eid-ops/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf

#!/usr/bin/env bash

#
# Template for eIDAS Connector configuration
# Script within docker container reads from /etc/eidas-connector/env/ - So make sure to have a volume mount.
#

#
# Logging settings
#

# Logback log levels
#   There must be a Docker volume mounted to the /etc/eidas-connector directory.
export IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml

# Process logs go to stdout
export IDP_LOG_CONSOLE=false

# Syslog (for Audit and F-TICKS)
export IDP_SYSLOG_HOST=log.qa.sveidas.se
export IDP_SYSLOG_PORT=514

export IDP_PROCESS_SYSLOG_HOST=log.qa.sveidas.se
export IDP_PROCESS_SYSLOG_PORT=514

export IDP_STATS_SYSLOG_HOST=log.qa.sveidas.se
export IDP_STATS_SYSLOG_PORT=514
export IDP_STATS_SYSLOG_FACILITY=LOCAL4

export IDP_AUDIT_SYSLOG_FACILITY=LOCAL0

export IDP_FTICKS_FEDERATION_ID=eIDAS
export IDP_FTICKS_SYSLOG_FACILITY=LOCAL1
export IDP_PROCESS_SYSLOG_FACILITY=LOCAL2


# JVM settings
export JVM_MAX_HEAP=1536m
export JVM_START_HEA=512m

export IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt

export IDP_CREDENTIALS=/etc/eidas-connector/credentials
export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks
export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver

export IDP_SIGNING_KEY=$IDP_CREDENTIALS/connector.key
export IDP_SIGNING_CERT=$IDP_CREDENTIALS/connector.crt
export IDP_ENCRYPTION_KEY=$IDP_CREDENTIALS/connector.key
export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/connector.crt
export IDP_METADATA_SIGNING_KEY=$IDP_CREDENTIALS/metadata.key
export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/metadata.crt

export SP_CREDENTIALS=/etc/eidas-connector/credentials
export SP_SIGNING_KEY=$SP_CREDENTIALS/connector.key
export SP_SIGNING_CERT=$SP_CREDENTIALS/connector.crt
export SP_ENCRYPTION_KEY=$SP_CREDENTIALS/connector.key
export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/connector.crt
export SP_METADATA_SIGNING_KEY=$SP_CREDENTIALS/metadata.key
export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/metadata.crt

# Tomcat settings
export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat
export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem
export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem
export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem
export TOMCAT_INTERNAL_PROXIES='"10\.\d{1,3}\.\d{1,3}\.\d{1,3}\|192\.168\.\d{1,3}\.\d{1,3}\|169\.254\.\d{1,3}\.\d{1,3}\|127\.\d{1,3}\.\d{1,3}\.\d{1,3}\|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}\|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}\|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}\|130\.242\.125\.\d{1,3}\|81\.236\.48\.\d{1,3}"'
export TOMCAT_SESSION_COOKIE_NAME="JSESSIONID.CONNECTOR.QA"

export FEDERATION_METADATA_URL=https://qa.md.swedenconnect.se/entities/
export FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt

#export EIDAS_METADATA_SERVICE_LIST_URL=https://qa.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml
unset EIDAS_METADATA_SERVICE_LIST_URL
#export EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt
unset EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT

export EIDAS_METADATA_URL=https://qa.md.eidas.swedenconnect.se/entities/
export EIDAS_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt

export IDP_ACCESSIBILITY_URL=https://www.swedenconnect.se/om/om-webbplatsen/tillganglighet/svenska-eidas-noden

export IDP_PING_WHITELIST=https://qa.test.swedenconnect.se/sp
connector template config 2017-10-27 14:07:36 +02:00			`#!/usr/bin/env bash`

			`#`
			`# Template for eIDAS Connector configuration`
			`# Script within docker container reads from /etc/eidas-connector/env/ - So make sure to have a volume mount.`
			`#`

			`#`
			`# Logging settings`
			`#`

			`# Logback log levels`
			`# There must be a Docker volume mounted to the /etc/eidas-connector directory.`
switch to using config file 2017-12-11 13:22:29 +01:00			`export IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml`
connector template config 2017-10-27 14:07:36 +02:00
			`# Process logs go to stdout`
tune logging 2018-09-21 15:29:18 +02:00			`export IDP_LOG_CONSOLE=false`
connector template config 2017-10-27 14:07:36 +02:00
			`# Syslog (for Audit and F-TICKS)`
audit log to qa loghost 2018-06-17 20:22:12 +02:00			`export IDP_SYSLOG_HOST=log.qa.sveidas.se`
switch to using config file 2017-12-11 13:22:29 +01:00			`export IDP_SYSLOG_PORT=514`
connector template config 2017-10-27 14:07:36 +02:00
tune logging 2018-09-21 15:29:18 +02:00			`export IDP_PROCESS_SYSLOG_HOST=log.qa.sveidas.se`
			`export IDP_PROCESS_SYSLOG_PORT=514`

deploy 1.6.0 connector to qa 2020-03-06 11:33:42 +01:00			`export IDP_STATS_SYSLOG_HOST=log.qa.sveidas.se`
			`export IDP_STATS_SYSLOG_PORT=514`
			`export IDP_STATS_SYSLOG_FACILITY=LOCAL4`

tune logging 2018-09-21 15:29:18 +02:00			`export IDP_AUDIT_SYSLOG_FACILITY=LOCAL0`
connector template config 2017-10-27 14:07:36 +02:00
tune logging 2018-09-21 15:29:18 +02:00			`export IDP_FTICKS_FEDERATION_ID=eIDAS`
			`export IDP_FTICKS_SYSLOG_FACILITY=LOCAL1`
			`export IDP_PROCESS_SYSLOG_FACILITY=LOCAL2`
connector template config 2017-10-27 14:07:36 +02:00

			`# JVM settings`
switch to using config file 2017-12-11 13:22:29 +01:00			`export JVM_MAX_HEAP=1536m`
			`export JVM_START_HEA=512m`

			`export IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt`
prep for 1.0.6 2017-11-23 21:28:14 +01:00
rekey connector 2017-12-19 14:41:21 +01:00			`export IDP_CREDENTIALS=/etc/eidas-connector/credentials`
correct defaults 2017-12-11 14:25:51 +01:00			`export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/sealer.jks`
			`export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/sealer.kver`
rekey connector 2017-12-19 14:41:21 +01:00
			`export IDP_SIGNING_KEY=$IDP_CREDENTIALS/connector.key`
			`export IDP_SIGNING_CERT=$IDP_CREDENTIALS/connector.crt`
			`export IDP_ENCRYPTION_KEY=$IDP_CREDENTIALS/connector.key`
			`export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/connector.crt`
			`export IDP_METADATA_SIGNING_KEY=$IDP_CREDENTIALS/metadata.key`
			`export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/metadata.crt`

			`export SP_CREDENTIALS=/etc/eidas-connector/credentials`
			`export SP_SIGNING_KEY=$SP_CREDENTIALS/connector.key`
			`export SP_SIGNING_CERT=$SP_CREDENTIALS/connector.crt`
			`export SP_ENCRYPTION_KEY=$SP_CREDENTIALS/connector.key`
			`export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/connector.crt`
			`export SP_METADATA_SIGNING_KEY=$SP_CREDENTIALS/metadata.key`
			`export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/metadata.crt`
prep for 1.0.6 2017-11-23 21:28:14 +01:00
			`# Tomcat settings`
correct defaults 2017-12-11 14:25:51 +01:00			`export TOMCAT_CREDENTIALS=/etc/eidas-connector/credentials/tomcat`
spelling 2017-12-11 14:44:39 +01:00			`export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem`
correct defaults 2017-12-11 14:25:51 +01:00			`export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem`
			`export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem`
escape hell part 3 2018-01-12 15:27:11 +01:00			`export TOMCAT_INTERNAL_PROXIES='"10\.\d{1,3}\.\d{1,3}\.\d{1,3}\\|192\.168\.\d{1,3}\.\d{1,3}\\|169\.254\.\d{1,3}\.\d{1,3}\\|127\.\d{1,3}\.\d{1,3}\.\d{1,3}\\|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}\\|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}\\|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}\\|130\.242\.125\.\d{1,3}\\|81\.236\.48\.\d{1,3}"'`
deploy 1.6.0 connector to qa 2020-03-06 11:33:42 +01:00			`export TOMCAT_SESSION_COOKIE_NAME="JSESSIONID.CONNECTOR.QA"`
multiple metadata sources 2018-03-16 16:29:24 +01:00
fixing more URLs 2023-03-24 15:45:43 +01:00			`export FEDERATION_METADATA_URL=https://qa.md.swedenconnect.se/entities/`
deploy 1.6.0 connector to qa 2020-03-06 11:33:42 +01:00			`export FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt`
connect fully to qa env 2018-03-16 16:38:35 +01:00
try again to remove MDSL dependency 2020-03-06 14:26:17 +01:00			`#export EIDAS_METADATA_SERVICE_LIST_URL=https://qa.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml`
			`unset EIDAS_METADATA_SERVICE_LIST_URL`
			`#export EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt`
			`unset EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT`
connect fully to qa env 2018-03-16 16:38:35 +01:00
fixed some more URLs 2023-03-24 15:58:54 +01:00			`export EIDAS_METADATA_URL=https://qa.md.eidas.swedenconnect.se/entities/`
deploy 1.6.0 connector to qa 2020-03-06 11:33:42 +01:00			`export EIDAS_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt`
idp accessibility url 2020-09-18 16:33:31 +02:00
changed IDP_ACCESSIBILITY_URL for connector in QA and test 2021-11-22 09:19:48 +01:00			`export IDP_ACCESSIBILITY_URL=https://www.swedenconnect.se/om/om-webbplatsen/tillganglighet/svenska-eidas-noden`
release of eidas_connector 1.6.5 in QA 2020-10-05 09:55:15 +02:00
added IDP_PING_WHITELIST to eidas-connector in QA 2020-12-17 09:39:18 +01:00			`export IDP_PING_WHITELIST=https://qa.test.swedenconnect.se/sp`