vpnexit-test-sthb-1.sunet.se added

Add netbird-test server to cosmos-rules
netbird-test-sto1-1.sunet.se added
2025-04-16 15:30:43 +02:00 · 2025-04-16 15:07:43 +02:00 · 2025-04-16 14:44:41 +02:00 · 2025-04-16 14:43:07 +02:00 · 2025-04-16 14:10:50 +02:00 · 2025-04-16 13:28:12 +02:00
39 changed files with 1635 additions and 11 deletions
--- a/global/overlay/etc/cosmos/keys/mhert-C40B5B31C81CEADFE55D07E4267A5F80E1FFE93D.pub
+++ b/global/overlay/etc/cosmos/keys/mhert-C40B5B31C81CEADFE55D07E4267A5F80E1FFE93D.pub
@ -0,0 +1,113 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGMPAhsBEADBAoicHX2OnrwyrdMKop32UKzQnhFIY7mvMy+wiOF4rBthSUjM
 quVLpWgSj3eKiOXTW1jgayJXkY7badQ3JLMYOXKfTtLdwc/UZzwqe2GbNBVadKJR
 wsAgGtWC5Q/Gj6pkKVBCfH39IT780zqsqMEyzJvv5i7RUvHH1CbwgjjuLBkANKzj
 kyRYgIoHDqyT1F5ZuCvCVRX32uk5yz6zasbcj2MnazbI1MVPneZ9NqlP7RqjrMyh
 yrH8x8WBWOPbB9el4RL91YjNM/InHviBK5iymZbsrNU2cHDsYZ1InqV0R9V5rSwH
 vCC97zybIyikwUNIs/wi9QmqvAonkF6HhVuTD5xCpEMLq+0Sm+pNec+LyzGnLWjD
 gBQ/6Dm2HLUVXjo6rwMfNnv7cpYGduqoqcXSG6fJiwyaO5PYQyuismF4cgCe3MLj
 dxEFvI94L6X1Qe4IMuTBY7MOoh4htzPM6YlSNs2JRUpyZ3jQnrumU+NWQOuce7wO
 r8bauvAzvYFXaUTyu0ren16R0X6Ios4KWQn0cCRwDEv6xMVC3ubEAtpWQW+UfPYR
 Um6d8xdwX1tqlDc4fvST/bGYJC27ueJwxkBjQ+eJC3T1vX10fsL13g/xryNU7z3H
 HTLnbNUwmL8vbRGbegIrRL2E5LggBOCvkHRoTJe0BSC9oqVtyiwNJrVIWwARAQAB
 tCBNYXJrdXMgSGVydHrDqW4gPG1oZXJ0QHN1bmV0LnNlPokCVwQTAQgAQQIbAwUL
 CQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBMQLWzHIHOrf5V0H5CZ6X4Dh/+k9
 BQJnBmwpBQkF6YwFAAoJECZ6X4Dh/+k9ZnsP/RRvR5YLfQnJxmiLuVIvM9aLd5S+
 23PTTSg2xHq/Yg2Wg074p6wrZAiHf4hdSPpVmf1SB2mnpk9Pz31ZlVAUS//mNf/q
 iQzXfjwRMssvHkjCxH6L8C3/XG3vp3NxtcfAOXPWFGM7bizTgl6o84vCDx/VhW6j
 Qzqh1SkEVDKBAlXZUIcqSr0X78AJIQoAlf5z52Dv5fDv8Ne8T60kiVtGLB5iodIs
 Y/N14pbVDyFpq/z4a6V8eaWIMisjxS0FLLic3/xlWNA0jfFIX5K/KvZ1DY+tvhk4
 qdCKIz4lfAp7Aw5CTvqxff2gzRn3yb4ozLzfiVQv3Z6yWQSCbNBmRahHp8mFZHKI
 10GubLnmTsRqVBRWnegRp7pX9DD+E2M0cMEvLBBJF5fIElmx1U585tExSRw0NVgm
 a175WarCzA13GCmqJtDx/Q2Dz4D5CLNeSmZ3gUt83rEmQXKMrQUjiJ1mmOIx7Vs6
 OTszws3aDStviNSAGY1ZctsXQ75EmRZheAuCnmFv1P4r8jGAnMxeGffoDPevOgLb
 X2FmhuRxublVExFsBLheqRqQQwN0BOLjoVdZHhKNvhMYYxSd/t175Gs6c8Phoi5y
 9uCaY9Ths7G1mgd18/A5NoF3ZNcrtHPNcxrkC6GI8eIhsK9SYCIBa4pOyr3xRb3Z
 wqG1/9S05MlUTVJGiQJXBBMBCABBFiEExAtbMcgc6t/lXQfkJnpfgOH/6T0FAmNP
 2d4CGwMFCQHhM4AFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQJnpfgOH/
 6T0aLQ/+JZMB2vhDPlISaIrz3kwF5w6CcOBqSmZ28+Fxwhxs8agkyBH3CdJ4wCn7
 c65KxSfI5kTtORSLk4J7802GFjeEoQJL9N9LGwon3xJgdzK7XuH4DA6XPe+BrlqQ
 t/cJuh1VkF0ED0xfusvSwuImEIwGwEzd0xss0WzLWx0T6U7JXSwzNf+QPcpttAGU
 xjdXSBXDhOFIHsDgAi+7CVHllyMljmW07QXDOacVrjL3nh+xusztUfTwVi4drlwV
 ftTM8bM/DG7DB3iLJhpO0Sv8uuGmW8Ykv7OR03LdPzoQZBGMIamqukP1SHeKI4yy
 S8QeQ/O7KpjgumJ0dYDoFrABl81O9eCsNdmLlinb6WVlBrPbM76OSkdgUce/GppK
 4pePwPU48WoWRosTjwZQ84m1fc1AC4SqHEtUa9bJN0J9IwykLs7YojcNZIzISOjC
 5AxFaud/GAQ9YFRdZXU1qmqeCRmicuKAgMaEVHSIVG/i5KQxx+gh5FvyUDudvmwm
 oYn87vOX/5aiAqxfVIVBYAHYQ2JM0CwZjYUFCE3VjHQOud+XsDJjJF9AIxN2yx05
 kq8B+FWVuV1cv3JStuFIJZtgH+ch6tMdMWCubr7tMwBQgX13zaLjdeFg3gTVRey2
 qaGicNMYjx567dRdSsV8U8Dr01PeZaN/EEaN+q9YONjJu76xQMm0KU1hcmt1cyBI
 ZXJ0esOpbiA8bWFya3VzLmhlcnR6ZW5Ac3VuZXQuc2U+iQJUBBMBCgA+AhsDBQsJ
 CAcDBRUKCQgLBRYCAwEAAh4FAheAFiEExAtbMcgc6t/lXQfkJnpfgOH/6T0FAmcG
 bCIFCQXpjAUACgkQJnpfgOH/6T2oOBAAhjzJWvGbD10lYhODnVVbfnV23jQO7Kwl
 yMLp4Rn2YsDJNn6HQNKKOX9mmjHYdKLdtW7GAqteb4xquJHqk5AwgtJJRw1ZLn4G
 TFZ3utSUydQb390iCZowDtbjIifjSO4o8WcOzFw6rXfOLh3d2c7yeDQ1bA3f9iiV
 G8j8CogP6cMIaGKgWfU7uSrt3Z89rax4VfnxIBMxnfWDM/jaBCA9EolMn5Sb0Lb3
 2JtnnluHszgm4m1ADkxNsHZG8W98dPTbbpN5ymRhP9WOoOzBKYDiNhVCSAaJh+Lx
 2v1QD3njfUkg+z7JJ4Ftxm8pkIgqEHftIs757YQchOkhhVZ4xYCmQu9P8+5jtM0k
 k/HZP6ByflAOGIoBbEegV8brDz5iTY9d89mvox+t76HF0k9KmXXrvD6rBexDjrOn
 zJvzznTQ9uYoDOT1g3oy8G7ralCFzoY8vbiMaqrejAT9t7VtQMmrYfrVss7ePaB+
 HPQNBmL8WfUMyu7GiHkdWLcjxZ53OOsmxWiRcgusyK+2RGy+XOI5DTrdoNXExCsu
 mK2/aeR8/j0PkaZyzFftPVGcAeJpLzHVbSYnCZ6c4JXHZ5o03FrhOJ3Bmlc9Uw5g
 jz0x/yAl6J3pdqkls9PQ8RUJvWdIWuCX/fyhTDRWkUmT7h0UeMYus6IXL0zOlENO
 /bqj3w+OY+6JAlQEEwEKAD4WIQTEC1sxyBzq3+VdB+Qmel+A4f/pPQUCYw8CGwIb
 AwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeBQIXgAAKCRAmel+A4f/pPeo5D/4w
 y6DSBoxCBIrUWL9NfGL2TOHrSJxwXtpLT2eeknplKNNpf6Zd722Ct9tBl2bJizTm
 lxSvUIlqv63nE+BP+qvARs0yv8hlkUbWv8GNaxalPzPX1AdbcDirnxMf82+Jzmgc
 xA4ixIHOUmSK08OWE372q0zEJyyvUHipO5fZSU/btIFfNphZNDLTZ7rfsF21yud2
 17zg91u2FMKoL19jH20pz4xR8RnCM+02IaoGWmLIhDiI2oHw+NqcdML2bUQJn8Ob
 +pvalCmZ177xqosCbTLEzDrQ8ShqeuEJmFjp6VGGeGYVMXTkuMaQh8PBgHQBq4QM
 l2e6zDhekb/cPREE7qFVl8/kjYYEcVqUjROP9faemV9l95F6nKAFxYe97QdWfuSp
 CCv0kDymu8zT8uyscxw3SQiPlggeCg/K+WoNsWbKquuAU476UoqR0+aaL5CJMSYi
 gadlppPsBQbyBdFuMuND3f7imK3WitbkONNtPmM4OIWRoegc9qrjx1t7Z4GyHohn
 IiXsCeBByHkcaZ7EhwNP5WSAuX0Ip+oNi5m7Kv95qRerU/rishPM5BddsfyXNAeU
 KMFrGIl6nruzx/hZA/t1LTU4auwzjmKz6+DXH/E4vJwrmhhnAMRPwBe/4aFPUF1U
 AvkT5VtnDqWW3891sDPQ9eNFy83Pj8ODcRYssySeG7kCDQRjDwIbARAAwkaKOk56
 N9egIuiJJ494gl/X5QtVJzkTt1OrYXMuaY4NptSE7tneDgZuQ3VgUehl74QNVOSJ
 all/LZKCVdflGRx+VHrABm742Nbphi19V/LhyaNpqWn+E0mLY9R2jZkKpvNNqN9Z
 wIGx8jFxkh9slNh8QA6BGazsGX9Ncda8sJy21bKIgdI7jx+z9JShCWiGPIhlONOq
 4Nym9BdaHEIhhcBZItG2hg18UVtCbkmzwL46eoaqDTZGa2B08D/yhN0sIgLb2tkL
 uzxZQTrFFwjd7aFR92a7sm7k78UBMUhDJZ0LYRuMqVLQMuk6TGRhZgdYm662kNdq
 NFZvh14EO2m6COw/auPiSTuOYxtWJl34oam95bD9da4Zcimz2EnHqtU4lzsEv6eW
 zz2J+yUEXzSWyg92Lm3NrDzFGxWqyzSn1MH7i6B8f9TCbepBSYMKAqagpVJniJ3I
 dqLRPF4ud+IurxTabcPWtGE/Ja+oVWcHjm5yQE3i/6kgA2B4strjztcD7bCBCTmb
 X6V3JsHNplTAu045shJ4Ztu/xpjADfOC336F/Bjc9ocoo6EBbUJQEX8nFRJpmZjY
 wMn4IJdB6qt4yZP4NRkjjSkQRaiTuSqKqrs0bKvDL8o6UfySw1lXA0b+hsmQ5Hk9
 DT3WdW9kzAR879vgBGS4TP7Tf6PBADOtMMsAEQEAAYkCPAQYAQoAJgIbDBYhBMQL
 WzHIHOrf5V0H5CZ6X4Dh/+k9BQJnBmxFBQkF6YtbAAoJECZ6X4Dh/+k94lYQALPk
 34ZHqxc+uJR5aWwYH6ft1/OpjRclkUlyVXiJNr/7E49ZhtN5RNcpRk8JHjqAla9F
 URGhgF/oP6A75Irfxrgp8Y7+1wxiaifzwXkGy+i3Va5AF96vp/Vt9xwFpMomRuHU
 IiviCxOavExt0ykgu/S5QaqLSJVmF6sNjtTUM96RC50nyghoFzEdwnAd52mJ/r3r
 ISzPhR4DDO2UHCcVVPNJmyOCJVHi89X+uDEodIukzXYPngnmoVgBp405OrPcreo2
 dutQsOsF8fqHgu5CoUCnKUPr4xj6JqK4EC2dJucLyio3e7AIvkH1jBrX7AXG+RRe
 /fgDwxYbcehKzGNRRnM/Bmtwjl5nLcxpTImK6j7o46xi7T955yEO57szBOci6DKG
 C8zufztQ6mP2qq99c6ommITrhfrddS6hWQAMqSQj1CJb223Cv2XSj3QSD5QoboR8
 8VUBpBAEX1Q601iNojba5uJoQksEjbWhfYyDKQ90sJ6FFMaQsiEOl6mI2O4EbdBe
 8Fq2WTlunPFQ/Y58r6evOmmC2Osol6M3mPi+vvihe8ihHrod7GgvtvQycWTjZWos
 Sjwod31tpBzzwje8UJwFGoAVjp406O24bTA3pqaS0oIFR6jQVrDslVqOd4Jh6fUq
 wyyr7BSBQO/bOA6z3B5npWcSYdxTxS9d+sXk5NtluQINBGMPAosBEADkpdny/uj6
 r5B7bndfYDSl5eJ27h31kiwBQGqJcfyNaF8fEL8K0fFwzuUr8p9v6Y+MyXJvV4l3
 P40Ab7K3YG3tSr9RGd5nIaQsKXgG7Nh423Cr9S74pTipcwp9uTOpzbdeg3ZgFZGn
 9xb7/pd2HxeIsqgV/4vA4e0AncAjd6NTvUL7A7iEjIPBDFKV8dtETER6z90GcRaK
 tN7gqVAyr8Lg9+BBdbQYsMi1iMIWprIm/EUQVrKNtKxSlc8Ggeh5QzF/mIrHpQyH
 whP8eDQuXlAQMR8bsLeip9/ptVA6Jc9LT8CWKQnM+ar3e27YT1JUUfnN12t6cTtA
 P+7M3qs0y8f/2S5PcJDAnEIc93iaV2umqboZswfYwxdVn8EqK39PE7+3+nwxdudJ
 8WMxKt1otlAOZGRIFzniXHBUZ3jmZSVTk9Eppw7Tg1L1jAFXMiET8KhQEarCo5b4
 O9P16c/ZheZyEsTwyOmaoHWRPzSgSV8KYMJGt+toRkVM/EBacjrC6xRr5qW+WAnk
 APtCAVr1Fr/rMV8nJ4jkO5L7l4tcVyIO6iEQDgmcI7fZ+6Jsfybus45mA421hn41
 2pfuEM8XtWGLIHj/OyGyy16jPuBCx0a7X8ZxKq27XXvKsUERj4+gFmGfsvMMpYnp
 ujvTZOBWjdLqRlz9Tz+lROOGQ8Lmi6jYnQARAQABiQI8BBgBCgAmAhsgFiEExAtb
 Mcgc6t/lXQfkJnpfgOH/6T0FAmcGbFMFCQXpiwQACgkQJnpfgOH/6T1jfhAAiKfJ
 6y9v0tFvGvtM5WqLwANSqStvuPDmmtP6XwudPxhHe2vJO2FM58ZeeyD0UW6NFKAN
 xfTU1vraiDTYVzXSFq0wyaRO4KXrW4cr1oZp/DEP8JR25isChruMd/DSqgq3KUBI
 jhTDs6qxAi0HB0GiFAWAxTpjnQiFYNgYfPbkSdsMSvMI716hui/jxrfNXB/Ci8+b
 raMcqEsJEEdlIxUdUlreLh8MjOXbNjjpqlYxGjjERZUIblnl57H9Y5qn+Knmv3lA
 c0gRfk1eI6r35b7LO8QAI9k0E0Z7yoRTkFvbPH346dGO31PDHn3VHM+fmVLFFPLF
 7UN5hrMjX+QO4pH5soDC9Qnw0GrOOXH9qSPOF7KxU4IzZ2bv34dcv6UoHa8VjLco
 Ku3D0xcxhZrVCpCVTY0fxNWug/fY++H+lY6S6D7QBcwH+dGNys+eTRtBukKaV5vv
 AbSnPfpd/ogjJM0r0hn6skmLOLaRppH2EZ5an28a1+K5DmdxaPsrvoxywCcynpzz
 LOvDiXby4syRl70qJ5xDH0g0A11znUuLb4Lk4TO1Uovo0qfnz4NUK8wKcZGUrTb7
 kS0eXH91azq59K2MN7AMVJgWH16SycouA7l6xVUPo8aD81HKxK42TIJbu7Hz6pnY
 nujlR3THBttliq4YWUgeHQ16ljm42D+1kwDecCQ=
 =yYEn
 -----END PGP PUBLIC KEY BLOCK-----
--- a/global/overlay/etc/hiera/data/common.yaml
+++ b/global/overlay/etc/hiera/data/common.yaml
@ -93,6 +93,14 @@ sunet_ssh_keys:
    name  : 'bjorn+8E2DA8EB05F646D7'
    key   : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDO1nktCA7fWcbmXAlcSEAeAxqlo2bobQblqqhvbjzmDfZdvhUYRXNjc2R4GjAU60yB/qqODE2km1z2xcIojlT/uHIXPx7jkSXvDZQFVDWplGiWKbOZS/apvva2vHBtfDBPSQnDSxr3sINAqehG58gL1coP95uWXodXSfv+BzGqQfYomlqU9f5qjXT2vFA+0XzoGTT9yG2utD3uhYd1k9EN+ED6NCXyCsUoihtEI8M8fF0Sps/QYpdyR34yP98lL+8DwZCtq0eQRMhF6mTcRcTDFdYdgS8jL+lSbw9DaPrWhGll0ie/Xk/v9RC+d3FGE6av0e8YDboNlduwy2iUbA1w1ll/VUOmXy6gudIZ91Edl+sOOyDVfLY3+Dz+RnmoSuCoWyJ00KovBIfgDOUDKe0QMHyVZ9ccMMihTUMUfJ7kYQ9EuidBLsy9GO+ar7FFPHYyVKiWYoxFBafAtIVDM79v9KvQeF2PAfuhSM3yIXeSb+8cp2ANVLX5dncoMPEgdfFRVie5HMwMct+BFwkyIuQ8++kCInGxbM5X1B3uhYTlkYyT3eAR3jHiwZoiBssCPXtmkXjJ0CFB1BcBlGSZktFoBRstGlEb/nEpTH/71JdA60a1eNwbhslNpAWfi3Jco3QPKBoRdwbeIsmDrK1hpJZG9Ke/jZxr3WSv39tu0l4JAw== cardno:000610116759'
  'kushal':
    name  : 'kushal'
    key   : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCqpNHfX9xOW41kl28wgeZHG/szYBldqflpG8HU8+OCZ6J5++Y4WmuHgl/W6ayrULtUWyKF1y7R0qcd8wf58PFwZMP+tAh3pij1vCSiFWYvhkq9b58smFHyHy8ZbpndKBexErpNygDsduy0ecw2wwqFDYn8EHs3tnuyT0Z99XQVScNzlqlLRAMxbLjyGurFSgqXjket9zkDbX6KhkryxiATGQql0inJqio2SkPHHYk2fQqlN4dXp/1oHsFrqGf247nDX3uNKnq7F7qTVbGmH3ehUzc9HqdRnUUFzWwTBn/VGU+zeUaEtBRtVewj/iqG0vKlo3LDm5Kp8LEbhGL88UlmBQRPISZYZ8Hm8lwkcOCnzXvf9gupxoXECqYChhbysMz66OqwAEplVHrFBqCFa0tIb6op+hVkHGuFXW8qlSTam/G0jLBJhRlOXduIrzn29mPhhVk11TQxqsVK9ji1RSG9yKaKxEjgS4z/M4GL0NrTUaVOdDXRDo1bfJHlsN5LSoBT0AwueQCgjieZRNAnQ9rPEPBM/5RGUq+vT//uzqOO9bE1iygixbkyRi6E+35wXqlobRDK8JEeGAKIdzA6NITqQXDHFPo1IsmrIbHagyOUSfH1QYRkG0kyIZBPcmjxjcv4UtjNHAVipWVdceS7FoVtnmPprwJf/hgQ7uIsHZ+DZw=='
  'mhert-000617687278':
    name  : 'mhert-000617687278'
    key   : 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDkpdny/uj6r5B7bndfYDSl5eJ27h31kiwBQGqJcfyNaF8fEL8K0fFwzuUr8p9v6Y+MyXJvV4l3P40Ab7K3YG3tSr9RGd5nIaQsKXgG7Nh423Cr9S74pTipcwp9uTOpzbdeg3ZgFZGn9xb7/pd2HxeIsqgV/4vA4e0AncAjd6NTvUL7A7iEjIPBDFKV8dtETER6z90GcRaKtN7gqVAyr8Lg9+BBdbQYsMi1iMIWprIm/EUQVrKNtKxSlc8Ggeh5QzF/mIrHpQyHwhP8eDQuXlAQMR8bsLeip9/ptVA6Jc9LT8CWKQnM+ar3e27YT1JUUfnN12t6cTtAP+7M3qs0y8f/2S5PcJDAnEIc93iaV2umqboZswfYwxdVn8EqK39PE7+3+nwxdudJ8WMxKt1otlAOZGRIFzniXHBUZ3jmZSVTk9Eppw7Tg1L1jAFXMiET8KhQEarCo5b4O9P16c/ZheZyEsTwyOmaoHWRPzSgSV8KYMJGt+toRkVM/EBacjrC6xRr5qW+WAnkAPtCAVr1Fr/rMV8nJ4jkO5L7l4tcVyIO6iEQDgmcI7fZ+6Jsfybus45mA421hn412pfuEM8XtWGLIHj/OyGyy16jPuBCx0a7X8ZxKq27XXvKsUERj4+gFmGfsvMMpYnpujvTZOBWjdLqRlz9Tz+lROOGQ8Lmi6jYnQ=='
 netops_ssh_keys:
  'root':
    - 'mariah+CA747E57'
@ -113,4 +121,6 @@ netops_ssh_keys:
    - 'mikand-FF8440B9'
    - 'tobias-000610124578'
    - 'bjorn+8E2DA8EB05F646D7'
    - 'kushal'
    - 'mhert-000617687278'
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -43,6 +43,9 @@ baas2-restoretest-prod-1.sunet.se:
    backup_dirs:
      - '/opt/baas2'
 netbird-test-sto1-1.sunet.se:
  sunet::dockerhost2:
 metrics-cd-test-1.sunet.se:
  sunet::certbot::acmed:
  sunet::dockerhost2:
@ -182,3 +185,16 @@ forum-sto3-prod-1.sunet.se:
   autoupdate:
   sunet::dockerhost2:
   net::onlyoffice:
 '^humhubproxy-sto[1-9]-prod-[1-9]\.sunet\.se':
   autoupdate:
   sunet::dockerhost2:
   sunet::satosa:
      tag: 8.4.0
 #   sunet::frontend::register_sites:
 #      sites:
 #         'outscan-idp-proxy.sunet.se':
 #            frontends:
 #             - 'sthb-lb-1.sunet.se'
 #             - 'tug-lb-1.sunet.se'
 #            port: '443'
--- a/global/overlay/etc/puppet/modules/net/manifests/naemon_monitor_config.pp
+++ b/global/overlay/etc/puppet/modules/net/manifests/naemon_monitor_config.pp
@ -9,4 +9,26 @@ class net::naemon_monitor_config {
      notes          => 'This check validates that restore from BaaS2 works as intended, see action URL for more info.',
      contact_groups => ['alerts']
  }
  $public_hosts = ['zoom-saas-idp-proxy.sunet.se', 'humhub-idp-proxy.sunet.se']
  nagioscfg::host {$public_hosts: single_ip => true }
  nagioscfg::command {'check_website':
      command_line   => "/usr/lib/nagios/plugins/check_http -H '\$HOSTNAME\$' -S -u '\$ARG1\$' -s '\$ARG2\$'"
  }
  $satosa_proxies = ['zoomproxy-tug-prod-1.sunet.se',
                     'zoomproxy-sto1-prod-1.sunet.se',
                     'zoom-saas-idp-proxy.sunet.se',
                     'humhub-idp-proxy.sunet.se',
                     'humhubproxy-sto1-prod-2.sunet.se',
                     'humhubproxy-sto3-prod-1.sunet.se']
  $satosa_proxies.each |$satosa_proxy|{
    nagioscfg::service {"check_satosa_health${satosa_proxy}":
      host_name      => ["${satosa_proxy}"],
      check_command  => "check_website!https://${satosa_proxy}/healthcheck!ok",
      description    => "SATOSA running in ${satosa_proxy}",
      contact_groups => ['alerts'],
    }
  }
 }
--- a/global/overlay/etc/puppet/setup_cosmos_modules
+++ b/global/overlay/etc/puppet/setup_cosmos_modules
@ -123,10 +123,10 @@ def main():
    if host_info:
        if host_info["fqdn"] == "metrics-cd-test-1.sunet.se":
            modules["sunet"]["tag"] = "pahol-influx*"
-        if host_info["fqdn"] == "pahol-test1.sunet.se":
+
-            modules["sunet"]["tag"] = "patlu-baas2-encryption*"
+    if host_info:
-        if host_info["fqdn"] == "pypi-1.sunet.se":
+        if host_info["fqdn"] == "lb-tug-test-1.sunet.se":
-            modules["sunet"]["tag"] = "pahol-pypi-nft*"
+            modules["sunet"]["tag"] = "thorslund_nagios_zombie_proc_threshold*"
    # Build list of expected file content
    file_lines = create_file_content(modules)
--- a/humhub-proxy-common/README
+++ b/humhub-proxy-common/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/humhub-proxy-common/overlay/etc/hiera/data/group.yaml
+++ b/humhub-proxy-common/overlay/etc/hiera/data/group.yaml
@ -0,0 +1,171 @@
 ---
 satosa_config:
   saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml"
   saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml"
   generated_attributes: "/etc/satosa/plugins/generated_attributes.yaml"
   internal_attributes: "/etc/satosa/internal_attributes.yaml"
   healthcheck: "/etc/satosa/plugins/healthcheck.yaml"
 generated_attributes:
   module: satosa.micro_services.attribute_generation.AddSyntheticAttributes
   plugin: AddSyntheticAttributes
   name: AddSyntheticAttributes
   config:
      synthetic_attributes:
         default:
            default:
               schachomeorganization: "{{edupersonprincipalname.scope}}"
 internal_attributes:
   attributes:
      displayname:
         saml: [displayName]
         adfs: [displayName]
      commonname:
         saml: [cn]
         adfs: [displayName]
      givenname:
         saml: [givenName]
         adfs: [givenName]
      surname:
        saml: [sn]
        adfs: [sn]
      mail:
        saml: [mail]
        adfs: [mail]
      edupersonprincipalname:
        saml: [eduPersonPrincipalName]
        adfs: [eduPersonPrincipalName]
      edupersonscopedaffiliation:
        saml: [eduPersonScopedAffiliation]
        adfs: [eduPersonScopedAffiliation]
      noredupersonnin:
        saml: [norEduPersonNIN]
        adfs: [norEduPersonNIN]
      edupersonentitlement:
        saml: [eduPersonEntitlement]
        adfs: [eduPersonEntitlement]
      schachomeorganization:
        saml: [schacHomeOrganization]
      schachomeorganizationtype:
        saml: [schacHomeOrganizationType]
      organizationname:
        saml: [ou]
      noreduorgacronym:
        saml: [norEduOrgAcronym]
      countryname:
        saml: [c]
      friendlycountryname:
        saml: [co]
      edupersontargetedid:
        saml: [eduPersonTargetedID]
   user_id_to_attr: edupersontargetedid
 healthcheck:
   module: swamid_plugins.healthcheck.HealthCheck
   name: HealthCheck
 satosa_proxy_conf:
   BASE: https://humhub-idp-proxy.sunet.se
   INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
   BACKEND_MODULES:
      - "plugins/saml2_backend.yaml"
   FRONTEND_MODULES:
      - "plugins/saml2_frontend.yaml"
   MICRO_SERVICES:
      - "plugins/generated_attributes.yaml"
      - "plugins/healthcheck.yaml"
   LOGGING:
     version: 1
     formatters:
        default:
           format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s"
     handlers:
        console:
           class: logging.StreamHandler
           level: DEBUG
           formatter: default
           stream: ext://sys.stdout
     loggers:
        satosa:
           level: DEBUG
           handlers: [console]
        saml2:
           level: DEBUG
           handlers: [console]
 saml2_backend:
  config:
    sp_config:
      organization: {display_name: SUNET Forum, name: SUNET Forum, url: 'https://sunet.se'}
      contact_person:
        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
      key_file: backend.key
      cert_file: backend.crt
      encryption_keypairs: 
        - { key_file: backend.key, cert_file: backend.crt }
      allow_unknown_attributes: true
      metadata:
        mdq:
         - url: https://mds.swamid.se
           cert: "/etc/satosa/md-signer2.crt"
      entityid: https://humhub-idp-proxy.sunet.se/sp
      service:
        sp:
          allow_unsolicited: true
          endpoints:
            assertion_consumer_service:
              - [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
              - [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
            discovery_response:
              - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
          want_response_signed: false
          want_assertions_signed: false
          want_assertions_or_response_signed: true
      xmlsec_binary: /usr/bin/xmlsec1
      attribute_map_dir: attributemaps
    disco_srv: https://service.seamlessaccess.org/ds
    publish_metadata: <base_url>/<name>/metadata
    state_id: <name>
    attribute_profile: saml
    hash_type: transient
  module: satosa.backends.saml2.SAMLBackend
  name: Saml2SP
  plugin: BackendModulePlugin
 saml2_frontend:
  config:
    custom_attribute_release:
      default:
        default:
          exclude: ["eduPersonTargetedID","eduPersonAffiliation"]
    idp_config:
      organization: {display_name: SWAMID, name: SWAMID, url: 'https://sunet.se'}
      contact_person:
        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
      key_file: frontend.key
      cert_file: frontend.crt
      metadata:
        local: [metadata/humhub.xml]
      entityid: https://humhub-idp-proxy.sunet.se/idp
      accepted_time_diff: 300
      service:
        idp:
          endpoints:
            single_sign_on_service: []
          name: SWAMID
          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
          policy:
            default:
              attribute_restrictions: null
              fail_on_missing_requested: false
              lifetime: {minutes: 15}
              name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
          want_authn_requests_signed: false
      xmlsec_binary: /usr/bin/xmlsec1
      state_id: <name>
    publish_metadata: <base_url>/<name>/metadata
    base: <base_url>
    endpoints:
      single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post,
        'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect}
    attribute_profile: saml
  module: satosa.frontends.saml2.SAMLFrontend
  plugin: FrontendModulePlugin
  name: Saml2IDP
--- a/humhub-proxy-common/overlay/etc/satosa/backend.crt
+++ b/humhub-proxy-common/overlay/etc/satosa/backend.crt
@ -0,0 +1,30 @@
 -----BEGIN CERTIFICATE-----
 MIIFEzCCAvugAwIBAgIUEY/k5aGq4fj0a8J9RM7NxyZLiHwwDQYJKoZIhvcNAQEL
 BQAwGTEXMBUGA1UEAwwOc2F0b3NhX2JhY2tlbmQwHhcNMjEwMjI2MTE0NTEwWhcN
 MzEwMjI0MTE0NTEwWjAZMRcwFQYDVQQDDA5zYXRvc2FfYmFja2VuZDCCAiIwDQYJ
 KoZIhvcNAQEBBQADggIPADCCAgoCggIBALnOG8u5LTVAG/O0WJ6PBMfoD1S43f/F
 ttLGu/x5tUvekkg/PJlWaihWCzuAqW+DRA/DTI+Izj8Z7SBOQmTAX0ISxdAsP4MQ
 zpEe/YOsw/AEZ009Uk5DDT1TJXrdIfanUJT2j9X4lSmCvPVLfQq0XAAHLFNSPgrF
 VtfF4yyNteEEfD+usxgNnVZiIp/FKRCcNPhvoAf0p0VWlGg9gX6yA1FlHqcMgMur
 QyEtlW2i+q5yykHhPiMjgR5h/YuYxCEXVRHEi7dPV33doownosQ5SVmkaXqoEexC
 YNr295l1iLRR3mu7RfAHOttJ3mqLBQTD8wdaZ8gYVSYBkkA4MRZvHZ0k+Dh+7gxe
 RPgyS+c8tPYGZFBWVG2kk6Q6lhSV1v8OgHGDbtX9wBP1OGojT0EiWON+V6zzK9JQ
 BbRb4tjdT0EVcUisikiMCpDm6nxs545hfKIjovQUoG/+lQ2f5h1txNOA9kWhUEnd
 4R0h460RzHMb2rNEi/efClBMajww2M17OIKodyOBxEUD1ImefedZU/c593yz2GSv
 Sp8tlvtUVmPCvPeqfxD+XgDg4bqruUExGTaGYWnDu/wewgmYNL9Kop3Mh4XFCZfU
 AugYAuVaqas7CdLy2s86rCjhhfXY1VOM6grHqLI8hDvHFISysgnAKmBpp5oG7HMM
 72d3Z6A+WVidAgMBAAGjUzBRMB0GA1UdDgQWBBS/9V9nlQNv6oh+DyTOc9OxyZJN
 ojAfBgNVHSMEGDAWgBS/9V9nlQNv6oh+DyTOc9OxyZJNojAPBgNVHRMBAf8EBTAD
 AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBfI4K0l89erk0RARjY3lyfrNWmrhVRXSLQ
 wuYsmsPHuW8tpFcb5gB85cDw8/uUb91oXEq84NiJ163krHPUaoBk4bf6Q23mPc7E
 IeR+1e5ZfJH4+rDqKu3lxuLmlw7ybdVoSe3lUKbpXXQHekpB3iQCzg/WpyIUALZL
 6bMuFKjBISaEUxGM5wOnWTV4G0J62zI8jwL2c1Qowe0OXoFFtRhS6kaw7304NAUi
 DzHu+wD8tSHYOvLgsAA3zIcbFHvT4Fu7NeDoq3yeWXNdjAiQYfX3ZZqk4RKsmtqk
 GjFCJ/tWOsa461z94eyXre3pBjJCcuSJtqbYRgRS0UHZNFzhFDvr124NIEJxQebI
 XFfXEuSQUDJT+z90V3vFyJjMbgRRWZz+FEpxf0qF5AE9Z/v8KtJ58ceHNqWVq7Bq
 bIx4jApsM4Ztmj8+NlTltA6o65wkxtRTej0g457BdldHZM64nKT2yBFO/TTjR5eJ
 jQ1RYJCW+mJP9I6x8BYJ3iw68WeqalTAOvXJnIABtPM3kLE9qN0uTMwvC+UNlklb
 vnjcs9f0FPWkkB8h83cWTjcvbRUjEoMSV3fK/Els/Cq333NK8ZGVUcrVj7UlCRO/
 xG08Y2bY1nmvUX1Ij9GUSjGoWN40mtv+Ylygh7s9RJckF/knjLLWPwH9QJxbVJRE
 Z4bbO2ahcQ==
 -----END CERTIFICATE-----
--- a/humhub-proxy-common/overlay/etc/satosa/frontend.crt
+++ b/humhub-proxy-common/overlay/etc/satosa/frontend.crt
@ -0,0 +1,30 @@
 -----BEGIN CERTIFICATE-----
 MIIFFTCCAv2gAwIBAgIUWMp38b0CDPn/bWDTYKbz71OlNH4wDQYJKoZIhvcNAQEL
 BQAwGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMB4XDTIxMDIyNjExNDUxMFoX
 DTMxMDIyNDExNDUxMFowGjEYMBYGA1UEAwwPc2F0b3NhX2Zyb250ZW5kMIICIjAN
 BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqnJqdfVhB9TRKlZ4hzqfXySAfmBU
 vSVMnnkVRiVSUTgSBAw1O6JCqyJjZKGbMUDWvB6bK2Ojc9gZ5mzuDiZl7OeQBIo8
 h97YI3jSkNgD8ePJv4q6QDL+DU8ALAwIwdoDF4m+B57urEcPnzDyakfa0Ql8h7qp
 P/ZkYJ1fv+iQGZ31AXUAz1K9ukpGmReSj0aa1r7BONuPJ0jFM9x30Dhvd2on+igv
 D3IsLpU6VNVzC+DYRP4cjLjG3LbgwuyPjPtYmbqxe4xf/9+yRBOQu7bOqgNRDAXZ
 hQYjB9qjn5VdVF3XeaL7538aImKuaehpKQM7MYz1JO/XNjPvB2Juc1DrrvqMqgTt
 dl09C5aqNhfrOP7yMXE51UaL2pzpj6M0KresnU2roDtYFBcbgVGdx9oLYN52XER/
 Oli+iUzdAA9D6INxNQ1WxbJp/EVPyHAP7slsZ0YqYBgEeqewHYTGoUZmIbTu1g35
 xBNpYK5STFd9ggTQ406Q3jt1L+/ux4xTdzRzZM5l7ULkR4+W2vGtUqsmi08/dlwi
 HdT6NLIwn7/HNTTW0TWYm7dN6zFaONb9NN+9NaQz/te8d/D0DbWAjy0i5hcjbFrO
 S0BneIGNjmGN4I2L+Kt8br9tJd+Q4FRFMijSf6FmVDUcXv4S7jFBG702O6n8gtGT
 s2+45MZgX5WjG5UCAwEAAaNTMFEwHQYDVR0OBBYEFDUZkkPRzp1Uj6vf+5D2SqaO
 ew7JMB8GA1UdIwQYMBaAFDUZkkPRzp1Uj6vf+5D2SqaOew7JMA8GA1UdEwEB/wQF
 MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFPNNwxdgnIRlzooLnedCaiMyNh8tr2d
 0sne9gUXIgNYjvz45uKqcmirAERSXoxMOP3QUGlRF7GO25RvRZkmrlw1lxEKpVnr
 iSqrSJ2rwzY48GvL0jLlCtyt3O3pUA6PgbRIC450WWFyrtTj7aYSiXoLLVtQ5xIr
 xpGE3X401g92teW4S6Sy5t/YTgWB2/qmp+wuT4ZlWMUoCNYsc8eeEwhDW00NJ2p3
 LdCE9zyUfVTBB1h+MaZIQcDpzTZ0Jg8bajktxKlmzdjRqeSA/GoYCxSyfQOdkx/V
 BskT6p4fgwpH0ifERLZtxe00bhRRQxbwiQCxI5xA5e39mxAd3dzE5g7doUCo9m5+
 OHhT9YO6c0WBc6g1MK2g0T+aePh4RGnXYvlDErLTLncaAVJ8PRB9pu0isVIo9XDA
 bF2aAfk3Y7cNf+sGqY3TtrIioz7YfFK+oapTesdSAgXsJWn/inpvOqhev+28XVd3
 2ZWs3ZfErTG/jk6Ai90ANFbypc5I3DQNdF+wJLG09y7tgJO9ydUbfrbqQOfeAPxz
 91W7+y83bJML44x9Zqe8RQIA2oWXRcoG0PLDdRRnwlzeE3g0zHUs/jYiPAdK3ZuC
 /a8wSLxfSWcvNy2PVIi3FkTOi6qNQmDOfLAJSks7YTZP4fyNV7sV1gmDMncDF8WX
 AeibHFpjHT1g
 -----END CERTIFICATE-----
--- a/humhub-proxy-common/overlay/etc/satosa/md-signer2.crt
+++ b/humhub-proxy-common/overlay/etc/satosa/md-signer2.crt
@ -0,0 +1,33 @@
 -----BEGIN CERTIFICATE-----
 MIIFyzCCA7OgAwIBAgIJAI9LJsUJXDMVMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
 BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEO
 MAwGA1UECgwFU1VORVQxDzANBgNVBAsMBlNXQU1JRDEkMCIGA1UEAwwbU1dBTUlE
 IG1ldGFkYXRhIHNpZ25lciB2Mi4wMB4XDTE2MTIwNjA5MjgyMFoXDTM2MTIwNjA5
 MjgyMFowfDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UE
 BwwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEPMA0GA1UECwwGU1dBTUlEMSQw
 IgYDVQQDDBtTV0FNSUQgbWV0YWRhdGEgc2lnbmVyIHYyLjAwggIiMA0GCSqGSIb3
 DQEBAQUAA4ICDwAwggIKAoICAQDQVw72PnIo9QIeV439kQnPcxZh/LddKw86eIU+
 nMfl4TpjSIyqTu4KJSnXbJyqXg+jQj3RzE9BUblpGrR7okmQwOh2nh+5A6SmyTOR
 p7VEVT/Zw0GNnQi9gAW7J8Cy+Gnok4LeILI5u43hPylNKAnvs1+bo0ZlbHM6U5jm
 6MlO+lrYA9dZzoPQqoCQbr3OweAaq5g8H54HuZacpYa3Q2GnUa4v+xywjntPdSQU
 RTAbWWyJl3cHctX5+8UnX8nGCaxoBZqNp9PcEopyYJX8O1nrLumBMqu9Uh6GW1nx
 OHfKDLvUoykG3Dm704ENVs88KaJXB1qQNsjdlm14UI9XCZbHfnFVnQ53ehsGFMha
 Bf/Abd6v2wnhBLH/RxEUlw347qSeokw+SdDTSdW8jOEBiSqP/8BUzpCcbGlgAsVO
 NKUS0K7IB2Bb79YYhyMvmJl24BGtkX+VM/mv47dxOtfzNFCMtUcJ2Dluv0xJG8xI
 ot7umx/kbMBLuq7WdWELZJrgpt2bb9sXtYBpuxtGCW5g7+U7MNN1aKCiCSfq09YH
 qu2DsU7HHAxEcGFXBiepBliCwZ24WLQh53bA3rihaln7SjdapT9VuSTpCvytb9RX
 rq39mVuHMXvWYOG20XTV0+8U2vnsjAwsy28xPAcrLWRWoZbRJ+RoGp6L3GACq+t+
 HPIukwIDAQABo1AwTjAdBgNVHQ4EFgQUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwHwYD
 VR0jBBgwFoAUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwDAYDVR0TBAUwAwEB/zANBgkq
 hkiG9w0BAQsFAAOCAgEAHviIAfS8viUN8Qk//U1p6Z1VK5718NeS7uqabug/SwhL
 Vxtg/0x9FPJYf05HXj4moAf2W1ZLnhr0pnEPGDbdHAgDC672fpaAV7DO95d7xubc
 rofR7Of2fehYSUZbXBWFiQ+xB5QfRsUFgB/qgHUolgn+4RXniiBYlWe6QJVncHx+
 FtxD+vh1l5rLNkJgJLw2Lt3pbemSxUvv0CJtnK4jt2y95GsWGu1uSsVLrs0PR1Lj
 kuxL6zZH4Pp9yjRDOUhbVYAnQ017mdcjvHYtp7c4GIWgyaBkDoMtU6fAt70QpeGj
 XhecXk7Llx+oYNdZn14ZdFPRGMyAESLrT4Zf9M7QS3ypnWn/Ux0SwKWbnPUeRVbO
 VZZ+M0jmdYK6o+UU5xH3peRWSJIjjRaKjbVlW5GgHwGFmQc/LN+va2jjThRsQWWt
 zEwObijedInQ6wfL/VzFAwlWWoDAzKK9qnK4Rf3ORKkvhKrUa//2OYnZD0kHtHiC
 OL+iFRLtJ/DQP5iZAF+M1Hta7acLmQ8v7Mn1ZR9lyDWzFx57VOKKtJ6RAmBvxOdP
 8cIgBNvLAEdXh2knOLqYU/CeaGkxTD7Y0SEKx6OxEEdafba//MBkVLt4bRoLXts6
 6JY25FqFh3eJZjR6h4W1NW8KnBWuy+ITGfXxoJSsX78/pwAY+v32jRxMZGUi1J4=
 -----END CERTIFICATE-----
--- a/humhub-proxy-common/overlay/etc/satosa/metadata/humhub.xml
+++ b/humhub-proxy-common/overlay/etc/satosa/metadata/humhub.xml
@ -0,0 +1,15 @@
 <?xml version="1.0"?>
 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://forum.sunet.se/saml-sso/metadata?authclient=saml">
  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
          <ds:X509Certificate>MIIEuzCCAyOgAwIBAgIUBdirRj6uD891qjPT3zCuedhT8CgwDQYJKoZIhvcNAQELBQAwbTELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTEOMAwGA1UECgwFU1VORVQxFzAVBgNVBAMMDmZvcnVtLnN1bmV0LnNlMSEwHwYJKoZIhvcNAQkBFhJrcmlzdG9mZXJAc3VuZXQuc2UwHhcNMjEwMjI2MDk0NjAyWhcNMzEwMjI2MDk0NjAyWjBtMQswCQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEXMBUGA1UEAwwOZm9ydW0uc3VuZXQuc2UxITAfBgkqhkiG9w0BCQEWEmtyaXN0b2ZlckBzdW5ldC5zZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALpDb08NbU9f9/q4RMgI5SRufF+XucnJqJ1x+oihovCfb/6/yWfD2eEoMU7bEKFA5Rwj4Ie3o9p3BHAj4gKLg9dRdiFEtNOlLk9QOxS4vTGDWvOtLWQ+Xt6t4sm14CZFEkETXte5FqNxHiAlV7UfzD1U/1ZBonRReKTFL5GRRnRmqoUsiOP7E4c8jOJvyryM+By9+YQNbJj3nCOBN0sbzsLsotBXWUwzx53N3Qkz8aqJzM9WXE8IR2DlpYri3vY1LWf0YVLn3XFpDjtFzlTXfXj3A737rSmp225AxAAM5YIso1mfiAYb5Zw+qFxHus9p/zU1StSlJBz5qg72IqE9pR0TA+u/6xF+P3gzEyGew6o2tCSkIFgL1p/CUXi+L4uCszhpEsB3QmSwOIeVh4do5VIYNYF6VbOsZAkLawDZL8UFSCMIZss058L58Ab+PFCGkVbAXbLiEaje0eHz3HDAyGRQ3qBFCjC93PFfms6E5ZY0zPUs8cvyNAWvEgIp+dz4CwIDAQABo1MwUTAdBgNVHQ4EFgQUZPe9tFY5krgiGDTnkLI7Gbmuma8wHwYDVR0jBBgwFoAUZPe9tFY5krgiGDTnkLI7Gbmuma8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAYEAWTtpspradIYnJwjfxkn0IS8oMVnCDJFGpvIKtF5BeEEaqS+NtJnB+7xg8aT8CDU8rw5NSBKRxlbOMDJ9MR1xIzDr0cmvgmgoi58QVOWhZRQLDqRDrpTsvSdPizfHq8vuE4l2KPI9WCo8KJ01K0x7JLsoHpNf3hszK6F3hFI7HtmKbDPeUwVlEPOAA55OSU8qvzQ7QN2KsvweySxqpUifjWesNI+nnz+6xLPksqxBipumlrQLVZJ3r49VNiiB7cWkBehP/f3u3GBqziigMXNY+3ENeDFg53VWZ8l/8c9QkGVeAs8taMLdT7SFlgrdGlvVIKnb+u9NTmAKWhC6E6Yn/l6hdkLLVJDCFS92srLYd/NyjcF38iUdPnB2KhcurdNuLz+ELEnyTCuIQmwePK4B00nDAhhhmNKZeQvix8W4O64ltXv+DAJoqAXa9Dhxm1zRPMM3YEJeK8yf9DGVWXEyJ3EomzLY6KF/y56v+18B/+52/BR3F9p2sSW670Zb7mCX</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://forum.sunet.se/index.php?r=saml-sso%2Flogout&amp;authclient=saml"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://forum.sunet.se/user/auth/external?authclient=saml&amp;handleAcs=1" index="1"/>
  </md:SPSSODescriptor>
 </md:EntityDescriptor>
--- a/humhubproxy-sto1-prod-2.sunet.se/README
+++ b/humhubproxy-sto1-prod-2.sunet.se/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/humhubproxy-sto1-prod-2.sunet.se/overlay/etc/hiera/data/local.eyaml
+++ b/humhubproxy-sto1-prod-2.sunet.se/overlay/etc/hiera/data/local.eyaml
--- a/humhubproxy-sto3-prod-1.sunet.se/README
+++ b/humhubproxy-sto3-prod-1.sunet.se/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/humhubproxy-sto3-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml
+++ b/humhubproxy-sto3-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml
--- a/lb-common/overlay/etc/hiera/data/group.yaml
+++ b/lb-common/overlay/etc/hiera/data/group.yaml
@ -2,7 +2,6 @@
 sunet_frontend:
  load_balancer:
    haproxy_imagetag: '20230228-stable'
    api_imagetag: 'stable'
    exabgp_imagetag: 'stable'
@ -220,8 +219,8 @@ sunet_frontend:
            ips: ['37.156.192.27', '2001:6b0:60:c0::27']
        backends:
          default:
-            'zoom-saas-idp-proxy-3.sunet.se':
+            'zoomproxy-tug-prod-1.sunet.se':
-              ips: ['192.36.171.243']
+              ips: ['192.36.171.242']
              server_args: 'ssl check verify none'
            'zoomproxy-sto1-prod-1.sunet.se':
              ips: ['89.47.184.173']
@ -661,11 +660,11 @@ sunet_frontend:
        backends:
          default:
            'internal-sto4-prod-k8sc-0.rut.sunet.se':
-              ips: ['2001:6b0:6c::1dd', '89.46.21.223']
+              ips: ['2001:6b0:6c::91', '89.46.20.171']
            'internal-sto4-prod-k8sc-1.rut.sunet.se':
-              ips: ['2001:6b0:6c::27f', '89.46.21.87']
+              ips: ['2001:6b0:6c::10b', '89.46.21.177']
            'internal-sto4-prod-k8sc-2.rut.sunet.se':
-              ips: ['2001:6b0:6c::3b7', '89.46.20.39']
+              ips: ['2001:6b0:6c::135', '89.46.20.241']
        allow_ports:
          - 80
          - 443
@ -711,3 +710,113 @@ sunet_frontend:
        letsencrypt_server: 'acme-c.sunet.se'
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'
      'auth':
        haproxy_volumes:
          - "/etc/ssl/certs/infra.crt:/etc/ssl/certs/infra.crt:ro"
          - "/opt/frontend/config/ssl/infra_haproxy.crt:/opt/frontend/config/ssl/infra_haproxy.crt:ro"
        site_name: 'auth.sunet.se'
        frontends:
          'tug-lb-1.sunet.se':
            ips: ['37.156.192.66', '2001:6b0:60:c0::66']
          'sthb-lb-1.sunet.se':
            ips: ['37.156.192.67', '2001:6b0:60:c0::67']
        backends:
          default:
            'auth-2.sunet.se':
              ips: ['192.36.171.67']
              server_args: 'ssl  alpn h2  crt /opt/frontend/config/ssl/infra_haproxy.crt  verify required  ca-file /etc/ssl/certs/infra.crt  check check-alpn http/1.1'
        allow_ports:
          - 443
          - 80
        letsencrypt_server: 'acme-c.sunet.se'
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'
      'nutidauthtst':
        haproxy_volumes:
          - "/etc/ssl/certs/infra.crt:/etc/ssl/certs/infra.crt:ro"
          - "/opt/frontend/config/ssl/infra_haproxy.crt:/opt/frontend/config/ssl/infra_haproxy.crt:ro"
        site_name: 'nutid-auth-test.sunet.se'
        frontends:
          'tug-lb-1.sunet.se':
            ips: ['37.156.192.22', '2001:6b0:60:c0::22']
          'sthb-lb-1.sunet.se':
            ips: ['37.156.192.23', '2001:6b0:60:c0::23']
        backends:
          default:
            'nutid-auth-test-2.sunet.se':
              ips: ['89.47.185.33']
              server_args: 'ssl  alpn h2  crt /opt/frontend/config/ssl/infra_haproxy.crt  verify required  ca-file /etc/ssl/certs/infra.crt  check check-alpn http/1.1'
        allow_ports:
          - 443
          - 80
        letsencrypt_server: 'acme-c.sunet.se'
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'
      'nutidauth':
        haproxy_volumes:
          - "/etc/ssl/certs/infra.crt:/etc/ssl/certs/infra.crt:ro"
          - "/opt/frontend/config/ssl/infra_haproxy.crt:/opt/frontend/config/ssl/infra_haproxy.crt:ro"
        site_name: 'nutid-auth.sunet.se'
        frontends:
          'tug-lb-1.sunet.se':
            ips: ['37.156.192.62', '2001:6b0:60:c0::62']
          'sthb-lb-1.sunet.se':
            ips: ['37.156.192.63', '2001:6b0:60:c0::63']
        backends:
          default:
            'nutid-auth-3.sunet.se':
              ips: ['192.36.171.72']
              server_args: 'ssl  alpn h2  crt /opt/frontend/config/ssl/infra_haproxy.crt  verify required  ca-file /etc/ssl/certs/infra.crt  check check-alpn http/1.1'
        allow_ports:
          - 443
          - 80
        letsencrypt_server: 'acme-c.sunet.se'
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'
      'fidustest':
        site_name: 'fidustest.skolverket.se'
        frontends:
          'tug-lb-1.sunet.se':
            ips: ['37.156.192.52', '2001:6b0:60:c0::52']
          'sthb-lb-1.sunet.se':
            ips: ['37.156.192.53', '2001:6b0:60:c0::53']
        backends:
          default:
            'fidustest-1.fidus.sunet.se':
              ips: ['89.45.236.185']
              server_args: 'ssl check verify none'
        allow_ports:
          - 443
          - 80
        letsencrypt_server: 'acme-c.sunet.se'
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'
      'bankidpqa':
        haproxy_volumes:
          - "/etc/ssl/certs/infra.crt:/etc/ssl/certs/infra.crt:ro"
          - "/opt/frontend/config/ssl/infra_haproxy.crt:/opt/frontend/config/ssl/infra_haproxy.crt:ro"
        site_name: 'bankidp.qa.swamid.se'
        frontends:
          'tug-lb-1.sunet.se':
            ips: ['37.156.192.84', '2001:6b0:60:c0::84']
          'sthb-lb-1.sunet.se':
            ips: ['37.156.192.85', '2001:6b0:60:c0::85']
        backends:
          default:
            'bankid-idp-app1.qa.swamid.se':
              ips: ['89.46.21.115']
              server_args: 'ssl  alpn h2  crt /opt/frontend/config/ssl/infra_haproxy.crt  verify required  ca-file /etc/ssl/certs/infra.crt  check check-alpn http/1.1'
            'bankid-idp-app2.qa.swamid.se':
              ips: ['89.45.236.159']
              server_args: 'ssl  alpn h2  crt /opt/frontend/config/ssl/infra_haproxy.crt  verify required  ca-file /etc/ssl/certs/infra.crt  check check-alpn http/1.1'
        allow_ports:
          - 443
          - 80
        letsencrypt_server: 'acme-c.sunet.se'
        haproxy_imagetag: '20230228-stable'
        frontendtools_imagetag: '20230228'
--- a/lb-common/overlay/opt/frontend/config/auth/haproxy.j2
+++ b/lb-common/overlay/opt/frontend/config/auth/haproxy.j2
@ -0,0 +1,39 @@
 {% extends 'common/haproxy_base.j2' %}
 {% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
 {%- macro bind_ip_tls_extra(bind_ips, port, tls_cert, extra) -%}
 {%- for ip in bind_ips %}
    bind {{ ip }}:{{ port }} ssl crt {{ tls_cert }}  {{ extra }}
 {%- endfor %}
 {%- endmacro %}
 {% block frontend %}
 frontend {{ site_name }}
    {{ bind_ip_tls_extra(bind_ips, 443, tls_certificate_bundle, "verify optional  crt-ignore-err all  ca-file /etc/ssl/certs/ca-certificates.crt") }}
    timeout http-request 10s
    timeout http-keep-alive 4s
    option forwardfor
    http-request set-header X-Forwarded-Proto https
    http-request set-header client-cert %{+Q}[ssl_c_der,base64]
    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff', 'no_cache']) }}
    {{ acme_challenge(letsencrypt_server) }}
    use_backend {{ site_name }}__default
 {% endblock frontend %}
 {% block backend %}
 {{ output_backends(backends,
        config=['option httpchk GET /status/healthy HTTP/1.1',
        'http-check expect string STATUS_OK',
        'http-check send-state',
        'http-check disable-on-404',
        ],
    )
 }}
 {% endblock backend %}
--- a/lb-common/overlay/opt/frontend/config/bankidpqa/haproxy.j2
+++ b/lb-common/overlay/opt/frontend/config/bankidpqa/haproxy.j2
@ -0,0 +1,28 @@
 {% extends 'common/haproxy_base.j2' %}
 {% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
 {%- macro bind_ip_tls_extra(bind_ips, port, tls_cert, extra) -%}
 {%- for ip in bind_ips %}
    bind {{ ip }}:{{ port }} ssl crt {{ tls_cert }}  {{ extra }}
 {%- endfor %}
 {%- endmacro %}
 {% block frontend %}
 frontend {{ site_name }}
    {{ bind_ip_tls_extra(bind_ips, 443, tls_certificate_bundle, "verify optional  crt-ignore-err all  ca-file /etc/ssl/certs/ca-certificates.crt") }}
    timeout http-request 10s
    timeout http-keep-alive 4s
    option forwardfor
    http-request set-header X-Forwarded-Proto https
    http-request set-header client-cert %{+Q}[ssl_c_der,base64]
    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff', 'no_cache']) }}
    {{ acme_challenge(letsencrypt_server) }}
    use_backend {{ site_name }}__default
 {% endblock frontend %}
--- a/lb-common/overlay/opt/frontend/config/fidustest/haproxy.j2
+++ b/lb-common/overlay/opt/frontend/config/fidustest/haproxy.j2
@ -0,0 +1 @@
 {% extends 'common/haproxy_fidus.j2' %}
--- a/lb-common/overlay/opt/frontend/config/nutidauth/haproxy.j2
+++ b/lb-common/overlay/opt/frontend/config/nutidauth/haproxy.j2
@ -0,0 +1,39 @@
 {% extends 'common/haproxy_base.j2' %}
 {% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
 {%- macro bind_ip_tls_extra(bind_ips, port, tls_cert, extra) -%}
 {%- for ip in bind_ips %}
    bind {{ ip }}:{{ port }} ssl crt {{ tls_cert }}  {{ extra }}
 {%- endfor %}
 {%- endmacro %}
 {% block frontend %}
 frontend {{ site_name }}
    {{ bind_ip_tls_extra(bind_ips, 443, tls_certificate_bundle, "verify optional  crt-ignore-err all  ca-file /etc/ssl/certs/ca-certificates.crt") }}
    timeout http-request 10s
    timeout http-keep-alive 4s
    option forwardfor
    http-request set-header X-Forwarded-Proto https
    http-request set-header client-cert %{+Q}[ssl_c_der,base64]
    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff', 'no_cache']) }}
    {{ acme_challenge(letsencrypt_server) }}
    use_backend {{ site_name }}__default
 {% endblock frontend %}
 {% block backend %}
 {{ output_backends(backends,
        config=['option httpchk GET /status/healthy HTTP/1.1',
        'http-check expect string STATUS_OK',
        'http-check send-state',
        'http-check disable-on-404',
        ],
    )
 }}
 {% endblock backend %}
--- a/lb-common/overlay/opt/frontend/config/nutidauthtst/haproxy.j2
+++ b/lb-common/overlay/opt/frontend/config/nutidauthtst/haproxy.j2
@ -0,0 +1,39 @@
 {% extends 'common/haproxy_base.j2' %}
 {% from "common/haproxy_macros.j2" import bind_ip_tls, web_security_options, acme_challenge, csp %}
 {%- macro bind_ip_tls_extra(bind_ips, port, tls_cert, extra) -%}
 {%- for ip in bind_ips %}
    bind {{ ip }}:{{ port }} ssl crt {{ tls_cert }}  {{ extra }}
 {%- endfor %}
 {%- endmacro %}
 {% block frontend %}
 frontend {{ site_name }}
    {{ bind_ip_tls_extra(bind_ips, 443, tls_certificate_bundle, "verify optional  crt-ignore-err all  ca-file /etc/ssl/certs/ca-certificates.crt") }}
    timeout http-request 10s
    timeout http-keep-alive 4s
    option forwardfor
    http-request set-header X-Forwarded-Proto https
    http-request set-header client-cert %{+Q}[ssl_c_der,base64]
    {{ web_security_options(['no_frames', 'block_xss', 'hsts', 'no_sniff', 'no_cache']) }}
    {{ acme_challenge(letsencrypt_server) }}
    use_backend {{ site_name }}__default
 {% endblock frontend %}
 {% block backend %}
 {{ output_backends(backends,
        config=['option httpchk GET /status/healthy HTTP/1.1',
        'http-check expect string STATUS_OK',
        'http-check send-state',
        'http-check disable-on-404',
        ],
    )
 }}
 {% endblock backend %}
--- a/lb-test-common/overlay/etc/hiera/data/group.yaml
+++ b/lb-test-common/overlay/etc/hiera/data/group.yaml
@ -2,7 +2,6 @@
 sunet_frontend:
  load_balancer:
    haproxy_imagetag: '20230228-stable'
    api_imagetag: 'stable'
    exabgp_imagetag: 'stable'
--- a/netbird-test-sto1-1.sunet.se/README
+++ b/netbird-test-sto1-1.sunet.se/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/netbird-test-sto1-1.sunet/README
+++ b/netbird-test-sto1-1.sunet/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/vpnexit-test-sthb-1.sunet.se/README
+++ b/vpnexit-test-sthb-1.sunet.se/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/vpnexit-test-tug-1.sunet.se/README
+++ b/vpnexit-test-tug-1.sunet.se/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/zoom-proxy-common/README
+++ b/zoom-proxy-common/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/zoom-proxy-common/overlay/etc/hiera/data/group.yaml
+++ b/zoom-proxy-common/overlay/etc/hiera/data/group.yaml
@ -0,0 +1,189 @@
 ---
 satosa_config:
   saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml"
   saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml"
   generated_attributes: "/etc/satosa/plugins/generated_attributes.yaml"
   internal_attributes: "/etc/satosa/internal_attributes.yaml"
   attribute_authorization: "/etc/satosa/plugins/attribute_authorization.yaml"
   attribute_filter: "/etc/satosa/plugins/attribute_filter.yaml"
   healthcheck: "/etc/satosa/plugins/healthcheck.yaml"
 generated_attributes:
   module: satosa.micro_services.attribute_generation.AddSyntheticAttributes
   plugin: AddSyntheticAttributes
   name: AddSyntheticAttributes
   config:
      synthetic_attributes:
         default:
            default:
               schachomeorganization: "{{edupersonprincipalname.scope}}"
 attribute_authorization:
   module: satosa.micro_services.attribute_authorization.AttributeAuthorization
   plugin: AttributeAuthorization
   name: AttributeAuthorization
   config:
      force_attributes_presence_on_allow: true
      attribute_allow:
         default:
            default:
               edupersonscopedaffiliation:
                  - "^(member|employee)@sunet.se$"
 attribute_filter:
   module: satosa.micro_services.attribute_modifications.FilterAttributeValues
   name: AttributeFilter
   config:
      attribute_filters:
         default:
            default:
               edupersonscopedaffiliation: "^(member|employee|student)@"
 internal_attributes:
   attributes:
      displayname:
         saml: [displayName]
         adfs: [displayName]
      commonname:
         saml: [cn]
         adfs: [displayName]
      givenname:
         saml: [givenName]
         adfs: [givenName]
      surname:
        saml: [sn]
        adfs: [sn]
      mail:
        saml: [mail]
        adfs: [mail]
      edupersonprincipalname:
        saml: [eduPersonPrincipalName]
        adfs: [eduPersonPrincipalName]
      edupersonscopedaffiliation:
        saml: [eduPersonScopedAffiliation]
        adfs: [eduPersonScopedAffiliation]
      noredupersonnin:
        saml: [norEduPersonNIN]
        adfs: [norEduPersonNIN]
      edupersonentitlement:
        saml: [eduPersonEntitlement]
        adfs: [eduPersonEntitlement]
      schachomeorganization:
        saml: [schacHomeOrganization]
      schachomeorganizationtype:
        saml: [schacHomeOrganizationType]
      organizationname:
        saml: [ou]
      noreduorgacronym:
        saml: [norEduOrgAcronym]
      countryname:
        saml: [c]
      friendlycountryname:
        saml: [co]
      edupersontargetedid:
        saml: [eduPersonTargetedID]
   user_id_to_attr: edupersontargetedid
 healthcheck:
   module: swamid_plugins.healthcheck.HealthCheck
   name: HealthCheck
 satosa_proxy_conf:
   BASE: https://zoom-saas-idp-proxy.sunet.se
   INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
   BACKEND_MODULES:
      - "plugins/saml2_backend.yaml"
   FRONTEND_MODULES:
      - "plugins/saml2_frontend.yaml"
   MICRO_SERVICES:
      - "plugins/generated_attributes.yaml"
      - "plugins/attribute_authorization.yaml"
      - "plugins/attribute_filter.yaml"
      - "plugins/healthcheck.yaml"
   LOGGING:
     version: 1
     formatters:
        default:
           format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s"
     handlers:
        console:
           class: logging.StreamHandler
           level: DEBUG
           formatter: default
           stream: ext://sys.stdout
     loggers:
        satosa:
           level: DEBUG
           handlers: [console]
        saml2:
           level: DEBUG
           handlers: [console]
 saml2_backend:
  config:
    sp_config:
      organization: {display_name: SUNET Zoom, name: SUNET Zoom, url: 'https://sunet.se'}
      contact_person:
        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
      key_file: backend.key
      cert_file: backend.crt
      encryption_keypairs:
        - { key_file: backend.key, cert_file: backend.crt }
      allow_unknown_attributes: true
      metadata:
        mdq:
         - url: https://mds.swamid.se
           cert: "/etc/satosa/md-signer2.crt"
      entityid: https://zoom-saas-idp-proxy.sunet.se/sp
      service:
        sp:
          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
          allow_unsolicited: true
          endpoints:
            assertion_consumer_service:
              - [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
              - [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
            discovery_response:
              - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
          want_response_signed: False
          want_assertions_signed: False
          want_assertions_or_response_signed: True
      xmlsec_binary: /usr/bin/xmlsec1
      attribute_map_dir: attributemaps
    disco_srv: https://service.seamlessaccess.org/ds
    attribute_profile: saml
  module: satosa.backends.saml2.SAMLBackend
  name: Saml2SP
  plugin: BackendModulePlugin
 saml2_frontend:
  config:
    custom_attribute_release:
      default:
        default:
          exclude: ["eduPersonTargetedID","eduPersonAffiliation"]
    idp_config:
      organization: {display_name: SWAMID, name: SWAMID, url: 'https://sunet.se'}
      contact_person:
        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
      key_file: frontend.key
      cert_file: frontend.crt
      metadata:
        local: [metadata/zoom.xml]
      entityid: https://zoom-saas-idp-proxy.sunet.se/idp
      accepted_time_diff: 300
      service:
        idp:
          endpoints:
            single_sign_on_service: []
          name: SWAMID
          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
          policy:
            default:
              attribute_restrictions: null
              fail_on_missing_requested: false
              lifetime: {minutes: 15}
              name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
          want_authn_requests_signed: false
      xmlsec_binary: /usr/bin/xmlsec1
    endpoints:
      single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post,
        'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect}
    attribute_profile: saml
  module: satosa.frontends.saml2.SAMLFrontend
  plugin: FrontendModulePlugin
  name: Saml2IDP
--- a/zoom-proxy-common/overlay/etc/satosa/backend.crt
+++ b/zoom-proxy-common/overlay/etc/satosa/backend.crt
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE-----
 MIIFBTCCAu2gAwIBAgIJAPSHarYbYh/jMA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNV
 BAMMDnNhdG9zYV9iYWNrZW5kMB4XDTE3MDgyOTA4MTU0NFoXDTI3MDgyNzA4MTU0
 NFowGTEXMBUGA1UEAwwOc2F0b3NhX2JhY2tlbmQwggIiMA0GCSqGSIb3DQEBAQUA
 A4ICDwAwggIKAoICAQCdP/NkGz/PXwB+vN9qgaEXkyKIKUXsesQFv0tx9ivrr9vW
 jp5nIQG5OBPlKurw9lyYGKSF8npVdlx+6MBvizn50TxXt4s0DzoPOVyVQM21wA9D
 p2Mbxq+Tx4zmHadyY+5upKxAtKwCpygHsgyyQ5okT09FVz6q+yp2xROjbtGx65FF
 UwMiJWalfWlJ8E2Vbi4To6rURvSHik7fDMw2geBFntRs0NNniEU9PecJseI0vtzv
 /L2JGFJKQzvZ538NtBF0cYWs11J0PfvT5XZyr4GVZSUdqmHsq4KxnGuAKkgnyefG
 q8PFdHXEVcobnl3L1iPf1bTs2OiiBzzz0LgmdWHOAYo6gVdpkSdb1pzF1IUCUOhP
 BC+8vHZjNnfVyP8wxChLNP559KrJJmHTsp9AetR14WsirNkH5lH/oj35VEioWMR4
 1Win3pT94RErVjKdCmJFNy14NCs3+M2VMmy3jsIL/VSY0ocZ0tdQhSkSm5YDRyOC
 KrZcKjdwyie8Rrn3mpctllklkusZAkgf8iq/vhnj/x/jryt5/dUlqrCZ5Lwjp5gf
 o8HC56Jw8N0AQldEwvoU1plm82ji/OO/ITZ+cpZ5pCMwIF6X4F6fKTCAtGis/sJy
 XSoPt6taVOhJu79B2OE4b7mA8FZFB8xtSI97UaHIR4LYNo1bZGC+Oii98rL9OwID
 AQABo1AwTjAdBgNVHQ4EFgQUbIky0J1V8GO64V4tVVaryNOXYK8wHwYDVR0jBBgw
 FoAUbIky0J1V8GO64V4tVVaryNOXYK8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
 AQsFAAOCAgEAFh05O9tWYZpvmhI8Ru3mjDpOSkgWdfZIATJ6L35bQnW8J9/DL9yE
 a58QQ4xCQm1U0yFr3ssDc5bD/Zvco0pq+RPiyR/ydY+4Ld9HtQjaYYYVTvfv6Vsc
 X+UpHVsd0MhMUiFQo1Gq40vTMfenPg2lgzLdqiCorA/l9a3+G1dFIXw7Ro+4LTHZ
 lCc+u+yQSkQsBHcVyYCW3UdNKSdGl3u99DY+BXO1aG/J11qvynjkC8o3PvMc39BQ
 ryvonVkeIp+DPK2080HUjDpSiXKQElniDeZWkQin5/ra45rLS/23/jkqiOfUrSIu
 WdYYGOgXOXU69PM71onMCNJK+MQQOuGky+y5LybunxiDdw0V9Ay1zRrjfUtV1EiD
 EA5q2DuTAnkBTvwChA/DPRq7o3/Dw3JajVRN39lXjXcYczeBnTAXrNlCwJMtWQ1o
 ZHmcDHEOnUQ6oSlXbWhAOOUQw+0z+RQLYbkK5AMFmUqLEYKIgx6asdxUtvwf4PxQ
 6xHYyip9FvJ5GQcwNQpJ06xDeBi5D9wJ8/N2E6LV+7y5prqVvYWQCs5jCEJ+FSWH
 5slPKSklNu3s4Ul4D6pqU32243+LNROyRaUuy3wXDfLiZLQa17QAhlim6RWpaplq
 Mxe0+tX0hEXUAHD3qoocrc5Nn5gXeDpmZA4Ik8dtzyPj8AkGUtekHt8=
 -----END CERTIFICATE-----
--- a/zoom-proxy-common/overlay/etc/satosa/frontend.crt
+++ b/zoom-proxy-common/overlay/etc/satosa/frontend.crt
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE-----
 MIIFBzCCAu+gAwIBAgIJAKGw1jEdxh7jMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
 BAMMD3NhdG9zYV9mcm9udGVuZDAeFw0xNzA4MjkwODAwNDlaFw0yNzA4MjcwODAw
 NDlaMBoxGDAWBgNVBAMMD3NhdG9zYV9mcm9udGVuZDCCAiIwDQYJKoZIhvcNAQEB
 BQADggIPADCCAgoCggIBAMNmUZ4Fvt64HiJCgIytEN2AohTuNs6MWmOUyHj3Gq7J
 TO3JmemKCg9MzR4s0dELfm5zd0/yq6EkeYitg2zrY2+87ue1H1wNDCBdq7msjCys
 hW0h9bn/7MbwdfePJyyHxROZp+AB5r1mJCQHC8AAJDtVe7Th4A8K2ctC2XIuQn7A
 im0giPP5EdKPKvNb+TuZ0yd6KfoX37ZMLSbacJPXs/3t/9e5Alv7wqpV7vUOxPu8
 uyC1yw7t8pMbU+MDskBt0Z+VZP/h8zZNmAtWjAc/1EddhFFyjIDUA9Xbh+yvIonR
 CfrbdmxrkFjOXuhNgagJJBfDw4VUfokFa46DwlxgXqaZ8fsVj/n/p8bIdkITtaMw
 /WIGs84JjZZd8BDsgFtUj4SJ8uO+4pdPl6yZKQ2CuLHvBdWvDleXUkIoMadkUqg/
 3hzdW8zNXNMFw9kmD3fSvYK89+JGc6Z74N6LnAAZqlQSYXYanKKHuHxTIY2HpiIk
 nSzHx5uN3aKJCHA4uSNN7y0/Grlea6CN5OO6ZrWrSo2+MdNsQA2PDJOyoL9wvDav
 B/NbOd12QtLSjbCwYqR9sCLm7u870w1UlKUMjJq9H01QpKqavsO3hSnx0av0JU8z
 Ft5x6Ipgm0rsjVpgOjv5drxGTEViBRI6vsee5EAzZ0i3Bb/JXe/jswFpBimLeDLB
 AgMBAAGjUDBOMB0GA1UdDgQWBBRZUcpJzK4O0vC9E5hylZX7C/2G3TAfBgNVHSME
 GDAWgBRZUcpJzK4O0vC9E5hylZX7C/2G3TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
 DQEBCwUAA4ICAQAQkBpOJ24TuuRH84kuQBr5SMccn+NAHrAlW48NEWZ9UrRJpvo4
 Kf3zOyb9USd+bYlz5y6ThQtfYrDmCmtGWisRIrTLML17D5ffWe4fNmKhbpsL1MSJ
 ozPbsCIjeqKLXTTfmnKr3NbW5x0GOowKhz+egVbYrrACupjuo4T7rM6oYV/O38b0
 h+U2vL4KlqZFmZ0Dnn0GibSWnejwZT4ZF7VuuO3YCbLoFLgOOh4Fg3pGmYPxJpVy
 rTm7tpyMfhi1QAr0akuTVaV7A81frshPMw29JjUF3DARjaQL8FcPJf7sWGV1kIol
 6cAA/iwmXwJ+ZdXNz2Tj7axp17wl03HOOczG2HbXblajwSrjTllXzoj9T+ZViGe2
 XtrnNXAg4IkC7SU14ba3lIlxP3VX5e2kvlTHlTqRcZCnAz5+FNKe4KRDNkSdN1RE
 ljGL73m6LxFg0bA8wtwb/KkM3eS1YrxFccys3/GDLkU7wvfpuyprV7USHb9g02IE
 i2Xovs/ly4/omWjdj9kN/iVqZB26Pv9bFxClTiJD2sbvmz0Z3O3qBg6VEyyen1Ql
 agQ8QFJNklstQD+ZH354h1emKW3J/9DwGkxST+wqpPNjvJDU9nBWSbh/xFvspsBh
 aiUovcRg/mWVPPDYc5Lj0ct472HsRavlTTa7p0egzN+FF4Je34IGiRTz0A==
 -----END CERTIFICATE-----
--- a/zoom-proxy-common/overlay/etc/satosa/md-signer2.crt
+++ b/zoom-proxy-common/overlay/etc/satosa/md-signer2.crt
@ -0,0 +1,33 @@
 -----BEGIN CERTIFICATE-----
 MIIFyzCCA7OgAwIBAgIJAI9LJsUJXDMVMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
 BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEO
 MAwGA1UECgwFU1VORVQxDzANBgNVBAsMBlNXQU1JRDEkMCIGA1UEAwwbU1dBTUlE
 IG1ldGFkYXRhIHNpZ25lciB2Mi4wMB4XDTE2MTIwNjA5MjgyMFoXDTM2MTIwNjA5
 MjgyMFowfDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UE
 BwwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEPMA0GA1UECwwGU1dBTUlEMSQw
 IgYDVQQDDBtTV0FNSUQgbWV0YWRhdGEgc2lnbmVyIHYyLjAwggIiMA0GCSqGSIb3
 DQEBAQUAA4ICDwAwggIKAoICAQDQVw72PnIo9QIeV439kQnPcxZh/LddKw86eIU+
 nMfl4TpjSIyqTu4KJSnXbJyqXg+jQj3RzE9BUblpGrR7okmQwOh2nh+5A6SmyTOR
 p7VEVT/Zw0GNnQi9gAW7J8Cy+Gnok4LeILI5u43hPylNKAnvs1+bo0ZlbHM6U5jm
 6MlO+lrYA9dZzoPQqoCQbr3OweAaq5g8H54HuZacpYa3Q2GnUa4v+xywjntPdSQU
 RTAbWWyJl3cHctX5+8UnX8nGCaxoBZqNp9PcEopyYJX8O1nrLumBMqu9Uh6GW1nx
 OHfKDLvUoykG3Dm704ENVs88KaJXB1qQNsjdlm14UI9XCZbHfnFVnQ53ehsGFMha
 Bf/Abd6v2wnhBLH/RxEUlw347qSeokw+SdDTSdW8jOEBiSqP/8BUzpCcbGlgAsVO
 NKUS0K7IB2Bb79YYhyMvmJl24BGtkX+VM/mv47dxOtfzNFCMtUcJ2Dluv0xJG8xI
 ot7umx/kbMBLuq7WdWELZJrgpt2bb9sXtYBpuxtGCW5g7+U7MNN1aKCiCSfq09YH
 qu2DsU7HHAxEcGFXBiepBliCwZ24WLQh53bA3rihaln7SjdapT9VuSTpCvytb9RX
 rq39mVuHMXvWYOG20XTV0+8U2vnsjAwsy28xPAcrLWRWoZbRJ+RoGp6L3GACq+t+
 HPIukwIDAQABo1AwTjAdBgNVHQ4EFgQUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwHwYD
 VR0jBBgwFoAUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwDAYDVR0TBAUwAwEB/zANBgkq
 hkiG9w0BAQsFAAOCAgEAHviIAfS8viUN8Qk//U1p6Z1VK5718NeS7uqabug/SwhL
 Vxtg/0x9FPJYf05HXj4moAf2W1ZLnhr0pnEPGDbdHAgDC672fpaAV7DO95d7xubc
 rofR7Of2fehYSUZbXBWFiQ+xB5QfRsUFgB/qgHUolgn+4RXniiBYlWe6QJVncHx+
 FtxD+vh1l5rLNkJgJLw2Lt3pbemSxUvv0CJtnK4jt2y95GsWGu1uSsVLrs0PR1Lj
 kuxL6zZH4Pp9yjRDOUhbVYAnQ017mdcjvHYtp7c4GIWgyaBkDoMtU6fAt70QpeGj
 XhecXk7Llx+oYNdZn14ZdFPRGMyAESLrT4Zf9M7QS3ypnWn/Ux0SwKWbnPUeRVbO
 VZZ+M0jmdYK6o+UU5xH3peRWSJIjjRaKjbVlW5GgHwGFmQc/LN+va2jjThRsQWWt
 zEwObijedInQ6wfL/VzFAwlWWoDAzKK9qnK4Rf3ORKkvhKrUa//2OYnZD0kHtHiC
 OL+iFRLtJ/DQP5iZAF+M1Hta7acLmQ8v7Mn1ZR9lyDWzFx57VOKKtJ6RAmBvxOdP
 8cIgBNvLAEdXh2knOLqYU/CeaGkxTD7Y0SEKx6OxEEdafba//MBkVLt4bRoLXts6
 6JY25FqFh3eJZjR6h4W1NW8KnBWuy+ITGfXxoJSsX78/pwAY+v32jRxMZGUi1J4=
 -----END CERTIFICATE-----
--- a/zoom-proxy-common/overlay/etc/satosa/metadata.crt
+++ b/zoom-proxy-common/overlay/etc/satosa/metadata.crt
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE-----
 MIIFBzCCAu+gAwIBAgIJAO2iLzrmv26eMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
 BAMMD3NhdG9zYV9tZXRhZGF0YTAeFw0xNzA4MjkwODAxMjlaFw0yNzA4MjcwODAx
 MjlaMBoxGDAWBgNVBAMMD3NhdG9zYV9tZXRhZGF0YTCCAiIwDQYJKoZIhvcNAQEB
 BQADggIPADCCAgoCggIBAK8z4ImxS6seGpMECgEuRjQxsEzCSahfvaKe6cfFvvof
 1yPKzuBeBoDneQJWhH8L/DePZigNqit33PUJARrkgKbCGsdrElIg8zo2aSPohr3Q
 3WXXBRUZyBExEXd/uC3nBWeE1XoccwEOwqRmaP5g9ubH3fmVozM9qWVP4vG+XFRL
 b/XVh1k83V7UePHgIaaB2cbjjXwZBneUeTwf9GymTxpa0eJQjGqA0EvfWRTvGoop
 nMX6WrMdX2RuxA2Eb1gBbzdXnsWchDcQD5Z2NyWFvzxPBuLnxgxKlBC+rPr/J10w
 c9MO/jgq4VimmKWhTz1JwvcBSRmB47xWDmWzjBMOBFpEh9E2YgB2ugKyjvVRnRRF
 qoEoNcQvnC/5rChnh8QxxYDMePB8NYL5iwqwYOFqxcjj+dX/ZF9CmBMIP4EFqXr8
 SCdnzz+QAAoLbV6MTQ/Fx1KBPGSO4E1b2/xtJDqyK/qcwWmmcIOWfW75GZeMFZNz
 BauPaCfwmlCRqLel2EcPPhjJxgi45fEE7aEGA0HfDxqwVJwsNjD/SVp/cV2pYbvu
 t9iip6jmIriw+KsSpCvRrDWCUeMi9YgvuvJaJd+ZG+Ej7d4WALQQDleBEGNybqDw
 X7bJEv+BTxDioYb9onXBIZQYNqL69V29FMh8rUMTvKSC5xlFxmmG/XfyhRJItl/p
 AgMBAAGjUDBOMB0GA1UdDgQWBBS0yk9TqlMkPqWQU/a+6MNZRaNm5DAfBgNVHSME
 GDAWgBS0yk9TqlMkPqWQU/a+6MNZRaNm5DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
 DQEBCwUAA4ICAQA5H+B9bq7oQVMHvhyheNk46LKzgNgtktU026dyOGvUET1qdizk
 HNFTzVfSXVYPLItFDHypGlS38PkmSXSkoAnDC1mNWP73NzNTyTcx6wamjrIPk7w8
 tzN4ZGL3G8irbiUqZg0SCdS/UdAZarsJTF/UpyF+jHsMYtXXJ6mKHftm75F480ip
 gSuPXa/hFN5cj9EbQM9lm+Xfy+NjV4pM2JCWTGlzSrIxStk91oBn0T3EmCDmI+mG
 mfV8j+AzRMdK/+rLbTPBA1qRnlEt5PXuqPh9zEd1Ipw+yY4SqaXBZCOOpaH0k3l1
 7bhmnhuQutTvEZlmrtYfrL2+MRqmvNfbXyZWPKCw4+H66NUcVD6jpX0/5qomGQt8
 sHHR4igdjyDbrBbiU0AS4spgATDfK05NG/bCIcUGfUlYDYFCViJVbvUUVp7cGlI3
 Ptjv1TXtKOLgehFrbwGHHvzpCrpMjfzttlShqKw/7V30EhgKzXymMvqEGVbTjehh
 WoRodEqXKt34iVBEvKWdhSWHTkqTJDGb7ZEgOuQV7r7HPe2UHsYLxRXdArbTAcZg
 Ffmq5eZTK7ZNOSTX3sCg/a8pZFN/z14DFiSsdxErgnJlVCsjQrI51iB4QhMWlDHW
 3dmaODsyIoA5iaLPRPiFLyq1S1rclzj5dgW29vuLeHDNzZqLTtcdIfNUVg==
 -----END CERTIFICATE-----
--- a/zoomproxy-tug-prod-1.sunet.se/README
+++ b/zoomproxy-tug-prod-1.sunet.se/README
@ -0,0 +1,3 @@
 The system documentation is in the docs directory of the multiverse repository.
--- a/zoomproxy-tug-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml
+++ b/zoomproxy-tug-prod-1.sunet.se/overlay/etc/hiera/data/local.eyaml
@ -0,0 +1,273 @@
 ---
 satosa_state_encryption_key: ENC[PKCS7,MIIDAQYJKoZIhvcNAQcDoIIC8jCCAu4CAQAxggKJMIIChQIBADBtMFUxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxJjAkBgNVBAMMHXpvb21wcm94eS10dWctcHJvZC0xLnN1bmV0LnNlAhQlVkFyTlUMNrKBukxNRQxxhcb7DjANBgkqhkiG9w0BAQEFAASCAgBj6tSgefiuX1589cYpnvyWiWNKsQ7I1u52P3LqpK09jYyzM4XqbV+4y/he6iKyL/eN/MiutfKwB/S8xgCkt3RfxidRQe8vkzIUEyR2xyxJ60JSnUS0px5cBCEAean0pBFOn8aefEKldfW0jvgfmrvyCw/XIQFDvDaczGC8kk8OPeEktBCScOx0ZSgV7BsRUtaoK1PaCPi+ImtqXtTQj0x9n6w8BDmsaTzvIe0JAyWzqrv5bzbzcImC2GQvsMmotlBXsYiJfSxwpxzVcr2NQFVHAMa/kJhbfUryZAG2LGW/9jpDlhP7+1l9oCIx3p0d6wD/JxFwAW+TWPU5ATKG7AfZRCBfyHwfDap9iutinugRlTAI6j8G+WiWbPsHaCsH/YwIvlgbCEWU74LMNVRUdMNDswiDT0Wqfx9sO36QUnBhqy/BJAw+5s4DcxJoZ+pIuIOUGvYzO5B+OPOoEzeyHgdvIcwpRgfuOtaDhznWAOlMpsrlzWPPYAc+gRZBMpArzh701AqGIglIC32QnM5hU534V5cn2m6k/hFzCqK9PLxKnYhehgxG+mV3phO17LvZN6NPjgJ0xDmynsQAGy6gnouYF/CRjqsM//ykLwRyPlgvkrOhERneTzoPdtSZNxiiKm1reEIjT3/1iIalTYyYDhHAltnknnGfEOOAD2CDav7JXTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA6i4UWyv1ugJa+8VXP2TZegDCRojuFT7SI4e738McrBR/R+8h86F3+n4FqhBYyfNRlZiOkM4P2mi2e9aKvSlQUFCg=]
 satosa_user_id_hash_salt: ENC[PKCS7,MIIDAQYJKoZIhvcNAQcDoIIC8jCCAu4CAQAxggKJMIIChQIBADBtMFUxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxJjAkBgNVBAMMHXpvb21wcm94eS10dWctcHJvZC0xLnN1bmV0LnNlAhQlVkFyTlUMNrKBukxNRQxxhcb7DjANBgkqhkiG9w0BAQEFAASCAgChSY/gjCvaTVsn7MKW0jcyYfdkyF2m8MSCCZSKh67ect79ezgmjJ9PDVhA+ahox5IQ8fa0B2Zo5kcFCLawvxbTqqHcrYjL7gHH2zMIV8r6gqr358F3N4lnzgcAbAMTRJL/NLf4zHNsmACjRUXM6kGnqukBhHl9onc/TxXSGhN7O1BSAg97jAtnXMoxxiuz1mBmb+t9WL/Cg3Tk8/j3F5DCA2nEtd7iO3z53VBvohaJEyeqpoHTRS74SYojoKYyrFFx/Hjf7zoWt1J+iHatYIWYQV91ev57UvcVCb7iQlwOEtbXVXtRoPJyy0L2vpXivHPNeMoqOyYpHtDWFw5RCxrH7x9Lwplex0d9k6MHtoGr6CA0aNk4DdxgQMSqbbw0jFV4AsHV9eQ/WvZmhXwKU15yBzeS/hxW/8cwGAG4eO/SserSZ+tA5kCygGCxrXLIUmW7duJJfjOQnI5m3fS9RbXcpmmtGktxKI1zhCNSyJyQHkNeIB9oM0Q1VD8QfFG8HcrWg4C6tkCT0QTew/cFoL+UNhuThYBoBwccQ58rxLLfLTkDhR9LJeUiSqW96XH8PIUXVPwZrw3eHOgtGsXneDReGRrERH+/lJno0iAER+Zpz6+lEpeywG5c6GpSSPV1MdcE4fEEJj+itw+BgwrGrJurGmLXQ124U4IZvB027FLWpDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAFkiBfLOy6E9pQixCKu1pIgDCsJtZIlq0YYY45zFuh3pkVuVD2aYl2zOLOIE1umwFzhste9MA6bDjywWfEa9molao=]
 satosa_frontend_key: >
   ENC[PKCS7,MIIPhQYJKoZIhvcNAQcDoIIPdjCCD3ICAQAxggKJMIIChQIBAD
   BtMFUxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
   lBTUwxJjAkBgNVBAMMHXpvb21wcm94eS10dWctcHJvZC0xLnN1bmV0LnNlAh
   QlVkFyTlUMNrKBukxNRQxxhcb7DjANBgkqhkiG9w0BAQEFAASCAgAtkej8AE
   0Kj5bdiy9N42E4V/CozdnnLTQsiioJ9B9Zrn+Fi8m1rkNxrx6LSyI8+x7Nsh
   uK0bNi98tNpKinFnCEPj3oaQWEPTOIqKyvRGaUg+mRQHTrKnGufd7SGy8XHE
   6H1Z/6xEQFRZCe3/aTxbui8CQXyCTvNyHYg7MEQqO0vfttA1rysXUEJjyNWW
   qTADZ2FcxrYP4Bmc2cuYg9jNLyqU3xZ0ARC49ZS0tYqBSOHI/rMi/H8VzQPX
   PrAcFLiky9GIF0eLjEg52IQ8lcqS7umDpyIeJgbAbxtsnaE9UHrfUkwYXXHA
   nTHbzIiK3EiM+wsqkQxdrg3p6EbFQhzUud61X8StFMsKOwkk8zCPKKnYxXTh
   epXLv3diRfSCVN9HVSZGF8/mBa4plHSB9IjSzpQsPYGF+LrcydUY8Wf0toAz
   8ClCM/EaCSimkl7jpXsNLL2VWpYGPLBBryBhv4Ruo0qGOkRTIz/GaSz/pIfZ
   uwmjkmHOFqXJksn1VBlwAZzbF9FhLqV6Tt5qFgTWE5Da1+ypDdMsSnmeY5Um
   mSzcfGI/mw2ocNuNTf46AnK82rk5FQG0JOzcThJH7Vb83eLuzVQoLHD0oWXS
   7xfflRUQpI0B7nulWayEMjpTW7+E0AeJccgBjjvDPS/3dwdMm7lC/IBMUFCU
   /6cNcz4P6QKnsT5TCCDN4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEGHyWn
   yOlNclnnUQaVSq5N+Aggyw5J+XrLWKcPmG+OvLgnmuPjzzddTqC4n2h4sZ//
   aPedGTcFKrHBB90gHofae2zRrriMrvmmVrj4XrTcun0+gYKdBy27rD3BPS0k
   xIXYM8jMT6qvNN5VQDLRt+9ThT/qZKQvZPzu4+Ovsl7UF0SD6rqKHeT2ptJM
   ELgb9iwL+//O/xye99hGF8Z/aNj1zLJ7b9gzvHL4e20JNisSfawE/MRH7yS9
   6IPFTbG4pshk69ENvskBgggmiYw6V1jfRU9CPKHQwTlVwvUQWpZj1OeES6VT
   opUQHrGecGlDoOq4/wMWDb9t7+uxB7YrA9B/K3pduk9dwGLCdj3eoGC/JucY
   yFmaDK5R4xkmMcA6bUtk3uMVHZaMJLpkYU2w+Wlm9pbHF0GZHT0DrUz/TQ4D
   iQ1EusSycBvnnNlQf5jJsO5DGS4zxAUGJQghiWG7Akvsqo/Qx4D51monqlgK
   DBgyZaaEyiRsGZrG3skuFF/5OyWj5gzrLsHj+OZXW/L2IvIoXWyYYBhPIIc3
   vDy2scScdk2AvZDO+UFLpfNitX4OJd2g2xKVYzO95JaKZKpZuzTUIdPVc9fN
   M7H7rcH6+8/Z3EwIekFKbA0BMylJcRg814rH6uA1YqWmx8sJIMYs1OwiWd8u
   3FmOXK2btO4GdzAsQgo/bPrm8CN4taUqIhmFdWe+xP5Ei0Sq5cZfsRChznS+
   Yjpviyk8gz2OkyeqAVHgfTOn5ruFtb6cLt68FVCifqGsqDL+CyOLi1OfnT1p
   DmK/bcrPXswOj2pmIkuYlGU/Js8Z3ES8GZ0H2NcGcPbLG2HzTak6y5WSlrFr
   OLDPPyNxQ0jdV/I9Dii3sZtgem9AJRubedC/UyD5nnpbXbRwiZoGLUx1iZ4U
   dsoxGHiPcnF2cfZAdrkJY5MK5pZB/RG0ziFYcLo4Gy899T6LZlqR/qgtTNVv
   wBo9Y1wisdTZ410d0wLBAs/ffOD2374mVpqW5KisydC6HtzcZxxTP2kU6E/E
   tvqCO0LSsSbD68rymoZ5sNdsaHSfeaYVscZIZBAkVY2AqTGm2b1xwZh4Jq61
   fWhh8M4izk+N3h6zRXvsavMIz/NG8ubjnBq9MubA9Q8kCIOX7dF22IUyx8YI
   rKXT8qDrkswLCB5lSDBCRVm6gka62vQR2MIilamy/HYY50y5Txtkyu+dH18M
   iOatiu4ZU999goOWAhqSljqmzjJw4B73ZmHWQ/+ea9EePeceVoszE5rxkPsY
   vZoxBGOGVdhUiKQ7ad/GSvwrnQifp25MOYHlc9Z4e+hM2Yhk4htvEFsWzFUe
   qOMYBnm3SkSovSnADM3RmfpbWg7FNh0AEwHwVFSuqKQaLq1M3399dqDJffEo
   ocYG38cIghPmztKBW74D4b2Auv3T/qxoH5L0GEm9FFKLuS20gV1dEbuuhUw3
   KFMP6rYzUeW/osQMepT3HiWfQy8A/Tao6wJ80+axEJIWQ8SXaI6QbyXkCecY
   dIj5ibUqrc0BwA91XlVJoqQooLAlA8W6iiUAtZDoeqVSBZyJpX806bfD9wsV
   whw6hQJ6/IfT0XPH1a8qK9OTdCIGemQ3uqW4esYS1MSQO31o3Y/Op2S9Xtue
   SRUxmxCplj0r3xmqpraZ3rMJEJmC2GecLrDaUb2pcTheUWLf4CbyAdRuQhlZ
   wr1bevR1sGP5821dCQA/56WjwIj6WSDhb038PvIvGxkzIMUN3C29aCc5NQOq
   LSEniRN7YGTxnn0Ux8teHl+lKI4GimXErbUfstPdrKqbeUyKMjRLlUvx/5HI
   U/5X3puD+PW0ZP0OJjZ5Ucg2o85gGDuhW7Yr1UzM9akCBmHuBN4jbQgaYJ5o
   AuLULW//3GVIQWKMg1Q1v8YNkcoAzKAYNYjf18ZReNBb+2NdIiejZ4aKSl4t
   GKQV9igP1/hft/0WKZeMrim1Z3zultUn50aE9BPzvDvulRtB8rKktHmqO8CY
   QTUwTjPL6HAxyOSWh89la3iWxqXIuK3WI25UoEn9VS+MDzoKo521SeIkDyN0
   8HvfoWr2Ti1q1kdQVCfR8FP2TZ515y7MqZFIa/qcleLPOvwFli4bj6B5cA94
   yo3UaWihLGpGKz+5EHrhUEic7hv8mPyqzvM+J7POVECiS/s5sFdGY4tNFXyE
   bxsWZn914Q8JG2TO2jNklvAbU6qdgzNjK/fsVKjSc1CkU36u6Gc96Dmyige+
   ejLaIXY/gsq2mrLKeJtSqPNurdi8Bida4zchqXnd2VgsiIl0oS7UYXB3GKrZ
   3LP1QFY/r/+5q1W1u9QSBUcDoeOMj/Tz/WYyOumiclFSFt2lrEU9BqITAxzj
   KV4byUMkSmq6ZJkzjKEuhveZTCdtJ4aNoUhQ5n0jVK377VQkZSDyxTjSWKga
   mWKIdjYdyUVUsgVs+B2GtXi1AM5jVWFM5qD1X8PvqRFUyS2XAET/zALszQyt
   DC9HvGkQebXdlBUxMxOUp0HooFYiBbCMQ/c6c8CAEZpiZqZYUFPcTBGl0Is2
   1t2kkf5kYCej6/wMivfoYPYTbJaqmXwuoVctGT6PXXBKzcXtjg8xxVeyCnCL
   H8vpPiVAFzXiMJwo9KnCWWkKsJboW/ewwk9h1DK46wCBlxdT3tcnMTd88nJz
   IzzZ6mfn7/oNiapXD9srDMTJaSwruqriMKzBv5EwJoh+w4aLZy6x6G5+6foF
   7CqixyKKGLBpIRZFHkBhLjyIr7Xt1KpJ92gQCTPyJJktPHJamIxTb9VR0CU8
   wUVoyR/7VS8hfhC3k7gQIO/4cN9PAvEIz6t6ljZF0TJCjbmO7dG9V52K5q3L
   wHVtr20X1GEldpKVSszhz8SVRNSuctxkQ/bDW0nlLqnVsO6JSdg5pTr7CwcU
   3KT2yqldJcatoQbGJllC7Es77HT1Qw46MDxmbp/e/4oW6cf7rNXHMfCDO3c9
   a3Tf7moSd/UivX37LbExBEu1q2M8wun2IA0RruTNnOknQVS0DCpNCqCmT5ey
   OuQ5f4tI+uERykruyAm0uB1pCPVVYc7r7RwfA2TfwbqG9KWV+yoJJILoVw7H
   ZbMmONHjeL9lOhOdMqjQea63w1jOS6DPbL9xHyruXYSoq6hwDFS8Jep5VKEE
   rz75aZDVB1aneXjQJ/nvTLMuYZRQjGEsPZPuQyktp8ZSiMJvhLVElkJb3rBu
   ZRiudHOuzwCEBjHNDK1soufQqh14E1DY038Md9mNy4uxxSKEKbb+g3unIOb1
   B6STIx5AY/2kYnAavKp3TamGCzdzhGRj0Z4n79NfCmLQI2plkPhusYIFC05f
   EkG2R1CQhEThk6hT1mUeu2+toZTqathaMFGtzoWQ2ykTsv4ZJHK0wYRYhYr7
   +V1vMREyjkkWvVYjtHE11pR1/9X8x3Qm3CXa0J+mU8jM4dw81sjMtxrx893a
   f4C3EnXylh2awN0rTEyhyESIVJJT11OAGZzQ76Tfsj55/RS+cTFSZjYjPG1B
   mGQnTMXHiUgUFuqjkIXTnfLzKGtqeuNJ8hA3Y8T93bj5KfDTgWvPjsPwy5/Z
   qG5NzMS+SqCsor8COtK/CPr067HvQ/OjSWU34FrTCwdQX8kvsF6mGmnrz04t
   nr2vDpy0LbEezOTL+Hv4KVQtFIvulcw7cnb7sIxAtbmpNOmvrwzZI8WFgERS
   NM2etYyVzJa4N+e55223iscNYPsSe9UmRSw56w6QT1Drv12mT0ihO2QffgHo
   JBXa/pZevfmLWh10IbA6bsfTJhikMDX+BrvYYpoUPl7bZ7mfwNhBNKLUlA5f
   0t1OpMh5LiSKBIBtjMXAgpjkLcl6fow8O4eAhirsY10jmrUYOsyV2Wre2/yi
   UKMdLQNC7g96jea4jU5OuAKBUfz7WyQ3ZwGKddCgHeWQxQwwokk5a/VPao6S
   Tbe+O4rc2eXGieAq2IiSoKXqIo0tYVQ61gBq35EYFwfG8Amp3sCUWHvKGvB0
   MvYQ19NJ9O7fT21EiqPeogmlgNGzsSrwD426npWx9SF+qRuHQ6+1iiU2YVJr
   kCexkRtUyNFe78p+Le5+fNRQCheh7TabY9YZ0E3P1/vcG2T/g1YzP1IoOPoj
   eLuAVCMyVQbTDZcCSnSrGukrJw5EPuSgUN4SAv6POLeb/jJ/upXdl9c11i4H
   VwxGjg7azT900Knnza8BPyj5jRheF0Rj6q/QDM5MZNp4c80j03dHsAT7Va7N
   V8h/h8lzDGHePh3Qnei1bJvuKdy/IjV6HW/Mg2uisviXAUK6dz3Ut0cr0gxn
   jsPwjtckiTcINRecmWoTB1IRSG1CnP2RVKKJ0kIzQUE8Dc2k7MZadN/vYrk8
   6SzqMOx3wWiYTLSw41Yke6rBEfUxisJd4=]
 satosa_backend_key: >
   ENC[PKCS7,MIIPhQYJKoZIhvcNAQcDoIIPdjCCD3ICAQAxggKJMIIChQIBAD
   BtMFUxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
   lBTUwxJjAkBgNVBAMMHXpvb21wcm94eS10dWctcHJvZC0xLnN1bmV0LnNlAh
   QlVkFyTlUMNrKBukxNRQxxhcb7DjANBgkqhkiG9w0BAQEFAASCAgDZywAuKW
   y1j2YGzIKs9DOCYAmrtJLCRhqMfcqiBB2mhiWu9PlUAcv/cww1l16X6nDsvh
   o1xul8ymflCYEmOz52Wpej3U0hB147EA7EnmGpYw5MqbQilf/HKof/Wy1LJ6
   C1OgZwtDCcbOpBLxcKv2o/Mm1bQaG4u8XgE6xkJu8OGYacn2S5dlmZGqv4Oe
   bf8pcZytiQa31ImF4ne0+YzR5bEADUgwGMIUyglqgxrvkZPQgt4zVTXRcfJx
   7snX0OpfdgsLO8mfcOnDMLZZ7Vp1XjUu8uWKJG2hroPU5BChCd1hsdixCwgk
   QcSta/V5Cd+fMN+V4TNODzow2uFvisd+k6fEfN0hoMIN32lxGqbtWN2oikLn
   YuUYBUbFKF5k4Ue5YgllEUvOGxlxedhmzeV8ALuLgf5/tkA1eqdrUY4OBpwL
   kxZxCbt2L/Xa4cJyOsYiiZzbMKglhY0uAj+035bM+h/SBjM0AmlpvZgbB094
   Gw366Agncv2F5EFbQT4y3aO2Ik2hNLWnyR3HGWdvzRMNCbr69CetIcfOtJ0L
   myn7IIDPiMyrPtP874Kt/ftM9l50Z43JrKeOyaLVPC8nmA+Mpb3/HBwdrQOk
   vDd3CQ6akHA5IXR5Xck5j6Fb2IRT5MfwjvHHpacKKQbaln5rXc8GTBQiKcaa
   uLrbK8THQiLLEykzCCDN4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEN7/gC
   o1SRjm9LeZbpMS+ZqAggywmmSPpD5rSTOPMb2W129lyyx/6ZVIDeFOyGkJLx
   3ZDc7TLdjYbp+0UJ2Ami1CR8SlZQDIytWwWlZmYi6t2G6tqGb01U9DN8SANU
   yeGpUuZb4KefNttlrtsqelXNP2haynzbWSdRtsDtAcjJzb8+4JKMyNBABF5t
   ya6bPv0K8wCy+Co0Lj5Udq703QsDFsNDSsq8sE0mTlAy5b4Pfz5tbd0CMi8P
   9WYMT+V0DjhxeYTjQ2jHYXmL34D7OoeiszLxWDh3+yKJ8JfRO4eVvpuGu8dQ
   0GfCA3GtaV8Z0JOTifV80Vm4midlV3Qs1QdT2d8Zr4TiPLTBGTaSDSVE4vqp
   Z6cvKfgoRXx9/081J6L/+EB6KivjwmdpQGcaYK8pgJmLEUEY3h057hZYkJlP
   nLMHDX2L8jLValDFpPkyLXJYNl8DkMEJPbkZf7q9/JFiYgrnRjkcmAAY2ALq
   8wrhhfL2w3fDtWfUXM3rHPAGxCz/jkbOnIV5eBNneeKrV+ZePMpRbWLC7c1c
   RhFcZ0HHIx7aAaewJsMyI/EdWilyTF1KZBN3QWiSUZiUpaCfPqQsDypeP8Wo
   JPc8RWW+uJ4Ly1L/BOhVkAKPwENo+y8S8LCwwd1RdSs4iPtGzL8MU3JwNFne
   MLeNu/5iRavHoTcXMtBPsOSBOIt12/1XNkr0rCGsqRkI/ByJ+hb+YL53jEq3
   NJNXFO/g15eaYwpoU09fG3PQ3Vb3XoDLRXRfGk27sF97pTJSbKMcy2+/ODia
   FsIPRqNT9tDNb8EcxNW7Hun4CXmx5ijwPzPUNvgLyW4CMqIboFC1Pu0faDkP
   tv1W4bmAr19WXvAvBBwe0+/l39uWo3FX+7Gr+w5fxdr/luVaP3UAJqq5bcv6
   x4VMAKJTh9fzMfNZ28y4Pj9umsPwlBKJSaQteEECWn4y0SW0nBlAYGnSghCD
   ycUyQm8xkvF5xmVBxL/ACnAZxYc+uN4xbpGga46IOB9bg/sMZ6xxtKJG4Zhm
   yfTB4pN66E3BdHeq0GWSwNaD3vXS4h7s4D6SVqS7d1Nzq9b/x6o0VD+v5r13
   DrRcEyKQWQa7ARDYEHx04R1++2aaa8aXIyQAgQqj7HTpiXN6jdonkLtlVpxZ
   vakTr0PRkuq/j5s8JHHSFcpkO57lhUoYtGom5uBCX72YNhKeTJmdGUQbzfyu
   WBXWSGCbdJJueuJq0/InD+I7jqf+3w0vK2DGGtQ/U6iPEVM8LJmcl6pHgMQG
   6DCUknOIIM6ha93Pt24dNnfOShQIAaq0HbT9BLu31wmWg1fswTWKL2XHUTDz
   kY5R8C99X1hKiOPsxsdeFuzVM+YLWaQalBfwRgF4TB2d4zUeaURii/365+pQ
   HxevPrRZAXjiGABTnLIGOaxk78MVQWBpfmW4VlnX/gOOBICpq8CE2LmkWBw8
   LVOu1L7iVBuYkfKVFL6lcsNQWNS2NfuphOS2dTfvmYyHKGNGxxzgLhjsxV9m
   kJK4ZYfMBEAqtcLFQ8fENW9J0CO+iJfmw1K2pGp1c90g7xNzKKI0EMPxed8W
   hxn4Hfa8968wkCP7wBeNP/Zh+lDbo1D8buNeeu0W6lHcXQAvqpGptazRz29E
   CDzmop6wrfJNChDfk2baeo83joBVPK+iOHGwTZhCwpGLBL2KDzXzRSdTOxC/
   /VWFb2iIsufy6/8V58wA1GbfIUImnW10+4RXOxiS3UQDf41qNoedEVrokeII
   xiRonHslOS77PQxrkGOAlK2g1EKCFBAfgddQCDAJpE4okD2k04MQYgA1XXfo
   CcfCFlCA9PuFlI6eZzZH1ZKVHn8e2Oj25hLiRrUAWkP4S3VBaiGT5R9SL1YR
   tojVJo0veYuAqNwlPXw6alljoGb+3SQPlBjt5cTGEjdoxJPF+pMsBKHT6nKD
   5FZ8lHT/86ERWgIz5Esn6u3K3qY1GIc9c/19iwyObjxS52iqGOuwcJuufJea
   lHO/B5d6TSKbYVfVieUEJeuuo5K41icZvKrxLGx4hjLNXi8LGVy+We2WPF2L
   u4boXWB4wC7W1GaSR6Wjh5HMlUztgJ6hJpZClflH94EE85/OswinQ4Xnd4b8
   lL95kVIaKoU6pIfUWBVfUnaqKRr2T1L/9a7xAZHjLlFfvRqoN/68uur9q6oh
   RmbmoAOmv5m63LfhMUJEWzPBUtrJVX34TNEU2KmTlG7TDsRLwffuWhslaq7F
   bKwIK+RsAXzYMGhQmUHHLr2FusvsPCc0WPTW+jXNW7U2nT8fjvOoiZqzKBIj
   kSYUe+eWSzG4cpB3egmg8ZnWpblengdzFKZ9uv+TOK1+TJQU/UjO7gMH1nf6
   ft41gs+MnzxBASOHcB2D1arxDcDH88G4aSFLelVSAP59miqt1Uchu/1nQ8aD
   EOLv8TpZuBybIw8djIjESeFMHC4X6vvNyEL6SJGVuwxXl+MKwjlG8B1f90V+
   MsOuOCRuydW8LcSEF/zqkP56OnIv3oPBkI2STODLYnujQAQn4I1hDFfjGLJ4
   UJEmhw6WW6KFb32OCO2g+KqNJlPC0raqNaDpspthYBaQ4voo//pGpO1gW/Ab
   l/vZygt358vsIVC0CDpyQvOFP30aymlcGgGhHxyDJkadkXGOj20cVFTZmVNG
   E4DmAROoOXLumxEtXCgBVcBrFM5BOFnU7WGilWatqLrVuxqh8p4OYR7S+nlw
   UhwYYjw7g29e1XGuPrdxDU364+V9WIMQSrD3H06tWVYmWjW6weJtXhR80Qou
   90tLiN+XfgNR4lMT2hfykoOIF4FCtW0sXjsH/lft4421leFIdavj72J+MhJm
   ItD8iT4+AvOpJviFJJhJdk21RHEMCfbpPvJCeza9Jh6z5AWJFPATfugX6yfW
   IXPXJpp/smFlHv93tAIqwLhOoNWWV9U1r+qyO2ai7Oki0zKnSzEsO+N+nBbw
   P2QsVkbYLzCdT5+3XZEy99HdcWdUCgomzN45amXamnd4zKLnBGdi2LqzWiqk
   tC96n4LJtXhlCaEPFaSicegXQQxyx9uDa1JxCls8jppYKdiUJHSL83IpnkvL
   zBRBT/xqQT0spr3uZTbFkn0azigzAjtLG8q8Uk1uaiWtB/E5ME4API34NKuS
   yymwpfuftFppq2Hssrh2tufKaNmYYgwYWZfts/Yabih4UAXtDjwrcQGOBUaf
   896h2T/5snp5jrvP7KNnRO11m2LZ8wf4zuVK8prD0Cb/u306BRB52Lvg5Ps5
   jbQB+3u6TkPrnHbExTh5BOV+cVAy5kUL7abPv25vJK1Seo8ikVFUnlxMqtmR
   dxCWnSJsaHL6PJ9uAuKKQbP8cq9iwkhvE4v0tltCe8XacqsrVZJ71zs7IyH+
   LB1aBRLq86nYqCpmVuvdEYwrM34NqjwNqzEXIobqa8WuQPpbSYsiaUb1jsHT
   FCVI6+wz4izj+/3aYiDqi/YEqZVqsBaYCv8VkBQRk5kbffP/Vq+j67fFBfxL
   1G9Ncrdji+K2c7vc32Ahh3FLFQMORYLoFwv4XLEh8/2ylWsObYxLaAcg5NyD
   nh9bxKcjGwmr1lQv+nMebA3mENtfLNTIrZW5cPECwTJI5qBLd+Hb9XT8fbLQ
   H3FCbCWEZbozaWupFAO1gzjpqQ3Assb3NVSxLLhZf/3+gjmGpSHY4VRB3m4s
   HPlfwh9q9f3ZqBhvhmgEIRGUpFNiUAq6ucT3vdlMjgxn2qI9z/JCNyfskBMx
   xOvkDX3bhlKwsgiwfgmfhUFg8pQqTL4OJ2INOFLKy5huQHKObgX/Z1C+0g7y
   99RO+dzX2t1LcTlU/UJYDuOJDLNYkCpbJcqgWo0lPRY+9f1ZpfAryi7yVBlu
   kPR7RKF5nR1RcoQkfAy6H43jkZi65vCos7YxWjzZai3H3wAxA/uHGjlFcRcE
   VbtVqcKvdQcDcfkrMBJeHvK9OntlZhM+dLS3S2II+lSXQlH0Uyzy02vv0Wjy
   HXZ9fbqKPEIYiR8jZmq4J6gohPeuvFMOaUIR8P+L/KRhznvalKGVN2QTLYdq
   tFMHGyEN7MiE+AlsVbCb1zc99La1pI2FD4rKplUai2T6koyvfuGN+/LO3vqq
   kvtIhm4ZGYeauQRZWC+LqpbOt8Q1zoi2rvGNequKczfNPhlg8Q1yX/YhznY5
   HFTMYsLoOzr7j/wHHTp+EpXknNhr/UEaZyD8lBuLM/6A5fXdZRt+M/BTk/tL
   NY0Ziww+Ftgz9Nh6JIQ9rz2g3MI4N8ACzgccfbQ4DW0zuEK53TN3eNRexGTm
   aeiBw1WaxYVT/QRdqgLeFwApjoWe68butqplXoH9cpXDOC+9GdpZjrL0gqCP
   DvKDjSevlRkdPtEIOJhgSb3DWpHXYITZw=]
 satosa_metadata_key: >
   ENC[PKCS7,MIIPhQYJKoZIhvcNAQcDoIIPdjCCD3ICAQAxggKJMIIChQIBAD
   BtMFUxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
   lBTUwxJjAkBgNVBAMMHXpvb21wcm94eS10dWctcHJvZC0xLnN1bmV0LnNlAh
   QlVkFyTlUMNrKBukxNRQxxhcb7DjANBgkqhkiG9w0BAQEFAASCAgAqboyeHi
   Tal0noNvyjBvtTyMerdSZhIJivXp0cwcB0hVrfgDEH1mcrSrEaQKf480sszI
   JC55QxC9DPxmt46rzuFvKHJ+52wEA/kpgjRA+2r1+rjuORgpJPZe28E+zylT
   bqknkMLSOzTjL+i2eDBVzUDb0Td8mzvhIiyyefO10XrshFPwiT60yXc8kB3G
   ggE4kQQ9KIB27GTLwR5eYtBjiUQFHrlVx/ZhjwCHpVgIdOt1zqpJooGdzrio
   oWJLRfzS/zsTe5RAT6f9HSqS7r6rZr0tuJqMyRQZlU3S14KvSMcnetKETbuI
   tccb3ETPEw5PzMU2oM8h+flwfZa3twf6x11Nz3RB2LwZnoH36bU1Vzaj/rkT
   ITbb2eYbPGoMgx8FOSRi0Mp7TJXJTEDv0GOyqD7m77GDpJK0WuOxAf+60Ndw
   pSPVtfR0XvZUiRP7mGLFP3ei8J3GItDwOgJxdmTk9sy25eyrA0UKrx/wzHLM
   biNKSwQyGDNo7/AxyWi35tkJuRJN/IAe8XC0iQhzu4icTJxBcYTJNoQ3Hoxf
   NJi264WK9Yg2IzyZxfPfUUhsKKqdwt7Mclv0VZo7tpQRpXdxTOeYoMJsfRPg
   yHYH6zbsHjOvbcGIKcwdPCQL0DYUsnlfLQbx+u/qY/9A9v+B5ztqBScGaTIG
   g1RyA2PuxPhkE+QjCCDN4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEFF4si
   PR3WIUlHf36PfNg2eAggywx0OIYt5cZnUQS1rN9eOAYwNnwpECi0Q/w9NhKO
   wjtsnBWRDxv3/TwWN59b+QN4xdFV6K8LXL4e3MGz7O+uoKQNf+KHY9dRoToC
   Eg3ZB9GftVg6jMQ5zdJHW/hMOYa5vn56w85RSrP9876SmnlpiBMW6t1jHuLX
   oGGx5qmQnP6ZfuPnF84BKxfKJReBGJxtErO1EChRa4cQh+beFv65M892V5Zc
   xePgsPnSCFoXJ6JnPe1xhe0qv8nLTPuyv0TWd79dhRhCj+iP4YKMW0UfcT0C
   qOzjb3kP1hnocewLlDXsLk0Y1azG3p+4JgW1n5M2zr5AFlpi4r0kDK+HgmwM
   tGYLNgbEK+xYAX1lJtft7RNbxHgeF6EHyuaRSZ7FYOJN7+CihfiHkLztsWFx
   q+EO2STyj5D50xq+R/7OSUpHjlQUnLiu5Xg61vgDCGlphTMi0uUKLH5ShQVq
   JHv7CoGhG/PnEppwZ2gBmcIhQo48GsM2n2H1rxC8hVZgaUfjHBz7OhqBibzw
   fTuO5+k4n6wumNTWiSvsUzQKIs6F03ZkQaSFa95RCt6GDYWXV2CvUG8c1832
   pByxsQs+XQyFo3XTt5tF6/Hr1xVr9QUUJeo3u3xKOR6bm77HCedDlfRujfpU
   WQuSEE/OSTgE+pIDrPynexm4vaSfNFLR0k5Pph28AbzQfgkIjWqbRWRfyJ3t
   wGPGlBPPkuEI2Jkc4ZurelNaf0fiLI6TOeMRkh4Ew71SnqlugN2hmQ6/4LW0
   1xHIqj1pMcx/9PYQdwsTH3OghL5at42uxtPm1leqYNucHO3uO8P08/ccvo0O
   Ca5M4VBKtCDXYs9BqaOUURHrbNXQ+biyAso29LbahLs7s747kfgYdz/ndnq+
   6VhUx/ErPiABsyivH3hSdj88lJ6jf2qAfCygEJuYtOg2m9LBgLtpd24/G1/S
   ssJb+VmcUj4X8UiHq7QZ7M/7xW4fnz3gPr0t3QpZwsKGhps6TA0s3FhEHE1i
   gJ2mxg3SAWKSqX7y9AujyzIw4CMUymPHXdzvW4Vb1xLThauyvEf3RkIOrmhV
   2to69rilU1tL3hDZu5uCbVcWp55WY2JJvuLZRQyJlBFMZPb7HoMLTySl0zQK
   zbdBdd1Cpd6VW6+QT/lToS/ySffbU8lgJKD6n7S1VBqDLoY1KrNel7gePlkX
   mJ1GLoWb3R17hDCa5aaKaslpwSN8Jj51rgvo5RDcmBUp+7fP4foWpBy4wQ8z
   hG74xD7ecsVPM8Lqh0PtRtbaEYQ2BOU1dEvsXwVokKZeJ+BSR87biz2Sg11k
   1ydg33j3QtDRMRm2mssWwcbBugBzQoPaOC5g7oFAJAenfPS78fmw8GM19Ssc
   raiq66l2pEu9e14XQDwmBKFJCfu7DZGhwoGlllqdoG7gdcuOWdeauZCyZD5i
   LFFsRpQXq1syAdy5yVAaumT+fO7DcbiKb4lPMjxlThs0ffz6rU9tGRGSXh3P
   LXbesPSfXuRfbHG0/ORIypzjANQO7lGv+cMQrKZwIk+dI+X3ZFwuA8YDiQIg
   QHUk9rXpmocG5Ua9ZROmL3pe6bPo80tkGRVoARQpxJG53GB951EosX0I/QME
   HPf0F9kDEkPnHb/JdfsV1WDnjFVPvzXMF1CHOzwPY3O0B3ih/4EV2FU3CnDo
   zaYZhAlhdW2gMF0S8ysbzEWqWTH3GZ6/6q9P48K7sthMBLQrNHE4YtolXfUR
   IzkblBGzUV/LSzXEenh1g598q2pkDDtJyI0B7GRGo+KzvK2PFqkWKMZ6EdUU
   Xc+pJ2AjhWhIIvbiRrDRsUtKj7hEeU/odefbkQ4r0RDITcrbnTNJTidNt5pU
   HB5kgy9VpwwB8l6g0YEulPtYezhNR+vgoF86FN1p9lc1+/u5uAhHMXPgfc6K
   wq/IiFrl6MNUTHu9CLISgZRfxcs2+xlVoOl4l/KXL8Xp8pYcSUuUfinBDWIf
   d0DUVyrobBVEZ1+cUTunsRzu1zIGMC0S8BZ4t1Uxet54CjxKpq7ix37LzfJw
   aTlxftGr1noeVio53kO5/9dU2FgoQAznq1bx/8xftO8g3Wqtvluo+MsvEyJU
   8pRmq6sNVYZMLVTFtloyAG7vKeq18pWYE2esDmV3N7zW6dSL25EjetTbSYVM
   VN8VNWtah6jNA+lmOiC4hdJRkc+d32PZbFsLkPQAghOpWSsY/z2J0bizyIe7
   kvYzQLGIMgtXw6lywpt7gaB10Ur3lN8dYqP1NourBtaYdOYxIhN4FzuVWrfG
   vjh9sWfu0B4dlg/zMoupdz1/JeDCIWiFD2sSMxF/xgNL8cGiDh/F558o2ARZ
   A+i1Bqsc8stVuS+xbQdK/pjt/aBuohpjg66s5P/5mwdSymFA3O5asovxiUw9
   XI+1+RWUjbCfijcxJiS+vhgrKqHoKfH0mxxcF8vOrMgJf0Swelubg8mwg3j7
   M9SHgKsK7SL62B1xL2igO8GTDBUpzWm6BKt+/j9Hn8iUoFmPxqFB0NDRPk36
   haGVRfsPMKQ2Cu+4pg+eEJeXfJKCCEDHowsFJ/gPQefnXCIQzNnZaEMX7yxZ
   Djam3MI4p/x7ZRQ8GXZsqLdO16tE2qh6w7j5CHUStaI3lDhe6QcZFRGI8MOP
   kfxbRFoCNxGeg4xnNviZUgzGhO71Pt9e54PTalDG86Tbsqoohh2jMGBWtu6f
   0Oa5Iiy+LWBqmFm7OP/nIhaXsKv6DSu+7stE98PYauAbO4V/0Ih/du9i/lOZ
   1J98huxpF3lUIQSZtNp017q+/ZhsA/b4G4/TRfPyrvIS5i9S/o91XS0vh1d0
   M4lfku2T3oyHcYAoT5T1bUyJzJHF3dumbiWHC6CXNMYVneXsJ2KfQjc8uEzh
   5isvbN82xIcogvYa++TXlwcNdkuJMVHpxRmLbmysA44bPxKWcwTH9KZMFgzQ
   pJ3Du6a7gSy+zJaEEnbcjUqjtqQ5EZ4HnJxNnxrDbZtQftK8gwFGT7Gt58Vt
   oK3cSEjSMkKE0dUVVhBj6z55+x2HMXaS07CqHbdMKQuTBhDd/cT1CkK2x81N
   MiAdCGzI6+1PtYrXtlZ0sEeRxe43CrImeiWJ334WB1wzFjUPf+Yd62wjJq4I
   HqwKwiusl9subdFY/M4DDr3JDTVSyDwPDIum7F3E4+xM0j30g5GiHQgFNbgv
   CtVKdk6Uobv1AL9mdELJCEBSqpJdY+mRZSI0XlShr0fgVPSf83ghyi/1+xfa
   3u4gXcCzZEU8r2I5cIEKz77BEjywVm5U4O9OnsjTsYQGku/+5/7sgivDKWGY
   R0SxbqHWtWBKgDRkDVmiHh/pkZ/BiSUszi96U7kQ65Gyscu2rQegUDNijG45
   xvtLi9yJmUF+gPqAU3RatZJuPRaDjMlVLSOF/eq+0A21QGpW55+PPqYgJii9
   mTEtJErrifB5935PltS02HeSSoLR8K/TfZAgvf6J1Svh1CfoMKbwy/4DQpgH
   ifgrqb0wJnKztnAYYCXORqw8cN4PsfPq9eHv9DeTumIKVVYRoI6oTbawWU40
   jzEmQhPkzgyKp1Z/ZM5Y1DKsA4Jv4gQ1HBrRAIvf3Op29HuQquWorEDO1yjF
   HlmgwrMl9CidoeGZj/fdIE+n0hYSryx+D8aAdLkvySwzmDiOWEIElZRNxQj0
   h6oapkABWgEUOpQGIudRwYoKS4SHVjUdhO51oovU1p2PB2AvwEQUkvJzGyZL
   0/4gwnV9GxuReaPhY+dqFZR6HLtakulyLrrLviiOyLihozv1zeXxd6tk2MhQ
   yVkd5kIvB1vWXuKq66ze052bkEHdQWBy6d8lFEfJhynov9j3EjbvrvQuLla3
   a51Oh1Lpb9cy6SiDDS/39p7/y27zb+JBz96EkE/Nfak4wetvuRj8dO1dUKu4
   78IAzYo6DLUBt6isxuzsJrYDu2pN9WVaqM8MB02e1BZDHXaRlO0JGDR2FMEl
   kgnGaalkxFGSuVHKGP8meDbsmvH43tk9x1ShZI3Xicai0cgGWZ+0+joL7rI0
   zjTzcOmuI10CbC+bCbyoq1FTzgcGxFjpDhYQrNwnqM7yn0hMNzMZHGtmMRTx
   PmtDMaPlrWaY+vokkjj4jh68RrLZovWegdmRf/gxs++5KUvViClx0QJmi+75
   97dI3d2z74KZfXpBOReWret0FwlhoMLJwdQzSIEDvlSr9dPcc0AfMefQgpsl
   Lurc0T3N7nLceHZTbCIurNg0h+PcXurhSYdflxklzC1hmaZwQX2dAw8Og3O9
   kpSRgns0pgQpOEyE6osyTd2t5uhT+ed3oT1bfDqbj32dhDE1y57Wiy3Ss1As
   dioQgWAd0t6MMTuRNp3uMYpMfGHVfpMoc=]
--- a/zoomproxy-tug-prod-1.sunet.se/overlay/etc/hiera/data/local.yaml
+++ b/zoomproxy-tug-prod-1.sunet.se/overlay/etc/hiera/data/local.yaml
@ -0,0 +1,189 @@
 ---
 satosa_config:
   saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml"
   saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml"
   generated_attributes: "/etc/satosa/plugins/generated_attributes.yaml"
   internal_attributes: "/etc/satosa/internal_attributes.yaml"
   attribute_authorization: "/etc/satosa/plugins/attribute_authorization.yaml"
   attribute_filter: "/etc/satosa/plugins/attribute_filter.yaml"
   healthcheck: "/etc/satosa/plugins/healthcheck.yaml"
 generated_attributes:
   module: satosa.micro_services.attribute_generation.AddSyntheticAttributes
   plugin: AddSyntheticAttributes
   name: AddSyntheticAttributes
   config:
      synthetic_attributes:
         default:
            default:
               schachomeorganization: "{{edupersonprincipalname.scope}}"
 attribute_authorization:
   module: satosa.micro_services.attribute_authorization.AttributeAuthorization
   plugin: AttributeAuthorization
   name: AttributeAuthorization
   config:
      force_attributes_presence_on_allow: true
      attribute_allow:
         default:
            default:
               edupersonscopedaffiliation:
                  - "^(member|employee)@sunet.se$"
 attribute_filter:
   module: satosa.micro_services.attribute_modifications.FilterAttributeValues
   name: AttributeFilter
   config:
      attribute_filters:
         default:
            default:
               edupersonscopedaffiliation: "^(member|employee|student)@"
 internal_attributes:
   attributes:
      displayname:
         saml: [displayName]
         adfs: [displayName]
      commonname:
         saml: [cn]
         adfs: [displayName]
      givenname:
         saml: [givenName]
         adfs: [givenName]
      surname:
        saml: [sn]
        adfs: [sn]
      mail:
        saml: [mail]
        adfs: [mail]
      edupersonprincipalname:
        saml: [eduPersonPrincipalName]
        adfs: [eduPersonPrincipalName]
      edupersonscopedaffiliation:
        saml: [eduPersonScopedAffiliation]
        adfs: [eduPersonScopedAffiliation]
      noredupersonnin:
        saml: [norEduPersonNIN]
        adfs: [norEduPersonNIN]
      edupersonentitlement:
        saml: [eduPersonEntitlement]
        adfs: [eduPersonEntitlement]
      schachomeorganization:
        saml: [schacHomeOrganization]
      schachomeorganizationtype:
        saml: [schacHomeOrganizationType]
      organizationname:
        saml: [ou]
      noreduorgacronym:
        saml: [norEduOrgAcronym]
      countryname:
        saml: [c]
      friendlycountryname:
        saml: [co]
      edupersontargetedid:
        saml: [eduPersonTargetedID]
   user_id_to_attr: edupersontargetedid
 healthcheck:
   module: swamid_plugins.healthcheck.HealthCheck
   name: HealthCheck
 satosa_proxy_conf:
   BASE: https://zoom-saas-idp-proxy.sunet.se
   INTERNAL_ATTRIBUTES: "internal_attributes.yaml"
   BACKEND_MODULES:
      - "plugins/saml2_backend.yaml"
   FRONTEND_MODULES:
      - "plugins/saml2_frontend.yaml"
   MICRO_SERVICES:
      - "plugins/generated_attributes.yaml"
      - "plugins/attribute_authorization.yaml"
      - "plugins/attribute_filter.yaml"
      - "plugins/healthcheck.yaml"
   LOGGING:
     version: 1
     formatters:
        default:
           format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s"
     handlers:
        console:
           class: logging.StreamHandler
           level: DEBUG
           formatter: default
           stream: ext://sys.stdout
     loggers:
        satosa:
           level: DEBUG
           handlers: [console]
        saml2:
           level: DEBUG
           handlers: [console]
 saml2_backend:
  config:
    sp_config:
      organization: {display_name: SUNET Zoom, name: SUNET Zoom, url: 'https://sunet.se'}
      contact_person:
        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
      key_file: backend.key
      cert_file: backend.crt
      encryption_keypairs:
        - { key_file: backend.key, cert_file: backend.crt }
      allow_unknown_attributes: true
      metadata:
        mdq:
         - url: https://mds.swamid.se
           cert: "/etc/satosa/md-signer2.crt"
      entityid: https://zoom-saas-idp-proxy.sunet.se/sp
      service:
        sp:
          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
          allow_unsolicited: true
          endpoints:
            assertion_consumer_service:
              - [<base_url>/<name>/acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST']
              - [<base_url>/<name>/acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']
            discovery_response:
              - [<base_url>/<name>/disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol']
          want_response_signed: False
          want_assertions_signed: False
          want_assertions_or_response_signed: True
      xmlsec_binary: /usr/bin/xmlsec1
      attribute_map_dir: attributemaps
    disco_srv: https://service.seamlessaccess.org/ds
    attribute_profile: saml
  module: satosa.backends.saml2.SAMLBackend
  name: Saml2SP
  plugin: BackendModulePlugin
 saml2_frontend:
  config:
    custom_attribute_release:
      default:
        default:
          exclude: ["eduPersonTargetedID","eduPersonAffiliation"]
    idp_config:
      organization: {display_name: SWAMID, name: SWAMID, url: 'https://sunet.se'}
      contact_person:
        - {contact_type: technical, email_address: noc@sunet.se, given_name: Technical}
        - {contact_type: support, email_address: noc@sunet.se, given_name: Support}
      key_file: frontend.key
      cert_file: frontend.crt
      metadata:
        local: [metadata/zoom.xml]
      entityid: https://zoom-saas-idp-proxy.sunet.se/idp
      accepted_time_diff: 300
      service:
        idp:
          endpoints:
            single_sign_on_service: []
          name: SWAMID
          name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient']
          policy:
            default:
              attribute_restrictions: null
              fail_on_missing_requested: false
              lifetime: {minutes: 15}
              name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
          want_authn_requests_signed: false
      xmlsec_binary: /usr/bin/xmlsec1
    endpoints:
      single_sign_on_service: {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST': sso/post,
        'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect': sso/redirect}
    attribute_profile: saml
  module: satosa.frontends.saml2.SAMLFrontend
  plugin: FrontendModulePlugin
  name: Saml2IDP
--- a/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/backend.crt
+++ b/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/backend.crt
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE-----
 MIIFBTCCAu2gAwIBAgIJAPSHarYbYh/jMA0GCSqGSIb3DQEBCwUAMBkxFzAVBgNV
 BAMMDnNhdG9zYV9iYWNrZW5kMB4XDTE3MDgyOTA4MTU0NFoXDTI3MDgyNzA4MTU0
 NFowGTEXMBUGA1UEAwwOc2F0b3NhX2JhY2tlbmQwggIiMA0GCSqGSIb3DQEBAQUA
 A4ICDwAwggIKAoICAQCdP/NkGz/PXwB+vN9qgaEXkyKIKUXsesQFv0tx9ivrr9vW
 jp5nIQG5OBPlKurw9lyYGKSF8npVdlx+6MBvizn50TxXt4s0DzoPOVyVQM21wA9D
 p2Mbxq+Tx4zmHadyY+5upKxAtKwCpygHsgyyQ5okT09FVz6q+yp2xROjbtGx65FF
 UwMiJWalfWlJ8E2Vbi4To6rURvSHik7fDMw2geBFntRs0NNniEU9PecJseI0vtzv
 /L2JGFJKQzvZ538NtBF0cYWs11J0PfvT5XZyr4GVZSUdqmHsq4KxnGuAKkgnyefG
 q8PFdHXEVcobnl3L1iPf1bTs2OiiBzzz0LgmdWHOAYo6gVdpkSdb1pzF1IUCUOhP
 BC+8vHZjNnfVyP8wxChLNP559KrJJmHTsp9AetR14WsirNkH5lH/oj35VEioWMR4
 1Win3pT94RErVjKdCmJFNy14NCs3+M2VMmy3jsIL/VSY0ocZ0tdQhSkSm5YDRyOC
 KrZcKjdwyie8Rrn3mpctllklkusZAkgf8iq/vhnj/x/jryt5/dUlqrCZ5Lwjp5gf
 o8HC56Jw8N0AQldEwvoU1plm82ji/OO/ITZ+cpZ5pCMwIF6X4F6fKTCAtGis/sJy
 XSoPt6taVOhJu79B2OE4b7mA8FZFB8xtSI97UaHIR4LYNo1bZGC+Oii98rL9OwID
 AQABo1AwTjAdBgNVHQ4EFgQUbIky0J1V8GO64V4tVVaryNOXYK8wHwYDVR0jBBgw
 FoAUbIky0J1V8GO64V4tVVaryNOXYK8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
 AQsFAAOCAgEAFh05O9tWYZpvmhI8Ru3mjDpOSkgWdfZIATJ6L35bQnW8J9/DL9yE
 a58QQ4xCQm1U0yFr3ssDc5bD/Zvco0pq+RPiyR/ydY+4Ld9HtQjaYYYVTvfv6Vsc
 X+UpHVsd0MhMUiFQo1Gq40vTMfenPg2lgzLdqiCorA/l9a3+G1dFIXw7Ro+4LTHZ
 lCc+u+yQSkQsBHcVyYCW3UdNKSdGl3u99DY+BXO1aG/J11qvynjkC8o3PvMc39BQ
 ryvonVkeIp+DPK2080HUjDpSiXKQElniDeZWkQin5/ra45rLS/23/jkqiOfUrSIu
 WdYYGOgXOXU69PM71onMCNJK+MQQOuGky+y5LybunxiDdw0V9Ay1zRrjfUtV1EiD
 EA5q2DuTAnkBTvwChA/DPRq7o3/Dw3JajVRN39lXjXcYczeBnTAXrNlCwJMtWQ1o
 ZHmcDHEOnUQ6oSlXbWhAOOUQw+0z+RQLYbkK5AMFmUqLEYKIgx6asdxUtvwf4PxQ
 6xHYyip9FvJ5GQcwNQpJ06xDeBi5D9wJ8/N2E6LV+7y5prqVvYWQCs5jCEJ+FSWH
 5slPKSklNu3s4Ul4D6pqU32243+LNROyRaUuy3wXDfLiZLQa17QAhlim6RWpaplq
 Mxe0+tX0hEXUAHD3qoocrc5Nn5gXeDpmZA4Ik8dtzyPj8AkGUtekHt8=
 -----END CERTIFICATE-----
--- a/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/frontend.crt
+++ b/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/frontend.crt
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE-----
 MIIFBzCCAu+gAwIBAgIJAKGw1jEdxh7jMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
 BAMMD3NhdG9zYV9mcm9udGVuZDAeFw0xNzA4MjkwODAwNDlaFw0yNzA4MjcwODAw
 NDlaMBoxGDAWBgNVBAMMD3NhdG9zYV9mcm9udGVuZDCCAiIwDQYJKoZIhvcNAQEB
 BQADggIPADCCAgoCggIBAMNmUZ4Fvt64HiJCgIytEN2AohTuNs6MWmOUyHj3Gq7J
 TO3JmemKCg9MzR4s0dELfm5zd0/yq6EkeYitg2zrY2+87ue1H1wNDCBdq7msjCys
 hW0h9bn/7MbwdfePJyyHxROZp+AB5r1mJCQHC8AAJDtVe7Th4A8K2ctC2XIuQn7A
 im0giPP5EdKPKvNb+TuZ0yd6KfoX37ZMLSbacJPXs/3t/9e5Alv7wqpV7vUOxPu8
 uyC1yw7t8pMbU+MDskBt0Z+VZP/h8zZNmAtWjAc/1EddhFFyjIDUA9Xbh+yvIonR
 CfrbdmxrkFjOXuhNgagJJBfDw4VUfokFa46DwlxgXqaZ8fsVj/n/p8bIdkITtaMw
 /WIGs84JjZZd8BDsgFtUj4SJ8uO+4pdPl6yZKQ2CuLHvBdWvDleXUkIoMadkUqg/
 3hzdW8zNXNMFw9kmD3fSvYK89+JGc6Z74N6LnAAZqlQSYXYanKKHuHxTIY2HpiIk
 nSzHx5uN3aKJCHA4uSNN7y0/Grlea6CN5OO6ZrWrSo2+MdNsQA2PDJOyoL9wvDav
 B/NbOd12QtLSjbCwYqR9sCLm7u870w1UlKUMjJq9H01QpKqavsO3hSnx0av0JU8z
 Ft5x6Ipgm0rsjVpgOjv5drxGTEViBRI6vsee5EAzZ0i3Bb/JXe/jswFpBimLeDLB
 AgMBAAGjUDBOMB0GA1UdDgQWBBRZUcpJzK4O0vC9E5hylZX7C/2G3TAfBgNVHSME
 GDAWgBRZUcpJzK4O0vC9E5hylZX7C/2G3TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
 DQEBCwUAA4ICAQAQkBpOJ24TuuRH84kuQBr5SMccn+NAHrAlW48NEWZ9UrRJpvo4
 Kf3zOyb9USd+bYlz5y6ThQtfYrDmCmtGWisRIrTLML17D5ffWe4fNmKhbpsL1MSJ
 ozPbsCIjeqKLXTTfmnKr3NbW5x0GOowKhz+egVbYrrACupjuo4T7rM6oYV/O38b0
 h+U2vL4KlqZFmZ0Dnn0GibSWnejwZT4ZF7VuuO3YCbLoFLgOOh4Fg3pGmYPxJpVy
 rTm7tpyMfhi1QAr0akuTVaV7A81frshPMw29JjUF3DARjaQL8FcPJf7sWGV1kIol
 6cAA/iwmXwJ+ZdXNz2Tj7axp17wl03HOOczG2HbXblajwSrjTllXzoj9T+ZViGe2
 XtrnNXAg4IkC7SU14ba3lIlxP3VX5e2kvlTHlTqRcZCnAz5+FNKe4KRDNkSdN1RE
 ljGL73m6LxFg0bA8wtwb/KkM3eS1YrxFccys3/GDLkU7wvfpuyprV7USHb9g02IE
 i2Xovs/ly4/omWjdj9kN/iVqZB26Pv9bFxClTiJD2sbvmz0Z3O3qBg6VEyyen1Ql
 agQ8QFJNklstQD+ZH354h1emKW3J/9DwGkxST+wqpPNjvJDU9nBWSbh/xFvspsBh
 aiUovcRg/mWVPPDYc5Lj0ct472HsRavlTTa7p0egzN+FF4Je34IGiRTz0A==
 -----END CERTIFICATE-----
--- a/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/md-signer2.crt
+++ b/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/md-signer2.crt
@ -0,0 +1,33 @@
 -----BEGIN CERTIFICATE-----
 MIIFyzCCA7OgAwIBAgIJAI9LJsUJXDMVMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV
 BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEO
 MAwGA1UECgwFU1VORVQxDzANBgNVBAsMBlNXQU1JRDEkMCIGA1UEAwwbU1dBTUlE
 IG1ldGFkYXRhIHNpZ25lciB2Mi4wMB4XDTE2MTIwNjA5MjgyMFoXDTM2MTIwNjA5
 MjgyMFowfDELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTESMBAGA1UE
 BwwJU3RvY2tob2xtMQ4wDAYDVQQKDAVTVU5FVDEPMA0GA1UECwwGU1dBTUlEMSQw
 IgYDVQQDDBtTV0FNSUQgbWV0YWRhdGEgc2lnbmVyIHYyLjAwggIiMA0GCSqGSIb3
 DQEBAQUAA4ICDwAwggIKAoICAQDQVw72PnIo9QIeV439kQnPcxZh/LddKw86eIU+
 nMfl4TpjSIyqTu4KJSnXbJyqXg+jQj3RzE9BUblpGrR7okmQwOh2nh+5A6SmyTOR
 p7VEVT/Zw0GNnQi9gAW7J8Cy+Gnok4LeILI5u43hPylNKAnvs1+bo0ZlbHM6U5jm
 6MlO+lrYA9dZzoPQqoCQbr3OweAaq5g8H54HuZacpYa3Q2GnUa4v+xywjntPdSQU
 RTAbWWyJl3cHctX5+8UnX8nGCaxoBZqNp9PcEopyYJX8O1nrLumBMqu9Uh6GW1nx
 OHfKDLvUoykG3Dm704ENVs88KaJXB1qQNsjdlm14UI9XCZbHfnFVnQ53ehsGFMha
 Bf/Abd6v2wnhBLH/RxEUlw347qSeokw+SdDTSdW8jOEBiSqP/8BUzpCcbGlgAsVO
 NKUS0K7IB2Bb79YYhyMvmJl24BGtkX+VM/mv47dxOtfzNFCMtUcJ2Dluv0xJG8xI
 ot7umx/kbMBLuq7WdWELZJrgpt2bb9sXtYBpuxtGCW5g7+U7MNN1aKCiCSfq09YH
 qu2DsU7HHAxEcGFXBiepBliCwZ24WLQh53bA3rihaln7SjdapT9VuSTpCvytb9RX
 rq39mVuHMXvWYOG20XTV0+8U2vnsjAwsy28xPAcrLWRWoZbRJ+RoGp6L3GACq+t+
 HPIukwIDAQABo1AwTjAdBgNVHQ4EFgQUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwHwYD
 VR0jBBgwFoAUQ2iqKQV/mMZDeJDtLXvy0Bsn/BQwDAYDVR0TBAUwAwEB/zANBgkq
 hkiG9w0BAQsFAAOCAgEAHviIAfS8viUN8Qk//U1p6Z1VK5718NeS7uqabug/SwhL
 Vxtg/0x9FPJYf05HXj4moAf2W1ZLnhr0pnEPGDbdHAgDC672fpaAV7DO95d7xubc
 rofR7Of2fehYSUZbXBWFiQ+xB5QfRsUFgB/qgHUolgn+4RXniiBYlWe6QJVncHx+
 FtxD+vh1l5rLNkJgJLw2Lt3pbemSxUvv0CJtnK4jt2y95GsWGu1uSsVLrs0PR1Lj
 kuxL6zZH4Pp9yjRDOUhbVYAnQ017mdcjvHYtp7c4GIWgyaBkDoMtU6fAt70QpeGj
 XhecXk7Llx+oYNdZn14ZdFPRGMyAESLrT4Zf9M7QS3ypnWn/Ux0SwKWbnPUeRVbO
 VZZ+M0jmdYK6o+UU5xH3peRWSJIjjRaKjbVlW5GgHwGFmQc/LN+va2jjThRsQWWt
 zEwObijedInQ6wfL/VzFAwlWWoDAzKK9qnK4Rf3ORKkvhKrUa//2OYnZD0kHtHiC
 OL+iFRLtJ/DQP5iZAF+M1Hta7acLmQ8v7Mn1ZR9lyDWzFx57VOKKtJ6RAmBvxOdP
 8cIgBNvLAEdXh2knOLqYU/CeaGkxTD7Y0SEKx6OxEEdafba//MBkVLt4bRoLXts6
 6JY25FqFh3eJZjR6h4W1NW8KnBWuy+ITGfXxoJSsX78/pwAY+v32jRxMZGUi1J4=
 -----END CERTIFICATE-----
--- a/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/metadata.crt
+++ b/zoomproxy-tug-prod-1.sunet.se/overlay/etc/satosa/metadata.crt
@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE-----
 MIIFBzCCAu+gAwIBAgIJAO2iLzrmv26eMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
 BAMMD3NhdG9zYV9tZXRhZGF0YTAeFw0xNzA4MjkwODAxMjlaFw0yNzA4MjcwODAx
 MjlaMBoxGDAWBgNVBAMMD3NhdG9zYV9tZXRhZGF0YTCCAiIwDQYJKoZIhvcNAQEB
 BQADggIPADCCAgoCggIBAK8z4ImxS6seGpMECgEuRjQxsEzCSahfvaKe6cfFvvof
 1yPKzuBeBoDneQJWhH8L/DePZigNqit33PUJARrkgKbCGsdrElIg8zo2aSPohr3Q
 3WXXBRUZyBExEXd/uC3nBWeE1XoccwEOwqRmaP5g9ubH3fmVozM9qWVP4vG+XFRL
 b/XVh1k83V7UePHgIaaB2cbjjXwZBneUeTwf9GymTxpa0eJQjGqA0EvfWRTvGoop
 nMX6WrMdX2RuxA2Eb1gBbzdXnsWchDcQD5Z2NyWFvzxPBuLnxgxKlBC+rPr/J10w
 c9MO/jgq4VimmKWhTz1JwvcBSRmB47xWDmWzjBMOBFpEh9E2YgB2ugKyjvVRnRRF
 qoEoNcQvnC/5rChnh8QxxYDMePB8NYL5iwqwYOFqxcjj+dX/ZF9CmBMIP4EFqXr8
 SCdnzz+QAAoLbV6MTQ/Fx1KBPGSO4E1b2/xtJDqyK/qcwWmmcIOWfW75GZeMFZNz
 BauPaCfwmlCRqLel2EcPPhjJxgi45fEE7aEGA0HfDxqwVJwsNjD/SVp/cV2pYbvu
 t9iip6jmIriw+KsSpCvRrDWCUeMi9YgvuvJaJd+ZG+Ej7d4WALQQDleBEGNybqDw
 X7bJEv+BTxDioYb9onXBIZQYNqL69V29FMh8rUMTvKSC5xlFxmmG/XfyhRJItl/p
 AgMBAAGjUDBOMB0GA1UdDgQWBBS0yk9TqlMkPqWQU/a+6MNZRaNm5DAfBgNVHSME
 GDAWgBS0yk9TqlMkPqWQU/a+6MNZRaNm5DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
 DQEBCwUAA4ICAQA5H+B9bq7oQVMHvhyheNk46LKzgNgtktU026dyOGvUET1qdizk
 HNFTzVfSXVYPLItFDHypGlS38PkmSXSkoAnDC1mNWP73NzNTyTcx6wamjrIPk7w8
 tzN4ZGL3G8irbiUqZg0SCdS/UdAZarsJTF/UpyF+jHsMYtXXJ6mKHftm75F480ip
 gSuPXa/hFN5cj9EbQM9lm+Xfy+NjV4pM2JCWTGlzSrIxStk91oBn0T3EmCDmI+mG
 mfV8j+AzRMdK/+rLbTPBA1qRnlEt5PXuqPh9zEd1Ipw+yY4SqaXBZCOOpaH0k3l1
 7bhmnhuQutTvEZlmrtYfrL2+MRqmvNfbXyZWPKCw4+H66NUcVD6jpX0/5qomGQt8
 sHHR4igdjyDbrBbiU0AS4spgATDfK05NG/bCIcUGfUlYDYFCViJVbvUUVp7cGlI3
 Ptjv1TXtKOLgehFrbwGHHvzpCrpMjfzttlShqKw/7V30EhgKzXymMvqEGVbTjehh
 WoRodEqXKt34iVBEvKWdhSWHTkqTJDGb7ZEgOuQV7r7HPe2UHsYLxRXdArbTAcZg
 Ffmq5eZTK7ZNOSTX3sCg/a8pZFN/z14DFiSsdxErgnJlVCsjQrI51iB4QhMWlDHW
 3dmaODsyIoA5iaLPRPiFLyq1S1rclzj5dgW29vuLeHDNzZqLTtcdIfNUVg==
 -----END CERTIFICATE-----
Author	SHA1	Message	Date
Patrik Holmqvist	d284791cb5	vpnexit-test-sthb-1.sunet.se added	2025-04-16 15:30:43 +02:00
Patrik Holmqvist	8a9295b581	Add netbird-test server to cosmos-rules	2025-04-16 15:07:43 +02:00
Patrik Holmqvist	a28e80b178	netbird-test-sto1-1.sunet.se added	2025-04-16 14:44:41 +02:00
Patrik Holmqvist	b90be0621a	Add mhert ssh and gpg keys.	2025-04-16 14:43:07 +02:00
Mikael Andersson	839520d52c	Adding healthcheck to humhub group.yaml	2025-04-16 14:10:50 +02:00
Patrik Holmqvist	dcd22f13a3	vpnexit-test-tug-1.sunet.se added	2025-04-16 13:28:12 +02:00
Patrik Holmqvist	6e0c0eecf1	netbird-test-sto1-1.sunet added	2025-04-16 13:26:24 +02:00
Mikael Andersson	82bcc08ad3	Removing old humhub due to name change	2025-04-16 10:10:00 +02:00
Mikael Andersson	d58b6bd033	adding secrets for humhubproxy-sto1-prod-2.sunet.se and humhubproxy-sto3-prod-1.sunet.se	2025-04-16 10:02:11 +02:00
Mikael Andersson	015b3d31bb	humhubproxy-sto3-prod-1.sunet.se added	2025-04-16 09:48:19 +02:00
Mikael Andersson	bb45171ef8	humhubproxy-sto1-prod-2.sunet.se added	2025-04-16 09:47:00 +02:00
Rasmus Thorslund	d37f483e02	switched to test branch for puppet sunet on lb-tug-test-1.sunet.se	2025-04-15 16:38:10 +02:00
Rasmus Thorslund	7ac1b387b4	updated lb config for rutprod	2025-04-15 15:47:54 +02:00
Mikael Andersson	a7c3eaeb66	local.yaml -> group.yaml	2025-04-15 11:20:20 +02:00
Maria Haider	fbf62ab7a4	moving bankidp.qa.swamid.se to new LBs	2025-04-15 10:32:22 +02:00
Mikael Andersson	cac3c36c8e	Adding humhub-proxy-common + zoom-proxy-common	2025-04-15 08:55:30 +02:00
Mikael Andersson	7ac61fa08d	humhub cosmos-rules	2025-04-14 16:18:30 +02:00
Maria Haider	10e1446817	modified the same check for humhub satosa proxies	2025-04-14 16:06:23 +02:00
Maria Haider	9cb7894d2f	setting single_ip as true	2025-04-14 15:56:38 +02:00
Maria Haider	c7140814ce	add healthcheck for zoom hosts	2025-04-14 15:46:53 +02:00
Patrik Holmqvist	4c332b3b90	Run pahol-test1 on stable again	2025-04-11 14:48:48 +02:00
Patrik Holmqvist	869906c1e2	Run pypi on stable again since feature branch is merged	2025-04-11 14:47:28 +02:00
Patrik Holmqvist	837d25765a	Restore monitornetops to original sunet stable tag, SC-2522	2025-04-11 14:27:13 +02:00
Patrik Holmqvist	0ab4e58e93	Try running monitornetops on a feature branch	2025-04-10 16:10:34 +02:00
Mikael Andersson	a378d1bf0e	Changing backend for zoom-idp-proxy	2025-04-10 12:46:14 +02:00
Mikael Andersson	4539e0af48	zoomproxy-sto3-prod-1.sunet.se -> nutanix -> zoomproxy-tug-prod-1.sunet.se	2025-04-10 11:15:46 +02:00
Mikael Andersson	0fb06233ca	Adding secrets for zoomproxy-tug-prod-1.sunet.se	2025-04-10 10:42:15 +02:00
Mikael Andersson	bcf448c5a2	zoomproxy-tug-prod-1.sunet.se added	2025-04-10 10:09:40 +02:00
Maria Haider	ee21824e19	did the same for prod	2025-04-09 17:00:50 +02:00
Maria Haider	2a620d03bc	haproxy_imagetag not needed under load_balancer	2025-04-09 16:55:39 +02:00
Mikael Andersson	8b639f0f06	Adding humhub-sto3-prod-1.sunet.se secrets	2025-04-09 09:34:43 +02:00
Mikael Andersson	91e22d0eb0	hiera and satosa config	2025-04-09 09:13:09 +02:00
Rasmus Thorslund	79bf5f2b33	added kushals ssh key	2025-04-08 15:04:02 +02:00
Mikael Andersson	4ff1435667	humhub-sto1-prod-2.sunet.se added	2025-04-08 12:50:08 +02:00
Maria Haider	25990db55d	moved 3 more sites to new LBs	2025-04-08 10:52:53 +02:00
Maria Haider	66bc7d98cb	adding auth.sunet.se in new LBs	2025-04-08 10:08:22 +02:00
Mikael Andersson	2d8a977e4f	humhub-sto3-prod-1.sunet.se added	2025-04-08 09:39:15 +02:00
Mikael Andersson	a919473cdc	Adding secrets	2025-04-07 14:11:43 +02:00
Mikael Andersson	d5b647d534	zoomproxy-sto3-prod-1.sunet.se added	2025-04-04 10:39:57 +02:00
		`@ -0,0 +1,3 @@`

							`The system documentation is in the docs directory of the multiverse repository.`