diff options
Diffstat (limited to 'id/server')
3 files changed, 44 insertions, 132 deletions
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 678c381cb..414293350 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -18,7 +18,7 @@ configuration.moasession.key=SessionEncryptionKey configuration.moaconfig.key=ConfigurationEncryptionKey configuration.ssl.validation.revocation.method.order=ocsp,crl #configuration.ssl.validation.hostname=false -#configuration.validate.authblock.targetfriendlyname=true< +#configuration.validate.authblock.targetfriendlyname=true #MOA-ID 3.x Monitoring Servlet @@ -31,42 +31,19 @@ configuration.advancedlogging.active=false ######################## Externe Services ############################################ -######## Online mandates webservice (MIS) ######## -service.onlinemandates.acceptedServerCertificates= -service.onlinemandates.clientKeyStore=keys/.... -service.onlinemandates.clientKeyStorePassword= +######## central E-ID System connector module ########## +modules.eidproxyauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +modules.eidproxyauth.keystore.password=password +modules.eidproxyauth.metadata.sign.password=password +modules.eidproxyauth.metadata.sign.alias=pvp_metadata +modules.eidproxyauth.request.sign.password=password +modules.eidproxyauth.request.sign.alias=pvp_assertion +modules.eidproxyauth.response.encryption.password=password +modules.eidproxyauth.response.encryption.alias=pvp_assertion -######## central eIDAS-node connector module ########## -modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 -modules.eidascentralauth.keystore.password=password -modules.eidascentralauth.metadata.sign.alias=pvp_metadata -modules.eidascentralauth.metadata.sign.password=password -modules.eidascentralauth.request.sign.alias=pvp_assertion -modules.eidascentralauth.request.sign.password=password -modules.eidascentralauth.response.encryption.alias=pvp_assertion -modules.eidascentralauth.response.encryption.password=password -modules.eidascentralauth.node.trustprofileID=centralnode_metadata - - -######################## Protokolle am IDP ############################################ - -##Protocol configuration## -#PVP2 -protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 -protocols.pvp2.idp.ks.kspassword=password -protocols.pvp2.idp.ks.metadata.alias=pvp_metadata -protocols.pvp2.idp.ks.metadata.keypassword=password -protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion -protocols.pvp2.idp.ks.assertion.sign.keypassword=password -protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion -protocols.pvp2.idp.ks.assertion.encryption.keypassword=password -protocols.pvp2.metadata.entitycategories.active=false - -#OpenID connect (OAuth) -protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 -protocols.oauth20.jwt.ks.password=password -protocols.oauth20.jwt.ks.key.name=oauth -protocols.oauth20.jwt.ks.key.password=password +modules.eidproxyauth.EID.trustprofileID=eid_metadata +#modules.eidproxyauth.EID.entityId=https://eid.egiz.gv.at/idp/shibboleth +#modules.eidproxyauth.EID.metadataUrl= ######################## Datenbankkonfiguration ############################################ @@ -157,63 +134,6 @@ advancedlogging.dbcp.validationQuery=select 1 ## The configuration of this modules is only needed if this modules are in use. # ################################################################################### -######## SL2.0 authentication module ######## -modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2 -modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2 -modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2 -modules.sl20.security.keystore.path=keys/sl20.jks -modules.sl20.security.keystore.password=password -modules.sl20.security.sign.alias=signing -modules.sl20.security.sign.password=password -modules.sl20.security.encryption.alias=encryption -modules.sl20.security.encryption.password=password -modules.sl20.vda.authblock.id=default -modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC -modules.sl20.security.eID.validation.disable=false -modules.sl20.security.eID.signed.result.required=true -modules.sl20.security.eID.encryption.enabled=true -modules.sl20.security.eID.encryption.required=true - -######## user-restriction ########## -configuration.restrictions.sp.entityIds= -configuration.restrictions.sp.users.url= -configuration.restrictions.sp.users.sector= - -####### Direkte Fremd-bPK Berechnung ######## -configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx - -######## eIDAS protocol configuration ######## -######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ######## -moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml -moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml -moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml -moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata -moa.id.protocols.eIDAS.node.country=Austria -moa.id.protocols.eIDAS.node.countrycode=AT -moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high - -######## HBV Mandate-Service client module ######## -modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH -modules.elga_mandate.service.metadata.trustprofileID= -modules.elga_mandate.service.mandateprofiles= -modules.elga_mandate.keystore.path=keys/moa_idp[password].p12 -modules.elga_mandate.keystore.password=password -modules.elga_mandate.metadata.sign.alias=pvp_metadata -modules.elga_mandate.metadata.sign.password=password -modules.elga_mandate.request.sign.alias=pvp_assertion -modules.elga_mandate.request.sign.password=password -modules.elga_mandate.response.encryption.alias=pvp_assertion -modules.elga_mandate.response.encryption.password=password - -######## SSO Interfederation client module ######## -modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 -modules.federatedAuth.keystore.password=password -modules.federatedAuth.metadata.sign.alias=pvp_metadata -modules.federatedAuth.metadata.sign.password=password -modules.federatedAuth.request.sign.alias=pvp_assertion -modules.federatedAuth.request.sign.password=password -modules.federatedAuth.response.encryption.alias=pvp_assertion -modules.federatedAuth.response.encryption.password=password ######## Redis Settings, if Redis is used as a backend for session data. # has to be enabled with the following parameter @@ -221,42 +141,3 @@ modules.federatedAuth.response.encryption.password=password redis.use-pool=true redis.host-name=localhost redis.port=6379 - -################SZR Client configuration#################################### -## The SZR client is only required if MOA-ID-Auth should be -## use as STORK <-> PVP Gateway. -######## -service.egovutil.szr.test=true -service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR -service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR -service.egovutil.szr.token.version=1.8 -service.egovutil.szr.token.participantid= -service.egovutil.szr.token.gvoudomain= -service.egovutil.szr.token.userid= -service.egovutil.szr.token.cn= -service.egovutil.szr.token.gvouid= -service.egovutil.szr.token.ou= -service.egovutil.szr.token.gvsecclass= -service.egovutil.szr.token.gvfunction= -service.egovutil.szr.token.gvgid= -service.egovutil.szr.roles= -service.egovutil.szr.ssl.keystore.file= -service.egovutil.szr.ssl.keystore.password= -service.egovutil.szr.ssl.keystore.type= -service.egovutil.szr.ssl.truststore.file= -service.egovutil.szr.ssl.truststore.password= -service.egovutil.szr.ssl.truststore.type= -service.egovutil.szr.ssl.trustall=false -service.egovutil.szr.ssl.laxhostnameverification=false - - -################ Encrypted foreign bPK generation #################################### -## This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. -## If you like to use this feature, the public key for encryption has to be added -## as X509 certificate in Base64 encoded from. The selection will be done on sector -## identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in -## PVP Attribute Profie 2.1.2) -## Additonal encryption keys can be added by add a ney configuration line, like -## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1') -######## -#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw...
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index 9dede486d..acfff8aef 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -68,6 +68,10 @@ <cfg:Id>centralnode_metadata</cfg:Id> <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation> </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>eid_metadata</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> </cfg:PathValidation> <cfg:RevocationChecking> <cfg:EnableChecking>true</cfg:EnableChecking> diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt new file mode 100644 index 000000000..ef2a4df0c --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE-----
\ No newline at end of file |