diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties index c4dfbe5b..9ad2a961 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties @@ -36,24 +36,20 @@ proxy-service.country=SE # Key Store properties # Location can be specified as "classpath:" or as file path e.g "/opt/webapp/eidas-ps/keystore/keyStore.jks" +proxy-service.keySourceType=PKCS12 +proxy-service.keySourceLocation=${proxy-service.path.prefix}/proxy.p12 +proxy-service.keySourcePass=dummy +proxy-service.keySourceAlias=proxy -proxy-service.pkcs11.external-config-locations=${spring.config.additional.location}/pkcs11.cfg -proxy-service.pkcs11.reloadable-keys=false +proxy-service.natsp.keySourceType=PKCS12 +proxy-service.natsp.keySourceLocation=${proxy-service.path.prefix}/proxy.p12 +proxy-service.natsp.keySourcePass=dummy +proxy-service.natsp.keySourceAlias=proxy -proxy-service.keySourceType=PKCS11 -proxy-service.keySourcePass=${proxy-service.pkcs11.pin} -proxy-service.keySourceAlias=sc_eidas_sign -proxy-service.keySourceCertLocation=${spring.config.additional.location}/sign.crt - -proxy-service.encryption.keySourceType=PKCS11 -proxy-service.encryption.keySourcePass=${proxy-service.pkcs11.pin} -proxy-service.encryption.keySourceAlias=sc_eidas_encrypt -proxy-service.encryption.keySourceCertLocation=${spring.config.additional.location}/enc.crt - -proxy-service.metadata.keySourceType=PKCS11 -proxy-service.metadata.keySourcePass=${proxy-service.pkcs11.pin} -proxy-service.metadata.keySourceAlias=swedenconnect -proxy-service.metadata.keySourceCertLocation=${spring.config.additional.location}/swedenconnect-signer.crt +proxy-service.metadata.keySourceType=PKCS12 +proxy-service.metadata.keySourceLocation=${proxy-service.path.prefix}/metadata.p12 +proxy-service.metadata.keySourcePass=dummy +proxy-service.metadata.keySourceAlias=metadata # Session Encryption properties #proxy-service.cookieEncryptPw=changeme @@ -71,28 +67,33 @@ proxy-service.consent.valuetranslation=urn:oid:1.3.6.1.5.5.7.9.3 proxy-service.welcomepage.markdown=${proxy-service.path.prefix}/cfg/infotext.md #Metadata Service List location specified as either URL (http or https), "file://" or "classpath:" -proxy-service.eidasMdListLocation=https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml +proxy-service.eidasMdListLocation=https://test.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml # Optional certificate file for validating metadata service list file signatures # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set -proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt +proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/metadata.crt #Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:" -proxy-service.eidasMetadataLocation=https://md.eidas.swedenconnect.se/entities +proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/role/sp.xml # Optional certificate file for validating metadata signatures # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set -proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt +proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/cfg/metadata.crt # Optional cache dir for caching downloaded metadata. If not set, cache is stored in memory. proxy-service.eidasMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache #Metadata location for national IdP metadata specified as either URL (http or https), "file://" or "classpath:" -proxy-service.nationalMetadata.prod.location=https://md.swedenconnect.se/role/idp.xml -proxy-service.nationalMetadata.prod.certFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt -proxy-service.nationalMetadata.prod.cacheFile=${proxy-service.path.prefix}/cache/prod-metadata.xml -proxy-service.nationalMetadata.prod.index=0 +#proxy-service.nationalMetadata.test.location=http://eid.svelegtest.se/metadata/mdx/role/idp.xml +#proxy-service.nationalMetadata.test.certFile=${proxy-service.path.prefix}/cfg/se-metadata-cert.crt +#proxy-service.nationalMetadata.test.cacheFile=${proxy-service.path.prefix}/cache/test-metadata.xml +#proxy-service.nationalMetadata.test.index=1 + +proxy-service.nationalMetadata.test.location=https://test.md.swedenconnect.se/role/idp.xml +proxy-service.nationalMetadata.test.certFile=${proxy-service.path.prefix}/cfg/metadata.crt +proxy-service.nationalMetadata.test.cacheFile=${proxy-service.path.prefix}/cache/test-metadata.xml +proxy-service.nationalMetadata.test.index=0 management.server.context-path=/manage management.server.security.enabled=false @@ -101,5 +102,11 @@ management.server.ssl.enabled=true proxy-service.syslog.enabled=true +# Override default signature algorithms +proxy-service.signature-algorithm=http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 +proxy-service.signature-algorithm.md=${proxy-service.signature-algorithm} +proxy-service.signature-algorithm.natsp=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 +proxy-service.signature-algorithm.natsp.md=${proxy-service.signature-algorithm.natsp} + #Private SP requests from other eIDAS countries proxy-service.private-sp.enabled=true diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/general-metadata.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/general-metadata.properties index 8a090155..37dbafa3 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/general-metadata.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/general-metadata.properties @@ -5,8 +5,8 @@ psgen.orgName={\ sv:'Sweden Connect'\ } psgen.dispName={\ - en:'Swedish eIDAS Proxy Service',\ - sv:'Swedish eIDAS Proxy Service'\ + en:'Swedish eIDAS Test Proxy Service',\ + sv:'Swedish eIDAS Test Proxy Service'\ } psgen.orgUrl=https://swedenconnect.se psgen.supportGivenName=Customer support diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties index a4300755..2fbc1ef5 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties @@ -4,24 +4,20 @@ # - natToEidasMapping = National IdP:s are allowed to respond with national LoA. These counts as non notified eID # - natToEidasNotifiedMapping = National IdP:s are allowed to respond with national LoA. These counts as notified eID -idp.freja.entityid=https://idp-sweden-connect-valfr-2017.prod.frejaeid.com +idp.testIdp.entityid=http://test.test.swedenconnect.se/idp +idp.testIdp.loapolicy=justEidasLoa +idp.testIdp.consent=true +idp.testIdp.privateSpSupport=true +idp.testIdp.deriveDob=false +idp.testIdp.index=1 + +idp.freja.entityid=https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com idp.freja.loapolicy=justEidasLoa idp.freja.consent=false idp.freja.deriveDob=false idp.freja.privateSpSupport=true idp.freja.index=0 -#idp.testIdp.entityid=http://qa.test.swedenconnect.se/idp -#idp.testIdp.name.sv=Test ID-tjänst -#idp.testIdp.name.en=Test IdP -#idp.testIdp.logo.uri=${proxy-service.domain.prefix}/img/se-flag-rnd.svg -#idp.testIdp.logo.height=67 -#idp.testIdp.logo.width=68 -#idp.testIdp.loapolicy=justEidasLoa -#idp.testIdp.consent=true -#idp.testIdp.deriveDob=false -#idp.testIdp.index=0 - #idp.mobIdp.entityid=https://midp.svelegtest.se/idp #idp.mobIdp.name.sv=Legacy Test ID Tjänst #idp.mobIdp.name.en=Legacy Test IdP diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/natsp-metadata.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/natsp-metadata.properties index 03cca74a..d1855acc 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/natsp-metadata.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/natsp-metadata.properties @@ -10,8 +10,8 @@ natsp.displayNames={\ sv:'Sveriges internationella legitimeringsnod'\ } natsp.descriptions={\ - en:'Swedish eIDAS Service',\ - sv:'Svenska eIDAS Tjänsten'\ + en:'Test service for the Swedish eIDAS',\ + sv:'Testtjänst för Svenska eIDAS'\ } natsp.assertionConsumerServices={\ 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/assertionconsumer'\ diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/psidp-metadata.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/psidp-metadata.properties index dc936c7a..c17a30fa 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/psidp-metadata.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/psidp-metadata.properties @@ -33,4 +33,4 @@ psmd.idp.assuranceCertifications=\ http://eidas.europa.eu/LoA/NotNotified/low,\ http://eidas.europa.eu/LoA/NotNotified/substantial,\ http://eidas.europa.eu/LoA/NotNotified/high -psmd.idp.termsofaccessRequesterId=true +psmd.idp.termsofaccessRequesterId=false diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/syslog.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/syslog.properties index 17363cc2..cccd082e 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/syslog.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/syslog.properties @@ -8,16 +8,9 @@ # - clienthostname : Name of the sending client host # - clientapp : Name of the sending client application -syslog.1.host=log-1.sveidas.se +syslog.1.host=log-1.test.sveidas.se syslog.1.port=514 syslog.1.protocol=udp syslog.1.bsd=false syslog.1.facility=19 syslog.1.clientapp=eidas-proxy-service - -syslog.2.host=log-2.sveidas.se -syslog.2.port=514 -syslog.2.protocol=udp -syslog.2.bsd=false -syslog.2.facility=19 -syslog.2.clientapp=eidas-proxy-service