Compare commits
No commits in common. "master" and "main" have entirely different histories.
|
@ -1,60 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisComponent"
|
|
||||||
metadata:
|
|
||||||
name: "nai"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "6ec6739e824c8e56d9633622"
|
|
||||||
spec:
|
|
||||||
type: "NevisAuth"
|
|
||||||
replicas: 1
|
|
||||||
version: "8.2405.2"
|
|
||||||
gitInitVersion: "1.3.0"
|
|
||||||
runAsNonRoot: true
|
|
||||||
ports:
|
|
||||||
management: 9000
|
|
||||||
soap: 8991
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: "2"
|
|
||||||
memory: "2000Mi"
|
|
||||||
requests:
|
|
||||||
cpu: "20m"
|
|
||||||
memory: "1000Mi"
|
|
||||||
livenessProbe:
|
|
||||||
soap:
|
|
||||||
tcpSocket: true
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 4
|
|
||||||
readinessProbe:
|
|
||||||
management:
|
|
||||||
httpGet:
|
|
||||||
path: "/nevisauth/liveness"
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 6
|
|
||||||
startupProbe:
|
|
||||||
management:
|
|
||||||
httpGet:
|
|
||||||
path: "/nevisauth/liveness"
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 6
|
|
||||||
failureThreshold: 50
|
|
||||||
podDisruptionBudget:
|
|
||||||
maxUnavailable: "50%"
|
|
||||||
git:
|
|
||||||
tag: "r-dc9307ba6bf7a7040f9e613d9fe7672b32664333"
|
|
||||||
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
|
|
||||||
credentials: "git-credentials"
|
|
||||||
keystores:
|
|
||||||
- "nai-default-identity"
|
|
||||||
- "nai-sh4r3d-default-default-signer"
|
|
||||||
truststores:
|
|
||||||
- "nai-default-tls-client-trust"
|
|
||||||
- "nai-default-default-signer-trust"
|
|
||||||
podSecurity:
|
|
||||||
policy: "baseline"
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
timeZone: "Europe/Zurich"
|
|
|
@ -1,14 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisTrustStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai-default-default-signer-trust"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "6ec6739e824c8e56d9633622"
|
|
||||||
spec:
|
|
||||||
keystores:
|
|
||||||
- name: "nai-sh4r3d-default-default-signer"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
|
@ -1,18 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisKeyStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai-default-identity"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "6ec6739e824c8e56d9633622"
|
|
||||||
spec:
|
|
||||||
cn: "nai"
|
|
||||||
usage: "<reserved for future use>"
|
|
||||||
san:
|
|
||||||
dns:
|
|
||||||
- "nai"
|
|
||||||
- "nai.adn-postit-tknxchng-01-dev"
|
|
||||||
email: []
|
|
|
@ -1,14 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisTrustStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai-default-tls-client-trust"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "6ec6739e824c8e56d9633622"
|
|
||||||
spec:
|
|
||||||
keystores:
|
|
||||||
- name: "npi-cossa-realm-identity"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisKeyStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai-sh4r3d-default-default-signer"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "6ec6739e824c8e56d9633622"
|
|
||||||
spec:
|
|
||||||
cn: "signer"
|
|
||||||
usage: "signer"
|
|
||||||
san:
|
|
||||||
dns: []
|
|
||||||
email: []
|
|
|
@ -1,18 +0,0 @@
|
||||||
schemaVersion: 1.0
|
|
||||||
instance:
|
|
||||||
type: "nevisauth"
|
|
||||||
name: "default"
|
|
||||||
directory: "/var/opt/nevisauth/default"
|
|
||||||
pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2"
|
|
||||||
source:
|
|
||||||
url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/6ec6739e824c8e56d9633622"
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "6ec6739e824c8e56d9633622"
|
|
||||||
patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable"
|
|
||||||
resources:
|
|
||||||
ports:
|
|
||||||
- "0.0.0.0:8991"
|
|
||||||
control:
|
|
||||||
start: "systemctl restart nevisauth@default &"
|
|
||||||
stop: "systemctl stop nevisauth@default"
|
|
||||||
status: "systemctl status nevisauth@default"
|
|
|
@ -1,19 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
|
|
||||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
|
||||||
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
|
|
||||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
|
||||||
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
|
|
||||||
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
|
|
||||||
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
|
|
||||||
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
|
|
||||||
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
|
|
||||||
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
|
|
||||||
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
|
|
||||||
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
|
|
||||||
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
|
|
||||||
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
|
|
||||||
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
|
|
||||||
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
|
|
||||||
Ix41vfiHmA==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,30 +0,0 @@
|
||||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
||||||
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
|
|
||||||
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
|
|
||||||
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
|
|
||||||
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
|
|
||||||
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
|
|
||||||
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
|
|
||||||
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
|
|
||||||
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
|
|
||||||
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
|
|
||||||
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
|
|
||||||
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
|
|
||||||
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
|
|
||||||
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
|
|
||||||
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
|
|
||||||
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
|
|
||||||
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
|
|
||||||
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
|
|
||||||
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
|
|
||||||
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
|
|
||||||
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
|
|
||||||
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
|
|
||||||
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
|
|
||||||
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
|
|
||||||
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
|
|
||||||
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
|
|
||||||
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
|
|
||||||
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
|
|
||||||
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
|
|
||||||
-----END ENCRYPTED PRIVATE KEY-----
|
|
|
@ -1,2 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
echo '09I1B4lsP4+KQB8dB3AeEyU4RawLttIo55+0EWPPh0I='
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,50 +0,0 @@
|
||||||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
||||||
MIIFKzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU1w+0ZNamq3X91Bur
|
|
||||||
d/pQZH7Yq+wCAggAMB0GCWCGSAFlAwQBKgQQ+NvXoFb05UDnOc75yNr/DQSCBNBD
|
|
||||||
m3o2GoHnMupzBuc4G7KdllLa2iaP0zkbK5SrJ2QlBWzei3K9PfyWsCSiGDoEL1fG
|
|
||||||
X8sjFmWDXiKg8z2KjZ8SAIVliMusz318hIjSkv7MOtcEKZ7uZ3C9e/AHl2CY55O7
|
|
||||||
OroDbvQfiexVyKS49vd8lex9DFZQ6nrhK7sQoygDeo469NoCJKu4s1Q657L8aeoQ
|
|
||||||
RSYBgtO3tThXIHqrW7FhuYGy8GSi8nI5axGTE7tfo3NqQo4Ap44a9W+vP8NsWUm+
|
|
||||||
WAyoErFTWxiuzXDU8LV2ziN4IZLsMZ0dgJjElIY6lAopr9YtjmKV+3IofYcy9BDa
|
|
||||||
q1WDfwqBBdoKdbMGLvXs8MBTPWbTinbiLGjNfRehtTdQ6zoVBYdxbPQBbw39vH2q
|
|
||||||
k2eLYsWuJmWQHfd3vCEc1B5kAgdAIiPSKvY5wRqb2cg1V/MjQRVZy7wHUBcYVx14
|
|
||||||
aXPqOgvkSLXYN3nt+X3PsubU5l/aOM9KCI2gT8j4AtvBjgVWzKglyVe5l0T8FGQ4
|
|
||||||
KMykvMwFQ2x6g63GyF+xfIM9XMVo8EJ7XNafz18CJ2s7HZ7Zv6twM2D2+xTaa9iq
|
|
||||||
CTcShTPVOLmnLfz6/3I7KKFMKOtm05rZTW7P3dOwcO8symm8qsfz5Kb4FC0H1Kmj
|
|
||||||
MAPO3vAhCIkHOsvrQiFP5RiIk2C+Ea1ygmSl5L3VC2eVA7Hy5FCDiZg7qJAWZqCH
|
|
||||||
ik/cttmzTKy44x2BvrPIKy5l37uGHFcRG/AgIY8hXo+1LUjeKpjjE9hs6MXSqyZh
|
|
||||||
zTkWFOXUkWFeBHrZqR45WO+ByVx7qD55pQmo2YMQ1q7fzM3VCzpO1OD1HAdhGWRu
|
|
||||||
3cin9Asj3+0X4SUknf/ZrVPGOdyj5Lj09ymL05hwYsiuAtWX3hH4I4ZYB6miJ3+F
|
|
||||||
rOnIPed/exXuCsq/H0+WWLilwDxO7VOamO3ggDKm0LebwTx+N8HQaKVXl7HYh5F8
|
|
||||||
Jmpp/bQrFswa42874GaZMJimyQx66SDsPTULjlk+0Ydc2gbWqvIbzBzerxlIm9nR
|
|
||||||
vWsx+V4+3Zvoom5Vwuo3P7Su3DAY142pn6cmqn77TSaMapWLK23tk24D7wUt6ROY
|
|
||||||
xRPfVuSgQ+u3xxDKmKLfFvdFbVx2YNmd174fQJFvr5cpwpMg/uqvnXdw6YwJugmd
|
|
||||||
hGtsodhd3aoX/BjTxkur2Aw4GFpXQYCdeioVFaOIPZDsmOokNcdVw45qC8xRn2Bx
|
|
||||||
VcZ24opYyGtnfl5DxOd2tl1dsKKxoVR4nWphHED//08ZfcUWaudeyIMfNJm790s7
|
|
||||||
8+0smUkQpd2f1Xc3YNBKwLN+U6hUme9DvSBoF6bQn/LEBGOSrE546W/Refytg907
|
|
||||||
SdHN1Qv5uDpFH7iIr44o/uIbwg0S1l/uLGNUR2o+ORt5SXh4fY6spjgCZc+UleUU
|
|
||||||
hjiGE8Nqh5fSvpnud7p2KPSUhuKcybQbKmn/mTBbP2GNaL2nHHXGRHO7MXGhZpHB
|
|
||||||
njmd8DyE+SOBtQTB+aLYlPGkRTNbFkJdyzc9gMCUJCEQs9CNrj/VGy4ZM41Khi3z
|
|
||||||
ZG2hJNjINqaZ5mzDJCdAHuNiwsvdhNqYJVVgPXl3ZkjcBbarZuAzxSih7FlEGDRs
|
|
||||||
43vyCSLp33X5o2gLVf9FsFRZgQxwZnJvaWl86OUWeA==
|
|
||||||
-----END ENCRYPTED PRIVATE KEY-----
|
|
||||||
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDAzCCAesCFFJeJMyjfQq6To7dqRpfc5oDX//oMA0GCSqGSIb3DQEBCwUAMD4x
|
|
||||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
|
||||||
DAYDVQQDDAVjb3NzYTAeFw0yNDExMDcxMzA3NTJaFw0yNTExMDcxMzA3NTJaMD4x
|
|
||||||
CzAJBgNVBAYTAkNIMQ0wCwYDVQQHDARCZXJuMRAwDgYDVQQKDAdBZG5vdnVtMQ4w
|
|
||||||
DAYDVQQDDAVjb3NzYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWq
|
|
||||||
kbFj7UAPDlzgqua7/ws43sIswHuhA400R3jKkHcvTC/QduDuDWoTeYkiQdv8lo7k
|
|
||||||
PVQA7tP//Pe+2O2wS0spNMrlw0Jv0MWeGlN1Jv5PH9TuOnL1nrd6w2OCKClnR7t3
|
|
||||||
xWZUEd3t4AtM/69VKNwSvVADt5yU6tifj1vCiE4uPoDkI8TNbT92aL2aDnq+VVRL
|
|
||||||
Eki5SpQ6ZGUlZGFGhMMOoA9efnTGqrJBsP3m50SAEUqTUpo1aH6IaJXorf8+zzEE
|
|
||||||
zWD4A13b0kvz75A9qh1rReYZgr1sQIfWwzoP76HQwpdEQsjnAteJi1SV7rSK/ekQ
|
|
||||||
+iuJ9ql2Mjpve8vsWrsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAE4GJgtYJRI3r
|
|
||||||
hAWb4ptd6ngPfvW6pNb8Q9do/k0yVmAzckibRVSgmCoTeFnArn56NB2nrZlpnncG
|
|
||||||
IYB5uVI7jiEHCTZRXG7JbI/MHiwkq5P+Mf+OlvJWgiWkKFteJS46GBVo6JFVAIbv
|
|
||||||
H/UEflHbeTbaSYsoH0Xv54S9IvIuv/IA7KooFRmuzRb10hBBV0EUdrGfdBHmSpQf
|
|
||||||
CiSMPOTqu3nzcms4O4DLHnW2kVRyrd/G0Lkg/FUGsN4ZHyYGSC36gUOFqubGy9GV
|
|
||||||
HJqM6758pE0Myk7LMFGd8MrlnYTeWgBnRlAmfzMVMWZaAaRGGZ5SwQrZmenVB1ne
|
|
||||||
Ix41vfiHmA==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,2 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
echo 'password'
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,38 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIGkzCCBHugAwIBAgIULa4PojoMOF/785XA2QNkLRQYTS4wDQYJKoZIhvcNAQEL
|
|
||||||
BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE
|
|
||||||
AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2Mjkw
|
|
||||||
OTMwNDdaFw0zNjA2MjkwOTMwNDdaMFAxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxT
|
|
||||||
d2lzc1NpZ24gQUcxKjAoBgNVBAMTIVN3aXNzU2lnbiBSU0EgVExTIEVWIElDQSAy
|
|
||||||
MDIyIC0gMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL61hlRf7Jxo
|
|
||||||
0msjavo1pgChwWBDYix5Zd0CnhciVYUCk30Ko6BxFBICoSsZ1gXGqlT20g/AYqYL
|
|
||||||
xuKcdNNAJ/LHT6k2zL3UhSpx+eHjeTGQ7id2jC1HKRZ9zA8YXdhtY3oJom7B3ykE
|
|
||||||
d/j0KVmHy9tP1A0rt3ntbJLfLIS6uWogx2KfFs8MwtoAZLiGvp49SHly6p450fcz
|
|
||||||
payPIWu12PfVQjLg7b9NitlDlYEWiCAL7R3jINw2yMwcdBvq2gy+ZZsiYkSb1m+h
|
|
||||||
ABOGxU6SCN6w7GgRWWveSaJBvRokUvIon/wsZK51j8RM4TsoR60Wei8ftSBL75BI
|
|
||||||
g9Us8dkBXDa8vqoDVpc9zs6pan5XN8KymNT52j4gEe161eYTtbiME4KdSWtVsA7e
|
|
||||||
rdkHsXKJTRIxxdpUkQXxhLXEoyDed/BVgV1yhTeN6YCFX7AiocAi5rPUplc6LV58
|
|
||||||
CCUWFMSWEJxOYQUrwWFLNzQMnE969hnvdhuO8ZeqtpwFwX/OLryWoil+jGobRm/1
|
|
||||||
OQS9+urcVygrzZ9Dy9Q/OF/oq9NeaijvL2Ncjkj5f6uJzgXkm7PwjnHrL2FWBkhp
|
|
||||||
oM/vyT1VAgWNoku3jIyedtyJ9lUECwPIzQuddQYOL8FwhaFmvtHnOLpiy2ctbwir
|
|
||||||
gJW+KcsNkpHg0N5stJcPzPvlssmNBHbNAgMBAAGjggFiMIIBXjBcBggrBgEFBQcB
|
|
||||||
AQRQME4wTAYIKwYBBQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci1h
|
|
||||||
ZWZmMzc0ZC0wZjdhLTRjNTUtYTAzNC0xNDQwMjkwY2ZhMzIwEgYDVR0TAQH/BAgw
|
|
||||||
BgEB/wIBADAoBgNVHSAEITAfMAcGBWeBDAEBMAgGBgQAj3oBBDAKBghghXQBWQIB
|
|
||||||
AzBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAt
|
|
||||||
OTY2MWMyOWYtOTEyMS00ZjQ2LWFjZDgtZWFkNGEyMmY3MTYwMB0GA1UdJQQWMBQG
|
|
||||||
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFElS
|
|
||||||
3zCGkllfNJwlSCSrwOvRBvLWMB8GA1UdIwQYMBaAFG+OYouTQ7DhQPanw/3xD7gP
|
|
||||||
FTilMA0GCSqGSIb3DQEBCwUAA4ICAQBugn943V4fbEbG+Leb4YXTWLLfPIC+mrdc
|
|
||||||
H6v1+Iws+XCzoKthaDk0c346mSaXZM9to5xDOWgfEnBYbVioMyI/5EABbg4ARkgp
|
|
||||||
dj50FPe9MtLD4kOZFv/8LoRH+WdAfQUsxS1RQincUnYWAxmRNOHLdnbyiQt3sYDl
|
|
||||||
6tZzURSMnMUec4stxfLT4VQE1Ew6Phr06CouYOd5ON+mWkFhROz3jx5PTXcECrqQ
|
|
||||||
IT27wJ4mzKA6W9p69ZDFi/+FcpN9vCjzksi0w8i62DwtbO8Pj3ZEOL8z6+cwXyT7
|
|
||||||
X7Zt96vufj+bsxFo1IXQ6cb2i13qpThSHL4NA1NhUbB/ipMbxNtBJ4fwtcG8SAUs
|
|
||||||
jRXgG/RYrXRorG90KU/dcezixY4yKnlIdkkhpV7h8jY2+XS7GbjaKee8pPeAFXgs
|
|
||||||
Hzdi+EhZvHOVfshaKL2CAELrYn8Tzo2Zt9zsbif8L7bPJROS3xqzn+GbCFt67/8Y
|
|
||||||
jTh84Taa4D49H6V+p01QPkvG7ub7Rw52fm56zY3mabbhbsREOceswsfunxSN/SOE
|
|
||||||
pLKVMopuVnRcwVIWmnzH9BlBhIzLqOS4kCYA5E5Irw217j/JTGVWEdMN0ar09nGh
|
|
||||||
WA2Eq8aDANjAP1bao/4nmxsFU2zKbTR40Tb7/HKB5jaItYdkz6ppnxQDLTWe7T6+
|
|
||||||
nGZwqmYtbQ==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accept
|
|
||||||
cancel.button.label=Cancel
|
|
||||||
continue.button.label=Continue
|
|
||||||
deputy.profile.label=(Deputy Profile)
|
|
||||||
error.saml.failed=Please close your browser and try again.
|
|
||||||
error_1=Please check your input.
|
|
||||||
error_10=Please select the correct user account.
|
|
||||||
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
|
|
||||||
error_101=The entered email address is not valid.
|
|
||||||
error_11=Please use another certficate or login with another credential type.
|
|
||||||
error_2=Please select another login name.
|
|
||||||
error_3=Your account will be locked if next authentication fails.
|
|
||||||
error_4=Your new password does not comply with the security policy. Please choose a different password.
|
|
||||||
error_5=Error in password confirmation.
|
|
||||||
error_50=The new password is too short.
|
|
||||||
error_55=The new password has to differ from old passwords.
|
|
||||||
error_6=Password change required.
|
|
||||||
error_7=Change of login ID required.
|
|
||||||
error_8=Your account has been locked due to repeated authentication failures.
|
|
||||||
error_81=No access card found, access from internet denied.
|
|
||||||
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
|
|
||||||
error_9=Session take over failed.
|
|
||||||
error_97=You are not authorized to access this resource.
|
|
||||||
error_98=Your account has been locked.
|
|
||||||
error_99=System problems. Please try later.
|
|
||||||
info.logout.confirmation=Please confirm that you want to log out.
|
|
||||||
info.logout.reminder=Your session on this application has expired. Try again with a login.
|
|
||||||
info.oauth.consent=Do you want to authorise this application to access your data?
|
|
||||||
info.timeout.page=Your session on this application has expired. Try again with a login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=You have successfully logged out.
|
|
||||||
method.certificate.label=Certificate
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=mTAN Code
|
|
||||||
method.oath.label=OATH Authenticator App
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Recovery Codes
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Never
|
|
||||||
policyFailure.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyFailure.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyFailure.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyFailure.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyFailure.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyFailure.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyFailure.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyFailure.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyInfo.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyInfo.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyInfo.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyInfo.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyInfo.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.title=The password has to comply with the following password policy:
|
|
||||||
reject.button.label=Deny
|
|
||||||
submit.button.label=Submit
|
|
||||||
tan.sent=Please enter the security code which has been sent to your mobile phone.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Client Authorization
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Akzeptieren
|
|
||||||
cancel.button.label=Abbrechen
|
|
||||||
continue.button.label=Weiter
|
|
||||||
deputy.profile.label=(Profil Stellvertreter)
|
|
||||||
error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
|
|
||||||
error_1=Bitte überprüfen Sie Ihre Eingabe.
|
|
||||||
error_10=Bitte wählen Sie den gewünschten Benutzer.
|
|
||||||
error_100=Zertifikat-Upload nicht möglich. Zertifikat bereits vorhanden. Bitte kontaktieren Sie Ihren Helpdesk.
|
|
||||||
error_101=Die angegebene E-Mail Adresse ist ungültig.
|
|
||||||
error_11=Bitte verwenden Sie ein anderes Zertifikat oder ein alternatives Authentisierungsmittel.
|
|
||||||
error_2=Bitte wählen Sie einen anderen Login-Namen.
|
|
||||||
error_3=Falls Ihr nächster Login fehlschlägt, wird Ihr Konto gesperrt.
|
|
||||||
error_4=Ihr neues Passwort wurde nicht akzeptiert. Bitte wählen Sie eines, das den Passwortvorgaben entspricht.
|
|
||||||
error_5=Die Eingabe zur Bestätigung des Passwortes ist falsch.
|
|
||||||
error_50=Das neue Passwort ist zu kurz.
|
|
||||||
error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden.
|
|
||||||
error_6=Passwortwechsel erforderlich.
|
|
||||||
error_7=Wechsel der Login-ID erforderlich.
|
|
||||||
error_8=Ihr Konto wurde infolge wiederholt fehlgeschlagener Authentisierung gesperrt.
|
|
||||||
error_81=Keine Rasterkarte gefunden, Zugang vom Internet verweigert.
|
|
||||||
error_83=Ihre Rasterkarte ist aufgebraucht. Bitte kontaktieren Sie Ihren Berater, um eine neue zu erhalten.
|
|
||||||
error_9=Die SSO-Session konnte nicht übernommen werden.
|
|
||||||
error_97=Sie verfügen nicht über die für den Zugriff auf diese Ressource benötigte Berechtigung.
|
|
||||||
error_98=Ihr Konto ist gesperrt.
|
|
||||||
error_99=Systemfehler. Bitte versuchen Sie es später.
|
|
||||||
info.logout.confirmation=Bitte bestätigen Sie, dass Sie sich abmelden möchten.
|
|
||||||
info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
|
|
||||||
info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben?
|
|
||||||
info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=Sie haben sich erfolgreich abgemeldet.
|
|
||||||
method.certificate.label=Zertifikat
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=mTAN-Code
|
|
||||||
method.oath.label=OATH Authenticator-App
|
|
||||||
method.otp.label=OTP (One-Time Passwort)
|
|
||||||
method.recovery.label=Wiederherstellungscodes
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Nie
|
|
||||||
policyFailure.dictionary=▪ darf nicht aus einem Wörterbuch stammen.
|
|
||||||
policyFailure.history.History=▪ muss sich von vorhergehenden Passwörtern unterscheiden.
|
|
||||||
policyFailure.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten.
|
|
||||||
policyFailure.regex.lower=▪ muss {0} Kleinbuchstaben enthalten.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten.
|
|
||||||
policyFailure.regex.maxLength=Länge des Passwortes darf höchstens {0} sein.
|
|
||||||
policyFailure.regex.minLength=Länge des Passwortes muss mindestens {0} sein.
|
|
||||||
policyFailure.regex.nonAlnum=▪ muss {0} nicht-alphanumerische Zeichen enthalten.
|
|
||||||
policyFailure.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
|
|
||||||
policyFailure.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten.
|
|
||||||
policyFailure.regex.nonLetter=▪ muss {0} Zeichen enthalten, die keine Buchstaben sind.
|
|
||||||
policyFailure.regex.numeric=▪ muss {0} numerische Zeichen enthalten.
|
|
||||||
policyFailure.regex.upper=▪ muss {0} Grossbuchstaben enthalten.
|
|
||||||
policyInfo.dictionary=▪ darf nicht aus einem Wörterbuch stammen.
|
|
||||||
policyInfo.history.History=▪ darf keines der zuletzt verwendeten Passwörtern sein.
|
|
||||||
policyInfo.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten.
|
|
||||||
policyInfo.regex.lower=▪ muss mindestens {0} Kleinbuchstaben enthalten.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten.
|
|
||||||
policyInfo.regex.maxLength=▪ darf höchstens {0} Zeichen enthalten.
|
|
||||||
policyInfo.regex.minLength=▪ muss mindestens {0} Zeichen enthalten.
|
|
||||||
policyInfo.regex.nonAlnum=▪ muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind.
|
|
||||||
policyInfo.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
|
|
||||||
policyInfo.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten.
|
|
||||||
policyInfo.regex.nonLetter=▪ muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind.
|
|
||||||
policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalten.
|
|
||||||
policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten.
|
|
||||||
policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen:
|
|
||||||
reject.button.label=Ablehnen
|
|
||||||
submit.button.label=Senden
|
|
||||||
tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Client Authorisierung
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accept
|
|
||||||
cancel.button.label=Cancel
|
|
||||||
continue.button.label=Continue
|
|
||||||
deputy.profile.label=(Deputy Profile)
|
|
||||||
error.saml.failed=Please close your browser and try again.
|
|
||||||
error_1=Please check your input.
|
|
||||||
error_10=Please select the correct user account.
|
|
||||||
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
|
|
||||||
error_101=The entered email address is not valid.
|
|
||||||
error_11=Please use another certficate or login with another credential type.
|
|
||||||
error_2=Please select another login name.
|
|
||||||
error_3=Your account will be locked if next authentication fails.
|
|
||||||
error_4=Your new password does not comply with the security policy. Please choose a different password.
|
|
||||||
error_5=Error in password confirmation.
|
|
||||||
error_50=The new password is too short.
|
|
||||||
error_55=The new password has to differ from old passwords.
|
|
||||||
error_6=Password change required.
|
|
||||||
error_7=Change of login ID required.
|
|
||||||
error_8=Your account has been locked due to repeated authentication failures.
|
|
||||||
error_81=No access card found, access from internet denied.
|
|
||||||
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
|
|
||||||
error_9=Session take over failed.
|
|
||||||
error_97=You are not authorized to access this resource.
|
|
||||||
error_98=Your account has been locked.
|
|
||||||
error_99=System problems. Please try later.
|
|
||||||
info.logout.confirmation=Please confirm that you want to log out.
|
|
||||||
info.logout.reminder=Your session on this application has expired. Try again with a login.
|
|
||||||
info.oauth.consent=Do you want to authorise this application to access your data?
|
|
||||||
info.timeout.page=Your session on this application has expired. Try again with a login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=You have successfully logged out.
|
|
||||||
method.certificate.label=Certificate
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=mTAN Code
|
|
||||||
method.oath.label=OATH Authenticator App
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Recovery Codes
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Never
|
|
||||||
policyFailure.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyFailure.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyFailure.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyFailure.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyFailure.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyFailure.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyFailure.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyFailure.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyInfo.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyInfo.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyInfo.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyInfo.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyInfo.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.title=The password has to comply with the following password policy:
|
|
||||||
reject.button.label=Deny
|
|
||||||
submit.button.label=Submit
|
|
||||||
tan.sent=Please enter the security code which has been sent to your mobile phone.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Client Authorization
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accepter
|
|
||||||
cancel.button.label=Abandonner
|
|
||||||
continue.button.label=Continuer
|
|
||||||
deputy.profile.label=(Profil du suppléant)
|
|
||||||
error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
|
|
||||||
error_1=Veuillez vérifier vos données, s.v.p.
|
|
||||||
error_10=Choisissez votre compte.
|
|
||||||
error_100=Téléchargement du certificat pas possible. Certificat existe déjà. Veuillez contacter le helpdesk s.v.p.
|
|
||||||
error_101=L'adresse e-mail é n'est pas valide.
|
|
||||||
error_11=Choisissez un autre certificat, s.v.p.
|
|
||||||
error_2=Choisissez un autre nom, s.v.p.
|
|
||||||
error_3=Si l'authentification ne réussit pas au prochain essai, votre compte sera bloqué.
|
|
||||||
error_4=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité
|
|
||||||
error_5=Votre confirmation du mot de passe ne correspond pas au mot de passe donné.
|
|
||||||
error_50=Le nouveau mot de passe est trop court.
|
|
||||||
error_55=Le nouveau mot de passe doit différer de l'ancien.
|
|
||||||
error_6=Veuillez changer votre mot de passe, s.v.p.
|
|
||||||
error_7=Veuillez changer votre login ID, s.v.p.
|
|
||||||
error_8=Votre compte n'est pas active.
|
|
||||||
error_81=Pas d'access card trouvé, l'accès par l'internet est refusé.
|
|
||||||
error_83=Votre access card n'est plus valable, veuillez contacter votre gestionnaire.
|
|
||||||
error_9=Il n'est pas possible de transmettre la session.
|
|
||||||
error_97=Vous n'avez pas les autorisations nécessaires pour accéder à cette ressource.
|
|
||||||
error_98=Votre compte a été bloqué.
|
|
||||||
error_99=Problème technique. Veuillez essayer plus tard, s.v.p.
|
|
||||||
info.logout.confirmation=Veuillez confirmer que vous souhaitez vous déconnecter.
|
|
||||||
info.logout.reminder=Votre session sur cette application a expirée. Essayez encore avec un login.
|
|
||||||
info.oauth.consent=Voulez-vous autoriser l'application?
|
|
||||||
info.timeout.page=Votre session sur cette application a expirée. Essayez encore avec un login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=Au revoir
|
|
||||||
method.certificate.label=Certificat
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=Code mTAN
|
|
||||||
method.oath.label=Application d'authentification OATH
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Codes de récupération
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Jamais
|
|
||||||
policyFailure.dictionary=▪ ne peut pas être pris d'un dictionnaire.
|
|
||||||
policyFailure.history.History=▪ doit être différent des mots de passe préalablement sélectionnés.
|
|
||||||
policyFailure.regex.control=▪ ne peut contenir plus de {0} caractères de commande.
|
|
||||||
policyFailure.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s).
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère.
|
|
||||||
policyFailure.regex.maxLength=La longueur doit être d'au plus {0}.
|
|
||||||
policyFailure.regex.minLength=La longueur doit être d'au moins {0}.
|
|
||||||
policyFailure.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques.
|
|
||||||
policyFailure.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII ({1}).
|
|
||||||
policyFailure.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables ({1}).
|
|
||||||
policyFailure.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres.
|
|
||||||
policyFailure.regex.numeric=▪ doit comprendre {0} caractères numériques.
|
|
||||||
policyFailure.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
|
|
||||||
policyInfo.dictionary=▪ ne peut pas être pris d'un dictionnaire.
|
|
||||||
policyInfo.history.History=▪ ne peut pas être l' précédemment choisis.
|
|
||||||
policyInfo.regex.control=▪ ne peut contenir plus de {0} caractères de commande.
|
|
||||||
policyInfo.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s).
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère.
|
|
||||||
policyInfo.regex.maxLength=▪ la longueur doit être d'au plus {0}.
|
|
||||||
policyInfo.regex.minLength=▪ la longueur doit être d'au moins {0}.
|
|
||||||
policyInfo.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques.
|
|
||||||
policyInfo.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII.
|
|
||||||
policyInfo.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables.
|
|
||||||
policyInfo.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres.
|
|
||||||
policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères numériques.
|
|
||||||
policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
|
|
||||||
policyInfo.title=Le mot de passe doit respecter les règles suivantes:
|
|
||||||
reject.button.label=Refuser
|
|
||||||
submit.button.label=Envoyer
|
|
||||||
tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Autorisation du client
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accettare
|
|
||||||
cancel.button.label=Abortire
|
|
||||||
continue.button.label=Continua
|
|
||||||
deputy.profile.label=(profilo del delegato)
|
|
||||||
error.saml.failed=Chiudi il browser e riprova.
|
|
||||||
error_1=Verificare i dati immessi.
|
|
||||||
error_10=Per favore selezionare il conto utente corretto.
|
|
||||||
error_100=Impossibile caricare il certificato. Questo certificato esiste già. La preghiamo di contattare il Suo help desk.
|
|
||||||
error_101=L'indirizzo e-mail inserito non è valido.
|
|
||||||
error_11=Scegliere un altro certificato.
|
|
||||||
error_2=Per favore scegliere un altro nome.
|
|
||||||
error_3=Il conto verrà bloccato se il prossimo login non andrà a buon fine.
|
|
||||||
error_4=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password.
|
|
||||||
error_5=La conferma della password è errata.
|
|
||||||
error_50=La nuova password è troppo corta.
|
|
||||||
error_55=La nuova password deve essere diversa dalla vecchia.
|
|
||||||
error_6=È necessario modificare la password.
|
|
||||||
error_7=Set up inizale dell'account per il portale necessario.
|
|
||||||
error_8=L'account è stato bloccato. Rivolgersi al servizio assistenza oppure provare con un altro strumento di autenticazione.
|
|
||||||
error_81=Nessuna carta di accesso trovata, accesso da internet rifiutato.
|
|
||||||
error_83=La sua carta di accesso non è più valida. Per favore contatti il suo assistente per ricevere una nuova carta di accesso.
|
|
||||||
error_9=La sessione non può essere ripresa.
|
|
||||||
error_97=Non si dispone delle autorizzazioni necessarie per accedere a questa risorsa.
|
|
||||||
error_98=L'account è stato bloccato.
|
|
||||||
error_99=Errore di sistema. Riprovare.
|
|
||||||
info.logout.confirmation=Si prega di confermare che si desidera disconnettersi.
|
|
||||||
info.logout.reminder=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login.
|
|
||||||
info.oauth.consent=Vuoi consentire all'applicazione?
|
|
||||||
info.timeout.page=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=È uscito con successo.
|
|
||||||
method.certificate.label=Certificato
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=Codice mTAN
|
|
||||||
method.oath.label=App di autenticazione OATH
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Codici di ripristino
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Mai
|
|
||||||
policyFailure.dictionary=▪ non può essere presa da un dizionario.
|
|
||||||
policyFailure.history.History=▪ deve essere diversa da password precedenti.
|
|
||||||
policyFailure.regex.control=▪ non può contenere più di {0} caratteri di controllo.
|
|
||||||
policyFailure.regex.lower=▪ deve conenere almeno {0} caratteri minuscoli.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali.
|
|
||||||
policyFailure.regex.maxLength=▪ deve contenere al massimo {0} caratteri.
|
|
||||||
policyFailure.regex.minLength=▪ deve contenere almeno {0} caratteri.
|
|
||||||
policyFailure.regex.nonAlnum=▪ deve conenere almeno {0} caratteri non alfanumerici.
|
|
||||||
policyFailure.regex.nonAscii=▪ non può contenere più di {0} caratteri non ASCII.
|
|
||||||
policyFailure.regex.nonGraph=▪ non può contenere più di {0} caratteri non stampabili.
|
|
||||||
policyFailure.regex.nonLetter=▪ non può contenere più di {0} numeri o caratteri speciali.
|
|
||||||
policyFailure.regex.numeric=▪ deve contenere {0} caratteri numerici.
|
|
||||||
policyFailure.regex.upper=▪ deve conenere almeno {0} caratteri maiuscoli.
|
|
||||||
policyInfo.dictionary=▪ non può essere presa da un dizionario.
|
|
||||||
policyInfo.history.History=▪ deve essere diversa dalle password precedenti.
|
|
||||||
policyInfo.regex.control=▪ non può contenere più di {0} carattere/i di controllo.
|
|
||||||
policyInfo.regex.lower=▪ deve conenere almeno {0} carattere/i minuscolo/i.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali.
|
|
||||||
policyInfo.regex.maxLength=▪ deve contenere al massimo {0} carattere/i.
|
|
||||||
policyInfo.regex.minLength=▪ deve contenere almeno {0} carattere/i.
|
|
||||||
policyInfo.regex.nonAlnum=▪ deve conenere almeno {0} carattere/i non alfanumerico/i.
|
|
||||||
policyInfo.regex.nonAscii=▪ non può contenere più di {0} carattere/i non ASCII.
|
|
||||||
policyInfo.regex.nonGraph=▪ non può contenere più di {0} carattere/i non stampabile/i.
|
|
||||||
policyInfo.regex.nonLetter=▪ non può contenere più di {0} numero/i o caratere/i speciale/i.
|
|
||||||
policyInfo.regex.numeric=▪ deve contenere un minimo di {0} carattere/i numerico/i.
|
|
||||||
policyInfo.regex.upper=▪ deve conenere almeno {0} carattere/i maiuscolo/i.
|
|
||||||
policyInfo.title=La password deve rispettare le seguenti direttive:
|
|
||||||
reject.button.label=Rifiuti
|
|
||||||
submit.button.label=Continua
|
|
||||||
tan.sent=Inserisci il codice di sicurezza che è stato inviato al tuo telefono cellulare.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Autorizzazione del client
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1 +0,0 @@
|
||||||
bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory
|
|
|
@ -1,19 +0,0 @@
|
||||||
RTENV_SECURITY_CHECK=no_shell
|
|
||||||
|
|
||||||
JAVA_OPTS=(
|
|
||||||
"-XX:+UseContainerSupport"
|
|
||||||
"-Dfile.encoding=UTF-8"
|
|
||||||
"-XX:MaxRAMPercentage=80.0"
|
|
||||||
"-Djava.net.preferIPv4Stack=true"
|
|
||||||
"-Djava.net.connectionTimeout=10000"
|
|
||||||
"-Djava.net.readTimeout=15000"
|
|
||||||
"-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml"
|
|
||||||
"-Djava.awt.headless=true"
|
|
||||||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
|
||||||
"-Dotel.javaagent.logging=application"
|
|
||||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
|
||||||
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
|
||||||
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/tls-swissid/truststore.p12"
|
|
||||||
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/tls-swissid/keypass}"
|
|
||||||
)
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
# this file is generated by nevisAdmin 4
|
|
||||||
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
|
|
|
@ -1,338 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
|
|
||||||
<esauth-server instance="nai">
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<LocalSessionStore maxSessions="100000"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<TokenAssembler name="DefaultTokenAssembler">
|
|
||||||
<Selector default="true"/>
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<TokenSpec ttl="28800">
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.userid" as="userid"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.entryid" as="entryid"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.loginid" as="loginId"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.domain" as="domain"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<field src="session" key="ch.nevis.session.secroles" as="roles"/>
|
|
||||||
</TokenSpec>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<Signer key="DefaultSigner"/>
|
|
||||||
</TokenAssembler>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<KeyStore name="DefaultKeyStore">
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
|
|
||||||
</KeyStore>
|
|
||||||
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
|
|
||||||
<KeyStore name="JwtToken">
|
|
||||||
<!-- source: pattern://d9ea344685ab4a9bb0e1e3e7 -->
|
|
||||||
<KeyObject name="tokensigner" certificate="/var/opt/keys/own/tokensigner/cert.pem" privateKey="/var/opt/keys/own/tokensigner/keystore.jks" passPhrase="pipe:///var/opt/keys/own/tokensigner/keypass"/>
|
|
||||||
</KeyStore>
|
|
||||||
</SessionCoordinator>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
|
|
||||||
<LocalOutOfContextDataStore reaperPeriod="60"/>
|
|
||||||
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
|
||||||
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint"/>
|
|
||||||
<Entry method="authenticate" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
|
||||||
<Entry method="logout" state="cossa_realm_AuthorizationServer"/>
|
|
||||||
<Entry method="logout" state="cossa_realm_AuthorizationServer" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
|
||||||
<Entry method="stepup" state="cossa_realm_Selector"/>
|
|
||||||
<Entry method="stepup" state="cossa_realm_TokenExchangeEndpoint" selector="${request:currentResource:^http[s]?\u003A//[^/]+/token/.*$:true}"/>
|
|
||||||
</Domain>
|
|
||||||
<AuthState name="cossa_realm_TokenExchangeEndpoint" class="ch.adnovum.cossa.TokenExchangeEndpoint" authLevel="auth.weak" final="false" resumeState="true">
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="invalid_client" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="invalid_grant" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="invalid_request" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="invalid_scope" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="ok" next="cossa_realm_IdTokenVerification"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="refresh_token" next="cossa_realm_RewriteRequestForAuthorizationServerAuthstate"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="unauthorized_client" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<ResultCond name="unsupported_grant_type" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<Response value="AUTH_CONTINUE">
|
|
||||||
<!-- source: pattern://89578db79d2bc15d55e11141 -->
|
|
||||||
<Gui name="Default"/>
|
|
||||||
</Response>
|
|
||||||
<propertyRef name="cossa_realm_AuthorizationServer"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_auth_failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
|
||||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
|
||||||
<Gui name="Error">
|
|
||||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
|
||||||
<GuiElem name="info" type="error" label="error_99"/>
|
|
||||||
<!-- source: pattern://72e29eb80a951e518ce123e4 -->
|
|
||||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
|
||||||
</Gui>
|
|
||||||
</Response>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_IdTokenVerification" class="ch.adnovum.cossa.IdTokenVerification" final="false" resumeState="false">
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<ResultCond name="failed" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<ResultCond name="invalid_grant" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<ResultCond name="ok" next="cossa_realm_klpscope"/>
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<Response value="AUTH_CONTINUE">
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<Gui name="Default"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<property name="well_known_url" value="https://login.sandbox.pre.swissid.ch/idp/oauth2/.well-known/openid-configuration"/>
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<property name="httpclient.tls.trustAll" value="true"/>
|
|
||||||
<!-- source: pattern://a976546c6a56dc04c0d34592 -->
|
|
||||||
<property name="use_caching" value="false"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_RewriteRequestForAuthorizationServerAuthstate" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
|
||||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
|
||||||
<ResultCond name="ok" next="cossa_realm_AuthorizationServer"/>
|
|
||||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
|
||||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
|
||||||
<property name="inargs:grant_type" value="refresh_token"/>
|
|
||||||
<!-- source: pattern://b6cbd53b8eee023b6d65f62d -->
|
|
||||||
<property name="inargs:refresh_token" value="${inargs:subject_token}"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_AuthorizationServer" class="ch.nevis.esauth.auth.states.oauth2.AuthorizationServer" final="false" resumeState="true">
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<ResultCond name="authenticate:valid-authorization-request" next="cossa_realm_simulatelogin"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<ResultCond name="invalid-authorization-request" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<ResultCond name="invalid-client" next="cossa_realm_JwtToken"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<ResultCond name="invalid-redirect-uri" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<ResultCond name="invalid-token-request" next="cossa_realm_auth_failed"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<ResultCond name="stepup:valid-authorization-request" next="cossa_realm_simulatelogin"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="keystoreref" value="JwtToken"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="jwt.bearer.aud" value="testaudience"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="keyobjectref" value="tokensigner"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="keyID" value="tokensigner"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="openid.idTokenLifetime" value="600"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="authCodeLifetime" value="60"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="propagationScope" value="session"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="dataSource" value="nevisMeta"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="nevismeta.location" value="https://hans.agov-d.azure.adnovum.net/nevismeta/rest/modules/oauthv2/setups/Setup_00000000000000000000000000000000/entities/"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="openid.support" value="true"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="openid.issuerId" value="https://cossa.agov-w.azure.adnovum.net"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.openid" value=""/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.openid.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.openid.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.openid.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.openid.clientCredentialsFlowPolicy" value="true"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.offline_access" value=""/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.offline_access.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.offline_access.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.offline_access.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.offline_access.clientCredentialsFlowPolicy" value="true"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.address" value=""/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.address.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.address.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.address.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.address.clientCredentialsFlowPolicy" value="true"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.profile" value=""/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.profile.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.profile.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.profile.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.profile.clientCredentialsFlowPolicy" value="true"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.email" value=""/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.email.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.email.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.email.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.email.clientCredentialsFlowPolicy" value="true"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.phone" value=""/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.phone.authorizationCodeFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.phone.refreshTokenRequestPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.phone.implicitFlowPolicy" value="NO_CONSENT_REQUIRED"/>
|
|
||||||
<!-- source: pattern://e02a36447ce2d3c66d8d81c0 -->
|
|
||||||
<property name="scope.phone.clientCredentialsFlowPolicy" value="true"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_klpscope" class="ch.adnovum.cossa.KLPScopeToProfileBinding" final="false" resumeState="true">
|
|
||||||
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
|
|
||||||
<ResultCond name="default" next="cossa_realm_CallPolicyVerificationAPI"/>
|
|
||||||
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
|
|
||||||
<Response value="AUTH_CONTINUE"/>
|
|
||||||
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
|
|
||||||
<property name="prioritiesSource" value="klp-profiles.conf"/>
|
|
||||||
<!-- source: pattern://9c293034211ea47bd3e9c12b -->
|
|
||||||
<property name="profileExpression" value="oauth2.scope.${notes:scope}.metadata.klp_profile"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_simulatelogin" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<property name="request:UserId" value="39c985c5-a1e8-4c64-8c34-aeac0cd82109"/>
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<property name="roles:add" value="1"/>
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<property name="session:ch.adnovum.nevisidm.clientId" value="100"/>
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<property name="session:ch.adnovum.nevisidm.profileId" value="a6d8860a-26b7-420c-8c3d-1f531d9fd968"/>
|
|
||||||
<!-- source: pattern://680c047dd9a5220fae3c9c3e -->
|
|
||||||
<property name="session:ch.nevis.session.loginid" value="meta.admin@adnovum.ch"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_JwtToken" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="true">
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<Response value="AUTH_ERROR"/>
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<property name="out.audience" value="https://www.adnovum.ch"/>
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<property name="out.issuer" value="https://my.nevis.server"/>
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<property name="out.time_to_live" value="86400"/>
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<property name="token.algorithm" value="RS256"/>
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<property name="keystoreref" value="JwtToken"/>
|
|
||||||
<!-- source: pattern://a1e5d0192e082e689465a0c9 -->
|
|
||||||
<property name="keyobjectref" value="tokensigner"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_CallPolicyVerificationAPI" class="ch.adnovum.cossa.CallPolicyVerificationAPI" final="false" resumeState="false">
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<ResultCond name="multiple_profiles" next="cossa_realm_Authentication_Failed"/>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<ResultCond name="no_valid_profile" next="cossa_realm_Authentication_Failed"/>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<Response value="AUTH_CONTINUE">
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<Gui name="Default"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<property name="evaluatePoliciesForAllProfiles" value="false"/>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<property name="klpURL" value="https://klp.agov-w.azure.adnovum.net/api/endpoint"/>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<property name="basicAuthUsername" value="testbasicauth"/>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<property name="basicAuthPassword" value="testtesttest"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<Response value="AUTH_DONE">
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<Gui name="ContinueResponse"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<Gui name="Error">
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<GuiElem name="info" type="error" label="error_99"/>
|
|
||||||
<!-- source: pattern://5daa6d4f525b11a4e9b0ea79 -->
|
|
||||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
|
||||||
</Gui>
|
|
||||||
</Response>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<Response value="AUTH_DONE">
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<Gui name="ContinueResponse"/>
|
|
||||||
</Response>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
|
|
||||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
||||||
</Response>
|
|
||||||
</AuthState>
|
|
||||||
</AuthEngine>
|
|
||||||
<!-- source: pattern://b0fedec4607e1e69103b8497 -->
|
|
||||||
<RESTService name="rest" class="ch.nevis.esauth.rest.service.tokenintrospection.TokenIntrospectionService" path="/oauth/introspect2/">
|
|
||||||
<!-- source: pattern://b0fedec4607e1e69103b8497 -->
|
|
||||||
<property name="authstates" value="cossa_realm_AuthorizationServer"/>
|
|
||||||
</RESTService>
|
|
||||||
</esauth-server>
|
|
|
@ -1,25 +0,0 @@
|
||||||
suisseid_auth_address_verified
|
|
||||||
suisseid_auth_address_required
|
|
||||||
suisseid_auth_mobile_verified
|
|
||||||
suisseid_auth_mobile_required
|
|
||||||
suisseid_auth_phone_required
|
|
||||||
suisseid_auth
|
|
||||||
password_auth_address_verified
|
|
||||||
password_auth_address_required
|
|
||||||
password_auth_mobile_verified
|
|
||||||
password_auth_mobile_required
|
|
||||||
password_auth_phone_required
|
|
||||||
password_auth
|
|
||||||
email_auth_address_verified
|
|
||||||
email_auth_address_required
|
|
||||||
email_auth_mobile_verified
|
|
||||||
email_auth_mobile_required
|
|
||||||
email_auth_phone_required
|
|
||||||
email_auth
|
|
||||||
autologin_auth_address_verified
|
|
||||||
autologin_auth_address_required
|
|
||||||
autologin_auth_mobile_verified
|
|
||||||
autologin_auth_mobile_required
|
|
||||||
autologin_auth_phone_required
|
|
||||||
autologin_auth
|
|
||||||
default
|
|
|
@ -1,57 +0,0 @@
|
||||||
Configuration:
|
|
||||||
monitorInterval: 60
|
|
||||||
Appenders:
|
|
||||||
Console:
|
|
||||||
- name: "SERVER"
|
|
||||||
target: "SYSTEM_OUT"
|
|
||||||
PatternLayout:
|
|
||||||
pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n"
|
|
||||||
RegexFilter:
|
|
||||||
regex: ".*GET /nevisauth/liveness.*"
|
|
||||||
onMatch: "DENY"
|
|
||||||
onMismatch: "ACCEPT"
|
|
||||||
Loggers:
|
|
||||||
Logger:
|
|
||||||
- name: "EsAuthStart"
|
|
||||||
level: "INFO"
|
|
||||||
- name: "org.apache.catalina.loader.WebappClassLoader"
|
|
||||||
level: "FATAL"
|
|
||||||
- name: "org.apache.catalina.startup.HostConfig"
|
|
||||||
level: "ERROR"
|
|
||||||
- name: "ch.nevis.esauth.events"
|
|
||||||
level: "FATAL"
|
|
||||||
- name: "AuthEngine"
|
|
||||||
level: "INFO"
|
|
||||||
- name: "HttpClient"
|
|
||||||
level: "TRACE"
|
|
||||||
- name: "OAuth2"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "StdStates"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "Vars"
|
|
||||||
level: "INFO"
|
|
||||||
- name: "ch.adnovum.cossa.CachingIDTokenVerifier"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.CallPolicyVerificationAPI"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.IDTokenVerifier"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.IdTokenVerification"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.KLPScopeToProfileBinding"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.SimpleIDTokenValidator"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.SimpleIDTokenVerifier"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.TokenExchangeEndpoint"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.TokenExchangeEndpointRefresh"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.TokenGenerator"
|
|
||||||
level: "DEBUG"
|
|
||||||
Root:
|
|
||||||
level: "WARN"
|
|
||||||
additivity: "false"
|
|
||||||
AppenderRef:
|
|
||||||
- ref: "SERVER"
|
|
|
@ -1,16 +0,0 @@
|
||||||
server:
|
|
||||||
name: "default"
|
|
||||||
protocol: "https"
|
|
||||||
port: "8991"
|
|
||||||
host: "0.0.0.0"
|
|
||||||
tls:
|
|
||||||
keystore: "/var/opt/keys/own/nai-default-identity/keystore.p12"
|
|
||||||
keystore-passphrase: "${exec:/var/opt/keys/own/nai-default-identity/keypass}"
|
|
||||||
client-auth: "required"
|
|
||||||
truststore: "/var/opt/keys/trust/nai-default-tls-client-trust/truststore.p12"
|
|
||||||
truststore-passphrase: "${exec:/var/opt/keys/trust/nai-default-tls-client-trust/keypass}"
|
|
||||||
management:
|
|
||||||
server:
|
|
||||||
port: "9000"
|
|
||||||
healthchecks:
|
|
||||||
enabled: "true"
|
|
|
@ -1,4 +0,0 @@
|
||||||
otel.service.name = nai
|
|
||||||
otel.traces.exporter = none
|
|
||||||
otel.metrics.exporter = none
|
|
||||||
otel.logs.exporter = none
|
|
|
@ -1,23 +0,0 @@
|
||||||
// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth.
|
|
||||||
// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups.
|
|
||||||
|
|
||||||
// restore tokens
|
|
||||||
session.each { key, value ->
|
|
||||||
if (key.startsWith('outarg.token.')) {
|
|
||||||
def name = key.substring(7)
|
|
||||||
if (outargs.containsKey(name)) {
|
|
||||||
LOG.debug("not restoring token (outarg: $name) from session: outarg already set")
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
LOG.debug("restoring token (outarg: $name) from session")
|
|
||||||
outargs.put(name, value)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// store tokens
|
|
||||||
outargs.each { name, value ->
|
|
||||||
if (name.startsWith('token.')) {
|
|
||||||
session.put('outarg.' + name, value)
|
|
||||||
}
|
|
||||||
}
|
|
Binary file not shown.
|
@ -1,79 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# NAME
|
|
||||||
# status.sh - Checks the status of the nevisAuth instance.
|
|
||||||
#
|
|
||||||
# SYNOPSIS
|
|
||||||
# status.sh
|
|
||||||
#
|
|
||||||
# DESCRIPTION
|
|
||||||
# Performs periodic checks until the instance is up or broken or timeout is reached.
|
|
||||||
# The script terminates when the process of the instance stops running.
|
|
||||||
# There are no arguments for this script.
|
|
||||||
#
|
|
||||||
# EXIT CODES
|
|
||||||
# 0 Instance is up.
|
|
||||||
# 1 Instance process is not running.
|
|
||||||
# 2 Instance is broken.
|
|
||||||
# 3 Timeout reached.
|
|
||||||
|
|
||||||
# Defines how much we should sleep between checking if the instance is up.
|
|
||||||
interval=1
|
|
||||||
# Defines how much we should wait the instance to start up until we give up and exit.
|
|
||||||
timeout=70
|
|
||||||
((end_time=${SECONDS}+$timeout))
|
|
||||||
|
|
||||||
# Checks if the process of the instance is still running.
|
|
||||||
# Arguments:
|
|
||||||
# None
|
|
||||||
# Returns:
|
|
||||||
# In case it is running, returns 0, otherwise non-zero (exit code of systemctl).
|
|
||||||
isProcessRunning() {
|
|
||||||
systemctl is-active --quiet nevisauth@default
|
|
||||||
IS_RUNNING=$?
|
|
||||||
return $IS_RUNNING
|
|
||||||
}
|
|
||||||
|
|
||||||
# Checks if the instance is up. (Attempts connecting to the instance)
|
|
||||||
# Arguments:
|
|
||||||
# None
|
|
||||||
# Returns:
|
|
||||||
# If the connection was successful and the instance up (is not broken), returns 0.
|
|
||||||
# If the connection was not successful, returns 1.
|
|
||||||
checkInstance() {
|
|
||||||
lsof -i :8991 -sTCP:LISTEN
|
|
||||||
EXIT_CODE=$?
|
|
||||||
return $EXIT_CODE
|
|
||||||
}
|
|
||||||
|
|
||||||
# This function encapsulates the logic of checking if the process is running and if the instance is up.
|
|
||||||
# In case the process is not running, exits with exit code 1.
|
|
||||||
# Arguments:
|
|
||||||
# None
|
|
||||||
# Returns:
|
|
||||||
# If the instance process is running, returns the result of the instance check function.
|
|
||||||
check() {
|
|
||||||
if isProcessRunning
|
|
||||||
then
|
|
||||||
checkInstance
|
|
||||||
CS=$?
|
|
||||||
return $CS
|
|
||||||
else
|
|
||||||
echo "Process is not running."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check the status of the instance periodically.
|
|
||||||
while ((${SECONDS} < ${end_time}))
|
|
||||||
do
|
|
||||||
sleep ${interval}
|
|
||||||
if check
|
|
||||||
then
|
|
||||||
echo "Instance is up."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Exceeded check timeout (70s). Instance is down."
|
|
||||||
exit 3
|
|
|
@ -1,60 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisComponent"
|
|
||||||
metadata:
|
|
||||||
name: "nai2"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai2"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "5a02ce1399ca42298422a320"
|
|
||||||
spec:
|
|
||||||
type: "NevisAuth"
|
|
||||||
replicas: 1
|
|
||||||
version: "8.2405.2"
|
|
||||||
gitInitVersion: "1.3.0"
|
|
||||||
runAsNonRoot: true
|
|
||||||
ports:
|
|
||||||
management: 9000
|
|
||||||
soap: 8991
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: "2"
|
|
||||||
memory: "2000Mi"
|
|
||||||
requests:
|
|
||||||
cpu: "20m"
|
|
||||||
memory: "1000Mi"
|
|
||||||
livenessProbe:
|
|
||||||
soap:
|
|
||||||
tcpSocket: true
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 4
|
|
||||||
readinessProbe:
|
|
||||||
management:
|
|
||||||
httpGet:
|
|
||||||
path: "/nevisauth/liveness"
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 6
|
|
||||||
startupProbe:
|
|
||||||
management:
|
|
||||||
httpGet:
|
|
||||||
path: "/nevisauth/liveness"
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 6
|
|
||||||
failureThreshold: 50
|
|
||||||
podDisruptionBudget:
|
|
||||||
maxUnavailable: "50%"
|
|
||||||
git:
|
|
||||||
tag: "r-a70c85a598c6206ebfce3d9c27f4334238313639"
|
|
||||||
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai2"
|
|
||||||
credentials: "git-credentials"
|
|
||||||
keystores:
|
|
||||||
- "nai2-sh4r3d-default-default-signer"
|
|
||||||
- "nai2-default-identity"
|
|
||||||
truststores:
|
|
||||||
- "nai2-default-default-signer-trust"
|
|
||||||
- "nai2-default-tls-client-trust"
|
|
||||||
podSecurity:
|
|
||||||
policy: "baseline"
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
timeZone: "Europe/Zurich"
|
|
|
@ -1,14 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisTrustStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai2-default-default-signer-trust"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai2"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "5a02ce1399ca42298422a320"
|
|
||||||
spec:
|
|
||||||
keystores:
|
|
||||||
- name: "nai2-sh4r3d-default-default-signer"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
|
@ -1,18 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisKeyStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai2-default-identity"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai2"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "5a02ce1399ca42298422a320"
|
|
||||||
spec:
|
|
||||||
cn: "nai2"
|
|
||||||
usage: "<reserved for future use>"
|
|
||||||
san:
|
|
||||||
dns:
|
|
||||||
- "nai2"
|
|
||||||
- "nai2.adn-postit-tknxchng-01-dev"
|
|
||||||
email: []
|
|
|
@ -1,14 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisTrustStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai2-default-tls-client-trust"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai2"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "5a02ce1399ca42298422a320"
|
|
||||||
spec:
|
|
||||||
keystores:
|
|
||||||
- name: "npi-mockrelam-identity"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
|
@ -1,16 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisKeyStore"
|
|
||||||
metadata:
|
|
||||||
name: "nai2-sh4r3d-default-default-signer"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nai2"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "5a02ce1399ca42298422a320"
|
|
||||||
spec:
|
|
||||||
cn: "signer"
|
|
||||||
usage: "signer"
|
|
||||||
san:
|
|
||||||
dns: []
|
|
||||||
email: []
|
|
|
@ -1,18 +0,0 @@
|
||||||
schemaVersion: 1.0
|
|
||||||
instance:
|
|
||||||
type: "nevisauth"
|
|
||||||
name: "default"
|
|
||||||
directory: "/var/opt/nevisauth/default"
|
|
||||||
pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2"
|
|
||||||
source:
|
|
||||||
url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/5a02ce1399ca42298422a320"
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "5a02ce1399ca42298422a320"
|
|
||||||
patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable"
|
|
||||||
resources:
|
|
||||||
ports:
|
|
||||||
- "0.0.0.0:8991"
|
|
||||||
control:
|
|
||||||
start: "systemctl restart nevisauth@default &"
|
|
||||||
stop: "systemctl stop nevisauth@default"
|
|
||||||
status: "systemctl status nevisauth@default"
|
|
|
@ -1,2 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
echo 'password'
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,38 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIGkzCCBHugAwIBAgIULa4PojoMOF/785XA2QNkLRQYTS4wDQYJKoZIhvcNAQEL
|
|
||||||
BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE
|
|
||||||
AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2Mjkw
|
|
||||||
OTMwNDdaFw0zNjA2MjkwOTMwNDdaMFAxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxT
|
|
||||||
d2lzc1NpZ24gQUcxKjAoBgNVBAMTIVN3aXNzU2lnbiBSU0EgVExTIEVWIElDQSAy
|
|
||||||
MDIyIC0gMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL61hlRf7Jxo
|
|
||||||
0msjavo1pgChwWBDYix5Zd0CnhciVYUCk30Ko6BxFBICoSsZ1gXGqlT20g/AYqYL
|
|
||||||
xuKcdNNAJ/LHT6k2zL3UhSpx+eHjeTGQ7id2jC1HKRZ9zA8YXdhtY3oJom7B3ykE
|
|
||||||
d/j0KVmHy9tP1A0rt3ntbJLfLIS6uWogx2KfFs8MwtoAZLiGvp49SHly6p450fcz
|
|
||||||
payPIWu12PfVQjLg7b9NitlDlYEWiCAL7R3jINw2yMwcdBvq2gy+ZZsiYkSb1m+h
|
|
||||||
ABOGxU6SCN6w7GgRWWveSaJBvRokUvIon/wsZK51j8RM4TsoR60Wei8ftSBL75BI
|
|
||||||
g9Us8dkBXDa8vqoDVpc9zs6pan5XN8KymNT52j4gEe161eYTtbiME4KdSWtVsA7e
|
|
||||||
rdkHsXKJTRIxxdpUkQXxhLXEoyDed/BVgV1yhTeN6YCFX7AiocAi5rPUplc6LV58
|
|
||||||
CCUWFMSWEJxOYQUrwWFLNzQMnE969hnvdhuO8ZeqtpwFwX/OLryWoil+jGobRm/1
|
|
||||||
OQS9+urcVygrzZ9Dy9Q/OF/oq9NeaijvL2Ncjkj5f6uJzgXkm7PwjnHrL2FWBkhp
|
|
||||||
oM/vyT1VAgWNoku3jIyedtyJ9lUECwPIzQuddQYOL8FwhaFmvtHnOLpiy2ctbwir
|
|
||||||
gJW+KcsNkpHg0N5stJcPzPvlssmNBHbNAgMBAAGjggFiMIIBXjBcBggrBgEFBQcB
|
|
||||||
AQRQME4wTAYIKwYBBQUHMAKGQGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci1h
|
|
||||||
ZWZmMzc0ZC0wZjdhLTRjNTUtYTAzNC0xNDQwMjkwY2ZhMzIwEgYDVR0TAQH/BAgw
|
|
||||||
BgEB/wIBADAoBgNVHSAEITAfMAcGBWeBDAEBMAgGBgQAj3oBBDAKBghghXQBWQIB
|
|
||||||
AzBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8vY3JsLnN3aXNzc2lnbi5jaC9jZHAt
|
|
||||||
OTY2MWMyOWYtOTEyMS00ZjQ2LWFjZDgtZWFkNGEyMmY3MTYwMB0GA1UdJQQWMBQG
|
|
||||||
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFElS
|
|
||||||
3zCGkllfNJwlSCSrwOvRBvLWMB8GA1UdIwQYMBaAFG+OYouTQ7DhQPanw/3xD7gP
|
|
||||||
FTilMA0GCSqGSIb3DQEBCwUAA4ICAQBugn943V4fbEbG+Leb4YXTWLLfPIC+mrdc
|
|
||||||
H6v1+Iws+XCzoKthaDk0c346mSaXZM9to5xDOWgfEnBYbVioMyI/5EABbg4ARkgp
|
|
||||||
dj50FPe9MtLD4kOZFv/8LoRH+WdAfQUsxS1RQincUnYWAxmRNOHLdnbyiQt3sYDl
|
|
||||||
6tZzURSMnMUec4stxfLT4VQE1Ew6Phr06CouYOd5ON+mWkFhROz3jx5PTXcECrqQ
|
|
||||||
IT27wJ4mzKA6W9p69ZDFi/+FcpN9vCjzksi0w8i62DwtbO8Pj3ZEOL8z6+cwXyT7
|
|
||||||
X7Zt96vufj+bsxFo1IXQ6cb2i13qpThSHL4NA1NhUbB/ipMbxNtBJ4fwtcG8SAUs
|
|
||||||
jRXgG/RYrXRorG90KU/dcezixY4yKnlIdkkhpV7h8jY2+XS7GbjaKee8pPeAFXgs
|
|
||||||
Hzdi+EhZvHOVfshaKL2CAELrYn8Tzo2Zt9zsbif8L7bPJROS3xqzn+GbCFt67/8Y
|
|
||||||
jTh84Taa4D49H6V+p01QPkvG7ub7Rw52fm56zY3mabbhbsREOceswsfunxSN/SOE
|
|
||||||
pLKVMopuVnRcwVIWmnzH9BlBhIzLqOS4kCYA5E5Irw217j/JTGVWEdMN0ar09nGh
|
|
||||||
WA2Eq8aDANjAP1bao/4nmxsFU2zKbTR40Tb7/HKB5jaItYdkz6ppnxQDLTWe7T6+
|
|
||||||
nGZwqmYtbQ==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accept
|
|
||||||
cancel.button.label=Cancel
|
|
||||||
continue.button.label=Continue
|
|
||||||
deputy.profile.label=(Deputy Profile)
|
|
||||||
error.saml.failed=Please close your browser and try again.
|
|
||||||
error_1=Please check your input.
|
|
||||||
error_10=Please select the correct user account.
|
|
||||||
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
|
|
||||||
error_101=The entered email address is not valid.
|
|
||||||
error_11=Please use another certficate or login with another credential type.
|
|
||||||
error_2=Please select another login name.
|
|
||||||
error_3=Your account will be locked if next authentication fails.
|
|
||||||
error_4=Your new password does not comply with the security policy. Please choose a different password.
|
|
||||||
error_5=Error in password confirmation.
|
|
||||||
error_50=The new password is too short.
|
|
||||||
error_55=The new password has to differ from old passwords.
|
|
||||||
error_6=Password change required.
|
|
||||||
error_7=Change of login ID required.
|
|
||||||
error_8=Your account has been locked due to repeated authentication failures.
|
|
||||||
error_81=No access card found, access from internet denied.
|
|
||||||
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
|
|
||||||
error_9=Session take over failed.
|
|
||||||
error_97=You are not authorized to access this resource.
|
|
||||||
error_98=Your account has been locked.
|
|
||||||
error_99=System problems. Please try later.
|
|
||||||
info.logout.confirmation=Please confirm that you want to log out.
|
|
||||||
info.logout.reminder=Your session on this application has expired. Try again with a login.
|
|
||||||
info.oauth.consent=Do you want to authorise this application to access your data?
|
|
||||||
info.timeout.page=Your session on this application has expired. Try again with a login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=You have successfully logged out.
|
|
||||||
method.certificate.label=Certificate
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=mTAN Code
|
|
||||||
method.oath.label=OATH Authenticator App
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Recovery Codes
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Never
|
|
||||||
policyFailure.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyFailure.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyFailure.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyFailure.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyFailure.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyFailure.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyFailure.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyFailure.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyInfo.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyInfo.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyInfo.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyInfo.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyInfo.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.title=The password has to comply with the following password policy:
|
|
||||||
reject.button.label=Deny
|
|
||||||
submit.button.label=Submit
|
|
||||||
tan.sent=Please enter the security code which has been sent to your mobile phone.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Client Authorization
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Akzeptieren
|
|
||||||
cancel.button.label=Abbrechen
|
|
||||||
continue.button.label=Weiter
|
|
||||||
deputy.profile.label=(Profil Stellvertreter)
|
|
||||||
error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut.
|
|
||||||
error_1=Bitte überprüfen Sie Ihre Eingabe.
|
|
||||||
error_10=Bitte wählen Sie den gewünschten Benutzer.
|
|
||||||
error_100=Zertifikat-Upload nicht möglich. Zertifikat bereits vorhanden. Bitte kontaktieren Sie Ihren Helpdesk.
|
|
||||||
error_101=Die angegebene E-Mail Adresse ist ungültig.
|
|
||||||
error_11=Bitte verwenden Sie ein anderes Zertifikat oder ein alternatives Authentisierungsmittel.
|
|
||||||
error_2=Bitte wählen Sie einen anderen Login-Namen.
|
|
||||||
error_3=Falls Ihr nächster Login fehlschlägt, wird Ihr Konto gesperrt.
|
|
||||||
error_4=Ihr neues Passwort wurde nicht akzeptiert. Bitte wählen Sie eines, das den Passwortvorgaben entspricht.
|
|
||||||
error_5=Die Eingabe zur Bestätigung des Passwortes ist falsch.
|
|
||||||
error_50=Das neue Passwort ist zu kurz.
|
|
||||||
error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden.
|
|
||||||
error_6=Passwortwechsel erforderlich.
|
|
||||||
error_7=Wechsel der Login-ID erforderlich.
|
|
||||||
error_8=Ihr Konto wurde infolge wiederholt fehlgeschlagener Authentisierung gesperrt.
|
|
||||||
error_81=Keine Rasterkarte gefunden, Zugang vom Internet verweigert.
|
|
||||||
error_83=Ihre Rasterkarte ist aufgebraucht. Bitte kontaktieren Sie Ihren Berater, um eine neue zu erhalten.
|
|
||||||
error_9=Die SSO-Session konnte nicht übernommen werden.
|
|
||||||
error_97=Sie verfügen nicht über die für den Zugriff auf diese Ressource benötigte Berechtigung.
|
|
||||||
error_98=Ihr Konto ist gesperrt.
|
|
||||||
error_99=Systemfehler. Bitte versuchen Sie es später.
|
|
||||||
info.logout.confirmation=Bitte bestätigen Sie, dass Sie sich abmelden möchten.
|
|
||||||
info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
|
|
||||||
info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben?
|
|
||||||
info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=Sie haben sich erfolgreich abgemeldet.
|
|
||||||
method.certificate.label=Zertifikat
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=mTAN-Code
|
|
||||||
method.oath.label=OATH Authenticator-App
|
|
||||||
method.otp.label=OTP (One-Time Passwort)
|
|
||||||
method.recovery.label=Wiederherstellungscodes
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Nie
|
|
||||||
policyFailure.dictionary=▪ darf nicht aus einem Wörterbuch stammen.
|
|
||||||
policyFailure.history.History=▪ muss sich von vorhergehenden Passwörtern unterscheiden.
|
|
||||||
policyFailure.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten.
|
|
||||||
policyFailure.regex.lower=▪ muss {0} Kleinbuchstaben enthalten.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten.
|
|
||||||
policyFailure.regex.maxLength=Länge des Passwortes darf höchstens {0} sein.
|
|
||||||
policyFailure.regex.minLength=Länge des Passwortes muss mindestens {0} sein.
|
|
||||||
policyFailure.regex.nonAlnum=▪ muss {0} nicht-alphanumerische Zeichen enthalten.
|
|
||||||
policyFailure.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
|
|
||||||
policyFailure.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten.
|
|
||||||
policyFailure.regex.nonLetter=▪ muss {0} Zeichen enthalten, die keine Buchstaben sind.
|
|
||||||
policyFailure.regex.numeric=▪ muss {0} numerische Zeichen enthalten.
|
|
||||||
policyFailure.regex.upper=▪ muss {0} Grossbuchstaben enthalten.
|
|
||||||
policyInfo.dictionary=▪ darf nicht aus einem Wörterbuch stammen.
|
|
||||||
policyInfo.history.History=▪ darf keines der zuletzt verwendeten Passwörtern sein.
|
|
||||||
policyInfo.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten.
|
|
||||||
policyInfo.regex.lower=▪ muss mindestens {0} Kleinbuchstaben enthalten.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten.
|
|
||||||
policyInfo.regex.maxLength=▪ darf höchstens {0} Zeichen enthalten.
|
|
||||||
policyInfo.regex.minLength=▪ muss mindestens {0} Zeichen enthalten.
|
|
||||||
policyInfo.regex.nonAlnum=▪ muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind.
|
|
||||||
policyInfo.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten.
|
|
||||||
policyInfo.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten.
|
|
||||||
policyInfo.regex.nonLetter=▪ muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind.
|
|
||||||
policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalten.
|
|
||||||
policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten.
|
|
||||||
policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen:
|
|
||||||
reject.button.label=Ablehnen
|
|
||||||
submit.button.label=Senden
|
|
||||||
tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Client Authorisierung
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accept
|
|
||||||
cancel.button.label=Cancel
|
|
||||||
continue.button.label=Continue
|
|
||||||
deputy.profile.label=(Deputy Profile)
|
|
||||||
error.saml.failed=Please close your browser and try again.
|
|
||||||
error_1=Please check your input.
|
|
||||||
error_10=Please select the correct user account.
|
|
||||||
error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
|
|
||||||
error_101=The entered email address is not valid.
|
|
||||||
error_11=Please use another certficate or login with another credential type.
|
|
||||||
error_2=Please select another login name.
|
|
||||||
error_3=Your account will be locked if next authentication fails.
|
|
||||||
error_4=Your new password does not comply with the security policy. Please choose a different password.
|
|
||||||
error_5=Error in password confirmation.
|
|
||||||
error_50=The new password is too short.
|
|
||||||
error_55=The new password has to differ from old passwords.
|
|
||||||
error_6=Password change required.
|
|
||||||
error_7=Change of login ID required.
|
|
||||||
error_8=Your account has been locked due to repeated authentication failures.
|
|
||||||
error_81=No access card found, access from internet denied.
|
|
||||||
error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
|
|
||||||
error_9=Session take over failed.
|
|
||||||
error_97=You are not authorized to access this resource.
|
|
||||||
error_98=Your account has been locked.
|
|
||||||
error_99=System problems. Please try later.
|
|
||||||
info.logout.confirmation=Please confirm that you want to log out.
|
|
||||||
info.logout.reminder=Your session on this application has expired. Try again with a login.
|
|
||||||
info.oauth.consent=Do you want to authorise this application to access your data?
|
|
||||||
info.timeout.page=Your session on this application has expired. Try again with a login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=You have successfully logged out.
|
|
||||||
method.certificate.label=Certificate
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=mTAN Code
|
|
||||||
method.oath.label=OATH Authenticator App
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Recovery Codes
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Never
|
|
||||||
policyFailure.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyFailure.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyFailure.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyFailure.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyFailure.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyFailure.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyFailure.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyFailure.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.dictionary=▪ must not be taken from a dictionary.
|
|
||||||
policyInfo.history.History=▪ must be different from previously selected passwords.
|
|
||||||
policyInfo.regex.control=▪ cannot contain more than {0} control characters.
|
|
||||||
policyInfo.regex.lower=▪ must contain at least {0} lower case characters.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively.
|
|
||||||
policyInfo.regex.maxLength=▪ must be at most {0} characters long.
|
|
||||||
policyInfo.regex.minLength=▪ must be at least {0} characters long.
|
|
||||||
policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters.
|
|
||||||
policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters.
|
|
||||||
policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters.
|
|
||||||
policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters.
|
|
||||||
policyInfo.regex.numeric=▪ must contain at least {0} numeric characters.
|
|
||||||
policyInfo.regex.upper=▪ must contain at least {0} upper case characters.
|
|
||||||
policyInfo.title=The password has to comply with the following password policy:
|
|
||||||
reject.button.label=Deny
|
|
||||||
submit.button.label=Submit
|
|
||||||
tan.sent=Please enter the security code which has been sent to your mobile phone.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Client Authorization
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accepter
|
|
||||||
cancel.button.label=Abandonner
|
|
||||||
continue.button.label=Continuer
|
|
||||||
deputy.profile.label=(Profil du suppléant)
|
|
||||||
error.saml.failed=Fermez votre navigateur et r;eacute;essayez.
|
|
||||||
error_1=Veuillez vérifier vos données, s.v.p.
|
|
||||||
error_10=Choisissez votre compte.
|
|
||||||
error_100=Téléchargement du certificat pas possible. Certificat existe déjà. Veuillez contacter le helpdesk s.v.p.
|
|
||||||
error_101=L'adresse e-mail é n'est pas valide.
|
|
||||||
error_11=Choisissez un autre certificat, s.v.p.
|
|
||||||
error_2=Choisissez un autre nom, s.v.p.
|
|
||||||
error_3=Si l'authentification ne réussit pas au prochain essai, votre compte sera bloqué.
|
|
||||||
error_4=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité
|
|
||||||
error_5=Votre confirmation du mot de passe ne correspond pas au mot de passe donné.
|
|
||||||
error_50=Le nouveau mot de passe est trop court.
|
|
||||||
error_55=Le nouveau mot de passe doit différer de l'ancien.
|
|
||||||
error_6=Veuillez changer votre mot de passe, s.v.p.
|
|
||||||
error_7=Veuillez changer votre login ID, s.v.p.
|
|
||||||
error_8=Votre compte n'est pas active.
|
|
||||||
error_81=Pas d'access card trouvé, l'accès par l'internet est refusé.
|
|
||||||
error_83=Votre access card n'est plus valable, veuillez contacter votre gestionnaire.
|
|
||||||
error_9=Il n'est pas possible de transmettre la session.
|
|
||||||
error_97=Vous n'avez pas les autorisations nécessaires pour accéder à cette ressource.
|
|
||||||
error_98=Votre compte a été bloqué.
|
|
||||||
error_99=Problème technique. Veuillez essayer plus tard, s.v.p.
|
|
||||||
info.logout.confirmation=Veuillez confirmer que vous souhaitez vous déconnecter.
|
|
||||||
info.logout.reminder=Votre session sur cette application a expirée. Essayez encore avec un login.
|
|
||||||
info.oauth.consent=Voulez-vous autoriser l'application?
|
|
||||||
info.timeout.page=Votre session sur cette application a expirée. Essayez encore avec un login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=Au revoir
|
|
||||||
method.certificate.label=Certificat
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=Code mTAN
|
|
||||||
method.oath.label=Application d'authentification OATH
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Codes de récupération
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Jamais
|
|
||||||
policyFailure.dictionary=▪ ne peut pas être pris d'un dictionnaire.
|
|
||||||
policyFailure.history.History=▪ doit être différent des mots de passe préalablement sélectionnés.
|
|
||||||
policyFailure.regex.control=▪ ne peut contenir plus de {0} caractères de commande.
|
|
||||||
policyFailure.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s).
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère.
|
|
||||||
policyFailure.regex.maxLength=La longueur doit être d'au plus {0}.
|
|
||||||
policyFailure.regex.minLength=La longueur doit être d'au moins {0}.
|
|
||||||
policyFailure.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques.
|
|
||||||
policyFailure.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII ({1}).
|
|
||||||
policyFailure.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables ({1}).
|
|
||||||
policyFailure.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres.
|
|
||||||
policyFailure.regex.numeric=▪ doit comprendre {0} caractères numériques.
|
|
||||||
policyFailure.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
|
|
||||||
policyInfo.dictionary=▪ ne peut pas être pris d'un dictionnaire.
|
|
||||||
policyInfo.history.History=▪ ne peut pas être l' précédemment choisis.
|
|
||||||
policyInfo.regex.control=▪ ne peut contenir plus de {0} caractères de commande.
|
|
||||||
policyInfo.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s).
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère.
|
|
||||||
policyInfo.regex.maxLength=▪ la longueur doit être d'au plus {0}.
|
|
||||||
policyInfo.regex.minLength=▪ la longueur doit être d'au moins {0}.
|
|
||||||
policyInfo.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques.
|
|
||||||
policyInfo.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII.
|
|
||||||
policyInfo.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables.
|
|
||||||
policyInfo.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres.
|
|
||||||
policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères numériques.
|
|
||||||
policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s).
|
|
||||||
policyInfo.title=Le mot de passe doit respecter les règles suivantes:
|
|
||||||
reject.button.label=Refuser
|
|
||||||
submit.button.label=Envoyer
|
|
||||||
tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Autorisation du client
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1,80 +0,0 @@
|
||||||
|
|
||||||
accept.button.label=Accettare
|
|
||||||
cancel.button.label=Abortire
|
|
||||||
continue.button.label=Continua
|
|
||||||
deputy.profile.label=(profilo del delegato)
|
|
||||||
error.saml.failed=Chiudi il browser e riprova.
|
|
||||||
error_1=Verificare i dati immessi.
|
|
||||||
error_10=Per favore selezionare il conto utente corretto.
|
|
||||||
error_100=Impossibile caricare il certificato. Questo certificato esiste già. La preghiamo di contattare il Suo help desk.
|
|
||||||
error_101=L'indirizzo e-mail inserito non è valido.
|
|
||||||
error_11=Scegliere un altro certificato.
|
|
||||||
error_2=Per favore scegliere un altro nome.
|
|
||||||
error_3=Il conto verrà bloccato se il prossimo login non andrà a buon fine.
|
|
||||||
error_4=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password.
|
|
||||||
error_5=La conferma della password è errata.
|
|
||||||
error_50=La nuova password è troppo corta.
|
|
||||||
error_55=La nuova password deve essere diversa dalla vecchia.
|
|
||||||
error_6=È necessario modificare la password.
|
|
||||||
error_7=Set up inizale dell'account per il portale necessario.
|
|
||||||
error_8=L'account è stato bloccato. Rivolgersi al servizio assistenza oppure provare con un altro strumento di autenticazione.
|
|
||||||
error_81=Nessuna carta di accesso trovata, accesso da internet rifiutato.
|
|
||||||
error_83=La sua carta di accesso non è più valida. Per favore contatti il suo assistente per ricevere una nuova carta di accesso.
|
|
||||||
error_9=La sessione non può essere ripresa.
|
|
||||||
error_97=Non si dispone delle autorizzazioni necessarie per accedere a questa risorsa.
|
|
||||||
error_98=L'account è stato bloccato.
|
|
||||||
error_99=Errore di sistema. Riprovare.
|
|
||||||
info.logout.confirmation=Si prega di confermare che si desidera disconnettersi.
|
|
||||||
info.logout.reminder=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login.
|
|
||||||
info.oauth.consent=Vuoi consentire all'applicazione?
|
|
||||||
info.timeout.page=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login.
|
|
||||||
login.button.label=Login
|
|
||||||
logout.label=Logout
|
|
||||||
logout.text=È uscito con successo.
|
|
||||||
method.certificate.label=Certificato
|
|
||||||
method.fido.label=Mobile Authentication
|
|
||||||
method.fido2.label=FIDO 2
|
|
||||||
method.mtan.label=Codice mTAN
|
|
||||||
method.oath.label=App di autenticazione OATH
|
|
||||||
method.otp.label=OTP (One-Time Password)
|
|
||||||
method.recovery.label=Codici di ripristino
|
|
||||||
method.safeword.label=SafeWord
|
|
||||||
method.securid.label=SecurID
|
|
||||||
method.ticket.label=Ticket
|
|
||||||
outarg.lastLogin.never=Mai
|
|
||||||
policyFailure.dictionary=▪ non può essere presa da un dizionario.
|
|
||||||
policyFailure.history.History=▪ deve essere diversa da password precedenti.
|
|
||||||
policyFailure.regex.control=▪ non può contenere più di {0} caratteri di controllo.
|
|
||||||
policyFailure.regex.lower=▪ deve conenere almeno {0} caratteri minuscoli.
|
|
||||||
policyFailure.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali.
|
|
||||||
policyFailure.regex.maxLength=▪ deve contenere al massimo {0} caratteri.
|
|
||||||
policyFailure.regex.minLength=▪ deve contenere almeno {0} caratteri.
|
|
||||||
policyFailure.regex.nonAlnum=▪ deve conenere almeno {0} caratteri non alfanumerici.
|
|
||||||
policyFailure.regex.nonAscii=▪ non può contenere più di {0} caratteri non ASCII.
|
|
||||||
policyFailure.regex.nonGraph=▪ non può contenere più di {0} caratteri non stampabili.
|
|
||||||
policyFailure.regex.nonLetter=▪ non può contenere più di {0} numeri o caratteri speciali.
|
|
||||||
policyFailure.regex.numeric=▪ deve contenere {0} caratteri numerici.
|
|
||||||
policyFailure.regex.upper=▪ deve conenere almeno {0} caratteri maiuscoli.
|
|
||||||
policyInfo.dictionary=▪ non può essere presa da un dizionario.
|
|
||||||
policyInfo.history.History=▪ deve essere diversa dalle password precedenti.
|
|
||||||
policyInfo.regex.control=▪ non può contenere più di {0} carattere/i di controllo.
|
|
||||||
policyInfo.regex.lower=▪ deve conenere almeno {0} carattere/i minuscolo/i.
|
|
||||||
policyInfo.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali.
|
|
||||||
policyInfo.regex.maxLength=▪ deve contenere al massimo {0} carattere/i.
|
|
||||||
policyInfo.regex.minLength=▪ deve contenere almeno {0} carattere/i.
|
|
||||||
policyInfo.regex.nonAlnum=▪ deve conenere almeno {0} carattere/i non alfanumerico/i.
|
|
||||||
policyInfo.regex.nonAscii=▪ non può contenere più di {0} carattere/i non ASCII.
|
|
||||||
policyInfo.regex.nonGraph=▪ non può contenere più di {0} carattere/i non stampabile/i.
|
|
||||||
policyInfo.regex.nonLetter=▪ non può contenere più di {0} numero/i o caratere/i speciale/i.
|
|
||||||
policyInfo.regex.numeric=▪ deve contenere un minimo di {0} carattere/i numerico/i.
|
|
||||||
policyInfo.regex.upper=▪ deve conenere almeno {0} carattere/i maiuscolo/i.
|
|
||||||
policyInfo.title=La password deve rispettare le seguenti direttive:
|
|
||||||
reject.button.label=Rifiuti
|
|
||||||
submit.button.label=Continua
|
|
||||||
tan.sent=Inserisci il codice di sicurezza che è stato inviato al tuo telefono cellulare.
|
|
||||||
title.logout=Logout
|
|
||||||
title.logout.confirmation=Logout
|
|
||||||
title.logout.reminder=Logout
|
|
||||||
title.oauth.consent=Autorizzazione del client
|
|
||||||
title.saml.failed=Error
|
|
||||||
title.timeout.page=Logout
|
|
|
@ -1 +0,0 @@
|
||||||
bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory
|
|
|
@ -1,19 +0,0 @@
|
||||||
RTENV_SECURITY_CHECK=no_shell
|
|
||||||
|
|
||||||
JAVA_OPTS=(
|
|
||||||
"-XX:+UseContainerSupport"
|
|
||||||
"-Dfile.encoding=UTF-8"
|
|
||||||
"-XX:MaxRAMPercentage=80.0"
|
|
||||||
"-Djava.net.preferIPv4Stack=true"
|
|
||||||
"-Djava.net.connectionTimeout=10000"
|
|
||||||
"-Djava.net.readTimeout=15000"
|
|
||||||
"-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml"
|
|
||||||
"-Djava.awt.headless=true"
|
|
||||||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
|
||||||
"-Dotel.javaagent.logging=application"
|
|
||||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
|
||||||
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
|
||||||
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/tls-swissid/truststore.p12"
|
|
||||||
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/tls-swissid/keypass}"
|
|
||||||
)
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
# this file is generated by nevisAdmin 4
|
|
||||||
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
|
|
|
@ -1,151 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
|
|
||||||
<esauth-server instance="nai2">
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320, pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<LocalSessionStore maxSessions="100000"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<TokenAssembler name="DefaultTokenAssembler">
|
|
||||||
<Selector default="true"/>
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<TokenSpec ttl="28800">
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.userid" as="userid"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.entryid" as="entryid"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.loginid" as="loginId"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.domain" as="domain"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<field src="session" key="ch.nevis.session.secroles" as="roles"/>
|
|
||||||
</TokenSpec>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<Signer key="DefaultSigner"/>
|
|
||||||
</TokenAssembler>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<KeyStore name="DefaultKeyStore">
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai2-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai2-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai2-sh4r3d-default-default-signer/keypass"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai2-default-default-signer-trust/truststore.jks"/>
|
|
||||||
</KeyStore>
|
|
||||||
</SessionCoordinator>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320 -->
|
|
||||||
<LocalOutOfContextDataStore reaperPeriod="60"/>
|
|
||||||
<!-- source: pattern://5a02ce1399ca42298422a320, pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/var/opt/nevisauth/default/plugin:/opt/nevisauth/plugin" propagateSession="false">
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<Domain name="MockRelam" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
|
||||||
<Entry method="authenticate" state="MockRelam_DispatchMockRequests"/>
|
|
||||||
<Entry method="stepup" state="MockRelam_Selector"/>
|
|
||||||
</Domain>
|
|
||||||
<AuthState name="MockRelam_DispatchMockRequests" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<ResultCond name="jwk" next="MockRelam_jwkMock"/>
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<ResultCond name="metadata" next="MockRelam_MetadataMock"/>
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<ResultCond name="nomatch" next="MockRelam_KlpApiMock"/>
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<ResultCond name="wellknown" next="MockRelam_wellKownMock"/>
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<property name="condition:jwk" value="${request:currentResource:/jwk:true}"/>
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<property name="condition:metadata" value="${request:currentResource:/metadata:true}"/>
|
|
||||||
<!-- source: pattern://1641a38402138546573b7e71 -->
|
|
||||||
<property name="condition:wellknown" value="${request:currentResource:/.well-known:true}"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="MockRelam_jwkMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
|
|
||||||
<!-- source: pattern://02267b7a9895eef024fd806b -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://02267b7a9895eef024fd806b -->
|
|
||||||
<Gui name="none"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://02267b7a9895eef024fd806b -->
|
|
||||||
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_jwkmock.json"/>
|
|
||||||
<!-- source: pattern://02267b7a9895eef024fd806b -->
|
|
||||||
<property name="contentType" value="application/json"/>
|
|
||||||
<!-- source: pattern://02267b7a9895eef024fd806b -->
|
|
||||||
<property name="statusCode" value="200"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="MockRelam_MetadataMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
|
|
||||||
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
|
|
||||||
<Gui name="none"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
|
|
||||||
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_metadatamock.json"/>
|
|
||||||
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
|
|
||||||
<property name="contentType" value="application/json"/>
|
|
||||||
<!-- source: pattern://0600a4bbdea68c3aaa2fd10f -->
|
|
||||||
<property name="statusCode" value="200"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="MockRelam_KlpApiMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
|
|
||||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
|
||||||
<Gui name="none"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
|
||||||
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_klpapimock.json"/>
|
|
||||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
|
||||||
<property name="contentType" value="application/json"/>
|
|
||||||
<!-- source: pattern://3f7b857b6d35114fcd8c4984 -->
|
|
||||||
<property name="statusCode" value="200"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="MockRelam_wellKownMock" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
|
|
||||||
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
|
|
||||||
<Gui name="none"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
|
|
||||||
<property name="content" value="file:///var/opt/nevisauth/default/conf/mockrelam_wellkownmock.json"/>
|
|
||||||
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
|
|
||||||
<property name="contentType" value="application/json"/>
|
|
||||||
<!-- source: pattern://1a11a59ad08eccffa1addc6a -->
|
|
||||||
<property name="statusCode" value="200"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="MockRelam_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<ResultCond name="nomatch" next="MockRelam_Prepare_Done"/>
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
||||||
</Response>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="MockRelam_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<ResultCond name="default" next="MockRelam_Auth_Done"/>
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<Response value="AUTH_DONE">
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<Gui name="ContinueResponse"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="MockRelam_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<Response value="AUTH_DONE">
|
|
||||||
<!-- source: pattern://8523f0587aa8cfa7008f8171 -->
|
|
||||||
<Gui name="ContinueResponse"/>
|
|
||||||
</Response>
|
|
||||||
</AuthState>
|
|
||||||
</AuthEngine>
|
|
||||||
</esauth-server>
|
|
|
@ -1,57 +0,0 @@
|
||||||
Configuration:
|
|
||||||
monitorInterval: 60
|
|
||||||
Appenders:
|
|
||||||
Console:
|
|
||||||
- name: "SERVER"
|
|
||||||
target: "SYSTEM_OUT"
|
|
||||||
PatternLayout:
|
|
||||||
pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n"
|
|
||||||
RegexFilter:
|
|
||||||
regex: ".*GET /nevisauth/liveness.*"
|
|
||||||
onMatch: "DENY"
|
|
||||||
onMismatch: "ACCEPT"
|
|
||||||
Loggers:
|
|
||||||
Logger:
|
|
||||||
- name: "EsAuthStart"
|
|
||||||
level: "INFO"
|
|
||||||
- name: "org.apache.catalina.loader.WebappClassLoader"
|
|
||||||
level: "FATAL"
|
|
||||||
- name: "org.apache.catalina.startup.HostConfig"
|
|
||||||
level: "ERROR"
|
|
||||||
- name: "ch.nevis.esauth.events"
|
|
||||||
level: "FATAL"
|
|
||||||
- name: "AuthEngine"
|
|
||||||
level: "INFO"
|
|
||||||
- name: "HttpClient"
|
|
||||||
level: "TRACE"
|
|
||||||
- name: "OAuth2"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "StdStates"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "Vars"
|
|
||||||
level: "INFO"
|
|
||||||
- name: "ch.adnovum.cossa.CachingIDTokenVerifier"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.CallPolicyVerificationAPI"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.IDTokenVerifier"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.IdTokenVerification"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.KLPScopeToProfileBinding"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.SimpleIDTokenValidator"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.SimpleIDTokenVerifier"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.TokenExchangeEndpoint"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.TokenExchangeEndpointRefresh"
|
|
||||||
level: "DEBUG"
|
|
||||||
- name: "ch.adnovum.cossa.TokenGenerator"
|
|
||||||
level: "DEBUG"
|
|
||||||
Root:
|
|
||||||
level: "WARN"
|
|
||||||
additivity: "false"
|
|
||||||
AppenderRef:
|
|
||||||
- ref: "SERVER"
|
|
File diff suppressed because one or more lines are too long
|
@ -1,13 +0,0 @@
|
||||||
{
|
|
||||||
"application": "fakeapp1_b2b_internal",
|
|
||||||
"result": "PROCEED",
|
|
||||||
"additionalProperty": "yes",
|
|
||||||
"profiles": [{
|
|
||||||
"profileId": "12047881",
|
|
||||||
"description": "12047881 - Marco Mojana, Via Pratocarasso 40, 6500 Bellinzona",
|
|
||||||
"enabled": true,
|
|
||||||
"role": "PB",
|
|
||||||
"violatedPolicies": [],
|
|
||||||
"currentGtcAccepted": true
|
|
||||||
}]
|
|
||||||
}
|
|
|
@ -1,409 +0,0 @@
|
||||||
{
|
|
||||||
"Client":[
|
|
||||||
{
|
|
||||||
"id":"Client_69d3027cf5ae36b9e2b18cc9cfd9f0fe",
|
|
||||||
"owner":"andrea",
|
|
||||||
"name":"klp-client",
|
|
||||||
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/Client_69d3027cf5ae36b9e2b18cc9cfd9f0fe",
|
|
||||||
"meta":[
|
|
||||||
{
|
|
||||||
"name":"klp_application1",
|
|
||||||
"value":"fakemobileoauth"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name":"tokenExchangeAllowed",
|
|
||||||
"value":"true"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"otherAttributes":{
|
|
||||||
"client_name#de":"Fake OpenID de",
|
|
||||||
"client_name#fr":"Fake OpenID fr",
|
|
||||||
"client_name#it":"Fake OpenID it",
|
|
||||||
"client_name":"Fake OpenID en"
|
|
||||||
},
|
|
||||||
"scopes":[
|
|
||||||
{
|
|
||||||
"value":"MONITOR",
|
|
||||||
"resource_id":"ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
|
|
||||||
"resource_name":"MONITORING-AGB"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"address",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"birthdate",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"email",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"name",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"no_consent_required",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"offline_access",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"openid",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"phone",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"phone_number",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"profile",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"contacts":[
|
|
||||||
"br, g, o, io"
|
|
||||||
],
|
|
||||||
"valid_from":"2023-10-04T12:58:16.000Z",
|
|
||||||
"redirect_uris":[
|
|
||||||
"http://vkld02.pnet.ch:7024/obtainingTokens",
|
|
||||||
"https://fakeextint1.post.ch/openid/obtainingTokens"
|
|
||||||
],
|
|
||||||
"response_types":[
|
|
||||||
"code"
|
|
||||||
],
|
|
||||||
"grant_types":[
|
|
||||||
"authorization_code",
|
|
||||||
"refresh_token"
|
|
||||||
],
|
|
||||||
"token_exchange_allowed":true,
|
|
||||||
"client_id":"klp-client",
|
|
||||||
"client_secret":"fake-openid-secret",
|
|
||||||
"client_uri":"https://iam.post.ch",
|
|
||||||
"default_max_age":-1,
|
|
||||||
"confidentiality_type":"confidential",
|
|
||||||
"pkce_mode":"allowed",
|
|
||||||
"require_auth_time":false,
|
|
||||||
"token_endpoint_auth_method":"client_secret_basic",
|
|
||||||
"jwks_uri":"",
|
|
||||||
"logo_uri":"/login/resources/nevislogrend/applications/def/webdata/images/openid_connect.png",
|
|
||||||
"access_token_ttl":30,
|
|
||||||
"id_token_ttl":600,
|
|
||||||
"refresh_token_ttl":86400,
|
|
||||||
"presisted_consent_ttl":31104000,
|
|
||||||
"force_authentication":false,
|
|
||||||
"require_pushed_authorization_requests":false,
|
|
||||||
"id_token_signed_response_alg":"RS256",
|
|
||||||
"id_token_encrypted_response_alg":"none",
|
|
||||||
"id_token_encrypted_response_enc":"none"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id":"Client_69d3027cf5ae36b9e2b18cc9cfd9f0fd",
|
|
||||||
"owner":"pippo",
|
|
||||||
"name":"COSSA - Monitoring Client",
|
|
||||||
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/Client_69d3027cf5ae36b9e2b18cc9cfd9f0fd",
|
|
||||||
"meta":[
|
|
||||||
{
|
|
||||||
"name":"klp_application",
|
|
||||||
"value":"cossa"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name":"test_monitor_meta",
|
|
||||||
"value":"aaa"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name":"Shop_DebiNr",
|
|
||||||
"value":"11111111111"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"otherAttributes":{
|
|
||||||
"client_name#de":"Fake OpenID de",
|
|
||||||
"client_name#fr":"Fake OpenID fr",
|
|
||||||
"client_name#it":"Fake OpenID it",
|
|
||||||
"client_name":"Fake OpenID en"
|
|
||||||
},
|
|
||||||
"scopes":[
|
|
||||||
{
|
|
||||||
"value":"MONITOR",
|
|
||||||
"resource_id":"ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
|
|
||||||
"resource_name":"MONITORING-AGB"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"address",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"birthdate",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"email",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"name",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"no_consent_required",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"offline_access",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"openid",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"phone",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"phone_number",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"profile",
|
|
||||||
"resource_id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"resource_name":"UserInfo"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"contacts":[
|
|
||||||
"pippo"
|
|
||||||
],
|
|
||||||
"valid_from":"2023-10-04T12:58:16.000Z",
|
|
||||||
"redirect_uris":[
|
|
||||||
"http://iam.post.ch/monitoring/cossa",
|
|
||||||
"https://iam.post.ch/monitoring/back",
|
|
||||||
"https://test.post.ch/pippo/back"
|
|
||||||
],
|
|
||||||
"response_types":[
|
|
||||||
"code"
|
|
||||||
],
|
|
||||||
"grant_types":[
|
|
||||||
"authorization_code",
|
|
||||||
"client_credentials",
|
|
||||||
"refresh_token"
|
|
||||||
],
|
|
||||||
"client_id":"14c3890f8d8f4da3efdd61d29f24caa3",
|
|
||||||
"client_secret":"e6678df835d5e1a6b45f4acbe3467ec2",
|
|
||||||
"client_uri":"https://iam.post.ch",
|
|
||||||
"default_max_age":-1,
|
|
||||||
"confidentiality_type":"confidential",
|
|
||||||
"pkce_mode":"allowed",
|
|
||||||
"require_auth_time":false,
|
|
||||||
"token_endpoint_auth_method":"client_secret_basic",
|
|
||||||
"jwks_uri":"",
|
|
||||||
"logo_uri":"/login/resources/nevislogrend/applications/def/webdata/images/openid_connect.png",
|
|
||||||
"access_token_ttl":30,
|
|
||||||
"id_token_ttl":600,
|
|
||||||
"refresh_token_ttl":86400,
|
|
||||||
"presisted_consent_ttl":31104000,
|
|
||||||
"force_authentication":false,
|
|
||||||
"require_pushed_authorization_requests":false,
|
|
||||||
"id_token_signed_response_alg":"RS256",
|
|
||||||
"id_token_encrypted_response_alg":"none",
|
|
||||||
"id_token_encrypted_response_enc":"none"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"ResourceServer":[
|
|
||||||
{
|
|
||||||
"id":"ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"owner":"oly",
|
|
||||||
"name":"UserInfo",
|
|
||||||
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/ResourceServer_561f4822c98d39267d95d3d62502e70f",
|
|
||||||
"meta":[
|
|
||||||
|
|
||||||
],
|
|
||||||
"otherAttributes":{
|
|
||||||
|
|
||||||
},
|
|
||||||
"scope":[
|
|
||||||
{
|
|
||||||
"value":"address",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_name#fr":"Adresse",
|
|
||||||
"scope_name#it":"Indirizzo",
|
|
||||||
"scope_name#de":"Addresse",
|
|
||||||
"scope_description":"http://openid.com",
|
|
||||||
"scope_name#en":"Address"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"birthdate",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_name#fr":"Anniversaire",
|
|
||||||
"scope_name#it":"Data di nascita",
|
|
||||||
"scope_name#de":"Geburtstag",
|
|
||||||
"scope_name#en":"Birthday"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"email",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_name#fr":"Adresse e-mail",
|
|
||||||
"scope_name#it":"E-Mail",
|
|
||||||
"scope_name#de":"E-Mail",
|
|
||||||
"scope_description":"http://openid.com",
|
|
||||||
"scope_name#en":"E-mail address"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"name",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_name#fr":"Nom, Prénom",
|
|
||||||
"scope_name#it":"Cognome, Nome",
|
|
||||||
"scope_name#de":"Name, Vorname",
|
|
||||||
"scope_description":"Name",
|
|
||||||
"scope_name#en":"Last name, First name"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"no_consent_required",
|
|
||||||
"otherAttributes":{
|
|
||||||
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"no_consent_required",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"offline_access",
|
|
||||||
"otherAttributes":{
|
|
||||||
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"no_consent_required",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"openid",
|
|
||||||
"otherAttributes":{
|
|
||||||
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"phone",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_name#fr":"Numéro de telefone",
|
|
||||||
"scope_name#it":"Numero di telefono",
|
|
||||||
"scope_name#de":"Telefonnummer",
|
|
||||||
"scope_description":"User Phone number",
|
|
||||||
"scope_name#en":"Phone number"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"phone_number",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_name#fr":"Numéro de mobile",
|
|
||||||
"scope_name#it":"Numero di cellulare",
|
|
||||||
"scope_name#de":"Mobiltelefonnummer",
|
|
||||||
"scope_description":"User Phone number",
|
|
||||||
"scope_name#en":"Mobile phone number"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"value":"profile",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_name#fr":"Nom, Prénom",
|
|
||||||
"scope_name#it":"Cognome, Nome",
|
|
||||||
"scope_name#de":"Name, Vorname",
|
|
||||||
"scope_description":"http://openid.com",
|
|
||||||
"scope_name#en":"Last name, First name"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"disallowed",
|
|
||||||
"authorization_grant_policy":"consent_persisted",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"valid_from":"2023-10-04T12:51:06.000Z",
|
|
||||||
"url":"https://apidev.pnet.ch/UserInfo"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"id":"ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
|
|
||||||
"owner":"oly",
|
|
||||||
"name":"MONITORING-AGB",
|
|
||||||
"link":"rest/modules/oauthv2/setups/Setup_b00528a7a0edc1df1a6b95240d704600/entities/ResourceServer_ea7d36ec2adb5857de7dda7cbbbbbbd8",
|
|
||||||
"meta":[
|
|
||||||
|
|
||||||
],
|
|
||||||
"otherAttributes":{
|
|
||||||
|
|
||||||
},
|
|
||||||
"scope":[
|
|
||||||
{
|
|
||||||
"value":"MONITOR",
|
|
||||||
"otherAttributes":{
|
|
||||||
"scope_description":"Monitoring platform test",
|
|
||||||
"scope_name":"Monitoring platform test"
|
|
||||||
},
|
|
||||||
"implicit_grant_policy":"no_consent_required",
|
|
||||||
"authorization_grant_policy":"no_consent_required",
|
|
||||||
"refresh_token_grant_policy":"no_consent_required",
|
|
||||||
"authentication_required":false
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"valid_from":"2023-10-04T12:53:59.000Z",
|
|
||||||
"url":"https://www.post.ch/oauth/terms"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
File diff suppressed because one or more lines are too long
|
@ -1,16 +0,0 @@
|
||||||
server:
|
|
||||||
name: "default"
|
|
||||||
protocol: "https"
|
|
||||||
port: "8991"
|
|
||||||
host: "0.0.0.0"
|
|
||||||
tls:
|
|
||||||
keystore: "/var/opt/keys/own/nai2-default-identity/keystore.p12"
|
|
||||||
keystore-passphrase: "${exec:/var/opt/keys/own/nai2-default-identity/keypass}"
|
|
||||||
client-auth: "required"
|
|
||||||
truststore: "/var/opt/keys/trust/nai2-default-tls-client-trust/truststore.p12"
|
|
||||||
truststore-passphrase: "${exec:/var/opt/keys/trust/nai2-default-tls-client-trust/keypass}"
|
|
||||||
management:
|
|
||||||
server:
|
|
||||||
port: "9000"
|
|
||||||
healthchecks:
|
|
||||||
enabled: "true"
|
|
|
@ -1,4 +0,0 @@
|
||||||
otel.service.name = nai2
|
|
||||||
otel.traces.exporter = none
|
|
||||||
otel.metrics.exporter = none
|
|
||||||
otel.logs.exporter = none
|
|
|
@ -1,23 +0,0 @@
|
||||||
// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth.
|
|
||||||
// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups.
|
|
||||||
|
|
||||||
// restore tokens
|
|
||||||
session.each { key, value ->
|
|
||||||
if (key.startsWith('outarg.token.')) {
|
|
||||||
def name = key.substring(7)
|
|
||||||
if (outargs.containsKey(name)) {
|
|
||||||
LOG.debug("not restoring token (outarg: $name) from session: outarg already set")
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
LOG.debug("restoring token (outarg: $name) from session")
|
|
||||||
outargs.put(name, value)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// store tokens
|
|
||||||
outargs.each { name, value ->
|
|
||||||
if (name.startsWith('token.')) {
|
|
||||||
session.put('outarg.' + name, value)
|
|
||||||
}
|
|
||||||
}
|
|
Binary file not shown.
|
@ -1,79 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# NAME
|
|
||||||
# status.sh - Checks the status of the nevisAuth instance.
|
|
||||||
#
|
|
||||||
# SYNOPSIS
|
|
||||||
# status.sh
|
|
||||||
#
|
|
||||||
# DESCRIPTION
|
|
||||||
# Performs periodic checks until the instance is up or broken or timeout is reached.
|
|
||||||
# The script terminates when the process of the instance stops running.
|
|
||||||
# There are no arguments for this script.
|
|
||||||
#
|
|
||||||
# EXIT CODES
|
|
||||||
# 0 Instance is up.
|
|
||||||
# 1 Instance process is not running.
|
|
||||||
# 2 Instance is broken.
|
|
||||||
# 3 Timeout reached.
|
|
||||||
|
|
||||||
# Defines how much we should sleep between checking if the instance is up.
|
|
||||||
interval=1
|
|
||||||
# Defines how much we should wait the instance to start up until we give up and exit.
|
|
||||||
timeout=70
|
|
||||||
((end_time=${SECONDS}+$timeout))
|
|
||||||
|
|
||||||
# Checks if the process of the instance is still running.
|
|
||||||
# Arguments:
|
|
||||||
# None
|
|
||||||
# Returns:
|
|
||||||
# In case it is running, returns 0, otherwise non-zero (exit code of systemctl).
|
|
||||||
isProcessRunning() {
|
|
||||||
systemctl is-active --quiet nevisauth@default
|
|
||||||
IS_RUNNING=$?
|
|
||||||
return $IS_RUNNING
|
|
||||||
}
|
|
||||||
|
|
||||||
# Checks if the instance is up. (Attempts connecting to the instance)
|
|
||||||
# Arguments:
|
|
||||||
# None
|
|
||||||
# Returns:
|
|
||||||
# If the connection was successful and the instance up (is not broken), returns 0.
|
|
||||||
# If the connection was not successful, returns 1.
|
|
||||||
checkInstance() {
|
|
||||||
lsof -i :8991 -sTCP:LISTEN
|
|
||||||
EXIT_CODE=$?
|
|
||||||
return $EXIT_CODE
|
|
||||||
}
|
|
||||||
|
|
||||||
# This function encapsulates the logic of checking if the process is running and if the instance is up.
|
|
||||||
# In case the process is not running, exits with exit code 1.
|
|
||||||
# Arguments:
|
|
||||||
# None
|
|
||||||
# Returns:
|
|
||||||
# If the instance process is running, returns the result of the instance check function.
|
|
||||||
check() {
|
|
||||||
if isProcessRunning
|
|
||||||
then
|
|
||||||
checkInstance
|
|
||||||
CS=$?
|
|
||||||
return $CS
|
|
||||||
else
|
|
||||||
echo "Process is not running."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check the status of the instance periodically.
|
|
||||||
while ((${SECONDS} < ${end_time}))
|
|
||||||
do
|
|
||||||
sleep ${interval}
|
|
||||||
if check
|
|
||||||
then
|
|
||||||
echo "Instance is up."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Exceeded check timeout (70s). Instance is down."
|
|
||||||
exit 3
|
|
|
@ -1,53 +0,0 @@
|
||||||
apiVersion: "operator.nevis-security.ch/v1"
|
|
||||||
kind: "NevisComponent"
|
|
||||||
metadata:
|
|
||||||
name: "nli"
|
|
||||||
namespace: "adn-postit-tknxchng-01-dev"
|
|
||||||
labels:
|
|
||||||
deploymentTarget: "nli"
|
|
||||||
annotations:
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "7dc20659babc66c4401ce0dd"
|
|
||||||
spec:
|
|
||||||
type: "NevisLogrend"
|
|
||||||
replicas: 1
|
|
||||||
version: "8.2405.0"
|
|
||||||
gitInitVersion: "1.3.0"
|
|
||||||
runAsNonRoot: true
|
|
||||||
ports:
|
|
||||||
server: 8988
|
|
||||||
management: 8997
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpu: "500m"
|
|
||||||
memory: "1000Mi"
|
|
||||||
requests:
|
|
||||||
cpu: "10m"
|
|
||||||
memory: "500Mi"
|
|
||||||
livenessProbe:
|
|
||||||
management:
|
|
||||||
httpGet:
|
|
||||||
path: "/nevislogrend/liveness"
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 6
|
|
||||||
readinessProbe:
|
|
||||||
server:
|
|
||||||
tcpSocket: true
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 4
|
|
||||||
startupProbe:
|
|
||||||
server:
|
|
||||||
tcpSocket: true
|
|
||||||
periodSeconds: 5
|
|
||||||
timeoutSeconds: 4
|
|
||||||
failureThreshold: 50
|
|
||||||
podDisruptionBudget:
|
|
||||||
maxUnavailable: "50%"
|
|
||||||
git:
|
|
||||||
tag: "r-a70c85a598c6206ebfce3d9c27f4334238313639"
|
|
||||||
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nli"
|
|
||||||
credentials: "git-credentials"
|
|
||||||
podSecurity:
|
|
||||||
policy: "baseline"
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
timeZone: "Europe/Zurich"
|
|
|
@ -1,18 +0,0 @@
|
||||||
schemaVersion: 1.0
|
|
||||||
instance:
|
|
||||||
type: "nevislogrend"
|
|
||||||
name: "default"
|
|
||||||
directory: "/var/opt/nevislogrend/default"
|
|
||||||
pid: "systemctl show nevislogrend@default -p MainPID | cut -d '=' -f2"
|
|
||||||
source:
|
|
||||||
url: "/nevisadmin/#/projects/DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/patterns/7dc20659babc66c4401ce0dd"
|
|
||||||
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
|
|
||||||
patternId: "7dc20659babc66c4401ce0dd"
|
|
||||||
patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisLogrendDeployable"
|
|
||||||
resources:
|
|
||||||
ports:
|
|
||||||
- "0.0.0.0:8988"
|
|
||||||
control:
|
|
||||||
start: "systemctl restart nevislogrend@default"
|
|
||||||
stop: "systemctl stop nevislogrend@default"
|
|
||||||
status: "systemctl status nevislogrend@default"
|
|
|
@ -1,14 +0,0 @@
|
||||||
RTENV_SECURITY_CHECK=no_shell
|
|
||||||
|
|
||||||
# only standalone deployment is supported with nevisAdmin 4
|
|
||||||
LOGREND_DEPLOY_TYPE=standalone
|
|
||||||
|
|
||||||
JAVA_OPTS=(
|
|
||||||
"-XX:+UseContainerSupport"
|
|
||||||
"-Dfile.encoding=UTF-8"
|
|
||||||
"-XX:MaxRAMPercentage=80.0"
|
|
||||||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
|
||||||
"-Dotel.javaagent.logging=application"
|
|
||||||
"-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
|
|
||||||
"-Dotel.resource.attributes=service.version=8.2405.0,service.instance.id=$HOSTNAME"
|
|
||||||
)
|
|
|
@ -1,19 +0,0 @@
|
||||||
Configuration:
|
|
||||||
monitorInterval: 60
|
|
||||||
Appenders:
|
|
||||||
Console:
|
|
||||||
- name: "SERVER"
|
|
||||||
target: "SYSTEM_OUT"
|
|
||||||
PatternLayout:
|
|
||||||
pattern: "[nevislogrend.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-40.40c %-5.5p %m%n"
|
|
||||||
RegexFilter:
|
|
||||||
regex: ".*GET /nevislogrend/health.*"
|
|
||||||
onMatch: "DENY"
|
|
||||||
onMismatch: "ACCEPT"
|
|
||||||
Loggers:
|
|
||||||
Logger: []
|
|
||||||
Root:
|
|
||||||
level: "WARN"
|
|
||||||
additivity: "false"
|
|
||||||
AppenderRef:
|
|
||||||
- ref: "SERVER"
|
|
|
@ -1,26 +0,0 @@
|
||||||
|
|
||||||
application.accept.loginapplicationidfromuri=no
|
|
||||||
application.gui.litdict=yes
|
|
||||||
application.gui.substitution=yes
|
|
||||||
application.input.charset=UTF-8
|
|
||||||
application.inputs.htmlencode=yes
|
|
||||||
application.loginapp.current=
|
|
||||||
application.loginapp.default=cossa_realm
|
|
||||||
application.loginapp.override=header:channel
|
|
||||||
application.package.name=nevislogrend
|
|
||||||
application.render.content.type=text/html; charset=UTF-8
|
|
||||||
application.url.obfuscate=no
|
|
||||||
application.webdata.path={0}{2}{1}
|
|
||||||
application.webdata.pathparam=logrendresourcepath
|
|
||||||
application.webdata.pathparam.default=/login/resources
|
|
||||||
cache.revalidate.delay=15
|
|
||||||
cache.source=file
|
|
||||||
keytag.end=}
|
|
||||||
keytag.start=${
|
|
||||||
management.healthchecks.enabled=true
|
|
||||||
path.config=/var/opt/nevislogrend/default/conf
|
|
||||||
path.instance=/var/opt/nevislogrend/default
|
|
||||||
server.host=0.0.0.0
|
|
||||||
server.name=default
|
|
||||||
server.port=8988
|
|
||||||
server.protocol=http
|
|
|
@ -1,3 +0,0 @@
|
||||||
ico=image/x-icon
|
|
||||||
woff=font/woff
|
|
||||||
woff2=font/woff2
|
|
|
@ -1,4 +0,0 @@
|
||||||
otel.service.name = nli
|
|
||||||
otel.traces.exporter = none
|
|
||||||
otel.metrics.exporter = none
|
|
||||||
otel.logs.exporter = none
|
|
|
@ -1,26 +0,0 @@
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
application.countries.default=CH
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
cache.file.exempt=
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
cache.filefolder.exempt=
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
application.language.source.1=param:language
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
application.language.source.2=cookie:LANG
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
application.language.source.3=gui
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
application.language.source.4=browser
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
application.languages=en,de,fr,it
|
|
||||||
# source: pattern://8523f0587aa8cfa7008f8171
|
|
||||||
application.languages.default=en
|
|
||||||
# source: pattern://7dc20659babc66c4401ce0dd
|
|
||||||
application.language.cookie.en=LANG:en
|
|
||||||
# source: pattern://7dc20659babc66c4401ce0dd
|
|
||||||
application.language.cookie.de=LANG:de
|
|
||||||
# source: pattern://7dc20659babc66c4401ce0dd
|
|
||||||
application.language.cookie.fr=LANG:fr
|
|
||||||
# source: pattern://7dc20659babc66c4401ce0dd
|
|
||||||
application.language.cookie.it=LANG:it
|
|
|
@ -1,6 +0,0 @@
|
||||||
|
|
||||||
language.de=Deutsch
|
|
||||||
language.en=English
|
|
||||||
language.fr=Français
|
|
||||||
language.it=Italiano
|
|
||||||
title=NEVIS SSO Portal
|
|
|
@ -1,6 +0,0 @@
|
||||||
|
|
||||||
language.de=Deutsch
|
|
||||||
language.en=English
|
|
||||||
language.fr=Français
|
|
||||||
language.it=Italiano
|
|
||||||
title=NEVIS SSO Portal
|
|
|
@ -1,6 +0,0 @@
|
||||||
|
|
||||||
language.de=Deutsch
|
|
||||||
language.en=English
|
|
||||||
language.fr=Français
|
|
||||||
language.it=Italiano
|
|
||||||
title=NEVIS SSO Portal
|
|
|
@ -1,6 +0,0 @@
|
||||||
|
|
||||||
language.de=Deutsch
|
|
||||||
language.en=English
|
|
||||||
language.fr=Français
|
|
||||||
language.it=Italiano
|
|
||||||
title=NEVIS SSO Portal
|
|
|
@ -1,6 +0,0 @@
|
||||||
|
|
||||||
language.de=Deutsch
|
|
||||||
language.en=English
|
|
||||||
language.fr=Français
|
|
||||||
language.it=Italiano
|
|
||||||
title=NEVIS SSO Portal
|
|
|
@ -1,165 +0,0 @@
|
||||||
let baseURL; // base URL
|
|
||||||
let statusToken; // used to check progress
|
|
||||||
let dispatcherElement; // to display link or QR code
|
|
||||||
let infoElement; // to display info text
|
|
||||||
let errorElement; // to display error text
|
|
||||||
|
|
||||||
function addInput(form, name, value) {
|
|
||||||
const input = document.createElement("input");
|
|
||||||
input.name = name;
|
|
||||||
input.value = value;
|
|
||||||
form.appendChild(input);
|
|
||||||
}
|
|
||||||
|
|
||||||
function submitStatus(status) {
|
|
||||||
// we have to do a form POST instead of AJAX
|
|
||||||
const form = document.createElement("form");
|
|
||||||
form.method = "POST";
|
|
||||||
form.style.display = "none";
|
|
||||||
addInput(form, "status", status);
|
|
||||||
document.body.appendChild(form);
|
|
||||||
form.submit();
|
|
||||||
}
|
|
||||||
|
|
||||||
const Status = {
|
|
||||||
_pollInterval: 2 * 1000, // Check every 2 seconds
|
|
||||||
latest: null,
|
|
||||||
|
|
||||||
startPolling: function (token, uiCallback) {
|
|
||||||
let interval = setInterval(async () => {
|
|
||||||
await this._check(token).then(function (resp) {
|
|
||||||
console.log("Polling status: %o", resp);
|
|
||||||
uiCallback && uiCallback(resp, false);
|
|
||||||
return Status.latest = resp;
|
|
||||||
})
|
|
||||||
.catch(function (err) {
|
|
||||||
console.error("Error during polling: %o", err);
|
|
||||||
return false;
|
|
||||||
});
|
|
||||||
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
|
|
||||||
// Done!
|
|
||||||
console.log('Latest status is: %o', this.latest);
|
|
||||||
uiCallback && uiCallback(this.latest, true);
|
|
||||||
clearInterval(interval);
|
|
||||||
}
|
|
||||||
}, this._pollInterval);
|
|
||||||
},
|
|
||||||
|
|
||||||
_check: async function (token) {
|
|
||||||
const payload = { statusToken: token };
|
|
||||||
const response = await fetch(baseURL + 'api/v1/status', {
|
|
||||||
method: 'POST',
|
|
||||||
mode: 'cors',
|
|
||||||
cache: 'no-cache',
|
|
||||||
credentials: 'omit',
|
|
||||||
headers: {
|
|
||||||
'Accept': 'application/json',
|
|
||||||
'Content-Type': 'application/json;charset=utf-8'
|
|
||||||
},
|
|
||||||
body: JSON.stringify(payload),
|
|
||||||
redirect: 'follow',
|
|
||||||
referrerPolicy: 'no-referrer'
|
|
||||||
});
|
|
||||||
|
|
||||||
return await response.json();
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
function setDeepLinkLabel(button) {
|
|
||||||
const text = document.getElementsByName('info.deeplink')[0].value;
|
|
||||||
button.innerHTML = text;
|
|
||||||
}
|
|
||||||
|
|
||||||
function messageScanQR() {
|
|
||||||
const text = document.getElementsByName('info.qrcode')[0].value;
|
|
||||||
infoElement.innerHTML = text;
|
|
||||||
}
|
|
||||||
|
|
||||||
function messageCheckPhone() {
|
|
||||||
const text = document.getElementsByName('info.check.phone')[0].value;
|
|
||||||
infoElement.innerHTML = text;
|
|
||||||
}
|
|
||||||
|
|
||||||
const Element = {
|
|
||||||
|
|
||||||
_elem: null, // QR code or deep link depending on device
|
|
||||||
|
|
||||||
show: function (appLink) {
|
|
||||||
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
|
|
||||||
const isIphone = 'iPhone' === navigator.platform;
|
|
||||||
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
|
|
||||||
if (isAndroid || isIphone) {
|
|
||||||
this._elem = document.createElement('a');
|
|
||||||
this._elem.setAttribute('href', appLink);
|
|
||||||
this._elem.setAttribute('class', 'btn btn-primary');
|
|
||||||
this._elem.setAttribute('target', '_blank');
|
|
||||||
dispatcherElement.appendChild(this._elem);
|
|
||||||
setDeepLinkLabel(this._elem);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
const authenticationType = document.getElementsByName('authenticationType')[0].value;
|
|
||||||
if (authenticationType == 'push') {
|
|
||||||
messageCheckPhone();
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
messageScanQR();
|
|
||||||
this._elem = document.createElement('canvas');
|
|
||||||
dispatcherElement.appendChild(this._elem);
|
|
||||||
var qrcode = new QRious({
|
|
||||||
element: this._elem,
|
|
||||||
foreground: "#168CA9",
|
|
||||||
level: "M",
|
|
||||||
size: 280,
|
|
||||||
value: appLink
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
hide: function() {
|
|
||||||
// hide the element which was shown
|
|
||||||
if (this._elem != null) {
|
|
||||||
this._elem.style.display = "none";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
function authenticateUser(appLink) {
|
|
||||||
Element.show(appLink);
|
|
||||||
console.log('Starting Authentication Cloud status polling...');
|
|
||||||
Status.startPolling(statusToken, (st, done) => {
|
|
||||||
if (st.status === 'succeeded') {
|
|
||||||
console.log('Authentication Cloud login done.');
|
|
||||||
submitStatus('succeeded')
|
|
||||||
}
|
|
||||||
else if (st.status === 'failed') {
|
|
||||||
// failed: The transaction failed, either by timeout or because the user did not accept.
|
|
||||||
console.warn('Authentication Cloud login failed. User abort or timeout.');
|
|
||||||
submitStatus('failed')
|
|
||||||
}
|
|
||||||
else if (st.status === 'unknown') {
|
|
||||||
console.error('Authentication Cloud login failed. Unknown status.');
|
|
||||||
submitStatus('unknown')
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
function init() {
|
|
||||||
|
|
||||||
const form = document.getElementById('authcloud_login');
|
|
||||||
|
|
||||||
baseURL = form.url.value;
|
|
||||||
statusToken = form.statusToken.value;
|
|
||||||
|
|
||||||
infoElement = document.getElementById('authcloud_info');
|
|
||||||
errorElement = document.getElementById('authcloud_error');
|
|
||||||
|
|
||||||
dispatcherElement = document.getElementById('authcloud_dispatch');
|
|
||||||
|
|
||||||
const appLink = form.appLink.value;
|
|
||||||
authenticateUser(appLink);
|
|
||||||
}
|
|
||||||
|
|
||||||
window.onload = function() {
|
|
||||||
init();
|
|
||||||
};
|
|
|
@ -1,154 +0,0 @@
|
||||||
let baseURL; // base URL
|
|
||||||
let statusToken; // used to check progress
|
|
||||||
let dispatcherElement; // to display link or QR code
|
|
||||||
let infoElement; // to display info text
|
|
||||||
let errorElement; // to display error text
|
|
||||||
|
|
||||||
function addInput(form, name, value) {
|
|
||||||
const input = document.createElement("input");
|
|
||||||
input.name = name;
|
|
||||||
input.value = value;
|
|
||||||
form.appendChild(input);
|
|
||||||
}
|
|
||||||
|
|
||||||
function submitStatus(status) {
|
|
||||||
// we have to do a form POST instead of AJAX
|
|
||||||
const form = document.createElement("form");
|
|
||||||
form.method = "POST";
|
|
||||||
form.style.display = "none";
|
|
||||||
addInput(form, "status", status);
|
|
||||||
document.body.appendChild(form);
|
|
||||||
form.submit();
|
|
||||||
}
|
|
||||||
|
|
||||||
const Status = {
|
|
||||||
_pollInterval: 2 * 1000, // Check every 2 seconds
|
|
||||||
latest: null,
|
|
||||||
|
|
||||||
startPolling: function (token, uiCallback) {
|
|
||||||
let interval = setInterval(async () => {
|
|
||||||
await this._check(token).then(function (resp) {
|
|
||||||
console.log("Polling status: %o", resp);
|
|
||||||
uiCallback && uiCallback(resp, false);
|
|
||||||
return Status.latest = resp;
|
|
||||||
})
|
|
||||||
.catch(function (err) {
|
|
||||||
console.error("Error during polling: %o", err);
|
|
||||||
return false;
|
|
||||||
});
|
|
||||||
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
|
|
||||||
// Done!
|
|
||||||
console.log('Latest status is: %o', this.latest);
|
|
||||||
uiCallback && uiCallback(this.latest, true);
|
|
||||||
clearInterval(interval);
|
|
||||||
}
|
|
||||||
}, this._pollInterval);
|
|
||||||
},
|
|
||||||
|
|
||||||
_check: async function (token) {
|
|
||||||
const payload = { statusToken: token };
|
|
||||||
const response = await fetch(baseURL + 'api/v1/status', {
|
|
||||||
method: 'POST',
|
|
||||||
mode: 'cors',
|
|
||||||
cache: 'no-cache',
|
|
||||||
credentials: 'omit',
|
|
||||||
headers: {
|
|
||||||
'Accept': 'application/json',
|
|
||||||
'Content-Type': 'application/json;charset=utf-8'
|
|
||||||
},
|
|
||||||
body: JSON.stringify(payload),
|
|
||||||
redirect: 'follow',
|
|
||||||
referrerPolicy: 'no-referrer'
|
|
||||||
});
|
|
||||||
|
|
||||||
return await response.json();
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
function setDeepLinkLabel(button) {
|
|
||||||
const text = document.getElementsByName('info.deeplink')[0].value;
|
|
||||||
button.innerHTML = text;
|
|
||||||
}
|
|
||||||
|
|
||||||
function messageScanQR() {
|
|
||||||
const text = document.getElementsByName('info.qrcode')[0].value;
|
|
||||||
infoElement.innerHTML = text;
|
|
||||||
}
|
|
||||||
|
|
||||||
const Element = {
|
|
||||||
|
|
||||||
_elem: null, // QR code or deep link depending on device
|
|
||||||
|
|
||||||
show: function (appLink) {
|
|
||||||
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
|
|
||||||
const isIphone = 'iPhone' === navigator.platform;
|
|
||||||
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
|
|
||||||
if (isAndroid || isIphone) {
|
|
||||||
this._elem = document.createElement('a');
|
|
||||||
this._elem.setAttribute('href', appLink);
|
|
||||||
this._elem.setAttribute('class', 'btn btn-primary');
|
|
||||||
this._elem.setAttribute('target', '_blank');
|
|
||||||
dispatcherElement.appendChild(this._elem);
|
|
||||||
setDeepLinkLabel(this._elem);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
messageScanQR();
|
|
||||||
this._elem = document.createElement('canvas');
|
|
||||||
dispatcherElement.appendChild(this._elem);
|
|
||||||
var qrcode = new QRious({
|
|
||||||
element: this._elem,
|
|
||||||
foreground: "#168CA9",
|
|
||||||
level: "M",
|
|
||||||
size: 280,
|
|
||||||
value: appLink
|
|
||||||
});
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
hide: function() {
|
|
||||||
// hide the element which was shown
|
|
||||||
if (this._elem != null) {
|
|
||||||
this._elem.style.display = "none";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
function onboardUser(appLink) {
|
|
||||||
Element.show(appLink);
|
|
||||||
console.log('Starting Authentication Cloud status polling...');
|
|
||||||
Status.startPolling(statusToken, (st, done) => {
|
|
||||||
if (st.status === 'succeeded') {
|
|
||||||
console.log('Authentication Cloud onboarding done.');
|
|
||||||
submitStatus('succeeded')
|
|
||||||
}
|
|
||||||
else if (st.status === 'failed') {
|
|
||||||
// failed: The transaction failed, either by timeout or because the user did not accept.
|
|
||||||
console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
|
|
||||||
submitStatus('failed')
|
|
||||||
}
|
|
||||||
else if (st.status === 'unknown') {
|
|
||||||
console.error('Authentication Cloud onboarding failed. Unknown status.');
|
|
||||||
submitStatus('unknown')
|
|
||||||
}
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
function init() {
|
|
||||||
|
|
||||||
const form = document.getElementById('authcloud_onboard');
|
|
||||||
|
|
||||||
baseURL = form.url.value;
|
|
||||||
statusToken = form.statusToken.value;
|
|
||||||
|
|
||||||
infoElement = document.getElementById('authcloud_info');
|
|
||||||
errorElement = document.getElementById('authcloud_error');
|
|
||||||
|
|
||||||
dispatcherElement = document.getElementById('authcloud_dispatch');
|
|
||||||
|
|
||||||
const appLink = form.appLink.value;
|
|
||||||
onboardUser(appLink);
|
|
||||||
}
|
|
||||||
|
|
||||||
window.onload = function() {
|
|
||||||
init();
|
|
||||||
};
|
|
|
@ -1,87 +0,0 @@
|
||||||
/*
|
|
||||||
* Base64URL-ArrayBuffer
|
|
||||||
* https://github.com/herrjemand/Base64URL-ArrayBuffer
|
|
||||||
*
|
|
||||||
* Copyright (c) 2017 Yuriy Ackermann <ackermann.yuriy@gmail.com>
|
|
||||||
* Copyright (c) 2012 Niklas von Hertzen
|
|
||||||
* Licensed under the MIT license.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
(function() {
|
|
||||||
"use strict";
|
|
||||||
|
|
||||||
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
|
|
||||||
|
|
||||||
// Use a lookup table to find the index.
|
|
||||||
var lookup = new Uint8Array(256);
|
|
||||||
for (var i = 0; i < chars.length; i++) {
|
|
||||||
lookup[chars.charCodeAt(i)] = i;
|
|
||||||
}
|
|
||||||
|
|
||||||
var encode = function(arraybuffer) {
|
|
||||||
var bytes = new Uint8Array(arraybuffer),
|
|
||||||
i, len = bytes.length, base64 = "";
|
|
||||||
|
|
||||||
for (i = 0; i < len; i+=3) {
|
|
||||||
base64 += chars[bytes[i] >> 2];
|
|
||||||
base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)];
|
|
||||||
base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)];
|
|
||||||
base64 += chars[bytes[i + 2] & 63];
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((len % 3) === 2) {
|
|
||||||
base64 = base64.substring(0, base64.length - 1);
|
|
||||||
} else if (len % 3 === 1) {
|
|
||||||
base64 = base64.substring(0, base64.length - 2);
|
|
||||||
}
|
|
||||||
|
|
||||||
return base64;
|
|
||||||
};
|
|
||||||
|
|
||||||
var decode = function(base64) {
|
|
||||||
var bufferLength = base64.length * 0.75,
|
|
||||||
len = base64.length, i, p = 0,
|
|
||||||
encoded1, encoded2, encoded3, encoded4;
|
|
||||||
|
|
||||||
var arraybuffer = new ArrayBuffer(bufferLength),
|
|
||||||
bytes = new Uint8Array(arraybuffer);
|
|
||||||
|
|
||||||
for (i = 0; i < len; i+=4) {
|
|
||||||
encoded1 = lookup[base64.charCodeAt(i)];
|
|
||||||
encoded2 = lookup[base64.charCodeAt(i+1)];
|
|
||||||
encoded3 = lookup[base64.charCodeAt(i+2)];
|
|
||||||
encoded4 = lookup[base64.charCodeAt(i+3)];
|
|
||||||
|
|
||||||
bytes[p++] = (encoded1 << 2) | (encoded2 >> 4);
|
|
||||||
bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2);
|
|
||||||
bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63);
|
|
||||||
}
|
|
||||||
|
|
||||||
return arraybuffer;
|
|
||||||
};
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Exporting and stuff
|
|
||||||
*/
|
|
||||||
if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {
|
|
||||||
module.exports = {
|
|
||||||
'encode': encode,
|
|
||||||
'decode': decode
|
|
||||||
}
|
|
||||||
|
|
||||||
} else {
|
|
||||||
if (typeof define === 'function' && define.amd) {
|
|
||||||
define([], function() {
|
|
||||||
return {
|
|
||||||
'encode': encode,
|
|
||||||
'decode': decode
|
|
||||||
}
|
|
||||||
});
|
|
||||||
} else {
|
|
||||||
window.base64url = {
|
|
||||||
'encode': encode,
|
|
||||||
'decode': decode
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
})();
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1,222 +0,0 @@
|
||||||
/********************************************************
|
|
||||||
* Layout
|
|
||||||
********************************************************/
|
|
||||||
|
|
||||||
html { /* magic to position footer */
|
|
||||||
position: relative;
|
|
||||||
min-height: 100%;
|
|
||||||
}
|
|
||||||
|
|
||||||
body {
|
|
||||||
margin-bottom: 76px; /* == footer height */
|
|
||||||
}
|
|
||||||
|
|
||||||
.container, .container-fluid {
|
|
||||||
padding-left: 36px;
|
|
||||||
padding-right: 36px;
|
|
||||||
}
|
|
||||||
|
|
||||||
nav {
|
|
||||||
min-height: 100px;
|
|
||||||
padding: 36px;
|
|
||||||
}
|
|
||||||
|
|
||||||
header {
|
|
||||||
margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
|
|
||||||
}
|
|
||||||
|
|
||||||
.container {
|
|
||||||
min-width: 260px;
|
|
||||||
max-width: 700px;
|
|
||||||
}
|
|
||||||
|
|
||||||
h1 {
|
|
||||||
margin-bottom: 50px;
|
|
||||||
}
|
|
||||||
|
|
||||||
footer {
|
|
||||||
width: 100%;
|
|
||||||
position: absolute;
|
|
||||||
bottom: 0;
|
|
||||||
padding: 0 36px;
|
|
||||||
}
|
|
||||||
|
|
||||||
img {
|
|
||||||
width: 100%;
|
|
||||||
}
|
|
||||||
|
|
||||||
/********************************************************
|
|
||||||
* Header
|
|
||||||
********************************************************/
|
|
||||||
|
|
||||||
header .logo {
|
|
||||||
/* width: 20%;*/
|
|
||||||
/*max-width: 600px;*/
|
|
||||||
max-height: 150px;
|
|
||||||
width: auto;
|
|
||||||
}
|
|
||||||
|
|
||||||
/********************************************************
|
|
||||||
* Dropdown
|
|
||||||
********************************************************/
|
|
||||||
a.dropdown-toggle {
|
|
||||||
text-decoration: none;
|
|
||||||
}
|
|
||||||
|
|
||||||
a.dropdown-toggle:hover {
|
|
||||||
color: #168CA9;
|
|
||||||
border-bottom: 3px solid #168CA9;
|
|
||||||
}
|
|
||||||
|
|
||||||
.dropdown-menu {
|
|
||||||
padding: 5px 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
.dropdown-menu li > a {
|
|
||||||
padding: 6px 28px;
|
|
||||||
}
|
|
||||||
|
|
||||||
.dropdown-menu a > .prefix {
|
|
||||||
display: inline-block;
|
|
||||||
min-width: 22px;
|
|
||||||
margin-right: 28px;
|
|
||||||
text-align: right;
|
|
||||||
}
|
|
||||||
|
|
||||||
/********************************************************
|
|
||||||
* Form
|
|
||||||
********************************************************/
|
|
||||||
|
|
||||||
/* Labels should not be bold */
|
|
||||||
label {
|
|
||||||
font-weight: normal;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Make error messages bold */
|
|
||||||
.has-error .help-block {
|
|
||||||
font-weight: bold;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Change button size, by default 116px in width */
|
|
||||||
.btn {
|
|
||||||
min-width: 116px;
|
|
||||||
padding: 3px 12px;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Disable gradient in buttons, ughhhh */
|
|
||||||
.btn.btn-primary {
|
|
||||||
border-color: transparent;
|
|
||||||
background-image: none;
|
|
||||||
text-shadow: none;
|
|
||||||
box-shadow: none;
|
|
||||||
-webkit-box-shadow: none;
|
|
||||||
}
|
|
||||||
|
|
||||||
.help-block a, .help-block a:visited {
|
|
||||||
color: #168CA9;
|
|
||||||
font-weight: bold;
|
|
||||||
text-decoration: none;
|
|
||||||
}
|
|
||||||
|
|
||||||
.help-block a:hover {
|
|
||||||
color: #168CA9;
|
|
||||||
text-decoration: underline;
|
|
||||||
}
|
|
||||||
|
|
||||||
/********************************************************
|
|
||||||
* Footer
|
|
||||||
********************************************************/
|
|
||||||
footer .row {
|
|
||||||
margin: 36px 0 0 0;
|
|
||||||
height: 40px;
|
|
||||||
padding-top: 14px;
|
|
||||||
line-height: 26px; /* to center text: height - padding-top = 26px */
|
|
||||||
border-top: 1px solid #168CA9;
|
|
||||||
}
|
|
||||||
|
|
||||||
footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
|
|
||||||
padding: 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
footer .logo-round-container {
|
|
||||||
position: relative;
|
|
||||||
}
|
|
||||||
|
|
||||||
footer .logo-round {
|
|
||||||
position: absolute;
|
|
||||||
left: 0;
|
|
||||||
right: 0;
|
|
||||||
top: -33px; /* found visually with Chrome Dev Tools */
|
|
||||||
height: 36px;
|
|
||||||
width: 36px;
|
|
||||||
border: 1px solid #00868c;
|
|
||||||
border-radius: 18px;
|
|
||||||
background: #fff;
|
|
||||||
padding: 8px;
|
|
||||||
}
|
|
||||||
|
|
||||||
footer .logo-round > img {
|
|
||||||
display: block;
|
|
||||||
}
|
|
||||||
|
|
||||||
#dispatchTargets {
|
|
||||||
margin-top: 20px;
|
|
||||||
}
|
|
||||||
|
|
||||||
/********************************************************
|
|
||||||
* Social login
|
|
||||||
********************************************************/
|
|
||||||
.btn.line {
|
|
||||||
background-color: transparent;
|
|
||||||
display: block;
|
|
||||||
width: 100%;
|
|
||||||
padding: 0;
|
|
||||||
margin: 1.5em 0 1em;
|
|
||||||
border: 0.5px solid #ccc;
|
|
||||||
pointer-events: none;
|
|
||||||
}
|
|
||||||
|
|
||||||
.btn.socialLogin {
|
|
||||||
background-color: #fff;
|
|
||||||
border: thin solid #ccc;
|
|
||||||
color: #000;
|
|
||||||
font-weight: 600;
|
|
||||||
position: relative;
|
|
||||||
margin: 5px;
|
|
||||||
min-width: 140px;
|
|
||||||
width: 210px;
|
|
||||||
border-radius: 8px;
|
|
||||||
padding: 8px 12px;
|
|
||||||
text-align: left;
|
|
||||||
}
|
|
||||||
|
|
||||||
.socialLogin img {
|
|
||||||
width: 1.5em;
|
|
||||||
height: 108%;
|
|
||||||
margin-right: 0.5em;
|
|
||||||
}
|
|
||||||
|
|
||||||
.btn.apple img {
|
|
||||||
width: 1.2em;
|
|
||||||
}
|
|
||||||
|
|
||||||
/********************************************************
|
|
||||||
* Show password
|
|
||||||
********************************************************/
|
|
||||||
.icon-inside {
|
|
||||||
position: relative;
|
|
||||||
}
|
|
||||||
|
|
||||||
.icon-inside input {
|
|
||||||
padding-right: calc(0.75rem + 1.25rem + 0.75rem);
|
|
||||||
}
|
|
||||||
|
|
||||||
.icon-inside button {
|
|
||||||
position: absolute;
|
|
||||||
right: 0;
|
|
||||||
top: 0;
|
|
||||||
margin-top: 0.45rem;
|
|
||||||
margin-right: 0.45rem;
|
|
||||||
background: #FFFFFF;
|
|
||||||
border: #FFFFFF;
|
|
||||||
}
|
|
|
@ -1,36 +0,0 @@
|
||||||
(function() {
|
|
||||||
var closeDropdownTimeout;
|
|
||||||
|
|
||||||
function closeDropdown(event) {
|
|
||||||
var dropdowns = document.querySelectorAll('.dropdown');
|
|
||||||
for (var i = 0; i < dropdowns.length; i++) {
|
|
||||||
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
|
|
||||||
if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
|
|
||||||
dropdownMenu.style.display = 'none';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// remove event listener till we have a new dropdown menu open
|
|
||||||
if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
|
|
||||||
document.removeEventListener('click', closeDropdown);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
var dropdowns = document.querySelectorAll('.dropdown');
|
|
||||||
for (var i = 0; i < dropdowns.length; i++) {
|
|
||||||
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
|
|
||||||
dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
|
|
||||||
|
|
||||||
dropdowns[i].addEventListener('click', function(e) {
|
|
||||||
// show dropdown menu
|
|
||||||
var dropdownMenu = this.querySelector('.dropdown-menu');
|
|
||||||
dropdownMenu.style.display = 'block';
|
|
||||||
|
|
||||||
// handle clicking away
|
|
||||||
clearTimeout(closeDropdownTimeout);
|
|
||||||
closeDropdownTimeout = setTimeout(function() {
|
|
||||||
document.addEventListener('click', closeDropdown);
|
|
||||||
}, 10);
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}());
|
|
|
@ -1,98 +0,0 @@
|
||||||
var e2eenc = function() {
|
|
||||||
|
|
||||||
this.encryptForm = function(algoString, formId) {
|
|
||||||
// TODO: in case of an error we should return false, to prevent the for to be submitted
|
|
||||||
// or replace the fields with dummy values, just to prevent the the transmission
|
|
||||||
// of unencrypted values
|
|
||||||
|
|
||||||
|
|
||||||
// create the array of input fields to encrypt (needs to be done before setting the form
|
|
||||||
// invisible
|
|
||||||
var fieldsToEncrypt = new Array();
|
|
||||||
$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
|
|
||||||
|
|
||||||
// hide the form, and display the splash screen
|
|
||||||
$('#loginform').css('display','none');
|
|
||||||
$('#e2eeSplashScreen').css('display','block');
|
|
||||||
|
|
||||||
// encryption logic
|
|
||||||
var pubKey = $("input[name='e2eenc.publicKey']").val();
|
|
||||||
|
|
||||||
var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
|
|
||||||
var iv = forge.random.getBytesSync(16);
|
|
||||||
keyB64 = forge.util.encode64(kemSessionKey.key);
|
|
||||||
encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
|
|
||||||
ivB64 = forge.util.encode64(iv);
|
|
||||||
|
|
||||||
//console.log("Encrypting form " + formId + " (" + algoString + ")");
|
|
||||||
var fields = "";
|
|
||||||
$.each(fieldsToEncrypt, function(index, _inputField) {
|
|
||||||
var inputField = $(_inputField);
|
|
||||||
if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
|
|
||||||
//console.log("Encrypting field " + JSON.stringify(inputField));
|
|
||||||
var plainValue = inputField.val();
|
|
||||||
|
|
||||||
var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
|
|
||||||
//console.log("Setting encrypted value in b64: " + encryptedValueB64);
|
|
||||||
inputField.val(encryptedValueB64);
|
|
||||||
if (fields.length > 0) {
|
|
||||||
fields = fields + ","
|
|
||||||
}
|
|
||||||
fields = fields + inputField.attr("name");
|
|
||||||
}
|
|
||||||
});
|
|
||||||
$("input[name='e2eenc.iv']").val(ivB64);
|
|
||||||
$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
|
|
||||||
$("input[name='e2eenc.fields']").val(fields);
|
|
||||||
}
|
|
||||||
|
|
||||||
function getRSApublicKey(pem) {
|
|
||||||
//console.log("PEM: " + pem);
|
|
||||||
|
|
||||||
var msg = forge.pem.decode(pem)[0];
|
|
||||||
|
|
||||||
//console.log("msg type: " + msg.type);
|
|
||||||
|
|
||||||
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
|
|
||||||
throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
|
|
||||||
}
|
|
||||||
|
|
||||||
// convert DER to ASN.1 object
|
|
||||||
var asn1obj = forge.asn1.fromDer(msg.body);
|
|
||||||
//console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
|
|
||||||
|
|
||||||
var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
|
|
||||||
//console.log("PubKey: " + JSON.stringify(pubKey))
|
|
||||||
return pubKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
function generateKEMSessionKey(rsaPublicKey) {
|
|
||||||
// generate key-derivation-function and initializes it with sha1
|
|
||||||
var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
|
|
||||||
// creates a KEM function based on the key-derivation-function created above
|
|
||||||
var kem = forge.kem.rsa.create(kdf1);
|
|
||||||
// generate and encapsulate a 16-byte secret key.
|
|
||||||
// The secret key is generated using the kdf defined above.
|
|
||||||
var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
|
|
||||||
// kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
|
|
||||||
return kemSessionKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
function readPublicKeyAndGenerateSessionKey(pem) {
|
|
||||||
var rsaPublicKey = getRSApublicKey(pem);
|
|
||||||
//console.log("PubKey: " + JSON.stringify(rsaPublicKey))
|
|
||||||
var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
|
|
||||||
//console.log("KEM session key: " + JSON.stringify(kemSessionKey))
|
|
||||||
return kemSessionKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
function encrypt(kemSessionKey, iv, msg) {
|
|
||||||
var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
|
|
||||||
cipher.start({iv: iv});
|
|
||||||
cipher.update(forge.util.createBuffer(msg, 'utf-8'));
|
|
||||||
cipher.finish();
|
|
||||||
var encrypted = cipher.output.getBytes();
|
|
||||||
encryptedB64 = forge.util.encode64(encrypted);
|
|
||||||
return encryptedB64;
|
|
||||||
}
|
|
||||||
};
|
|
|
@ -1,3 +0,0 @@
|
||||||
<svg width="22" height="20" viewBox="0 0 22 20" fill="none" xmlns="http://www.w3.org/2000/svg">
|
|
||||||
<path d="M2 1L5.58916 4.58916M20 19L16.4112 15.4112M12.8749 16.8246C12.2677 16.9398 11.6411 17 11.0005 17C6.52281 17 2.73251 14.0571 1.45825 9.99997C1.80515 8.8955 2.33851 7.87361 3.02143 6.97118M8.87868 7.87868C9.42157 7.33579 10.1716 7 11 7C12.6569 7 14 8.34315 14 10C14 10.8284 13.6642 11.5784 13.1213 12.1213M8.87868 7.87868L13.1213 12.1213M8.87868 7.87868L5.58916 4.58916M13.1213 12.1213L5.58916 4.58916M13.1213 12.1213L16.4112 15.4112M5.58916 4.58916C7.14898 3.58354 9.00656 3 11.0004 3C15.4781 3 19.2684 5.94291 20.5426 10C19.8357 12.2507 18.3545 14.1585 16.4112 15.4112" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
|
||||||
</svg>
|
|
Before Width: | Height: | Size: 769 B |
|
@ -1,4 +0,0 @@
|
||||||
<svg width="22" height="16" viewBox="0 0 22 16" fill="none" xmlns="http://www.w3.org/2000/svg">
|
|
||||||
<path d="M14 8C14 9.65685 12.6569 11 11 11C9.34315 11 8 9.65685 8 8C8 6.34315 9.34315 5 11 5C12.6569 5 14 6.34315 14 8Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
|
||||||
<path d="M1.45825 7.99997C2.73253 3.94288 6.52281 1 11.0004 1C15.4781 1 19.2684 3.94291 20.5426 8.00004C19.2684 12.0571 15.4781 15 11.0005 15C6.52281 15 2.73251 12.0571 1.45825 7.99997Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
|
||||||
</svg>
|
|
Before Width: | Height: | Size: 585 B |
|
@ -1,61 +0,0 @@
|
||||||
(function() {
|
|
||||||
'use strict'
|
|
||||||
|
|
||||||
async function assertion(options) {
|
|
||||||
let credential;
|
|
||||||
try {
|
|
||||||
credential = await navigator.credentials.get({ "publicKey": options });
|
|
||||||
}
|
|
||||||
// Cancel and timeout can occur besides error
|
|
||||||
catch (error) {
|
|
||||||
console.error(`Failed to get WebAuthn credential: ${error}`);
|
|
||||||
throw error;
|
|
||||||
}
|
|
||||||
// as this is the last call we have to do a top-level request instead of AJAX
|
|
||||||
const form = document.createElement("form");
|
|
||||||
form.method = "POST";
|
|
||||||
form.style.display = "none";
|
|
||||||
addInput(form, "path", "/nevisfido/fido2/assertion/result")
|
|
||||||
addInput(form, "id", credential.id);
|
|
||||||
addInput(form, "type", credential.type);
|
|
||||||
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
|
|
||||||
addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
|
|
||||||
addInput(form, "response.signature", base64url.encode(credential.response.signature));
|
|
||||||
document.body.appendChild(form);
|
|
||||||
form.submit();
|
|
||||||
}
|
|
||||||
|
|
||||||
function authenticate() {
|
|
||||||
// WebAuthn feature detection
|
|
||||||
if (!isWebAuthnSupportedByTheBrowser()) {
|
|
||||||
cancelFido2();
|
|
||||||
return;
|
|
||||||
};
|
|
||||||
|
|
||||||
const request = {};
|
|
||||||
request.path = "/nevisfido/fido2/attestation/options";
|
|
||||||
|
|
||||||
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
|
||||||
fetch("", {
|
|
||||||
method: "POST",
|
|
||||||
headers: {
|
|
||||||
'Content-Type': 'application/json'
|
|
||||||
},
|
|
||||||
body: JSON.stringify(request)
|
|
||||||
})
|
|
||||||
.then(res => res.json())
|
|
||||||
.then(options => {
|
|
||||||
options.challenge = base64url.decode(options.challenge);
|
|
||||||
options.allowCredentials = options.allowCredentials.map((c) => {
|
|
||||||
c.id = base64url.decode(c.id);
|
|
||||||
return c;
|
|
||||||
});
|
|
||||||
return assertion(options);
|
|
||||||
}).catch((error) => {
|
|
||||||
console.error(`Error during FIDO2 authentication: ${error}`);
|
|
||||||
cancelFido2();
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
authenticate();
|
|
||||||
})();
|
|
|
@ -1,175 +0,0 @@
|
||||||
(function() {
|
|
||||||
'use strict'
|
|
||||||
|
|
||||||
async function authenticate(username, params) {
|
|
||||||
|
|
||||||
try {
|
|
||||||
const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params;
|
|
||||||
const { startAuthentication } = SimpleWebAuthnBrowser;
|
|
||||||
|
|
||||||
// fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use
|
|
||||||
const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint);
|
|
||||||
const fido2SessionId = authOptRespJson.fido2SessionId;
|
|
||||||
|
|
||||||
// do the client side authentication using the SimpleWebAuthn JS library
|
|
||||||
const authRespJson = await startAuthentication(authOptRespJson);
|
|
||||||
|
|
||||||
// in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests)
|
|
||||||
// then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it
|
|
||||||
if (!authRespJson.response.userHandle) {
|
|
||||||
const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint);
|
|
||||||
|
|
||||||
if (statusRespJson && statusRespJson.userId) {
|
|
||||||
console.log("adding userHandle: " + statusRespJson.userId);
|
|
||||||
authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw new Error('userHandle is missing and could not determine it using the status service');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
console.log("userHandle already set: " + authRespJson.response.userHandle);
|
|
||||||
}
|
|
||||||
|
|
||||||
// send the assertion response created by the authenticator to nevisFIDO
|
|
||||||
const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint);
|
|
||||||
|
|
||||||
// checking the server response of nevisFIDO
|
|
||||||
if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) {
|
|
||||||
let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error';
|
|
||||||
throw new Error('authentication failed: ' + errorMessage);
|
|
||||||
}
|
|
||||||
|
|
||||||
// send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the
|
|
||||||
// nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE
|
|
||||||
await updateNevisAuth(fido2SessionId, nevisAuthEndpoint);
|
|
||||||
|
|
||||||
console.log('authentication was successful');
|
|
||||||
|
|
||||||
console.log('reloading page...');
|
|
||||||
window.location.reload();
|
|
||||||
}
|
|
||||||
catch (error) {
|
|
||||||
console.error(`Error during FIDO2 authentication: ${error}`);
|
|
||||||
cancelFido2();
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) {
|
|
||||||
|
|
||||||
const authOptReqJson = {
|
|
||||||
'username': username,
|
|
||||||
'userVerification': userVerification,
|
|
||||||
};
|
|
||||||
|
|
||||||
const authOptReq = JSON.stringify(authOptReqJson);
|
|
||||||
console.log('authOptReq ==> ' + authOptReq);
|
|
||||||
|
|
||||||
const authOptResp = await fetch(authenticationOptionsEndpoint, {
|
|
||||||
method: 'POST',
|
|
||||||
headers: {
|
|
||||||
'Content-Type': 'application/json',
|
|
||||||
},
|
|
||||||
body: authOptReq,
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!authOptResp.ok) {
|
|
||||||
throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText);
|
|
||||||
}
|
|
||||||
|
|
||||||
const authOptRespJson = await authOptResp.json()
|
|
||||||
console.log('authOptResp <== ' + JSON.stringify(authOptRespJson));
|
|
||||||
|
|
||||||
return authOptRespJson;
|
|
||||||
};
|
|
||||||
|
|
||||||
async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) {
|
|
||||||
|
|
||||||
const statusReqJson = {
|
|
||||||
'fido2SessionId': fido2SessionId,
|
|
||||||
};
|
|
||||||
|
|
||||||
const statusReq = JSON.stringify(statusReqJson);
|
|
||||||
console.log('statusReq ==> ' + statusReq);
|
|
||||||
|
|
||||||
const statusResp = await fetch(statusServiceEndpoint, {
|
|
||||||
method: 'POST',
|
|
||||||
headers: {
|
|
||||||
'Content-Type': 'application/json',
|
|
||||||
},
|
|
||||||
body: statusReq,
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!statusResp.ok) {
|
|
||||||
throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText);
|
|
||||||
}
|
|
||||||
|
|
||||||
const statusRespJson = await statusResp.json();
|
|
||||||
console.log('statusResp <== ' + JSON.stringify(statusRespJson));
|
|
||||||
|
|
||||||
return statusRespJson;
|
|
||||||
}
|
|
||||||
|
|
||||||
async function submitAssertion(authRespJson, authenticationEndpoint) {
|
|
||||||
|
|
||||||
console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle);
|
|
||||||
|
|
||||||
// TODO koenig 20230504: read btoa once nevisFIDO is adapted
|
|
||||||
let encodedAuthResp = {
|
|
||||||
"id": authRespJson.id,
|
|
||||||
"response": {
|
|
||||||
"authenticatorData": authRespJson.response.authenticatorData,
|
|
||||||
"signature": authRespJson.response.signature,
|
|
||||||
"userHandle": authRespJson.response.userHandle,
|
|
||||||
"clientDataJSON": authRespJson.response.clientDataJSON
|
|
||||||
},
|
|
||||||
"type": authRespJson.type
|
|
||||||
}
|
|
||||||
|
|
||||||
const authResp = JSON.stringify(encodedAuthResp);
|
|
||||||
console.log('authResp ==> ' + authResp);
|
|
||||||
|
|
||||||
const serverResp = await fetch(authenticationEndpoint, {
|
|
||||||
method: 'POST',
|
|
||||||
headers: {
|
|
||||||
'Content-Type': 'application/json',
|
|
||||||
},
|
|
||||||
body: authResp,
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!serverResp.ok) {
|
|
||||||
throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText);
|
|
||||||
}
|
|
||||||
|
|
||||||
const serverRespJson = await serverResp.json();
|
|
||||||
console.log('serverResp <== ' + JSON.stringify(serverRespJson));
|
|
||||||
|
|
||||||
return serverRespJson;
|
|
||||||
};
|
|
||||||
|
|
||||||
async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) {
|
|
||||||
|
|
||||||
console.log('updateNevisAuth ==> ' + fido2SessionId);
|
|
||||||
|
|
||||||
const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, {
|
|
||||||
method: 'GET',
|
|
||||||
credentials: 'same-origin',
|
|
||||||
headers: {
|
|
||||||
'nevis-fido2-session-id': fido2SessionId,
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
if (!updateNevisAuthResponse.ok) {
|
|
||||||
throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText);
|
|
||||||
}
|
|
||||||
|
|
||||||
console.log('updateNevisAuth <== OK');
|
|
||||||
|
|
||||||
return;
|
|
||||||
};
|
|
||||||
|
|
||||||
// TODO koenig 20230206: we don't generate IDs into the HTML yet
|
|
||||||
let username = document.getElementsByName("username")[0].value;
|
|
||||||
params.nevisAuthEndpoint = window.location.href;
|
|
||||||
authenticate(username, params);
|
|
||||||
})();
|
|
|
@ -1,70 +0,0 @@
|
||||||
function dispatch(name) {
|
|
||||||
// we have to do a top-level request instead of AJAX
|
|
||||||
const form = document.createElement("form");
|
|
||||||
form.method = "POST";
|
|
||||||
form.style.display = "none";
|
|
||||||
addInput(form, name, "true");
|
|
||||||
document.body.appendChild(form);
|
|
||||||
form.submit();
|
|
||||||
}
|
|
||||||
|
|
||||||
async function attestation(options) {
|
|
||||||
let credential;
|
|
||||||
try {
|
|
||||||
credential = await navigator.credentials.create({ "publicKey": options });
|
|
||||||
}
|
|
||||||
// cancel and timeout can occur besides error
|
|
||||||
catch (error) {
|
|
||||||
console.error(`Failed to create WebAuthn credential: ${error}`);
|
|
||||||
throw error;
|
|
||||||
}
|
|
||||||
// as this is the last call we have to do a top-level request instead of AJAX
|
|
||||||
const form = document.createElement("form");
|
|
||||||
form.method = "POST";
|
|
||||||
form.style.display = "none";
|
|
||||||
addInput(form, "path", "/nevisfido/fido2/attestation/result")
|
|
||||||
addInput(form, "id", credential.id);
|
|
||||||
addInput(form, "type", credential.type);
|
|
||||||
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
|
|
||||||
addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject));
|
|
||||||
document.body.appendChild(form);
|
|
||||||
form.submit();
|
|
||||||
}
|
|
||||||
|
|
||||||
function start() {
|
|
||||||
|
|
||||||
if (!isWebAuthnSupportedByTheBrowser()) {
|
|
||||||
dispatch("unsupported");
|
|
||||||
return;
|
|
||||||
};
|
|
||||||
|
|
||||||
const request = {};
|
|
||||||
request.path = "/nevisfido/fido2/attestation/options";
|
|
||||||
|
|
||||||
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
|
||||||
fetch("", {
|
|
||||||
method: "POST",
|
|
||||||
headers: {
|
|
||||||
'Content-Type': 'application/json'
|
|
||||||
},
|
|
||||||
body: JSON.stringify(request)
|
|
||||||
})
|
|
||||||
.then(res => res.json())
|
|
||||||
.then(options => {
|
|
||||||
options.user.id = base64url.decode(options.user.id);
|
|
||||||
options.challenge = base64url.decode(options.challenge);
|
|
||||||
if (options.excludeCredentials != null) {
|
|
||||||
options.excludeCredentials = options.excludeCredentials.map((c) => {
|
|
||||||
c.id = base64url.decode(c.id);
|
|
||||||
return c;
|
|
||||||
});
|
|
||||||
}
|
|
||||||
if (options.authenticatorSelection.authenticatorAttachment === null) {
|
|
||||||
options.authenticatorSelection.authenticatorAttachment = undefined;
|
|
||||||
}
|
|
||||||
return attestation(options);
|
|
||||||
}).catch((error) => {
|
|
||||||
console.log('Error during FIDO2 onboarding: ' + error);
|
|
||||||
dispatch("failed");
|
|
||||||
});
|
|
||||||
}
|
|
|
@ -1,40 +0,0 @@
|
||||||
function addInput(form, name, value) {
|
|
||||||
const input = document.createElement("input");
|
|
||||||
input.name = name;
|
|
||||||
input.value = value;
|
|
||||||
form.appendChild(input);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Checks whether WebAuthn is supported by the browser or not.
|
|
||||||
* @return true if supported, false if it is not supported or not in secure context
|
|
||||||
*/
|
|
||||||
function isWebAuthnSupportedByTheBrowser() {
|
|
||||||
if (window.isSecureContext) {
|
|
||||||
// This feature is available only in secure contexts in some or all supporting browsers.
|
|
||||||
if ('credentials' in navigator) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
console.warn('Oh no! This browser does not support WebAuthn.');
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".');
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Trigger on cancel pattern of the FIDO2 authentication step.
|
|
||||||
*
|
|
||||||
* Provides an alternative when the user decides to
|
|
||||||
* cancel the fido2 credential operation(create or fetch) or
|
|
||||||
* the operation fails and the error cannot be handled.
|
|
||||||
*/
|
|
||||||
function cancelFido2() {
|
|
||||||
// we have to do a top-level request instead of AJAX
|
|
||||||
const form = document.createElement("form");
|
|
||||||
form.method = "POST";
|
|
||||||
form.style.display = "none";
|
|
||||||
addInput(form, "cancel_fido2", "true");
|
|
||||||
document.body.appendChild(form);
|
|
||||||
form.submit();
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1 +0,0 @@
|
||||||
<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>
|
|
Before Width: | Height: | Size: 386 B |
Binary file not shown.
Before Width: | Height: | Size: 2.4 KiB |
|
@ -1,9 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<svg viewBox="0 0 24 24" width="24" height="24" xmlns="http://www.w3.org/2000/svg">
|
|
||||||
<g transform="matrix(1, 0, 0, 1, 27.009001, -39.238998)">
|
|
||||||
<path fill="#4285F4" d="M -3.264 51.509 C -3.264 50.719 -3.334 49.969 -3.454 49.239 L -14.754 49.239 L -14.754 53.749 L -8.284 53.749 C -8.574 55.229 -9.424 56.479 -10.684 57.329 L -10.684 60.329 L -6.824 60.329 C -4.564 58.239 -3.264 55.159 -3.264 51.509 Z"/>
|
|
||||||
<path fill="#34A853" d="M -14.754 63.239 C -11.514 63.239 -8.804 62.159 -6.824 60.329 L -10.684 57.329 C -11.764 58.049 -13.134 58.489 -14.754 58.489 C -17.884 58.489 -20.534 56.379 -21.484 53.529 L -25.464 53.529 L -25.464 56.619 C -23.494 60.539 -19.444 63.239 -14.754 63.239 Z"/>
|
|
||||||
<path fill="#FBBC05" d="M -21.484 53.529 C -21.734 52.809 -21.864 52.039 -21.864 51.239 C -21.864 50.439 -21.724 49.669 -21.484 48.949 L -21.484 45.859 L -25.464 45.859 C -26.284 47.479 -26.754 49.299 -26.754 51.239 C -26.754 53.179 -26.284 54.999 -25.464 56.619 L -21.484 53.529 Z"/>
|
|
||||||
<path fill="#EA4335" d="M -14.754 43.989 C -12.984 43.989 -11.404 44.599 -10.154 45.789 L -6.734 42.369 C -8.804 40.429 -11.514 39.239 -14.754 39.239 C -19.444 39.239 -23.494 41.939 -25.464 45.859 L -21.484 48.949 C -20.534 46.099 -17.884 43.989 -14.754 43.989 Z"/>
|
|
||||||
</g>
|
|
||||||
</svg>
|
|
Before Width: | Height: | Size: 1.3 KiB |
|
@ -1 +0,0 @@
|
||||||
<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>
|
|
Before Width: | Height: | Size: 347 B |
File diff suppressed because one or more lines are too long
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue