From 3535ae9500b29d0b2d0f317ea7f47a6c25c6f70e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 10 Jul 2018 16:53:03 +0200 Subject: some small updates and handbook update --- .../data/deploy/conf/moa-id/moa-id.properties | 36 +++++++++++++++------- 1 file changed, 25 insertions(+), 11 deletions(-) (limited to 'id/server/data/deploy/conf/moa-id/moa-id.properties') diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index fa6bccef0..e8cdcf74d 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -27,22 +27,11 @@ configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/moni #MOA-ID 3.x Advanced Logging configuration.advancedlogging.active=false -##Webservice Client Configuration -#MOA-SP webservice -#service.moasp.acceptedServerCertificates= -#service.moasp.clientKeyStore= -#service.moasp.clientKeyStorePassword= - #Online mandates webservice (MIS) service.onlinemandates.acceptedServerCertificates= service.onlinemandates.clientKeyStore=keys/.... service.onlinemandates.clientKeyStorePassword= -#Foreign Identities (SZRGW) -service.foreignidentities.acceptedServerCertificates= -service.foreignidentities.clientKeyStore=keys/.... -service.foreignidentities.clientKeyStorePassword= - ##Protocol configuration## #PVP2 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 @@ -61,6 +50,31 @@ protocols.oauth20.jwt.ks.password=password protocols.oauth20.jwt.ks.key.name=oauth protocols.oauth20.jwt.ks.key.password=password + + +######## central eIDAS-node connector module ########## +modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +modules.eidascentralauth.keystore.password=password +modules.eidascentralauth.metadata.sign.alias=pvp_metadata +modules.eidascentralauth.metadata.sign.password=password +modules.eidascentralauth.request.sign.alias=pvp_assertion +modules.eidascentralauth.request.sign.password=password +modules.eidascentralauth.response.encryption.alias=pvp_assertion +modules.eidascentralauth.response.encryption.password=password + +modules.eidascentralauth.node.trustprofileID=centralnode_metadata + + +#modules.eidascentralauth.required.additional.attributes.0=urn:oid:1.2.40.0.10.2.1.1.261.36,false +#modules.eidascentralauth.required.additional.attributes.1=urn:oid:1.2.40.0.10.2.1.1.261.104,false +#modules.eidascentralauth.required.additional.attributes.2=urn:oid:1.2.40.0.10.2.1.1.261.38,false + +########################################################## + + + + + ##Database configuration## configuration.database.byteBasedValues=false -- cgit v1.2.3 From 5d7f7f3b6fc2fb8f8f72f359b0adb738e851d631 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 16 Jul 2018 13:12:39 +0200 Subject: update handbook, readme, history, example configuration, ... --- .../data/deploy/conf/moa-id/moa-id.properties | 85 ++++++++++++++-------- 1 file changed, 54 insertions(+), 31 deletions(-) (limited to 'id/server/data/deploy/conf/moa-id/moa-id.properties') diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 1db01ba9b..614696628 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -27,11 +27,27 @@ configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/moni #MOA-ID 3.x Advanced Logging configuration.advancedlogging.active=false -#Online mandates webservice (MIS) +######################## Externe Services ############################################ + +######## Online mandates webservice (MIS) ######## service.onlinemandates.acceptedServerCertificates= service.onlinemandates.clientKeyStore=keys/.... service.onlinemandates.clientKeyStorePassword= +######## central eIDAS-node connector module ########## +modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +modules.eidascentralauth.keystore.password=password +modules.eidascentralauth.metadata.sign.alias=pvp_metadata +modules.eidascentralauth.metadata.sign.password=password +modules.eidascentralauth.request.sign.alias=pvp_assertion +modules.eidascentralauth.request.sign.password=password +modules.eidascentralauth.response.encryption.alias=pvp_assertion +modules.eidascentralauth.response.encryption.password=password +modules.eidascentralauth.node.trustprofileID=centralnode_metadata + + +######################## Protokolle am IDP ############################################ + ##Protocol configuration## #PVP2 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 @@ -51,29 +67,9 @@ protocols.oauth20.jwt.ks.key.name=oauth protocols.oauth20.jwt.ks.key.password=password - -######## central eIDAS-node connector module ########## -modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 -modules.eidascentralauth.keystore.password=password -modules.eidascentralauth.metadata.sign.alias=pvp_metadata -modules.eidascentralauth.metadata.sign.password=password -modules.eidascentralauth.request.sign.alias=pvp_assertion -modules.eidascentralauth.request.sign.password=password -modules.eidascentralauth.response.encryption.alias=pvp_assertion -modules.eidascentralauth.response.encryption.password=password - -modules.eidascentralauth.node.trustprofileID=centralnode_metadata - -########################################################## - - - - - -##Database configuration## +######################## Datenbankkonfiguration ############################################ configuration.database.byteBasedValues=false - #Hibnerate configuration for MOA-ID 3.x session store moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8&serverTimezone=UTC @@ -154,11 +150,38 @@ advancedlogging.dbcp.testWhileIdle=false advancedlogging.dbcp.validationQuery=select 1 -################ Additonal eID-modul configuration #################################### -## This additional eID moduls add special functionality to MOA-ID-Auth. -## The configuration of this modules is only needed if this modules are in use. -######## -### eIDAS protocol configuration ### +################ Additonal eID-modul configuration ################################ +## This additional eID moduls add special functionality to MOA-ID-Auth. # +## The configuration of this modules is only needed if this modules are in use. # +################################################################################### + +######## SL2.0 authentication module ######## +modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2 +modules.sl20.security.keystore.path=keys/sl20.jks +modules.sl20.security.keystore.password=password +modules.sl20.security.sign.alias=signing +modules.sl20.security.sign.password=password +modules.sl20.security.encryption.alias=encryption +modules.sl20.security.encryption.password=password +modules.sl20.vda.authblock.id=default +modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC +modules.sl20.security.eID.validation.disable=false +modules.sl20.security.eID.signed.result.required=true +modules.sl20.security.eID.encryption.enabled=true +modules.sl20.security.eID.encryption.required=true + +######## user-restriction ########## +configuration.restrictions.sp.entityIds= +configuration.restrictions.sp.users.url= +configuration.restrictions.sp.users.sector= + +####### Direkte Fremd-bPK Berechnung ######## +configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx + +######## eIDAS protocol configuration ######## +######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ######## moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml @@ -167,7 +190,7 @@ moa.id.protocols.eIDAS.node.country=Austria moa.id.protocols.eIDAS.node.countrycode=AT moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high -### HBV Mandate-Service client module ### +######## HBV Mandate-Service client module ######## modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH modules.elga_mandate.service.metadata.trustprofileID= modules.elga_mandate.service.mandateprofiles= @@ -180,7 +203,7 @@ modules.elga_mandate.request.sign.password=password modules.elga_mandate.response.encryption.alias=pvp_assertion modules.elga_mandate.response.encryption.password=password -### SSO Interfederation client module ### +######## SSO Interfederation client module ######## modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 modules.federatedAuth.keystore.password=password modules.federatedAuth.metadata.sign.alias=pvp_metadata @@ -190,8 +213,8 @@ modules.federatedAuth.request.sign.password=password modules.federatedAuth.response.encryption.alias=pvp_assertion modules.federatedAuth.response.encryption.password=password -#Redis Settings, if Redis is used as a backend for session data. -#has to be enabled with the following parameter +######## Redis Settings, if Redis is used as a backend for session data. +# has to be enabled with the following parameter #redis.active=true redis.use-pool=true redis.host-name=localhost -- cgit v1.2.3