145 lines
4.9 KiB
Text
145 lines
4.9 KiB
Text
server:
|
|
port: 8082
|
|
ssl:
|
|
bundle: infra
|
|
servlet:
|
|
context-path: /
|
|
|
|
spring:
|
|
application:
|
|
name: IdM-Service
|
|
mail:
|
|
host: relay-1.swedenconnect.se
|
|
port: 587
|
|
username: <%= scope.call_function('safe_hiera', ['smtp_user']) %>
|
|
password: <%= scope.call_function('safe_hiera', ['smtp_password']) %>
|
|
security:
|
|
oauth2:
|
|
resourceserver:
|
|
jwt:
|
|
public-key-location: classpath:connector-oauth2.pub
|
|
audiences:
|
|
- ${idm.oauth2-id}
|
|
ssl:
|
|
bundle:
|
|
pem:
|
|
infra:
|
|
keystore:
|
|
private-key: file:/etc/ssl/private/<%= @fqdn %>_infra.key
|
|
certificate: file:/etc/ssl/certs/<%= @fqdn %>_infra.crt
|
|
truststore:
|
|
certificate: file:/etc/ssl/certs/infra.crt
|
|
data:
|
|
redis:
|
|
password: '<%= scope.call_function('safe_hiera', ['redis_password']) %>'
|
|
cluster:
|
|
nodes:
|
|
<%- @redises.each do |host| -%>
|
|
- <%= host %>:6379
|
|
- <%= host %>:6380
|
|
<%- end -%>
|
|
ssl:
|
|
enabled: true
|
|
ssl-ext:
|
|
# redis or java require IP addresses in cert if verifcation is turned on
|
|
# Caused by: java.util.concurrent.CompletionException:
|
|
# javax.net.ssl.SSLHandshakeException: No subject alternative names
|
|
# matching IP address 89.46.20.236 found
|
|
enable-hostname-verification: false
|
|
credential:
|
|
resource: file:/etc/ssl/private/<%= @fqdn %>_infra.p12
|
|
password: qwerty123
|
|
trust:
|
|
resource: file:/etc/ssl/certs/infra.p12
|
|
password: qwerty123
|
|
|
|
datasource:
|
|
url: jdbc:mariadb:loadbalance://<%= @dbs_string %>/idm
|
|
username: idm
|
|
password: <%= scope.call_function('safe_hiera', ['sql_password']) %>
|
|
|
|
liquibase:
|
|
enabled: true # Generates database schema/tables
|
|
change-log: classpath:changelogs/changelog-master.xml
|
|
|
|
navet:
|
|
authorization-url: https://sysorgoauth2.test.skatteverket.se/oauth2/v1/sysorg/token
|
|
base-url: https://api.test.skatteverket.se/folkbokforing/folkbokforingsuppgifter-for-offentliga-aktorer/v2
|
|
bestallnings-identitet: 00000236-FO01-0001
|
|
organisationsnummer: 162021004748
|
|
secret:
|
|
key-store: classpath:/certificate/navet/64905004722e1.p12
|
|
key-store-password: 4729451359506045
|
|
credentials:
|
|
gateway:
|
|
client-id: d3e1d1563a504f17acb2b33a51097a99
|
|
client-secret: 9eE7A58695fc46DF9f563B058ffB36F1
|
|
authorization-server:
|
|
client-id: d34f109e3a11d02d744394423a020023e9bab0cd3ff78d63
|
|
client-secret: ebc8b00ca4b08e790b208dc0abd460273fa6c459bc2f0023e9bab0cd3ff78d63
|
|
|
|
idm:
|
|
# XXX fix URL replacement
|
|
# XXX fix OAUTH
|
|
mrecord:
|
|
api:
|
|
connector-id: <%= scope.call_function('safe_hiera', ['connector_id']) %>
|
|
check-scope: ${idm.oauth2-id}/idrecord_check
|
|
get-scope: ${idm.oauth2-id}/idrecord_get
|
|
db:
|
|
key-store-type: jceks
|
|
key-store: classpath:dbkey.jceks
|
|
key-store-password: secret
|
|
key-alias: dbkey
|
|
key-password: secret
|
|
auth:
|
|
destination-url: <%= scope.call_function('safe_hiera', ['destination_url']) %>
|
|
auth-return-url: <%= scope.call_function('safe_hiera', ['auth_return_url']) %>
|
|
discover-return-url: <%= scope.call_function('safe_hiera', ['discover_return_url']) %>
|
|
client-id: <%= scope.call_function('safe_hiera', ['client_id']) %>
|
|
trusted-certificates:
|
|
- classpath:idp.cert
|
|
id-strategy: STATIC
|
|
rate-limits:
|
|
capacity: 4
|
|
time: 86400
|
|
email:
|
|
enabled: true
|
|
no-reply-email: noreply@swedenconnect.se
|
|
storage:
|
|
pending-relative-sign-time-to-live-in-hours: 336
|
|
oauth2-id: <%= scope.call_function('safe_hiera', ['oauth2_id']) %>
|
|
|
|
|
|
signservice:
|
|
discovery:
|
|
metadata-cache-file: /tmp/metadata-cache.xml
|
|
allowed-entity-ids:
|
|
- http://local.dev.swedenconnect.se/idp
|
|
- https://bankid.swedenconnect.se/idp/local
|
|
- https://idp-sweden-connect-valfr-2017-sandbox.test.frejaeid.com
|
|
federation-metadata-location: https://eid.svelegtest.se/metadata/mdx/role/idp.xml
|
|
metadata-validation-certificate: classpath:certificate/metadata/sandbox-metadata.crt
|
|
config:
|
|
policy: localdev
|
|
default-sign-requester-id: https://sandbox.swedenconnect.se/idm
|
|
default-return-url: https://sandbox.swedenconnect.se/idm/frontend/common/validateSign
|
|
sign-service-id: https://sandbox.swedenconnect.se/signservice
|
|
default-destination-url: https://sandbox.swedenconnect.se/signservice/sign/idm/signreq
|
|
default-signature-algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
|
|
sign-service-certificates:
|
|
- classpath:certificate/signservice/signservice.crt
|
|
trust-anchors:
|
|
- classpath:certificate/signservice/test-ca.crt
|
|
credential:
|
|
type: JKS
|
|
resource: classpath:certificate/signservice/sign-client.jks
|
|
password: secret
|
|
alias: client
|
|
key-password: secret
|
|
response:
|
|
config:
|
|
strict-processing: false
|
|
maximum-allowed-response-age: 180000
|
|
allowed-clock-skew: 60000
|
|
require-assertion: true
|