server: port: 8082 ssl: bundle: infra spring: application: name: IdM-Service security: oauth2: resourceserver: jwt: public-key-location: classpath:oauth/as.pub audiences: - jocar ssl: bundle: pem: infra: keystore: private-key: file:/etc/ssl/private/<%= @fqdn %>_infra.key certificate: file:/etc/ssl/certs/<%= @fqdn %>_infra.crt truststore: certificate: file:/etc/ssl/certs/infra.crt data: redis: password: '<%= scope.call_function('safe_hiera', ['redis_password']) %>' cluster: nodes: <%- @redises.each do |host| -%> - <%= host %>:6379 - <%= host %>:6380 <%- end -%> ssl: enabled: true ssl-ext: # redis or java require IP addresses in cert if verifcation is turned on # Caused by: java.util.concurrent.CompletionException: # javax.net.ssl.SSLHandshakeException: No subject alternative names # matching IP address 89.46.20.236 found enable-hostname-verification: false credential: resource: file:/etc/ssl/private/<%= @fqdn %>_infra.p12 password: qwerty123 trust: resource: file:/etc/ssl/certs/infra.p12 password: qwerty123 datasource: url: jdbc:mariadb:loadbalance://<%= @dbs_string %>/idm username: idm password: <%= scope.call_function('safe_hiera', ['sql_password']) %> liquibase: enabled: true # Generates database schema/tables change-log: classpath:changelogs/changelog-master.xml navet: authorization-url: https://sysorgoauth2.test.skatteverket.se/oauth2/v1/sysorg/token base-url: https://api.test.skatteverket.se/folkbokforing/folkbokforingsuppgifter-for-offentliga-aktorer/v2 bestallnings-identitet: 00000236-FO01-0001 organisationsnummer: 162021004748 secret: key-store: classpath:/certificate/navet/64905004722e1.p12 key-store-password: 4729451359506045 credentials: gateway: client-id: d3e1d1563a504f17acb2b33a51097a99 client-secret: 9eE7A58695fc46DF9f563B058ffB36F1 authorization-server: client-id: d34f109e3a11d02d744394423a020023e9bab0cd3ff78d63 client-secret: ebc8b00ca4b08e790b208dc0abd460273fa6c459bc2f0023e9bab0cd3ff78d63 idm: # XXX fix URL replacement # XXX fix OAUTH mrecord: api: connector-id: https://test.idm.eidas.swedenconnect.se/connector check-scope: dismay-smitten-unfasten-dastardly/idrecord_check get-scope: dismay-smitten-unfasten-dastardly/idrecord_get db: key-store-type: jceks key-store: classpath:dbkey.jceks key-store-password: secret key-alias: dbkey key-password: secret auth: destination-url: https://sandbox.swedenconnect.se/auth/be/auth # Id-Tjänsten auth-return-url: https://test.idm.eidas.swedenconnect.se:443/idm/auth/sp/return discover-return-url: https://test.idm.eidas.swedenconnect.se:443/idm/auth/sign/sp/return client-id: digg-idm-dev trusted-certificates: - classpath:idp.cert id-strategy: STATIC email: enabled: true no-reply-email: noreply@swedenconnect.se storage: pending-relative-sign-time-to-live-in-hours: 336 oauth2-id: https://test.idm.swedenconnect.se/idm signservice: discovery: metadata-cache-file: /tmp/metadata-cache.xml allowed-entity-ids: - http://local.dev.swedenconnect.se/idp - https://bankid.swedenconnect.se/idp/local - https://idp-sweden-connect-valfr-2017-sandbox.test.frejaeid.com federation-metadata-location: https://eid.svelegtest.se/metadata/mdx/role/idp.xml metadata-validation-certificate: classpath:certificate/metadata/sandbox-metadata.crt config: policy: localdev default-sign-requester-id: https://sandbox.swedenconnect.se/idm default-return-url: https://sandbox.swedenconnect.se/idm/frontend/common/validateSign sign-service-id: https://sandbox.swedenconnect.se/signservice default-destination-url: https://sandbox.swedenconnect.se/signservice/sign/idm/signreq default-signature-algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 sign-service-certificates: - classpath:certificate/signservice/signservice.crt trust-anchors: - classpath:certificate/signservice/test-ca.crt credential: type: JKS resource: classpath:certificate/signservice/sign-client.jks password: secret alias: client key-password: secret response: config: strict-processing: false maximum-allowed-response-age: 180000 allowed-clock-skew: 60000 require-assertion: true