aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2021-01-20 14:32:37 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2021-01-20 15:08:11 +0100
commit2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 (patch)
treeb6086edb423abb9ecf9125ded79eaebcdb0a9376
parent58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa (diff)
downloadNational_eIDAS_Gateway-2fabf6cfdc78fceac1302d45c88d08214fe4e9e3.tar.gz
National_eIDAS_Gateway-2fabf6cfdc78fceac1302d45c88d08214fe4e9e3.tar.bz2
National_eIDAS_Gateway-2fabf6cfdc78fceac1302d45c88d08214fe4e9e3.zip
add README.md, release and update informations, and full handbook
-rw-r--r--README.md112
-rw-r--r--basicConfig/default_config.properties1
-rw-r--r--connector/src/assembly/assembly_dir.xml2
-rw-r--r--connector/src/assembly/assembly_zip.xml3
-rw-r--r--connector/src/main/resources/application.properties20
-rw-r--r--infos/handbook-work_in_progress.docxbin0 -> 44486 bytes
-rw-r--r--infos/readme_1.2.0.md59
7 files changed, 183 insertions, 14 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 00000000..e0914598
--- /dev/null
+++ b/README.md
@@ -0,0 +1,112 @@
+# Member-state specific eIDAS Application
+
+## Description
+
+The member-state specific eIDAS application (ms-specific eIDAS) implements the bridge between the eIDAS reference implementation provides by European commission and the national eID system. This application consists of two parts
+
+- **MS-specific Connector:** implements the bridge to connect a national service-provider to a foreign idenity-provider.
+
+- **MS-specific Proxy-Service:** implements the bridge to connect a foreign service-provider to national eID system (ID Austria). This feature is not implemented yet.
+
+
+
+### Building
+
+The application uses SpringBoot as core framework, but the default build-profile does not build an executable jar. There, the application has to be deployed into an application service, like Apache Tomcat
+
+The project can be build with :
+
+```
+mvn clean package
+```
+
+The resulting `war` file can be deployed into an application server
+
+Set Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ to set the configuration for this application
+
+
+
+If you like to build an executable SpringBoot application with embedded Tomcat then use:
+
+```
+mvn -P embbededTomcat clean package
+```
+
+The resulting `jar` file can be run with java:
+
+```
+java -jar ./connector/target/ms-connector.jar
+```
+
+But it is also directly executalbe
+
+```
+./connector/target/ms-connector.jar
+```
+
+In case of a executable application package, the configuration can be either set by Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ or by default SpringBoot configuration features.
+
+
+
+### Configuration
+
+A default configuration is located at _basicConfig/_
+
+
+
+## Generate a BM.I Release Package
+
+The full release packages for BM.I infrastructure will be automatically assembled by maven build-process. Before release build, all release related information have to added into infos folder. To add release informations follow the steps outlined below.
+
+Add a file with release informations to:
+```
+./infos/readme_{version}.txt
+```
+
+Add additional eIDAS Node related information into:
+
+```
+./infos/eIDAS_Ref_Impl/
+```
+
+Add, remove, or update the application description in the handbook and store the handbook for the current release version as pdf.
+
+```
+modify: ./infos/handbook-work_in_progress.docx
+store pdf to: ./infos/handbook/handbook-{version}.pdf
+```
+
+Generate a release package with:
+
+
+```
+mvn clean package
+```
+
+The full release package will be located add
+```
+./target/ms_specific_connector-{version}-dist.tar.gz
+```
+
+
+
+## Changelog
+
+**v1.2.0**
+
+- Anpassungen zur Anbindungen an das E-ID System
+- Update auf eIDAS Ref. Impl. 2.5.0 mit Apache Ignite Cache
+ https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5
+- TODO:
+
+
+
+**v1.1.0**
+
+ - Update auf eIDAS Ref. Impl. 2.4.0 mit Apache Ignite Cache
+ https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.4
+ - Statischer Service-Provider Name für öffentliche Applikationen
+ - Mindest LoA, welche für Requests an eIDAS Proxy-Services verwendet wird.
+ - Requested Attributes je Land konfigurierbar
+ - Neue Template-Engine mit i18n Unterstützung
+ - Neuer Algorithmus zur Generierung von Sessiontokens \ No newline at end of file
diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties
index ad883284..725fac7c 100644
--- a/basicConfig/default_config.properties
+++ b/basicConfig/default_config.properties
@@ -1,6 +1,5 @@
## Basic service configuration
eidas.ms.context.url.prefix=
-eidas.ms.context.url.request.validation=false
eidas.ms.core.configRootDir=file:./
diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml
index 37e05390..59437be6 100644
--- a/connector/src/assembly/assembly_dir.xml
+++ b/connector/src/assembly/assembly_dir.xml
@@ -43,7 +43,9 @@
<includes>
<!-- include>README.md</include-->
<include>readme_${project.version}.txt</include>
+ <include>readme_${project.version}.md</include>
<include>eIDAS_Ref_Impl/*</include>
+ <include>handbook/*</include>
</includes>
</fileSet>
</fileSets>
diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml
index 579da2e1..43877283 100644
--- a/connector/src/assembly/assembly_zip.xml
+++ b/connector/src/assembly/assembly_zip.xml
@@ -43,6 +43,9 @@
<includes>
<!-- include>README.md</include -->
<include>readme_${project.version}.txt</include>
+ <include>readme_${project.version}.md</include>
+ <include>eIDAS_Ref_Impl/*</include>
+ <include>handbook/*</include>
</includes>
</fileSet>
</fileSets>
diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties
index b92102ed..9a4ae54f 100644
--- a/connector/src/main/resources/application.properties
+++ b/connector/src/main/resources/application.properties
@@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false
#############################################################################
## MS-speccific eIDAS-Connector configuration
-#proxy.context.url.prefix=
+#eidas.ms.context.url.prefix=
eidas.ms.context.url.request.validation=false
-#proxy.configRootDir=file:/.../config/
+#eidas.ms.configRootDir=file:/.../config/
eidas.ms.context.use.clustermode=true
eidas.ms.core.logging.level.info.errorcodes=auth.21
@@ -51,8 +51,7 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector
#eidas.ms.auth.eIDAS.node_v2.forward.endpoint=
eidas.ms.auth.eIDAS.node_v2.forward.method=POST
eidas.ms.auth.eIDAS.node_v2.countrycode=AT
-#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.*
-eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.*
+eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.*
## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate
eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true
@@ -106,9 +105,6 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false
eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false
-
-
-
##without mandates
eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true
eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true
@@ -137,7 +133,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
#eidas.ms.pvp2.key.metadata.password=password
#eidas.ms.pvp2.key.signing.alias=sig
#eidas.ms.pvp2.key.signing.password=password
-#eidas.ms.pvp2.metadata.validity=24
+eidas.ms.pvp2.metadata.validity=24
#eidas.ms.pvp2.metadata.organisation.name=JUnit
#eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit
@@ -158,8 +154,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true
##only for advanced config
-eidas.ms.configuration.sp.disableRegistrationRequirement=
-#eidas.ms.configuration.restrictions.baseID.spTransmission=
-eidas.ms.configuration.auth.default.countrycode=
-eidas.ms.configuration.pvp.scheme.validation=
-eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file
+eidas.ms.configuration.sp.disableRegistrationRequirement=false
+eidas.ms.configuration.pvp.scheme.validation=true
+eidas.ms.configuration.pvp.enable.entitycategories=false \ No newline at end of file
diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx
new file mode 100644
index 00000000..d311fa80
--- /dev/null
+++ b/infos/handbook-work_in_progress.docx
Binary files differ
diff --git a/infos/readme_1.2.0.md b/infos/readme_1.2.0.md
new file mode 100644
index 00000000..98e18ccb
--- /dev/null
+++ b/infos/readme_1.2.0.md
@@ -0,0 +1,59 @@
+# MS-Connector v1.2.0 Release vom xx.xx.2021
+
+Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen.
+
+### Änderungen in dieser Version
+
+ - Erforderliche Anpassungen zur Integration in den ID Austria
+
+ - Update auf eIDAS Ref. Impl. 2.5.0 (Implementiert eIDAS Spezifikation 1.2)
+ https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5
+
+ - Codestabilisierung
+
+ - Monitoring und HealthChecks Verbesserungen
+
+ - Akutalisierung von Drittherstellerbibliotheken
+
+
+
+
+### Durchführen eines Updates
+
+Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.0. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_
+
+### Ausgehend von einer bestehenden Version 1.1.0
+
+1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an
+2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.0-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird.
+3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers
+4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie **hier**.
+5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde
+
+ * __MsConnectorPackage__/config/templates/error_message.html
+6. Erstellung neuer Dateien
+ - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll.
+7. Neue Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.configRootDir```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.type```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.path```
+ - ```eidas.ms.auth.eIDAS.authblock.keystore.password```
+ - ```eidas.ms.auth.eIDAS.authblock.key.alias```
+ - ```eidas.ms.auth.eIDAS.authblock.key.password```
+ - *Service-Provider Konfiguration Konfiguration*
+ - ```eidas.ms.sp.x.newEidMode```
+8. Gelöschte Konfigurationsparameter
+
+ - ```authhandler.modules.bindingservice.bpk.target```
+9. Neue optionale Konfigurationsparameter
+ - *Allgemeine Konfiguration*
+ - ```eidas.ms.core.logging.level.info.errorcodes```
+ - *eIDAS Node Kommunikation*
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll```
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+ * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm```
+ - *ID Austria Umsetzung*
+ - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject```