nevis
/
adn-post-iam-tknxchng-inv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
adn-post-iam-tknxchng-inv/DEFAULT-ADN-POST-IAM-TKNXCH.../DEFAULT-ADN-POST-IAM-TKNXCH.../nai/var/opt/nevisauth/default/conf/esauth4.xml

109 lines
7.4 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE esauth-server SYSTEM "/opt/nevisauth/dtd/esauth4.dtd">
<esauth-server instance="nai">
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
<SessionCoordinator sessionInitialInactivityTimeout="600" sessionInactivityTimeout="28800" sessionMaxLifetime="28800" sessionIdPreGenerate="true">
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<LocalSessionStore maxSessions="100000"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<TokenAssembler name="DefaultTokenAssembler">
<Selector default="true"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<TokenSpec ttl="28800">
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.userid" as="userid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.authlevel" as="authLevel"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.esauthid" as="esauthid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.entryid" as="entryid"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.loginid" as="loginId"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.domain" as="domain"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<field src="session" key="ch.nevis.session.secroles" as="roles"/>
</TokenSpec>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<Signer key="DefaultSigner"/>
</TokenAssembler>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyStore name="DefaultKeyStore">
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
</KeyStore>
</SessionCoordinator>
<!-- source: pattern://6ec6739e824c8e56d9633622 -->
<LocalOutOfContextDataStore reaperPeriod="60"/>
<!-- source: pattern://6ec6739e824c8e56d9633622, pattern://b67f81a971e4c08aa79040a2 -->
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisauth/plugin" propagateSession="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Domain name="cossa_realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
<Entry method="authenticate" state="cossa_realm_IdentityProviderState"/>
<Entry method="authenticate" state="cossa_realm_IdentityProviderState" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
<Entry method="stepup" state="cossa_realm_Selector"/>
<Entry method="stepup" state="cossa_realm_IdentityProviderState" selector="${request:currentResource:^http[s]?\u003A//[^/]+/.*$:true}"/>
</Domain>
<AuthState name="cossa_realm_IdentityProviderState" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
<!-- source: pattern://da13d0fe10be58add377269b -->
<ResultCond name="ok" next="cossa_realm_SecurityTokenServiceClient"/>
<!-- source: pattern://da13d0fe10be58add377269b -->
<Response value="AUTH_ERROR">
<!-- source: pattern://da13d0fe10be58add377269b -->
<Gui name="AuthErrorDialog"/>
</Response>
<!-- source: pattern://da13d0fe10be58add377269b -->
<property name="out.binding" value="internal-assertion"/>
<!-- source: pattern://da13d0fe10be58add377269b -->
<property name="out.attribute.email" value="marco.maurer@adnovum.ch"/>
<!-- source: pattern://da13d0fe10be58add377269b -->
<property name="out.keyobjectref" value="DefaultSigner"/>
<!-- source: pattern://da13d0fe10be58add377269b -->
<property name="acsUrlWhitelist.uris" value="DummyValue"/>
</AuthState>
<AuthState name="cossa_realm_SecurityTokenServiceClient" class="ch.nevis.esauth.auth.states.wstrust.SecurityTokenServiceClient" final="false" resumeState="true">
<!-- source: pattern://e026d017ea6658b54e0b16cc -->
<ResultCond name="ok" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://e026d017ea6658b54e0b16cc -->
<Response value="AUTH_ERROR">
<!-- source: pattern://e026d017ea6658b54e0b16cc -->
<Gui name="AuthErrorDialog"/>
</Response>
<!-- source: pattern://e026d017ea6658b54e0b16cc -->
<property name="queryValue" value="${request:userId}"/>
</AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/>
<!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
<!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE">
<!-- source: pattern://e026d017ea6658b54e0b16cc, pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/>
</Response>
</AuthState>
<AuthState name="cossa_realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
</AuthState>
</AuthEngine>
</esauth-server>
Reference in New Issue View Git Blame Copy Permalink