# # Connector overrides for the internal Sunet test deployment # --- spring: ssl: bundle: pem: connector-web-server: keystore: certificate: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-cert.pem private-key: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-key.pem sunet-tls-trust: truststore: certificate: file:/etc/ssl/certs/infra.crt server: port: 8443 servlet: context-path: /idp ssl: enabled: true bundle: connector-web-server error: include-stacktrace: never management: server: port: 8444 health: redis: enabled: false credential: bundles: keystore: pkcs11-store: type: PKCS11 provider: SunPKCS11 password: ${PKCS11_PIN} pkcs11: configuration-file: ${CONNECTOR_DIRECTORY}/credentials/pkcs11.cfg jks: connector-sign: name: "Connector Signing Credential" store-reference: pkcs11-store key: certificates: file:${CONNECTOR_DIRECTORY}/credentials/sign.crt # The alias should be the name of the CKA_LABEL attribute alias: sc_eidas_sign key-password: ${PKCS11_PIN} monitor: true connector-encrypt: name: "Connector Encryption Credential" store-reference: pkcs11-store key: # certificates: file:${CONNECTOR_DIRECTORY}/credentials/enc.crt # The alias should be the name of the CKA_LABEL attribute alias: sc_eidas_encrypt key-password: ${PKCS11_PIN} monitor: true connector-hsm-md-sign: name: "Connector HSM Metadata Signing Credential" store-reference: pkcs11-store key: certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt alias: sctest2 key-password: ${PKCS11_PIN} monitor: true #pem: #oauth2: # TODO: Fix certs #name: "Connector OAuth2 Credential" #certificates: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.crt # private-key: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.key monitoring: enabled: true test-interval: 10m health-endpoint-enabled: true connector: domain: test.connector.eidas.swedenconnect.se base-url: https://${connector.domain}${server.servlet.context-path} backup-directory: ${CONNECTOR_DIRECTORY}/backup eu-metadata: location: https://test.md.eidas.swedenconnect.se/role/idp.xml validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt eidas: credentials: # Use same as for IdP except for the metadata signing credential metadata-sign: pem: name: "Credential Metadata Signing" certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt private-key: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.key prid: policy-resource: file:${CONNECTOR_DIRECTORY}/prid/policy.properties idp: ping-whitelist: - https://test.test.swedenconnect.se/sp # idm: # TODO: Change to true when IdM integration should be turned on # active: false # api-base-url: https://test.idm.eidas.swedenconnect.se/idm #service-url: https://test.idm.eidas.swedenconnect.se/idm #oauth2: # resource-id: https://test.idm.eidas.swedenconnect.se/idm # client-id: ${saml.idp.entity-id} # check-scopes: # - ${connector.idm.oauth2.resource-id}/idrecord_check # get-scopes: # - ${connector.idm.oauth2.resource-id}/idrecord_get # server: # issuer: ${saml.idp.entity-id}/as # credential: # bundle: oauth2 saml: idp: entity-id: https://test.connector.eidas.swedenconnect.se/eidas base-url: ${connector.base-url} session: module: memory replay: type: memory context: "connector-replay-cache" metadata-providers: - location: https://test.md.swedenconnect.se/role/sp.xml backup-location: ${connector.backup-directory}/metadata/sc-cache.xml validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt credentials: # Use same as for IdP except for the metadata signing credential sign: bundle: connector-sign encrypt: bundle: connector-encrypt metadata-sign: bundle: connector-hsm-md-sign #future-sign: file:${CONNECTOR_DIRECTORY}/credentials/idp-signing.crt audit: in-memory: capacity: 1000 file: log-file: ${CONNECTOR_DIRECTORY}/logs/audit.log logging: level: se: swedenconnect: opensaml: DEBUG eidas: INFO