adn-post-iam-tknxchng-inv/DEFAULT-ADN-POST-IAM-TKNXCH.../DEFAULT-ADN-POST-IAM-TKNXCH.../nai/var/opt/nevisauth/default/conf/esauth4.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
<esauth-server instance="nai">
    <!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
    <SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
        <!-- source: pattern://6ec6739e824c8e56d9633622 -->
        <LocalSessionStore maxSessions="100000"/>
        <!-- source: pattern://6ec6739e824c8e56d9633622 -->
        <TokenAssembler name="DefaultTokenAssembler">
            <Selector default="true"/>
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <TokenSpec ttl="28800">
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.sessid" as="sessid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.userid" as="userid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.entryid" as="entryid"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.loginid" as="loginId"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.domain" as="domain"/>
                <!-- source: pattern://6ec6739e824c8e56d9633622 -->
                <field src="session" key="ch.nevis.session.secroles" as="roles"/>
            </TokenSpec>
            <!-- source: pattern://6ec6739e824c8e56d9633622 -->
            <Signer key="DefaultSigner"/>
        </TokenAssembler>
        <!-- source: pattern://6ec6739e824c8e56d9633622 -->
        <KeyStore name="DefaultKeyStore">
            <!-- source: pattern://6ec6739e824c8e56d9633622 -->
            <KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
            <!-- source: pattern://6ec6739e824c8e56d9633622 -->
            <KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
        </KeyStore>
    </SessionCoordinator>
    <!-- source: pattern://6ec6739e824c8e56d9633622 -->
    <LocalOutOfContextDataStore reaperPeriod="60"/>
    <!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
    <AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisauth/plugin" propagateSession="false">
        <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
        <Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
            <Entry method="authenticate" state="cossa_realm_IdentityProviderState"/>
            <Entry method="authenticate" state="cossa_realm_IdentityProviderState" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
            <Entry method="stepup" state="cossa_realm_Selector"/>
            <Entry method="stepup" state="cossa_realm_IdentityProviderState" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
        </Domain>
        <AuthState name="cossa_realm_IdentityProviderState" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
            <!-- source: pattern://da13d0fe10be58add377269b -->
            <ResultCond name="ok" next="cossa_realm_SecurityTokenServiceClient"/>
            <!-- source: pattern://da13d0fe10be58add377269b -->
            <Response value="AUTH_ERROR">
                <!-- source: pattern://da13d0fe10be58add377269b -->
                <Gui name="AuthErrorDialog"/>
            </Response>
            <!-- source: pattern://da13d0fe10be58add377269b -->
            <property name="out.binding" value="internal-assertion"/>
            <!-- source: pattern://da13d0fe10be58add377269b -->
            <property name="out.attribute.email" value="marco.maurer@adnovum.ch"/>
            <!-- source: pattern://da13d0fe10be58add377269b -->
            <property name="out.keyobjectref" value="DefaultSigner"/>
        </AuthState>
        <AuthState name="cossa_realm_SecurityTokenServiceClient" class="ch.nevis.esauth.auth.states.wstrust.SecurityTokenServiceClient" final="false" resumeState="true">
            <!-- source: pattern://e026d017ea6658b54e0b16cc -->
            <ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
            <!-- source: pattern://e026d017ea6658b54e0b16cc -->
            <Response value="AUTH_ERROR">
                <!-- source: pattern://e026d017ea6658b54e0b16cc -->
                <Gui name="AuthErrorDialog"/>
            </Response>
            <!-- source: pattern://e026d017ea6658b54e0b16cc -->
            <property name="queryValue" value="${request:userId}"/>
        </AuthState>
        <AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
            <ResultCond name="default" next="cossa_realm_Auth_Done"/>
            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_DONE">
                <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
                <Gui name="ContinueResponse"/>
            </Response>
            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
            <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
        </AuthState>
        <AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
            <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_DONE">
                <!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
                <Gui name="ContinueResponse"/>
            </Response>
        </AuthState>
        <AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
            <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
            <Response value="AUTH_ERROR">
                <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
            </Response>
        </AuthState>
    </AuthEngine>
</esauth-server>