change proxy config to match Test env

2022-03-10 17:25:16 +01:00 · 2022-03-10 17:25:16 +01:00 · 4e2a1502fe
commit 4e2a1502fe
parent 26c0125c0e
6 changed files with 45 additions and 49 deletions
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties
@ -36,24 +36,20 @@ proxy-service.country=SE

 # Key Store properties
 # Location can be specified as "classpath:" or as file path e.g "/opt/webapp/eidas-ps/keystore/keyStore.jks"
+proxy-service.keySourceType=PKCS12
+proxy-service.keySourceLocation=${proxy-service.path.prefix}/proxy.p12
+proxy-service.keySourcePass=dummy
+proxy-service.keySourceAlias=proxy

-proxy-service.pkcs11.external-config-locations=${spring.config.additional.location}/pkcs11.cfg
-proxy-service.pkcs11.reloadable-keys=false
+proxy-service.natsp.keySourceType=PKCS12
+proxy-service.natsp.keySourceLocation=${proxy-service.path.prefix}/proxy.p12
+proxy-service.natsp.keySourcePass=dummy
+proxy-service.natsp.keySourceAlias=proxy

-proxy-service.keySourceType=PKCS11
-proxy-service.keySourcePass=${proxy-service.pkcs11.pin}
-proxy-service.keySourceAlias=sc_eidas_sign
-proxy-service.keySourceCertLocation=${spring.config.additional.location}/sign.crt
-
-proxy-service.encryption.keySourceType=PKCS11
-proxy-service.encryption.keySourcePass=${proxy-service.pkcs11.pin}
-proxy-service.encryption.keySourceAlias=sc_eidas_encrypt
-proxy-service.encryption.keySourceCertLocation=${spring.config.additional.location}/enc.crt
-
-proxy-service.metadata.keySourceType=PKCS11
-proxy-service.metadata.keySourcePass=${proxy-service.pkcs11.pin}
-proxy-service.metadata.keySourceAlias=swedenconnect
-proxy-service.metadata.keySourceCertLocation=${spring.config.additional.location}/swedenconnect-signer.crt
+proxy-service.metadata.keySourceType=PKCS12
+proxy-service.metadata.keySourceLocation=${proxy-service.path.prefix}/metadata.p12
+proxy-service.metadata.keySourcePass=dummy
+proxy-service.metadata.keySourceAlias=metadata

 # Session Encryption properties
 #proxy-service.cookieEncryptPw=changeme
@ -71,28 +67,33 @@ proxy-service.consent.valuetranslation=urn:oid:1.3.6.1.5.5.7.9.3
 proxy-service.welcomepage.markdown=${proxy-service.path.prefix}/cfg/infotext.md

 #Metadata Service List location specified as either URL (http or https), "file://" or "classpath:"
-proxy-service.eidasMdListLocation=https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml
+proxy-service.eidasMdListLocation=https://test.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml

 # Optional certificate file for validating metadata service list file signatures
 # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
-proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt
+proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/metadata.crt

 #Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:"
-proxy-service.eidasMetadataLocation=https://md.eidas.swedenconnect.se/entities
+proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/role/sp.xml

 # Optional certificate file for validating metadata signatures
 # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
-proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt
+proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/cfg/metadata.crt

 # Optional cache dir for caching downloaded metadata. If not set, cache is stored in memory.
 proxy-service.eidasMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache

 #Metadata location for national IdP metadata specified as either URL (http or https), "file://" or "classpath:"

-proxy-service.nationalMetadata.prod.location=https://md.swedenconnect.se/role/idp.xml
-proxy-service.nationalMetadata.prod.certFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt
-proxy-service.nationalMetadata.prod.cacheFile=${proxy-service.path.prefix}/cache/prod-metadata.xml
-proxy-service.nationalMetadata.prod.index=0
+#proxy-service.nationalMetadata.test.location=http://eid.svelegtest.se/metadata/mdx/role/idp.xml
+#proxy-service.nationalMetadata.test.certFile=${proxy-service.path.prefix}/cfg/se-metadata-cert.crt
+#proxy-service.nationalMetadata.test.cacheFile=${proxy-service.path.prefix}/cache/test-metadata.xml
+#proxy-service.nationalMetadata.test.index=1
+
+proxy-service.nationalMetadata.test.location=https://test.md.swedenconnect.se/role/idp.xml
+proxy-service.nationalMetadata.test.certFile=${proxy-service.path.prefix}/cfg/metadata.crt
+proxy-service.nationalMetadata.test.cacheFile=${proxy-service.path.prefix}/cache/test-metadata.xml
+proxy-service.nationalMetadata.test.index=0

 management.server.context-path=/manage
 management.server.security.enabled=false
@ -101,5 +102,11 @@ management.server.ssl.enabled=true

 proxy-service.syslog.enabled=true

+# Override default signature algorithms
+proxy-service.signature-algorithm=http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1
+proxy-service.signature-algorithm.md=${proxy-service.signature-algorithm}
+proxy-service.signature-algorithm.natsp=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
+proxy-service.signature-algorithm.natsp.md=${proxy-service.signature-algorithm.natsp}
+
 #Private SP requests from other eIDAS countries
 proxy-service.private-sp.enabled=true
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/general-metadata.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/general-metadata.properties
@ -5,8 +5,8 @@ psgen.orgName={\
  sv:'Sweden Connect'\
 }
 psgen.dispName={\
-  en:'Swedish eIDAS Proxy Service',\
-  sv:'Swedish eIDAS Proxy Service'\
+  en:'Swedish eIDAS Test Proxy Service',\
+  sv:'Swedish eIDAS Test Proxy Service'\
 }
 psgen.orgUrl=https://swedenconnect.se
 psgen.supportGivenName=Customer support
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties
@ -4,24 +4,20 @@
 # - natToEidasMapping = National IdP:s are allowed to respond with national LoA. These counts as non notified eID
 # - natToEidasNotifiedMapping = National IdP:s are allowed to respond with national LoA. These counts as notified eID

-idp.freja.entityid=https://idp-sweden-connect-valfr-2017.prod.frejaeid.com
+idp.testIdp.entityid=http://test.test.swedenconnect.se/idp
+idp.testIdp.loapolicy=justEidasLoa
+idp.testIdp.consent=true
+idp.testIdp.privateSpSupport=true
+idp.testIdp.deriveDob=false
+idp.testIdp.index=1
+
+idp.freja.entityid=https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com
 idp.freja.loapolicy=justEidasLoa
 idp.freja.consent=false
 idp.freja.deriveDob=false
 idp.freja.privateSpSupport=true
 idp.freja.index=0

-#idp.testIdp.entityid=http://qa.test.swedenconnect.se/idp
-#idp.testIdp.name.sv=Test ID-tjänst
-#idp.testIdp.name.en=Test IdP
-#idp.testIdp.logo.uri=${proxy-service.domain.prefix}/img/se-flag-rnd.svg
-#idp.testIdp.logo.height=67
-#idp.testIdp.logo.width=68
-#idp.testIdp.loapolicy=justEidasLoa
-#idp.testIdp.consent=true
-#idp.testIdp.deriveDob=false
-#idp.testIdp.index=0
-
 #idp.mobIdp.entityid=https://midp.svelegtest.se/idp
 #idp.mobIdp.name.sv=Legacy Test ID Tjänst
 #idp.mobIdp.name.en=Legacy Test IdP
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/natsp-metadata.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/natsp-metadata.properties
@ -10,8 +10,8 @@ natsp.displayNames={\
  sv:'Sveriges internationella legitimeringsnod'\
  }
 natsp.descriptions={\
-  en:'Swedish eIDAS Service',\
-  sv:'Svenska eIDAS Tjänsten'\
+  en:'Test service for the Swedish eIDAS',\
+  sv:'Testtjänst för Svenska eIDAS'\
  }
 natsp.assertionConsumerServices={\
  'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/assertionconsumer'\
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/psidp-metadata.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/psidp-metadata.properties
@ -33,4 +33,4 @@ psmd.idp.assuranceCertifications=\
  http://eidas.europa.eu/LoA/NotNotified/low,\
  http://eidas.europa.eu/LoA/NotNotified/substantial,\
  http://eidas.europa.eu/LoA/NotNotified/high
-psmd.idp.termsofaccessRequesterId=true
+psmd.idp.termsofaccessRequesterId=false
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/syslog.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/syslog.properties
@ -8,16 +8,9 @@
 # - clienthostname : Name of the sending client host
 # - clientapp      : Name of the sending client application

-syslog.1.host=log-1.sveidas.se
+syslog.1.host=log-1.test.sveidas.se
 syslog.1.port=514
 syslog.1.protocol=udp
 syslog.1.bsd=false
 syslog.1.facility=19
 syslog.1.clientapp=eidas-proxy-service
-
-syslog.2.host=log-2.sveidas.se
-syslog.2.port=514
-syslog.2.protocol=udp
-syslog.2.bsd=false
-syslog.2.facility=19
-syslog.2.clientapp=eidas-proxy-service