From 58b3c1c2d7a27775af8c0b7c9d12dea08aa575fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Jan 2021 10:37:45 +0100 Subject: build 'requesterId' for private-sector SP's based on hashed unique AppIds set 'requesterId' and 'providerName' to static value for any type of SP --- connector/src/main/resources/application.properties | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'connector/src/main/resources') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b13b6c18..b92102ed 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -51,10 +51,23 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT +#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* -eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true + +## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true -eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true + +## use hashed version of unique SP-Identifier as requesterId +eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm=true + +## user static requesterId for all SP's in case of LU +eidas.ms.auth.eIDAS.node_v2.requesterId.lu.useStaticRequesterForAll=true + + +## set provider name for all public SPs +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=false + + eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high @@ -92,6 +105,10 @@ eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + + + + ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true -- cgit v1.2.3 From 2fabf6cfdc78fceac1302d45c88d08214fe4e9e3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 20 Jan 2021 14:32:37 +0100 Subject: add README.md, release and update informations, and full handbook --- connector/src/main/resources/application.properties | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) (limited to 'connector/src/main/resources') diff --git a/connector/src/main/resources/application.properties b/connector/src/main/resources/application.properties index b92102ed..9a4ae54f 100644 --- a/connector/src/main/resources/application.properties +++ b/connector/src/main/resources/application.properties @@ -17,9 +17,9 @@ spring.boot.admin.client.enabled=false ############################################################################# ## MS-speccific eIDAS-Connector configuration -#proxy.context.url.prefix= +#eidas.ms.context.url.prefix= eidas.ms.context.url.request.validation=false -#proxy.configRootDir=file:/.../config/ +#eidas.ms.configRootDir=file:/.../config/ eidas.ms.context.use.clustermode=true eidas.ms.core.logging.level.info.errorcodes=auth.21 @@ -51,8 +51,7 @@ eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector #eidas.ms.auth.eIDAS.node_v2.forward.endpoint= eidas.ms.auth.eIDAS.node_v2.forward.method=POST eidas.ms.auth.eIDAS.node_v2.countrycode=AT -#eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* -eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=urn:publicid:gv.at:cdid\+.* ## use SAML2 requestId as transactionIdentifier to mitigate problems with SAML2 relaystate eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true @@ -106,9 +105,6 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=false eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false - - - ##without mandates eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true @@ -137,7 +133,7 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true #eidas.ms.pvp2.key.metadata.password=password #eidas.ms.pvp2.key.signing.alias=sig #eidas.ms.pvp2.key.signing.password=password -#eidas.ms.pvp2.metadata.validity=24 +eidas.ms.pvp2.metadata.validity=24 #eidas.ms.pvp2.metadata.organisation.name=JUnit #eidas.ms.pvp2.metadata.organisation.friendyname=For testing with jUnit @@ -158,8 +154,6 @@ eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true ##only for advanced config -eidas.ms.configuration.sp.disableRegistrationRequirement= -#eidas.ms.configuration.restrictions.baseID.spTransmission= -eidas.ms.configuration.auth.default.countrycode= -eidas.ms.configuration.pvp.scheme.validation= -eidas.ms.configuration.pvp.enable.entitycategories= \ No newline at end of file +eidas.ms.configuration.sp.disableRegistrationRequirement=false +eidas.ms.configuration.pvp.scheme.validation=true +eidas.ms.configuration.pvp.enable.entitycategories=false \ No newline at end of file -- cgit v1.2.3