From b232b84093993571da6efa97c25e1724370d6a6d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 12 Jun 2019 13:47:10 +0200 Subject: update handbook --- .../conf/moa-id/SLTemplates/template_handyBKU.html | 33 ----- .../conf/moa-id/SLTemplates/template_localBKU.html | 25 ---- .../conf/moa-id/SLTemplates/template_thirdBKU.html | 32 ---- .../deploy/conf/moa-id/eIDAS/EncryptModule.xml | 40 ----- .../deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml | 98 ------------- .../data/deploy/conf/moa-id/eIDAS/SignModule.xml | 48 ------ .../deploy/conf/moa-id/eIDAS/encryptionConf.xml | 14 -- .../conf/moa-id/htmlTemplates/loginFormFull.html | 120 --------------- .../htmlTemplates/mandate-service-selection.html | 76 ---------- .../htmlTemplates/sendAssertionFormFull.html | 52 ------- .../transforms/TransformsInfoAuthBlockTable_DE.xml | 161 --------------------- .../TransformsInfoAuthBlockTable_DE_2.0.xml | 7 - .../TransformsInfoAuthBlockTable_DE_3.0.xml | 7 - .../transforms/TransformsInfoAuthBlockTable_EN.xml | 161 --------------------- 14 files changed, 874 deletions(-) delete mode 100644 id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html delete mode 100644 id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html delete mode 100644 id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html delete mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml delete mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml delete mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml delete mode 100644 id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml delete mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html delete mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/mandate-service-selection.html delete mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml delete mode 100644 id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml (limited to 'id/server/data/deploy/conf') diff --git a/id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html b/id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html deleted file mode 100644 index e62921efa..000000000 --- a/id/server/data/deploy/conf/moa-id/SLTemplates/template_handyBKU.html +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - - - -
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: - - - - - - - - - - - - - -
- -
- - -
-
-
- - \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html b/id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html deleted file mode 100644 index 80d33ff85..000000000 --- a/id/server/data/deploy/conf/moa-id/SLTemplates/template_localBKU.html +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - -
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: - - - - -
- -
- - -
- -
-
- - diff --git a/id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html b/id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html deleted file mode 100644 index 928c9f17b..000000000 --- a/id/server/data/deploy/conf/moa-id/SLTemplates/template_thirdBKU.html +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - - - -
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: - - - - - - - - - - - - -
- -
- - -
-
-
- - diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml deleted file mode 100644 index 46052053a..000000000 --- a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml +++ /dev/null @@ -1,40 +0,0 @@ - - - - - SWModule encrypt with JKS. - - false - false - false - - - http://www.w3.org/2009/xmlenc11#aes256-gcm - - - - http://www.w3.org/2009/xmlenc11#aes128-gcm; - http://www.w3.org/2009/xmlenc11#aes256-gcm; - http://www.w3.org/2009/xmlenc11#aes192-gcm - - - - http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p - - keys/eidasKeyStore.jks - JKS - local-demo - local-demo - - - eIDAS/encryptionConf.xml - - CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE - 54C8F779 - - - CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE - 54C8F779 - - - \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml deleted file mode 100644 index 2327fb0d8..000000000 --- a/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml +++ /dev/null @@ -1,98 +0,0 @@ - - - - - SAML constants for AuthnRequests and Responses. - - - unspecified - - obtained - - - entity - - - - HTTP-POST - - false - false - false - - - true - - - false - - - http://S-PEPS.gov.xx - - - http://C-PEPS.gov.xx - - - 300 - - - false - - - true - - - http://www.stork.gov.eu/1.0/eIdentifier - http://www.stork.gov.eu/1.0/givenName - http://www.stork.gov.eu/1.0/surname - http://www.stork.gov.eu/1.0/inheritedFamilyName - http://www.stork.gov.eu/1.0/adoptedFamilyName - http://www.stork.gov.eu/1.0/gender - http://www.stork.gov.eu/1.0/dateOfBirth - http://www.stork.gov.eu/1.0/countryCodeOfBirth - http://www.stork.gov.eu/1.0/nationalityCode - http://www.stork.gov.eu/1.0/maritalStatus - http://www.stork.gov.eu/1.0/textResidenceAddress - http://www.stork.gov.eu/1.0/canonicalResidenceAddress - http://www.stork.gov.eu/1.0/eMail - http://www.stork.gov.eu/1.0/title - http://www.stork.gov.eu/1.0/residencePermit - http://www.stork.gov.eu/1.0/pseudonym - http://www.stork.gov.eu/1.0/age - http://www.stork.gov.eu/1.0/isAgeOver - http://www.stork.gov.eu/1.0/signedDoc - http://www.stork.gov.eu/1.0/citizenQAALevel - http://www.stork.gov.eu/1.0/fiscalNumber - http://www.stork.gov.eu/1.0/unknown - - - - http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName - http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName - http://eidas.europa.eu/attributes/naturalperson/DateOfBirth - http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier - http://eidas.europa.eu/attributes/naturalperson/BirthName - http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth - http://eidas.europa.eu/attributes/naturalperson/CurrentAddress - http://eidas.europa.eu/attributes/naturalperson/Gender - - http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier - http://eidas.europa.eu/attributes/legalperson/LegalAddress - http://eidas.europa.eu/attributes/legalperson/LegalName - http://eidas.europa.eu/attributes/legalperson/VATRegistration - http://eidas.europa.eu/attributes/legalperson/TaxReference - http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier - http://eidas.europa.eu/attributes/legalperson/LEI - http://eidas.europa.eu/attributes/legalperson/EORI - http://eidas.europa.eu/attributes/legalperson/SEED - http://eidas.europa.eu/attributes/legalperson/SIC - - \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml deleted file mode 100644 index bf7215cb5..000000000 --- a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - - SWModule sign with JKS. - false - false - - - - - - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 - - - - http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; - http://www.w3.org/2001/04/xmldsig-more#rsa-sha384; - http://www.w3.org/2001/04/xmldsig-more#rsa-sha512; - http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160; - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256; - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384; - http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512; - http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1; - http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1 - - - - true - - - keys/eidasKeyStore_Service_CB.jks - JKS - local-demo - local-demo - CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB - 54C8F839 - - - - keys/eidasKeyStore_METADATA.jks - JKS - local-demo - local-demo - CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE - 561BC0C8 - - diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml deleted file mode 100644 index ff8307f10..000000000 --- a/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - false - - false - - false - - false - - false - - \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html deleted file mode 100644 index 4e548e58c..000000000 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - -Anmeldung mittels Bürgerkarte oder Handy-Signatur - - - -
-
-

Anmeldung an: $OAName

-
-
-
-

$HEADER_TEXT

-
-
-
-
- - - -
-
-
-
- OnlineBKU - - - - -
- - - - - - -
- - - - - -
- -
- HandyBKU - -
- - -
- EULogin -
- - - - -
-
- - - - - - - - - - -
-

Anscheinend verwenden Sie Internet Explorer im - Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den - Optionen um die Karten-Anmeldung starten zu können.

-
-
-
-
-
-
- - diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/mandate-service-selection.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/mandate-service-selection.html deleted file mode 100644 index 7fb0dd881..000000000 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/mandate-service-selection.html +++ /dev/null @@ -1,76 +0,0 @@ - - - - - - - - Anmeldung an Online-Applikation - - - - -
- -
- - - -
- -
-
-

- Anmeldeinformationen: -

-
- -
-

Anmeldung an: $OAName

- - -
-

Für die Anmeldung 'in Vertretung' stehen Ihnen zwei Systeme zur Vollmachtenauswahl zur Verfügung. Bitte wählen Sie das gewünschte Service.

-
- -
-
-
- - - -
-
-

Eltern-Kind Vertretung

-
-
-
-
- - - -
-
-

Vollmachtenservice der Österreichischen Datenschutzbehörde (MMS Service)

-
-
-
-
- - -
-
-

Den Anmeldevorgang abbrechen

-
-
-
- -
-
- - -
-
-
- - diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html deleted file mode 100644 index 7ae4b3f92..000000000 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html +++ /dev/null @@ -1,52 +0,0 @@ - - - - - - - - Anmeldung an Online-Applikation - - - - -
- -
- - - -
-
-
-

- Anmeldeinformationen: -

-
- -
-

Anmeldung an: $OAName

- - -
-
- - - -
-
-
-
- - - -
-
- -
-
-
-
-
- - diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml deleted file mode 100644 index 1165d8b32..000000000 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - Signatur der Anmeldedaten - - - -

Anmeldedaten:

-

Daten zur Person

- - - - - - - - - - - - - - - - - - - - - - - - - -
Name: - -
Geburtsdatum: - - . - - . - -
Rolle: - -
Vollmacht: - Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde. -
-

Daten zur Anwendung

- - - - - - - - - -
Name: - -
Staat:Österreich
-

Technische Parameter

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
URL: - -
Bereich: - -
- Vollmachten-Referenz: - -
- : - -
Identifikator: - - -
OID: - -
HPI: - -
Datum: - - . - - . - -
Uhrzeit: - - : - - : - -
- - - - - - - - - application/xhtml+xml - - diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml deleted file mode 100644 index e225ca6e0..000000000 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml +++ /dev/null @@ -1,7 +0,0 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Name:
Geburtsdatum:..
Rolle:
Vollmacht:Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Name:
Staat:Österreich

Technische Parameter

URL:
Bereich:
- Vollmachten-Referenz:
:
Identifikator:
OID:
HPI:
SessionTokken:
Datum:..
Uhrzeit:::
application/xhtml+xml \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml deleted file mode 100644 index 6afe1f36b..000000000 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_3.0.xml +++ /dev/null @@ -1,7 +0,0 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Name:
Geburtsdatum:..
Rolle:
Vollmacht:Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Name:
Staat:Österreich (Test)Österreich (Test)BelgienSchweizTschechienEstlandSpanienFrankreichGriechenlandIslandItalienLitauenLuxemburgNiederlandePortugalSchwedenSlowenienSlowakeiTürkeiVereinigtes KönigreichAuslandÖsterreich

Technische Parameter

URL:
Bereich:
- Vollmachten-Referenz:
:
Identifikator:
OID:
HPI:
SessionTokken:
Datum:..
Uhrzeit:::
application/xhtml+xml diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml deleted file mode 100644 index 5e45cd6d0..000000000 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - Signing the authentication data - - - -

Authentication Data:

-

Personal Data

- - - - - - - - - - - - - - - - - - - - - - - - - -
Name: - -
Date of Birth: - - . - - . - -
Role: - -
Mandate: - I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate. -
-

Application Data

- - - - - - - - - -
Name: - -
Country:Austria
-

Technical Parameters

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
URL: - -
Sector: - -
- Mandate Reference: - -
- : - -
Identifier: - - -
OID: - -
HPI: - -
Date: - - . - - . - -
Time: - - : - - : - -
- - - - - - - - - application/xhtml+xml - - -- cgit v1.2.3 From d81835fc18d53503d7fb85bed8b6d0fcdbc43019 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 12 Jun 2019 13:49:49 +0200 Subject: update configuration --- .../data/deploy/conf/moa-id/moa-id.properties | 145 ++------------------- .../conf/moa-spss/SampleMOASPSSConfiguration.xml | 4 + .../EID_metadata/TEST_metadata_eid.egiz.gv.at.crt | 27 ++++ 3 files changed, 44 insertions(+), 132 deletions(-) create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt (limited to 'id/server/data/deploy/conf') diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 678c381cb..414293350 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -18,7 +18,7 @@ configuration.moasession.key=SessionEncryptionKey configuration.moaconfig.key=ConfigurationEncryptionKey configuration.ssl.validation.revocation.method.order=ocsp,crl #configuration.ssl.validation.hostname=false -#configuration.validate.authblock.targetfriendlyname=true< +#configuration.validate.authblock.targetfriendlyname=true #MOA-ID 3.x Monitoring Servlet @@ -31,42 +31,19 @@ configuration.advancedlogging.active=false ######################## Externe Services ############################################ -######## Online mandates webservice (MIS) ######## -service.onlinemandates.acceptedServerCertificates= -service.onlinemandates.clientKeyStore=keys/.... -service.onlinemandates.clientKeyStorePassword= +######## central E-ID System connector module ########## +modules.eidproxyauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +modules.eidproxyauth.keystore.password=password +modules.eidproxyauth.metadata.sign.password=password +modules.eidproxyauth.metadata.sign.alias=pvp_metadata +modules.eidproxyauth.request.sign.password=password +modules.eidproxyauth.request.sign.alias=pvp_assertion +modules.eidproxyauth.response.encryption.password=password +modules.eidproxyauth.response.encryption.alias=pvp_assertion -######## central eIDAS-node connector module ########## -modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 -modules.eidascentralauth.keystore.password=password -modules.eidascentralauth.metadata.sign.alias=pvp_metadata -modules.eidascentralauth.metadata.sign.password=password -modules.eidascentralauth.request.sign.alias=pvp_assertion -modules.eidascentralauth.request.sign.password=password -modules.eidascentralauth.response.encryption.alias=pvp_assertion -modules.eidascentralauth.response.encryption.password=password -modules.eidascentralauth.node.trustprofileID=centralnode_metadata - - -######################## Protokolle am IDP ############################################ - -##Protocol configuration## -#PVP2 -protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 -protocols.pvp2.idp.ks.kspassword=password -protocols.pvp2.idp.ks.metadata.alias=pvp_metadata -protocols.pvp2.idp.ks.metadata.keypassword=password -protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion -protocols.pvp2.idp.ks.assertion.sign.keypassword=password -protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion -protocols.pvp2.idp.ks.assertion.encryption.keypassword=password -protocols.pvp2.metadata.entitycategories.active=false - -#OpenID connect (OAuth) -protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 -protocols.oauth20.jwt.ks.password=password -protocols.oauth20.jwt.ks.key.name=oauth -protocols.oauth20.jwt.ks.key.password=password +modules.eidproxyauth.EID.trustprofileID=eid_metadata +#modules.eidproxyauth.EID.entityId=https://eid.egiz.gv.at/idp/shibboleth +#modules.eidproxyauth.EID.metadataUrl= ######################## Datenbankkonfiguration ############################################ @@ -157,63 +134,6 @@ advancedlogging.dbcp.validationQuery=select 1 ## The configuration of this modules is only needed if this modules are in use. # ################################################################################### -######## SL2.0 authentication module ######## -modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2 -modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2 -modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2 -modules.sl20.security.keystore.path=keys/sl20.jks -modules.sl20.security.keystore.password=password -modules.sl20.security.sign.alias=signing -modules.sl20.security.sign.password=password -modules.sl20.security.encryption.alias=encryption -modules.sl20.security.encryption.password=password -modules.sl20.vda.authblock.id=default -modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC -modules.sl20.security.eID.validation.disable=false -modules.sl20.security.eID.signed.result.required=true -modules.sl20.security.eID.encryption.enabled=true -modules.sl20.security.eID.encryption.required=true - -######## user-restriction ########## -configuration.restrictions.sp.entityIds= -configuration.restrictions.sp.users.url= -configuration.restrictions.sp.users.sector= - -####### Direkte Fremd-bPK Berechnung ######## -configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx - -######## eIDAS protocol configuration ######## -######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ######## -moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml -moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml -moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml -moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata -moa.id.protocols.eIDAS.node.country=Austria -moa.id.protocols.eIDAS.node.countrycode=AT -moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high - -######## HBV Mandate-Service client module ######## -modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH -modules.elga_mandate.service.metadata.trustprofileID= -modules.elga_mandate.service.mandateprofiles= -modules.elga_mandate.keystore.path=keys/moa_idp[password].p12 -modules.elga_mandate.keystore.password=password -modules.elga_mandate.metadata.sign.alias=pvp_metadata -modules.elga_mandate.metadata.sign.password=password -modules.elga_mandate.request.sign.alias=pvp_assertion -modules.elga_mandate.request.sign.password=password -modules.elga_mandate.response.encryption.alias=pvp_assertion -modules.elga_mandate.response.encryption.password=password - -######## SSO Interfederation client module ######## -modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 -modules.federatedAuth.keystore.password=password -modules.federatedAuth.metadata.sign.alias=pvp_metadata -modules.federatedAuth.metadata.sign.password=password -modules.federatedAuth.request.sign.alias=pvp_assertion -modules.federatedAuth.request.sign.password=password -modules.federatedAuth.response.encryption.alias=pvp_assertion -modules.federatedAuth.response.encryption.password=password ######## Redis Settings, if Redis is used as a backend for session data. # has to be enabled with the following parameter @@ -221,42 +141,3 @@ modules.federatedAuth.response.encryption.password=password redis.use-pool=true redis.host-name=localhost redis.port=6379 - -################SZR Client configuration#################################### -## The SZR client is only required if MOA-ID-Auth should be -## use as STORK <-> PVP Gateway. -######## -service.egovutil.szr.test=true -service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR -service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR -service.egovutil.szr.token.version=1.8 -service.egovutil.szr.token.participantid= -service.egovutil.szr.token.gvoudomain= -service.egovutil.szr.token.userid= -service.egovutil.szr.token.cn= -service.egovutil.szr.token.gvouid= -service.egovutil.szr.token.ou= -service.egovutil.szr.token.gvsecclass= -service.egovutil.szr.token.gvfunction= -service.egovutil.szr.token.gvgid= -service.egovutil.szr.roles= -service.egovutil.szr.ssl.keystore.file= -service.egovutil.szr.ssl.keystore.password= -service.egovutil.szr.ssl.keystore.type= -service.egovutil.szr.ssl.truststore.file= -service.egovutil.szr.ssl.truststore.password= -service.egovutil.szr.ssl.truststore.type= -service.egovutil.szr.ssl.trustall=false -service.egovutil.szr.ssl.laxhostnameverification=false - - -################ Encrypted foreign bPK generation #################################### -## This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. -## If you like to use this feature, the public key for encryption has to be added -## as X509 certificate in Base64 encoded from. The selection will be done on sector -## identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in -## PVP Attribute Profie 2.1.2) -## Additonal encryption keys can be added by add a ney configuration line, like -## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1') -######## -#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... \ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index 9dede486d..acfff8aef 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -68,6 +68,10 @@ centralnode_metadata trustProfiles/centralnode_metadata + + eid_metadata + trustProfiles/EID_metadata + true diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt new file mode 100644 index 000000000..ef2a4df0c --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE----- \ No newline at end of file -- cgit v1.2.3 From abc2537a4d2e6d6a06b3b24d7268daf379aa949b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 Sep 2019 12:27:09 +0200 Subject: read requested LoA from configuration --- id/server/data/deploy/conf/moa-id-oa/oa.properties | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'id/server/data/deploy/conf') diff --git a/id/server/data/deploy/conf/moa-id-oa/oa.properties b/id/server/data/deploy/conf/moa-id-oa/oa.properties index ff5bd0c03..3f5cb53d9 100644 --- a/id/server/data/deploy/conf/moa-id-oa/oa.properties +++ b/id/server/data/deploy/conf/moa-id-oa/oa.properties @@ -25,3 +25,13 @@ general.login.pvp2.keystore.authrequest.sign.key.password=password general.login.pvp2.keystore.assertion.encryption.key.alias=pvp_encryption general.login.pvp2.keystore.assertion.encryption.key.password=password + +#### For testing and debugging +#general.login.pvp2.req.set.authncontextclassref=true +#general.login.pvp2.req.authncontextclassref.value=http://eidas.europa.eu/LoA/low + +#general.login.pvp2.req.set.nameIDPolicy=true +#general.login.pvp2.sp.requesterId= + +#general.login.pvp2.binding.req.redirect=true +#general.login.pvp2.binding.resp.redirect=false \ No newline at end of file -- cgit v1.2.3 From 6bcda4bc120c743bab2296c72b22d1db0ba4ccfc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Dec 2019 09:04:58 +0100 Subject: update configuration examples activate MOA-ID mode in configuration module as default --- .../data/deploy/conf/moa-id/moa-id.properties | 137 ++++++++++++++++++++- 1 file changed, 136 insertions(+), 1 deletion(-) (limited to 'id/server/data/deploy/conf') diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index 414293350..926f6153b 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -18,7 +18,7 @@ configuration.moasession.key=SessionEncryptionKey configuration.moaconfig.key=ConfigurationEncryptionKey configuration.ssl.validation.revocation.method.order=ocsp,crl #configuration.ssl.validation.hostname=false -#configuration.validate.authblock.targetfriendlyname=true +#configuration.validate.authblock.targetfriendlyname=true< #MOA-ID 3.x Monitoring Servlet @@ -31,6 +31,25 @@ configuration.advancedlogging.active=false ######################## Externe Services ############################################ +######## Online mandates webservice (MIS) ######## +service.onlinemandates.acceptedServerCertificates= +service.onlinemandates.clientKeyStore=keys/.... +service.onlinemandates.clientKeyStorePassword= + +######## central eIDAS-node connector module ########## +modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +modules.eidascentralauth.keystore.password=password +modules.eidascentralauth.metadata.sign.alias=pvp_metadata +modules.eidascentralauth.metadata.sign.password=password +modules.eidascentralauth.request.sign.alias=pvp_assertion +modules.eidascentralauth.request.sign.password=password +modules.eidascentralauth.response.encryption.alias=pvp_assertion +modules.eidascentralauth.response.encryption.password=password +modules.eidascentralauth.node.trustprofileID=centralnode_metadata + +#modules.eidascentralauth.semper.mandates.active=false +#modules.eidascentralauth.semper.msproxy.list= + ######## central E-ID System connector module ########## modules.eidproxyauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 modules.eidproxyauth.keystore.password=password @@ -45,6 +64,26 @@ modules.eidproxyauth.EID.trustprofileID=eid_metadata #modules.eidproxyauth.EID.entityId=https://eid.egiz.gv.at/idp/shibboleth #modules.eidproxyauth.EID.metadataUrl= +######################## Protokolle am IDP ############################################ + +##Protocol configuration## +#PVP2 +protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +protocols.pvp2.idp.ks.kspassword=password +protocols.pvp2.idp.ks.metadata.alias=pvp_metadata +protocols.pvp2.idp.ks.metadata.keypassword=password +protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion +protocols.pvp2.idp.ks.assertion.sign.keypassword=password +protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion +protocols.pvp2.idp.ks.assertion.encryption.keypassword=password +protocols.pvp2.metadata.entitycategories.active=false + +#OpenID connect (OAuth) +protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 +protocols.oauth20.jwt.ks.password=password +protocols.oauth20.jwt.ks.key.name=oauth +protocols.oauth20.jwt.ks.key.password=password + ######################## Datenbankkonfiguration ############################################ configuration.database.byteBasedValues=false @@ -134,6 +173,63 @@ advancedlogging.dbcp.validationQuery=select 1 ## The configuration of this modules is only needed if this modules are in use. # ################################################################################### +######## SL2.0 authentication module ######## +modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2 +modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2 +modules.sl20.security.keystore.path=keys/sl20.jks +modules.sl20.security.keystore.password=password +modules.sl20.security.sign.alias=signing +modules.sl20.security.sign.password=password +modules.sl20.security.encryption.alias=encryption +modules.sl20.security.encryption.password=password +modules.sl20.vda.authblock.id=default +modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC +modules.sl20.security.eID.validation.disable=false +modules.sl20.security.eID.signed.result.required=true +modules.sl20.security.eID.encryption.enabled=true +modules.sl20.security.eID.encryption.required=true + +######## user-restriction ########## +configuration.restrictions.sp.entityIds= +configuration.restrictions.sp.users.url= +configuration.restrictions.sp.users.sector= + +####### Direkte Fremd-bPK Berechnung ######## +configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx + +######## eIDAS protocol configuration ######## +######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ######## +moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml +moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml +moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml +moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata +moa.id.protocols.eIDAS.node.country=Austria +moa.id.protocols.eIDAS.node.countrycode=AT +moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high + +######## HBV Mandate-Service client module ######## +modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH +modules.elga_mandate.service.metadata.trustprofileID= +modules.elga_mandate.service.mandateprofiles= +modules.elga_mandate.keystore.path=keys/moa_idp[password].p12 +modules.elga_mandate.keystore.password=password +modules.elga_mandate.metadata.sign.alias=pvp_metadata +modules.elga_mandate.metadata.sign.password=password +modules.elga_mandate.request.sign.alias=pvp_assertion +modules.elga_mandate.request.sign.password=password +modules.elga_mandate.response.encryption.alias=pvp_assertion +modules.elga_mandate.response.encryption.password=password + +######## SSO Interfederation client module ######## +modules.federatedAuth.keystore.path=keys/moa_idp[password].p12 +modules.federatedAuth.keystore.password=password +modules.federatedAuth.metadata.sign.alias=pvp_metadata +modules.federatedAuth.metadata.sign.password=password +modules.federatedAuth.request.sign.alias=pvp_assertion +modules.federatedAuth.request.sign.password=password +modules.federatedAuth.response.encryption.alias=pvp_assertion +modules.federatedAuth.response.encryption.password=password ######## Redis Settings, if Redis is used as a backend for session data. # has to be enabled with the following parameter @@ -141,3 +237,42 @@ advancedlogging.dbcp.validationQuery=select 1 redis.use-pool=true redis.host-name=localhost redis.port=6379 + +################SZR Client configuration#################################### +## The SZR client is only required if MOA-ID-Auth should be +## use as STORK <-> PVP Gateway. +######## +service.egovutil.szr.test=true +service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR +service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR +service.egovutil.szr.token.version=1.8 +service.egovutil.szr.token.participantid= +service.egovutil.szr.token.gvoudomain= +service.egovutil.szr.token.userid= +service.egovutil.szr.token.cn= +service.egovutil.szr.token.gvouid= +service.egovutil.szr.token.ou= +service.egovutil.szr.token.gvsecclass= +service.egovutil.szr.token.gvfunction= +service.egovutil.szr.token.gvgid= +service.egovutil.szr.roles= +service.egovutil.szr.ssl.keystore.file= +service.egovutil.szr.ssl.keystore.password= +service.egovutil.szr.ssl.keystore.type= +service.egovutil.szr.ssl.truststore.file= +service.egovutil.szr.ssl.truststore.password= +service.egovutil.szr.ssl.truststore.type= +service.egovutil.szr.ssl.trustall=false +service.egovutil.szr.ssl.laxhostnameverification=false + + +################ Encrypted foreign bPK generation #################################### +## This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. +## If you like to use this feature, the public key for encryption has to be added +## as X509 certificate in Base64 encoded from. The selection will be done on sector +## identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in +## PVP Attribute Profie 2.1.2) +## Additonal encryption keys can be added by add a ney configuration line, like +## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1') +######## +#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... \ No newline at end of file -- cgit v1.2.3