swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

deploy eidas proxy service 1.0.0 to qa

Browse source
This commit is contained in:
Leif Johansson 2017-10-27 14:47:00 +02:00
parent a96db40214
commit 1e88f9634f
11 changed files with 318 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
eidas-proxy-1.qa.sveidas.se/overlay/etc/hiera/data/secrets.yaml.asc
View file

@ -3,70 +3,72 @@ STATUS=UPDATED
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
Version: GnuPG v2 Version: GnuPG v2
hQEMA+dyWM/+Cjt5AQgAn4t5SCBFkImjSNMHAcTI+wiXZuysjA/Dl6xYofYg2KHI hQEMA+dyWM/+Cjt5AQf8DzKh3pD402Wq+hFvmloyq27+dIAvHbBkM78q01my0GpY
glVIHXrjG8K8tvqJLpeV3YmL6TBgUKsVZgYgV+yv5bEOccJ5R+diGJGfAu868aPg YRARkeBsulEu61Abk4iJNBDFgJ2vLHVa73FV8M/46sQLeDKZLU6exNGHeKqU+V0L
fx9WusMn48RHVovuHbNoLMyTxgTcA7g2rb/GUtrgFAXRGwG2YT905NFc0htZ9bLs ebhQWmSrMw44y95XuBPJf+L0QI3kMDtBaSfGyHNrlQAk+KSYNIQf0MLJslP42Ayk
5awFwmHcQN0InlDTJDQNouLzkuzMi9lTDcMkloCI9qNPNia3a5+J2Q3tEJMJ2Fmh ITWmvYr9uTTiSGVE2Tc5w7wOBzxHUVzlKj3Vd/rNTcld2hBHKjz0SnM7lEgP4RZY
0xRFCD+nYTXwU34M/yqspRmpXeF41bi0MVU2OCoBNOpeMykY5BsANVLO8pl+kp7K mDOgDqEcRtu2/y8wO05WwlrPJ54w+zA91ZTK9KZLxQZWwtPTI/rK89UiaQWXaKVu
pEEFaL9ufAsYwBCTv0ls4E9ybiPCQHsxKwbYegPgmNLrAecJujfGm7WYHeaJJMdi PQGqbHR3iTvzRDwdeV9auvM6ZKk80ixyGW/DAyUQP9LrATR/fhj20x5WUf9gRJoU
p/DpNBy7ZWZdsgVW4m4Xl/GOnMF4+WXUYybloALnhZCLhTOOljlHJNut2/dNCChm bvuo006UTA3RpOuFklwZ1z8iZPfLUVH5I/grCi/G8kbKZ56YOktsMz8UeCe+r9GI
lInAjv6rr/YRdtx97/r8tUwIlOjU82X88ydiouH7SWkPJWcGJwchBGeBmVtbkn07 gGho7vrSLOib4N+eQ4beUvjiQQVIg3CaziiCVx+XKCNI+XrYLAPsaLwAydJg2dbm
LqIl+1st1fNlYa9BAq9lVGBIlWcwtPF3EsywG5+f8GDkfqKorxPn9ZA9c1+vl1xW 6ljbLZ17ECqymV+2S1d67XyecJg2shths7bra+gJRhmtDMF+5DbHbAylj4ViT1XD
rcLlSpj5MSPt822U/fUTzHWDWvh9QlnqD1LHvTbqFTObyXO/7/xsPAOW/ykDk4sv NrH6Hi2MqVmESHQW19dkH2Cvwc42kWsSvdrYU+/g5uvUXRRdX3ddcNIFRC9HA1Dw
XD40cQWO/N4aE9KS1O0kMZd1/oKWRXy0JsBRRhsZtV3Qkho7fYfUbD2PekkL9QF5 8IelGZfJ2KhNTi/328NVQwCXapge/dMmUWMNgkZYm2sK+xzdHNe79X+aeMa7KOO3
n4GzH/eKnzuPSuIEflfXqa9hkdLd68+vxpLhpDNRibgyqanTbgUXEzDWq9bw/g+S c5YctQbDRF8egO0khkqK9ugE6z/IM5sggm+FOC4WeANLCw+7tYCL0ZWLEgP+kk31
Il0QcaVoyQx2bYWjrKjnTqrSE6A+FPexZDdunn7W6MD2PVkZ/Vgkx022WfI4YxLu sAMNSBJioK5uwDpCVOa4f0+0nkotEItu+Ctn+dprvD6aSUUMqh2G5D8mptmRewos
kCe0Z7hvMO3he/6/Dq4mtazszSHEnBQ9IX+Am7DcAVrgUHA4BMHvZJ8fU6Y49M+d wqeAmd1X5a2IG6Vc4kxTn7+peRffJBkwEfYcF5of/p3Jw9yUbzYaDXV6JRCnHNZH
jPerRuqxgsLukMjDOEivzOUxnUwJuFxRPY5S2Ati0lFwvhj4rNDea8tp5VVHnVTV rA42X3bdEBvfZhFVgKhd9aEZQmkH2x0ecXabfv+AhG4zoYD/yyJxCKXEP2tVxqMC
9QEwH8/T37HuFsORNdtN09O8PyWGgVwr5DyBnQ/Z3i+om6ZoxrkV84hwmaDNu1+O 6faVqBL31p5YlpcYZn3gm1DG3pQ+V9abdl6Z+LaLPz0oz9ooPZ50mQ2z/zAs2p0D
asBQsLRCHN+PQ6U4mCkDJuZdVOqhgkeDRZtrYm2drXOxMitt09jDCLioFCa9QC7/ o26G6Ox0YX4KVtkKAkzh61gIYD+WNFYNPEF8jpQo4YWxwSyCt93Pff44dRlzaZ7o
EE3Ibn9qDl3h40ADd/RHuROBg83bw6BmiNe9YehZ+CtUGq2ePH6ZXG7DqFJY0aAJ BXLU/q4QaaxDL50HGgpBMRSYGazV/aJankmGKrce4TxGORbYL+8KHn3l9eAI/QlB
r1t1NbLurBdY9pfL8y3VH5J7UCjzN5MYZYOJqszBefPRzIg/mOPton5AZsAGTNVx JY6rbQVrdE2ooOPsb9hxI+mWuU9LNjweqkvTqDofzCMvCNQI15GbyvGX2UoYbkwY
MrbCO2A0gREd6oyZAWjv8jRXpGlqjXTQklDctagyoqO0oJcULyZwgrKc8Varb5el /dG/BQg+2uXyT7bmr8LWQrO6hQgaSDbIAUZBgsXOFRXKCBTBg6aG4fYBY0yfOanA
aWpvrUZdQXgXd9zV7bzDN+aXzYl1N38n7zStAH0yxFaJxAn4s/i8+ktZRFneLar5 sZ3KX4CZrKXOwRIeWtAVtBHPU+Sne1+vU9x5Bw10nPBRu9MvMA87OoENDoG3ycNX
MVIXF8Ejq+SJXLUCLt9hFfCITIYtBeG3CrMiWkR5zAuyuXViznYOYRfdK1JVJHbo UBW7oC7vs95GXMCCcF58Mrhze3tg7wDHgwG7Fzxpr3vFh33xaWosTB6EzPpvYeEg
8n019JbOC+VU1osMrDt+bykkmRcrt4tugTa+P8mSqCkzdpQHVhR/4inNhmWU2BYJ 4gnVv55SOyvss0iSPxUUFsuVd61yqNlzW3tdO1HwhhjTHc6foFTZCwc4cOthE0BB
2PAzWO4/3rdihbXEMXnFkT/eqIE0nPAoX2RLZtT7JZC48tsvrn7SUNFYtCNPtWXh /8i4vn57S0dQZwkuTRiCBVZBUKAfUl1sLahNVFnHZ9eabG5nt7xIw/mFhh8VT9F3
YjRT2CaK8iOjGDpRxR6VBtBf1hp14oxPRHtNcRWkeuPeELZgQNJP5iKvk6vHWKFn FmyWITUIRHHltJp2494JuX5a1LZgYk2KlwoWavkP2JXZnXRus8W6IYh+ybXwMKic
T9hDQj/D0nfNDb4ziOIcLT3Tbnyv499K36puHuv8p7eyDGJXH0jaQQAoe+Hx5cjG hdwkaagix87VuUT150CCFaU3J+O91IKbHuu3u7O+8N7/KJVdtMOdqF/uXVLxnpRa
6DmfxVQocVubcGMBgUZXpi93FCaqFdoDHO00Eur6KCFfAfH8k3aSWEzisBti5Pdg OqfXjQ+MmNfhp/L2nGq7IZLMfSuvzcR/LteFcaHOJBP3O0OIoFJTJ4WJuEFDNjOy
WspnXPWuXle+MKAWZgVv90E8JzzVjV2bPyiXbMkRf4jiPFY+OjVggSnMn/fPSm9W BpaermVciq0vqiFQeMJM3fhu0zurkI/nrxa6lhpF8+UsncKUHbFyZ+fLUFYpSf21
MfIUIqm2cKxhFW7SDErbUIqvEgV6Ic0Vi8trs6zTtd1PjPdJk/HjAY2EkNLnw6FU 7DCq+Za262Gfmzw7yvkzNg0JrLYsuh9OT5FcMPDZPXTCX/z1QYeTHb3QaDJBekTP
8Z4njRXdczR+H774Zu8CUxsMl7QICLahHN1BsJN+2N4Dj80oiKnXzqSGZgoVAnnF M+JQ7MXFADWciGFBeXono316n0pxJFKNk31puzK66Ci7DeZrq9IqEqffXVyokUWM
Ah2TnqthZ0WakYbosd1zzTBWJRdrLilLXkEIOmw0xDdNd3Mz9FbYR18d0F7FNn44 Fc0jrC1GD+NUBtzFbfvqM6YZ0S79Yg2lZcl5s5TRzqjMGnhz/9zQo1FOT8gse+YT
43hIpM4cwuIMHy6yGJUiLP+8A8qBJU7wmWu87ArFvDwvk/A760gzunvp4SC7CVPZ xkACiuPHjiQkQggrMd+Z46+6yN6veXALHV2nrmJJtgAeZCe+UKrRGyYcK3Fwtth+
1hZ6WvX9ZkyNz+3yiO10l26w+XFk5Spdl4ZX4l89jJe3THAjl1ofMhZ+A1c44FQD SrSkDF6qpzkPncZeqNgvfkl0MtIC/oGkYmcprdnKRza2bYZOJYFxis9VRVD73r7X
dzhmM5aVWwkk6ODx45yZnqN2GzHcbD3PYDYXxY+91tKNLwo94ahfBvL9O9Vo1X6+ oHxo4kT45t6EHB3cPDZ9oI2A+niuiq26W6QtX4MORNX0YaAUq/GFThIxF5Z0IfV1
dQaTyjXMnPUudAqkPGlzFff3bFtqdpQZrYQ2IaMEWQd5Xq/oUgVG5QZOYDsBsSpU QWuFrMN7a4o80zprCVr9AUXuyTzChTL62TGccWuFKu8VTgxTnInD5qpaSIE5Ya4H
wTMNaHQkp3UXy2408/V61rFNwbBH9Oh6bVMz+p/jAbFIViIgpr0PRji3OQHmCuQS 46ycvYAaahxE5zsQ64VfjYAgubwNKbfSrNjdgtS3PD4abqMfwpjKYG7M53mQYATm
GSxG7nTqfYdD7shvpZbRfHRzJhIZUiAS1WTkBt0RO8Ik8z8Bk/KpxC7Ba0MrWKJE OaxsAi8I0iwhUuSYIXwEhnNXnT5SryTGVyptbRgNMYAgkYccMib+BeQPlDzSK/5E
MTLU1/7Kc6q/f7+HWcjlC5Odz4tNyygxjc7w9vJO+mAvSoPSZk0IpD/o0VeN1OBq ZrwZERYjjZhra45uDBxmnDNqUL7Cg1Du/qCLsEhhjI0MQPIOA9x+l6eP1zWNuvh3
9V7iCMnN3DGkUtRQtybZYMTxwcIR+r+iHSnt0G8TItcu9hQrNqu5JAt7RPC+45KG t5PBNO8LDduK2ZHMx0JHP9beQWuZIaeuN4gTp3mYiKDWN5dkKgFz5MsA7aOAX3GO
4OjFwuHcUKg63qAaFB9KOjavzdYM+nvp/XuL5Vq9Tfvz7J1f8znWrSG4fnysCPub gQl0iZjufcjSqslqxLXKyxKfjGnQkz3deOGL1YkGeuDWJcrKC4e9w/VEWWbOMqK1
IM85oW6edGNAEoyBD+RFTU+IEZOnK+sy3irxbZ/wkIa+Yw0qUXe8vaGhLW270ikj ToF2UrQMHFajH0+FP+kqGd2r1fg65nCWtuC5tpCWOJ7/m/p3UW7tYsRXlgaDLIkm
p8IHvU2okxb+pQGM4BHDoQzGscI0ctw0Xoa8Yz0xXD6nhiclITkhv+a9ZM8zuUus wFYVNwuamhccW5W/YrlyW/LtIe3plmqFGPNRSAF2CkAXCsdXhPdQjMs3A+GUifek
QOEGZjOvvaLl3QmMs4aaOe3NUoF90jzDQwYy3QPggDOXl9gFPbM5klonCGTOyOLw nU8nle7EWJqGjssnncBBULxSx+EonnWaR5CZ3VdBN4XbwJUNbcwwX7CZ1IDtYqPw
m14Z3bCK15cu+Ww5iS3tc80jplgN5l5aOQllcf+nj1785Pa0BVw9JgiwjGlmc5Vy 1gJFNVXwv9+0g/6mx5yb2r1K+AoWHi9dJU8+GTRDOuXDopkLkaIvNB9DM/4hRw4U
rZAs5KXHXP0NOUuLpLq9HVxJmc91kYn7LjZ6TfMcEjju+UUe6EfTWAygPVEVuV2V oTc/nhuQjoaBw/I4YDu0lNb+xYWJFxqRfZr+uDVrI1Scum39HmR22mf1Rel7em+E
ED0/wGMRcYd7FCTanOpfBy3k7E5Ld+mNKzftlnAT2qC6uUDXC1lMnR4mlp668msv 7332QfBwOr06/uayalClOQsWoWkCuYwEcZdPj8Vr6mddXXfJUXTBCEXBTVAgzaRY
62gvdTGMFVkimgnVnDjyXSZe0EWXV5RQOazFItJZ5tO6HRXho0aR/g081KdZoSB7 +0qEVbO5bt2hJGsSm0Vqxcq6CO8XALAScy8gyCc6Lhss2kprVZrQ/GVs5JSm76ep
MPr/5lQY3MDxRm9jbFJLm4DsoYqobl3Beiy2txT7q2NouX8EYPhluiveT7wZd6Ii zPVLaQV/pf0/J3ZjM7UoW+uyC1lpTVgYjVfe5uzDmtXwKYpZT6IcT7kvj8FXr+G8
fasX9hOcBLuoSXtunQo5NYTplO+xecXzHBn+y8jY2CUmiPD56CwFnhPAdSlwBnWH SQD1kh/EvDAATNJ73T9Nf2Pp3io2KtGORIY4iradhASaou8eBRGvoHBmafMzku5c
2Ms4nh8fANjd/6V8iAkWrsX9ZyC6vy2/yubYkrnAqdXxYYR3QNTbFLe7j1r58RIh iIY34x8VhrJdurwB1Rcon8Kc0h3mhVGUTimSp1aw3kwAoeVXnS0D1H69pASpYFjY
4zlWq3yryrITwDm5WQl2GeNOenR33LNF29ACc2vcT10wUGywbm5DgpMjUINTt2D+ 7Zzo/SBiDmLUwISgjCEELxMGJqF6adK9tGNTM9YpQEY6UtpYDHN+ju77vfN0CjnG
t900iFNnaD6+aM9/hZ6tCUzlqOv2WQm3W/+rEH+pztenDmMGNUoIhfC2F7kFfqGG 5VRZi6Iia8S3NgGqWlfwFcHleiAKg2VTTziwZpkB5XcUj7Kwv7e80qZHQS3E+D9k
hGoEgJFCPYRd42MZ2BR7TDLniW6J3XM8pl4U2tCGV8+SHXZeURfAvC5xIE8SVg6R 26bmfBUPRJJyCRRsigtuBv5hH5tY6rNPCUlSJ++TtTwFQpZ4od+Hcf71HOeGQr+3
sLLJO0rXpRNQIquCrEPKfuSaWvBu2lDsvH45nLYke0/09tXIt2PA0WJ9r6nlj2Iu BLmZKFJh6n68PNt6QPwQ6H1zDTATNKgh76OjcJTVHSn85V3bfweus5IYjCi1yMn2
8CDX6lzvacm9kHHSIDZclck1BrIkD3CQ6d0MxjZVdEM9KaPOSwQtGqc9zvFiJ2/k xWeGWVYHer+Rpl9EyCw6Gn6bcDVvlaMcGGj8jUt9hwFmptEWOvtA/GVmrKpNTX+B
ACly9dYPNO3riABBgWwrn4OFpYB+ggLP4f/pwBsf5T7QEvEQXsJ+x08VVRMXpZT0 5B9iawACw7G+UVoyihPIKZLxkpol34PIM6bnxTqfoLKOmclOr411Wzxrl1fQA/B+
e7u2NUFRS3lO/qBp6sCn6e3qi6c6OsLq4rdhpu/z1kAxiWaX1BTe07V3nYlyJjnx DW6a1yYxVF1kKq2GgkuUr5qbSq8XoQjr5Wlzx8jKDnuWTmz5z737QPcL6dWR5QsD
C5cYx+BPEblYyA+2It2S3Y0xoyVl8O2l/H5ynYmj+Pg/kHxSpNH8evMTArwv5Nb7 EiZjn6+A34nKdXmrvYah+V0qk0F0QUOrV0Bwh2y9Hs1YlAIl22zORW1S1I4x8scj
x/U2NhtkjNkq5wBq8MuHgofLuvz7lJh5xfpgEqkm3uvIDR+NXC0PKSGf+MvN6zQe RSrrgOJnmB6ml4uX2fsa3VJeYnZInwElyBVnqbFf8InYrv57ad0i0C5ToFTFVx42
05jAS03QgcSlJDd3yF54F90D+HMK1zqxsYgLK7EuVFFMnqEBDhFLFly9944A0K2u lkLAlljSalXakKpGNE1gi9D2Pcd+9PT/D7PhKsUUU6kAxDwzZdjoNh7CT4JPzCVj
LygD3H523C7t19klm7KsHN+ST8H8SJTa9QL4rlvGdEiqRK7julcCVWTwdURmQvy4 jk0sCCyAHX35X1yXAZmVP0eUBQIWebYuzjvPi9GQmaPyrva0Sjvt0xtANJU0ewC3
gRglFtByQrJPhIiwAyhmqCPZ7fIlEBn2xtR4HQzYJulI2qmqxhix88i6GxzwjUBs UWtOvaTgu2RNFzPy15fwFcsS8lHg5D5ag5vSM6xrENzzosor6iYhf9kQAGZodfvO
Y3+LpktCL2FPqoZksKLPeXt5usOOPZAzq5dFEEFf1j0mwuEcEKwKsfApt89Qa61a 1yuotbca18DCL0rQaOdc1yfxcRFi6obSP5SnjWFqzr7UcUtW3waVjPMdg03TrjFo
xGuqcVdju1OPr/i9rn9BQxg1BQJOhPKv4Lp8LdO5jHEFzj73ndZ5s1t4MreR4brN J4DUXyu4JbFFnWT4TAypjsDtrWXuh6toNmhmSOxsuhUZInp/5Gl6RLPCgGieIzqv
CqySwUz5C8uSQX5lx4K81uaYK+KOrh9lFI4UgQPx8Q== NK+lf3i2APb3Xz7RzSHMbdmC58srMshOgU3MhvoFwdSYBvadyqDm/N3uT0ImBLGz
=gugK +tHhAUs8/4RJCob0+WEUmLzmd18GGM0tvBNi0r9/HMA8ggC9fG9/fVY6l22MLxpj
wBfojoHjaQCGPA==
=OUZI
-----END PGP MESSAGE----- -----END PGP MESSAGE-----

77
eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/application.properties Normal file
View file

@ -0,0 +1,77 @@
# Logging
logging.level.org.springframework.web=INFO
# Service path
server.context-path=/eidas-ps
# Service port connector settings
server.port=8443
server.ssl.key-store=classpath:server-tls.jks
server.ssl.key-store-password=secret
server.ssl.key-password=secret
tomcat.ajp.port=8009
tomcat.ajp.remoteauthentication=false
tomcat.ajp.enabled=true
# For development. Allowing signature check on metadata to be skipped. Default false.
#proxy-service.dev.ignoreMetadataSignCheck=true
# Initial delay in milliseconds (default 5000) and seconds between metadata configuration recache (default 240 sec).
#proxy-service.daemon.inital.delay.ms=5000
proxy-service.daemon.recache.delay.sec=240
# Location of other properties files (general-metadata.properties, psidp-metadata.properties and natsp-metadata.properties)
# Example specifying external location: 'proxy-service.config.location=file:///opt/webapp/eidas-ps/cfg/'
# Example specifying src/main/resources config location: 'classpath:'
proxy-service.config.location=file://${proxy-service.path.prefix}/cfg/
# Key Store properties
# Location can be specified as "classpath:" or as file path e.g "/opt/webapp/eidas-ps/keystore/keyStore.jks"
proxy-service.keyStoreLocation=${proxy-service.path.prefix}/nodeKeyStore.jks
proxy-service.keyStorePass=local-demo
proxy-service.keyStoreAlias=local-demo-cert
# Session Encryption properties
#proxy-service.cookieEncryptPw=changeme
# Requirements to show consent dialogue (Default false);
proxy-service.consent=true
proxy-service.consent.attributes=urn:oid:1.2.752.201.3.7,\
urn:oid:2.5.4.4,\
urn:oid:2.5.4.42,\
urn:oid:1.3.6.1.5.5.7.9.3,\
urn:oid:1.3.6.1.5.5.7.9.1
proxy-service.consent.valuetranslation=urn:oid:1.3.6.1.5.5.7.9.3
# Welcome page presentation text location
proxy-service.welcomepage.markdown=${proxy-service.path.prefix}/cfg/infotext.md
#Metadata Service List location specified as either URL (http or https), "file://" or "classpath:"
proxy-service.eidasMdListLocation=https://eid.svelegtest.se/nodeconfig/mdservicelist
# Optional certificate file for validating metadata service list file signatures
# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/eIDASmdListCert.crt
#Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:"
proxy-service.eidasMetadataLocation=https://eid.svelegtest.se/nodeconfig/metadata
# Optional certificate file for validating metadata signatures
# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/eIDASmdListCert.crt
# Optional cache dir for caching downloaded metadata. If not set, cache is stored in memory.
proxy-service.eidasMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache
#Metadata location for national IdP metadata specified as either URL (http or https), "file://" or "classpath:"
proxy-service.nationalMetadataLocation=http://eid.svelegtest.se/metadata/mdx/role/idp.xml
# Optional certificate file for validating metadata signatures
# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
proxy-service.nationalMetadataCert=${proxy-service.path.prefix}/se-metadata-cert.crt
# Optional cache dir for caching downloaded national metadata. If not set, cache is stored in memory.
proxy-service.nationalPsMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache

12
eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/general-metadata.properties Normal file
View file

@ -0,0 +1,12 @@
psgen.country=XY
psgen.name=Sweden XY eIDAS ProxyService
psgen.orgName=Swedish E-Identification Board
psgen.dispName=Swedish eIDAS Proxy Service
psgen.orgUrl=http://eidasweb.se
psgen.supportGivenName=Customer support
psgen.techGivenName=Technical support
psgen.supportEmail=support@example.com
psgen.techEmail=support@example.com

44
eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/infotext.md Normal file
View file

@ -0,0 +1,44 @@
### Proxy Service
This is the Swedish XY Country test proxy sevice of the Swedish eIDAS Pilot
**Relevant resources:**
<table class="table table-dark table-links table-responsive">
<tr><td>eIDAS Project Home Page</td>
<td><a href="http://eidasweb.se/home/">http://eidasweb.se</a></td><tr>
<tr><td>eIDAS Proxy Service Metadata</td>
<td><a href="ServiceMetadata">https://eunode.eidastest.se/EidasNode-XY/ServiceMetadata</a></td><tr>
<tr><td>National SP Metadata</td>
<td><a href="nat-metadata">https://eunode.eidastest.se/EidasNode-XY/nat-metadata</a></td><tr>
<tr><td>Swedish E-Identification Board</td>
<td><a href="https://www.elegnamnden.se">https://www.elegnamnden.se</a></td><tr>
</table>
**Metadata validation certificate:**
<div style="margin-left:20px; font-size:small">
```
-----BEGIN CERTIFICATE-----
MIIDOzCCAiMCBgFfWGgYvjANBgkqhkiG9w0BAQ0FADBhMSkwJwYDVQQDEyBUZXN0IENvdW50cnkg
ZUlEQVMgUHJveHkgU2VydmljZTEnMCUGA1UEChMeU3dlZGlzaCBFLUlkZW50aWZpY2F0aW9uIEJv
YXJkMQswCQYDVQQGEwJYWTAeFw0xNzEwMjYwOTE4NTdaFw0yMjEwMjYxMTE4NTdaMGExKTAnBgNV
BAMTIFRlc3QgQ291bnRyeSBlSURBUyBQcm94eSBTZXJ2aWNlMScwJQYDVQQKEx5Td2VkaXNoIEUt
SWRlbnRpZmljYXRpb24gQm9hcmQxCzAJBgNVBAYTAlhZMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAoo+9Fjjtx50yc8QzkFHxmRDqZC3/cPvWNIK0bqmXrBdlvstB5kYn0x+t644d9zQA
v6yXFW3hhSHjTeeB49NVwa2HVxtmkX5VzJLNo0mjQm3c3vAZNooUHzv+deZrl5HhFkZZPD1sLwOb
dlCHd1ozf60+diD/P0EkMkCwwaVWnq13pHv1XuQOBFmVb0O5/muJrzu6uGZAsPS4SUsg9IFgl1AK
hcl5FPykNvqYMEamOKCbJoL2mpjUQFGtudlDaqneqz0Jt4syoQmvuFal/0uC1XhKwLNitu3GGceZ
Mwdq6TJlR1pMNDgFOjSO2Yv0v/3kKtmhiOCBpmXXl4JcWDCMBQIDAQABMA0GCSqGSIb3DQEBDQUA
A4IBAQBTCQT2OTGE+f5qWe4NiXRZBHfLuU0A2Lj3fm30dA+N/3WO5eOTHCGSEJhSh/SxeFzexTiG
QSrdUuJtTM+mtqF6v0OfJ55K+dhSNzcE5dtM3ds6qZ73VAJQlxLv3qE4hqR7bLMhvz0Zby0Hq0XJ
+FCMs5vSMDtMi5n/CLqh/ctEacUx+lNfQEjZWHInfntMBRUxwy6SYfqjPdhDneP+IXAertPi/Uqn
NFkI8ewylphNXoewIEIjfFk6WSAwgc2scWgnj8U4un1LFjl//m4DWCEQEkjwuxNf1pTCQFDW7Gc3
+lNgymwLJoieNYqSOhomsTRZTXyuRI4b/ttebvbNiALS
-----END CERTIFICATE-----
```
</div>

27
eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-idpdisco.properties Normal file
View file

@ -0,0 +1,27 @@
proxy-service.idpdisco.idplist=\
testIdp,\
mobIdp,\
ccBankid,\
ccTelia
proxy-service.idpdisco.langs=\
se,\
en,\
fr
proxy-service.idpdisco.entityid={\
testIdp :'https://idp.svelegtest.se/idp',\
mobIdp :'https://midp.svelegtest.se/idp',\
ccBankid : 'https://eid.identityhub.se/demo/bankid/',\
ccTelia : 'https://eid.identityhub.se/demo/teliabrowserplugin/'\
}
proxy-service.idpdisco.name={\
testIdp :'Test ID-tjänst, Test IdP, Test IdP',\
mobIdp :'Mobil Test IdP, Mobile Test IdP, Mobile Test IdP',\
ccBankid : 'BankID, BankID, BankID',\
ccTelia : 'Telia,Telia,Telia'\
}
proxy-service.idpdisco.logo={\
testIdp :'https://eid.svelegtest.se/logos/elegnamnden_notext_68x67.png, 67, 68',\
mobIdp :'https://eid.svelegtest.se/logos/elegnamnden_notext_68x67.png, 67, 68',\
ccBankid : 'img/disco/bankid_logo.png, 94, 100',\
ccTelia : 'img/disco/telia_min_logo.png,89,86'\
}

24
eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/natsp-metadata.properties Normal file
View file

@ -0,0 +1,24 @@
#EntityID of the n
natsp.entityId=${proxy-service.domain.prefix}/nat-ps-sp
natsp.displayNames={\
en:'Swedish Citizen Adapter',\
sv:'Sveriges internationella legitimeringsnod'\
}
natsp.descriptions={\
en:'Test service for the Swedish eIDAS Pilot New Local',\
sv:'Testtjänst för Svenska eIDAS piloten'\
}
# Logos are specified as a map with the url as key followed by height,width[,lang] as comma separated parameters.
natsp.logos={\
'https://eunode.eidastest.se/Connector/custom/idpLogo.png':'276,293'\
}
natsp.assertionConsumerServices={\
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/assertionconsumer'\
}
natsp.nameIDFormats=\
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
natsp.entityCategories=\
http://id.elegnamnden.se/ec/1.0/loa3-pnr

25
eidas-proxy/overlay/etc/eidas-proxy/xy/cfg/psidp-metadata.properties Normal file
View file

@ -0,0 +1,25 @@
psmd.gen.entityID=${proxy-service.domain.prefix}/ServiceMetadata
psmd.ext.supportedEncAlgos=\
http://www.w3.org/2009/xmlenc11#aes128-gcm,\
http://www.w3.org/2009/xmlenc11#aes192-gcm,\
http://www.w3.org/2009/xmlenc11#aes256-gcm
psmd.ext.supportedSigAlgorithms=\
http://www.w3.org/2001/04/xmldsig-more#rsa-sha512,\
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256,\
http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
psmd.ext.supportedDigestAlgorithms=\
http://www.w3.org/2001/04/xmldsig-more#sha384,\
http://www.w3.org/2001/04/xmlenc#sha512,\
http://www.w3.org/2001/04/xmlenc#sha256
psmd.idp.nameIDFormats=\
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\
urn:oasis:names:tc:SAML:2.0:nameid-format:transient,\
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
psmd.idp.ssoList={'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/ColleagueRequest'}
psmd.idp.supportedAttributes=\
http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName,\
http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName,\
http://eidas.europa.eu/attributes/naturalperson/DateOfBirth,\
http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier,\
http://eidas.europa.eu/attributes/naturalperson/Gender
psmd.idp.assuranceCertifications=http://eidas.europa.eu/LoA/substantial

17
eidas-proxy/overlay/etc/eidas-proxy/xy/eIDASmdListCert.crt Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIIDSTCCAjECBgFc72gQnTANBgkqhkiG9w0BAQ0FADBoMScwJQYDVQQKEx5Td2VkaXNoIEUtSWRl
bnRpZmljYXRpb24gQm9hcmQxCzAJBgNVBAYTAlNFMTAwLgYDVQQDEydTd2VkaXNoIGVJREFTIG5v
ZGUgdHJ1c3QgY29uZmlnIHNlcnZpY2UwHhcNMTcwNjI4MTQ1MzEzWhcNMjIwNjI4MTU1MzEzWjBo
MScwJQYDVQQKEx5Td2VkaXNoIEUtSWRlbnRpZmljYXRpb24gQm9hcmQxCzAJBgNVBAYTAlNFMTAw
LgYDVQQDEydTd2VkaXNoIGVJREFTIG5vZGUgdHJ1c3QgY29uZmlnIHNlcnZpY2UwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR93BFw1lFLD3IUkYwKFj29R2h2kz8X1mKBoLKufXdTg7F
HHgkJFUy6Kf+JTWiJoEC60WBTBj1Mf+phA0PS24PDBqErtnv5l1K8x1Bo930NqxMStwFbmaeah5a
1ZeEMsWWGfJfMU26/yHux4ULkUqwxJQ9x5hYp5qLf/UaCbJvxOLyZ5wmHnups1+hT5AFe/ix6mua
hKNCJplrZLpnMhFuSjZC+yDDH0F83X71kU0bsm8RKd9OW2t+g+XFRnVpf+mgHPf2bCGxDJpt5h/s
ipQCP78gXsCL+6J7lS8pnxy/ZW2Qr4cwIvWucTlph0nAEHVv9j2K4pgCKR4hbD5MonFjAgMBAAEw
DQYJKoZIhvcNAQENBQADggEBAFI5NDg0xPP8GGwItDSPYqF/PbN9k4Rc/ujXVxgNC/cZ3gSYS8Hl
jcRs2bGx7uiOkJIWiaNXapMptyOgwbjhB4kKLkFnywIH9nV1yYdkf1ToBZJz/SuCAXSkVylTARKa
memIj/9JL9L0FX7i+qyArJJO8Z7PhSUP1uhGEaPSLA3AuNT9xYzMUvrwf8+aDscvf0h0YjPjrIhn
r3i8fvkDDSaRPbAe1xJjHZoOA2Y8socfw+8BsGoibaS00wVgjx9+gZWIE5/d6PBQesF3KMPUZZMp
6WJrOnxk0z03V7R38PB/bTqivErVSYOZ3M8zIyqfPiWM2Fe35tHXXHN8XsQel6s=
-----END CERTIFICATE-----

15
eidas-proxy/overlay/etc/eidas-proxy/xy/se-metadata-cert.crt Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICyzCCAbMCBgFEwQFDRDANBgkqhkiG9w0BAQUFADApMScwJQYDVQQDDB5Td2VkaXNoIEUtaWRl
bnRpZmljYXRpb24gYm9hcmQwHhcNMTQwMzE0MTIzMTI5WhcNMTkwMzE0MTQzMTI5WjApMScwJQYD
VQQDDB5Td2VkaXNoIEUtaWRlbnRpZmljYXRpb24gYm9hcmQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCGxrPbCuZYeMZniwOAIO1MiQjGD3LIfaLBddNucsAVrxpYW7bYMwzvgL2Gp4yV
6IyAx5kUgHPjEkEEIjH+NhxYdChD8iWBkLuaOkxyYNXFjFQ3APk5kqP+BB+fP8peWlKGX6S2mfcB
7eObDQqb28osfXE+bak4X2rNf5i+Yx9VdXBpRhDxk7umDdWTSJlc+ZCxWUt3ldc58/sXIgAzVWk4
9A3GIvOHlBVgm/5g3yzU9HnxD1fyOKT+NkF5J9mjM0x8Qg9K/Zep3n1xmb8kZ/vcRxv+AounGDd7
w/QWW84sPegySHqm5GkLSgwB63nJZr5wS+qoT9sTooCM0AhBhY1FAgMBAAEwDQYJKoZIhvcNAQEF
BQADggEBAESqy6GrAEbL/blJQxDb/LCCW4y3KAAs/pqvR4SQMP0rvVe5FJiUJsE/6DEhk+cl0N+o
5e8/NusIUD7f6vKSYTHgCodSeDYGdrkRrOucDBWgIlYVsR3yTb/za3AlgiTW6eGGqiY6SeEzXNTM
5o0GpoZbknQZEK/xCJLtMAU6oX7pDBLahtYeJAJJNFVjtPKsERr2Ob2ni9XW8+fxyjv0v2gmlQvW
i6VnpD6VJ3nwAFDsGHBgzli32YBd62rukqyiqvC595LNg0Dg4fyv1ZuOiqajWSd3x8JI6bS01QvY
3fNKY84wMQXpRq9C3zRtpPKmh22W6mcQvh1uN3qNaIEEklE=
-----END CERTIFICATE-----

3
global/overlay/etc/puppet/cosmos-rules.yaml
View file

@ -25,3 +25,6 @@ r1.komreg.net:
openstack_ubuntu_16_04_dockerhost: openstack_ubuntu_16_04_dockerhost:
sunet_iaas_cloud: sunet_iaas_cloud:
autoupdate: autoupdate:
eidas_proxy:
hostname: xy.qa.sveidas.se
country: xy

8
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -198,7 +198,6 @@ class swamid_pyff_signer {
} }
class eidas_connector($hostname) { class eidas_connector($hostname) {
$proxy_service_cookie_encrypt_pw = safe_hiera('proxy_service_cookie_encrypt_pw',NOT_SET);
file {['/etc/eidas-connector','/var/log/eidas-connector']: ensure => directory } -> file {['/etc/eidas-connector','/var/log/eidas-connector']: ensure => directory } ->
sunet::docker_run {'eidas_connector': sunet::docker_run {'eidas_connector':
image => 'docker.sunet.se/eidas-connector', image => 'docker.sunet.se/eidas-connector',
@ -207,10 +206,13 @@ class eidas_connector($hostname) {
volumes => ['/var/log/eidas-connector:/var/log/eidas-connector', volumes => ['/var/log/eidas-connector:/var/log/eidas-connector',
'/etc/eidas-connector:/etc/eidas-connector'], '/etc/eidas-connector:/etc/eidas-connector'],
env => ["IDP_SERVER_HOSTNAME=$hostname"] env => ["IDP_SERVER_HOSTNAME=$hostname"]
} } ->
class {'webserver': } ->
class {'https_server': }
} }
class eidas_proxy($hostname,$country) { class eidas_proxy($hostname,$country) {
$proxy_service_cookie_encrypt_pw = safe_hiera('proxy_service_cookie_encrypt_pw',NOT_SET);
file {['/etc/eidas-proxy/',"/etc/eidas-proxy/$country"]: ensure => directory } -> file {['/etc/eidas-proxy/',"/etc/eidas-proxy/$country"]: ensure => directory } ->
sunet::snippets::secret_file { sunet::snippets::secret_file {
hiera_key => 'eidas_proxy_keystore', hiera_key => 'eidas_proxy_keystore',
@ -228,6 +230,8 @@ class eidas_proxy($hostname,$country) {
"SPRING_CONFIG_LOCATION=/etc/eidas-proxy/$country/cfg/", "SPRING_CONFIG_LOCATION=/etc/eidas-proxy/$country/cfg/",
"PROXY_SERVICE_COOKIEENCRYPTPW=$proxy_service_cookie_encrypt_pw"] "PROXY_SERVICE_COOKIEENCRYPTPW=$proxy_service_cookie_encrypt_pw"]
} }
class {'webserver': } ->
class {'https_server': }
} }
class sunetops { class sunetops {