eid-ops/eidas-test-connector/overlay/opt/eidas-connector/application-test.yml

#
# Connector overrides for the internal Sunet test deployment
#
---
spring:
  ssl:
    bundle:
      pem:
        connector-web-server:
          keystore:
            certificate: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-cert.pem
            private-key: file:${CONNECTOR_DIRECTORY}/credentials/tomcat/tomcat-key.pem
        sunet-tls-trust:
          truststore:
            certificate: file:/etc/ssl/certs/infra.crt

server:
  port: 8443
  servlet:
    context-path: /idp
  ssl:
    enabled: true
    bundle: connector-web-server
  error:
    include-stacktrace: never

management:
  server:
    port: 8444
  health:
    redis:
      enabled: false

credential:
  bundles:
    keystore:
      pkcs11-store:
        type: PKCS11
        provider: SunPKCS11
        password: ${PKCS11_PIN}
        pkcs11:
          configuration-file: ${CONNECTOR_DIRECTORY}/credentials/pkcs11.cfg
    jks:
      connector-sign:
        name: "Connector Signing Credential"
        store-reference: pkcs11-store
        key:
          certificates: file:${CONNECTOR_DIRECTORY}/credentials/sign.crt
          # The alias should be the name of the CKA_LABEL attribute
          alias: sc_eidas_sign
          key-password: ${PKCS11_PIN}
        monitor: true
      connector-encrypt:
        name: "Connector Encryption Credential"
        store-reference: pkcs11-store
        key:
          # certificates: file:${CONNECTOR_DIRECTORY}/credentials/enc.crt
          # The alias should be the name of the CKA_LABEL attribute
          alias: sc_eidas_encrypt
          key-password: ${PKCS11_PIN}
        monitor: true
      connector-hsm-md-sign:
        name: "Connector HSM Metadata Signing Credential"
        store-reference: pkcs11-store
        key:
          certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
          alias: sctest2
          key-password: ${PKCS11_PIN}
        monitor: true
          #pem:
          #oauth2:
        # TODO: Fix certs
        #name: "Connector OAuth2 Credential"
        #certificates: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.crt
        # private-key: file:${CONNECTOR_DIRECTORY}/credentials/oauth2.key
    monitoring:
      enabled: true
      test-interval: 10m
      health-endpoint-enabled: true

connector:
  domain: test.connector.eidas.swedenconnect.se
  base-url: https://${connector.domain}${server.servlet.context-path}
  backup-directory: ${CONNECTOR_DIRECTORY}/backup
  eu-metadata:
    location: https://test.md.eidas.swedenconnect.se/role/idp.xml
    validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
  eidas:
    credentials:
      # Use same as for IdP except for the metadata signing credential
      metadata-sign:
        pem:
          name: "Credential Metadata Signing"
          certificates: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
          private-key: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.key
  prid:
    policy-resource: file:${CONNECTOR_DIRECTORY}/prid/policy.properties
  idp:
    ping-whitelist:
      - https://test.test.swedenconnect.se/sp
        #  idm:
    # TODO: Change to true when IdM integration should be turned on
    # active: false
    # api-base-url: https://test.idm.eidas.swedenconnect.se/idm
    #service-url: https://test.idm.eidas.swedenconnect.se/idm
    #oauth2:
    #  resource-id: https://test.idm.eidas.swedenconnect.se/idm
    #  client-id: ${saml.idp.entity-id}
    #  check-scopes:
    #    - ${connector.idm.oauth2.resource-id}/idrecord_check
    #  get-scopes:
    #    - ${connector.idm.oauth2.resource-id}/idrecord_get
    #  server:
    #    issuer: ${saml.idp.entity-id}/as
    #  credential:
    #    bundle: oauth2

saml:
  idp:
    entity-id: https://test.connector.eidas.swedenconnect.se/eidas
    base-url: ${connector.base-url}
    session:
      module: memory
    replay:
      type: memory
      context: "connector-replay-cache"
    metadata-providers:
      - location: https://test.md.swedenconnect.se/role/sp.xml
        backup-location: ${connector.backup-directory}/metadata/sc-cache.xml
        validation-certificate: file:${CONNECTOR_DIRECTORY}/credentials/sctest2.crt
    credentials:
      # Use same as for IdP except for the metadata signing credential
      sign:
        bundle: connector-sign
      encrypt:
        bundle: connector-encrypt
      metadata-sign:
        bundle: connector-hsm-md-sign
      #future-sign: file:${CONNECTOR_DIRECTORY}/credentials/idp-signing.crt
    audit:
      in-memory:
        capacity: 1000
      file:
        log-file: ${CONNECTOR_DIRECTORY}/logs/audit.log

logging:
  level:
    se:
      swedenconnect:
        opensaml: DEBUG
        eidas: INFO