Sign-service configruation

global/overlay/etc/puppet/modules/eid/templates/idm/idm.yml.erb

@@ -99,3 +99,37 @@ idm:
   storage:
     pending-relative-sign-time-to-live-in-hours: 336
   oauth2-id: https://test.idm.swedenconnect.se/idm
+
+
+signservice:
+  discovery:
+    metadata-cache-file: /tmp/metadata-cache.xml
+    allowed-entity-ids:
+      - http://local.dev.swedenconnect.se/idp
+      - https://bankid.swedenconnect.se/idp/local
+      - https://idp-sweden-connect-valfr-2017-sandbox.test.frejaeid.com
+    federation-metadata-location: https://eid.svelegtest.se/metadata/mdx/role/idp.xml
+    metadata-validation-certificate: classpath:certificate/metadata/sandbox-metadata.crt
+  config:
+    policy: localdev
+    default-sign-requester-id: https://sandbox.swedenconnect.se/idm
+    default-return-url: https://sandbox.swedenconnect.se/idm/frontend/common/validateSign
+    sign-service-id: https://sandbox.swedenconnect.se/signservice
+    default-destination-url: https://sandbox.swedenconnect.se/signservice/sign/idm/signreq
+    default-signature-algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
+    sign-service-certificates:
+      - classpath:certificate/signservice/signservice.crt
+    trust-anchors:
+      - classpath:certificate/signservice/test-ca.crt
+  credential:
+    type: JKS
+    resource: classpath:certificate/signservice/sign-client.jks
+    password: secret
+    alias: client
+    key-password: secret
+  response:
+    config:
+      strict-processing: false
+      maximum-allowed-response-age: 180000
+      allowed-clock-skew: 60000
+      require-assertion: true