aboutsummaryrefslogtreecommitdiff
path: root/id.server/data/deploy
diff options
context:
space:
mode:
authorrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
committerrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2003-10-24 08:34:56 +0000
commitdd45e938564249a5e6897bd92dd29808d8990868 (patch)
tree372d8a4b128cff09262ad09d6a4cf5765d672d61 /id.server/data/deploy
parent59f78a67d7357fd31de68fc2b623f95b3d654ebc (diff)
downloadmoa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.gz
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.bz2
moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.zip
MOA-ID version 1.1 (initial)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/data/deploy')
-rw-r--r--id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml81
-rw-r--r--id.server/data/deploy/conf/moa-id/log4j.properties22
-rw-r--r--id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml10
-rw-r--r--id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml63
-rw-r--r--id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml14
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8Fbin0 -> 861 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733bin0 -> 864 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6bin0 -> 860 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92bin0 -> 1110 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml19
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cerbin0 -> 1110 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cerbin0 -> 864 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cerbin0 -> 861 bytes
-rw-r--r--id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cerbin0 -> 860 bytes
-rw-r--r--id.server/data/deploy/tomcat/moa-id-env.bat1
-rw-r--r--id.server/data/deploy/tomcat/moa-id-env.sh1
-rw-r--r--id.server/data/deploy/tomcat/server.mod_jk.xml201
-rw-r--r--id.server/data/deploy/tomcat/server.xml157
-rw-r--r--id.server/data/deploy/tomcat/uriworkermap.properties7
-rw-r--r--id.server/data/deploy/tomcat/workers.properties6
20 files changed, 582 insertions, 0 deletions
diff --git a/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
new file mode 100644
index 000000000..ec6203326
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- für MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLComplete">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/auswahl">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-- Transformationen für die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <TransformsInfo filename="file:conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP über Web Service angesprochen wird -->
+ <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ <!-- TrustProfile für den IdentityLink der Bürgerkarte;
+ muss in MOA-SP konfiguriert sein -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID>
+ </VerifyIdentityLink>
+ <VerifyAuthBlock>
+ <!-- TrustProfile für die Signatur des AUTH-Blocks der Bürgerkarte;
+ muss in MOA-SP konfiguriert sein -->
+ <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige der Anmeldedaten im Secure Viewer;
+ muss in MOA-SP konfiguriert sein -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+ <!-- Gültige Signatoren des IdentityLink, der von der Bürgerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+ <!-- für MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="https://localhost:8443/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+ <!-- Eintrag für jede Online-Applikation -->
+ <OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/">
+ <!-- für MOA-ID-AUTH -->
+ <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+ <!-- für MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://localhost:8080/oa/">
+ <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+ <!-- ChainingModes für die Zertifikatspfadüberprüfung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
+ <!-- für MOA-ID-AUTH: Rootzertifikate des Servers MOA-SP, falls über HTTPS angesprochen -->
+ <!-- für MOA-ID-PROXY: Rootzertifikate des Servers MOA-ID-AUTH, falls über HTTPS angesprochen,
+ und aller Online-Applikationen, die über HTTPS angesprochen werden -->
+ <TrustedCACertificates>file:conf/moa-id/certs/ca-certs</TrustedCACertificates>
+ <!-- Cache-Verzeichnis für-Zertifikate -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="conf/moa-id/certs/certstore"/>
+ <!-- Time-Out für die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out für die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/deploy/conf/moa-id/log4j.properties b/id.server/data/deploy/conf/moa-id/log4j.properties
new file mode 100644
index 000000000..eada826da
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/log4j.properties
@@ -0,0 +1,22 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.logger.moa.id.auth=info
+log4j.logger.moa.id.proxy=info
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
+# configure the rolling file appender (R)
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=logs/moa-id.log
+log4j.appender.R.MaxFileSize=10000KB
+log4j.appender.R.MaxBackupIndex=1
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
diff --git a/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
new file mode 100644
index 000000000..13d99f1c1
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)-->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
new file mode 100644
index 000000000..541089ccb
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -0,0 +1,63 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+ <table border="1">
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Zeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
new file mode 100644
index 000000000..900f41252
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#">
+ <!-- Standardnamen für Kanonisierungs- und Digest-Algorithmus -->
+ <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <!-- Cache-Verzeichnis für Zertifikate;
+ muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certstore"/>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige des AUTH-Block im Secure Viewer -->
+ <VerifyTransformsInfoProfile id="MOAIDTransformAuthBlock" filename="profiles/MOAIDTransformAuthBlock.xml"/>
+ <!-- TrustProfile für den IdentityLink der Bürgerkarte;
+ muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten -->
+ <TrustProfile id="MOAIDBuergerkarteRoot" uri="trustprofiles/MOAIDBuergerkarteRoot"/>
+</MOAConfiguration>
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
new file mode 100644
index 000000000..1d1a610b7
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+<html>
+<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+<table border="1">
+<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr>
+<tr><td><b>Zeit:</b></td><td><xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr>
+<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr>
+<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr>
+</table>
+</body>
+</html>
+</xsl:template>
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer
Binary files differ
diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer
Binary files differ
diff --git a/id.server/data/deploy/tomcat/moa-id-env.bat b/id.server/data/deploy/tomcat/moa-id-env.bat
new file mode 100644
index 000000000..319d18f88
--- /dev/null
+++ b/id.server/data/deploy/tomcat/moa-id-env.bat
@@ -0,0 +1 @@
+set CATALINA_OPTS=-Dmoa.id.configuration=%CATALINA_HOME%\conf\moa-id\SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=%CATALINA_HOME%\conf\moa-spss\SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:%CATALINA_HOME%\conf\moa-id\log4j.properties
diff --git a/id.server/data/deploy/tomcat/moa-id-env.sh b/id.server/data/deploy/tomcat/moa-id-env.sh
new file mode 100644
index 000000000..9acfe56c0
--- /dev/null
+++ b/id.server/data/deploy/tomcat/moa-id-env.sh
@@ -0,0 +1 @@
+export CATALINA_OPTS="-Dmoa.id.configuration=$CATALINA_HOME/conf/moa-id/SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=$CATALINA_HOME/conf/moa-spss/SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:$CATALINA_HOME/conf/moa-id/log4j.properties"
diff --git a/id.server/data/deploy/tomcat/server.mod_jk.xml b/id.server/data/deploy/tomcat/server.mod_jk.xml
new file mode 100644
index 000000000..61100b260
--- /dev/null
+++ b/id.server/data/deploy/tomcat/server.mod_jk.xml
@@ -0,0 +1,201 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+<!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443"
+ acceptCount="10" debug="0" connectionTimeout="0"
+ useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common"/>
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true"
+ acceptCount="10" debug="0"/>
+
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+
+ </Engine>
+
+ </Service>
+
+</Server>
+
diff --git a/id.server/data/deploy/tomcat/server.xml b/id.server/data/deploy/tomcat/server.xml
new file mode 100644
index 000000000..c99136fa2
--- /dev/null
+++ b/id.server/data/deploy/tomcat/server.xml
@@ -0,0 +1,157 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true"/>
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to -1 -->
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8443" minProcessors="5" maxProcessors="75"
+ enableLookups="uri"
+ acceptCount="100" debug="0" scheme="https" secure="true"
+ useURIValidationHack="false" disableUploadTimeout="true">
+ <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
+ clientAuth="false" protocol="TLS"/>
+ </Connector>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector" port="8008" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine" name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger" prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ </Engine>
+ </Service>
+</Server>
diff --git a/id.server/data/deploy/tomcat/uriworkermap.properties b/id.server/data/deploy/tomcat/uriworkermap.properties
new file mode 100644
index 000000000..daf0dca1a
--- /dev/null
+++ b/id.server/data/deploy/tomcat/uriworkermap.properties
@@ -0,0 +1,7 @@
+# a sample mod_jk uriworkermap.properties file for mapping
+# MOA-ID-AUTH and MOA-ID-PROXY web service requests to workers
+#
+# omit the mappings you don't need
+
+/moa-id-auth/*=moaworker
+/moa-id-proxy/*=moaworker \ No newline at end of file
diff --git a/id.server/data/deploy/tomcat/workers.properties b/id.server/data/deploy/tomcat/workers.properties
new file mode 100644
index 000000000..9350ddc77
--- /dev/null
+++ b/id.server/data/deploy/tomcat/workers.properties
@@ -0,0 +1,6 @@
+# a sample workers.properties file defining a single mod_jk worker
+
+worker.list=moaworker
+worker.moaworker.type=ajp13
+worker.moaworker.host=localhost
+worker.moaworker.port=8009