From 3fc938ae73959cec858f3dd2da349202d84ff709 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 23 Mar 2023 10:21:58 +0100 Subject: [PATCH 01/17] stopped checking presence metadata for countries in QA --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 81ac5bc2..b71ba0c1 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -1375,12 +1375,13 @@ class nagios_monitor { nagioscfg::command {'check_country_count': command_line => "/usr/lib/nagios/plugins/check_eidas_country_count.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$' '\$ARG4\$'" } - nagioscfg::service {'check_country_eIDAS_QA': - host_name => ['qa.md.eidas.swedenconnect.se'], - check_command => 'check_country_count!qa.md.eidas.swedenconnect.se!PT LU IT ES HR LV DE EE BE IS XB CY PL SK LT NO DK CZ SE EL XA MT SI!1!3', - description => 'check number of countries in eIDAS QA', - contact_groups => ['alerts'], - } +#Commented out in relation to SC-1468 +# nagioscfg::service {'check_country_eIDAS_QA': +# host_name => ['qa.md.eidas.swedenconnect.se'], +# check_command => 'check_country_count!qa.md.eidas.swedenconnect.se!PT LU IT ES HR LV DE EE BE IS XB CY PL SK LT NO DK CZ SE EL XA MT SI!1!3', +# description => 'check number of countries in eIDAS QA', +# contact_groups => ['alerts'], +# } nagioscfg::service {'check_country_eIDAS': host_name => ['md.eidas.swedenconnect.se'], check_command => 'check_country_count!md.eidas.swedenconnect.se!LU IT ES HR DE EE BE PT SK CZ LV!1!3', From eca4eb38a724942c45e36f9535b1e2bf29031070 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 24 Mar 2023 14:11:00 +0100 Subject: [PATCH 02/17] Fix URL to metadata location --- .../overlay/etc/eidas-proxy/se/cfg/application-se.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties index 6ac196e9..4ca48817 100644 --- a/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties +++ b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties @@ -78,7 +78,7 @@ proxy-service.eidasMdListLocation=https://md.eidas.swedenconnect.se/mdservicelis proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt #Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:" -proxy-service.eidasMetadataLocation=https://md.eidas.swedenconnect.se/entities +proxy-service.eidasMetadataLocation=https://md.eidas.swedenconnect.se/entities/ # Optional certificate file for validating metadata signatures # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set From 1d2d4c1ab9faff581a9da54f2ebead3de981a8b7 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 24 Mar 2023 15:27:26 +0100 Subject: [PATCH 03/17] fixed URL links to metadata --- .../etc/eidas-proxy/se/cfg/application-se.properties | 2 +- .../etc/metadata-validator/cfg/application.properties | 2 +- .../etc/metadata-validator/cfg/application.properties | 4 ++-- .../etc/metadata-validator/cfg/application.properties | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties index 761cd732..825840c3 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties @@ -78,7 +78,7 @@ proxy-service.eidasMdListLocation=https://test.md.eidas.swedenconnect.se/mdservi proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/test-metadata-signer.crt #Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:" -proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/entities +proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/entities/ # Optional certificate file for validating metadata signatures # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set diff --git a/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties b/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties index 53436900..e9237759 100644 --- a/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties +++ b/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties @@ -21,7 +21,7 @@ md-validator.metadataSource.prod[0].cacheFile=${md-validator.path.prefix}/mdcach md-validator.metadataSource.prod[0].index=0 md-validator.metadataSource.prod[0].ignoreSignatureValidation=false -md-validator.metadataSource.qa[0].location=https://qa.md.swedenconnect.se/entities +md-validator.metadataSource.qa[0].location=https://qa.md.swedenconnect.se/entities/ md-validator.metadataSource.qa[0].certFile=${md-validator.path.prefix}/cert/sc-qa-md.crt md-validator.metadataSource.qa[0].cacheFile=${md-validator.path.prefix}/mdcache/qa-metadata-cache.xml md-validator.metadataSource.qa[0].index=0 diff --git a/validator-common/overlay/etc/metadata-validator/cfg/application.properties b/validator-common/overlay/etc/metadata-validator/cfg/application.properties index b513f8d0..c9c555ac 100644 --- a/validator-common/overlay/etc/metadata-validator/cfg/application.properties +++ b/validator-common/overlay/etc/metadata-validator/cfg/application.properties @@ -15,13 +15,13 @@ md-validator.home.url=https://swedenconnect.se # Multipple sources may be set ordered by index. Valid parameters are "location", "certFile" (optional), # "cacheFile" (optional), "index" and "ignoreSignatureValidation" default false. -md-validator.metadataSource.prod[0].location=https://md.swedenconnect.se/entities +md-validator.metadataSource.prod[0].location=https://md.swedenconnect.se/entities/ md-validator.metadataSource.prod[0].certFile=${md-validator.path.prefix}/cert/sc-prod-md.crt md-validator.metadataSource.prod[0].cacheFile=${md-validator.path.prefix}/mdcache/prod-metadata-cache.xml md-validator.metadataSource.prod[0].index=0 md-validator.metadataSource.prod[0].ignoreSignatureValidation=false -md-validator.metadataSource.qa[0].location=https://qa.md.swedenconnect.se/entities +md-validator.metadataSource.qa[0].location=https://qa.md.swedenconnect.se/entities/ md-validator.metadataSource.qa[0].certFile=${md-validator.path.prefix}/cert/sc-qa-md.crt md-validator.metadataSource.qa[0].cacheFile=${md-validator.path.prefix}/mdcache/qa-metadata-cache.xml md-validator.metadataSource.qa[0].index=0 diff --git a/validator-test-1.komreg.net/overlay/etc/metadata-validator/cfg/application.properties b/validator-test-1.komreg.net/overlay/etc/metadata-validator/cfg/application.properties index f2f31fdf..d7a66a6e 100644 --- a/validator-test-1.komreg.net/overlay/etc/metadata-validator/cfg/application.properties +++ b/validator-test-1.komreg.net/overlay/etc/metadata-validator/cfg/application.properties @@ -15,13 +15,13 @@ md-validator.home.url=https://swedenconnect.se # Multipple sources may be set ordered by index. Valid parameters are "location", "certFile" (optional), # "cacheFile" (optional), "index" and "ignoreSignatureValidation" default false. -md-validator.metadataSource.prod[0].location=https://md.swedenconnect.se/entities +md-validator.metadataSource.prod[0].location=https://md.swedenconnect.se/entities/ md-validator.metadataSource.prod[0].certFile=${md-validator.path.prefix}/cert/sc-prod-md.crt md-validator.metadataSource.prod[0].cacheFile=${md-validator.path.prefix}/mdcache/prod-metadata-cache.xml md-validator.metadataSource.prod[0].index=0 md-validator.metadataSource.prod[0].ignoreSignatureValidation=false -md-validator.metadataSource.qa[0].location=https://qa.md.swedenconnect.se/entities +md-validator.metadataSource.qa[0].location=https://qa.md.swedenconnect.se/entities/ md-validator.metadataSource.qa[0].certFile=${md-validator.path.prefix}/cert/sc-qa-md.crt md-validator.metadataSource.qa[0].cacheFile=${md-validator.path.prefix}/mdcache/qa-metadata-cache.xml md-validator.metadataSource.qa[0].index=0 @@ -70,4 +70,4 @@ management.endpoint.health.enabled=true management.endpoint.auditevents.enabled=true management.endpoints.web.exposure.include=* management.endpoints.web.base-path=/ -management.endpoint.health.show-details=always \ No newline at end of file +management.endpoint.health.show-details=always From 09ec72acd91791a0f0b83e10c9f98499aaecb6c0 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 24 Mar 2023 15:45:43 +0100 Subject: [PATCH 04/17] fixing more URLs --- .../overlay/etc/eidas-connector/eidas-connector.conf | 2 +- eumd-test-common/overlay/etc/mirror-mdq/template/index.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf b/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf index cf59ab02..757bd97f 100644 --- a/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf +++ b/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf @@ -67,7 +67,7 @@ export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem export TOMCAT_INTERNAL_PROXIES='"10\.\d{1,3}\.\d{1,3}\.\d{1,3}\|192\.168\.\d{1,3}\.\d{1,3}\|169\.254\.\d{1,3}\.\d{1,3}\|127\.\d{1,3}\.\d{1,3}\.\d{1,3}\|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}\|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}\|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}\|130\.242\.125\.\d{1,3}\|81\.236\.48\.\d{1,3}"' export TOMCAT_SESSION_COOKIE_NAME="JSESSIONID.CONNECTOR.QA" -export FEDERATION_METADATA_URL=https://qa.md.swedenconnect.se/entities +export FEDERATION_METADATA_URL=https://qa.md.swedenconnect.se/entities/ export FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt #export EIDAS_METADATA_SERVICE_LIST_URL=https://qa.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml diff --git a/eumd-test-common/overlay/etc/mirror-mdq/template/index.html b/eumd-test-common/overlay/etc/mirror-mdq/template/index.html index 6eedf162..43d1b83d 100644 --- a/eumd-test-common/overlay/etc/mirror-mdq/template/index.html +++ b/eumd-test-common/overlay/etc/mirror-mdq/template/index.html @@ -79,7 +79,7 @@ W3H4unQMgNcLSYEAjclVYqNmV82EaX2R1TuF5oVyI9PSunNxHTyBQQ==

SAML Metadata URLs

All Entities
-
https://test.md.eidas.swedenconnect.se/entities
+
https://test.md.eidas.swedenconnect.se/entities/
Only IdPs
https://test.md.eidas.swedenconnect.se/role/idp.xml
Only SPs
From 74fbf74934ed9c551037400b4ffd9966777d5aa7 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 24 Mar 2023 15:58:54 +0100 Subject: [PATCH 05/17] fixed some more URLs --- .../overlay/etc/eidas-connector/eidas-connector.conf | 2 +- .../overlay/etc/eidas-connector/eidas-connector.conf | 2 +- .../overlay/etc/eidas-connector/eidas-connector.conf | 2 +- eumd-common/overlay/etc/mirror-mdq/template/index.html | 2 +- global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 +++--- md1.komreg.net/overlay/etc/mirror-mdq/template/index.html | 2 +- natmd-common/overlay/etc/mirror-mdq/template/index.html | 2 +- .../overlay/etc/mirror-mdq/template/index.html | 2 +- .../etc/metadata-validator/cfg/application.properties | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf b/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf index ab4c5b50..467e3aab 100644 --- a/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf +++ b/eidas-connector-common/overlay/etc/eidas-connector/eidas-connector.conf @@ -80,7 +80,7 @@ export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem -export FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities +export FEDERATION_METADATA_URL=https://md.swedenconnect.se/entities/ export FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/swedenconnect-signer.crt unset EIDAS_METADATA_SERVICE_LIST_URL=https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml diff --git a/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf b/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf index 757bd97f..65a7eb81 100644 --- a/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf +++ b/eidas-qa-connector/overlay/etc/eidas-connector/eidas-connector.conf @@ -75,7 +75,7 @@ unset EIDAS_METADATA_SERVICE_LIST_URL #export EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt unset EIDAS_METADATA_SERVICE_LIST_VALIDATION_CERT -export EIDAS_METADATA_URL=https://qa.md.eidas.swedenconnect.se/entities +export EIDAS_METADATA_URL=https://qa.md.eidas.swedenconnect.se/entities/ export EIDAS_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/metadata.crt export IDP_ACCESSIBILITY_URL=https://www.swedenconnect.se/om/om-webbplatsen/tillganglighet/svenska-eidas-noden diff --git a/eidas-test-connector/overlay/etc/eidas-connector/eidas-connector.conf b/eidas-test-connector/overlay/etc/eidas-connector/eidas-connector.conf index ed2fa8c5..e4c57e32 100644 --- a/eidas-test-connector/overlay/etc/eidas-connector/eidas-connector.conf +++ b/eidas-test-connector/overlay/etc/eidas-connector/eidas-connector.conf @@ -80,7 +80,7 @@ export TOMCAT_TLS_SERVER_KEY=$TOMCAT_CREDENTIALS/tomcat-key.pem export TOMCAT_TLS_SERVER_CERTIFICATE=$TOMCAT_CREDENTIALS/tomcat-cert.pem export TOMCAT_TLS_SERVER_CERTIFICATE_CHAIN=$TOMCAT_CREDENTIALS/tomcat-chain.pem -export FEDERATION_METADATA_URL=https://test.md.swedenconnect.se/entities +export FEDERATION_METADATA_URL=https://test.md.swedenconnect.se/entities/ export FEDERATION_METADATA_VALIDATION_CERT=/etc/eidas-connector/credentials/test-metadata-signer.crt unset EIDAS_METADATA_SERVICE_LIST_URL=https://test.md.eidas.swedenconnect.se/mdservicelist-aggregate.xml diff --git a/eumd-common/overlay/etc/mirror-mdq/template/index.html b/eumd-common/overlay/etc/mirror-mdq/template/index.html index 62428012..414a2341 100644 --- a/eumd-common/overlay/etc/mirror-mdq/template/index.html +++ b/eumd-common/overlay/etc/mirror-mdq/template/index.html @@ -80,7 +80,7 @@ j6+cBKFT97et/lUMyfKVwbmuJNgtABRRcw==

SAML Metadata URLs

All Entities
-
https://md.eidas.swedenconnect.se/entities
+
https://md.eidas.swedenconnect.se/entities/
Only IdPs
https://md.eidas.swedenconnect.se/role/idp.xml
Only SPs
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index b71ba0c1..16398e5e 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -537,7 +537,7 @@ class swedenconnect_refidp($version="1.0.3",$hostname='localhost',$env=undef) { '/etc/ssl:/etc/ssl'], env => ["IDP_SERVER_HOSTNAME=$_hostname", "TOMCAT_HOSTNAME=$_hostname", - "IDP_FEDERATION_METADATA_URL=https://${env}.md.swedenconnect.se/entities", + "IDP_FEDERATION_METADATA_URL=https://${env}.md.swedenconnect.se/entities/", "IDP_FEDERATION_METADATA_VALIDATION_CERT=/etc/swedenconnect-idp/credentials/trust/sc-${env}-metadata-validation-cert.crt", "TOMCAT_TLS_SERVER_KEY=/etc/ssl/private/${::fqdn}_infra.key", "TOMCAT_TLS_SERVER_CERTIFICATE=/etc/ssl/certs/${::fqdn}_infra.crt", @@ -1413,7 +1413,7 @@ class nagios_monitor { $hosts_md.each |$host|{ nagioscfg::service {"check_metadata_age_${host}": host_name => ["${host}"], - check_command => "check_metadata_age!https://${host}/entities!691200!172800", + check_command => "check_metadata_age!https://${host}/entities/!691200!172800", description => "check metadata for ${host}", contact_groups => ['alerts'], } @@ -1422,7 +1422,7 @@ class nagios_monitor { $hosts_md_eidas.each |$host|{ nagioscfg::service {"check_metadata_age_${host}": host_name => ["${host}"], - check_command => "check_metadata_age!https://${host}/entities!432000!86400", + check_command => "check_metadata_age!https://${host}/entities/!432000!86400", description => "check metadata for ${host}", contact_groups => ['alerts'], } diff --git a/md1.komreg.net/overlay/etc/mirror-mdq/template/index.html b/md1.komreg.net/overlay/etc/mirror-mdq/template/index.html index 1c62ad79..10a48e46 100644 --- a/md1.komreg.net/overlay/etc/mirror-mdq/template/index.html +++ b/md1.komreg.net/overlay/etc/mirror-mdq/template/index.html @@ -79,7 +79,7 @@ JERf83JkjVLanESP9/U9nsZYgIiSX88PahYtuSZLhqamzzFvK+wuVcNKark8s1kS

Metadata URLer

Full metadata - samtliga objekt
-
https://qa.md.swedenconnect.se/entities
+
https://qa.md.swedenconnect.se/entities/
Endast IdP:er
https://qa.md.swedenconnect.se/role/idp.xml
Endast SP:er
diff --git a/natmd-common/overlay/etc/mirror-mdq/template/index.html b/natmd-common/overlay/etc/mirror-mdq/template/index.html index 01318f5a..7c10b977 100644 --- a/natmd-common/overlay/etc/mirror-mdq/template/index.html +++ b/natmd-common/overlay/etc/mirror-mdq/template/index.html @@ -80,7 +80,7 @@ j6+cBKFT97et/lUMyfKVwbmuJNgtABRRcw==

Metadata URLer

Full metadata - samtliga objekt
-
https://md.swedenconnect.se/entities
+
https://md.swedenconnect.se/entities/
Endast IdP:er
https://md.swedenconnect.se/role/idp.xml
Endast SP:er
diff --git a/natmd-test-common/overlay/etc/mirror-mdq/template/index.html b/natmd-test-common/overlay/etc/mirror-mdq/template/index.html index 3fdf60c3..af291c9e 100644 --- a/natmd-test-common/overlay/etc/mirror-mdq/template/index.html +++ b/natmd-test-common/overlay/etc/mirror-mdq/template/index.html @@ -79,7 +79,7 @@ W3H4unQMgNcLSYEAjclVYqNmV82EaX2R1TuF5oVyI9PSunNxHTyBQQ==

Metadata URLer

Full metadata - samtliga objekt
-
https://test.md.swedenconnect.se/entities
+
https://test.md.swedenconnect.se/entities/
Endast IdP:er
https://test.md.swedenconnect.se/role/idp.xml
Endast SP:er
diff --git a/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties b/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties index e9237759..90a4f987 100644 --- a/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties +++ b/validator-1.qa.komreg.net/overlay/etc/metadata-validator/cfg/application.properties @@ -15,7 +15,7 @@ md-validator.home.url=https://swedenconnect.se # Multipple sources may be set ordered by index. Valid parameters are "location", "certFile" (optional), # "cacheFile" (optional), "index" and "ignoreSignatureValidation" default false. -md-validator.metadataSource.prod[0].location=https://md.swedenconnect.se/entities +md-validator.metadataSource.prod[0].location=https://md.swedenconnect.se/entities/ md-validator.metadataSource.prod[0].certFile=${md-validator.path.prefix}/cert/sc-prod-md.crt md-validator.metadataSource.prod[0].cacheFile=${md-validator.path.prefix}/mdcache/prod-metadata-cache.xml md-validator.metadataSource.prod[0].index=0 From f6117fcb96bede639a48f84d1f5e2db0ccce5692 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Tue, 28 Mar 2023 13:06:25 +0200 Subject: [PATCH 06/17] updating server cert and blacklistaanchor cert Ref: SC-1466 --- .../opt/eidas-middleware/configuration/POSeIDAS.xml.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/demw-common/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh b/demw-common/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh index 3f059c09..1f8ba2ac 100644 --- a/demw-common/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh +++ b/demw-common/overlay/opt/eidas-middleware/configuration/POSeIDAS.xml.sh @@ -15,13 +15,13 @@ cat< se-de-middleware - MIIEeTCCA2GgAwIBAgIDJncSMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA5MTA1OTQwWhcNMjMwNDA5MTA1OTQwWjBZMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxFDASBgNVBAsTC0VBQyBTeXN0ZW1lMR4wHAYDVQQDExVCbGFja2xpc3QgU2lnbmVyIFByb2QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCllBN2ywEYeRbho72EcY57ts1UOrTkyTxPywCUBQNs9K3d/HGDMyp1LviWxeO4hFldj31TiW6QkEYL56bURhS4JG//Pry2L6wQoBJWkw2++xioZzCD1W2GtoX7djNM6YRGJ4+UOIJw31i6iQpjDBq/PqQypr4foGqacBx2JkLIMGF3Ad7gG9o6kxEuSnl/9QrdCGII7Suowc/MWKch6SO3m14YXxSG1jhr0+8Wn1gO2lPhbSjhAh2wSg/wl7D1Nx7aIgHyyX8sHQGyUNhz9kZ/Zv/qdySn4NEMneSSBoKoeR4lgA1zg6jXHy7sGIF6d/hjJ2QDsuvxfOeA0KfwQ/CFAgMBAAGjggFNMIIBSTAdBgNVHQ4EFgQUe4pbOJhU5L4/Kaafv/V6xfSM1A0wFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgeAMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCR6P6B+PTwOUPg3QAg9zXtAiWzySnWcEyq3QuHTGtnFXp5tVlX0nteNaPh8tfN4kH5U9/s4mFGqFCbPMSLGTjhDTr/ctw/qnj9J0nNW+G5dubTk+p/bZTPS8WcGm6feeNlfSF6V+W58hMnsVvH2o80t9b6TxAhM/G5FMjhIjbE3WxiYDcNecGnWrtmYCaNUeC/XYL7ZJp2t5MjhJYgNzIhvPV0NnEjBmp7jH57xzhHJ8b/LX+xt6nytEwWH4E6HqYqlQcSzfCpMurhR2s7EpyJxP1CIEy1gcWiBQPYFJIsl32P3VU6vclxxTJclZfTsJ/2wKu9oubMLdfjpvHL0M/z + MIIFwzCCBKugAwIBAgIDD+TCMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxLTArBgNVBAMMJEQtVFJVU1QgTGltaXRlZCBCYXNpYyBSb290IENBIDEgMjAxNTAeFw0xODA0MTkxMzAyMjZaFw0zMDExMDQwNzM1NTFaMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8WLI+HxLRlAQCcpRqQjwU6slek1H4USttrsOgkDdeqj5MRPpOxcWuoqt/13Yt93stTqRd6xjz6eoG1MMEQuaELW6rLPiTmHe1hlcLVgI/VVwo3cfzng4SSNJhlFgYKaKKMVbz9vdmXYMqyzjerTvLBpHzab0o8TRmSck+2Jxb55KEMOGOiOaetQlQ2bMaNxfwU0A0wZzp+iCpFbgcXByS1mlZ+lf3Vv8TVbRvbyvuEwxbgO4LsbtfDLbYWcNU5CsTq7XMIGaIicPQ9X7uolMyk5+jH/DnBW0Q3v/0AZWTlG2DML6bCbyaVdvG+soE4bbNQsUrIP0mFfF2bn3SUZVAgMBAAGjggKdMIICmTAfBgNVHSMEGDAWgBQlSUX5fGYWq5kTw3rWRXJpOqsDmjCCATIGCCsGAQUFBwEBBIIBJDCCASAwQAYIKwYBBQUHMAGGNGh0dHA6Ly9saW1pdGVkLWJhc2ljLXJvb3QtY2EtMS0yMDE1Lm9jc3AuZC10cnVzdC5uZXQwUwYIKwYBBQUHMAKGR2h0dHA6Ly93d3cuZC10cnVzdC5uZXQvY2dpLWJpbi9ELVRSVVNUX0xpbWl0ZWRfQmFzaWNfUm9vdF9DQV8xXzIwMTUuY3J0MIGGBggrBgEFBQcwAoZ6bGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwTGltaXRlZCUyMEJhc2ljJTIwUm9vdCUyMENBJTIwMSUyMDIwMTUsTz1ELVRydXN0JTIwR21iSCxDPURFP2NBQ2VydGlmaWNhdGU/YmFzZT8wGAYDVR0gBBEwDzANBgsrBgEEAaU0AoN0ATCB4gYDVR0fBIHaMIHXMIGJoIGGoIGDhoGAbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwTGltaXRlZCUyMEJhc2ljJTIwUm9vdCUyMENBJTIwMSUyMDIwMTUsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwSaBHoEWGQ2h0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19yb290X2NhXzFfMjAxNS5jcmwwHQYDVR0OBBYEFLMMWK3/AmFZeIBP77yuRvKGG79pMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAIVJmvQUmQzKtHu5J06SpEdhlkZwHn8EA8U0Ieh5mgpxif14EwIf43ChVq2SpSKZErtQWewE+drUH2r6FvT+/3OW+TYr1jdejQFXcGXABKbJDqFfBIkbAr6E+Dy90aur656nZv+lV/leHL6pCPilcSzTTrdyNzL86AQrifcCO7GPO0tVjkUCFTEByGqWkOPtu0Xr+04bxdtUIWrpBHQENwEx67B0tS60c5v/cdhi9EedGHvJy5lXtw0R8KKR8u/WEbwmI72EIcrgG+/jF/oMR59x2bTv6hVGT9KkddKWot0oBNGkMJrLAJboq5zzHYxXEJFpjhOgkS7THQHGcxPJn8 MIIFKjCCBI+gAwIBAgICBE0wCgYIKoZIzj0EAwQwQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MB4XDTE5MDUyMDA5MjYyMloXDTMzMDIyMDIzNTk1OVowQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MIICODCCAa8GByqGSM49AgEwggGiAgEBMEwGByqGSM49AQECQQCq3Z242+nEiz/U5q4zyfwHyzCNs7PJ0g7WY5zKcDMIcX1NmwCbxmhCrs2hKuajgOYogf8vLYLGhSiqYFZYOkjzMIGEBEB4MKMxi2A7ieIycUWsI0zFlMvdjT35FhCoNEHK6phjvC3tXVqoJTqhCi7xyYuayLV/ERenK/LHuefBrE13/JTKBEA9+RYQqDRByuqYY7wt7V1aqCU6oQou8cmLmsi1fxEXpyvyx7nnwaxNd/yUytwIPmeYQFC3Xrrl3SgJvWOAFvcjBIGBBIGu5L3YLtlkWiEyLpxMapOF7Z9wtdkWwbQ7Yu700AmO/zsfeOLQ1I1Q0Wh7k7l9X3xtUEdAal5oizUiCby5+CJ93jhdVmMy7MDqv6nPeCL98gn3ACSlexqgAMVbiB+BEbLc3klKX0heW8pL2IonY67RyisvqPBUBnjNHg862AiSAkEAqt2duNvpxIs/1OauM8n8B8swjbOzydIO1mOcynAzCHBVPlxBTKkmGUGGYRl/rBBHHbHTgQhd2t21h5aCnKkAaQIBAQOBggAEEERozJeK4nstSM5WcswLo7XmgwufavFGedmYQpZdonhC5trUBNLYkNNW69vl5va9oTRr1fU95eJ/nKJQy5I3cRRuw1hOp+rSUUfk2V9ACscNpIMKLTVp9kUOKrLObvnjaDes+4eNV3WiCv6MiD77pMmSx6ek9IPqd7KxU5/iW42jggGUMIIBkDAdBgNVHQ4EFgQUdBpErUvXtvzVuu7xHoJ+WKWYHCQwDgYDVR0PAQH/BAQDAgEGMCsGA1UdEAQkMCKADzIwMTkwNTIwMDkyNjIyWoEPMjAyMjA3MjAyMzU5NTlaMBYGA1UdIAQPMA0wCwYJBAB/AAcDAQEBMFEGA1UdEQRKMEiBGGNzY2EtZ2VybWFueUBic2kuYnVuZC5kZYYcaHR0cHM6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYaQOMAwxCjAIBgNVBAcMAUQwUQYDVR0SBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDASBgNVHRMBAf8ECDAGAQH/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYV9jcmwwDQYHZ4EIAQEGAQQCBQAwHwYDVR0jBBgwFoAUdBpErUvXtvzVuu7xHoJ+WKWYHCQwCgYIKoZIzj0EAwQDgYgAMIGEAkA4qqxpicREnfeRLiNJBGAmOmRmT2JyNx76ttqogtx31bS6ZOGF+08akTb6J2gdXTuTfQ05buVwKjA8HMI0J463AkB+iwO2+J/NaYUdr014wTu5ZHcbSMA2QpaSl2v+Gzp0+QpeP2a/2gvGZoiVpfTT4mfEmtcCN5QwRWmXpMyB2IsO MIIFKjCCBI+gAwIBAgICBE0wCgYIKoZIzj0EAwQwQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MB4XDTE5MDUyMDA5MjYyMloXDTMzMDIyMDIzNTk1OVowQTELMAkGA1UEBhMCREUxDTALBgNVBAoMBGJ1bmQxDDAKBgNVBAsMA2JzaTEVMBMGA1UEAwwMY3NjYS1nZXJtYW55MIICODCCAa8GByqGSM49AgEwggGiAgEBMEwGByqGSM49AQECQQCq3Z242+nEiz/U5q4zyfwHyzCNs7PJ0g7WY5zKcDMIcX1NmwCbxmhCrs2hKuajgOYogf8vLYLGhSiqYFZYOkjzMIGEBEB4MKMxi2A7ieIycUWsI0zFlMvdjT35FhCoNEHK6phjvC3tXVqoJTqhCi7xyYuayLV/ERenK/LHuefBrE13/JTKBEA9+RYQqDRByuqYY7wt7V1aqCU6oQou8cmLmsi1fxEXpyvyx7nnwaxNd/yUytwIPmeYQFC3Xrrl3SgJvWOAFvcjBIGBBIGu5L3YLtlkWiEyLpxMapOF7Z9wtdkWwbQ7Yu700AmO/zsfeOLQ1I1Q0Wh7k7l9X3xtUEdAal5oizUiCby5+CJ93jhdVmMy7MDqv6nPeCL98gn3ACSlexqgAMVbiB+BEbLc3klKX0heW8pL2IonY67RyisvqPBUBnjNHg862AiSAkEAqt2duNvpxIs/1OauM8n8B8swjbOzydIO1mOcynAzCHBVPlxBTKkmGUGGYRl/rBBHHbHTgQhd2t21h5aCnKkAaQIBAQOBggAEEERozJeK4nstSM5WcswLo7XmgwufavFGedmYQpZdonhC5trUBNLYkNNW69vl5va9oTRr1fU95eJ/nKJQy5I3cRRuw1hOp+rSUUfk2V9ACscNpIMKLTVp9kUOKrLObvnjaDes+4eNV3WiCv6MiD77pMmSx6ek9IPqd7KxU5/iW42jggGUMIIBkDAdBgNVHQ4EFgQUdBpErUvXtvzVuu7xHoJ+WKWYHCQwDgYDVR0PAQH/BAQDAgEGMCsGA1UdEAQkMCKADzIwMTkwNTIwMDkyNjIyWoEPMjAyMjA3MjAyMzU5NTlaMBYGA1UdIAQPMA0wCwYJBAB/AAcDAQEBMFEGA1UdEQRKMEiBGGNzY2EtZ2VybWFueUBic2kuYnVuZC5kZYYcaHR0cHM6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYaQOMAwxCjAIBgNVBAcMAUQwUQYDVR0SBEowSIEYY3NjYS1nZXJtYW55QGJzaS5idW5kLmRlhhxodHRwczovL3d3dy5ic2kuYnVuZC5kZS9jc2NhpA4wDDEKMAgGA1UEBwwBRDASBgNVHRMBAf8ECDAGAQH/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly93d3cuYnNpLmJ1bmQuZGUvY3NjYV9jcmwwDQYHZ4EIAQEGAQQCBQAwHwYDVR0jBBgwFoAUdBpErUvXtvzVuu7xHoJ+WKWYHCQwCgYIKoZIzj0EAwQDgYgAMIGEAkA4qqxpicREnfeRLiNJBGAmOmRmT2JyNx76ttqogtx31bS6ZOGF+08akTb6J2gdXTuTfQ05buVwKjA8HMI0J463AkB+iwO2+J/NaYUdr014wTu5ZHcbSMA2QpaSl2v+Gzp0+QpeP2a/2gvGZoiVpfTT4mfEmtcCN5QwRWmXpMyB2IsO budru - MIIEiDCCA3CgAwIBAgIDJlN5MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA0MTAyNDI3WhcNMjMwNDA0MTAyNDI3WjBTMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXAxLmQtdHJ1c3QubmV0MQ8wDQYDVQQIEwZCZXJsaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXQ4WEJtKZZUIRmplenLmNVlLg2cJMVZ0xT/FsUrUWk/JXH2C4LAxlsnx/tv9rxKYXZUi2oVhz43jEPiMsXZxVUo4n8mpH6I1vqvxiwR8rgxtsPiTOf+iUeVLYIXp24WLGXV80hWy+WSOL7rFO+TgQHoFv2MU7tzvmdnLeeTUJxfpU1Ac1JYkvq0jcU8LXVoRKfC+v8VMQ8zfmGu1ZnYOGyUyWcSjNRkXjchGMNc4ADDBTFIRBUCthjb9RuVc4HV3Cm6XholZGzxAIG8O3ybmWMdxyav/wcadnLumcgD7r5qE5KH0yIo3RaO6HAN5f/W9Vzr9JjCHGAh1PWogL/SddAgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU6ejGLsU+zo1cc+1gRpXM/H/i8HUwFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgWgMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCkszC7hGOQIekspM6l5KPDzKMEWmjQjTJ4BnlejcVNQxUZR8KPZa0bB1yeEcVPTcmi6LQQOlHMYvVfo6tZ2SoXQ9Sbo5uh9TaDTcohcmwCBasy5Wrgaq1AqxgKG4Pgd92pHBCm1uMekBVqA8j+HOSk7ig0+fTx2vtttI6rTK2fk5Z9QOqOirh6pBh2sSah1txfjWUVVTM/LZrTmPuyfBRrGOqCb5H/wrEffxgcxoCNcd3kIm11n67GoBDagBrhOl8sL2Dj2hNET+WlrQCZitJmB91fBrucZdIndWfzf0ShWhWZnNKqKUuRuX6vHq4G8/xyK9v3VP5S4JQpO/haodxI + MIIFlTCCBH2gAwIBAgIQa9qcxVoIYXKTCKJmuZqX4jANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMS4wLAYDVQQDEyVELVRSVVNUIExpbWl0ZWQgQmFzaWMgRUFDIENBIDEtMSAyMDE4MB4XDTIzMDMwNzE0MDYzOVoXDTI3MDMwNzE0MDYzOVowUzELMAkGA1UEBhMCREUxFDASBgNVBAoTC0VBQyBTeXN0ZW1lMR0wGwYDVQQDExRiZXJjYS1wMS5kLXRydXN0Lm5ldDEPMA0GA1UECBMGQmVybGluMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsuMu+OZv6usJeIEiO4SQhTtv8j7bfaguqfZkZ1wI0su6JJe/WSMYp4vjm6oswNEV8bwUL6G6hZd4spqVXX7Jw21Xi+HZg4RYOoWDd58zLIRNYbDVa0pRLbgyhG9xWQCXdsl6zggAKNdxhRhN/WrXQJ2bTDH4gXbfsOUcIq6FJDqyhAQ3BoTa0tEcYmaqIZefPRNYwt4/khsZuEsEOWyc0usA6x4Q7/CnkiHYE8aiXFDA/N0n/WuwKhbEnwZms4qWhVQ63nF8gVzKdYT9LtkLjX9DDFVm3sZ1nkuVwRFNJcUTpg42GtfwrcXOJKP1o8n6AAcTvjdcpQKnO1xQCEopieQk9aXsqaSkBbbu111WrN7nzUEEe4qwcaFZiXndvsSz6UShHcNXJP7mCAQl9SeE1go0hZtj+rxq2s9HqKd467vzM0UGIxuOZ22jI5VsNFdqw1/6dG2zG79kHPYApWpt+bJVaW651CIywIC4xeS2Vm1c5qbom+pYDjKZcDYky1RYvMFRzPgocxVR8VltzfmFEmCC5QDalM6ssnsdRTtdoidQ7l+2jUz6rOw72RycDeZ0afmdCa6kLFlAuDgQWSHMx2EF+NM2y1QesYEXYALQW26t1tU0inw8zY0gGXqzjzaBgUPWp4tM78Ud0ILsTCecebF1E4W3N2ENEI1G89Tw4wECAwEAAaOCAWIwggFeMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBS0NmHsZtoT1joR7mh9Ibb9qqPnbDAWBgNVHSAEDzANMAsGCSqCFABQB4N0CjAfBgNVHSMEGDAWgBSzDFit/wJhWXiAT++8rkbyhhu/aTAOBgNVHQ8BAf8EBAMCBaAwgd4GA1UdHwSB1jCB0zCB0KCBzaCByoaBgWxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMExpbWl0ZWQlMjBCYXNpYyUyMEVBQyUyMENBJTIwMS0xJTIwMjAxOCxPPUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdIZEaHR0cDovL2NybC5kLXRydXN0Lm5ldC9jcmwvZC10cnVzdF9saW1pdGVkX2Jhc2ljX2VhY19jYV8xLTFfMjAxOC5jcmwwDQYJKoZIhvcNAQELBQADggEBAE2HFqO27Pj/gnXbvFZWrok1NyQzoXHfI3iIhlzyMu8kYeZSHomHN12dSmz0uwGS/r0+hcfPTK1SzQh1Ens/QhRPxqcJHQNNOs/AHheC1l2x4ZvQ225seusix7qcDHiY0zKynLMAEaAxEebcSLoWSIFOuZJA2tqpU15g5MLjmeEDiS3myROaMAQltFlF13Q5SqkXxvwlPJSuAZpYU1BmpQSLS2xgVPcnpHhffbHaTMSF6UojxS9SwWr+ISliINZIP30LKbRRMcSiFkT1/qhTkCgM3a7h4lq9TGJJt/LZsz1VeyZwE4kcu07FO6tvjV091t5kGkx/QEwQjLXhnSRvmF8= ${DEMW_TLS_CLIENT_CERT} ${DEMW_TLS_CLIENT_KEY} From 39ea6588f47c5fe811ae74037296d000085f2cf0 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Wed, 5 Apr 2023 11:27:21 +0200 Subject: [PATCH 07/17] changing 'proxy-service.eidasMetadataLocation' for test env --- .../overlay/etc/eidas-proxy/se/cfg/application-se.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties index 825840c3..462a5c64 100644 --- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties +++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties @@ -78,7 +78,7 @@ proxy-service.eidasMdListLocation=https://test.md.eidas.swedenconnect.se/mdservi proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/test-metadata-signer.crt #Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:" -proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/entities/ +proxy-service.eidasMetadataLocation=https://test.md.eidas.swedenconnect.se/role/sp.xml # Optional certificate file for validating metadata signatures # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set From 34160872efc4bd928ce26d2e8cb3d0a70582df5c Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Wed, 5 Apr 2023 12:06:10 +0200 Subject: [PATCH 08/17] changing 'proxy-service.eidasMetadataLocation' for prod env --- .../overlay/etc/eidas-proxy/se/cfg/application-se.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties index 4ca48817..4ab78ee8 100644 --- a/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties +++ b/eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/application-se.properties @@ -78,7 +78,7 @@ proxy-service.eidasMdListLocation=https://md.eidas.swedenconnect.se/mdservicelis proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt #Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:" -proxy-service.eidasMetadataLocation=https://md.eidas.swedenconnect.se/entities/ +proxy-service.eidasMetadataLocation=https://md.eidas.swedenconnect.se/role/sp.xml # Optional certificate file for validating metadata signatures # If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set From 0697d55cb127ce68b88a30e641dc08cfcc63ac60 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 6 Apr 2023 12:06:00 +0200 Subject: [PATCH 09/17] added new proxy nagios checks in test environment --- global/overlay/etc/puppet/cosmos-rules.yaml | 1 + .../etc/puppet/manifests/cosmos-site.pp | 25 +++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 66bf24b1..8a24808f 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1103,6 +1103,7 @@ log-1.sveidas.se: konsulter: autoupdate: servicemonitor: + proxy_eidas_metadata: eidas_proxy: version: 1.4.7_hsm2_ubuntu hostname: test.proxy.eidas.swedenconnect.se diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 16398e5e..69c6e07f 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -291,6 +291,19 @@ class mdsl_publisher() { } } +class proxy_eidas_metadata() { + sunet::nagios::nrpe_check_fileage {"proxy_eidas_metadata": + filename => "/etc/eidas-proxy/se/ps-mdcache/metadata.xml", + warning_age => '1800', + critical_age => '172800' + } + sunet::nagios::nrpe_check_fileage {"proxy_eidas_metadata_list": + filename => "/etc/eidas-proxy/se/ps-mdcache/metadataList.xml", + warning_age => '600', + critical_age => '172800' + } +} + class md_repo_server($hostname) { ensure_resource('sunet::system_user', 'www-data', { username => 'www-data', @@ -1218,6 +1231,18 @@ class nagios_monitor { description => 'mdsl se age', contact_groups => ['alerts'] } + nagioscfg::service {'proxy_eidas_metadata_age': + hostgroup_name => ['proxy_eidas_metadata'], + check_command => 'check_nrpe_1arg!check_fileage_proxy_eidas_metadata', + description => 'proxy eidas metadata age', + contact_groups => ['alerts'] + } + nagioscfg::service {'proxy_eidas_metadata_list_age': + hostgroup_name => ['proxy_eidas_metadata_list'], + check_command => 'check_nrpe_1arg!check_fileage_proxy_eidas_metadata_list', + description => 'proxy eidas metadata age', + contact_groups => ['alerts'] + } nagioscfg::service {'check_eidas_health': hostgroup_name => ['servicemonitor'], check_command => 'check_nrpe_1arg!check_eidas_health', From b1300aca4636641696d6195bf7664d488d8ea088 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 6 Apr 2023 13:00:05 +0200 Subject: [PATCH 10/17] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index 9267ff95..a4d24054 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -244,6 +244,7 @@ classes: konsulter: null mailclient: *id001 nrpe: null + proxy_eidas_metadata: null servicemonitor: null sunet::frontend::register_sites: &id015 sites: @@ -280,6 +281,7 @@ classes: konsulter: null mailclient: *id001 nrpe: null + proxy_eidas_metadata: null servicemonitor: null sunet::frontend::register_sites: *id015 sunet::rsyslog: null @@ -1803,6 +1805,7 @@ members: pages: [web-1.qa.sveidas.se] prid: [prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se] prid_local: [eidas-connector-1.test.sveidas.se, eidas-connector-2.test.sveidas.se] + proxy_eidas_metadata: [eidas-proxy-1.test.sveidas.se, eidas-proxy-2.test.sveidas.se] redis_cluster_node: [eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se] redis_frontend_node: [eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se] From c67e3101f768acbaa38d41d31be29f73040cc07f Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 6 Apr 2023 13:00:25 +0200 Subject: [PATCH 11/17] fixed the name of the hostgroup --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 69c6e07f..8fa61877 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -1238,7 +1238,7 @@ class nagios_monitor { contact_groups => ['alerts'] } nagioscfg::service {'proxy_eidas_metadata_list_age': - hostgroup_name => ['proxy_eidas_metadata_list'], + hostgroup_name => ['proxy_eidas_metadata'], check_command => 'check_nrpe_1arg!check_fileage_proxy_eidas_metadata_list', description => 'proxy eidas metadata age', contact_groups => ['alerts'] From 137b4eb66ac5cd26533649e658905d32178b1929 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 6 Apr 2023 13:12:09 +0200 Subject: [PATCH 12/17] updating the description --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 8fa61877..149e03fb 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -1240,7 +1240,7 @@ class nagios_monitor { nagioscfg::service {'proxy_eidas_metadata_list_age': hostgroup_name => ['proxy_eidas_metadata'], check_command => 'check_nrpe_1arg!check_fileage_proxy_eidas_metadata_list', - description => 'proxy eidas metadata age', + description => 'proxy eidas metadata list age', contact_groups => ['alerts'] } nagioscfg::service {'check_eidas_health': From c14daa95610e53215237270080abda640feedbbc Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 6 Apr 2023 13:20:39 +0200 Subject: [PATCH 13/17] added the checks in prod and qa --- global/overlay/etc/puppet/cosmos-rules.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 8a24808f..f9452521 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -990,6 +990,7 @@ validator-test-1.komreg.net: konsulter: autoupdate: servicemonitor: + proxy_eidas_metadata: eidas_proxy: version: 1.4.7_hsm2_ubuntu hostname: proxy.eidas.swedenconnect.se @@ -1083,6 +1084,7 @@ log-1.sveidas.se: sunet_iaas_cloud: autoupdate: servicemonitor: + proxy_eidas_metadata: eidas_proxy: version: 1.4.7_hsm2_ubuntu hostname: qa.proxy.eidas.swedenconnect.se From 3bd731b3161ae4f7b756ce80acc277175f63deb4 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Thu, 6 Apr 2023 13:20:47 +0200 Subject: [PATCH 14/17] update db --- global/overlay/etc/puppet/cosmos-db.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index a4d24054..21c0fad7 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -202,6 +202,7 @@ classes: konsulter: null mailclient: *id001 nrpe: null + proxy_eidas_metadata: null servicemonitor: null sunet::frontend::register_sites: sites: @@ -223,6 +224,7 @@ classes: konsulter: null mailclient: *id001 nrpe: null + proxy_eidas_metadata: null servicemonitor: null sunet::frontend::register_sites: &id012 sites: @@ -265,6 +267,7 @@ classes: konsulter: null mailclient: *id001 nrpe: null + proxy_eidas_metadata: null servicemonitor: null sunet::frontend::register_sites: *id012 sunet::rsyslog: null @@ -298,6 +301,7 @@ classes: konsulter: null mailclient: *id001 nrpe: null + proxy_eidas_metadata: null servicemonitor: null sunet::frontend::register_sites: *id012 sunet::rsyslog: null @@ -313,6 +317,7 @@ classes: konsulter: null mailclient: *id001 nrpe: null + proxy_eidas_metadata: null servicemonitor: null sunet::frontend::register_sites: *id012 sunet::rsyslog: null @@ -1805,7 +1810,9 @@ members: pages: [web-1.qa.sveidas.se] prid: [prid-1.qa.sveidas.se, prid-1.sveidas.se, prid-2.sveidas.se] prid_local: [eidas-connector-1.test.sveidas.se, eidas-connector-2.test.sveidas.se] - proxy_eidas_metadata: [eidas-proxy-1.test.sveidas.se, eidas-proxy-2.test.sveidas.se] + proxy_eidas_metadata: [eidas-proxy-1.qa.sveidas.se, eidas-proxy-1.sveidas.se, eidas-proxy-1.test.sveidas.se, + eidas-proxy-2.sveidas.se, eidas-proxy-2.test.sveidas.se, eidas-proxy-3.sveidas.se, + eidas-proxy-4.sveidas.se] redis_cluster_node: [eidas-redis-1.sveidas.se, eidas-redis-2.sveidas.se, eidas-redis-3.sveidas.se, eidas-redis-4.sveidas.se] redis_frontend_node: [eidas-redis-fe-1.sveidas.se, eidas-redis-fe-2.sveidas.se] From 6f74aae7b3670719a7c8936c7f13848b9f920467 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Wed, 12 Apr 2023 19:29:56 +0200 Subject: [PATCH 15/17] new nagios checks ref: SC-1521 --- .../etc/puppet/manifests/cosmos-site.pp | 26 ++++++++++++++++--- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 149e03fb..49110ef9 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -1434,21 +1434,39 @@ class nagios_monitor { nagioscfg::command {'check_metadata_age': command_line => "/usr/lib/nagios/plugins/check_eidas_metadata_age.sh '\$ARG1\$' '\$ARG2\$' '\$ARG3\$'" } - $hosts_md = ['qa.md.swedenconnect.se', 'md.swedenconnect.se'] + $hosts_md = ['qa.md.swedenconnect.se', 'md.swedenconnect.se', 'test.md.swedenconnect.se'] $hosts_md.each |$host|{ nagioscfg::service {"check_metadata_age_${host}": host_name => ["${host}"], check_command => "check_metadata_age!https://${host}/entities/!691200!172800", - description => "check metadata for ${host}", + description => "check metadata age for ${host}", contact_groups => ['alerts'], } } - $hosts_md_eidas = ['md.eidas.swedenconnect.se', 'qa.md.eidas.swedenconnect.se'] + $hosts_md_eidas = ['md.eidas.swedenconnect.se', 'qa.md.eidas.swedenconnect.se', 'test.md.eidas.swedenconnect.se'] $hosts_md_eidas.each |$host|{ nagioscfg::service {"check_metadata_age_${host}": host_name => ["${host}"], check_command => "check_metadata_age!https://${host}/entities/!432000!86400", - description => "check metadata for ${host}", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } + $hosts_proxy = ['proxy.eidas.swedenconnect.se', 'qa.proxy.eidas.swedenconnect.se', 'test.proxy.eidas.swedenconnect.se'] + $hosts_proxy.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/eidas-ps/ServiceMetadata/!432000!86400", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } + $hosts_demw = ['demw.eidas.swedenconnect.se', 'qa.demw.eidas.swedenconnect.se'] + $hosts_demw.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/eidas-middleware/Metadata/!432000!86400", + description => "check metadata age for ${host}", contact_groups => ['alerts'], } } From 26f6fae943c9f6be1ad5fe67cbef095a9d5b6137 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Wed, 12 Apr 2023 20:12:57 +0200 Subject: [PATCH 16/17] DNS name resolution order for haproxy config in test env Indicate in what order the server's address should be resolved upon startup if it uses an FQDN. --- .../overlay/opt/frontend/config/common/haproxy_base.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2 b/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2 index 57b6c808..8111f174 100644 --- a/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2 +++ b/fe-test-common/overlay/opt/frontend/config/common/haproxy_base.j2 @@ -42,6 +42,9 @@ defaults timeout server 17s timeout http-request 5s balance roundrobin + + # never fail on address resolution + default-server init-addr libc,none {% endblock defaults %} {% block stats %} From d4fd53a186528a5c311e50f26215557bb1669db1 Mon Sep 17 00:00:00 2001 From: Maria Haider Date: Fri, 14 Apr 2023 16:19:51 +0200 Subject: [PATCH 17/17] monitor SP metadata validity in connector Ref: SC-1521 --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 49110ef9..bab9ec1f 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -1470,6 +1470,15 @@ class nagios_monitor { contact_groups => ['alerts'], } } + $hosts_connector = ['connector.eidas.swedenconnect.se', 'qa.connector.eidas.swedenconnect.se', 'test.connector.eidas.swedenconnect.se'] + $hosts_connector.each |$host|{ + nagioscfg::service {"check_metadata_age_${host}": + host_name => ["${host}"], + check_command => "check_metadata_age!https://${host}/idp/metadata/sp/!432000!86400", + description => "check metadata age for ${host}", + contact_groups => ['alerts'], + } + } } class redis_cluster_node {