Connector config for connector-qa, SC-2670
This commit is contained in:
parent
a6483a2bf8
commit
3c4ca71bf6
2 changed files with 182 additions and 0 deletions
|
@ -1293,6 +1293,10 @@ idm-sto[13]-qa-redis-[123]\.komreg\.net:
|
|||
connector-qa-sto1-1.komreg.net:
|
||||
autoupdate:
|
||||
sunet::dockerhost2:
|
||||
eid::connector:
|
||||
environment: qa
|
||||
session_backend: memory
|
||||
version: 2.0.2_hsm2_ubuntu
|
||||
|
||||
### TEST environment ####
|
||||
connector-test-sto3-1.komreg.net:
|
||||
|
|
|
@ -0,0 +1,178 @@
|
|||
#
|
||||
# Connector overrides for the Sweden Connect QA deployment
|
||||
#
|
||||
---
|
||||
spring:
|
||||
ssl:
|
||||
bundle:
|
||||
pem:
|
||||
connector-web-server:
|
||||
keystore:
|
||||
certificate: file:/etc/ssl/certs/<%= @server_fqdn %>_infra.crt
|
||||
private-key: file:/etc/ssl/private/<%= @server_fqdn %>_infra.key
|
||||
sunet-tls-trust:
|
||||
truststore:
|
||||
certificate: file:/etc/ssl/certs/infra.crt
|
||||
<% if @session_backend == 'redis' -%>
|
||||
keystore:
|
||||
certificate: file:/etc/ssl/certs/<%= @server_fqdn %>_infra.crt
|
||||
private-key: file:/etc/ssl/private/<%= @server_fqdn %>_infra.key
|
||||
session:
|
||||
timeout: 15m
|
||||
redis:
|
||||
namespace: spring:session:connector
|
||||
data:
|
||||
redis:
|
||||
cluster:
|
||||
nodes:
|
||||
- 89.45.236.201:6379
|
||||
- 89.45.237.40:6379
|
||||
- 89.45.237.212:6379
|
||||
password: <%= scope.call_function('safe_hiera', ['redict_password']) %>
|
||||
ssl:
|
||||
enabled: true
|
||||
bundle: sunet-tls-trust
|
||||
ssl-ext:
|
||||
enable-hostname-verification: false
|
||||
<% end -%>
|
||||
|
||||
server:
|
||||
port: 8443
|
||||
servlet:
|
||||
context-path: /idp
|
||||
ssl:
|
||||
enabled: true
|
||||
bundle: connector-web-server
|
||||
error:
|
||||
include-stacktrace: never
|
||||
|
||||
management:
|
||||
server:
|
||||
port: 8444
|
||||
health:
|
||||
redis:
|
||||
<% if @session_backend == 'redis' -%>
|
||||
enabled: true
|
||||
<% end -%>
|
||||
<% if @session_backend == 'memory' -%>
|
||||
enabled: false
|
||||
<% end -%>
|
||||
|
||||
credential:
|
||||
bundles:
|
||||
keystore:
|
||||
pkcs11-store:
|
||||
type: PKCS11
|
||||
provider: SunPKCS11
|
||||
password: ${PKCS11_PIN}
|
||||
pkcs11:
|
||||
configuration-file: ${CONNECTOR_DIRECTORY}/credentials/pkcs11.cfg
|
||||
jks:
|
||||
connector-sign:
|
||||
name: "Connector Signing Credential"
|
||||
store-reference: pkcs11-store
|
||||
key:
|
||||
certificates: file:${CONNECTOR_DIRECTORY}/credentials/sign.crt
|
||||
# The alias should be the name of the CKA_LABEL attribute
|
||||
alias: sc_eidas_sign
|
||||
key-password: ${PKCS11_PIN}
|
||||
monitor: true
|
||||
connector-encrypt:
|
||||
name: "Connector Encryption Credential"
|
||||
store-reference: pkcs11-store
|
||||
key:
|
||||
# certificates: file:${CONNECTOR_DIRECTORY}/credentials/enc.crt
|
||||
# The alias should be the name of the CKA_LABEL attribute
|
||||
alias: sc_eidas_encrypt
|
||||
key-password: ${PKCS11_PIN}
|
||||
monitor: true
|
||||
connector-hsm-md-sign:
|
||||
name: "Connector HSM Metadata Signing Credential"
|
||||
store-reference: pkcs11-store
|
||||
key:
|
||||
certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||
alias: sctest2
|
||||
key-password: ${PKCS11_PIN}
|
||||
monitor: true
|
||||
#pem:
|
||||
#oauth2:
|
||||
# TODO: Fix certs
|
||||
#name: "Connector OAuth2 Credential"
|
||||
#certificates: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.crt
|
||||
# private-key: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.key
|
||||
monitoring:
|
||||
enabled: true
|
||||
test-interval: 10m
|
||||
health-endpoint-enabled: true
|
||||
|
||||
connector:
|
||||
domain: test.connector.eidas.swedenconnect.se
|
||||
base-url: https://${connector.domain}${server.servlet.context-path}
|
||||
backup-directory: ${CONNECTOR_DIRECTORY}/backup
|
||||
eu-metadata:
|
||||
location: https://test.md.eidas.swedenconnect.se/role/idp.xml
|
||||
validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||
eidas:
|
||||
credentials:
|
||||
# Use same as for IdP except for the metadata signing credential
|
||||
metadata-sign:
|
||||
pem:
|
||||
name: "Credential Metadata Signing"
|
||||
certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||
private-key: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.key
|
||||
prid:
|
||||
policy-resource: file:${CONNECTOR_DIRECTORY}/prid/policy.properties
|
||||
idp:
|
||||
ping-whitelist:
|
||||
- https://test.test.swedenconnect.se/sp
|
||||
# idm:
|
||||
# TODO: Change to true when IdM integration should be turned on
|
||||
# active: false
|
||||
# api-base-url: https://test.idm.eidas.swedenconnect.se/idm
|
||||
#service-url: https://test.idm.eidas.swedenconnect.se/idm
|
||||
#oauth2:
|
||||
# resource-id: https://test.idm.eidas.swedenconnect.se/idm
|
||||
# client-id: ${saml.idp.entity-id}
|
||||
# check-scopes:
|
||||
# - ${connector.idm.oauth2.resource-id}/idrecord_check
|
||||
# get-scopes:
|
||||
# - ${connector.idm.oauth2.resource-id}/idrecord_get
|
||||
# server:
|
||||
# issuer: ${saml.idp.entity-id}/as
|
||||
# credential:
|
||||
# bundle: oauth2
|
||||
|
||||
saml:
|
||||
idp:
|
||||
entity-id: https://test.connector.eidas.swedenconnect.se/eidas
|
||||
base-url: ${connector.base-url}
|
||||
session:
|
||||
module: <%= @session_backend %>
|
||||
replay:
|
||||
type: <%= @session_backend %>
|
||||
context: "connector-replay-cache"
|
||||
metadata-providers:
|
||||
- location: https://test.md.swedenconnect.se/role/sp.xml
|
||||
backup-location: ${connector.backup-directory}/metadata/sc-cache.xml
|
||||
validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
|
||||
credentials:
|
||||
# Use same as for IdP except for the metadata signing credential
|
||||
sign:
|
||||
bundle: connector-sign
|
||||
encrypt:
|
||||
bundle: connector-encrypt
|
||||
metadata-sign:
|
||||
bundle: connector-hsm-md-sign
|
||||
#future-sign: file:${CONNECTOR_DIRECTORY}/credentials/idp-signing.crt
|
||||
audit:
|
||||
in-memory:
|
||||
capacity: 1000
|
||||
file:
|
||||
log-file: ${CONNECTOR_DIRECTORY}/logs/audit.log
|
||||
|
||||
logging:
|
||||
level:
|
||||
se:
|
||||
swedenconnect:
|
||||
opensaml: DEBUG
|
||||
eidas: INFO
|
Loading…
Add table
Reference in a new issue