aboutsummaryrefslogtreecommitdiff
path: root/id/server/data/deploy/conf/moa-id/moa-id.properties
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 09:04:58 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-12-13 09:04:58 +0100
commit6bcda4bc120c743bab2296c72b22d1db0ba4ccfc (patch)
treedbb34ba3d3142ae5131ca73b2d65339ba32e9881 /id/server/data/deploy/conf/moa-id/moa-id.properties
parent38f60c2385cd47c320942fdc7c9eb158f0e320e0 (diff)
downloadmoa-id-spss-6bcda4bc120c743bab2296c72b22d1db0ba4ccfc.tar.gz
moa-id-spss-6bcda4bc120c743bab2296c72b22d1db0ba4ccfc.tar.bz2
moa-id-spss-6bcda4bc120c743bab2296c72b22d1db0ba4ccfc.zip
update configuration examples
activate MOA-ID mode in configuration module as default
Diffstat (limited to 'id/server/data/deploy/conf/moa-id/moa-id.properties')
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties137
1 files changed, 136 insertions, 1 deletions
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 414293350..926f6153b 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -18,7 +18,7 @@ configuration.moasession.key=SessionEncryptionKey
configuration.moaconfig.key=ConfigurationEncryptionKey
configuration.ssl.validation.revocation.method.order=ocsp,crl
#configuration.ssl.validation.hostname=false
-#configuration.validate.authblock.targetfriendlyname=true
+#configuration.validate.authblock.targetfriendlyname=true<
#MOA-ID 3.x Monitoring Servlet
@@ -31,6 +31,25 @@ configuration.advancedlogging.active=false
######################## Externe Services ############################################
+######## Online mandates webservice (MIS) ########
+service.onlinemandates.acceptedServerCertificates=
+service.onlinemandates.clientKeyStore=keys/....
+service.onlinemandates.clientKeyStorePassword=
+
+######## central eIDAS-node connector module ##########
+modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+modules.eidascentralauth.keystore.password=password
+modules.eidascentralauth.metadata.sign.alias=pvp_metadata
+modules.eidascentralauth.metadata.sign.password=password
+modules.eidascentralauth.request.sign.alias=pvp_assertion
+modules.eidascentralauth.request.sign.password=password
+modules.eidascentralauth.response.encryption.alias=pvp_assertion
+modules.eidascentralauth.response.encryption.password=password
+modules.eidascentralauth.node.trustprofileID=centralnode_metadata
+
+#modules.eidascentralauth.semper.mandates.active=false
+#modules.eidascentralauth.semper.msproxy.list=
+
######## central E-ID System connector module ##########
modules.eidproxyauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
modules.eidproxyauth.keystore.password=password
@@ -45,6 +64,26 @@ modules.eidproxyauth.EID.trustprofileID=eid_metadata
#modules.eidproxyauth.EID.entityId=https://eid.egiz.gv.at/idp/shibboleth
#modules.eidproxyauth.EID.metadataUrl=
+######################## Protokolle am IDP ############################################
+
+##Protocol configuration##
+#PVP2
+protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+protocols.pvp2.idp.ks.kspassword=password
+protocols.pvp2.idp.ks.metadata.alias=pvp_metadata
+protocols.pvp2.idp.ks.metadata.keypassword=password
+protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
+protocols.pvp2.idp.ks.assertion.sign.keypassword=password
+protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+protocols.pvp2.metadata.entitycategories.active=false
+
+#OpenID connect (OAuth)
+protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+protocols.oauth20.jwt.ks.password=password
+protocols.oauth20.jwt.ks.key.name=oauth
+protocols.oauth20.jwt.ks.key.password=password
+
######################## Datenbankkonfiguration ############################################
configuration.database.byteBasedValues=false
@@ -134,6 +173,63 @@ advancedlogging.dbcp.validationQuery=select 1
## The configuration of this modules is only needed if this modules are in use. #
###################################################################################
+######## SL2.0 authentication module ########
+modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2
+modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2
+modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2
+modules.sl20.security.keystore.path=keys/sl20.jks
+modules.sl20.security.keystore.password=password
+modules.sl20.security.sign.alias=signing
+modules.sl20.security.sign.password=password
+modules.sl20.security.encryption.alias=encryption
+modules.sl20.security.encryption.password=password
+modules.sl20.vda.authblock.id=default
+modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC
+modules.sl20.security.eID.validation.disable=false
+modules.sl20.security.eID.signed.result.required=true
+modules.sl20.security.eID.encryption.enabled=true
+modules.sl20.security.eID.encryption.required=true
+
+######## user-restriction ##########
+configuration.restrictions.sp.entityIds=
+configuration.restrictions.sp.users.url=
+configuration.restrictions.sp.users.sector=
+
+####### Direkte Fremd-bPK Berechnung ########
+configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx
+
+######## eIDAS protocol configuration ########
+######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ########
+moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
+moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
+moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
+moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata
+moa.id.protocols.eIDAS.node.country=Austria
+moa.id.protocols.eIDAS.node.countrycode=AT
+moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high
+
+######## HBV Mandate-Service client module ########
+modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH
+modules.elga_mandate.service.metadata.trustprofileID=
+modules.elga_mandate.service.mandateprofiles=
+modules.elga_mandate.keystore.path=keys/moa_idp[password].p12
+modules.elga_mandate.keystore.password=password
+modules.elga_mandate.metadata.sign.alias=pvp_metadata
+modules.elga_mandate.metadata.sign.password=password
+modules.elga_mandate.request.sign.alias=pvp_assertion
+modules.elga_mandate.request.sign.password=password
+modules.elga_mandate.response.encryption.alias=pvp_assertion
+modules.elga_mandate.response.encryption.password=password
+
+######## SSO Interfederation client module ########
+modules.federatedAuth.keystore.path=keys/moa_idp[password].p12
+modules.federatedAuth.keystore.password=password
+modules.federatedAuth.metadata.sign.alias=pvp_metadata
+modules.federatedAuth.metadata.sign.password=password
+modules.federatedAuth.request.sign.alias=pvp_assertion
+modules.federatedAuth.request.sign.password=password
+modules.federatedAuth.response.encryption.alias=pvp_assertion
+modules.federatedAuth.response.encryption.password=password
######## Redis Settings, if Redis is used as a backend for session data.
# has to be enabled with the following parameter
@@ -141,3 +237,42 @@ advancedlogging.dbcp.validationQuery=select 1
redis.use-pool=true
redis.host-name=localhost
redis.port=6379
+
+################SZR Client configuration####################################
+## The SZR client is only required if MOA-ID-Auth should be
+## use as STORK <-> PVP Gateway.
+########
+service.egovutil.szr.test=true
+service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR
+service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR
+service.egovutil.szr.token.version=1.8
+service.egovutil.szr.token.participantid=
+service.egovutil.szr.token.gvoudomain=
+service.egovutil.szr.token.userid=
+service.egovutil.szr.token.cn=
+service.egovutil.szr.token.gvouid=
+service.egovutil.szr.token.ou=
+service.egovutil.szr.token.gvsecclass=
+service.egovutil.szr.token.gvfunction=
+service.egovutil.szr.token.gvgid=
+service.egovutil.szr.roles=
+service.egovutil.szr.ssl.keystore.file=
+service.egovutil.szr.ssl.keystore.password=
+service.egovutil.szr.ssl.keystore.type=
+service.egovutil.szr.ssl.truststore.file=
+service.egovutil.szr.ssl.truststore.password=
+service.egovutil.szr.ssl.truststore.type=
+service.egovutil.szr.ssl.trustall=false
+service.egovutil.szr.ssl.laxhostnameverification=false
+
+
+################ Encrypted foreign bPK generation ####################################
+## This demo-extension enables encrypted bPK generation on MOA-ID-Auth side.
+## If you like to use this feature, the public key for encryption has to be added
+## as X509 certificate in Base64 encoded from. The selection will be done on sector
+## identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in
+## PVP Attribute Profie 2.1.2)
+## Additonal encryption keys can be added by add a ney configuration line, like
+## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1')
+########
+#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... \ No newline at end of file