diff --git a/eidas-proxy-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc b/eidas-proxy-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc
index f7dbe7f7..f13b5b35 100644
--- a/eidas-proxy-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc
+++ b/eidas-proxy-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc
@@ -3,70 +3,72 @@ STATUS=UPDATED
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
-hQEMA+dyWM/+Cjt5AQgAn4t5SCBFkImjSNMHAcTI+wiXZuysjA/Dl6xYofYg2KHI
-glVIHXrjG8K8tvqJLpeV3YmL6TBgUKsVZgYgV+yv5bEOccJ5R+diGJGfAu868aPg
-fx9WusMn48RHVovuHbNoLMyTxgTcA7g2rb/GUtrgFAXRGwG2YT905NFc0htZ9bLs
-5awFwmHcQN0InlDTJDQNouLzkuzMi9lTDcMkloCI9qNPNia3a5+J2Q3tEJMJ2Fmh
-0xRFCD+nYTXwU34M/yqspRmpXeF41bi0MVU2OCoBNOpeMykY5BsANVLO8pl+kp7K
-pEEFaL9ufAsYwBCTv0ls4E9ybiPCQHsxKwbYegPgmNLrAecJujfGm7WYHeaJJMdi
-p/DpNBy7ZWZdsgVW4m4Xl/GOnMF4+WXUYybloALnhZCLhTOOljlHJNut2/dNCChm
-lInAjv6rr/YRdtx97/r8tUwIlOjU82X88ydiouH7SWkPJWcGJwchBGeBmVtbkn07
-LqIl+1st1fNlYa9BAq9lVGBIlWcwtPF3EsywG5+f8GDkfqKorxPn9ZA9c1+vl1xW
-rcLlSpj5MSPt822U/fUTzHWDWvh9QlnqD1LHvTbqFTObyXO/7/xsPAOW/ykDk4sv
-XD40cQWO/N4aE9KS1O0kMZd1/oKWRXy0JsBRRhsZtV3Qkho7fYfUbD2PekkL9QF5
-n4GzH/eKnzuPSuIEflfXqa9hkdLd68+vxpLhpDNRibgyqanTbgUXEzDWq9bw/g+S
-Il0QcaVoyQx2bYWjrKjnTqrSE6A+FPexZDdunn7W6MD2PVkZ/Vgkx022WfI4YxLu
-kCe0Z7hvMO3he/6/Dq4mtazszSHEnBQ9IX+Am7DcAVrgUHA4BMHvZJ8fU6Y49M+d
-jPerRuqxgsLukMjDOEivzOUxnUwJuFxRPY5S2Ati0lFwvhj4rNDea8tp5VVHnVTV
-9QEwH8/T37HuFsORNdtN09O8PyWGgVwr5DyBnQ/Z3i+om6ZoxrkV84hwmaDNu1+O
-asBQsLRCHN+PQ6U4mCkDJuZdVOqhgkeDRZtrYm2drXOxMitt09jDCLioFCa9QC7/
-EE3Ibn9qDl3h40ADd/RHuROBg83bw6BmiNe9YehZ+CtUGq2ePH6ZXG7DqFJY0aAJ
-r1t1NbLurBdY9pfL8y3VH5J7UCjzN5MYZYOJqszBefPRzIg/mOPton5AZsAGTNVx
-MrbCO2A0gREd6oyZAWjv8jRXpGlqjXTQklDctagyoqO0oJcULyZwgrKc8Varb5el
-aWpvrUZdQXgXd9zV7bzDN+aXzYl1N38n7zStAH0yxFaJxAn4s/i8+ktZRFneLar5
-MVIXF8Ejq+SJXLUCLt9hFfCITIYtBeG3CrMiWkR5zAuyuXViznYOYRfdK1JVJHbo
-8n019JbOC+VU1osMrDt+bykkmRcrt4tugTa+P8mSqCkzdpQHVhR/4inNhmWU2BYJ
-2PAzWO4/3rdihbXEMXnFkT/eqIE0nPAoX2RLZtT7JZC48tsvrn7SUNFYtCNPtWXh
-YjRT2CaK8iOjGDpRxR6VBtBf1hp14oxPRHtNcRWkeuPeELZgQNJP5iKvk6vHWKFn
-T9hDQj/D0nfNDb4ziOIcLT3Tbnyv499K36puHuv8p7eyDGJXH0jaQQAoe+Hx5cjG
-6DmfxVQocVubcGMBgUZXpi93FCaqFdoDHO00Eur6KCFfAfH8k3aSWEzisBti5Pdg
-WspnXPWuXle+MKAWZgVv90E8JzzVjV2bPyiXbMkRf4jiPFY+OjVggSnMn/fPSm9W
-MfIUIqm2cKxhFW7SDErbUIqvEgV6Ic0Vi8trs6zTtd1PjPdJk/HjAY2EkNLnw6FU
-8Z4njRXdczR+H774Zu8CUxsMl7QICLahHN1BsJN+2N4Dj80oiKnXzqSGZgoVAnnF
-Ah2TnqthZ0WakYbosd1zzTBWJRdrLilLXkEIOmw0xDdNd3Mz9FbYR18d0F7FNn44
-43hIpM4cwuIMHy6yGJUiLP+8A8qBJU7wmWu87ArFvDwvk/A760gzunvp4SC7CVPZ
-1hZ6WvX9ZkyNz+3yiO10l26w+XFk5Spdl4ZX4l89jJe3THAjl1ofMhZ+A1c44FQD
-dzhmM5aVWwkk6ODx45yZnqN2GzHcbD3PYDYXxY+91tKNLwo94ahfBvL9O9Vo1X6+
-dQaTyjXMnPUudAqkPGlzFff3bFtqdpQZrYQ2IaMEWQd5Xq/oUgVG5QZOYDsBsSpU
-wTMNaHQkp3UXy2408/V61rFNwbBH9Oh6bVMz+p/jAbFIViIgpr0PRji3OQHmCuQS
-GSxG7nTqfYdD7shvpZbRfHRzJhIZUiAS1WTkBt0RO8Ik8z8Bk/KpxC7Ba0MrWKJE
-MTLU1/7Kc6q/f7+HWcjlC5Odz4tNyygxjc7w9vJO+mAvSoPSZk0IpD/o0VeN1OBq
-9V7iCMnN3DGkUtRQtybZYMTxwcIR+r+iHSnt0G8TItcu9hQrNqu5JAt7RPC+45KG
-4OjFwuHcUKg63qAaFB9KOjavzdYM+nvp/XuL5Vq9Tfvz7J1f8znWrSG4fnysCPub
-IM85oW6edGNAEoyBD+RFTU+IEZOnK+sy3irxbZ/wkIa+Yw0qUXe8vaGhLW270ikj
-p8IHvU2okxb+pQGM4BHDoQzGscI0ctw0Xoa8Yz0xXD6nhiclITkhv+a9ZM8zuUus
-QOEGZjOvvaLl3QmMs4aaOe3NUoF90jzDQwYy3QPggDOXl9gFPbM5klonCGTOyOLw
-m14Z3bCK15cu+Ww5iS3tc80jplgN5l5aOQllcf+nj1785Pa0BVw9JgiwjGlmc5Vy
-rZAs5KXHXP0NOUuLpLq9HVxJmc91kYn7LjZ6TfMcEjju+UUe6EfTWAygPVEVuV2V
-ED0/wGMRcYd7FCTanOpfBy3k7E5Ld+mNKzftlnAT2qC6uUDXC1lMnR4mlp668msv
-62gvdTGMFVkimgnVnDjyXSZe0EWXV5RQOazFItJZ5tO6HRXho0aR/g081KdZoSB7
-MPr/5lQY3MDxRm9jbFJLm4DsoYqobl3Beiy2txT7q2NouX8EYPhluiveT7wZd6Ii
-fasX9hOcBLuoSXtunQo5NYTplO+xecXzHBn+y8jY2CUmiPD56CwFnhPAdSlwBnWH
-2Ms4nh8fANjd/6V8iAkWrsX9ZyC6vy2/yubYkrnAqdXxYYR3QNTbFLe7j1r58RIh
-4zlWq3yryrITwDm5WQl2GeNOenR33LNF29ACc2vcT10wUGywbm5DgpMjUINTt2D+
-t900iFNnaD6+aM9/hZ6tCUzlqOv2WQm3W/+rEH+pztenDmMGNUoIhfC2F7kFfqGG
-hGoEgJFCPYRd42MZ2BR7TDLniW6J3XM8pl4U2tCGV8+SHXZeURfAvC5xIE8SVg6R
-sLLJO0rXpRNQIquCrEPKfuSaWvBu2lDsvH45nLYke0/09tXIt2PA0WJ9r6nlj2Iu
-8CDX6lzvacm9kHHSIDZclck1BrIkD3CQ6d0MxjZVdEM9KaPOSwQtGqc9zvFiJ2/k
-ACly9dYPNO3riABBgWwrn4OFpYB+ggLP4f/pwBsf5T7QEvEQXsJ+x08VVRMXpZT0
-e7u2NUFRS3lO/qBp6sCn6e3qi6c6OsLq4rdhpu/z1kAxiWaX1BTe07V3nYlyJjnx
-C5cYx+BPEblYyA+2It2S3Y0xoyVl8O2l/H5ynYmj+Pg/kHxSpNH8evMTArwv5Nb7
-x/U2NhtkjNkq5wBq8MuHgofLuvz7lJh5xfpgEqkm3uvIDR+NXC0PKSGf+MvN6zQe
-05jAS03QgcSlJDd3yF54F90D+HMK1zqxsYgLK7EuVFFMnqEBDhFLFly9944A0K2u
-LygD3H523C7t19klm7KsHN+ST8H8SJTa9QL4rlvGdEiqRK7julcCVWTwdURmQvy4
-gRglFtByQrJPhIiwAyhmqCPZ7fIlEBn2xtR4HQzYJulI2qmqxhix88i6GxzwjUBs
-Y3+LpktCL2FPqoZksKLPeXt5usOOPZAzq5dFEEFf1j0mwuEcEKwKsfApt89Qa61a
-xGuqcVdju1OPr/i9rn9BQxg1BQJOhPKv4Lp8LdO5jHEFzj73ndZ5s1t4MreR4brN
-CqySwUz5C8uSQX5lx4K81uaYK+KOrh9lFI4UgQPx8Q==
-=gugK
+hQEMA+dyWM/+Cjt5AQf8DzKh3pD402Wq+hFvmloyq27+dIAvHbBkM78q01my0GpY
+YRARkeBsulEu61Abk4iJNBDFgJ2vLHVa73FV8M/46sQLeDKZLU6exNGHeKqU+V0L
+ebhQWmSrMw44y95XuBPJf+L0QI3kMDtBaSfGyHNrlQAk+KSYNIQf0MLJslP42Ayk
+ITWmvYr9uTTiSGVE2Tc5w7wOBzxHUVzlKj3Vd/rNTcld2hBHKjz0SnM7lEgP4RZY
+mDOgDqEcRtu2/y8wO05WwlrPJ54w+zA91ZTK9KZLxQZWwtPTI/rK89UiaQWXaKVu
+PQGqbHR3iTvzRDwdeV9auvM6ZKk80ixyGW/DAyUQP9LrATR/fhj20x5WUf9gRJoU
+bvuo006UTA3RpOuFklwZ1z8iZPfLUVH5I/grCi/G8kbKZ56YOktsMz8UeCe+r9GI
+gGho7vrSLOib4N+eQ4beUvjiQQVIg3CaziiCVx+XKCNI+XrYLAPsaLwAydJg2dbm
+6ljbLZ17ECqymV+2S1d67XyecJg2shths7bra+gJRhmtDMF+5DbHbAylj4ViT1XD
+NrH6Hi2MqVmESHQW19dkH2Cvwc42kWsSvdrYU+/g5uvUXRRdX3ddcNIFRC9HA1Dw
+8IelGZfJ2KhNTi/328NVQwCXapge/dMmUWMNgkZYm2sK+xzdHNe79X+aeMa7KOO3
+c5YctQbDRF8egO0khkqK9ugE6z/IM5sggm+FOC4WeANLCw+7tYCL0ZWLEgP+kk31
+sAMNSBJioK5uwDpCVOa4f0+0nkotEItu+Ctn+dprvD6aSUUMqh2G5D8mptmRewos
+wqeAmd1X5a2IG6Vc4kxTn7+peRffJBkwEfYcF5of/p3Jw9yUbzYaDXV6JRCnHNZH
+rA42X3bdEBvfZhFVgKhd9aEZQmkH2x0ecXabfv+AhG4zoYD/yyJxCKXEP2tVxqMC
+6faVqBL31p5YlpcYZn3gm1DG3pQ+V9abdl6Z+LaLPz0oz9ooPZ50mQ2z/zAs2p0D
+o26G6Ox0YX4KVtkKAkzh61gIYD+WNFYNPEF8jpQo4YWxwSyCt93Pff44dRlzaZ7o
+BXLU/q4QaaxDL50HGgpBMRSYGazV/aJankmGKrce4TxGORbYL+8KHn3l9eAI/QlB
+JY6rbQVrdE2ooOPsb9hxI+mWuU9LNjweqkvTqDofzCMvCNQI15GbyvGX2UoYbkwY
+/dG/BQg+2uXyT7bmr8LWQrO6hQgaSDbIAUZBgsXOFRXKCBTBg6aG4fYBY0yfOanA
+sZ3KX4CZrKXOwRIeWtAVtBHPU+Sne1+vU9x5Bw10nPBRu9MvMA87OoENDoG3ycNX
+UBW7oC7vs95GXMCCcF58Mrhze3tg7wDHgwG7Fzxpr3vFh33xaWosTB6EzPpvYeEg
+4gnVv55SOyvss0iSPxUUFsuVd61yqNlzW3tdO1HwhhjTHc6foFTZCwc4cOthE0BB
+/8i4vn57S0dQZwkuTRiCBVZBUKAfUl1sLahNVFnHZ9eabG5nt7xIw/mFhh8VT9F3
+FmyWITUIRHHltJp2494JuX5a1LZgYk2KlwoWavkP2JXZnXRus8W6IYh+ybXwMKic
+hdwkaagix87VuUT150CCFaU3J+O91IKbHuu3u7O+8N7/KJVdtMOdqF/uXVLxnpRa
+OqfXjQ+MmNfhp/L2nGq7IZLMfSuvzcR/LteFcaHOJBP3O0OIoFJTJ4WJuEFDNjOy
+BpaermVciq0vqiFQeMJM3fhu0zurkI/nrxa6lhpF8+UsncKUHbFyZ+fLUFYpSf21
+7DCq+Za262Gfmzw7yvkzNg0JrLYsuh9OT5FcMPDZPXTCX/z1QYeTHb3QaDJBekTP
+M+JQ7MXFADWciGFBeXono316n0pxJFKNk31puzK66Ci7DeZrq9IqEqffXVyokUWM
+Fc0jrC1GD+NUBtzFbfvqM6YZ0S79Yg2lZcl5s5TRzqjMGnhz/9zQo1FOT8gse+YT
+xkACiuPHjiQkQggrMd+Z46+6yN6veXALHV2nrmJJtgAeZCe+UKrRGyYcK3Fwtth+
+SrSkDF6qpzkPncZeqNgvfkl0MtIC/oGkYmcprdnKRza2bYZOJYFxis9VRVD73r7X
+oHxo4kT45t6EHB3cPDZ9oI2A+niuiq26W6QtX4MORNX0YaAUq/GFThIxF5Z0IfV1
+QWuFrMN7a4o80zprCVr9AUXuyTzChTL62TGccWuFKu8VTgxTnInD5qpaSIE5Ya4H
+46ycvYAaahxE5zsQ64VfjYAgubwNKbfSrNjdgtS3PD4abqMfwpjKYG7M53mQYATm
+OaxsAi8I0iwhUuSYIXwEhnNXnT5SryTGVyptbRgNMYAgkYccMib+BeQPlDzSK/5E
+ZrwZERYjjZhra45uDBxmnDNqUL7Cg1Du/qCLsEhhjI0MQPIOA9x+l6eP1zWNuvh3
+t5PBNO8LDduK2ZHMx0JHP9beQWuZIaeuN4gTp3mYiKDWN5dkKgFz5MsA7aOAX3GO
+gQl0iZjufcjSqslqxLXKyxKfjGnQkz3deOGL1YkGeuDWJcrKC4e9w/VEWWbOMqK1
+ToF2UrQMHFajH0+FP+kqGd2r1fg65nCWtuC5tpCWOJ7/m/p3UW7tYsRXlgaDLIkm
+wFYVNwuamhccW5W/YrlyW/LtIe3plmqFGPNRSAF2CkAXCsdXhPdQjMs3A+GUifek
+nU8nle7EWJqGjssnncBBULxSx+EonnWaR5CZ3VdBN4XbwJUNbcwwX7CZ1IDtYqPw
+1gJFNVXwv9+0g/6mx5yb2r1K+AoWHi9dJU8+GTRDOuXDopkLkaIvNB9DM/4hRw4U
+oTc/nhuQjoaBw/I4YDu0lNb+xYWJFxqRfZr+uDVrI1Scum39HmR22mf1Rel7em+E
+7332QfBwOr06/uayalClOQsWoWkCuYwEcZdPj8Vr6mddXXfJUXTBCEXBTVAgzaRY
++0qEVbO5bt2hJGsSm0Vqxcq6CO8XALAScy8gyCc6Lhss2kprVZrQ/GVs5JSm76ep
+zPVLaQV/pf0/J3ZjM7UoW+uyC1lpTVgYjVfe5uzDmtXwKYpZT6IcT7kvj8FXr+G8
+SQD1kh/EvDAATNJ73T9Nf2Pp3io2KtGORIY4iradhASaou8eBRGvoHBmafMzku5c
+iIY34x8VhrJdurwB1Rcon8Kc0h3mhVGUTimSp1aw3kwAoeVXnS0D1H69pASpYFjY
+7Zzo/SBiDmLUwISgjCEELxMGJqF6adK9tGNTM9YpQEY6UtpYDHN+ju77vfN0CjnG
+5VRZi6Iia8S3NgGqWlfwFcHleiAKg2VTTziwZpkB5XcUj7Kwv7e80qZHQS3E+D9k
+26bmfBUPRJJyCRRsigtuBv5hH5tY6rNPCUlSJ++TtTwFQpZ4od+Hcf71HOeGQr+3
+BLmZKFJh6n68PNt6QPwQ6H1zDTATNKgh76OjcJTVHSn85V3bfweus5IYjCi1yMn2
+xWeGWVYHer+Rpl9EyCw6Gn6bcDVvlaMcGGj8jUt9hwFmptEWOvtA/GVmrKpNTX+B
+5B9iawACw7G+UVoyihPIKZLxkpol34PIM6bnxTqfoLKOmclOr411Wzxrl1fQA/B+
+DW6a1yYxVF1kKq2GgkuUr5qbSq8XoQjr5Wlzx8jKDnuWTmz5z737QPcL6dWR5QsD
+EiZjn6+A34nKdXmrvYah+V0qk0F0QUOrV0Bwh2y9Hs1YlAIl22zORW1S1I4x8scj
+RSrrgOJnmB6ml4uX2fsa3VJeYnZInwElyBVnqbFf8InYrv57ad0i0C5ToFTFVx42
+lkLAlljSalXakKpGNE1gi9D2Pcd+9PT/D7PhKsUUU6kAxDwzZdjoNh7CT4JPzCVj
+jk0sCCyAHX35X1yXAZmVP0eUBQIWebYuzjvPi9GQmaPyrva0Sjvt0xtANJU0ewC3
+UWtOvaTgu2RNFzPy15fwFcsS8lHg5D5ag5vSM6xrENzzosor6iYhf9kQAGZodfvO
+1yuotbca18DCL0rQaOdc1yfxcRFi6obSP5SnjWFqzr7UcUtW3waVjPMdg03TrjFo
+J4DUXyu4JbFFnWT4TAypjsDtrWXuh6toNmhmSOxsuhUZInp/5Gl6RLPCgGieIzqv
+NK+lf3i2APb3Xz7RzSHMbdmC58srMshOgU3MhvoFwdSYBvadyqDm/N3uT0ImBLGz
++tHhAUs8/4RJCob0+WEUmLzmd18GGM0tvBNi0r9/HMA8ggC9fG9/fVY6l22MLxpj
+wBfojoHjaQCGPA==
+=OUZI
-----END PGP MESSAGE-----
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/application.properties b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/application.properties
new file mode 100644
index 00000000..779cd5c1
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/application.properties
@@ -0,0 +1,77 @@
+# Logging
+logging.level.org.springframework.web=INFO
+
+# Service path
+server.context-path=/eidas-ps
+
+# Service port connector settings
+server.port=8443
+server.ssl.key-store=classpath:server-tls.jks
+server.ssl.key-store-password=secret
+server.ssl.key-password=secret
+
+tomcat.ajp.port=8009
+tomcat.ajp.remoteauthentication=false
+tomcat.ajp.enabled=true
+
+# For development. Allowing signature check on metadata to be skipped. Default false.
+#proxy-service.dev.ignoreMetadataSignCheck=true
+
+# Initial delay in milliseconds (default 5000) and seconds between metadata configuration recache (default 240 sec).
+#proxy-service.daemon.inital.delay.ms=5000
+proxy-service.daemon.recache.delay.sec=240
+
+# Location of other properties files (general-metadata.properties, psidp-metadata.properties and natsp-metadata.properties)
+# Example specifying external location: 'proxy-service.config.location=file:///opt/webapp/eidas-ps/cfg/'
+# Example specifying src/main/resources config location: 'classpath:'
+proxy-service.config.location=file://${proxy-service.path.prefix}/cfg/
+
+
+# Key Store properties
+# Location can be specified as "classpath:" or as file path e.g "/opt/webapp/eidas-ps/keystore/keyStore.jks"
+proxy-service.keyStoreLocation=${proxy-service.path.prefix}/nodeKeyStore.jks
+proxy-service.keyStorePass=local-demo
+proxy-service.keyStoreAlias=local-demo-cert
+
+# Session Encryption properties
+#proxy-service.cookieEncryptPw=changeme
+
+# Requirements to show consent dialogue (Default false);
+proxy-service.consent=true
+proxy-service.consent.attributes=urn:oid:1.2.752.201.3.7,\
+ urn:oid:2.5.4.4,\
+ urn:oid:2.5.4.42,\
+ urn:oid:1.3.6.1.5.5.7.9.3,\
+ urn:oid:1.3.6.1.5.5.7.9.1
+proxy-service.consent.valuetranslation=urn:oid:1.3.6.1.5.5.7.9.3
+
+# Welcome page presentation text location
+proxy-service.welcomepage.markdown=${proxy-service.path.prefix}/cfg/infotext.md
+
+#Metadata Service List location specified as either URL (http or https), "file://" or "classpath:"
+proxy-service.eidasMdListLocation=https://eid.svelegtest.se/nodeconfig/mdservicelist
+
+# Optional certificate file for validating metadata service list file signatures
+# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
+proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/eIDASmdListCert.crt
+
+#Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:"
+proxy-service.eidasMetadataLocation=https://eid.svelegtest.se/nodeconfig/metadata
+
+# Optional certificate file for validating metadata signatures
+# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
+proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/eIDASmdListCert.crt
+
+# Optional cache dir for caching downloaded metadata. If not set, cache is stored in memory.
+proxy-service.eidasMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache
+
+
+#Metadata location for national IdP metadata specified as either URL (http or https), "file://" or "classpath:"
+proxy-service.nationalMetadataLocation=http://eid.svelegtest.se/metadata/mdx/role/idp.xml
+
+# Optional certificate file for validating metadata signatures
+# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
+proxy-service.nationalMetadataCert=${proxy-service.path.prefix}/se-metadata-cert.crt
+
+# Optional cache dir for caching downloaded national metadata. If not set, cache is stored in memory.
+proxy-service.nationalPsMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/general-metadata.properties b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/general-metadata.properties
new file mode 100644
index 00000000..ef5cf22f
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/general-metadata.properties
@@ -0,0 +1,12 @@
+psgen.country=XY
+psgen.name=Sweden XY eIDAS ProxyService
+psgen.orgName=Swedish E-Identification Board
+psgen.dispName=Swedish eIDAS Proxy Service
+psgen.orgUrl=http://eidasweb.se
+psgen.supportGivenName=Customer support
+psgen.techGivenName=Technical support
+psgen.supportEmail=support@example.com
+psgen.techEmail=support@example.com
+
+
+
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/infotext.md b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/infotext.md
new file mode 100644
index 00000000..0b4230e8
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/infotext.md
@@ -0,0 +1,44 @@
+### Proxy Service
+
+This is the Swedish XY Country test proxy sevice of the Swedish eIDAS Pilot
+
+**Relevant resources:**
+
+
+**Metadata validation certificate:**
+
+
+```
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiMCBgFfWGgYvjANBgkqhkiG9w0BAQ0FADBhMSkwJwYDVQQDEyBUZXN0IENvdW50cnkg
+ZUlEQVMgUHJveHkgU2VydmljZTEnMCUGA1UEChMeU3dlZGlzaCBFLUlkZW50aWZpY2F0aW9uIEJv
+YXJkMQswCQYDVQQGEwJYWTAeFw0xNzEwMjYwOTE4NTdaFw0yMjEwMjYxMTE4NTdaMGExKTAnBgNV
+BAMTIFRlc3QgQ291bnRyeSBlSURBUyBQcm94eSBTZXJ2aWNlMScwJQYDVQQKEx5Td2VkaXNoIEUt
+SWRlbnRpZmljYXRpb24gQm9hcmQxCzAJBgNVBAYTAlhZMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAoo+9Fjjtx50yc8QzkFHxmRDqZC3/cPvWNIK0bqmXrBdlvstB5kYn0x+t644d9zQA
+v6yXFW3hhSHjTeeB49NVwa2HVxtmkX5VzJLNo0mjQm3c3vAZNooUHzv+deZrl5HhFkZZPD1sLwOb
+dlCHd1ozf60+diD/P0EkMkCwwaVWnq13pHv1XuQOBFmVb0O5/muJrzu6uGZAsPS4SUsg9IFgl1AK
+hcl5FPykNvqYMEamOKCbJoL2mpjUQFGtudlDaqneqz0Jt4syoQmvuFal/0uC1XhKwLNitu3GGceZ
+Mwdq6TJlR1pMNDgFOjSO2Yv0v/3kKtmhiOCBpmXXl4JcWDCMBQIDAQABMA0GCSqGSIb3DQEBDQUA
+A4IBAQBTCQT2OTGE+f5qWe4NiXRZBHfLuU0A2Lj3fm30dA+N/3WO5eOTHCGSEJhSh/SxeFzexTiG
+QSrdUuJtTM+mtqF6v0OfJ55K+dhSNzcE5dtM3ds6qZ73VAJQlxLv3qE4hqR7bLMhvz0Zby0Hq0XJ
++FCMs5vSMDtMi5n/CLqh/ctEacUx+lNfQEjZWHInfntMBRUxwy6SYfqjPdhDneP+IXAertPi/Uqn
+NFkI8ewylphNXoewIEIjfFk6WSAwgc2scWgnj8U4un1LFjl//m4DWCEQEkjwuxNf1pTCQFDW7Gc3
++lNgymwLJoieNYqSOhomsTRZTXyuRI4b/ttebvbNiALS
+-----END CERTIFICATE-----
+```
+
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-idpdisco.properties b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-idpdisco.properties
new file mode 100644
index 00000000..24052db8
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-idpdisco.properties
@@ -0,0 +1,27 @@
+proxy-service.idpdisco.idplist=\
+ testIdp,\
+ mobIdp,\
+ ccBankid,\
+ ccTelia
+proxy-service.idpdisco.langs=\
+ se,\
+ en,\
+ fr
+proxy-service.idpdisco.entityid={\
+ testIdp :'https://idp.svelegtest.se/idp',\
+ mobIdp :'https://midp.svelegtest.se/idp',\
+ ccBankid : 'https://eid.identityhub.se/demo/bankid/',\
+ ccTelia : 'https://eid.identityhub.se/demo/teliabrowserplugin/'\
+ }
+proxy-service.idpdisco.name={\
+ testIdp :'Test ID-tjänst, Test IdP, Test IdP',\
+ mobIdp :'Mobil Test IdP, Mobile Test IdP, Mobile Test IdP',\
+ ccBankid : 'BankID, BankID, BankID',\
+ ccTelia : 'Telia,Telia,Telia'\
+ }
+proxy-service.idpdisco.logo={\
+ testIdp :'https://eid.svelegtest.se/logos/elegnamnden_notext_68x67.png, 67, 68',\
+ mobIdp :'https://eid.svelegtest.se/logos/elegnamnden_notext_68x67.png, 67, 68',\
+ ccBankid : 'img/disco/bankid_logo.png, 94, 100',\
+ ccTelia : 'img/disco/telia_min_logo.png,89,86'\
+ }
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-metadata.properties b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-metadata.properties
new file mode 100644
index 00000000..baab65d7
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-metadata.properties
@@ -0,0 +1,24 @@
+#EntityID of the n
+natsp.entityId=${proxy-service.domain.prefix}/nat-ps-sp
+natsp.displayNames={\
+ en:'Swedish Citizen Adapter',\
+ sv:'Sveriges internationella legitimeringsnod'\
+ }
+natsp.descriptions={\
+ en:'Test service for the Swedish eIDAS Pilot New Local',\
+ sv:'Testtjänst för Svenska eIDAS piloten'\
+ }
+# Logos are specified as a map with the url as key followed by height,width[,lang] as comma separated parameters.
+natsp.logos={\
+ 'https://eunode.eidastest.se/Connector/custom/idpLogo.png':'276,293'\
+ }
+natsp.assertionConsumerServices={\
+ 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/assertionconsumer'\
+ }
+natsp.nameIDFormats=\
+ urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+natsp.entityCategories=\
+ http://id.elegnamnden.se/ec/1.0/loa3-pnr
+
+
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/psidp-metadata.properties b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/psidp-metadata.properties
new file mode 100644
index 00000000..546cd70d
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/psidp-metadata.properties
@@ -0,0 +1,25 @@
+psmd.gen.entityID=${proxy-service.domain.prefix}/ServiceMetadata
+psmd.ext.supportedEncAlgos=\
+ http://www.w3.org/2009/xmlenc11#aes128-gcm,\
+ http://www.w3.org/2009/xmlenc11#aes192-gcm,\
+ http://www.w3.org/2009/xmlenc11#aes256-gcm
+psmd.ext.supportedSigAlgorithms=\
+ http://www.w3.org/2001/04/xmldsig-more#rsa-sha512,\
+ http://www.w3.org/2001/04/xmldsig-more#rsa-sha256,\
+ http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
+psmd.ext.supportedDigestAlgorithms=\
+ http://www.w3.org/2001/04/xmldsig-more#sha384,\
+ http://www.w3.org/2001/04/xmlenc#sha512,\
+ http://www.w3.org/2001/04/xmlenc#sha256
+psmd.idp.nameIDFormats=\
+ urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient,\
+ urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+psmd.idp.ssoList={'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/ColleagueRequest'}
+psmd.idp.supportedAttributes=\
+ http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName,\
+ http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName,\
+ http://eidas.europa.eu/attributes/naturalperson/DateOfBirth,\
+ http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier,\
+ http://eidas.europa.eu/attributes/naturalperson/Gender
+psmd.idp.assuranceCertifications=http://eidas.europa.eu/LoA/substantial
\ No newline at end of file
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/eIDASmdListCert.crt b/eidas-proxy/overlay/etc/eidas-proxy/xy/eIDASmdListCert.crt
new file mode 100644
index 00000000..666fba71
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/eIDASmdListCert.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIIDSTCCAjECBgFc72gQnTANBgkqhkiG9w0BAQ0FADBoMScwJQYDVQQKEx5Td2VkaXNoIEUtSWRl
+bnRpZmljYXRpb24gQm9hcmQxCzAJBgNVBAYTAlNFMTAwLgYDVQQDEydTd2VkaXNoIGVJREFTIG5v
+ZGUgdHJ1c3QgY29uZmlnIHNlcnZpY2UwHhcNMTcwNjI4MTQ1MzEzWhcNMjIwNjI4MTU1MzEzWjBo
+MScwJQYDVQQKEx5Td2VkaXNoIEUtSWRlbnRpZmljYXRpb24gQm9hcmQxCzAJBgNVBAYTAlNFMTAw
+LgYDVQQDEydTd2VkaXNoIGVJREFTIG5vZGUgdHJ1c3QgY29uZmlnIHNlcnZpY2UwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR93BFw1lFLD3IUkYwKFj29R2h2kz8X1mKBoLKufXdTg7F
+HHgkJFUy6Kf+JTWiJoEC60WBTBj1Mf+phA0PS24PDBqErtnv5l1K8x1Bo930NqxMStwFbmaeah5a
+1ZeEMsWWGfJfMU26/yHux4ULkUqwxJQ9x5hYp5qLf/UaCbJvxOLyZ5wmHnups1+hT5AFe/ix6mua
+hKNCJplrZLpnMhFuSjZC+yDDH0F83X71kU0bsm8RKd9OW2t+g+XFRnVpf+mgHPf2bCGxDJpt5h/s
+ipQCP78gXsCL+6J7lS8pnxy/ZW2Qr4cwIvWucTlph0nAEHVv9j2K4pgCKR4hbD5MonFjAgMBAAEw
+DQYJKoZIhvcNAQENBQADggEBAFI5NDg0xPP8GGwItDSPYqF/PbN9k4Rc/ujXVxgNC/cZ3gSYS8Hl
+jcRs2bGx7uiOkJIWiaNXapMptyOgwbjhB4kKLkFnywIH9nV1yYdkf1ToBZJz/SuCAXSkVylTARKa
+memIj/9JL9L0FX7i+qyArJJO8Z7PhSUP1uhGEaPSLA3AuNT9xYzMUvrwf8+aDscvf0h0YjPjrIhn
+r3i8fvkDDSaRPbAe1xJjHZoOA2Y8socfw+8BsGoibaS00wVgjx9+gZWIE5/d6PBQesF3KMPUZZMp
+6WJrOnxk0z03V7R38PB/bTqivErVSYOZ3M8zIyqfPiWM2Fe35tHXXHN8XsQel6s=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/eidas-proxy/overlay/etc/eidas-proxy/xy/se-metadata-cert.crt b/eidas-proxy/overlay/etc/eidas-proxy/xy/se-metadata-cert.crt
new file mode 100644
index 00000000..3686046a
--- /dev/null
+++ b/eidas-proxy/overlay/etc/eidas-proxy/xy/se-metadata-cert.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAbMCBgFEwQFDRDANBgkqhkiG9w0BAQUFADApMScwJQYDVQQDDB5Td2VkaXNoIEUtaWRl
+bnRpZmljYXRpb24gYm9hcmQwHhcNMTQwMzE0MTIzMTI5WhcNMTkwMzE0MTQzMTI5WjApMScwJQYD
+VQQDDB5Td2VkaXNoIEUtaWRlbnRpZmljYXRpb24gYm9hcmQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCGxrPbCuZYeMZniwOAIO1MiQjGD3LIfaLBddNucsAVrxpYW7bYMwzvgL2Gp4yV
+6IyAx5kUgHPjEkEEIjH+NhxYdChD8iWBkLuaOkxyYNXFjFQ3APk5kqP+BB+fP8peWlKGX6S2mfcB
+7eObDQqb28osfXE+bak4X2rNf5i+Yx9VdXBpRhDxk7umDdWTSJlc+ZCxWUt3ldc58/sXIgAzVWk4
+9A3GIvOHlBVgm/5g3yzU9HnxD1fyOKT+NkF5J9mjM0x8Qg9K/Zep3n1xmb8kZ/vcRxv+AounGDd7
+w/QWW84sPegySHqm5GkLSgwB63nJZr5wS+qoT9sTooCM0AhBhY1FAgMBAAEwDQYJKoZIhvcNAQEF
+BQADggEBAESqy6GrAEbL/blJQxDb/LCCW4y3KAAs/pqvR4SQMP0rvVe5FJiUJsE/6DEhk+cl0N+o
+5e8/NusIUD7f6vKSYTHgCodSeDYGdrkRrOucDBWgIlYVsR3yTb/za3AlgiTW6eGGqiY6SeEzXNTM
+5o0GpoZbknQZEK/xCJLtMAU6oX7pDBLahtYeJAJJNFVjtPKsERr2Ob2ni9XW8+fxyjv0v2gmlQvW
+i6VnpD6VJ3nwAFDsGHBgzli32YBd62rukqyiqvC595LNg0Dg4fyv1ZuOiqajWSd3x8JI6bS01QvY
+3fNKY84wMQXpRq9C3zRtpPKmh22W6mcQvh1uN3qNaIEEklE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index cb9ed2ac..2fd236c5 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -25,3 +25,6 @@ r1.komreg.net:
openstack_ubuntu_16_04_dockerhost:
sunet_iaas_cloud:
autoupdate:
+ eidas_proxy:
+ hostname: xy.qa.sveidas.se
+ country: xy
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 0a0a720c..1fa70c59 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -198,7 +198,6 @@ class swamid_pyff_signer {
}
class eidas_connector($hostname) {
- $proxy_service_cookie_encrypt_pw = safe_hiera('proxy_service_cookie_encrypt_pw',NOT_SET);
file {['/etc/eidas-connector','/var/log/eidas-connector']: ensure => directory } ->
sunet::docker_run {'eidas_connector':
image => 'docker.sunet.se/eidas-connector',
@@ -207,10 +206,13 @@ class eidas_connector($hostname) {
volumes => ['/var/log/eidas-connector:/var/log/eidas-connector',
'/etc/eidas-connector:/etc/eidas-connector'],
env => ["IDP_SERVER_HOSTNAME=$hostname"]
- }
+ } ->
+ class {'webserver': } ->
+ class {'https_server': }
}
class eidas_proxy($hostname,$country) {
+ $proxy_service_cookie_encrypt_pw = safe_hiera('proxy_service_cookie_encrypt_pw',NOT_SET);
file {['/etc/eidas-proxy/',"/etc/eidas-proxy/$country"]: ensure => directory } ->
sunet::snippets::secret_file {
hiera_key => 'eidas_proxy_keystore',
@@ -228,6 +230,8 @@ class eidas_proxy($hostname,$country) {
"SPRING_CONFIG_LOCATION=/etc/eidas-proxy/$country/cfg/",
"PROXY_SERVICE_COOKIEENCRYPTPW=$proxy_service_cookie_encrypt_pw"]
}
+ class {'webserver': } ->
+ class {'https_server': }
}
class sunetops {