diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-12-18 13:02:00 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-12-18 13:02:00 +0100 |
commit | 1da87c34732751c0262bc62adbad6ae139b3bfeb (patch) | |
tree | 889271514195588fab1d842968da268e6ec254fc | |
parent | 3314af0442eba4bce469b21585a75c1a327f53b5 (diff) | |
download | moa-id-spss-1da87c34732751c0262bc62adbad6ae139b3bfeb.tar.gz moa-id-spss-1da87c34732751c0262bc62adbad6ae139b3bfeb.tar.bz2 moa-id-spss-1da87c34732751c0262bc62adbad6ae139b3bfeb.zip |
add basic eIDAS modul default configuration
-rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml | 22 | ||||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml | 98 | ||||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml | 12 | ||||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml | 14 | ||||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks | bin | 0 -> 5657 bytes | |||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/moa-id.properties | 6 |
6 files changed, 152 insertions, 0 deletions
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml new file mode 100644 index 000000000..9fef4fa2e --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SWModule encrypt with JKS.</comment> + <entry key="keystorePath">keys/eidasKeyStore.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + + <!-- Management of the encryption activation --> + <entry key="encryptionActivation">eIDAS/encryptionConf.xml</entry> + + + <entry key="responseToPointIssuer.BE">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE</entry> + <entry key="responseToPointSerialNumber.BE">54C8F779</entry> + + <!-- If not present then no decryption will be applied on response --> + <entry key="responseDecryptionIssuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry> + <entry key="serialNumber">54C8F779</entry> + + <entry key="keystoreType">JKS</entry> +</properties>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml new file mode 100644 index 000000000..2327fb0d8 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SAML constants for AuthnRequests and Responses.</comment> + + <!-- + Types of consent obtained from the user for this authentication and + data transfer. + Allow values: 'unspecified'. + --> + <entry key="consentAuthnRequest">unspecified</entry> + <!-- + Allow values: 'obtained', 'prior', 'curent-implicit', 'curent-explicit', 'unspecified'. + --> + <entry key="consentAuthnResponse">obtained</entry> + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + --> + <entry key="formatEntity">entity</entry> + + <!--Only HTTP-POST binding is only supported for inter PEPS--> + <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP--> + <entry key="protocolBinding">HTTP-POST</entry> + + <entry key="eIDSectorShare">false</entry> + <entry key="eIDCrossSectorShare">false</entry> + <entry key="eIDCrossBorderShare">false</entry> + + <!-- Attributes with require option --> + <entry key="isRequired">true</entry> + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="friendlyName">false</entry> + + <!--PEPS in the Service Provider's country--> + <entry key="requester">http://S-PEPS.gov.xx</entry> + + <!--PEPS in the citizen's origin country--> + <entry key="responder">http://C-PEPS.gov.xx</entry> + + <!--Subject cannot be confirmed on or after this seconds time (positive number)--> + <entry key="timeNotOnOrAfter">300</entry> + + <!--Validation IP of the response--> + <entry key="ipAddrValidation">false</entry> + + <!--One time use--> + <entry key="oneTimeUse">true</entry> + + <!--Subject Attribute Definitions--> + <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry> + <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry> + <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry> + <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry> + <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry> + <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry> + <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry> + <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry> + <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry> + <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry> + <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry> + <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry> + <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry> + <entry key="title">http://www.stork.gov.eu/1.0/title</entry> + <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry> + <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry> + <entry key="age">http://www.stork.gov.eu/1.0/age</entry> + <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry> + <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry> + <entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry> + <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry> + <entry key="unknown">http://www.stork.gov.eu/1.0/unknown</entry> + + + <!--Subject Attribute Definitions eidas format, natural person --> + <entry key="eidas/attributes/CurrentFamilyName">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry> + <entry key="eidas/attributes/CurrentGivenName">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry> + <entry key="eidas/attributes/DateOfBirth">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry> + <entry key="eidas/attributes/PersonIdentifier">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry> + <entry key="eidas/attributes/BirthName">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry> + <entry key="eidas/attributes/PlaceOfBirth">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry> + <entry key="eidas/attributes/CurrentAddress">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry> + <entry key="eidas/attributes/Gender">http://eidas.europa.eu/attributes/naturalperson/Gender</entry> + <!--Subject Attribute Definitions eidas format, legal person --> + <entry key="eidas/attributes/LegalPersonIdentifier">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry> + <entry key="eidas/attributes/LegalAddress">http://eidas.europa.eu/attributes/legalperson/LegalAddress</entry> + <entry key="eidas/attributes/LegalName">http://eidas.europa.eu/attributes/legalperson/LegalName</entry> + <entry key="eidas/attributes/VATRegistration">http://eidas.europa.eu/attributes/legalperson/VATRegistration</entry> + <entry key="eidas/attributes/TaxReference">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry> + <entry key="eidas/attributes/D-2012-17-EUIdentifier">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry> + <entry key="eidas/attributes/LEI">http://eidas.europa.eu/attributes/legalperson/LEI</entry> + <entry key="eidas/attributes/EORI">http://eidas.europa.eu/attributes/legalperson/EORI</entry> + <entry key="eidas/attributes/SEED">http://eidas.europa.eu/attributes/legalperson/SEED</entry> + <entry key="eidas/attributes/SIC">http://eidas.europa.eu/attributes/legalperson/SIC</entry> + +</properties>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml new file mode 100644 index 000000000..04edaf41d --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">keys/eidasKeyStore.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry> + <entry key="serialNumber">54c8f779</entry> + <entry key="keystoreType">JKS</entry> +</properties>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml new file mode 100644 index 000000000..ff8307f10 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> +<properties> + <entry key="EncryptTo.CA">false</entry> + + <entry key="EncryptTo.CB">false</entry> + + <entry key="EncryptTo.CC">false</entry> + + <entry key="EncryptTo.CD">false</entry> + + <entry key="EncryptTo.CF">false</entry> + +</properties>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks Binary files differnew file mode 100644 index 000000000..c8a28d0ae --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 49e69c561..aefc0801a 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -48,6 +48,12 @@ stork.fakeIdL.keygroup= stork.documentservice.url= +## eIDAS protocol configuration +moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml +moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml +moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml + + ##Protocol configuration## #PVP2 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 |