diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-01-20 14:32:37 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-01-20 15:08:11 +0100 |
commit | 2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 (patch) | |
tree | b6086edb423abb9ecf9125ded79eaebcdb0a9376 | |
parent | 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa (diff) | |
download | National_eIDAS_Gateway-2fabf6cfdc78fceac1302d45c88d08214fe4e9e3.tar.gz National_eIDAS_Gateway-2fabf6cfdc78fceac1302d45c88d08214fe4e9e3.tar.bz2 National_eIDAS_Gateway-2fabf6cfdc78fceac1302d45c88d08214fe4e9e3.zip |
add README.md, release and update informations, and full handbook
-rw-r--r-- | README.md | 112 | ||||
-rw-r--r-- | basicConfig/default_config.properties | 1 | ||||
-rw-r--r-- | connector/src/assembly/assembly_dir.xml | 2 | ||||
-rw-r--r-- | connector/src/assembly/assembly_zip.xml | 3 | ||||
-rw-r--r-- | connector/src/main/resources/application.properties | 20 | ||||
-rw-r--r-- | infos/handbook-work_in_progress.docx | bin | 0 -> 44486 bytes | |||
-rw-r--r-- | infos/readme_1.2.0.md | 59 |
7 files changed, 183 insertions, 14 deletions
diff --git a/README.md b/README.md new file mode 100644 index 00000000..e0914598 --- /dev/null +++ b/README.md @@ -0,0 +1,112 @@ +# Member-state specific eIDAS Application + +## Description + +The member-state specific eIDAS application (ms-specific eIDAS) implements the bridge between the eIDAS reference implementation provides by European commission and the national eID system. This application consists of two parts + +- **MS-specific Connector:** implements the bridge to connect a national service-provider to a foreign idenity-provider. + +- **MS-specific Proxy-Service:** implements the bridge to connect a foreign service-provider to national eID system (ID Austria). This feature is not implemented yet. + + + +### Building + +The application uses SpringBoot as core framework, but the default build-profile does not build an executable jar. There, the application has to be deployed into an application service, like Apache Tomcat + +The project can be build with : + +``` +mvn clean package +``` + +The resulting `war` file can be deployed into an application server + +Set Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ to set the configuration for this application + + + +If you like to build an executable SpringBoot application with embedded Tomcat then use: + +``` +mvn -P embbededTomcat clean package +``` + +The resulting `jar` file can be run with java: + +``` +java -jar ./connector/target/ms-connector.jar +``` + +But it is also directly executalbe + +``` +./connector/target/ms-connector.jar +``` + +In case of a executable application package, the configuration can be either set by Java System-Property _-Deidas.ms.configuration=/path/to/configuration..._ or by default SpringBoot configuration features. + + + +### Configuration + +A default configuration is located at _basicConfig/_ + + + +## Generate a BM.I Release Package + +The full release packages for BM.I infrastructure will be automatically assembled by maven build-process. Before release build, all release related information have to added into infos folder. To add release informations follow the steps outlined below. + +Add a file with release informations to: +``` +./infos/readme_{version}.txt +``` + +Add additional eIDAS Node related information into: + +``` +./infos/eIDAS_Ref_Impl/ +``` + +Add, remove, or update the application description in the handbook and store the handbook for the current release version as pdf. + +``` +modify: ./infos/handbook-work_in_progress.docx +store pdf to: ./infos/handbook/handbook-{version}.pdf +``` + +Generate a release package with: + + +``` +mvn clean package +``` + +The full release package will be located add +``` +./target/ms_specific_connector-{version}-dist.tar.gz +``` + + + +## Changelog + +**v1.2.0** + +- Anpassungen zur Anbindungen an das E-ID System +- Update auf eIDAS Ref. Impl. 2.5.0 mit Apache Ignite Cache + https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5 +- TODO: + + + +**v1.1.0** + + - Update auf eIDAS Ref. Impl. 2.4.0 mit Apache Ignite Cache + https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.4 + - Statischer Service-Provider Name für öffentliche Applikationen + - Mindest LoA, welche für Requests an eIDAS Proxy-Services verwendet wird. + - Requested Attributes je Land konfigurierbar + - Neue Template-Engine mit i18n Unterstützung + - Neuer Algorithmus zur Generierung von Sessiontokens
\ No newline at end of file diff --git a/basicConfig/default_config.properties b/basicConfig/default_config.properties index ad883284..725fac7c 100644 --- a/basicConfig/default_config.properties +++ b/basicConfig/default_config.properties @@ -1,6 +1,5 @@ ## Basic service configuration eidas.ms.context.url.prefix= -eidas.ms.context.url.request.validation=false eidas.ms.core.configRootDir=file:./ diff --git a/connector/src/assembly/assembly_dir.xml b/connector/src/assembly/assembly_dir.xml index 37e05390..59437be6 100644 --- a/connector/src/assembly/assembly_dir.xml +++ b/connector/src/assembly/assembly_dir.xml @@ -43,7 +43,9 @@ <includes> <!-- include>README.md</include--> <include>readme_${project.version}.txt</include> + <include>readme_${project.version}.md</include> <include>eIDAS_Ref_Impl/*</include> + <include>handbook/*</include> </includes> </fileSet> </fileSets> diff --git a/connector/src/assembly/assembly_zip.xml b/connector/src/assembly/assembly_zip.xml index 579da2e1..43877283 100644 --- a/connector/src/assembly/assembly_zip.xml +++ b/connector/src/assembly/assembly_zip.xml @@ -43,6 +43,9 @@ <includes> <!-- include>README.md</include --> <include>readme_${project.version}.txt</include> + <include>readme_${project.version}.md</include> + <include>eIDAS_Ref_Impl/*</include> + <include>handbook/*</include> </includes> </fileSet> </fileSets> diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b92102ed..9a4ae54f 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false ############################################################################# ## MS-speccific eIDAS-Connector configuration -#proxy.context.url.prefix= +#eidas.ms.context.url.prefix= eidas.ms.context.url.request.validation=false -#proxy.configRootDir=file:/.../config/ +#eidas.ms.configRootDir=file:/.../config/ eidas.ms.context.use.clustermode=true eidas.ms.core.logging.level.info.errorcodes=auth.21 @@ -51,8 +51,7 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT -#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* -eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* ## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true @@ -106,9 +105,6 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false - - - ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true @@ -137,7 +133,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true #eidas.ms.pvp2.key.metadata.password=password #eidas.ms.pvp2.key.signing.alias=sig #eidas.ms.pvp2.key.signing.password=password -#eidas.ms.pvp2.metadata.validity=24 +eidas.ms.pvp2.metadata.validity=24 #eidas.ms.pvp2.metadata.organisation.name=JUnit #eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit @@ -158,8 +154,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true ##only for advanced config -eidas.ms.configuration.sp.disableRegistrationRequirement= -#eidas.ms.configuration.restrictions.baseID.spTransmission= -eidas.ms.configuration.auth.default.countrycode= -eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file +eidas.ms.configuration.sp.disableRegistrationRequirement=false +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false
\ No newline at end of file diff --git a/infos/handbook-work_in_progress.docx b/infos/handbook-work_in_progress.docx Binary files differnew file mode 100644 index 00000000..d311fa80 --- /dev/null +++ b/infos/handbook-work_in_progress.docx diff --git a/infos/readme_1.2.0.md b/infos/readme_1.2.0.md new file mode 100644 index 00000000..98e18ccb --- /dev/null +++ b/infos/readme_1.2.0.md @@ -0,0 +1,59 @@ +# MS-Connector v1.2.0 Release vom xx.xx.2021 + +Der MS-Connector implementiert eine Bridge zwischen dem österreichischen E-ID System und dem eIDAS Framework um ausländischen Benutzern eine Anmeldung am österreichischen Service-Providern zu ermöglichen. + +### Änderungen in dieser Version + + - Erforderliche Anpassungen zur Integration in den ID Austria + + - Update auf eIDAS Ref. Impl. 2.5.0 (Implementiert eIDAS Spezifikation 1.2) + https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS-Node+version+2.5 + + - Codestabilisierung + + - Monitoring und HealthChecks Verbesserungen + + - Akutalisierung von Drittherstellerbibliotheken + + + + +### Durchführen eines Updates + +Nachfolgend finden Sie die erforderlichen Schritte für das Update eines bestehenden MS-specific eIDAS Connectors auf die aktuelle Version 1.2.0. Das vollständige Handbuch mit allen Konfigurationsparametern finden Sie im Releasepackage im Verzeichnis: _infos/handbook/_ + +### Ausgehend von einer bestehenden Version 1.1.0 + +1. Stoppen Sie die *MS-Connector* Applikation und fertigen Sie eine Sicherungskopie Ihrer Applikation inklusive Konfiguration an +2. Entpacken Sie das Releasepacket *ms_specific_connector-1.2.0-dist.zip* in ein temporäres Verzeichnis welches in weiterer Folge __MsConnectorPackage__ bezeichnet wird. +3. Kopieren sie die Applikation __MsConnectorPackage__/ms_connector.war nach in das Applikationsverzeichnis ihres Applikationsservers +4. Mit der Version 1.2.0 wurde die Konfiguration eine eine Minimalkonfiguration [`default_config.properties`](./../config/default_config.properties) und eine in den MS-Connectorintegrierte Defaultkonfiguration aufgteilt. Die nachfolgende Aufzählung umfasst die neuen oder geänderten Konfigurationsparameter, beschreibt jedoch keine Aufteilung einer bestehenden Konfiguration in Minimal- und Defaultteil. Eine vollständige Beschreibung aller Konfigurationswerte finden Sie **hier**. +5. Update bestehender Dateien . Die nachfolgenden Dateien wurden geändert und erfordern eine Anpassung oder eine Übernahme dem Releasepacket, sofern die Anpassung nicht bereits durchgeführt wurde + + * __MsConnectorPackage__/config/templates/error_message.html +6. Erstellung neuer Dateien + - _KeyStore für ID Austria AuthBlock:_ Erstellen eines KeyStore mit mit öffentlichem und privaten Schlüssel welcher für die JWS Signature des technischen ID Austria AuthBlocks verwendet werden soll. +7. Neue Konfigurationsparameter + - *Allgemeine Konfiguration* + - ```eidas.ms.core.configRootDir``` + - *ID Austria Umsetzung* + - ```eidas.ms.auth.eIDAS.authblock.keystore.type``` + - ```eidas.ms.auth.eIDAS.authblock.keystore.path``` + - ```eidas.ms.auth.eIDAS.authblock.keystore.password``` + - ```eidas.ms.auth.eIDAS.authblock.key.alias``` + - ```eidas.ms.auth.eIDAS.authblock.key.password``` + - *Service-Provider Konfiguration Konfiguration* + - ```eidas.ms.sp.x.newEidMode``` +8. Gelöschte Konfigurationsparameter + + - ```authhandler.modules.bindingservice.bpk.target``` +9. Neue optionale Konfigurationsparameter + - *Allgemeine Konfiguration* + - ```eidas.ms.core.logging.level.info.errorcodes``` + - *eIDAS Node Kommunikation* + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll``` + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` + * ```eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm``` + - *ID Austria Umsetzung* + - ```eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject``` |