Add new connector settings file, SC-2670
This commit is contained in:
parent
812e5fdd3d
commit
1877b09f79
GPG key ID:
5D5B0D4E93F77273
1 changed files with 151 additions and 0 deletions
|
|
@ -0,0 +1,151 @@
|
||||||
|
#
|
||||||
|
# Connector overrides for the internal Sunet test deployment
|
||||||
|
#
|
||||||
|
---
|
||||||
|
spring:
|
||||||
|
ssl:
|
||||||
|
bundle:
|
||||||
|
pem:
|
||||||
|
connector-web-server:
|
||||||
|
keystore:
|
||||||
|
certificate: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-cert.pem
|
||||||
|
private-key: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-key.pem
|
||||||
|
sunet-tls-trust:
|
||||||
|
truststore:
|
||||||
|
certificate: file:/etc/ssl/certs/infra.crt
|
||||||
|
|
||||||
|
server:
|
||||||
|
port: 8443
|
||||||
|
servlet:
|
||||||
|
context-path: /idp
|
||||||
|
ssl:
|
||||||
|
enabled: true
|
||||||
|
bundle: connector-web-server
|
||||||
|
error:
|
||||||
|
include-stacktrace: never
|
||||||
|
|
||||||
|
management:
|
||||||
|
server:
|
||||||
|
port: 8444
|
||||||
|
health:
|
||||||
|
redis:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
credential:
|
||||||
|
bundles:
|
||||||
|
keystore:
|
||||||
|
pkcs11-store:
|
||||||
|
type: PKCS11
|
||||||
|
provider: SunPKCS11
|
||||||
|
password: ${PKCS11_PIN}
|
||||||
|
pkcs11:
|
||||||
|
configuration-file: ${CONNECTOR_DIRECTORY}/credentials/pkcs11.cfg
|
||||||
|
jks:
|
||||||
|
connector-sign:
|
||||||
|
name: "Connector Signing Credential"
|
||||||
|
store-reference: pkcs11-store
|
||||||
|
key:
|
||||||
|
certificates: file:${CONNECTOR_DIRECTORY}/credentials/sign.crt
|
||||||
|
# The alias should be the name of the CKA_LABEL attribute
|
||||||
|
alias: sc_eidas_sign
|
||||||
|
key-password: ${PKCS11_PIN}
|
||||||
|
monitor: true
|
||||||
|
connector-encrypt:
|
||||||
|
name: "Connector Encryption Credential"
|
||||||
|
store-reference: pkcs11-store
|
||||||
|
key:
|
||||||
|
# certificates: file:${CONNECTOR_DIRECTORY}/credentials/enc.crt
|
||||||
|
# The alias should be the name of the CKA_LABEL attribute
|
||||||
|
alias: sc_eidas_encrypt
|
||||||
|
key-password: ${PKCS11_PIN}
|
||||||
|
monitor: true
|
||||||
|
connector-hsm-md-sign:
|
||||||
|
name: "Connector HSM Metadata Signing Credential"
|
||||||
|
store-reference: pkcs11-store
|
||||||
|
key:
|
||||||
|
certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||||
|
alias: sctest2
|
||||||
|
key-password: ${PKCS11_PIN}
|
||||||
|
monitor: true
|
||||||
|
#pem:
|
||||||
|
#oauth2:
|
||||||
|
# TODO: Fix certs
|
||||||
|
#name: "Connector OAuth2 Credential"
|
||||||
|
#certificates: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.crt
|
||||||
|
# private-key: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.key
|
||||||
|
monitoring:
|
||||||
|
enabled: true
|
||||||
|
test-interval: 10m
|
||||||
|
health-endpoint-enabled: true
|
||||||
|
|
||||||
|
connector:
|
||||||
|
domain: test.connector.eidas.swedenconnect.se
|
||||||
|
base-url: https://${connector.domain}${server.servlet.context-path}
|
||||||
|
backup-directory: ${CONNECTOR_DIRECTORY}/backup
|
||||||
|
eu-metadata:
|
||||||
|
location: https://test.md.eidas.swedenconnect.se/role/idp.xml
|
||||||
|
validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||||
|
eidas:
|
||||||
|
credentials:
|
||||||
|
# Use same as for IdP except for the metadata signing credential
|
||||||
|
metadata-sign:
|
||||||
|
pem:
|
||||||
|
name: "Credential Metadata Signing"
|
||||||
|
certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||||
|
private-key: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.key
|
||||||
|
prid:
|
||||||
|
policy-resource: file:${CONNECTOR_DIRECTORY}/prid/policy.properties
|
||||||
|
idp:
|
||||||
|
ping-whitelist:
|
||||||
|
- https://test.test.swedenconnect.se/sp
|
||||||
|
# idm:
|
||||||
|
# TODO: Change to true when IdM integration should be turned on
|
||||||
|
# active: false
|
||||||
|
# api-base-url: https://test.idm.eidas.swedenconnect.se/idm
|
||||||
|
#service-url: https://test.idm.eidas.swedenconnect.se/idm
|
||||||
|
#oauth2:
|
||||||
|
# resource-id: https://test.idm.eidas.swedenconnect.se/idm
|
||||||
|
# client-id: ${saml.idp.entity-id}
|
||||||
|
# check-scopes:
|
||||||
|
# - ${connector.idm.oauth2.resource-id}/idrecord_check
|
||||||
|
# get-scopes:
|
||||||
|
# - ${connector.idm.oauth2.resource-id}/idrecord_get
|
||||||
|
# server:
|
||||||
|
# issuer: ${saml.idp.entity-id}/as
|
||||||
|
# credential:
|
||||||
|
# bundle: oauth2
|
||||||
|
|
||||||
|
saml:
|
||||||
|
idp:
|
||||||
|
entity-id: https://test.connector.eidas.swedenconnect.se/eidas
|
||||||
|
base-url: ${connector.base-url}
|
||||||
|
session:
|
||||||
|
module: memory
|
||||||
|
replay:
|
||||||
|
type: memory
|
||||||
|
context: "connector-replay-cache"
|
||||||
|
metadata-providers:
|
||||||
|
- location: https://test.md.swedenconnect.se/role/sp.xml
|
||||||
|
backup-location: ${connector.backup-directory}/metadata/sc-cache.xml
|
||||||
|
validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||||
|
credentials:
|
||||||
|
# Use same as for IdP except for the metadata signing credential
|
||||||
|
sign:
|
||||||
|
bundle: connector-sign
|
||||||
|
encrypt:
|
||||||
|
bundle: connector-encrypt
|
||||||
|
metadata-sign:
|
||||||
|
bundle: connector-hsm-md-sign
|
||||||
|
#future-sign: file:${CONNECTOR_DIRECTORY}/credentials/idp-signing.crt
|
||||||
|
audit:
|
||||||
|
in-memory:
|
||||||
|
capacity: 1000
|
||||||
|
file:
|
||||||
|
log-file: ${CONNECTOR_DIRECTORY}/logs/audit.log
|
||||||
|
|
||||||
|
logging:
|
||||||
|
level:
|
||||||
|
se:
|
||||||
|
swedenconnect:
|
||||||
|
opensaml: DEBUG
|
||||||
|
eidas: INFO
|
||||||
Loading…
Add table
Reference in a new issue