eid-ops/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf

#!/usr/bin/env bash

#
# Template for eIDAS Connector configuration
# Script within docker container reads from /etc/eidas-connector/env/ - So make sure to have a volume mount.
#

#
# Logging settings
#

# Logback log levels
#   There must be a Docker volume mounted to the /etc/eidas-connector directory.
export IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml

# Process logs go to stdout
export IDP_LOG_CONSOLE=false

# Syslog (for Audit and F-TICKS)
export IDP_SYSLOG_HOST=log-1.sveidas.se
export IDP_SYSLOG_PORT=514

export IDP_PROCESS_SYSLOG_HOST=log-1.sveidas.se
export IDP_PROCESS_SYSLOG_PORT=514

export IDP_AUDIT_SYSLOG_FACILITY=LOCAL0

export IDP_FTICKS_FEDERATION_ID=eIDAS
export IDP_FTICKS_SYSLOG_FACILITY=LOCAL1
export IDP_PROCESS_SYSLOG_FACILITY=LOCAL2

# JVM settings
export JVM_MAX_HEAP=1536m
export JVM_START_HEA=512m

export IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt

export IDP_CREDENTIALS=/etc/eidas-connector/credentials
export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks
export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver

export IDP_PKCS11_ENABLED=true
export IDP_PKCS11_PIN=$PKCS11_PIN
export IDP_METADATA_SIGNING_PKCS11_ENABLED=true
export SP_METADATA_SIGNING_PKCS11_ENABLED=true

export IDP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
export IDP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export IDP_SIGNING_CERT=$IDP_CREDENTIALS/sign.crt

export IDP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
export IDP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/enc.crt

export IDP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
export IDP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/swedenconnect-signer.crt

export SP_CREDENTIALS=/etc/eidas-connector/credentials

export SP_SIGNING_PKCS11_ALIAS=sc_eidas_sign
export SP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export SP_SIGNING_CERT=$SP_CREDENTIALS/sign.crt

export SP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt
export SP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/enc.crt

export SP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect
export SP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"
export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/swedenconnect-signer.crt

# Tomcat settings
export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat
export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem
export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem
export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem

FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities
FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt

EIDAS_METADATA_SERVICE_LIST_URL=https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml
EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt

EIDAS_METADATA_URL=https://md.eidas.swedenconnect.se/role/idp.xml
EIDAS_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00			`#!/usr/bin/env bash`

			`#`
			`# Template for eIDAS Connector configuration`
			`# Script within docker container reads from /etc/eidas-connector/env/ - So make sure to have a volume mount.`
			`#`

			`#`
			`# Logging settings`
			`#`

			`# Logback log levels`
			`# There must be a Docker volume mounted to the /etc/eidas-connector directory.`
			`export IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml`

			`# Process logs go to stdout`
turn logging back to normal 2019-01-08 15:13:04 +01:00			`export IDP_LOG_CONSOLE=false`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
			`# Syslog (for Audit and F-TICKS)`
log to log-1 only 2019-01-07 15:18:29 +01:00			`export IDP_SYSLOG_HOST=log-1.sveidas.se`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00			`export IDP_SYSLOG_PORT=514`

log to log-1 only 2019-01-07 15:18:29 +01:00			`export IDP_PROCESS_SYSLOG_HOST=log-1.sveidas.se`
tune logging 2018-09-21 15:29:18 +02:00			`export IDP_PROCESS_SYSLOG_PORT=514`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
tune logging 2018-09-21 15:29:18 +02:00			`export IDP_AUDIT_SYSLOG_FACILITY=LOCAL0`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
tune logging 2018-09-21 15:29:18 +02:00			`export IDP_FTICKS_FEDERATION_ID=eIDAS`
			`export IDP_FTICKS_SYSLOG_FACILITY=LOCAL1`
			`export IDP_PROCESS_SYSLOG_FACILITY=LOCAL2`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
			`# JVM settings`
			`export JVM_MAX_HEAP=1536m`
			`export JVM_START_HEA=512m`

			`export IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt`

			`export IDP_CREDENTIALS=/etc/eidas-connector/credentials`
			`export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks`
			`export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver`

deploy 1.3.6 along with new p11 config 2018-09-10 12:37:51 +02:00			`export IDP_PKCS11_ENABLED=true`
deploy 1.3.7 connector 2018-09-14 09:42:02 +02:00			`export IDP_PKCS11_PIN=$PKCS11_PIN`
deploy 1.3.6 along with new p11 config 2018-09-10 12:37:51 +02:00			`export IDP_METADATA_SIGNING_PKCS11_ENABLED=true`
			`export SP_METADATA_SIGNING_PKCS11_ENABLED=true`

			`export IDP_SIGNING_PKCS11_ALIAS=sc_eidas_sign`
			`export IDP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"`
			`export IDP_SIGNING_CERT=$IDP_CREDENTIALS/sign.crt`

			`export IDP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt`
			`export IDP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"`
			`export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/enc.crt`

			`export IDP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect`
			`export IDP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"`
			`export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/swedenconnect-signer.crt`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
			`export SP_CREDENTIALS=/etc/eidas-connector/credentials`
pkcs11 deploy 2018-09-06 16:18:03 +02:00
deploy 1.3.6 along with new p11 config 2018-09-10 12:37:51 +02:00			`export SP_SIGNING_PKCS11_ALIAS=sc_eidas_sign`
			`export SP_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"`
			`export SP_SIGNING_CERT=$SP_CREDENTIALS/sign.crt`

			`export SP_ENCRYPTION_PKCS11_ALIAS=sc_eidas_encrypt`
			`export SP_ENCRYPTION_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"`
			`export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/enc.crt`

			`export SP_METADATA_SIGNING_PKCS11_ALIAS=swedenconnect`
			`export SP_METADATA_SIGNING_PKCS11_CFG="/etc/eidas-connector/credentials/pkcs11.cfg"`
			`export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/swedenconnect-signer.crt`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
			`# Tomcat settings`
			`export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat`
			`export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem`
			`export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem`
			`export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem`

change metadata feed 2018-08-27 09:43:38 +02:00			`FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities`
			`FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
change metadata feed 2018-08-27 09:43:38 +02:00			`EIDAS_METADATA_SERVICE_LIST_URL=https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml`
			`EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt`
created eidas-connector-common and eidas-proxy-common 2018-05-24 10:29:44 +02:00
only IdPs to our connectors 2019-01-07 11:59:30 +01:00			`EIDAS_METADATA_URL=https://md.eidas.swedenconnect.se/role/idp.xml`
change metadata feed 2018-08-27 09:43:38 +02:00			`EIDAS_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt`