattern://02267b7a9895eef024fd806b -->
<property name="statusCode" value="200"/>
</AuthState>
<AuthState name="MockRelam_MetadataMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
<Response value="AUTH_ERROR">
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
<Gui name="none"/>
</Response>
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_metadatamock.json"/>
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
<property name="contentType" value="application/json"/>
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
<property name="statusCode" value="200"/>
</AuthState>
<AuthState name="MockRelam_KlpApiMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
<Gui name="none"/>
</Response>
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_klpapimock.json"/>
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
<property name="contentType" value="application/json"/>
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
<property name="statusCode" value="200"/>
</AuthState>
<AuthState name="MockRelam_wellKownMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
<Response value="AUTH_ERROR">
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
<Gui name="none"/>
</Response>
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json"/>
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
<property name="contentType" value="application/json"/>
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
<property name="statusCode" value="200"/>
</AuthState>
<AuthState name="MockRelam_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<ResultCond name="nomatch" next="MockRelam_Prepare_Done"/>
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
</AuthState>
<AuthState name="MockRelam_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<ResultCond name="default" next="MockRelam_Auth_Done"/>
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<Response value="AUTH_DONE">
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="MockRelam_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<Response value="AUTH_DONE">
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
</AuthEngine>
</esauth-server>

View File

@ -0,0 +1,57 @@
Configuration:
monitorInterval: 60
Appenders:
Console:
- name: "SERVER"
target: "SYSTEM_OUT"
PatternLayout:
pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n"
RegexFilter:
regex: ".*GET /nevisauth/liveness.*"
onMatch: "DENY"
onMismatch: "ACCEPT"
Loggers:
Logger:
- name: "EsAuthStart"
level: "INFO"
- name: "org.apache.catalina.loader.WebappClassLoader"
level: "FATAL"
- name: "org.apache.catalina.startup.HostConfig"
level: "ERROR"
- name: "ch.nevis.esauth.events"
level: "FATAL"
- name: "AuthEngine"
level: "INFO"
- name: "HttpClient"
level: "TRACE"
- name: "OAuth2"
level: "DEBUG"
- name: "StdStates"
level: "DEBUG"
- name: "Vars"
level: "INFO"
- name: "ch.adnovum.cossa.CachingIDTokenVerifier"
level: "DEBUG"
- name: "ch.adnovum.cossa.CallPolicyVerificationAPI"
level: "DEBUG"
- name: "ch.adnovum.cossa.IDTokenVerifier"
level: "DEBUG"
- name: "ch.adnovum.cossa.IdTokenVerification"
level: "DEBUG"
- name: "ch.adnovum.cossa.KLPScopeToProfileBinding"
level: "DEBUG"
- name: "ch.adnovum.cossa.SimpleIDTokenValidator"
level: "DEBUG"
- name: "ch.adnovum.cossa.SimpleIDTokenVerifier"
level: "DEBUG"
- name: "ch.adnovum.cossa.TokenExchangeEndpoint"
level: "DEBUG"
- name: "ch.adnovum.cossa.TokenExchangeEndpointRefresh"
level: "DEBUG"
- name: "ch.adnovum.cossa.TokenGenerator"
level: "DEBUG"
Root:
level: "WARN"
additivity: "false"
AppenderRef:
- ref: "SERVER"

View File

@ -0,0 +1,13 @@
{
"application": "fakeapp1_b2b_internal",
"result": "PROCEED",
"additionalProperty": "yes",
"profiles": [{
"profileId": "12047881",
"description": "12047881 - Marco Mojana, Via Pratocarasso 40, 6500 Bellinzona",
"enabled": true,
"role": "PB",
"violatedPolicies": [],
"currentGtcAccepted": true
}]
}

View File

@ -0,0 +1,409 @@
{
"Client":[
{
"id":"Client_69d3027cf5ae36b9e2b18cc9cfd9f0fe",
"owner":"andrea",
"name":"klp-client",
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/Client_69d3027cf5ae36b9e2b18cc9cfd9f0fe",
"meta":[
{
"name":"klp_application1",
"value":"fakemobileoauth"
},
{
"name":"tokenExchangeAllowed",
"value":"true"
}
],
"otherAttributes":{
"client_name#de":"Fake OpenID de",
"client_name#fr":"Fake OpenID fr",
"client_name#it":"Fake OpenID it",
"client_name":"Fake OpenID en"
},
"scopes":[
{
"value":"MONITOR",
"resource_id":"ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
"resource_name":"MONITORING-AGB"
},
{
"value":"address",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"birthdate",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"email",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"name",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"no_consent_required",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"offline_access",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"openid",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"phone",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"phone_number",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"profile",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
}
],
"contacts":[
"br, g, o, io"
],
"valid_from":"2023-10-04T12:58:16.000Z",
"redirect_uris":[
"http://vkld02.pnet.ch:7024/obtainingTokens",
"https://fakeextint1.post.ch/openid/obtainingTokens"
],
"response_types":[
"code"
],
"grant_types":[
"authorization_code",
"refresh_token"
],
"token_exchange_allowed":true,
"client_id":"klp-client",
"client_secret":"fake-openid-secret",
"client_uri":"https://iam.post.ch",
"default_max_age":-1,
"confidentiality_type":"confidential",
"pkce_mode":"allowed",
"require_auth_time":false,
"token_endpoint_auth_method":"client_secret_basic",
"jwks_uri":"",
"logo_uri":"/login/resources/nevislogrend/applications/def/webdata/images/openid_connect.png",
"access_token_ttl":30,
"id_token_ttl":600,
"refresh_token_ttl":86400,
"presisted_consent_ttl":31104000,
"force_authentication":false,
"require_pushed_authorization_requests":false,
"id_token_signed_response_alg":"RS256",
"id_token_encrypted_response_alg":"none",
"id_token_encrypted_response_enc":"none"
},
{
"id":"Client_69d3027cf5ae36b9e2b18cc9cfd9f0fd",
"owner":"pippo",
"name":"COSSA - Monitoring Client",
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/Client_69d3027cf5ae36b9e2b18cc9cfd9f0fd",
"meta":[
{
"name":"klp_application",
"value":"cossa"
},
{
"name":"test_monitor_meta",
"value":"aaa"
},
{
"name":"Shop_DebiNr",
"value":"11111111111"
}
],
"otherAttributes":{
"client_name#de":"Fake OpenID de",
"client_name#fr":"Fake OpenID fr",
"client_name#it":"Fake OpenID it",
"client_name":"Fake OpenID en"
},
"scopes":[
{
"value":"MONITOR",
"resource_id":"ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
"resource_name":"MONITORING-AGB"
},
{
"value":"address",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"birthdate",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"email",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"name",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"no_consent_required",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"offline_access",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"openid",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"phone",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"phone_number",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
},
{
"value":"profile",
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"resource_name":"UserInfo"
}
],
"contacts":[
"pippo"
],
"valid_from":"2023-10-04T12:58:16.000Z",
"redirect_uris":[
"http://iam.post.ch/monitoring/cossa",
"https://iam.post.ch/monitoring/back",
"https://test.post.ch/pippo/back"
],
"response_types":[
"code"
],
"grant_types":[
"authorization_code",
"client_credentials",
"refresh_token"
],
"client_id":"14c3890f8d8f4da3efdd61d29f24caa3",
"client_secret":"e6678df835d5e1a6b45f4acbe3467ec2",
"client_uri":"https://iam.post.ch",
"default_max_age":-1,
"confidentiality_type":"confidential",
"pkce_mode":"allowed",
"require_auth_time":false,
"token_endpoint_auth_method":"client_secret_basic",
"jwks_uri":"",
"logo_uri":"/login/resources/nevislogrend/applications/def/webdata/images/openid_connect.png",
"access_token_ttl":30,
"id_token_ttl":600,
"refresh_token_ttl":86400,
"presisted_consent_ttl":31104000,
"force_authentication":false,
"require_pushed_authorization_requests":false,
"id_token_signed_response_alg":"RS256",
"id_token_encrypted_response_alg":"none",
"id_token_encrypted_response_enc":"none"
}
],
"ResourceServer":[
{
"id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
"owner":"oly",
"name":"UserInfo",
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/ResourceServer_561f4822c98d39267d95d3d62502e70f",
"meta":[
],
"otherAttributes":{
},
"scope":[
{
"value":"address",
"otherAttributes":{
"scope_name#fr":"Adresse",
"scope_name#it":"Indirizzo",
"scope_name#de":"Addresse",
"scope_description":"http://openid.com",
"scope_name#en":"Address"
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"birthdate",
"otherAttributes":{
"scope_name#fr":"Anniversaire",
"scope_name#it":"Data di nascita",
"scope_name#de":"Geburtstag",
"scope_name#en":"Birthday"
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"email",
"otherAttributes":{
"scope_name#fr":"Adresse e-mail",
"scope_name#it":"E-Mail",
"scope_name#de":"E-Mail",
"scope_description":"http://openid.com",
"scope_name#en":"E-mail address"
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"name",
"otherAttributes":{
"scope_name#fr":"Nom, Pr&eacute;nom",
"scope_name#it":"Cognome, Nome",
"scope_name#de":"Name, Vorname",
"scope_description":"Name",
"scope_name#en":"Last name, First name"
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"no_consent_required",
"otherAttributes":{
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"no_consent_required",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"offline_access",
"otherAttributes":{
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"no_consent_required",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"openid",
"otherAttributes":{
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"phone",
"otherAttributes":{
"scope_name#fr":"Num&eacute;ro de telefone",
"scope_name#it":"Numero di telefono",
"scope_name#de":"Telefonnummer",
"scope_description":"User Phone number",
"scope_name#en":"Phone number"
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"phone_number",
"otherAttributes":{
"scope_name#fr":"Num&eacute;ro de mobile",
"scope_name#it":"Numero di cellulare",
"scope_name#de":"Mobiltelefonnummer",
"scope_description":"User Phone number",
"scope_name#en":"Mobile phone number"
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
},
{
"value":"profile",
"otherAttributes":{
"scope_name#fr":"Nom, Pr&eacute;nom",
"scope_name#it":"Cognome, Nome",
"scope_name#de":"Name, Vorname",
"scope_description":"http://openid.com",
"scope_name#en":"Last name, First name"
},
"implicit_grant_policy":"disallowed",
"authorization_grant_policy":"consent_persisted",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
}
],
"valid_from":"2023-10-04T12:51:06.000Z",
"url":"https://apidev.pnet.ch/UserInfo"
},
{
"id":"ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
"owner":"oly",
"name":"MONITORING-AGB",
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
"meta":[
],
"otherAttributes":{
},
"scope":[
{
"value":"MONITOR",
"otherAttributes":{
"scope_description":"Monitoring platform test",
"scope_name":"Monitoring platform test"
},
"implicit_grant_policy":"no_consent_required",
"authorization_grant_policy":"no_consent_required",
"refresh_token_grant_policy":"no_consent_required",
"authentication_required":false
}
],
"valid_from":"2023-10-04T12:53:59.000Z",
"url":"https://www.post.ch/oauth/terms"
}
]
}

View File

@ -0,0 +1,16 @@
server:
name: "default"
protocol: "https"
port: "8991"
host: "0.0.0.0"
tls:
keystore: "/var/opt/keys/own/nai2-default-identity/keystore.p12"
keystore-passphrase: "${exec:/var/opt/keys/own/nai2-default-identity/keypass}"
client-auth: "required"
truststore: "/var/opt/keys/trust/nai2-default-tls-client-trust/truststore.p12"
truststore-passphrase: "${exec:/var/opt/keys/trust/nai2-default-tls-client-trust/keypass}"
management:
server:
port: "9000"
healthchecks:
enabled: "true"

View File

@ -0,0 +1,4 @@
otel.service.name = nai2
otel.traces.exporter = none
otel.metrics.exporter = none
otel.logs.exporter = none

View File

@ -0,0 +1,23 @@
// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth.
// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups.
// restore tokens
session.each { key, value ->
if (key.startsWith('outarg.token.')) {
def name = key.substring(7)
if (outargs.containsKey(name)) {
LOG.debug("not restoring token (outarg: $name) from session: outarg already set")
}
else {
LOG.debug("restoring token (outarg: $name) from session")
outargs.put(name, value)
}
}
}
// store tokens
outargs.each { name, value ->
if (name.startsWith('token.')) {
session.put('outarg.' + name, value)
}
}

View File

@ -0,0 +1,79 @@
#!/bin/bash
#
# NAME
# status.sh - Checks the status of the nevisAuth instance.
#
# SYNOPSIS
# status.sh
#
# DESCRIPTION
# Performs periodic checks until the instance is up or broken or timeout is reached.
# The script terminates when the process of the instance stops running.
# There are no arguments for this script.
#
# EXIT CODES
# 0 Instance is up.
# 1 Instance process is not running.
# 2 Instance is broken.
# 3 Timeout reached.
# Defines how much we should sleep between checking if the instance is up.
interval=1
# Defines how much we should wait the instance to start up until we give up and exit.
timeout=70
((end_time=${SECONDS}+$timeout))
# Checks if the process of the instance is still running.
# Arguments:
# None
# Returns:
# In case it is running, returns 0, otherwise non-zero (exit code of systemctl).
isProcessRunning() {
systemctl is-active --quiet nevisauth@default
IS_RUNNING=$?
return $IS_RUNNING
}
# Checks if the instance is up. (Attempts connecting to the instance)
# Arguments:
# None
# Returns:
# If the connection was successful and the instance up (is not broken), returns 0.
# If the connection was not successful, returns 1.
checkInstance() {
lsof -i :8991 -sTCP:LISTEN
EXIT_CODE=$?
return $EXIT_CODE
}
# This function encapsulates the logic of checking if the process is running and if the instance is up.
# In case the process is not running, exits with exit code 1.
# Arguments:
# None
# Returns:
# If the instance process is running, returns the result of the instance check function.
check() {
if isProcessRunning
then
checkInstance
CS=$?
return $CS
else
echo "Process is not running."
exit 1
fi
}
# Check the status of the instance periodically.
while ((${SECONDS} < ${end_time}))
do
sleep ${interval}
if check
then
echo "Instance is up."
exit 0
fi
done
echo "Exceeded check timeout (70s). Instance is down."
exit 3

View File

@ -0,0 +1,53 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisComponent"
metadata:
name: "nli"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nli"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "7dc20659babc66c4401ce0dd"
spec:
type: "NevisLogrend"
replicas: 1
version: "8.2405.0"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
server: 8988
management: 8997
resources:
limits:
cpu: "500m"
memory: "1000Mi"
requests:
cpu: "10m"
memory: "500Mi"
livenessProbe:
management:
httpGet:
path: "/nevislogrend/liveness"
periodSeconds: 5
timeoutSeconds: 6
readinessProbe:
server:
tcpSocket: true
periodSeconds: 5
timeoutSeconds: 4
startupProbe:
server:
tcpSocket: true
periodSeconds: 5
timeoutSeconds: 4
failureThreshold: 50
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-a70c85a598c6206ebfce3d9c27f4334238313639"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nli"
credentials: "git-credentials"
podSecurity:
policy: "baseline"
automountServiceAccountToken: false
timeZone: "Europe/Zurich"

View File

@ -0,0 +1,18 @@
schemaVersion: 1.0
instance:
type: "nevislogrend"
name: "default"
directory: "/var/opt/nevislogrend/default"
pid: "systemctl show nevislogrend@default -p MainPID | cut -d '=' -f2"
source:
url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/7dc20659babc66c4401ce0dd"
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "7dc20659babc66c4401ce0dd"
patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisLogrendDeployable"
resources:
ports:
- "0.0.0.0:8988"
control:
start: "systemctl restart nevislogrend@default"
stop: "systemctl stop nevislogrend@default"
status: "systemctl status nevislogrend@default"

View File

@ -0,0 +1,14 @@
RTENV_SECURITY_CHECK=no_shell
# only standalone deployment is supported with nevisAdmin 4
LOGREND_DEPLOY_TYPE=standalone
JAVA_OPTS=(
"-XX:+UseContainerSupport"
"-Dfile.encoding=UTF-8"
"-XX:MaxRAMPercentage=80.0"
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
)

View File

@ -0,0 +1,19 @@
Configuration:
monitorInterval: 60
Appenders:
Console:
- name: "SERVER"
target: "SYSTEM_OUT"
PatternLayout:
pattern: "[nevislogrend.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-40.40c %-5.5p %m%n"
RegexFilter:
regex: ".*GET /nevislogrend/health.*"
onMatch: "DENY"
onMismatch: "ACCEPT"
Loggers:
Logger: []
Root:
level: "WARN"
additivity: "false"
AppenderRef:
- ref: "SERVER"

View File

@ -0,0 +1,26 @@
application.accept.loginapplicationidfromuri=no
application.gui.litdict=yes
application.gui.substitution=yes
application.input.charset=UTF-8
application.inputs.htmlencode=yes
application.loginapp.current=
application.loginapp.default=cossa_realm
application.loginapp.override=header:channel
application.package.name=nevislogrend
application.render.content.type=text/html; charset=UTF-8
application.url.obfuscate=no
application.webdata.path={0}{2}{1}
application.webdata.pathparam=logrendresourcepath
application.webdata.pathparam.default=/login/resources
cache.revalidate.delay=15
cache.source=file
keytag.end=}
keytag.start=${
management.healthchecks.enabled=true
path.config=/var/opt/nevislogrend/default/conf
path.instance=/var/opt/nevislogrend/default
server.host=0.0.0.0
server.name=default
server.port=8988
server.protocol=http

View File

@ -0,0 +1,3 @@
ico=image/x-icon
woff=font/woff
woff2=font/woff2

View File

@ -0,0 +1,4 @@
otel.service.name = nli
otel.traces.exporter = none
otel.metrics.exporter = none
otel.logs.exporter = none

View File

@ -0,0 +1,26 @@
# source: pattern://8523f0587aa8cfa7008f8171
application.countries.default=CH
# source: pattern://8523f0587aa8cfa7008f8171
cache.file.exempt=
# source: pattern://8523f0587aa8cfa7008f8171
cache.filefolder.exempt=
# source: pattern://8523f0587aa8cfa7008f8171
application.language.source.1=param:language
# source: pattern://8523f0587aa8cfa7008f8171
application.language.source.2=cookie:LANG
# source: pattern://8523f0587aa8cfa7008f8171
application.language.source.3=gui
# source: pattern://8523f0587aa8cfa7008f8171
application.language.source.4=browser
# source: pattern://8523f0587aa8cfa7008f8171
application.languages=en,de,fr,it
# source: pattern://8523f0587aa8cfa7008f8171
application.languages.default=en
# source: pattern://7dc20659babc66c4401ce0dd
application.language.cookie.en=LANG:en
# source: pattern://7dc20659babc66c4401ce0dd
application.language.cookie.de=LANG:de
# source: pattern://7dc20659babc66c4401ce0dd
application.language.cookie.fr=LANG:fr
# source: pattern://7dc20659babc66c4401ce0dd
application.language.cookie.it=LANG:it

View File

@ -0,0 +1,6 @@
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
title=NEVIS SSO Portal

View File

@ -0,0 +1,6 @@
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
title=NEVIS SSO Portal

View File

@ -0,0 +1,6 @@
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
title=NEVIS SSO Portal

View File

@ -0,0 +1,6 @@
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
title=NEVIS SSO Portal

View File

@ -0,0 +1,6 @@
language.de=Deutsch
language.en=English
language.fr=Fran&ccedil;ais
language.it=Italiano
title=NEVIS SSO Portal

View File

@ -0,0 +1,165 @@
let baseURL; // base URL
let statusToken; // used to check progress
let dispatcherElement; // to display link or QR code
let infoElement; // to display info text
let errorElement; // to display error text
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
function submitStatus(status) {
// we have to do a form POST instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "status", status);
document.body.appendChild(form);
form.submit();
}
const Status = {
_pollInterval: 2 * 1000, // Check every 2 seconds
latest: null,
startPolling: function (token, uiCallback) {
let interval = setInterval(async () => {
await this._check(token).then(function (resp) {
console.log("Polling status: %o", resp);
uiCallback && uiCallback(resp, false);
return Status.latest = resp;
})
.catch(function (err) {
console.error("Error during polling: %o", err);
return false;
});
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
// Done!
console.log('Latest status is: %o', this.latest);
uiCallback && uiCallback(this.latest, true);
clearInterval(interval);
}
}, this._pollInterval);
},
_check: async function (token) {
const payload = { statusToken: token };
const response = await fetch(baseURL + 'api/v1/status', {
method: 'POST',
mode: 'cors',
cache: 'no-cache',
credentials: 'omit',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json;charset=utf-8'
},
body: JSON.stringify(payload),
redirect: 'follow',
referrerPolicy: 'no-referrer'
});
return await response.json();
}
};
function setDeepLinkLabel(button) {
const text = document.getElementsByName('info.deeplink')[0].value;
button.innerHTML = text;
}
function messageScanQR() {
const text = document.getElementsByName('info.qrcode')[0].value;
infoElement.innerHTML = text;
}
function messageCheckPhone() {
const text = document.getElementsByName('info.check.phone')[0].value;
infoElement.innerHTML = text;
}
const Element = {
_elem: null, // QR code or deep link depending on device
show: function (appLink) {
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
const isIphone = 'iPhone' === navigator.platform;
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
if (isAndroid || isIphone) {
this._elem = document.createElement('a');
this._elem.setAttribute('href', appLink);
this._elem.setAttribute('class', 'btn btn-primary');
this._elem.setAttribute('target', '_blank');
dispatcherElement.appendChild(this._elem);
setDeepLinkLabel(this._elem);
}
else {
const authenticationType = document.getElementsByName('authenticationType')[0].value;
if (authenticationType == 'push') {
messageCheckPhone();
}
else {
messageScanQR();
this._elem = document.createElement('canvas');
dispatcherElement.appendChild(this._elem);
var qrcode = new QRious({
element: this._elem,
foreground: "#168CA9",
level: "M",
size: 280,
value: appLink
});
}
}
},
hide: function() {
// hide the element which was shown
if (this._elem != null) {
this._elem.style.display = "none";
}
}
};
function authenticateUser(appLink) {
Element.show(appLink);
console.log('Starting Authentication Cloud status polling...');
Status.startPolling(statusToken, (st, done) => {
if (st.status === 'succeeded') {
console.log('Authentication Cloud login done.');
submitStatus('succeeded')
}
else if (st.status === 'failed') {
// failed: The transaction failed, either by timeout or because the user did not accept.
console.warn('Authentication Cloud login failed. User abort or timeout.');
submitStatus('failed')
}
else if (st.status === 'unknown') {
console.error('Authentication Cloud login failed. Unknown status.');
submitStatus('unknown')
}
});
}
function init() {
const form = document.getElementById('authcloud_login');
baseURL = form.url.value;
statusToken = form.statusToken.value;
infoElement = document.getElementById('authcloud_info');
errorElement = document.getElementById('authcloud_error');
dispatcherElement = document.getElementById('authcloud_dispatch');
const appLink = form.appLink.value;
authenticateUser(appLink);
}
window.onload = function() {
init();
};

View File

@ -0,0 +1,154 @@
let baseURL; // base URL
let statusToken; // used to check progress
let dispatcherElement; // to display link or QR code
let infoElement; // to display info text
let errorElement; // to display error text
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
function submitStatus(status) {
// we have to do a form POST instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "status", status);
document.body.appendChild(form);
form.submit();
}
const Status = {
_pollInterval: 2 * 1000, // Check every 2 seconds
latest: null,
startPolling: function (token, uiCallback) {
let interval = setInterval(async () => {
await this._check(token).then(function (resp) {
console.log("Polling status: %o", resp);
uiCallback && uiCallback(resp, false);
return Status.latest = resp;
})
.catch(function (err) {
console.error("Error during polling: %o", err);
return false;
});
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
// Done!
console.log('Latest status is: %o', this.latest);
uiCallback && uiCallback(this.latest, true);
clearInterval(interval);
}
}, this._pollInterval);
},
_check: async function (token) {
const payload = { statusToken: token };
const response = await fetch(baseURL + 'api/v1/status', {
method: 'POST',
mode: 'cors',
cache: 'no-cache',
credentials: 'omit',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json;charset=utf-8'
},
body: JSON.stringify(payload),
redirect: 'follow',
referrerPolicy: 'no-referrer'
});
return await response.json();
}
};
function setDeepLinkLabel(button) {
const text = document.getElementsByName('info.deeplink')[0].value;
button.innerHTML = text;
}
function messageScanQR() {
const text = document.getElementsByName('info.qrcode')[0].value;
infoElement.innerHTML = text;
}
const Element = {
_elem: null, // QR code or deep link depending on device
show: function (appLink) {
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
const isIphone = 'iPhone' === navigator.platform;
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
if (isAndroid || isIphone) {
this._elem = document.createElement('a');
this._elem.setAttribute('href', appLink);
this._elem.setAttribute('class', 'btn btn-primary');
this._elem.setAttribute('target', '_blank');
dispatcherElement.appendChild(this._elem);
setDeepLinkLabel(this._elem);
}
else {
messageScanQR();
this._elem = document.createElement('canvas');
dispatcherElement.appendChild(this._elem);
var qrcode = new QRious({
element: this._elem,
foreground: "#168CA9",
level: "M",
size: 280,
value: appLink
});
}
},
hide: function() {
// hide the element which was shown
if (this._elem != null) {
this._elem.style.display = "none";
}
}
};
function onboardUser(appLink) {
Element.show(appLink);
console.log('Starting Authentication Cloud status polling...');
Status.startPolling(statusToken, (st, done) => {
if (st.status === 'succeeded') {
console.log('Authentication Cloud onboarding done.');
submitStatus('succeeded')
}
else if (st.status === 'failed') {
// failed: The transaction failed, either by timeout or because the user did not accept.
console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
submitStatus('failed')
}
else if (st.status === 'unknown') {
console.error('Authentication Cloud onboarding failed. Unknown status.');
submitStatus('unknown')
}
});
}
function init() {
const form = document.getElementById('authcloud_onboard');
baseURL = form.url.value;
statusToken = form.statusToken.value;
infoElement = document.getElementById('authcloud_info');
errorElement = document.getElementById('authcloud_error');
dispatcherElement = document.getElementById('authcloud_dispatch');
const appLink = form.appLink.value;
onboardUser(appLink);
}
window.onload = function() {
init();
};

View File

@ -0,0 +1,87 @@
/*
* Base64URL-ArrayBuffer
* https://github.com/herrjemand/Base64URL-ArrayBuffer
*
* Copyright (c) 2017 Yuriy Ackermann <ackermann.yuriy@gmail.com>
* Copyright (c) 2012 Niklas von Hertzen
* Licensed under the MIT license.
*
*/
(function() {
"use strict";
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
// Use a lookup table to find the index.
var lookup = new Uint8Array(256);
for (var i = 0; i < chars.length; i++) {
lookup[chars.charCodeAt(i)] = i;
}
var encode = function(arraybuffer) {
var bytes = new Uint8Array(arraybuffer),
i, len = bytes.length, base64 = "";
for (i = 0; i < len; i+=3) {
base64 += chars[bytes[i] >> 2];
base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)];
base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)];
base64 += chars[bytes[i + 2] & 63];
}
if ((len % 3) === 2) {
base64 = base64.substring(0, base64.length - 1);
} else if (len % 3 === 1) {
base64 = base64.substring(0, base64.length - 2);
}
return base64;
};
var decode = function(base64) {
var bufferLength = base64.length * 0.75,
len = base64.length, i, p = 0,
encoded1, encoded2, encoded3, encoded4;
var arraybuffer = new ArrayBuffer(bufferLength),
bytes = new Uint8Array(arraybuffer);
for (i = 0; i < len; i+=4) {
encoded1 = lookup[base64.charCodeAt(i)];
encoded2 = lookup[base64.charCodeAt(i+1)];
encoded3 = lookup[base64.charCodeAt(i+2)];
encoded4 = lookup[base64.charCodeAt(i+3)];
bytes[p++] = (encoded1 << 2) | (encoded2 >> 4);
bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2);
bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63);
}
return arraybuffer;
};
/**
* Exporting and stuff
*/
if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {
module.exports = {
'encode': encode,
'decode': decode
}
} else {
if (typeof define === 'function' && define.amd) {
define([], function() {
return {
'encode': encode,
'decode': decode
}
});
} else {
window.base64url = {
'encode': encode,
'decode': decode
}
}
}
})();

View File

@ -0,0 +1,222 @@
/********************************************************
* Layout
********************************************************/
html { /* magic to position footer */
position: relative;
min-height: 100%;
}
body {
margin-bottom: 76px; /* == footer height */
}
.container, .container-fluid {
padding-left: 36px;
padding-right: 36px;
}
nav {
min-height: 100px;
padding: 36px;
}
header {
margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
}
.container {
min-width: 260px;
max-width: 700px;
}
h1 {
margin-bottom: 50px;
}
footer {
width: 100%;
position: absolute;
bottom: 0;
padding: 0 36px;
}
img {
width: 100%;
}
/********************************************************
* Header
********************************************************/
header .logo {
/* width: 20%;*/
/*max-width: 600px;*/
max-height: 150px;
width: auto;
}
/********************************************************
* Dropdown
********************************************************/
a.dropdown-toggle {
text-decoration: none;
}
a.dropdown-toggle:hover {
color: #168CA9;
border-bottom: 3px solid #168CA9;
}
.dropdown-menu {
padding: 5px 0;
}
.dropdown-menu li > a {
padding: 6px 28px;
}
.dropdown-menu a > .prefix {
display: inline-block;
min-width: 22px;
margin-right: 28px;
text-align: right;
}
/********************************************************
* Form
********************************************************/
/* Labels should not be bold */
label {
font-weight: normal;
}
/* Make error messages bold */
.has-error .help-block {
font-weight: bold;
}
/* Change button size, by default 116px in width */
.btn {
min-width: 116px;
padding: 3px 12px;
}
/* Disable gradient in buttons, ughhhh */
.btn.btn-primary {
border-color: transparent;
background-image: none;
text-shadow: none;
box-shadow: none;
-webkit-box-shadow: none;
}
.help-block a, .help-block a:visited {
color: #168CA9;
font-weight: bold;
text-decoration: none;
}
.help-block a:hover {
color: #168CA9;
text-decoration: underline;
}
/********************************************************
* Footer
********************************************************/
footer .row {
margin: 36px 0 0 0;
height: 40px;
padding-top: 14px;
line-height: 26px; /* to center text: height - padding-top = 26px */
border-top: 1px solid #168CA9;
}
footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
padding: 0;
}
footer .logo-round-container {
position: relative;
}
footer .logo-round {
position: absolute;
left: 0;
right: 0;
top: -33px; /* found visually with Chrome Dev Tools */
height: 36px;
width: 36px;
border: 1px solid #00868c;
border-radius: 18px;
background: #fff;
padding: 8px;
}
footer .logo-round > img {
display: block;
}
#dispatchTargets {
margin-top: 20px;
}
/********************************************************
* Social login
********************************************************/
.btn.line {
background-color: transparent;
display: block;
width: 100%;
padding: 0;
margin: 1.5em 0 1em;
border: 0.5px solid #ccc;
pointer-events: none;
}
.btn.socialLogin {
background-color: #fff;
border: thin solid #ccc;
color: #000;
font-weight: 600;
position: relative;
margin: 5px;
min-width: 140px;
width: 210px;
border-radius: 8px;
padding: 8px 12px;
text-align: left;
}
.socialLogin img {
width: 1.5em;
height: 108%;
margin-right: 0.5em;
}
.btn.apple img {
width: 1.2em;
}
/********************************************************
* Show password
********************************************************/
.icon-inside {
position: relative;
}
.icon-inside input {
padding-right: calc(0.75rem + 1.25rem + 0.75rem);
}
.icon-inside button {
position: absolute;
right: 0;
top: 0;
margin-top: 0.45rem;
margin-right: 0.45rem;
background: #FFFFFF;
border: #FFFFFF;
}

View File

@ -0,0 +1,36 @@
(function() {
var closeDropdownTimeout;
function closeDropdown(event) {
var dropdowns = document.querySelectorAll('.dropdown');
for (var i = 0; i < dropdowns.length; i++) {
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
dropdownMenu.style.display = 'none';
}
}
// remove event listener till we have a new dropdown menu open
if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
document.removeEventListener('click', closeDropdown);
}
}
var dropdowns = document.querySelectorAll('.dropdown');
for (var i = 0; i < dropdowns.length; i++) {
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
dropdowns[i].addEventListener('click', function(e) {
// show dropdown menu
var dropdownMenu = this.querySelector('.dropdown-menu');
dropdownMenu.style.display = 'block';
// handle clicking away
clearTimeout(closeDropdownTimeout);
closeDropdownTimeout = setTimeout(function() {
document.addEventListener('click', closeDropdown);
}, 10);
});
}
}());

View File

@ -0,0 +1,98 @@
var e2eenc = function() {
this.encryptForm = function(algoString, formId) {
// TODO: in case of an error we should return false, to prevent the for to be submitted
// or replace the fields with dummy values, just to prevent the the transmission
// of unencrypted values
// create the array of input fields to encrypt (needs to be done before setting the form
// invisible
var fieldsToEncrypt = new Array();
$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
// hide the form, and display the splash screen
$('#loginform').css('display','none');
$('#e2eeSplashScreen').css('display','block');
// encryption logic
var pubKey = $("input[name='e2eenc.publicKey']").val();
var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
var iv = forge.random.getBytesSync(16);
keyB64 = forge.util.encode64(kemSessionKey.key);
encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
ivB64 = forge.util.encode64(iv);
//console.log("Encrypting form " + formId + " (" + algoString + ")");
var fields = "";
$.each(fieldsToEncrypt, function(index, _inputField) {
var inputField = $(_inputField);
if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
//console.log("Encrypting field " + JSON.stringify(inputField));
var plainValue = inputField.val();
var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
//console.log("Setting encrypted value in b64: " + encryptedValueB64);
inputField.val(encryptedValueB64);
if (fields.length > 0) {
fields = fields + ","
}
fields = fields + inputField.attr("name");
}
});
$("input[name='e2eenc.iv']").val(ivB64);
$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
$("input[name='e2eenc.fields']").val(fields);
}
function getRSApublicKey(pem) {
//console.log("PEM: " + pem);
var msg = forge.pem.decode(pem)[0];
//console.log("msg type: " + msg.type);
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
}
// convert DER to ASN.1 object
var asn1obj = forge.asn1.fromDer(msg.body);
//console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
//console.log("PubKey: " + JSON.stringify(pubKey))
return pubKey;
}
function generateKEMSessionKey(rsaPublicKey) {
// generate key-derivation-function and initializes it with sha1
var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
// creates a KEM function based on the key-derivation-function created above
var kem = forge.kem.rsa.create(kdf1);
// generate and encapsulate a 16-byte secret key.
// The secret key is generated using the kdf defined above.
var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
// kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
return kemSessionKey;
}
function readPublicKeyAndGenerateSessionKey(pem) {
var rsaPublicKey = getRSApublicKey(pem);
//console.log("PubKey: " + JSON.stringify(rsaPublicKey))
var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
//console.log("KEM session key: " + JSON.stringify(kemSessionKey))
return kemSessionKey;
}
function encrypt(kemSessionKey, iv, msg) {
var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
cipher.start({iv: iv});
cipher.update(forge.util.createBuffer(msg, 'utf-8'));
cipher.finish();
var encrypted = cipher.output.getBytes();
encryptedB64 = forge.util.encode64(encrypted);
return encryptedB64;
}
};

View File

@ -0,0 +1,3 @@
<svg width="22" height="20" viewBox="0 0 22 20" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M2 1L5.58916 4.58916M20 19L16.4112 15.4112M12.8749 16.8246C12.2677 16.9398 11.6411 17 11.0005 17C6.52281 17 2.73251 14.0571 1.45825 9.99997C1.80515 8.8955 2.33851 7.87361 3.02143 6.97118M8.87868 7.87868C9.42157 7.33579 10.1716 7 11 7C12.6569 7 14 8.34315 14 10C14 10.8284 13.6642 11.5784 13.1213 12.1213M8.87868 7.87868L13.1213 12.1213M8.87868 7.87868L5.58916 4.58916M13.1213 12.1213L5.58916 4.58916M13.1213 12.1213L16.4112 15.4112M5.58916 4.58916C7.14898 3.58354 9.00656 3 11.0004 3C15.4781 3 19.2684 5.94291 20.5426 10C19.8357 12.2507 18.3545 14.1585 16.4112 15.4112" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>

After

Width:  |  Height:  |  Size: 769 B

View File

@ -0,0 +1,4 @@
<svg width="22" height="16" viewBox="0 0 22 16" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M14 8C14 9.65685 12.6569 11 11 11C9.34315 11 8 9.65685 8 8C8 6.34315 9.34315 5 11 5C12.6569 5 14 6.34315 14 8Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
<path d="M1.45825 7.99997C2.73253 3.94288 6.52281 1 11.0004 1C15.4781 1 19.2684 3.94291 20.5426 8.00004C19.2684 12.0571 15.4781 15 11.0005 15C6.52281 15 2.73251 12.0571 1.45825 7.99997Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>

After

Width:  |  Height:  |  Size: 585 B

View File

@ -0,0 +1,61 @@
(function() {
'use strict'
async function assertion(options) {
let credential;
try {
credential = await navigator.credentials.get({ "publicKey": options });
}
// Cancel and timeout can occur besides error
catch (error) {
console.error(`Failed to get WebAuthn credential: ${error}`);
throw error;
}
// as this is the last call we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "path", "/nevisfido/fido2/assertion/result")
addInput(form, "id", credential.id);
addInput(form, "type", credential.type);
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
addInput(form, "response.signature", base64url.encode(credential.response.signature));
document.body.appendChild(form);
form.submit();
}
function authenticate() {
// WebAuthn feature detection
if (!isWebAuthnSupportedByTheBrowser()) {
cancelFido2();
return;
};
const request = {};
request.path = "/nevisfido/fido2/attestation/options";
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
})
.then(res => res.json())
.then(options => {
options.challenge = base64url.decode(options.challenge);
options.allowCredentials = options.allowCredentials.map((c) => {
c.id = base64url.decode(c.id);
return c;
});
return assertion(options);
}).catch((error) => {
console.error(`Error during FIDO2 authentication: ${error}`);
cancelFido2();
});
}
authenticate();
})();

View File

@ -0,0 +1,175 @@
(function() {
'use strict'
async function authenticate(username, params) {
try {
const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params;
const { startAuthentication } = SimpleWebAuthnBrowser;
// fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use
const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint);
const fido2SessionId = authOptRespJson.fido2SessionId;
// do the client side authentication using the SimpleWebAuthn JS library
const authRespJson = await startAuthentication(authOptRespJson);
// in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests)
// then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it
if (!authRespJson.response.userHandle) {
const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint);
if (statusRespJson && statusRespJson.userId) {
console.log("adding userHandle: " + statusRespJson.userId);
authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle
}
else {
throw new Error('userHandle is missing and could not determine it using the status service');
}
}
else {
console.log("userHandle already set: " + authRespJson.response.userHandle);
}
// send the assertion response created by the authenticator to nevisFIDO
const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint);
// checking the server response of nevisFIDO
if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) {
let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error';
throw new Error('authentication failed: ' + errorMessage);
}
// send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the
// nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE
await updateNevisAuth(fido2SessionId, nevisAuthEndpoint);
console.log('authentication was successful');
console.log('reloading page...');
window.location.reload();
}
catch (error) {
console.error(`Error during FIDO2 authentication: ${error}`);
cancelFido2();
}
};
async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) {
const authOptReqJson = {
'username': username,
'userVerification': userVerification,
};
const authOptReq = JSON.stringify(authOptReqJson);
console.log('authOptReq ==> ' + authOptReq);
const authOptResp = await fetch(authenticationOptionsEndpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: authOptReq,
});
if (!authOptResp.ok) {
throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText);
}
const authOptRespJson = await authOptResp.json()
console.log('authOptResp <== ' + JSON.stringify(authOptRespJson));
return authOptRespJson;
};
async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) {
const statusReqJson = {
'fido2SessionId': fido2SessionId,
};
const statusReq = JSON.stringify(statusReqJson);
console.log('statusReq ==> ' + statusReq);
const statusResp = await fetch(statusServiceEndpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: statusReq,
});
if (!statusResp.ok) {
throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText);
}
const statusRespJson = await statusResp.json();
console.log('statusResp <== ' + JSON.stringify(statusRespJson));
return statusRespJson;
}
async function submitAssertion(authRespJson, authenticationEndpoint) {
console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle);
// TODO koenig 20230504: read btoa once nevisFIDO is adapted
let encodedAuthResp = {
"id": authRespJson.id,
"response": {
"authenticatorData": authRespJson.response.authenticatorData,
"signature": authRespJson.response.signature,
"userHandle": authRespJson.response.userHandle,
"clientDataJSON": authRespJson.response.clientDataJSON
},
"type": authRespJson.type
}
const authResp = JSON.stringify(encodedAuthResp);
console.log('authResp ==> ' + authResp);
const serverResp = await fetch(authenticationEndpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: authResp,
});
if (!serverResp.ok) {
throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText);
}
const serverRespJson = await serverResp.json();
console.log('serverResp <== ' + JSON.stringify(serverRespJson));
return serverRespJson;
};
async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) {
console.log('updateNevisAuth ==> ' + fido2SessionId);
const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, {
method: 'GET',
credentials: 'same-origin',
headers: {
'nevis-fido2-session-id': fido2SessionId,
}
});
if (!updateNevisAuthResponse.ok) {
throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText);
}
console.log('updateNevisAuth <== OK');
return;
};
// TODO koenig 20230206: we don't generate IDs into the HTML yet
let username = document.getElementsByName("username")[0].value;
params.nevisAuthEndpoint = window.location.href;
authenticate(username, params);
})();

View File

@ -0,0 +1,70 @@
function dispatch(name) {
// we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, name, "true");
document.body.appendChild(form);
form.submit();
}
async function attestation(options) {
let credential;
try {
credential = await navigator.credentials.create({ "publicKey": options });
}
// cancel and timeout can occur besides error
catch (error) {
console.error(`Failed to create WebAuthn credential: ${error}`);
throw error;
}
// as this is the last call we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "path", "/nevisfido/fido2/attestation/result")
addInput(form, "id", credential.id);
addInput(form, "type", credential.type);
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject));
document.body.appendChild(form);
form.submit();
}
function start() {
if (!isWebAuthnSupportedByTheBrowser()) {
dispatch("unsupported");
return;
};
const request = {};
request.path = "/nevisfido/fido2/attestation/options";
// calling nevisFIDO through nevisAuth on current URL using AJAX
fetch("", {
method: "POST",
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(request)
})
.then(res => res.json())
.then(options => {
options.user.id = base64url.decode(options.user.id);
options.challenge = base64url.decode(options.challenge);
if (options.excludeCredentials != null) {
options.excludeCredentials = options.excludeCredentials.map((c) => {
c.id = base64url.decode(c.id);
return c;
});
}
if (options.authenticatorSelection.authenticatorAttachment === null) {
options.authenticatorSelection.authenticatorAttachment = undefined;
}
return attestation(options);
}).catch((error) => {
console.log('Error during FIDO2 onboarding: ' + error);
dispatch("failed");
});
}

View File

@ -0,0 +1,40 @@
function addInput(form, name, value) {
const input = document.createElement("input");
input.name = name;
input.value = value;
form.appendChild(input);
}
/**
* Checks whether WebAuthn is supported by the browser or not.
* @return true if supported, false if it is not supported or not in secure context
*/
function isWebAuthnSupportedByTheBrowser() {
if (window.isSecureContext) {
// This feature is available only in secure contexts in some or all supporting browsers.
if ('credentials' in navigator) {
return true;
}
console.warn('Oh no! This browser does not support WebAuthn.');
return false;
}
console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".');
return false;
}
/**
* Trigger on cancel pattern of the FIDO2 authentication step.
*
* Provides an alternative when the user decides to
* cancel the fido2 credential operation(create or fetch) or
* the operation fails and the error cannot be handled.
*/
function cancelFido2() {
// we have to do a top-level request instead of AJAX
const form = document.createElement("form");
form.method = "POST";
form.style.display = "none";
addInput(form, "cancel_fido2", "true");
document.body.appendChild(form);
form.submit();
}

View File

@ -0,0 +1 @@
<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>

After

Width:  |  Height:  |  Size: 386 B

View File

@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<svg viewBox="0 0 24 24" width="24" height="24" xmlns="http://www.w3.org/2000/svg">
<g transform="matrix(1, 0, 0, 1, 27.009001, -39.238998)">
<path fill="#4285F4" d="M -3.264 51.509 C -3.264 50.719 -3.334 49.969 -3.454 49.239 L -14.754 49.239 L -14.754 53.749 L -8.284 53.749 C -8.574 55.229 -9.424 56.479 -10.684 57.329 L -10.684 60.329 L -6.824 60.329 C -4.564 58.239 -3.264 55.159 -3.264 51.509 Z"/>
<path fill="#34A853" d="M -14.754 63.239 C -11.514 63.239 -8.804 62.159 -6.824 60.329 L -10.684 57.329 C -11.764 58.049 -13.134 58.489 -14.754 58.489 C -17.884 58.489 -20.534 56.379 -21.484 53.529 L -25.464 53.529 L -25.464 56.619 C -23.494 60.539 -19.444 63.239 -14.754 63.239 Z"/>
<path fill="#FBBC05" d="M -21.484 53.529 C -21.734 52.809 -21.864 52.039 -21.864 51.239 C -21.864 50.439 -21.724 49.669 -21.484 48.949 L -21.484 45.859 L -25.464 45.859 C -26.284 47.479 -26.754 49.299 -26.754 51.239 C -26.754 53.179 -26.284 54.999 -25.464 56.619 L -21.484 53.529 Z"/>
<path fill="#EA4335" d="M -14.754 43.989 C -12.984 43.989 -11.404 44.599 -10.154 45.789 L -6.734 42.369 C -8.804 40.429 -11.514 39.239 -14.754 39.239 C -19.444 39.239 -23.494 41.939 -25.464 45.859 L -21.484 48.949 C -20.534 46.099 -17.884 43.989 -14.754 43.989 Z"/>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.3 KiB

View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>

After

Width:  |  Height:  |  Size: 347 B

Some files were not shown because too many files have changed in this diff Show More