diff --git a/eidas-node/overlay/etc/eidas-connector/eidas-connector.conf b/eidas-node/overlay/etc/eidas-connector/eidas-connector.conf index 9fbd612e..04dcaea4 100644 --- a/eidas-node/overlay/etc/eidas-connector/eidas-connector.conf +++ b/eidas-node/overlay/etc/eidas-connector/eidas-connector.conf @@ -5,62 +5,54 @@ # Script within docker container reads from /etc/eidas-connector/env/ - So make sure to have a volume mount. # -# The hostname that the connector exposes externally - Set in "docker run" -#IDP_SERVER_HOSTNAME=eunode.qa.sveidas.se - -# Connector IdP entityID -IDP_ENTITY_ID=https://${IDP_SERVER_HOSTNAME}/eidas - -# Connector SP entityID -SP_ENTITY_ID=https://${IDP_SERVER_HOSTNAME}/idp/metadata/sp - # # Logging settings # # Logback log levels # There must be a Docker volume mounted to the /etc/eidas-connector directory. -IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml +export IDP_LOG_SETTINGS_FILE=/etc/eidas-connector/loglevels.xml # Process logs go to stdout -IDP_LOG_CONSOLE=true +export IDP_LOG_CONSOLE=true # Syslog (for Audit and F-TICKS) -IDP_SYSLOG_HOST=syslog.nordu.net -IDP_SYSLOG_PORT=514 +export IDP_SYSLOG_HOST=syslog.nordu.net +export IDP_SYSLOG_PORT=514 # F-TICKS and Audit -IDP_FTICKS_FEDERATION_ID=eIDAS -#IDP_FTICKS_SALT=changeme +export IDP_FTICKS_FEDERATION_ID=eIDAS # Different formats -> different facilities (?) -IDP_FTICKS_SYSLOG_FACILITY=AUTHPRIV -IDP_AUDIT_SYSLOG_FACILITY=AUTH +export IDP_FTICKS_SYSLOG_FACILITY=AUTHPRIV +export IDP_AUDIT_SYSLOG_FACILITY=AUTH # JVM settings -JVM_MAX_HEAP=1536m -JVM_START_HEAP=512m +export JVM_MAX_HEAP=1536m +export JVM_START_HEA=512m -IDP_CREDENTIALS=/etc/eidas-connector/credentials +export IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt -IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/idp/sealer.jks -IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/idp/sealer.kver -IDP_SIGNING_KEY=$IDP_CREDENTIALS/idp/idp-signing.key -IDP_SIGNING_CERT=$IDP_CREDENTIALS/idp/idp-signing.crt -IDP_ENCRYPTION_KEY=$IDP_CREDENTIALS/idp/idp-encryption.key -IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/idp/idp-encryption.crt -IDP_METADATA_SIGNING_KEY=$IDP_CREDENTIALS/idp/metadata-signing.key -IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/idp/metadata-signing.crt +export IDP_CREDENTIALS=/etc/eidas-connector/credentials -SP_SIGNING_KEY=$SP_CREDENTIALS/sp/sp-signing.key -SP_SIGNING_CERT=$SP_CREDENTIALS/sp/sp-signing.crt -SP_ENCRYPTION_KEY=$SP_CREDENTIALS/sp/sp-encryption.key -SP_ENCRYPTION_CERT=$SP_CREDENTIALS/sp/sp-encryption.crt -SP_METADATA_SIGNING_KEY=$SP_CREDENTIALS/sp/metadata-signing.key -SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/sp/metadata-signing.crt +export IDP_SEALER_STORE_RESOURCE=$IDP_CREDENTIALS/idp/sealer.jks +export IDP_SEALER_VERSION_RESOURCES=$IDP_CREDENTIALS/idp/sealer.kver +export IDP_SIGNING_KEY=$IDP_CREDENTIALS/idp/idp-signing.key +export IDP_SIGNING_CERT=$IDP_CREDENTIALS/idp/idp-signing.crt +export IDP_ENCRYPTION_KEY=$IDP_CREDENTIALS/idp/idp-encryption.key +export IDP_ENCRYPTION_CERT=$IDP_CREDENTIALS/idp/idp-encryption.crt +export IDP_METADATA_SIGNING_KEY=$IDP_CREDENTIALS/idp/metadata-signing.key +export IDP_METADATA_SIGNING_CERT=$IDP_CREDENTIALS/idp/metadata-signing.crt + +export SP_SIGNING_KEY=$SP_CREDENTIALS/sp/sp-signing.key +export SP_SIGNING_CERT=$SP_CREDENTIALS/sp/sp-signing.crt +export SP_ENCRYPTION_KEY=$SP_CREDENTIALS/sp/sp-encryption.key +export SP_ENCRYPTION_CERT=$SP_CREDENTIALS/sp/sp-encryption.crt +export SP_METADATA_SIGNING_KEY=$SP_CREDENTIALS/sp/metadata-signing.key +export SP_METADATA_SIGNING_CERT=$SP_CREDENTIALS/sp/metadata-signing.crt # Tomcat settings -TOMCAT_TLS_SERVER_KEY=$IDP_CREDENTIALS/tomcat/tomcat-key.pem -TOMCAT_TLS_SERVER_CERTIFICATE=$IDP_CREDENTIALS/tomcat/tomcat-cert.pem -TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$IDP_CREDENTIALS/tomcat/tomcat-chain.pem +export TOMCAT_TLS_SERVER_KEY=$IDP_CREDENTIALS/tomcat/tomcat-key.pem +export TOMCAT_TLS_SERVER_CERTIFICATE=$IDP_CREDENTIALS/tomcat/tomcat-cert.pem +export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$IDP_CREDENTIALS/tomcat/tomcat-chain.pem diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 57c24f4c..9c95c576 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -217,25 +217,6 @@ class eidas_connector($version="1.0.5") { "SP_ENTITY_ID=https://$hostname/idp/metadata/sp", "IDP_PERSISTENT_ID_SALT=$idp_persistent_id_salt", "IDP_SEALER_PASSWORD=$idp_sealer_password", - "IDP_PRID_SERVICE_URL=$prid_service", - "IDP_TLS_TRUSTED_CERTS=/etc/ssl/certs/infra.crt", - "IDP_SEALER_STORE_RESOURCE=/etc/eidas-connector/credentials/idp/sealer.jks", - "IDP_SEALER_VERSION_RESOURCES=/etc/eidas-connector/credentials/idp/sealer.kver", - "IDP_SIGNING_KEY=/etc/eidas-connector/credentials/idp/idp-signing.key", - "IDP_SIGNING_CERT=/etc/eidas-connector/credentials/idp/idp-signing.crt", - "IDP_ENCRYPTION_KEY=/etc/eidas-connector/credentials/idp/idp-encryption.key", - "IDP_ENCRYPTION_CERT=/etc/eidas-connector/credentials/idp/idp-encryption.crt", - "IDP_METADATA_SIGNING_KEY=/etc/eidas-connector/credentials/idp/metadata-signing.key", - "IDP_METADATA_SIGNING_CERT=/etc/eidas-connector/credentials/idp/metadata-signing.crt", - "SP_SIGNING_KEY=/etc/eidas-connector/credentials/sp/sp-signing.key", - "SP_SIGNING_CERT=/etc/eidas-connector/credentials/sp/sp-signing.crt", - "SP_ENCRYPTION_KEY=/etc/eidas-connector/credentials/sp/sp-encryption.key", - "SP_ENCRYPTION_CERT=/etc/eidas-connector/credentials/sp/sp-encryption.crt", - "SP_METADATA_SIGNING_KEY=/etc/eidas-connector/credentials/sp/metadata-signing.key", - "SP_METADATA_SIGNING_CERT=/etc/eidas-connector/credentials/sp/metadata-signing.crt", - "TOMCAT_TLS_SERVER_KEY=/etc/eidas-connector/credentials/tomcat/tomcat-key.pem", - "TOMCAT_TLS_SERVER_CERTIFICATE=/etc/eidas-connector/credentials/tomcat/tomcat-cert.pem", - "TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=/etc/eidas-connector/credentials/tomcat/tomcat-chain.pem", "IDP_FTICKS_SALT=$idp_fticks_salt"] } -> class {'webserver': } ->