From 867e8f6adef05366caf72456abfba8322edbbee8 Mon Sep 17 00:00:00 2001 From: Patrik Holmqvist Date: Fri, 31 Jan 2025 12:04:20 +0100 Subject: [PATCH] copy files from overlay /etc to /opt for proxy in test --- .../opt/eidas-proxy/se/cache/.placeholder | 0 .../se/cfg/application-se.properties | 116 +++++++++++++++++ .../overlay/opt/eidas-proxy/se/cfg/enc.crt | 29 +++++ .../se/cfg/general-metadata.properties | 18 +++ .../eidas-proxy/se/cfg/idpdisco.properties | 67 ++++++++++ .../opt/eidas-proxy/se/cfg/img/favicon.ico | Bin 0 -> 15086 bytes .../se/cfg/img/idp-logo-notext.svg | 9 ++ .../opt/eidas-proxy/se/cfg/img/idp-logo.svg | 17 +++ ...n-connect-color-yellow-on-blue-no-text.svg | 1 + .../sweden-connect-color-yellow-on-blue.svg | 123 ++++++++++++++++++ .../opt/eidas-proxy/se/cfg/infotext.md | 37 ++++++ .../opt/eidas-proxy/se/cfg/metadata.crt | 30 +++++ .../se/cfg/natsp-metadata.properties | 26 ++++ .../opt/eidas-proxy/se/cfg/oidc-rp.properties | 23 ++++ .../overlay/opt/eidas-proxy/se/cfg/pkcs11.cfg | 33 +++++ .../se/cfg/psidp-metadata.properties | 33 +++++ .../opt/eidas-proxy/se/cfg/sctest2.crt | 30 +++++ .../overlay/opt/eidas-proxy/se/cfg/sign.crt | 29 +++++ .../opt/eidas-proxy/se/cfg/syslog.properties | 16 +++ .../se/cfg/test-metadata-signer.crt | 30 +++++ .../se/metadata/oidc/bid-op-jwks.json | 21 +++ .../se/metadata/oidc/bid-op-metadata.json | 35 +++++ .../eidas-proxy/se/ps-mdcache/.placeholder | 0 23 files changed, 723 insertions(+) create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cache/.placeholder create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/application-se.properties create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/enc.crt create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/general-metadata.properties create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/idpdisco.properties create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/favicon.ico create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/idp-logo-notext.svg create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/idp-logo.svg create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue-no-text.svg create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue.svg create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/infotext.md create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/metadata.crt create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/natsp-metadata.properties create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/oidc-rp.properties create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/pkcs11.cfg create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/psidp-metadata.properties create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sctest2.crt create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sign.crt create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/syslog.properties create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/test-metadata-signer.crt create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-jwks.json create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-metadata.json create mode 100644 eidas-test-proxy/overlay/opt/eidas-proxy/se/ps-mdcache/.placeholder diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cache/.placeholder b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cache/.placeholder new file mode 100644 index 00000000..e69de29b diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/application-se.properties b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/application-se.properties new file mode 100644 index 00000000..99eb7dda --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/application-se.properties @@ -0,0 +1,116 @@ +# Logging +logging.level.org.springframework.web=DEBUG + +# Service path +server.servlet.context-path=/eidas-ps + +#proxy-service.path.prefix=${spring.config.additional.location}.. +#proxy-service.config.location=file://${spring.config.additional.location} + +proxy-service.image.logo=${spring.config.additional.location}/img/idp-logo.svg +proxy-service.image.icon=${spring.config.additional.location}/img/idp-logo-notext.svg + +# Service port connector settings +server.port=8443 +#server.ssl.key-store=${proxy-service.path.prefix}/keystore/sslSnakeOil.p12 +#server.ssl.key-store-type=PKCS12 +#server.ssl.key-store-password=secret +#server.ssl.key-password=secret + +tomcat.ajp.port=8009 +tomcat.ajp.remoteauthentication=false +tomcat.ajp.enabled=true + +# For development. Allowing signature check on metadata to be skipped. Default false. +#proxy-service.dev.ignoreMetadataSignCheck=true + +# Initial delay in milliseconds (default 5000) and seconds between metadata configuration recache (default 240 sec). +#proxy-service.daemon.inital.delay.ms=5000 +proxy-service.daemon.recache.delay.sec=240 + +# Location of other properties files (general-metadata.properties, psidp-metadata.properties and natsp-metadata.properties) +# Example specifying external location: 'proxy-service.config.location=file:///opt/webapp/eidas-ps/cfg/' +# Example specifying src/main/resources config location: 'classpath:' + +proxy-service.country=SE + +# Key Store properties +# Location can be specified as "classpath:" or as file path e.g "/opt/webapp/eidas-ps/keystore/keyStore.jks" + +proxy-service.pkcs11.external-config-locations=${spring.config.additional.location}/pkcs11.cfg +proxy-service.pkcs11.reloadable-keys=false + +proxy-service.keySourceType=PKCS11 +proxy-service.keySourcePass=${proxy-service.pkcs11.pin} +proxy-service.keySourceAlias=sc_eidas_sign +proxy-service.keySourceCertLocation=${spring.config.additional.location}/sign.crt + +proxy-service.encryption.keySourceType=PKCS11 +proxy-service.encryption.keySourcePass=${proxy-service.pkcs11.pin} +proxy-service.encryption.keySourceAlias=sc_eidas_encrypt +proxy-service.encryption.keySourceCertLocation=${spring.config.additional.location}/enc.crt + +proxy-service.metadata.keySourceType=PKCS11 +proxy-service.metadata.keySourcePass=${proxy-service.pkcs11.pin} +proxy-service.metadata.keySourceAlias=sctest2 +proxy-service.metadata.keySourceCertLocation=${spring.config.additional.location}/sctest2.crt + +# Session Encryption properties +#proxy-service.cookieEncryptPw=changeme + +# Requirements to show consent dialogue (Default false); +proxy-service.consent=true +proxy-service.consent.attributes=urn:oid:1.2.752.201.3.7,\ + urn:oid:2.5.4.4,\ + urn:oid:2.5.4.42,\ + urn:oid:1.3.6.1.5.5.7.9.3,\ + urn:oid:1.3.6.1.5.5.7.9.1 +proxy-service.consent.valuetranslation=urn:oid:1.3.6.1.5.5.7.9.3 + +# Welcome page presentation text location +proxy-service.welcomepage.markdown=${proxy-service.path.prefix}/cfg/infotext.md + +#Metadata Service List location specified as either URL (http or https), "file://" or "classpath:" +#proxy-service.eidasMdListLocation=https://test.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml + +# Optional certificate file for validating metadata service list file signatures +# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set +#proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/sctest2.crt + +#Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:" +proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/role/sp.xml + +# Optional certificate file for validating metadata signatures +# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set +proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/cfg/sctest2.crt + +# Optional cache dir for caching downloaded metadata. If not set, cache is stored in memory. +proxy-service.eidasMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache + +#Metadata location for national IdP metadata specified as either URL (http or https), "file://" or "classpath:" + +proxy-service.nationalMetadata.test.location=https://test.md.swedenconnect.se/role/idp.xml +proxy-service.nationalMetadata.test.certFile=${proxy-service.path.prefix}/cfg/sctest2.crt +proxy-service.nationalMetadata.test.cacheFile=${proxy-service.path.prefix}/cache/test-metadata.xml +proxy-service.nationalMetadata.test.index=0 + +management.server.context-path=/manage +management.server.security.enabled=false +management.server.port=8444 +management.server.ssl.enabled=true + +proxy-service.syslog.enabled=true + +# Override default signature algorithms +proxy-service.signature-algorithm=http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 +proxy-service.signature-algorithm.md=${proxy-service.signature-algorithm} +proxy-service.signature-algorithm.natsp=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 +proxy-service.signature-algorithm.natsp.md=${proxy-service.signature-algorithm.natsp} + +#Private SP requests from other eIDAS countries +proxy-service.private-sp.enabled=true + +#HTTP configuration +#These configuration properties allow configuration of the HTTP client used to obtain metadata as well as for OpenID connect operations such as retrieving ID tokens and user-info tokens from the OP. +proxy-service.http.connect-timeout=1000 +proxy-service.http.read-timeout=5000 diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/enc.crt b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/enc.crt new file mode 100644 index 00000000..2bb8b09a --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/enc.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE6zCCAtOgAwIBAgIBfDANBgkqhkiG9w0BAQsFADAvMQ8wDQYDVQQKEwZTQ1RF +U1QxHDAaBgNVBAMTE1NBTUwgRW5jcnlwdGVyIFRlc3QwHhcNMjMxMjEzMDAwMDAw +WhcNMjcxMjEyMDAwMDAwWjAvMQ8wDQYDVQQKEwZTQ1RFU1QxHDAaBgNVBAMTE1NB +TUwgRW5jcnlwdGVyIFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDXGcgllb6w5CUo8UqXb4UvLdL3NX2KmemrSTquiuUjMRU5cIhLlyPEm4nfHiLD +uDlqOa6Cp09v2YokX3WQP+K7FlYrs6+1Jy5rsv2TANbID+BRQVXNPpNNfVrUyBEe +V1CUT6qaGoCCNofrFJwKtXUIdX53ioqJxSIA7VNQ3pZVut9dbHwrGtLmCQOTgPff +GowXXP/xMw/Fne/nHO/OFbtffdYcJtsMGIA9q/bedKTDjp82FGA5PnX1+tJlUQKR +FmUY+LpJIlB5QwoEao5sdj39BLj8cSS1pWvhwV/gjlL8csV9r39KXrV0LGFO1vxb +pZaZ+m/2IyD4BDm8KofS4pEsWvQke7RvxPDREdV7JU7mYVKGtxDTLQSGVT3Xujxt +oiiazbb9PBQFfb2SFruBqEyqz/vf8cD3U/Vp35ez1st3xgWQ0/uPGLKXsLYUB+Xq +BU2Kjz6hoy1b9/Lh1e7j1fQuhaiDbC/4GEBwO1UMv9U/dxCJmCKqB02qL8H+ZRld +Bh7XDbJMWhOAsOCd8bCxJgKfRIXmZDzE/uWkV1a8YsqmgvTOVcWAOmx8Ebng6kJm +IMiPnBHpMv7nYy5QI6CxXvy1k8ZJIcIH2d4aFVWKgSKcABl2vxgwgzXS9d4k/T89 +rTeX4QyMy3m3UZByAUuJ1in91BRJTg42uzIV/vCNR+Ig9wIDAQABoxIwEDAOBgNV +HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADggIBALDrN7fkvPrASS71GSyVCfzy +e0GpaVYb3pR4oWIAXepew33zADqTry9J3ErGoKEYgPSNqFhDEHyK7SYnDGsXoG8i +0f95i7lviRv6cVzeQq4BK9guB7sZCOLBMkWTcHc9EDnN0573Q4VNix0CzeHU4Xcp +iseg5q2qEj84pljOktwq7Xv5kot766XpAc/6hMqwWhLqK3B1aOv/7ZGLmHDLTikQ +2TA0sKeloFw8bFtsdO40R7MPyMTCF1FavFaWRUln80J4msMwueZUg/lvsCI0CTg0 +5WJtKTSGH08ZB0UMZPYZ/URFF/6gDHT2M9Qftb0VtSl1r2t/hxHTkirPZ6Mbg5jh +GqLQZI/B2ISP4mDvbK8hfncDToiIa/LBGev6QUoxc/fvgChmLz5TTI1euPFBGp7P +QGXmEWgnKm1rnXya6lJoUYKP042aIfXw7N6xxmPXuvg74Z+hkZ5CZQ1IGlvmn8z0 +tOClWDxJoECO3KY1TT0/Eusgrw7PA3UkBMaS1meNYwcwCYQvdbL6GEXTsOFOS2Zs +7pFwW5Kh9Zvg48LdW8gx/7wWyslvlqcV4+fdB3pZrSpbuW+3C1zy65u5IheEctc1 +DF31LGgTWOQQTC2kl0fuPCytlpX+iW6HD0pz6FyszGYRShvUfTKyrz70MJlt3APD +zuYOusVXWwZi/gZ+H9XG +-----END CERTIFICATE----- diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/general-metadata.properties b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/general-metadata.properties new file mode 100644 index 00000000..75cb67e1 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/general-metadata.properties @@ -0,0 +1,18 @@ +psgen.country=${proxy-service.country} +psgen.name=Sweden eIDAS ProxyService +psgen.orgName={\ + en:'Sweden Connect',\ + sv:'Sweden Connect'\ +} +psgen.dispName={\ + en:'Swedish eIDAS Test Proxy Service',\ + sv:'Swedish eIDAS Test Proxy Service'\ +} +psgen.orgUrl=https://swedenconnect.se +psgen.supportGivenName=Customer support +psgen.techGivenName=Technical support +psgen.supportEmail=operations@swedenconnect.se +psgen.techEmail=operations@swedenconnect.se + + + diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/idpdisco.properties b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/idpdisco.properties new file mode 100644 index 00000000..01ad7760 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/idpdisco.properties @@ -0,0 +1,67 @@ +# Available policies are: natToEidasMapping, natToEidasNotifiedMapping, justEidasLoa +# Defined meaning: +# - justEidasLoa = IdP is only allowed if it supports the national eIDAS LoAs +# - natToEidasMapping = National IdP:s are allowed to respond with national LoA. These counts as non notified eID +# - natToEidasNotifiedMapping = National IdP:s are allowed to respond with national LoA. These counts as notified eID + +idp.testIdp.entityid=http://test.test.swedenconnect.se/idp +idp.testIdp.loapolicy=justEidasLoa +idp.testIdp.consent=true +idp.testIdp.privateSpSupport=true +idp.testIdp.deriveDob=false +idp.testIdp.index=1 + +#idp.freja.entityid=https://idp-sweden-connect-valfr-2017-ct.test.frejaeid.com +#idp.freja.name.sv=Freja+ +#idp.freja.name.en=Freja+ +#idp.freja.loapolicy=justEidasLoa +#idp.freja.consent=false +#idp.freja.deriveDob=false +#idp.freja.privateSpSupport=true +#idp.freja.index=0 + +#idp.bankid.entityid=https://oidc.test.bankid.com +#idp.bankid.name.sv=BankID +#idp.bankid.name.en=BankID +#idp.bankid.logo.uri=https://www.bankid.com/assets/bankid/img/logo-bank-id.svg +#idp.bankid.logo.height=150 +#idp.bankid.logo.width=159 +#idp.bankid.loapolicy=natToEidasNotifiedMapping +#idp.bankid.consent=false +#idp.bankid.deriveDob=false +#idp.bankid.privateSpSupport=true +#idp.bankid.index=1 +#idp.bankid.protocol=oidc + +#idp.mobIdp.entityid=https://midp.svelegtest.se/idp +#idp.mobIdp.name.sv=Legacy Test ID Tjänst +#idp.mobIdp.name.en=Legacy Test IdP +#idp.mobIdp.logo.uri=${proxy-service.domain.prefix}/img/se-flag-rnd.svg +#idp.mobIdp.logo.height=67 +#idp.mobIdp.logo.width=68 +#idp.mobIdp.loapolicy=natToEidasNotifiedMapping +#idp.mobIdp.consent=false +#idp.mobIdp.deriveDob=true +#idp.mobIdp.index=1 + +#idp.ccBankid.entityid=https://eid.identityhub.se/demo/bankid/ +#idp.ccBankid.name.sv=BankID +#idp.ccBankid.name.en=BankID +#idp.ccBankid.logo.uri=img/disco/bankid_logo.png +#idp.ccBankid.logo.height=94 +#idp.ccBankid.logo.width=100 +#idp.ccBankid.loapolicy=natToEidasNotifiedMapping +#idp.ccBankid.consent=true +#idp.ccBankid.deriveDob=true +#idp.ccBankid.index=2 + +#idp.ccTelia.entityid=https://eid.identityhub.se/demo/teliabrowserplugin/ +#idp.ccTelia.name.sv=Telia +#dp.ccTelia.name.en=Telia +#idp.ccTelia.logo.uri=img/disco/telia_min_logo.png +#idp.ccTelia.logo.height=89 +#idp.ccTelia.logo.width=86 +#idp.ccTelia.loapolicy=natToEidasNotifiedMapping +#idp.ccTelia.consent=true +#idp.ccTelia.deriveDob=true +#idp.ccTelia.index=3 diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/favicon.ico b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..2c33a9cf885e0327245c8c14bb168eca38afaa7f GIT binary patch literal 15086 zcmdT~33yc16@HTyv6`@mLI8uTwL$>_6%fz}RuPdkKo-Ih3<3gy81@7L1cZbn?1G}W zprRmBwX$dgK^EIuzkXfSMy<5pr%+s>HFEm@_sxC2Ox~M$lLY;o?>lp6?sk@Y?m6e4 zdkw>9L>iqt8z>Wvr`sAv55q7L6aD|=4dVmU#iL|c&C$t8!+NWC}zBMlGyL%Kcsgk(><5o3Kp#s{0*Y9kHgA=(QM z=tq6$x&@Vc>F{VtF1T0XUjL^UzZFM_f9+$*STL$CcpxpLDdc`YpCmv~eW!k>=8cuu zqhE;ewutZT3)1Mo`|`^to|kK%d08$!^r@<6+vVk_WNLQ*y3i%kloV_Y(4GJ|0&rb( z(w;xQm0bCoKPj0<9RHu(`0&HBaAG?t9UdiXM#RefGyBQaFCI5}z}mFleOQ*KU0E0V znzSW2@ql{j4Q;P0?QElc8L@1N7$+|%`Z_+fM^=rBQ}uf62K339(p?%JtT5N-(uKW|3 zh5bza1N(;gpEP#2uL1ruF4*K{9_mP^r*~&wtboSI6%=m#m7`AlK>Uk=bqko`Zpg-5;J$8>z9?0qPMj0tcV=8f{knDiYFRZpUWTlg zW%>lHL5H2MN>OtC8sb(m=Xv^5Ez@vI>IQY7_3lHKjqm*UPFa!CL~eNGQDJOBz6e|& z?(?PT&87X${ff87`~NNl8O<%73m3nic6**6Y*~?M;gER%* zT3>o>drTf2(?IdCcwB3=y=%4g+ra+qW$ePyQdax(O^w!odc(EnS&O>EI3W#Z0_qQW zpntw@$BRmbR*q>{rH%b3=iFHvz0vX}?KRrJq<=|93u(OnJ+&9xJ$Ddi;Fi++p^fT1 zqu0SaA3P!}QyNQ`$DgtGd7A)#QG>lp9!NWFkme_>lD1FT64*kkOPrrnIQ&ArYA2-+PPk+I44(HKxhFQ{og&jX=9LoNuT_vqvIAZBV*X=u0 ztiYIo?InooN=7hN^Qr%gF{nE_?x4RYO1`uvHb}=0jDf<6-!%O!NoVGqdn6Vy8TCTj zcsH4{KV!YB{$hMh_Og!O!it~mwCmrDg?nw;Y}veh)>-|VBerHt z&h^rBdMH)=>^}o|KEF84OS}s*J4lmP|6%VA1TQi5@x3y_F6LD>v`n%Mr z^NXMUu+EQ8^O1+-f-H$V{$IsI{llka%B%sdG*Q2J_EdHj_N&)Jo5G=;XI=aG(ewG; ziFVeJ{?(%{SN2BlP5Oitu=`GW!JNf}dBe?fDClQSfae9b`2*^!oZtOx;3tE8Jyp(4*?9Vd2XkEMPtD6PZ7JwyyusW|u=)LM)$%8P`aR{ZLeKA$JJ;k{Hl99V z_LLq~axByx=DbuM2Kvuj*a-LskNWSJzw+~t0Q!RF4@1#UU0Iga^n0HG`j|_+AO4KF z#nR!CvS?ykxd}OIbv}UXo9z3mPBYn#t;y(!=OX5TKCz433$ z9xGzaB518A551*vrtit@W+RxMz z$l4BU;~Cg3_hQ50Ie+fwAsS=p6L@#vK%3V(pUjxvTe@z4TH+6W1Rwnc;=0e3{BL+< zoBw_zBGmk(!SnqE>E{PyJl!9K;*Yvi0=>_h&{}5R-%HWVa|310wh-fMbbn-Wpm>PE z{F4Ad?=wQsplGCi)4mWq=sL#`Cvn&4{?5h&_XF=Tj{<&D_otc%mY}^EfVQ{RYk@i3 z^oDa2N1feY2k^i+<0tukAb^i3@WGgmc7bv1X+StRRQBZ!QEku=AjQ1MiRe zenzAs7GA}$;Jjg6&HojK5zDgNFd|vz;~f!85{|D6Eb|Pbl4W1Rz%UFnjI%7`45NZ& z?Du6k|Kr9du*_#YZsP(=R@dbxpOZP@DQCR{T@|di(XaW^d}_Y693T=U7fVj%ez{fn z<*4O~j;5?lx$~V?BA_3@dZ$&xS5eR<`fciRHsD3T`+%)6IV?Ca@W0LXLw zU=HrbUVyEDj{ubbjnl1UANJ)Kj;+!D!?+fJHGmrD5d32~M+;Xb9U9QTC*UnW6&~%r zHVl8uIXG8O2UOLn&~E_XJwO0%pNds@2QjR0x=friL<&=`@apq97v~&M4WX?9?c}=} z?o#A2MioplbCP&d!TS&9QQJKKy2^`rj5{<9j&cCrmH@^Q0el>k2 z+nEn^%ZUWe>Hkk$_IvW)_+L%W8HeUh?u@rXXQkQ8e^5D8EooO3R=k%L-*e;JhtM(o9A-wbD zyCCKt_&%<9eP~eJg{h6zeRbRCUsL+tAN=#4gJ*f#CGt(Y9e3=Jdvgbcvlm_QYI?cX zIp=jd_CnXjs5?&HbMmcQ@yJVLK-qFd6Z3*Irr(VB0%7@ukTRew$y+4uTkpnN6Q2(< zk2&@g*5KE$LrK=VG_HZRQJVfBrH)&I%7D5w8}})caRcbs^yz)%uA=$MAMx!5b&>Q@ zH+hf5`=l`RFXa9s{oGUCw{2H@knb(H=Xg)Yw_gi0+p9gvy~jP+b^9|?j6EBKZ{0@R z*#KAjqvs$$bKncee-z$3r7uiXIpEoREM;rW zyNtvtYt8ndg)`M2<+~Ny?jUc14NeXzvk+ ziOu;N?T+!c8x6cSoiJ}0?zm?ud(0fV%iC_^4jO-Jibx}%+WEtc2I`~+7nyrLf7odF z(av8s8h*6%r>21=Dr(3j~1{$?H9kY%a;24g*3vfn_2i-~QSIHe~mdNHo<{5I!lq28qx7>SD#pMn* zh~ul!PrpoBc~{CeG|5Y|6fb6MRqgF0$6E3uAH+dfF&^jnYXf9RSyG1M=Z^?n2adJY zkK+kkhlz8C$~7;%sorI9E$>*fSgoxsZqVyz>5m@Il5aeEZ{8qX5cBa|L|KfRpKQmk z^oKhE{Vn~~bC3_xJ)m?MWVr)=GsAvx<0|JdhPhj%=sYA-3?9QTiHj + + + + + + + + diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/idp-logo.svg b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/idp-logo.svg new file mode 100644 index 00000000..406331fc --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/idp-logo.svg @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue-no-text.svg b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue-no-text.svg new file mode 100644 index 00000000..b9930ac4 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue-no-text.svg @@ -0,0 +1 @@ +yellow-on-blue \ No newline at end of file diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue.svg b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue.svg new file mode 100644 index 00000000..2dad5586 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue.svg @@ -0,0 +1,123 @@ + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/infotext.md b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/infotext.md new file mode 100644 index 00000000..97a21920 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/infotext.md @@ -0,0 +1,37 @@ +### Proxy Service + +This is the Swedish proxy service of the Swedish eIDAS Pilot + +- Application ID: **${proxy-service.applicationId}** +- Supported eIDAS protocol versions: **${proxy-service.eidasVersions}** + +**Relevant resources:** + + + + + + + + + + + + + + +
Sweden Connect Home Pagehttps://swedenconnect.se
eIDAS Proxy Service Metadata${proxy-service.domain.prefix}/ServiceMetadata
National SP Metadata${proxy-service.domain.prefix}/nat-metadata
Private Sector SP Metadata${proxy-service.domain.prefix}/nat-metadata${proxy-service.private-sp.suffix}
+ +**Metadata validation certificate:** +
+ + +``` +${proxy.service.metadata.cert} +``` +
+ +**Developers:** + +>Stefan Santesson
+>Martin Lindström diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/metadata.crt b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/metadata.crt new file mode 100644 index 00000000..a4750708 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/metadata.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFIjCCAwoCCQCVO3v9xSA+FDANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJT +RTEnMCUGA1UECgweU3dlZGlzaCBFLWlkZW50aWZpY2F0aW9uIEJvYXJkMRswGQYD +VQQDDBJRQSBNZXRhZGF0YSBTaWduZXIwHhcNMTcxMjE5MTIyMDI1WhcNMjcxMjE3 +MTIyMDI1WjBTMQswCQYDVQQGEwJTRTEnMCUGA1UECgweU3dlZGlzaCBFLWlkZW50 +aWZpY2F0aW9uIEJvYXJkMRswGQYDVQQDDBJRQSBNZXRhZGF0YSBTaWduZXIwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYzcmlNTMkBzIYUXxT13zNMakh +xR9BO1Qnlt2euUNdvL8FhgiNo+2AJDxFWts8nsg9Jam15F38nTqRMt4r1zFHYFJ5 +22h8urckpwvFVu/kjQrY8pztLE/pPvGXLPlySDkiRifCGibXuACngZx5chCwNs2h +2OoMgKH7d5aZmUcB2mIc/Ybd98W9jtch1gh5/QM0aJsYnDTYuB840YGwHXCyiBUf +1teUT9bJ/Y90OSXBdib9kuOmtQNMTYtyX8FAodYXVx8ibXNDfhdGaBJh+2J4lFTA +DQQ1tM1YigZyvBuslBcuLDfZce0OaWPYPAf8PE8voxJhGkA026GGNjXP/9nRK146 +bkN4nd/Aa6842aYEOjjcDAl43tjHKZBu0+pnq/2GRiN7Dw4Y+Td/2y8PqD/W87CV +ttrU6yniSMr7Y1+TfzzESSVPXs+csyatH9MJ2IA184Oh7TL6tPh5N96ugh7s85pN +zswG+Gouw1BVCfqpSJmmNMheEOr6igOYQ0LY5aOooLoqET9gu0ks9cixjANFhnhE +vRVkMfbnFVAnvXQEWPQY5NgqO4b0Z65ey011L+slNo6EIiw0FkznAwER0aYzrM2r +hs/hJAAbjnxEhgMKN9bdoXpnrAehwbTOTipOWwrdcd3IKNdDEyFY15j5rGgyIBcK +8gNnvGJLKcaC4vBd1QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBuws48HrfwW/Eq +WN4+VSZ1cMgkp/mgqyyDdXoCPUf5o7ro17oDSocmpdQypiCr6M88MACBX8cqKmie +kIyptrzp1x2seo8rTJpno97dt3hSwbe6+SbRh2bjDpDzL2ecrtv/GXjR41b2CbMO +wu4WTgiFhWmKGNDNcEem37VUpKEYe7u/ucie71AQi49jM0rJ5uSVdBONKj3iAH5d +mckw2nt6HKMJ0S+ckM/aq+m8ACgAyYmMr74Yt6wcpl/NORtIxaGUeT7Z8rN7TUmk +gP9scbYF16xJJkxtylnK2BrSwSFOIuB5KJo2xxhuMffxEgdy4711TfwMCUaTPKmF +dlYzPKeBaYzWFU42jcVsiQz4mSqgvS2dS8nZpYe2K0zHIzKwytn+HQ36KhRRDAVR +7aKH9S8FZJXC6wqXFdEwwZujkGhu/BxgfjGkde8qOQMUwHboX9+aflQ9okB1Tha6 +xVB1kG86WdgJLmrsfqaX1FVyO761ZXYHTuoAZ0iuzIRhteUksfRZchnKpUX0fF1i +yB9M0E6JfqvFeVfLlo8c2FI4MUYFWgqciizaXSfw0waMFdX5+U33eXr1RWF0POZX +JERf83JkjVLanESP9/U9nsZYgIiSX88PahYtuSZLhqamzzFvK+wuVcNKark8s1kS +2d8EIOY6h4jmS2ds9ORaavkV/xxTAA== +-----END CERTIFICATE----- diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/natsp-metadata.properties b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/natsp-metadata.properties new file mode 100644 index 00000000..88f2dd37 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/natsp-metadata.properties @@ -0,0 +1,26 @@ +#EntityID of the n +natsp.entityId=${proxy-service.domain.prefix}/nat-ps-sp +# Logos are specified as a map with the url as key followed by height,width[,lang] as comma separated parameters. +natsp.logos={\ + '${proxy-service.domain.prefix}/image/logo.svg':'60,171',\ + '${proxy-service.domain.prefix}/image/icon.svg':'32,32'\ + } +natsp.displayNames={\ + en:'Sweden Connect – Cross-border Digital Identification',\ + sv:'Sveriges internationella nod för e-legitimering'\ + } +natsp.descriptions={\ + en:'Test service for the Swedish eIDAS',\ + sv:'Testtjänst för Svenska eIDAS'\ + } +natsp.assertionConsumerServices={\ + 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/assertionconsumer'\ + } +natsp.nameIDFormats=\ + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\ + urn:oasis:names:tc:SAML:2.0:nameid-format:transient +natsp.entityCategories=\ + http://id.elegnamnden.se/ec/1.0/loa3-pnr,\ + http://id.elegnamnden.se/ec/1.0/eidas-pnr-delivery + + diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/oidc-rp.properties b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/oidc-rp.properties new file mode 100644 index 00000000..a0350946 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/oidc-rp.properties @@ -0,0 +1,23 @@ +oidc-enabled=true + +# OIDC client metadata +client-metadata.client-key[0].alias=oidc-rp +client-metadata.client-key[0].key-store-location=file://${proxy-service.path.prefix}/keystore/oidc-rp.jks +client-metadata.client-key[0].password=S3cr3t +client-metadata.client-key[0].supported-jws-algos=RS256, PS256 +client-metadata.preferred-userinfo-signed-response-algs=ES256,PS256,RS256 +client-metadata.redirect-uris[0]=${proxy-service.domain.prefix}/oidc/return +client-metadata.redirect-uris[1]=https://test.proxy.eidas.swedenconnect.se/oidc/return +client-metadata.subject-type=pairwise +client-metadata.default-acr-values=http://id.elegnamnden.se/loa/1.0/loa3 + +# OIDC config +oidc-config.op.bid-op.client-id=swedenconnecttest +oidc-config.op.bid-op.op-metadata-location=file://${proxy-service.path.prefix}/metadata/oidc/bid-op-metadata.json +oidc-config.op.bid-op.op-jwks-metadata-location=file://${proxy-service.path.prefix}/metadata/oidc/bid-op-jwks.json +oidc-config.return-url=${proxy-service.domain.prefix}/oidc/return + +# User messages +user-message.default.sv=Sveriges internationella nod för e-legitimering +user-message.default.en=Sweden Connect - Cross-border Digital Identification + diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/pkcs11.cfg b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/pkcs11.cfg new file mode 100644 index 00000000..011dd5af --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/pkcs11.cfg @@ -0,0 +1,33 @@ +#SafeNet Luna +name = Luna +library = /usr/safenet/lunaclient/lib/libCryptoki2_64.so +description = Luna config +slot = 4 +attributes(*,*,*) = { +CKA_TOKEN = true +} +attributes(*,CKO_SECRET_KEY,*) = { +CKA_CLASS=4 +CKA_PRIVATE= true +CKA_KEY_TYPE = 21 +CKA_SENSITIVE= true +CKA_ENCRYPT= true +CKA_DECRYPT= true +CKA_WRAP= true +CKA_UNWRAP= true +} +attributes(*,CKO_PRIVATE_KEY,*) = { +CKA_CLASS=3 +CKA_LABEL=true +CKA_PRIVATE = true +CKA_DECRYPT=true +CKA_SIGN=true +CKA_UNWRAP=true +} +attributes(*,CKO_PUBLIC_KEY,*) = { +CKA_CLASS=2 +CKA_LABEL=true +CKA_ENCRYPT = true +CKA_VERIFY=true +CKA_WRAP=true +} diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/psidp-metadata.properties b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/psidp-metadata.properties new file mode 100644 index 00000000..2a486edb --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/psidp-metadata.properties @@ -0,0 +1,33 @@ +psmd.gen.entityID=${proxy-service.domain.prefix}/ServiceMetadata +# Protocol version is the supported eIDAS protocol version. A coma separated list of versions may be provided if more than one are supported. +psmd.gen.supportedProtocolVersions=1.2,1.3,1.4 +# Application ID prefix MUST have the format {provider name}:{application ID}: e.g. "SE-eidas:proxy-service:" +psmd.gen.applicationIdPrefix=SE:proxy-service: +psmd.ext.supportedEncAlgos=\ + http://www.w3.org/2009/xmlenc11#aes256-gcm,\ + http://www.w3.org/2009/xmlenc11#aes192-gcm,\ + http://www.w3.org/2009/xmlenc11#aes128-gcm +psmd.ext.supportedSigAlgorithms=\ + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1,\ + http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1,\ + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 +psmd.ext.supportedDigestAlgorithms=\ + http://www.w3.org/2001/04/xmlenc#sha256,\ + http://www.w3.org/2001/04/xmlenc#sha512,\ + http://www.w3.org/2001/04/xmldsig-more#sha384 +psmd.idp.nameIDFormats=\ + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\ + urn:oasis:names:tc:SAML:2.0:nameid-format:transient,\ + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified +psmd.idp.ssoList={'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/ColleagueRequest'} +psmd.idp.supportedAttributes=\ + http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName,\ + http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName,\ + http://eidas.europa.eu/attributes/naturalperson/DateOfBirth,\ + http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier,\ + http://eidas.europa.eu/attributes/naturalperson/Gender +psmd.idp.assuranceCertifications=\ + http://eidas.europa.eu/LoA/substantial,\ + http://eidas.europa.eu/LoA/low,\ + http://eidas.europa.eu/LoA/NotNotified/substantial +psmd.idp.termsofaccessRequesterId=false diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sctest2.crt b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sctest2.crt new file mode 100644 index 00000000..066e1012 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sctest2.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNDCCAxygAwIBAgIJAOXc4tnlhatLMA0GCSqGSIb3DQEBCwUAMC8xDzANBgNV +BAoMBlNDVEVTVDEcMBoGA1UEAwwTU3dlZGVuIENvbm5lY3QgdGVzdDAeFw0yMzEy +MTgwODMyMzFaFw00MzEyMTgwODMyMzFaMC8xDzANBgNVBAoMBlNDVEVTVDEcMBoG +A1UEAwwTU3dlZGVuIENvbm5lY3QgdGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBALg+VABB7+YoFJ1bKnxPpRyx/xRFNRNbV06X3sE0hKAhjpOXiJAk +aHgINan6gbiINrt/1+EMKJWa9bgJUlzI3EpVSsF9Xc52OyYPfSD2wxiBzMx2YbQS +avDgmWUNt015FkSuozL33Cu6F7zWHq6YoD+9PfphO2+C6RqrHkI2E8Y8FrZYEbXo +eSFIUaEnK8ZafrgJlHcMDGXm6TqMCqFyVDrmfETQ65ZfAIGeM2IlC9GuPvMZj8wM +KKCjrNIWVZQdoUymmGGAjXQI5V3h9r3fQfVXqY1A/4CQh4HP7Xc/jl6MoZronASM +rJoypFI1YQVJwwIAdkCofST2fHTGTg29QauoJBfdW4K5ZvWhpWzpy1OMvx3+p+sL +Ke/VM/v9uiA44PvFQQVxlJihHhl5cLuC0sS+grUUW/qSdWJQ/5ZIEqqFn4gGeUtJ +aCQpNrbfvLzpXXl5Ki+1hvHRA0rZQShIKGeaaoFQVZcoQH8AXlJnpQQdufwoUHGp +Qsrdnt745r+xFbPBp0bAmyumEIZwPN4Zf1oANW8uF8+DmKJnVYuWlP4XnnF4l2gU +y+dCweZXdl0XSv7JGLxfbGIiWLL/S/93Xu1bBywnT1oMwtOosXZJPjED0otjb3LX +sm5uIhRt0AjcDURChcs3gwLFKHyDtgWXTg25h6gmLr4NJD5Wv9sFzEuXAgMBAAGj +UzBRMB0GA1UdDgQWBBQfQBFSyAB140ce77QIFPAq5dQe0jAfBgNVHSMEGDAWgBQf +QBFSyAB140ce77QIFPAq5dQe0jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4ICAQCpKxIZ+IfuBuYwxW8jsrDDXn6AhupI27dKzPyuuhp8dRpInBRliShg +bzVZffENt5Wsk6uKipKw4lG3Z0700rCRwIijEh0URyFtrdQ2LBngVMyWJx82GybI +GCN8OWEtkmmdn5qpG7K7Agrbxpwszy4+O/hzdhJRS7Zh0NKWxAXz+q+CwJgLtRmy +laVHKPXZXZxbXYS+3/8G12nA19J+0loJNWKi6G0v+Y4BO+X7ATsrf0+1DE1okVSi +Ae1MIJwgYaaRL1IbMqE6RWv2euCaenBDP2wL/4/btbqRNW2Ff2nRbPAW2PUVjvaz +vYUOGUrickGb0opijgJyXLCQX17ZaHJkEi74NGE2YvTw/CkL+YtNKRxccaBNvZQW +MMLOE6ADuuXHycrHDwP6YBD8PHK4hQeVZqr4FwK+b0OyFrmLtAygGozJnCc5LK8m +B1HDklmPPff/UG+OZE73V5ulfFCl/jRvMGa3reWYuDK8+LWyysHc2w/7Ip+mGsdH +kQRFmz01HM0evoj9NLe3wrVGJLlDafcDGgGxFKkSOYumWfzrTy8i9lCXMKU8O1DD +neyszBfLC/1mDFNWteMItmNk2Aa0Rti7nxlUxcFnTL8SH6sL0jnBrECmI4Ap6W6q +cPVqhokRxS6IEM4M5kT5O09AbinnEtR9qPM8OqL6fMNlWY68U50wbA== +-----END CERTIFICATE----- diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sign.crt b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sign.crt new file mode 100644 index 00000000..d2838d63 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/sign.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5TCCAs2gAwIBAgIBfTANBgkqhkiG9w0BAQsFADAsMQ8wDQYDVQQKEwZTQ1RF +U1QxGTAXBgNVBAMTEFNBTUwgU2lnbmVyIFRlc3QwHhcNMjMxMjEzMDAwMDAwWhcN +MjcxMjEyMDAwMDAwWjAsMQ8wDQYDVQQKEwZTQ1RFU1QxGTAXBgNVBAMTEFNBTUwg +U2lnbmVyIFRlc3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpRC2d +Xoyg26aWMvWshKF6LEGBgti6frNnBDehY/xPtSsaJgfA3Ba413GgGbFS6sxYUlzL +R1XljnNvOaPIMfENYVN/JxMCtLZs2/UiqD06F7PwGQzargHgTWxfApEyJFxl08Ik +DYNILxd7r7kFOiDEAYhHOFqtaCAFz1w8xAAGq5M499TfyPTkbXp/hgBLu2OcNqwj +ztV3W8WIp8XwwLS7iBW5yZOzTHlWy/SHpl9N1tZscDVPIAumLrDAGHOxrKgVKdRm +Uqscpe+XoqpubE0841C/Bt/3YQbXxYLTn7R5nqHi59y5MzmlokIQYJ4cS90OQeJZ +10yXXuQSyWDBUEKqi3KMzPpQCs0Bnn8yHEtDjFdkpkTVf/iHupsvb4cPwt/XDt0z +0pzRXIA+/jFfI/UrvjHskaoBJvBc/Nhi9sisHKtoIuLWfbVQGkkjZgTaIkUCB2X1 +92cuPTNDnwPoHjHYmI364rQ99oWuxAt/U6hs+ipnOP6U2CBW+4+ynqu9GZYji5SR +9RgKdG/j5e9uVhe0eKT2rAN88TfIfBz2fRzNU4HV2jExIb6L13SAyO/9WyNC5uv7 +cJA6VYHG8ygZjoY79HfnZb3wPW3W7a32hr4YD36vKXi+6exFVel1uJNWu3rdGRdT +L6OiVF2HW1Gl1iqHwdvh7OR8Upv6TnnlnxlodwIDAQABoxIwEDAOBgNVHQ8BAf8E +BAMCAgQwDQYJKoZIhvcNAQELBQADggIBAEXwkfny+YEBO9ALqTrTUK/1baIKi0CL +Q/CZ0We/5BFjIp6KQphTGy5lzqtBG3Y68FO6JjOHbcDPZJfyjfniYjuRWh4bHgaB +du7NSdHZW9t6PeT14by6r9/pSjx9llDKchG2gSObuMuH5uI4t3c/hNhW17gv8m5/ +MzxxBJrR5lULPvMC3+v0Uy60MnycxcPDAi4HQfNkdHf+t3MLwH/HF60OAZ+pXHka +hEJn3/F4nKQR8j8rdrn2ZT5mbYwjG27MZ7bhmFLfBtV6jXfQZqDfcxvOP8waEyxy +MNah/a5LVQz+PJT+RHF4wqsigiMa248z8YCiz3oj6irpW4Ln/7YnJ8UTatRIOP7x +K8hR2gUGtYxHxuGHASqn7tOGRlIdIZFROd28y2HSqgfApg5KUh2eupWMAnXlkcpx +iLPz4rx+FX3kditH1z24HzcH2g3ytvL90j/7Gh1cp7BD3e3lf76wzLHUlIH+O573 +V8XPe1fAyutxsaHIY5S2VHv8fmFODqAS7uPyuZ1pc8gVAJEERGzbLL5WwZETXONr +YpRoVIX8ojAU4sOCN8RRnrF5k1obgYj0B72ziXXZ8D/or9AP1BE7npmURLZ2qKM+ +FeTInZxKcYyLrvpkqVgyX6YM6cV+/XlG3LwS5D8gpKvD5+DIcQMwKXVEXNg3xnco +dVl2tdPeM8/D +-----END CERTIFICATE----- diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/syslog.properties b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/syslog.properties new file mode 100644 index 00000000..cccd082e --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/syslog.properties @@ -0,0 +1,16 @@ +# Parameters: +# - host : Arrray of hostname or IP adresses separated by comma. +# - port : TCP or UDP port +# - protocol : udp, tcp or ssl +# - bsd : Using message format RFC_3164 when set to true. Using RFC_5424 (UDP) or RFC_5425 (TCP) when false +# - facility : The syslog facility identifier (0-23) +# - severity : The syslog sverity code 0-7 +# - clienthostname : Name of the sending client host +# - clientapp : Name of the sending client application + +syslog.1.host=log-1.test.sveidas.se +syslog.1.port=514 +syslog.1.protocol=udp +syslog.1.bsd=false +syslog.1.facility=19 +syslog.1.clientapp=eidas-proxy-service diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/test-metadata-signer.crt b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/test-metadata-signer.crt new file mode 100644 index 00000000..066e1012 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/cfg/test-metadata-signer.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFNDCCAxygAwIBAgIJAOXc4tnlhatLMA0GCSqGSIb3DQEBCwUAMC8xDzANBgNV +BAoMBlNDVEVTVDEcMBoGA1UEAwwTU3dlZGVuIENvbm5lY3QgdGVzdDAeFw0yMzEy +MTgwODMyMzFaFw00MzEyMTgwODMyMzFaMC8xDzANBgNVBAoMBlNDVEVTVDEcMBoG +A1UEAwwTU3dlZGVuIENvbm5lY3QgdGVzdDCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBALg+VABB7+YoFJ1bKnxPpRyx/xRFNRNbV06X3sE0hKAhjpOXiJAk +aHgINan6gbiINrt/1+EMKJWa9bgJUlzI3EpVSsF9Xc52OyYPfSD2wxiBzMx2YbQS +avDgmWUNt015FkSuozL33Cu6F7zWHq6YoD+9PfphO2+C6RqrHkI2E8Y8FrZYEbXo +eSFIUaEnK8ZafrgJlHcMDGXm6TqMCqFyVDrmfETQ65ZfAIGeM2IlC9GuPvMZj8wM +KKCjrNIWVZQdoUymmGGAjXQI5V3h9r3fQfVXqY1A/4CQh4HP7Xc/jl6MoZronASM +rJoypFI1YQVJwwIAdkCofST2fHTGTg29QauoJBfdW4K5ZvWhpWzpy1OMvx3+p+sL +Ke/VM/v9uiA44PvFQQVxlJihHhl5cLuC0sS+grUUW/qSdWJQ/5ZIEqqFn4gGeUtJ +aCQpNrbfvLzpXXl5Ki+1hvHRA0rZQShIKGeaaoFQVZcoQH8AXlJnpQQdufwoUHGp +Qsrdnt745r+xFbPBp0bAmyumEIZwPN4Zf1oANW8uF8+DmKJnVYuWlP4XnnF4l2gU +y+dCweZXdl0XSv7JGLxfbGIiWLL/S/93Xu1bBywnT1oMwtOosXZJPjED0otjb3LX +sm5uIhRt0AjcDURChcs3gwLFKHyDtgWXTg25h6gmLr4NJD5Wv9sFzEuXAgMBAAGj +UzBRMB0GA1UdDgQWBBQfQBFSyAB140ce77QIFPAq5dQe0jAfBgNVHSMEGDAWgBQf +QBFSyAB140ce77QIFPAq5dQe0jAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4ICAQCpKxIZ+IfuBuYwxW8jsrDDXn6AhupI27dKzPyuuhp8dRpInBRliShg +bzVZffENt5Wsk6uKipKw4lG3Z0700rCRwIijEh0URyFtrdQ2LBngVMyWJx82GybI +GCN8OWEtkmmdn5qpG7K7Agrbxpwszy4+O/hzdhJRS7Zh0NKWxAXz+q+CwJgLtRmy +laVHKPXZXZxbXYS+3/8G12nA19J+0loJNWKi6G0v+Y4BO+X7ATsrf0+1DE1okVSi +Ae1MIJwgYaaRL1IbMqE6RWv2euCaenBDP2wL/4/btbqRNW2Ff2nRbPAW2PUVjvaz +vYUOGUrickGb0opijgJyXLCQX17ZaHJkEi74NGE2YvTw/CkL+YtNKRxccaBNvZQW +MMLOE6ADuuXHycrHDwP6YBD8PHK4hQeVZqr4FwK+b0OyFrmLtAygGozJnCc5LK8m +B1HDklmPPff/UG+OZE73V5ulfFCl/jRvMGa3reWYuDK8+LWyysHc2w/7Ip+mGsdH +kQRFmz01HM0evoj9NLe3wrVGJLlDafcDGgGxFKkSOYumWfzrTy8i9lCXMKU8O1DD +neyszBfLC/1mDFNWteMItmNk2Aa0Rti7nxlUxcFnTL8SH6sL0jnBrECmI4Ap6W6q +cPVqhokRxS6IEM4M5kT5O09AbinnEtR9qPM8OqL6fMNlWY68U50wbA== +-----END CERTIFICATE----- diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-jwks.json b/eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-jwks.json new file mode 100644 index 00000000..709ad0e6 --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-jwks.json @@ -0,0 +1,21 @@ +{ + "keys" : [ { + "kty" : "RSA", + "e" : "AQAB", + "use" : "sig", + "kid" : "FU06ji53d1xJVy4BhUXw3pWSe3SpDZwZdsetIL8qh1Q", + "n" : "gClrCXP5Ff9ON-Hfkqp9fZiK_OUWfz4ERWlKZUq54bswJml4oTywhLHdzIf2BK8oHMYUPzAM4uTmf2p37lkgsHHkZUCDbb5UT3TKHmbbtvRbJ7StWea9kmDXRcG0RW_FjfRbFNCrwuc1Z7gzILOXVGcE5nc1-WXSz-6XYAd84U562uTkbZIlolMSVXr_ZHkYAKNNGRyESfsU34kj3SXN9eJmooFUUGXRikskHEDE1otWC8Hds8DmnDcZXmH_MaioJGbJpK3OA6dpkeT5K55ygegO7ADkjWrbmuzPOhIHBovQGhMmkTJGCSJmwX82jZWgT8jEr8JgWc6dsSnPTg91NOqIFegiYyS-4UrlXOcf9h9OHftiPgysHqemAaFS_S_NYEWEcnKoPsPnE2dUxf7OjQuWESknjgqy8N6Jm4Y8srj5fE_4fXKV7ept8tsSFS2Fc3g4Wqpd4XYuiKUYeq8JDISf15jqWw4p129X1nRTskMKrF0FjhMCgWCJDOnD57one6sGsXz9toQ4AKJRjC2O0zylD0cFfmuWN1T5e4dGEiu5Q8nJEyXbQaiOneD1kC5x2pFIEUMuvZ2YRkbVLTzEieyOELbdwegMA6vkiU4IMLSUB3ondIz5IuqaLnp4T0OnWU-d9sdelw_liHA9n__188zrnktvSge5bf8B-SuhLsc" + }, { + "kty" : "RSA", + "e" : "AQAB", + "use" : "sig", + "kid" : "Cez4Zz2YANA6d9JfVFHzADqsWw_RWqdQ7_L1CPy7dFE", + "n" : "nu4CC39I0lwnm6qV1ZSb3lHqpOOiS5XOZGPnszxWqLCPU6K1eFjL62vO2pIN9EC5cKVbJMjSA9-XCJYlLufHm7C80INlyuBOzKYqS7WP6dKc3KX2jsTzvhJpPiBNxyUEm760YpiKB3cHAf7NNa_V0EGnWToTc_jbRTG8GZSgv8lCNNgpBFlJ0LcDTAlB8oau-yKNY4s5Ik3RktVy5IkhO2cXIFSpzYVB3N8I9RD_yeWMrzPv2j_GVHL4wSoaXIZbEz-LVw2VpbKBEzcO-SGSaXpbE58doW15kdj6EipuPxOQKH81Lmi-CTz3D91tQUPjTaACqe_M7_ny3I-gIomhlw" + }, { + "kty" : "RSA", + "e" : "AQAB", + "use" : "enc", + "kid" : "fF5EqLffTfFXPAoKlwS1m8FxE55jvrjTaAd7H_R41xs", + "n" : "yHQ9rcmfPjvHw1MGKb0X56nF5_s3b7FAtH_3XgZP71j_Qf3ez6Go_RuCob74oN-jlUdSNmilYda2w40uYB49J3ZbpIoH9GcPz6KC3qyZjg17Rk2m7_SnERNvZxjn_nd5uC-qfcpRXS2_I7Zu3VPg4TvjU8Zxe5Z6U9a0zmQoco0DLYMbt1mi707EkCjMooTILDKZR9uk_QWGBQKxwmMs8pNag0s9kLzWX1CD7bToWR1637wDv-NjSz3_kHkws0nLEWBYm0cmtXuU51R6OrcOif5Lh9j38P8MQUUC72dv8LwMgT_42DxAyZsbVXn5n-xwjeyVvtZVLfInU8rgdHXmcQ" + } ] +} diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-metadata.json b/eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-metadata.json new file mode 100644 index 00000000..d8bd5cfe --- /dev/null +++ b/eidas-test-proxy/overlay/opt/eidas-proxy/se/metadata/oidc/bid-op-metadata.json @@ -0,0 +1,35 @@ +{ + "issuer" : "https://oidc.test.bankid.com", + "authorization_endpoint" : "https://oidc.test.bankid.com/authorize", + "token_endpoint" : "https://oidc.test.bankid.com/token", + "userinfo_endpoint" : "https://oidc.test.bankid.com/userinfo", + "jwks_uri" : "https://oidc.test.bankid.com/jwks", + "scopes_supported" : [ "openid", "profile", "https://id.oidc.se/scope/naturalPersonNumber", "https://id.oidc.se/scope/naturalPersonName", "https://id.oidc.se/scope/authnInfo", "https://id.oidc.se/scope/sign" ], + "response_types_supported" : [ "code" ], + "response_modes_supported" : [ "query" ], + "grant_types_supported" : [ "authorization_code" ], + "acr_values_supported" : [ "http://id.elegnamnden.se/loa/1.0/loa3" ], + "subject_types_supported" : [ "public", "pairwise" ], + "id_token_signing_alg_values_supported" : [ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512" ], + "userinfo_signing_alg_values_supported" : [ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512" ], + "request_object_signing_alg_values_supported" : [ "none", "RS256", "ES256", "PS256" ], + "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256" ], + "request_object_encryption_enc_values_supported" : [ "A128CBC-HS256", "A128GCM", "A192CBC-HS384", "A192GCM", "A256CBC-HS512", "A256GCM" ], + "token_endpoint_auth_methods_supported" : [ "client_secret_post", "client_secret_basic", "private_key_jwt" ], + "token_endpoint_auth_signing_alg_values_supported" : [ "RS256", "ES256", "PS256" ], + "display_values_supported" : [ "page", "popup", "touch", "wap" ], + "claim_types_supported" : [ "normal" ], + "claims_supported" : [ "sub", "name", "given_name", "family_name", "txn", "auth_time", "https://id.oidc.se/claim/personalIdentityNumber", "https://id.oidc.se/claim/userCertificate", "https://id.oidc.se/claim/userSignature", "https://id.oidc.se/claim/credentialValidFrom", "https://id.oidc.se/claim/credentialValidTo", "https://id.oidc.se/claim/deviceIp", "https://id.oidc.se/claim/authnEvidence", "https://id.oidc.se/claim/age" ], + "service_documentation" : "https://oidc.test.bankid.com/about", + "claims_parameter_supported" : true, + "request_parameter_supported" : true, + "request_uri_parameter_supported" : false, + "require_request_uri_registration" : false, + "op_policy_uri" : "https://oidc.test.bankid.com/about", + "op_tos_uri" : "https://oidc.test.bankid.com/about", + "introspection_endpoint" : "https://oidc.test.bankid.com/introspect", + "code_challenge_methods_supported" : [ "S256" ], + "https://id.oidc.se/disco/userMessageSupported" : true, + "https://id.oidc.se/disco/userMessageSupportedMimeTypes" : [ "text/plain", "text/markdown" ], + "https://id.oidc.se/disco/authnProviderSupported" : false +} diff --git a/eidas-test-proxy/overlay/opt/eidas-proxy/se/ps-mdcache/.placeholder b/eidas-test-proxy/overlay/opt/eidas-proxy/se/ps-mdcache/.placeholder new file mode 100644 index 00000000..e69de29b