proxy configuration in test environment

eidas-test-proxy/overlay/etc/Chrystoki.conf.d/50-ha-slot.conf

@@ -0,0 +1,12 @@
+VirtualToken = {
+   VirtualToken00Label = sc_ha;
+   VirtualToken00SN = 1462371088;
+   VirtualToken00Members = 1429929129933,1428350538479,1429933786534;
+}
+HASynchronize = {
+   sc_ha = 1;
+}
+
+HAConfiguration = {
+   haLogStatus = enabled;
+}

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/application-se.properties

@@ -0,0 +1,105 @@
+# Logging
+logging.level.org.springframework.web=INFO
+
+# Service path
+server.servlet.context-path=/eidas-ps
+
+#proxy-service.path.prefix=${spring.config.additional.location}..
+#proxy-service.config.location=file://${spring.config.additional.location}
+
+proxy-service.image.logo=${spring.config.additional.location}/img/sweden-connect-color-yellow-on-blue.svg
+proxy-service.image.icon=${spring.config.additional.location}/img/sweden-connect-color-yellow-on-blue-no-text.svg
+
+# Service port connector settings
+server.port=8443
+#server.ssl.key-store=${proxy-service.path.prefix}/keystore/sslSnakeOil.p12
+#server.ssl.key-store-type=PKCS12
+#server.ssl.key-store-password=secret
+#server.ssl.key-password=secret
+
+tomcat.ajp.port=8009
+tomcat.ajp.remoteauthentication=false
+tomcat.ajp.enabled=true
+
+# For development. Allowing signature check on metadata to be skipped. Default false.
+#proxy-service.dev.ignoreMetadataSignCheck=true
+
+# Initial delay in milliseconds (default 5000) and seconds between metadata configuration recache (default 240 sec).
+#proxy-service.daemon.inital.delay.ms=5000
+proxy-service.daemon.recache.delay.sec=240
+
+# Location of other properties files (general-metadata.properties, psidp-metadata.properties and natsp-metadata.properties)
+# Example specifying external location: 'proxy-service.config.location=file:///opt/webapp/eidas-ps/cfg/'
+# Example specifying src/main/resources config location: 'classpath:'
+
+proxy-service.country=SE
+
+# Key Store properties
+# Location can be specified as "classpath:" or as file path e.g "/opt/webapp/eidas-ps/keystore/keyStore.jks"
+
+proxy-service.pkcs11.external-config-locations=${spring.config.additional.location}/pkcs11.cfg
+proxy-service.pkcs11.reloadable-keys=false
+
+proxy-service.keySourceType=PKCS11
+proxy-service.keySourcePass=${proxy-service.pkcs11.pin}
+proxy-service.keySourceAlias=sc_eidas_sign
+proxy-service.keySourceCertLocation=${spring.config.additional.location}/sign.crt
+
+proxy-service.encryption.keySourceType=PKCS11
+proxy-service.encryption.keySourcePass=${proxy-service.pkcs11.pin}
+proxy-service.encryption.keySourceAlias=sc_eidas_encrypt
+proxy-service.encryption.keySourceCertLocation=${spring.config.additional.location}/enc.crt
+
+proxy-service.metadata.keySourceType=PKCS11
+proxy-service.metadata.keySourcePass=${proxy-service.pkcs11.pin}
+proxy-service.metadata.keySourceAlias=swedenconnect
+proxy-service.metadata.keySourceCertLocation=${spring.config.additional.location}/swedenconnect-signer.crt
+
+# Session Encryption properties
+#proxy-service.cookieEncryptPw=changeme
+
+# Requirements to show consent dialogue (Default false);
+proxy-service.consent=true
+proxy-service.consent.attributes=urn:oid:1.2.752.201.3.7,\
+  urn:oid:2.5.4.4,\
+  urn:oid:2.5.4.42,\
+  urn:oid:1.3.6.1.5.5.7.9.3,\
+  urn:oid:1.3.6.1.5.5.7.9.1
+proxy-service.consent.valuetranslation=urn:oid:1.3.6.1.5.5.7.9.3
+
+# Welcome page presentation text location
+proxy-service.welcomepage.markdown=${proxy-service.path.prefix}/cfg/infotext.md
+
+#Metadata Service List location specified as either URL (http or https), "file://" or "classpath:"
+proxy-service.eidasMdListLocation=https://md.eidas.swedenconnect.se/mdservicelist-aggregate.xml
+
+# Optional certificate file for validating metadata service list file signatures
+# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
+proxy-service.eidasMdListCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt
+
+#Metadata location for aggregated metadata specified as either URL (http or https), "file://" or "classpath:"
+proxy-service.eidasMetadataLocation=https://md.eidas.swedenconnect.se/entities
+
+# Optional certificate file for validating metadata signatures
+# If no certificate is specified then proxy-service.dev.ignoreMetadataSignCheck=true must be set
+proxy-service.eidasMetadataCertFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt
+
+# Optional cache dir for caching downloaded metadata. If not set, cache is stored in memory.
+proxy-service.eidasMetadataCacheDirName=${proxy-service.path.prefix}/ps-mdcache
+
+#Metadata location for national IdP metadata specified as either URL (http or https), "file://" or "classpath:"
+
+proxy-service.nationalMetadata.prod.location=https://md.swedenconnect.se/role/idp.xml
+proxy-service.nationalMetadata.prod.certFile=${proxy-service.path.prefix}/cfg/swedenconnect-signer.crt
+proxy-service.nationalMetadata.prod.cacheFile=${proxy-service.path.prefix}/cache/prod-metadata.xml
+proxy-service.nationalMetadata.prod.index=0
+
+management.server.context-path=/manage
+management.server.security.enabled=false
+management.server.port=8444
+management.server.ssl.enabled=true
+
+proxy-service.syslog.enabled=true
+
+#Private SP requests from other eIDAS countries
+proxy-service.private-sp.enabled=true

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/enc.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFLjCCAxagAwIBAgIEBEA5gTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJT
+RTEXMBUGA1UEChMOU3dlZGVuIENvbm5lY3QxDjAMBgNVBAsTBWVJREFTMRcwFQYD
+VQQDEw5TQU1MIEVuY3J5cHRlcjAeFw0xODA5MDEwMDAwMDBaFw0yODA5MDEwMDAw
+MDBaME8xCzAJBgNVBAYTAlNFMRcwFQYDVQQKEw5Td2VkZW4gQ29ubmVjdDEOMAwG
+A1UECxMFZUlEQVMxFzAVBgNVBAMTDlNBTUwgRW5jcnlwdGVyMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAncnQs7F6x3l7WDWfzWQ1YI3nRPRAmou/6wfu
+t/Q/0Lrk2qC1t0cKXVcwgjYjond7mNgTl8rUBIheI4KLOzX48diUOs+aNz21EjPP
+qGpgq3HzS9AAs7yw8ZEG5Y/G2KTLrxG9DO/zhy+mXcRle+zGJh8jc5MBqz2xnSMj
+drRNWlIuAQ+hrlEiJw70+ezZIB3Y0KWwAKSN+CMNXzNoxuCd4hiSocga74guoLu7
+borpf6Z+i9Iry+L1+jTRPzPdeoEdVI45a2Oy3x9up5Oag9ehIeqJqEQZOtrJj45Q
+FiQgYEEVOB7YAFKSwf426eSOyDNfcYlZGC9+p/hAxsJAptOlfiW5OFhKvsdc4t6l
+t43U4GqKT+gDGvk8WOMCTkcJBfDkRMbSHA7ZnmF3xmkfROUjh5/OiypVUpjQDxTi
+wd2F7lc0w5qMiWbLTUIGYtbsVdLcsZ3npkxxYSV/b4GnR1QDQgktDol2ksQUFYaW
+a301l7zLoKHVXbXIZu569VFVtgB8SeJwaqIEsOqyLpLUzCL+27cpPhenW1hZ4ZAY
+R0kEWu8tUL8IEplG96NGSuKF0KM3hrRGC80wW8epHKHcjVlPnAALWSrXh86N+6kw
+cf9vKETYCZAWo8QUC0MWNB9yH+JR6whsrmBcywNTnyAtPc00gYY4DbzaWgbjCJNx
+cI9rHKUCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3DQEBCwUAA4IC
+AQBvu+YkEyb6JBIVaRfDGk04ggJEZcBMjfP8JH4bCDTkHJW8vTGIADLuONd/LR0z
+hmjWILQ/kZWtqmgm7RTduMQfLm1Pl/s2Zj4dRM4KfYGHSuqDOUhOqP8BcvXesx8e
+YoD3ui8V5Uo2mnbajJOTSTd5AXEMheujBaMzVQ1G8sT6FPVBPP2jXuQyOS+sSOr3
+vRRN+hEMkI2D6b6h20Nu2CFdDP+q9QSbbRf9Igx+h9lJ+VhWgsytHsRIIzq5Watg
+rx2cfXOvhgagMomgDmOFD0YrRRjqPH7wYDwcc4W7si3TilP54lfnl6pEG9HCK31t
+cVwdMc06lSh3LLpfiYQUBi7Q68p5F9T6oNL71Ii+v99ouDqiDsrcP3ouS5OK5RrY
+4w2nw9993xU0Dp3s307OY/5FAUc7PGagTbx464FTXNDXA9nNKW/Z6Fy+c3IwA0fb
+ZtqsCoet9DiJr9OG5awC33KeNB95a6WVym/My4WgNeZUHUoI4SnmtELUr4h1IO/2
+y6nm2r4haoS5OUw+cxBYYP/LXTDaF759AYJEcOYOqad2IBFChMcC3Sk45XPXwfE9
++AyNq6gwRzqtqsCnDB65g7zSGYZUsTJSAMlEzcrTpksBAgirZmCMsJVLEAJgqCwn
+j00m1WNvgK2Fj71hjOONvhwP5gj0bwy+1b8GY0+A/RObSw==
+-----END CERTIFICATE-----

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/general-metadata.properties

@@ -0,0 +1,18 @@
+psgen.country=${proxy-service.country}
+psgen.name=Sweden eIDAS ProxyService
+psgen.orgName={\
+  en:'Sweden Connect',\
+  sv:'Sweden Connect'\
+}
+psgen.dispName={\
+  en:'Swedish eIDAS Proxy Service',\
+  sv:'Swedish eIDAS Proxy Service'\
+}
+psgen.orgUrl=https://swedenconnect.se
+psgen.supportGivenName=Customer support
+psgen.techGivenName=Technical support
+psgen.supportEmail=support@swedenconnect.se
+psgen.techEmail=support@swedenconnect.se
+
+
+

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties

@@ -0,0 +1,56 @@
+# Available policies are: natToEidasMapping, natToEidasNotifiedMapping, justEidasLoa
+# Defined meaning:
+# - justEidasLoa = IdP is only allowed if it supports the national eIDAS LoAs
+# - natToEidasMapping = National IdP:s are allowed to respond with national LoA. These counts as non notified eID
+# - natToEidasNotifiedMapping = National IdP:s are allowed to respond with national LoA. These counts as notified eID
+
+idp.freja.entityid=https://idp-sweden-connect-valfr-2017.prod.frejaeid.com
+idp.freja.loapolicy=justEidasLoa
+idp.freja.consent=false
+idp.freja.deriveDob=false
+idp.freja.privateSpSupport=true
+idp.freja.index=0
+
+#idp.testIdp.entityid=http://qa.test.swedenconnect.se/idp
+#idp.testIdp.name.sv=Test ID-tjänst
+#idp.testIdp.name.en=Test IdP
+#idp.testIdp.logo.uri=${proxy-service.domain.prefix}/img/se-flag-rnd.svg
+#idp.testIdp.logo.height=67
+#idp.testIdp.logo.width=68
+#idp.testIdp.loapolicy=justEidasLoa
+#idp.testIdp.consent=true
+#idp.testIdp.deriveDob=false
+#idp.testIdp.index=0
+
+#idp.mobIdp.entityid=https://midp.svelegtest.se/idp
+#idp.mobIdp.name.sv=Legacy Test ID Tjänst
+#idp.mobIdp.name.en=Legacy Test IdP
+#idp.mobIdp.logo.uri=${proxy-service.domain.prefix}/img/se-flag-rnd.svg
+#idp.mobIdp.logo.height=67
+#idp.mobIdp.logo.width=68
+#idp.mobIdp.loapolicy=natToEidasNotifiedMapping
+#idp.mobIdp.consent=false
+#idp.mobIdp.deriveDob=true
+#idp.mobIdp.index=1
+
+#idp.ccBankid.entityid=https://eid.identityhub.se/demo/bankid/
+#idp.ccBankid.name.sv=BankID
+#idp.ccBankid.name.en=BankID
+#idp.ccBankid.logo.uri=img/disco/bankid_logo.png
+#idp.ccBankid.logo.height=94
+#idp.ccBankid.logo.width=100
+#idp.ccBankid.loapolicy=natToEidasNotifiedMapping
+#idp.ccBankid.consent=true
+#idp.ccBankid.deriveDob=true
+#idp.ccBankid.index=2
+
+#idp.ccTelia.entityid=https://eid.identityhub.se/demo/teliabrowserplugin/
+#idp.ccTelia.name.sv=Telia
+#dp.ccTelia.name.en=Telia
+#idp.ccTelia.logo.uri=img/disco/telia_min_logo.png
+#idp.ccTelia.logo.height=89
+#idp.ccTelia.logo.width=86
+#idp.ccTelia.loapolicy=natToEidasNotifiedMapping
+#idp.ccTelia.consent=true
+#idp.ccTelia.deriveDob=true
+#idp.ccTelia.index=3

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue-no-text.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 143.44 143.44"><defs><style>.cls-1{fill:#005293;}.cls-2{fill:#fecb00;}</style></defs><title>yellow-on-blue</title><g id="Layer_2" data-name="Layer 2"><g id="svg4704"><g id="layer1"><g id="g12"><g id="g14"><g id="g20"><path id="path22" class="cls-1" d="M143.44,71.72A71.72,71.72,0,1,1,71.72,0a71.72,71.72,0,0,1,71.72,71.72"/></g><g id="g4512"><g id="g24"><path id="path26" class="cls-2" d="M103.24,36a19.41,19.41,0,0,0-9.07-12.35A19.43,19.43,0,0,0,79.1,20.92c-4.89,1.06-9.3,4.74-12.3,9.54L53,52.51l-2,3.25q-4.5,7.2-2.62,14.56a17.19,17.19,0,0,0,1.48,4l8.91-14.25.08-.15,1.73-2.76h0l13.74-22a12.94,12.94,0,0,1,7.26-6c2.89-.85,5.52-.18,8.2,1.5s4.43,3.74,4.93,6.71a12.61,12.61,0,0,1-2.07,9.21L91.2,48.91h0l-14,22.47A12.12,12.12,0,0,1,70,77.1a9.91,9.91,0,0,1-2.19.4L63.15,85a17.75,17.75,0,0,0,9.36.39q7.32-1.61,11.83-8.8l14.4-23,1.42-2.26c3-4.8,4.34-10.4,3.08-15.31"/></g><g id="g28"><path id="path30" class="cls-2" d="M95.08,73.12a18,18,0,0,0-1.47-4L84.7,83.37a1.19,1.19,0,0,0-.09.15l-1.72,2.75h0l-13.74,22a12.92,12.92,0,0,1-7.26,6c-2.88.85-5.51.18-8.2-1.49S49.26,109,48.75,106a12.7,12.7,0,0,1,2.08-9.22l1.41-2.26h0L66.29,72.06a12.22,12.22,0,0,1,7.11-5.72,10.12,10.12,0,0,1,2.19-.4l4.7-7.52A17.52,17.52,0,0,0,70.94,58q-7.34,1.59-11.84,8.8l-14.4,23-1.41,2.26c-3,4.8-4.34,10.4-3.09,15.3a19.46,19.46,0,0,0,9.07,12.35,19.4,19.4,0,0,0,15.07,2.75c4.89-1.07,9.3-4.75,12.31-9.55l13.78-22h0l2-3.26q4.5-7.2,2.62-14.56"/></g></g></g></g></g></g></g></svg>

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/img/sweden-connect-color-yellow-on-blue.svg

@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   width="144.05821mm"
+   height="50.603855mm"
+   viewBox="0 0 144.05821 50.603855"
+   version="1.1"
+   id="svg4704">
+  <defs
+     id="defs4698">
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath18">
+      <path
+         d="M 0,841.89 H 595.276 V 0 H 0 Z"
+         id="path16" />
+    </clipPath>
+  </defs>
+  <metadata
+     id="metadata4701">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     id="layer1"
+     transform="translate(24.588779,-125.61458)">
+    <g
+       transform="matrix(0.35277777,0,0,-0.35277777,-54.304485,377.18468)"
+       id="g12">
+      <g
+         id="g14"
+         clip-path="url(#clipPath18)">
+        <g
+           style="fill:#005293;fill-opacity:1"
+           id="g20"
+           transform="translate(227.6775,641.3901)">
+          <path
+             d="m 0,0 c 0,-39.611 -32.111,-71.722 -71.723,-71.722 -39.61,0 -71.721,32.111 -71.721,71.722 0,39.611 32.111,71.722 71.721,71.722 C -32.111,71.722 0,39.611 0,0"
+             style="fill:#005293;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path22" />
+        </g>
+        <g
+           style="fill:#fecb00;fill-opacity:1"
+           id="g4512">
+          <g
+             transform="translate(187.4744,677.1006)"
+             id="g24"
+             style="fill:#fecb00;fill-opacity:1">
+            <path
+               id="path26"
+               style="fill:#fecb00;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               d="m 0,0 c -1.135,4.931 -4.053,9.215 -9.067,12.349 -5.011,3.133 -10.144,3.886 -15.076,2.747 -4.888,-1.067 -9.296,-4.745 -12.301,-9.545 l -13.781,-22.047 -2.033,-3.252 c -2.999,-4.8 -3.875,-9.655 -2.619,-14.562 0.325,-1.414 0.829,-2.746 1.474,-4.013 l 8.91,14.259 c 0.03,0.049 0.055,0.099 0.085,0.148 l 1.723,2.757 0.003,-0.002 13.739,21.976 c 1.896,3.036 4.422,5.19 7.263,5.966 2.886,0.849 5.516,0.18 8.198,-1.496 2.683,-1.679 4.428,-3.745 4.933,-6.712 0.615,-2.941 -0.175,-6.179 -2.075,-9.215 l -1.413,-2.261 -0.003,0.002 -14.049,-22.472 c -1.895,-3.036 -4.266,-4.941 -7.108,-5.718 -0.737,-0.217 -1.467,-0.348 -2.192,-0.4 l -4.701,-7.523 c 3.135,-0.975 6.254,-1.108 9.356,-0.391 4.888,1.067 8.832,4.001 11.838,8.801 l 14.399,23.039 1.413,2.26 C -0.085,-10.505 1.256,-4.907 0,0" />
+          </g>
+          <g
+             transform="translate(179.3132,639.9888)"
+             id="g28"
+             style="fill:#fecb00;fill-opacity:1">
+            <path
+               id="path30"
+               style="fill:#fecb00;fill-opacity:1;fill-rule:nonzero;stroke:none"
+               d="m 0,0 c -0.325,1.415 -0.829,2.747 -1.474,4.014 l -8.91,-14.259 c -0.031,-0.049 -0.054,-0.099 -0.086,-0.149 l -1.722,-2.756 -0.003,0.002 -13.74,-21.977 c -1.896,-3.036 -4.421,-5.189 -7.262,-5.965 -2.886,-0.849 -5.517,-0.181 -8.199,1.496 -2.682,1.679 -4.427,3.745 -4.932,6.712 -0.616,2.94 0.175,6.179 2.075,9.215 l 1.413,2.261 0.003,-0.002 14.049,22.472 c 1.896,3.036 4.267,4.941 7.107,5.717 0.739,0.218 1.468,0.349 2.193,0.4 l 4.701,7.524 c -3.135,0.975 -6.254,1.108 -9.356,0.391 -4.888,-1.067 -8.833,-4.001 -11.836,-8.801 l -14.401,-23.039 -1.413,-2.26 c -2.999,-4.8 -4.341,-10.398 -3.085,-15.305 1.135,-4.931 4.054,-9.215 9.068,-12.349 5.011,-3.134 10.143,-3.886 15.075,-2.747 4.888,1.067 9.298,4.745 12.302,9.545 l 13.781,22.047 h -10e-4 l 2.033,3.252 C 0.38,-9.761 1.256,-4.906 0,0" />
+          </g>
+        </g>
+      </g>
+    </g>
+    <g
+       aria-label="sweden  connect "
+       transform="matrix(0.35277777,0,0,0.35277777,33.672222,149.40426)"
+       style="font-variant:normal;font-weight:500;font-stretch:normal;font-size:67.91529846px;font-family:'Lab Grotesque Medium';-inkscape-font-specification:LabGrotesque-Medium;writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
+       id="text36">
+      <path
+         d="m 16.639248,-35.180125 c -8.6252428,0 -13.7868055,4.550325 -13.7868055,10.458956 0,5.840716 3.1241038,8.081921 12.4964145,10.187295 5.093648,1.086645 8.896905,1.833713 8.896905,5.0936475 0,2.7845273 -2.920358,4.4144944 -6.723615,4.4144944 -4.074918,0 -6.92736,-1.0866448 -11.9530925,-5.2294779 l -4.3465791,4.8899014 c 5.5011391,4.82198621 9.9835486,6.3840381 16.1638406,6.3840381 8.828989,0 14.194298,-4.4824097 14.194298,-10.9343631 0,-6.1802924 -3.939088,-8.6252424 -13.107653,-10.6627014 -5.976546,-1.358306 -8.4894121,-1.833713 -8.4894121,-4.414495 0,-2.377035 2.5128661,-4.142833 6.5198691,-4.142833 3.59951,0 6.180292,0.814984 10.458955,4.074918 l 4.074918,-4.957817 c -4.75407,-3.803257 -8.761073,-5.161563 -14.398043,-5.161563 z"
+         id="path4639" />
+      <path
+         d="m 76.065136,-34.09348 -3.056189,11.885177 c -1.494136,5.908631 -2.648696,11.138109 -3.531595,15.620519 -1.01873,-4.48241 -2.241205,-9.711888 -3.803257,-15.620519 L 62.414161,-34.09348 h -6.995276 l -3.192019,11.885177 C 50.73273,-16.367587 49.442339,-11.206024 48.423609,-6.7236145 47.54071,-11.206024 46.38615,-16.367587 44.892014,-22.208303 L 41.903741,-34.09348 H 34.025566 L 43.601623,0 h 8.896904 l 2.716612,-9.9835489 c 1.562052,-5.9086311 2.648697,-10.7306171 3.599511,-14.8055351 0.882899,4.074918 2.037459,8.896904 3.667426,14.8055351 L 65.266603,0 h 8.96482 l 9.508142,-34.09348 z"
+         id="path4641" />
+      <path
+         d="m 114.23353,-10.391041 c -4.07492,3.6674265 -6.45195,5.0936477 -10.59478,5.0936477 -6.587789,0 -9.711892,-4.4824097 -10.255215,-10.0514637 h 24.992835 c 0.0679,-0.679153 0.13583,-2.17329 0.13583,-3.056189 0,-10.323125 -5.56906,-16.775079 -15.68844,-16.775079 -10.391039,0 -16.775077,7.674429 -16.775077,18.337131 0,10.7985324 6.655699,17.8617235 17.454227,17.8617235 5.50114,0 10.05147,-1.69788248 15.0772,-6.8594452 z m -11.61351,-18.880453 c 5.22947,0 8.28566,3.32785 8.55732,8.489413 H 93.587281 c 0.950814,-5.229478 4.007003,-8.489413 9.032739,-8.489413 z"
+         id="path4643" />
+      <path
+         d="m 149.90265,-48.219862 v 18.133385 c -2.30912,-3.192019 -5.77281,-4.957817 -10.66271,-4.957817 -8.62524,0 -15.14511,7.063191 -15.14511,17.997554 0,10.9343631 6.38404,17.99755418 15.0772,17.99755418 5.29739,0 8.96482,-2.17328958 11.27394,-5.90863098 V 0 h 6.92736 v -48.219862 z m -9.23649,42.7866381 c -5.50113,0 -8.96481,-4.6182401 -8.96481,-11.6135161 0,-6.995276 3.66742,-11.545601 9.03273,-11.545601 5.36531,0 9.44023,4.210749 9.44023,11.545601 0,7.266937 -3.93909,11.6135161 -9.50815,11.6135161 z"
+         id="path4645" />
+      <path
+         d="m 192.62138,-10.391041 c -4.07492,3.6674265 -6.45195,5.0936477 -10.59479,5.0936477 -6.58778,0 -9.71188,-4.4824097 -10.25521,-10.0514637 h 24.99283 c 0.0679,-0.679153 0.13583,-2.17329 0.13583,-3.056189 0,-10.323125 -5.56905,-16.775079 -15.68843,-16.775079 -10.39104,0 -16.77508,7.674429 -16.77508,18.337131 0,10.7985324 6.6557,17.8617235 17.45423,17.8617235 5.50114,0 10.05147,-1.69788248 15.0772,-6.8594452 z m -11.61352,-18.880453 c 5.22948,0 8.28567,3.32785 8.55733,8.489413 h -17.59006 c 0.95081,-5.229478 4.007,-8.489413 9.03273,-8.489413 z"
+         id="path4647" />
+      <path
+         d="m 221.66875,-35.180125 c -4.68616,0 -8.35358,1.901629 -10.52687,5.229478 v -4.142833 h -6.92736 V 0 h 7.47068 v -20.849997 c 0,-4.61824 3.25993,-7.94609 7.67443,-7.94609 4.55032,0 7.06319,2.716612 7.06319,7.742344 V 0 h 7.47068 v -23.362863 c 0,-6.723614 -4.14283,-11.817262 -12.22475,-11.817262 z"
+         id="path4649" />
+      <path
+         d="m 26.486966,24.856999 4.754071,-4.61824 C 26.826543,15.416773 22.68371,13.786806 17.18257,13.786806 c -10.0514638,0 -17.11465483,6.995276 -17.11465483,18.133384 0,11.070194 6.85944513,18.06547 17.04673983,18.06547 5.7728,0 9.983549,-1.765798 14.669705,-7.674429 l -4.957817,-4.142833 c -3.735342,4.074918 -6.180292,5.433224 -9.643973,5.433224 -6.316122,0 -9.5081414,-5.433224 -9.5081414,-11.681432 0,-6.248207 3.1920194,-11.817261 9.5081414,-11.817261 2.920358,0 5.433224,0.882898 9.304396,4.75407 z"
+         id="path4651" />
+      <path
+         d="m 52.362696,13.786806 c -10.25521,0 -17.386317,7.334852 -17.386317,18.133384 0,10.730618 7.131107,18.06547 17.386317,18.06547 10.119379,0 17.318401,-7.334852 17.318401,-18.06547 0,-10.798532 -7.199022,-18.133384 -17.318401,-18.133384 z m 0,6.316123 c 5.840715,0 9.711887,4.686155 9.711887,11.817261 0,7.063192 -3.871172,11.749347 -9.711887,11.749347 -5.976546,0 -9.779803,-4.686155 -9.779803,-11.749347 0,-7.131106 3.803257,-11.817261 9.779803,-11.817261 z"
+         id="path4653" />
+      <path
+         d="m 93.315623,13.786806 c -4.686156,0 -8.353582,1.901628 -10.526872,5.229478 v -4.142833 h -6.92736 V 48.96693 h 7.470683 V 28.116934 c 0,-4.618241 3.259934,-7.94609 7.674428,-7.94609 4.550325,0 7.063191,2.716612 7.063191,7.742344 V 48.96693 h 7.470687 V 25.604068 c 0,-6.723615 -4.14284,-11.817262 -12.224757,-11.817262 z"
+         id="path4655" />
+      <path
+         d="m 131.34819,13.786806 c -4.68615,0 -8.35358,1.901628 -10.52687,5.229478 v -4.142833 h -6.92736 V 48.96693 h 7.47068 V 28.116934 c 0,-4.618241 3.25994,-7.94609 7.67443,-7.94609 4.55033,0 7.06319,2.716612 7.06319,7.742344 V 48.96693 h 7.47069 V 25.604068 c 0,-6.723615 -4.14284,-11.817262 -12.22476,-11.817262 z"
+         id="path4657" />
+      <path
+         d="m 178.35916,38.57589 c -4.07492,3.667426 -6.45196,5.093647 -10.59479,5.093647 -6.58778,0 -9.71189,-4.48241 -10.25521,-10.051464 h 24.99283 c 0.0679,-0.679153 0.13583,-2.17329 0.13583,-3.056188 0,-10.323126 -5.56905,-16.775079 -15.68843,-16.775079 -10.39104,0 -16.77508,7.674429 -16.77508,18.33713 0,10.798533 6.6557,17.861724 17.45423,17.861724 5.50114,0 10.05146,-1.697883 15.0772,-6.859445 z M 166.74564,19.695437 c 5.22948,0 8.28567,3.327849 8.55733,8.489412 h -17.59006 c 0.95081,-5.229478 4.007,-8.489412 9.03273,-8.489412 z"
+         id="path4659" />
+      <path
+         d="m 214.13694,24.856999 4.75407,-4.61824 c -4.41449,-4.821986 -8.55733,-6.451953 -14.05847,-6.451953 -10.05146,0 -17.11465,6.995276 -17.11465,18.133384 0,11.070194 6.85944,18.06547 17.04674,18.06547 5.7728,0 9.98355,-1.765798 14.6697,-7.674429 l -4.95781,-4.142833 c -3.73535,4.074918 -6.1803,5.433224 -9.64398,5.433224 -6.31612,0 -9.50814,-5.433224 -9.50814,-11.681432 0,-6.248207 3.19202,-11.817261 9.50814,-11.817261 2.92036,0 5.43323,0.882898 9.3044,4.75407 z"
+         id="path4661" />
+      <path
+         d="m 242.25388,42.514977 c -2.24121,0.611238 -3.39577,0.747068 -4.55033,0.747068 -2.51287,0 -3.66743,-0.950814 -3.66743,-3.59951 V 20.51042 h 8.62525 v -5.636969 h -8.62525 V 6.8711723 h -7.47068 v 8.0022787 h -6.18029 v 5.636969 h 6.18029 v 20.035013 c 0,5.908631 2.51287,9.168566 9.3044,9.168566 2.10537,0 4.55032,-0.339577 7.33485,-1.290391 z"
+         id="path4663" />
+    </g>
+  </g>
+</svg>

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/infotext.md

@@ -0,0 +1,37 @@
+### Proxy Service
+
+This is the Swedish proxy service of the Swedish eIDAS Pilot
+
+- Application ID: **${proxy-service.applicationId}**
+- Supported eIDAS protocol versions: **${proxy-service.eidasVersions}**
+
+**Relevant resources:**
+<table class="table table-striped table-links table-responsive">
+
+<tr><td>Sweden Connect Home Page</td>
+<td><a href="https://swedenconnect.se">https://swedenconnect.se</a></td></tr>
+
+<tr><td>eIDAS Proxy Service Metadata</td>
+<td><a href="ServiceMetadata">${proxy-service.domain.prefix}/ServiceMetadata</a></td></tr>
+
+<tr><td>National SP Metadata</td>
+<td><a href="nat-metadata">${proxy-service.domain.prefix}/nat-metadata</a></td></tr>
+
+<tr><td>Private Sector SP Metadata</td>
+<td><a href="nat-metadata${proxy-service.private-sp.suffix}">${proxy-service.domain.prefix}/nat-metadata${proxy-service.private-sp.suffix}</a></td></tr>
+
+</table>
+
+**Metadata validation certificate:**
+<div style="margin-left:20px; font-size:small">
+
+
+```
+${proxy.service.metadata.cert}
+```
+</div>
+
+**Developers:**
+
+>Stefan Santesson  <a href="mailto:stefan@aaa-sec.com"><stefan@aaa-sec.com></a><br/>
+>Martin Lindström  <a href="mailto:martin.lindstrom@litsec.se"><martin.lindstrom@litsec.se></a>

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/metadata.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFIjCCAwoCCQCVO3v9xSA+FDANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJT
+RTEnMCUGA1UECgweU3dlZGlzaCBFLWlkZW50aWZpY2F0aW9uIEJvYXJkMRswGQYD
+VQQDDBJRQSBNZXRhZGF0YSBTaWduZXIwHhcNMTcxMjE5MTIyMDI1WhcNMjcxMjE3
+MTIyMDI1WjBTMQswCQYDVQQGEwJTRTEnMCUGA1UECgweU3dlZGlzaCBFLWlkZW50
+aWZpY2F0aW9uIEJvYXJkMRswGQYDVQQDDBJRQSBNZXRhZGF0YSBTaWduZXIwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDYzcmlNTMkBzIYUXxT13zNMakh
+xR9BO1Qnlt2euUNdvL8FhgiNo+2AJDxFWts8nsg9Jam15F38nTqRMt4r1zFHYFJ5
+22h8urckpwvFVu/kjQrY8pztLE/pPvGXLPlySDkiRifCGibXuACngZx5chCwNs2h
+2OoMgKH7d5aZmUcB2mIc/Ybd98W9jtch1gh5/QM0aJsYnDTYuB840YGwHXCyiBUf
+1teUT9bJ/Y90OSXBdib9kuOmtQNMTYtyX8FAodYXVx8ibXNDfhdGaBJh+2J4lFTA
+DQQ1tM1YigZyvBuslBcuLDfZce0OaWPYPAf8PE8voxJhGkA026GGNjXP/9nRK146
+bkN4nd/Aa6842aYEOjjcDAl43tjHKZBu0+pnq/2GRiN7Dw4Y+Td/2y8PqD/W87CV
+ttrU6yniSMr7Y1+TfzzESSVPXs+csyatH9MJ2IA184Oh7TL6tPh5N96ugh7s85pN
+zswG+Gouw1BVCfqpSJmmNMheEOr6igOYQ0LY5aOooLoqET9gu0ks9cixjANFhnhE
+vRVkMfbnFVAnvXQEWPQY5NgqO4b0Z65ey011L+slNo6EIiw0FkznAwER0aYzrM2r
+hs/hJAAbjnxEhgMKN9bdoXpnrAehwbTOTipOWwrdcd3IKNdDEyFY15j5rGgyIBcK
+8gNnvGJLKcaC4vBd1QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBuws48HrfwW/Eq
+WN4+VSZ1cMgkp/mgqyyDdXoCPUf5o7ro17oDSocmpdQypiCr6M88MACBX8cqKmie
+kIyptrzp1x2seo8rTJpno97dt3hSwbe6+SbRh2bjDpDzL2ecrtv/GXjR41b2CbMO
+wu4WTgiFhWmKGNDNcEem37VUpKEYe7u/ucie71AQi49jM0rJ5uSVdBONKj3iAH5d
+mckw2nt6HKMJ0S+ckM/aq+m8ACgAyYmMr74Yt6wcpl/NORtIxaGUeT7Z8rN7TUmk
+gP9scbYF16xJJkxtylnK2BrSwSFOIuB5KJo2xxhuMffxEgdy4711TfwMCUaTPKmF
+dlYzPKeBaYzWFU42jcVsiQz4mSqgvS2dS8nZpYe2K0zHIzKwytn+HQ36KhRRDAVR
+7aKH9S8FZJXC6wqXFdEwwZujkGhu/BxgfjGkde8qOQMUwHboX9+aflQ9okB1Tha6
+xVB1kG86WdgJLmrsfqaX1FVyO761ZXYHTuoAZ0iuzIRhteUksfRZchnKpUX0fF1i
+yB9M0E6JfqvFeVfLlo8c2FI4MUYFWgqciizaXSfw0waMFdX5+U33eXr1RWF0POZX
+JERf83JkjVLanESP9/U9nsZYgIiSX88PahYtuSZLhqamzzFvK+wuVcNKark8s1kS
+2d8EIOY6h4jmS2ds9ORaavkV/xxTAA==
+-----END CERTIFICATE-----

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/natsp-metadata.properties

@@ -0,0 +1,26 @@
+#EntityID of the n
+natsp.entityId=${proxy-service.domain.prefix}/nat-ps-sp
+# Logos are specified as a map with the url as key followed by  height,width[,lang] as comma separated parameters. 
+natsp.logos={\
+  '${proxy-service.domain.prefix}/image/logo.svg':'60,171',\
+  '${proxy-service.domain.prefix}/image/icon.svg':'32,32'\
+  }
+natsp.displayNames={\
+  en:'Swedish Citizen Adapter',\
+  sv:'Sveriges internationella legitimeringsnod'\
+  }
+natsp.descriptions={\
+  en:'Swedish eIDAS Service',\
+  sv:'Svenska eIDAS Tjänsten'\
+  }
+natsp.assertionConsumerServices={\
+  'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/assertionconsumer'\
+  }
+natsp.nameIDFormats=\
+  urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\
+  urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+natsp.entityCategories=\
+  http://id.elegnamnden.se/ec/1.0/loa3-pnr,\
+  http://id.elegnamnden.se/ec/1.0/eidas-pnr-delivery
+
+

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/pkcs11.cfg

@@ -0,0 +1,33 @@
+#SafeNet Luna
+name = Luna
+library = /usr/safenet/lunaclient/lib/libCryptoki2_64.so
+description = Luna config
+slot = 6
+attributes(*,*,*) = {
+CKA_TOKEN = true
+}
+attributes(*,CKO_SECRET_KEY,*) = {
+CKA_CLASS=4
+CKA_PRIVATE= true
+CKA_KEY_TYPE = 21
+CKA_SENSITIVE= true
+CKA_ENCRYPT= true
+CKA_DECRYPT= true
+CKA_WRAP= true
+CKA_UNWRAP= true
+}
+attributes(*,CKO_PRIVATE_KEY,*) = {
+CKA_CLASS=3
+CKA_LABEL=true
+CKA_PRIVATE = true
+CKA_DECRYPT=true
+CKA_SIGN=true
+CKA_UNWRAP=true
+}
+attributes(*,CKO_PUBLIC_KEY,*) = {
+CKA_CLASS=2
+CKA_LABEL=true
+CKA_ENCRYPT = true
+CKA_VERIFY=true
+CKA_WRAP=true
+}

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/psidp-metadata.properties

@@ -0,0 +1,36 @@
+psmd.gen.entityID=${proxy-service.domain.prefix}/ServiceMetadata
+# Protocol version is the supported eIDAS protocol version. A coma separated list of versions may be provided if more than one are supported.
+psmd.gen.supportedProtocolVersions=1.0,1.1,1.2
+# Application ID prefix MUST have the format {provider name}:{application ID}:  e.g. "SE-eidas:proxy-service:"
+psmd.gen.applicationIdPrefix=SE:proxy-service:
+psmd.ext.supportedEncAlgos=\
+  http://www.w3.org/2009/xmlenc11#aes128-gcm,\
+  http://www.w3.org/2009/xmlenc11#aes192-gcm,\
+  http://www.w3.org/2009/xmlenc11#aes256-gcm
+psmd.ext.supportedSigAlgorithms=\
+  http://www.w3.org/2001/04/xmldsig-more#rsa-sha512,\
+  http://www.w3.org/2001/04/xmldsig-more#rsa-sha256,\
+  http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
+psmd.ext.supportedDigestAlgorithms=\
+  http://www.w3.org/2001/04/xmldsig-more#sha384,\
+  http://www.w3.org/2001/04/xmlenc#sha512,\
+  http://www.w3.org/2001/04/xmlenc#sha256
+psmd.idp.nameIDFormats=\
+  urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,\
+  urn:oasis:names:tc:SAML:2.0:nameid-format:transient,\
+  urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+psmd.idp.ssoList={'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST':'${proxy-service.domain.prefix}/ColleagueRequest'}
+psmd.idp.supportedAttributes=\
+  http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName,\
+  http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName,\
+  http://eidas.europa.eu/attributes/naturalperson/DateOfBirth,\
+  http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier,\
+  http://eidas.europa.eu/attributes/naturalperson/Gender
+psmd.idp.assuranceCertifications=\
+  http://eidas.europa.eu/LoA/high,\
+  http://eidas.europa.eu/LoA/substantial,\
+  http://eidas.europa.eu/LoA/low,\
+  http://eidas.europa.eu/LoA/NotNotified/low,\
+  http://eidas.europa.eu/LoA/NotNotified/substantial,\
+  http://eidas.europa.eu/LoA/NotNotified/high
+psmd.idp.termsofaccessRequesterId=true

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/sign.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFKDCCAxCgAwIBAgIEBEA5gTANBgkqhkiG9w0BAQsFADBMMQswCQYDVQQGEwJT
+RTEXMBUGA1UEChMOU3dlZGVuIENvbm5lY3QxDjAMBgNVBAsTBWVJREFTMRQwEgYD
+VQQDEwtTQU1MIFNpZ25lcjAeFw0xODA5MDEwMDAwMDBaFw0yODA5MDEwMDAwMDBa
+MEwxCzAJBgNVBAYTAlNFMRcwFQYDVQQKEw5Td2VkZW4gQ29ubmVjdDEOMAwGA1UE
+CxMFZUlEQVMxFDASBgNVBAMTC1NBTUwgU2lnbmVyMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEAoDCg0aSB43LoPFwh0gB9ZyQ6c5MRHddSDfdyZW2Z20bo
+EML62j3spRnBXG83orL40w3CzbXVu3j4gaCSx+Qt8sGKW9mk2PY8S+h6Xieg18Rw
+SP0eZRoAfacxufejvKHUg4nSLdT8k8RjiVkLjPMyTwqHlhusFU/OiGdT82B9aYJa
+ekiKVqLorv6VBIFu2j3KJ7mKJN3xxjeSWyHlKVvVmJ7slarp69ndGV5AJNtnDK5Y
+KbEzgKslIUicP3rmnqgCSKBUlA3ppYxArUy6IJLGiKmv74/Sc2tRpsCXwVgFouC/
+sj2Mpksab0wTzXomZ7oXMb35M12duiltPXgnLhMuH4GjEYlPBaaQl1ilAAvk/e29
+xpT2jIR5tl0RF9rUqYlpJqyLq5/jRjyUXOTWwVQ5/oQ65iYXuoA9EYxkAE1bYCf9
+rKMPUcczqiThzHzaYUs/mkAoLgBMtLSf2K84ztWZrbUzDa4RBTfeXmZhHyjenTSC
+KgBqnN2s89VOgy/+hB8EmTeSHg4BOoJ56zjOr/EOifUQCey2PetA9rMUd7MkMv49
+hdVWKdk9fIrAmmEaVtU5uMajmCTiZItMbtEbmBtYfFOZmE0BoI1/g3wu393tY/oF
+vMrGrGf2gFUc/o63IrlSDpZLv/hmKfmpmreZpY6yi3pAVs9wiuDRZsaQcV8dpIMC
+AwEAAaMSMBAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQBt3yH5
+jXx63IFWA+jWdLdAn/MSJNT19vwuC5KVgDdlnv/bWj6u3uCmBvHUVsNMcTuOJXN2
+KOverRvdzStwW2yHmNn8PX4Yn4IVLSYdYNlrxp4DvL97WwnpxV2tASaRZ3eUMrh5
+sQaG/IqdJ1lCS78PyiE+kVzF0oNUbk1ba0N2Hvlc6LeA5Sy0lbaqT0PTU6xF5lec
+9azRPc3S2GiGl5BLRBcJvMjJzBBQ6yD4dXPY4nFQSWdgp7VW6FnvY6jnj2mmLVn8
+HYLB7hSxev3vCqt5vOEWXCi/zDM/YU5/SwbvZQ/vdkFGIEaJNSBGLq8As3uljmPd
+byLHu2wpW7/hVZpD6fYVG+0nghu23lwZ+l0KQKU4AleHulMJUaYkprP4LhC3mRAO
+jaJwlMn4hdGEV38zauukvwspxEmZ52UAEAhS1+NPLIm0gjR/s3S+U4HNpJjvqm+T
+BI3VAH8TV9bJ0FGf1jPZ5ZM0AsLearM5AO9peQ2xRvC9tLrpCnfk84HZF6KvZCzo
+egUxh55BXfCs5n/xhKU5ZLzbetkNLHXFsd3F2KAg3ny+vTxaTpY/rBCvsOKI98Fo
+ybRdsPn1zskNyGXdZi3yxVYa0lvEWf7VyG9svLSfF7xjN/pc7vj/nspCZK6B/q5+
+wAO+aJg4t0V8ZXu8gI23LFpiMNhjqkSQ6ZuIGA==
+-----END CERTIFICATE-----

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/swedenconnect-signer.crt

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGFTCCA/2gAwIBAgIJAMRMtpYesnyPMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0x
+IjAgBgNVBAoMGUUtTGVnaXRpbWF0aW9uc27Dg8KkbW5kZW4xFzAVBgNVBAsMDlN3
+ZWRlbiBDb25uZWN0MSwwKgYDVQQDDCNTd2VkZW4gQ29ubmVjdCBtZXRhZGF0YSBz
+aWduZXIgdjIuMDAeFw0xODA1MzAwOTIzMzVaFw0zODA1MzAwOTIzMzVaMIGgMQsw
+CQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hv
+bG0xIjAgBgNVBAoMGUUtTGVnaXRpbWF0aW9uc27Dg8KkbW5kZW4xFzAVBgNVBAsM
+DlN3ZWRlbiBDb25uZWN0MSwwKgYDVQQDDCNTd2VkZW4gQ29ubmVjdCBtZXRhZGF0
+YSBzaWduZXIgdjIuMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPer
+La2IxQHWRFvX5mC8OgYSsZTjNcEGz0vLwBsdckQiBWWgrLdnU6+raS/SlriY4qcZ
+g8CJkhj8CdLBn6UxwdwOy+tGYjyAFCkV2yQ68euyNqwWgT6iiq/dn1kjWzamC18H
+U0LN/c7eieldhdI8edSF9Z6Drjt7s8glP4Lrd1FM5NXWros06fpEs61BoMZrIyei
+ptB4M7XBGJW6mQx3trnN4FnDZIyzNf9H+Z4XvXnn/URLMd0S3hS2uxVS7OGluKY6
+hhXfpcOGwUKcQmE7coI0mhZ9TAsG7h++J/A7aBp3eWr9eXzeFmwg7sHRBtd3LaD+
+yBLXuUFaPHJyOSFCeiys1O1Oh2CGpJIfPHlqmCQmTQrNEtioJyPRVAZamwio+mYt
+EsI8ssPW3/FNEe93cHd88BDhCDtz5oiQiGyflsCWSh4SwjFVVw7jgRGzmkn2TfHv
+yjiiexS8LeleqwMQ95e9dcVbktxBvDnPd0xCAXVL0y2P31DXLYe/2806C/21KWRU
+Z/EtLTQKpxJWhqsZwSZSpxjb6h3l8D9HAm5w4I/4w3JB40R7GJFWtuwh+clRnzC2
+xtN9cGfe+LXG0SG6ObUu9XBVBwNIL2xNgz+eSCv1n/8hlahoZySLtj0AKFQPyWvw
+Bitvvwk8uq3NPpBiz2nilHG3nnzlp+TK6+pjOHOrAgMBAAGjUDBOMB0GA1UdDgQW
+BBTqVEEVOf9SV47Nz0su8/MYAWOy4jAfBgNVHSMEGDAWgBTqVEEVOf9SV47Nz0su
+8/MYAWOy4jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAXjshVZ5td
+ZqClqmZUEEWFh8oDk8lrRkZfXUmThQiKYq7NrLecbquDh1Mglq3zVxndZMAZVzrQ
+3U/EJ7B+LXfd5fnl91+qb5d1bJBs/Om/AyFA/bBnOyYPzkZWf+M8nItzQyOJX7ZO
+kzIOakaet6HR6T7ADk7vfSjqnRLywNL/cq3/if9c5WGh5NUSteltuDHOsm3DwvN4
+aFP+rngiYF1j509wbZOO7koIwZZUG9g0Etv0T8u7xXyZkYxjEfrr4uMf6121PoaP
+7mMU1Msuqw7idRMOj7mL5tIpu1ihw/a2pWqaXkxNsQXpOv+HtpBZ28pzqAtcHt8q
+r5V5Gm+W37RMlnIDsJwgEfA6FKEDqahSRmYnh8v+F9aDRDpGYpwRtK3k0tiy9Kvp
+8o16aCCqLtFU+Lme2NzkcFQubPmkan21M6/VTGP7UrgtvhXAaqYcTQBq/YJ4TiXz
+SBZgjywUi1nMZAzG4KS4jFR27Kdiul3G10I/M7nPtNq51uNspiO117zRo/8qD4wE
+BOoxiQw0f7/UPW8uznHU3DR3JUkTTlUfKHrfB7RZvkqw15bLkH8DpgINkjW+PFzI
+OkY6KYbZj/wwCYBw3rxMb4oY3Lv0S6cLmLvxmkG8eizY9ymwNlr/YAwPeyzuLPRf
+j6+cBKFT97et/lUMyfKVwbmuJNgtABRRcw==
+-----END CERTIFICATE-----

eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/syslog.properties

@@ -0,0 +1,23 @@
+# Parameters:
+# - host           : Arrray of hostname or IP adresses separated by comma.
+# - port           : TCP or UDP port
+# - protocol       : udp, tcp or ssl
+# - bsd            : Using message format RFC_3164 when set to true. Using RFC_5424 (UDP) or RFC_5425 (TCP) when false
+# - facility       : The syslog facility identifier (0-23)
+# - severity       : The syslog sverity code 0-7
+# - clienthostname : Name of the sending client host
+# - clientapp      : Name of the sending client application
+
+syslog.1.host=log-1.sveidas.se
+syslog.1.port=514
+syslog.1.protocol=udp
+syslog.1.bsd=false
+syslog.1.facility=19
+syslog.1.clientapp=eidas-proxy-service
+
+syslog.2.host=log-2.sveidas.se
+syslog.2.port=514
+syslog.2.protocol=udp
+syslog.2.bsd=false
+syslog.2.facility=19
+syslog.2.clientapp=eidas-proxy-service

eidas-test-proxy/overlay/etc/luna/cert/server/CAFile.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRYwFAYDVQQKEw1DaHJ5
+c2FsaXMtSVRTMRQwEgYDVQQDEwtzZS10dWctaHNtMTAeFw0xNDA1MTMwMTE1MDha
+Fw0yNDA1MTQwMTE1MDhaMF4xCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlv
+MQ8wDQYDVQQHEwZPdHRhd2ExFjAUBgNVBAoTDUNocnlzYWxpcy1JVFMxFDASBgNV
+BAMTC3NlLXR1Zy1oc20xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uEOQnpKAiWov+y5tzljds8FXZ1/u4K5mVvt6uT+uC9TyzleQ/Mvy+s96hgv32CH2
+Wb1hbnVoOg/r5cxaplmLtLAy4KQPEmEfYsoftGXc+sNhjNQaP7Sv+PVJooFEEvxP
+sicnHK2Iw0+2I5yYfnNe2k1L0Kl2EJWLS3tq2l6w6RPD/ldf21lXmB+RE7j3QEx/
+ALqLuqbiyg8tR6iamTQBM9IotG1jBIh5InVStZqV9bzyLIebNUjkyta2uCw4RCcM
+lxJpLm7HOpuDf4iLVLW5BwRLJMHBoHJ5hK7Rw9vpwUhL5ujwZ8ugiYwiYtgXUuia
+b8WgGuo5zRNA1Zm2TrvNqQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA3/xEbq4gP
+sOrH66HHToRUoGvkD90uhYwinYNmE7KBTAFhvbnlCeOcQGo88DoVZgkYJNLpMD4K
+bhyyyNcVVt6UYHzt00N5XfuqwEy1C1QqZaeNZiyADvLLBftjym/VHth70Eu5WjHo
+f02uDEU3DkaWuFRrAqBGkkFLJwrNua0qr1vnqe5LBipOCkXPSCAUYW5iJmESeolD
+BzA3AP1ykXh7HvrinY4zeALleFAJ6cur6qXkpe3B4h/s/vT0IMvxTZzDVMz3i4Pd
+jKFAV6RbM4jygP3LNj4XseODrZj5IM9O/WEjbv8J/E7E9ON05oWDkQbZwAvklaXF
+9ez3C8WAI1q+
+-----END CERTIFICATE-----

eidas-test-proxy/overlay/etc/luna/cert/server/lla-hsm2.sunet.seCert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLzCCAhegAwIBAgIBADANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5
+c2FsaXMtSVRTMREwDwYDVQQDDAhsbGEtaHNtMjAeFw0yMDAzMzAxMTI1MzNaFw0z
+MDA0MDExMTI1MzNaMFsxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
+DQYDVQQHDAZPdHRhd2ExFjAUBgNVBAoMDUNocnlzYWxpcy1JVFMxETAPBgNVBAMM
+CGxsYS1oc20yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8UKBj61
+aja8nrXkMt7k5dFVAK5uufEyZ0JFeL3P7/9kVtoonh5VV8qTcwRPGjPK2pK4ZkwW
+YrwQwYU9I7XjnVjYRyEUKxyoGkBGmSUVccNKIHZI5CC6j/vA1e+eV3Pm7zBpD1Xn
+CBNS5s/bO4VU9/7G0VMRubjwhjjssVs68fH25Au3Vw0p8IeiacFzON6SZr+6j0BN
+jQ6p2q43phwOhUWYSdhufI1Yfn8jel4jGJjc97jDdFJqCCScRpyyARjxjgPJlS5v
+Pp2n8LmCNt4tnjbLGqV9Vf/2mUnyfskEx2xqnfuQTVLoAKE5c9kaanWbesEx1C1Y
+Oj2tHgpujrdtzQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCkWHw+RIwtT7OfmFOJ
+YlJBKOgI0BgIo0dXMsm9+mEBuLyNIo5QL3Nw87/vke5Yn27J1/Q+ihW4JAj4JnQ6
+rBhm6Ns/6aqr2YWovRXo4R/N537qk9jhi5gff7L4NQrgiTUEgQ2kAQGAgzaSmD/+
+GSs9qY5gICCik5evthyeJhTDnp5eBaozjcIEEDTxtTg+xBm/gPraMQGl3hNC+p3E
+KFCf+AlIDSxIV3CjT/MDUYklsBFR2g2DVI49VKxoRU1Iloer0p2NvmtPUXn9bMXt
+X6GatvYxwNsiWVVYrNyIYUPQ59lihjQNibSIl5yqdXlhVY8pg5Xq9X1TOEMqUQ3l
+gQn2
+-----END CERTIFICATE-----

eidas-test-proxy/overlay/etc/luna/cert/server/sthb-hsm2.sunet.seCert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhmgAwIBAgIBADANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5
+c2FsaXMtSVRTMRIwEAYDVQQDDAlzdGhiLWhzbTIwHhcNMjAwMzMwMTE1ODI3WhcN
+MzAwNDAxMTE1ODI3WjBcMQswCQYDVQQGEwJDQTEQMA4GA1UECAwHT250YXJpbzEP
+MA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5c2FsaXMtSVRTMRIwEAYDVQQD
+DAlzdGhiLWhzbTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgdBdk
+uZy+YbKhwwHkFlJispF7wxMChFuuhpGDtDogYYEgGAR9j5aMGuz8t07pNbAX+Oex
+SYENEJYvLKCHXMgitZiDioKcdXCNlOGBJV4Y5dubrS1+ocOmJnr0mJPtm6RzAsIU
+UeqhIcw/JllHYnHHyHQeQprGn2v6l0J9PRwAc12Xja2p/eSvGR3bC4VyMQl9PB1r
+KrPCdGrXfUFpBSdrU2308RvBLNl4tjnaXHcSD7/s26QGHPJSQDqmXYZDl0MiCZi2
+eLm1hP3TAvXbHjE1kYv81zUVYNnANLFZLUHgFZhfMqOM+91sHcOaaeGx1ZtAZZO5
+GFVeAhg7u4PlqLapAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACsHjivOVHSFlKgN
+zHG0CyaKY13YyLRi8PtbDKB5qiJuD7LGjveVal+SD+AIYtG60o9bF3X1xCkNDcLt
+imlfq1L39OawDbEvJZGOLGIqJDfMbEqWIUGiFureQ+4zWBD81iIHUuQ+BPDUU9zu
+xfdkchy9S2wzqP1q7of3wN0HbHj2UdwIIMipyO81bqfwCyW4xjDDRY+L9zMTGOAe
+hoqgjC/ZLYkgfkWp3THWzQ6ZBeYedU97nEaZkXJDsOwseWol9mrL5wuzDCAZjm9J
+LyjLbTDcNn7Gy74sF7nHiRsiW+Kb1zkOisFCE457+0sQFdK/0XhrCug66sBCC673
+z/6pegM=
+-----END CERTIFICATE-----

eidas-test-proxy/overlay/etc/luna/cert/server/tug-hsm2.sunet.seCert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLzCCAhegAwIBAgIBADANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJDQTEQ
+MA4GA1UECAwHT250YXJpbzEPMA0GA1UEBwwGT3R0YXdhMRYwFAYDVQQKDA1DaHJ5
+c2FsaXMtSVRTMREwDwYDVQQDDAh0dWctaHNtMjAeFw0yMDAzMzAxMjEyNTZaFw0z
+MDA0MDExMjEyNTZaMFsxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMQ8w
+DQYDVQQHDAZPdHRhd2ExFjAUBgNVBAoMDUNocnlzYWxpcy1JVFMxETAPBgNVBAMM
+CHR1Zy1oc20yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv13NhdzT
+8gnTZ5Gfxp10CFJjxbG+wXsrFtnzqA0o6GRpNiuqPMEoTsUiE5AaqxhLz0N+y618
+YXGQ2wSX0FkjRHVih1e9vmEy1mlNc6x8VRAMaaHotXq58OI1NrotS/nVdVqZDc44
+C74FNhckS4cy4vAamG6j27H+IhnpJEbPI2vzS6ADY7Bdas6/CBwjUrvX8IlxnSpJ
+4LYZ+mEL4DS+SOwo2QGX/wMwi3wXX/4ZwUj5N491me5lCJMB48ixulXu6bpa9yp3
+iFMPPa+886to1AbY1lv86m64daaBlkZSJtSFEjRNCNxqwV0e6DkqZnDfKHRBNNVu
+ggRpD/5MFNanfwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQC4yhQjdluy9Uq04IKS
+1O4VsC3gJTwJFxkdn9FoyYOBnpBeWVD0cgC/lnWSoqDV7d/EYDaIWhTxYKVZFq1I
+OQ5+66gScfYAPtbNz5QfYtxzXa16HvI8b3SEQDruEsrwDmA+gmC++HFP4L6YLrIB
+5BptWDPvWJO/TLrv44Oc9Ymjdb4RDHgUrWSZ1VznNQl7ILzNJkYbxOwxEuqVu3h8
+yujRM4TYolv6Ipx5/w6pKTOBofuGdcS6WsQJeGR4THy4sh+IfGwCcBSucXkhNvMy
+/sQhcwPWc3sf5SSJzqfkpw53Ay+vPVLbhZVYGojvq7/JaTep8aRnGo/vELm7sUSL
+HZHt
+-----END CERTIFICATE-----

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -1032,6 +1032,18 @@ log-1.sveidas.se:
       version: '5:20.10.6~3-0~ubuntu-focal'
    konsulter:
    autoupdate:
+   servicemonitor:
+   eidas_proxy:
+      version: 1.4.5_hsm2
+      hostname: test.proxy.eidas.swedenconnect.se
+      spring_config_param: SPRING_CONFIG_ADDITIONAL_LOCATION
+   sunet::frontend::register_sites:
+     sites:
+       'test.proxy.eidas.swedenconnect.se':
+         frontends:
+           - 'fe-fre-1.test.komreg.net'
+           - 'fe-tug-1.test.komreg.net'
+         port: '443'
 
 '^prid-[0-9]+\.qa\.sveidas\.se$':
    konsulter: