diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml new file mode 100644 index 000000000..91f6241ea --- /dev/null +++ b/.github/workflows/build-push-docker-image.yml @@ -0,0 +1,57 @@ +name: build-push-docker-image + +on: + push: + branches: feature/docker_configs + workflow_dispatch: + +jobs: + build-push-docker-image: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Get the latest release + id: release + uses: robinraju/release-downloader@v1.7 + with: + latest: true + fileName: "*.tar.bz2" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push the Production image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.prod + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-selfservice/stepup-selfservice:prod + ghcr.io/openconext/stepup-selfservice/stepup-selfservice:${{ github.sha }} + ghcr.io/openconext/stepup-selfservice/stepup-selfservice:${{ steps.release.outputs.tag_name }} + + - name: Build and push the Development image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.dev + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-selfservice/stepup-selfservice:dev diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index eacff250a..8e69af5e1 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -62,3 +62,11 @@ jobs: with: release_id: ${{ steps.create_release.outputs.id }} + after_build: + needs: build + runs-on: ubuntu-latest + steps: + - name: Trigger Docker container build + uses: benc-uk/workflow-dispatch@v1 + with: + workflow: build-push-docker-image.yml diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index 7260420d4..ca28d2a9c 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -9,38 +9,39 @@ parameters: debug_toolbar: true debug_redirects: false - gateway_api_url: https://gw-dev.stepup.coin.surf.net/ + gateway_api_url: https://gateway.dev.openconext.local/ gateway_api_username: ss - gateway_api_password: ss + gateway_api_password: sa_secret - middleware_credentials_username: 'FOR CI ONLY, REPLACE WITH ACTUAL VALUE' - middleware_credentials_password: 'FOR CI ONLY, REPLACE WITH ACTUAL VALUE' - middleware_url_command_api: 'FOR CI ONLY, REPLACE WITH ACTUAL FULL URL http://etc/' - middleware_url_api: 'FOR CI ONLY, REPLACE WITH ACTUAL FULL URL http://etc/' + middleware_credentials_username: ss + middleware_credentials_password: sa_secret + middleware_url_command_api: https://middleware.dev.openconext.local/command + middleware_url_api: https://middleware.dev.openconext.local/ - sms_originator: SURFStepup + sms_originator: OpenConext sms_otp_expiry_interval: 900 # 15 minutes sms_maximum_otp_requests: 3 - saml_sp_publickey: - saml_sp_privatekey: - saml_metadata_publickey: - saml_metadata_privatekey: + saml_sp_publickey: /config/selfservice/selfservice_saml_sp.crt + saml_sp_privatekey: /config/selfservice/selfservice_saml_sp.key + saml_metadata_publickey: /config/selfservice/selfservice_saml_sp.crt + saml_metadata_privatekey: /config/selfservice/selfservice_saml_sp.key - saml_remote_idp_entity_id: - saml_remote_idp_sso_url: - saml_remote_idp_certificate: 'FOR CI ONLY, REPLACE WITH ACTUAL VALUE' + saml_remote_idp_entity_id: https://gateway.dev.openconext.local/authentication/metadata + saml_remote_idp_sso_url: https://gateway.dev.openconext.local/authentication/single-sign-on + saml_remote_idp_certificate: 'MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEUMBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIxNTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3dpiyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/VelUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOuVtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2yPWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWRDZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2VorMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56mS2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqfBFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nxSQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmzEiSroEg=' + asset_version: 1 - second_factor_test_idp_entity_id: ~ - second_factor_test_idp_sso_url: ~ - second_factor_test_idp_certificate: 'FOR CI ONLY, REPLACE WITH ACTUAL VALUE' + second_factor_test_idp_entity_id: https://gateway.dev.openconext.local/authentication/metadata + second_factor_test_idp_sso_url: https://gateway.dev.openconext.local/authentication/single-sign-on + second_factor_test_idp_certificate: 'MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEUMBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIxNTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3dpiyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/VelUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOuVtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2yPWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWRDZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2VorMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56mS2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqfBFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nxSQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmzEiSroEg=' - stepup_loa_loa1: https://gateway.tld/authentication/loa1 - stepup_loa_loa2: https://gateway.tld/authentication/loa2 - stepup_loa_loa3: https://gateway.tld/authentication/loa3 - stepup_loa_self_asserted: https://gateway.tld/authentication/loa-self-asserted + stepup_loa_loa1: http://dev.openconext.local/assurance/loa1 + stepup_loa_loa2: http://dev.openconext.local/assurance/loa2 + stepup_loa_loa3: http://dev.openconext.local/assurance/loa3 + stepup_loa_self_asserted: 'http://dev.openconext.local/assurance/loa1.5' logout_redirect_url: nl_NL: https://www.surf.nl/over-surf/werkmaatschappijen/surfnet @@ -49,14 +50,22 @@ parameters: enabled_second_factors: - sms - yubikey + - tiqr + - demo_gssp + - webauthn + - azuremfa enabled_generic_second_factors: - biometric: - loa: 3 + azuremfa: + loa: 2 tiqr: + loa: 2 + webauthn: + loa: 3 + demo_gssp: loa: 3 - irma_app_android_url: https://play.google.com/store/apps/details?id=org.irmacard.cardemu&hl=en - irma_app_ios_url: https://itunes.apple.com/us/app/irma-authentication/id1294092994?mt=8 + tiqr_app_android_url: https://play.google.com/store/apps/details?id=org.tiqr.authenticator&hl=en + tiqr_app_ios_url: https://itunes.apple.com/us/app/tiqr/id430838214?mt=8&ls=1 session_max_absolute_lifetime: 3600 # 1 hours * 60 minutes * 60 seconds session_max_relative_lifetime: 600 # 10 minutes * 60 seconds diff --git a/config/legacy/samlstepupproviders_parameters.yaml.dist b/config/legacy/samlstepupproviders_parameters.yaml.dist index 42474baba..95e4fa87a 100644 --- a/config/legacy/samlstepupproviders_parameters.yaml.dist +++ b/config/legacy/samlstepupproviders_parameters.yaml.dist @@ -1,12 +1,12 @@ # This file is auto-generated during the composer install parameters: - gssp_azuremfa_sp_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_azuremfa_sp_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_azuremfa_metadata_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_azuremfa_metadata_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_azuremfa_remote_entity_id: 'https://gateway.stepup.example.com/gssp/azuremfa/metadata' - gssp_azuremfa_remote_sso_url: 'https://gateway.stepup.example.com/gssp/azuremfa/single-sign-on' - gssp_azuremfa_remote_certificate: MIID5DCCAkwCCQC5XK3oVEwVcDANBgkqhkiG9w0BAQUFADA0MRkwFwYDVQQDDBBHYXRld2F5IFRpcXIgSWRQMRcwFQYDVQQKDA5EZXZlbG9wbWVudCBWTTAeFw0yMDEwMTkxMDAzMzFaFw0yNTEwMTgxMDAzMzFaMDQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAucLa2a41JqdnLni/Zrftr5o/ylNMazOYuwaQx3qvu36IAysLOq9eLORb1MGa/0UtnNpSiSxJdg6yJmiWOJrTEzPetlBXTfny3Jl5yOL5kaQ1GTSzYvjHMzVa7AwgQQhYa/Au0kHRCrCGfgYvAEgSLzATE6SMoyqka9b+JLfM7H051PG3G0YTIRC8w0dnjTI5ceYyfSr396UoxzDA+cym0wc3XWbwE4Dn8xAdeSBGXLFyueJydf5SJoThOYUwXEsrjKX1tGcQhOsqIgr3fO2h7lhae6hNbgzDWOGWJUUK2RgCkQH9nOOfMGC9g/a2ms46Lmi5BuTrGqVHprUWEWihxRIh+6/AOcjA1fSrA34Fb9k/ysvZFaP9j+pdmw485Mc/3Hgl8F6BEarhK3ZYoT6Bu6wYGDu04wvERBc1aFqsw8MqXkPRDW7U5LbYZ0E/n8nr2AbXxCzV8Keofpi51hvzu8klmBWakB/fNnafqejmsxtizG3yUp6oSW1GNUKeDDGFAgMBAAEwDQYJKoZIhvcNAQEFBQADggGBAKDbik0M7zdg4TcZ8KvRhksujf5k+YOH/qqNWrT3+4X/slhC4r1URJFoOEz5/PqkgremgFXsSvahyIAMnrL8xl32ra0RW/pED/6LYAAWkhuUWcL9vnsPV/OmgaULCmct1qxM+E/XRTO0MLORGDY4EUzWuRfA4sPZ9tXyQ3MA9d0UfrV+wivMIt9oOaTwVj0I+I5TnYHgD9un6OHxbYggnYAb+UlBWaNUVjwQiNf3gDRkD1ph8nbEgEUDlfg8ZiSoC0pUMcFK09zANDaU5X1gHWcQJtFHWI3JSdS0vJLWijpSxABtszsoH5ANsWTyl0xSCaAS+OHXJ9IvIiuARVQcOT57A1hpD5iBj5JTbK9oh+QG6FmtOK0u1uW/PsS6pqjR52fz0+YiDKSkWW1OegbH7RyE8RwJ0X3kEPl4G/VyY8nPsNEGqzOi7efj47Es9PX4jLlh70Jm0jszBWdO/64G5N1MbcnfMInWy8HO8r2VcJ/t3LenFCzQc0cXA+uSfp1hiA== + gssp_azuremfa_sp_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_azuremfa_sp_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_azuremfa_metadata_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_azuremfa_metadata_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_azuremfa_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/azuremfa/metadata' + gssp_azuremfa_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/azuremfa/single-sign-on' + gssp_azuremfa_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_azuremfa_logo: /images/second-factor/azuremfa.png gssp_azuremfa_app_android_url: 'https://play.google.com/store/apps/details?id=com.azure.authenticator' gssp_azuremfa_app_ios_url: 'https://apps.apple.com/nl/app/microsoft-authenticator/id983156458' @@ -37,13 +37,13 @@ parameters: gssp_azuremfa_pop_failed: nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.' en_GB: 'Registration of your token failed. Please try again.' - gssp_webauthn_sp_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_webauthn_sp_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_webauthn_metadata_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_webauthn_metadata_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_webauthn_remote_entity_id: 'https://gateway.stepup.example.com/gssp/webauthn/metadata' - gssp_webauthn_remote_sso_url: 'https://gateway.stepup.example.com/gssp/webauthn/single-sign-on' - gssp_webauthn_remote_certificate: MIID5DCCAkwCCQC5XK3oVEwVcDANBgkqhkiG9w0BAQUFADA0MRkwFwYDVQQDDBBHYXRld2F5IFRpcXIgSWRQMRcwFQYDVQQKDA5EZXZlbG9wbWVudCBWTTAeFw0yMDEwMTkxMDAzMzFaFw0yNTEwMTgxMDAzMzFaMDQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAucLa2a41JqdnLni/Zrftr5o/ylNMazOYuwaQx3qvu36IAysLOq9eLORb1MGa/0UtnNpSiSxJdg6yJmiWOJrTEzPetlBXTfny3Jl5yOL5kaQ1GTSzYvjHMzVa7AwgQQhYa/Au0kHRCrCGfgYvAEgSLzATE6SMoyqka9b+JLfM7H051PG3G0YTIRC8w0dnjTI5ceYyfSr396UoxzDA+cym0wc3XWbwE4Dn8xAdeSBGXLFyueJydf5SJoThOYUwXEsrjKX1tGcQhOsqIgr3fO2h7lhae6hNbgzDWOGWJUUK2RgCkQH9nOOfMGC9g/a2ms46Lmi5BuTrGqVHprUWEWihxRIh+6/AOcjA1fSrA34Fb9k/ysvZFaP9j+pdmw485Mc/3Hgl8F6BEarhK3ZYoT6Bu6wYGDu04wvERBc1aFqsw8MqXkPRDW7U5LbYZ0E/n8nr2AbXxCzV8Keofpi51hvzu8klmBWakB/fNnafqejmsxtizG3yUp6oSW1GNUKeDDGFAgMBAAEwDQYJKoZIhvcNAQEFBQADggGBAKDbik0M7zdg4TcZ8KvRhksujf5k+YOH/qqNWrT3+4X/slhC4r1URJFoOEz5/PqkgremgFXsSvahyIAMnrL8xl32ra0RW/pED/6LYAAWkhuUWcL9vnsPV/OmgaULCmct1qxM+E/XRTO0MLORGDY4EUzWuRfA4sPZ9tXyQ3MA9d0UfrV+wivMIt9oOaTwVj0I+I5TnYHgD9un6OHxbYggnYAb+UlBWaNUVjwQiNf3gDRkD1ph8nbEgEUDlfg8ZiSoC0pUMcFK09zANDaU5X1gHWcQJtFHWI3JSdS0vJLWijpSxABtszsoH5ANsWTyl0xSCaAS+OHXJ9IvIiuARVQcOT57A1hpD5iBj5JTbK9oh+QG6FmtOK0u1uW/PsS6pqjR52fz0+YiDKSkWW1OegbH7RyE8RwJ0X3kEPl4G/VyY8nPsNEGqzOi7efj47Es9PX4jLlh70Jm0jszBWdO/64G5N1MbcnfMInWy8HO8r2VcJ/t3LenFCzQc0cXA+uSfp1hiA== + gssp_webauthn_sp_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_webauthn_sp_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_webauthn_metadata_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_webauthn_metadata_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_webauthn_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/webauthn/metadata' + gssp_webauthn_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/webauthn/single-sign-on' + gssp_webauthn_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_webauthn_logo: /images/second-factor/webauthn.png gssp_webauthn_app_android_url: '' gssp_webauthn_app_ios_url: '' @@ -74,13 +74,13 @@ parameters: gssp_webauthn_pop_failed: nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.' en_GB: 'Registration of your token failed. Please try again.' - gssp_demo_gssp_2_sp_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_demo_gssp_2_sp_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_demo_gssp_2_metadata_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_demo_gssp_2_metadata_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_demo_gssp_2_remote_entity_id: 'https://gateway.stepup.example.com/gssp/demo_gssp_2/metadata' - gssp_demo_gssp_2_remote_sso_url: 'https://gateway.stepup.example.com/gssp/demo_gssp_2/single-sign-on' - gssp_demo_gssp_2_remote_certificate: MIID5DCCAkwCCQC5XK3oVEwVcDANBgkqhkiG9w0BAQUFADA0MRkwFwYDVQQDDBBHYXRld2F5IFRpcXIgSWRQMRcwFQYDVQQKDA5EZXZlbG9wbWVudCBWTTAeFw0yMDEwMTkxMDAzMzFaFw0yNTEwMTgxMDAzMzFaMDQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAucLa2a41JqdnLni/Zrftr5o/ylNMazOYuwaQx3qvu36IAysLOq9eLORb1MGa/0UtnNpSiSxJdg6yJmiWOJrTEzPetlBXTfny3Jl5yOL5kaQ1GTSzYvjHMzVa7AwgQQhYa/Au0kHRCrCGfgYvAEgSLzATE6SMoyqka9b+JLfM7H051PG3G0YTIRC8w0dnjTI5ceYyfSr396UoxzDA+cym0wc3XWbwE4Dn8xAdeSBGXLFyueJydf5SJoThOYUwXEsrjKX1tGcQhOsqIgr3fO2h7lhae6hNbgzDWOGWJUUK2RgCkQH9nOOfMGC9g/a2ms46Lmi5BuTrGqVHprUWEWihxRIh+6/AOcjA1fSrA34Fb9k/ysvZFaP9j+pdmw485Mc/3Hgl8F6BEarhK3ZYoT6Bu6wYGDu04wvERBc1aFqsw8MqXkPRDW7U5LbYZ0E/n8nr2AbXxCzV8Keofpi51hvzu8klmBWakB/fNnafqejmsxtizG3yUp6oSW1GNUKeDDGFAgMBAAEwDQYJKoZIhvcNAQEFBQADggGBAKDbik0M7zdg4TcZ8KvRhksujf5k+YOH/qqNWrT3+4X/slhC4r1URJFoOEz5/PqkgremgFXsSvahyIAMnrL8xl32ra0RW/pED/6LYAAWkhuUWcL9vnsPV/OmgaULCmct1qxM+E/XRTO0MLORGDY4EUzWuRfA4sPZ9tXyQ3MA9d0UfrV+wivMIt9oOaTwVj0I+I5TnYHgD9un6OHxbYggnYAb+UlBWaNUVjwQiNf3gDRkD1ph8nbEgEUDlfg8ZiSoC0pUMcFK09zANDaU5X1gHWcQJtFHWI3JSdS0vJLWijpSxABtszsoH5ANsWTyl0xSCaAS+OHXJ9IvIiuARVQcOT57A1hpD5iBj5JTbK9oh+QG6FmtOK0u1uW/PsS6pqjR52fz0+YiDKSkWW1OegbH7RyE8RwJ0X3kEPl4G/VyY8nPsNEGqzOi7efj47Es9PX4jLlh70Jm0jszBWdO/64G5N1MbcnfMInWy8HO8r2VcJ/t3LenFCzQc0cXA+uSfp1hiA== + gssp_demo_gssp_2_sp_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_demo_gssp_2_sp_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_demo_gssp_2_metadata_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_demo_gssp_2_metadata_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_demo_gssp_2_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/demo_gssp_2/metadata' + gssp_demo_gssp_2_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/demo_gssp_2/single-sign-on' + gssp_demo_gssp_2_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_demo_gssp_2_logo: /images/demo-gssp.png gssp_demo_gssp_2_app_android_url: 'https://example.com/demo-gssp-2-android' gssp_demo_gssp_2_app_ios_url: 'https://example.com/demo-gssp-2-ios' @@ -111,13 +111,13 @@ parameters: gssp_demo_gssp_2_pop_failed: nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.' en_GB: 'Registration of your token failed. Please try again.' - gssp_tiqr_sp_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_tiqr_sp_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_tiqr_metadata_publickey: /src/Stepup-SelfService/app/files/sp_gssp.crt - gssp_tiqr_metadata_privatekey: /src/Stepup-SelfService/app/files/sp_gssp.key - gssp_tiqr_remote_entity_id: 'https://gateway.stepup.example.com/gssp/tiqr/metadata' - gssp_tiqr_remote_sso_url: 'https://gateway.stepup.example.com/gssp/tiqr/single-sign-on' - gssp_tiqr_remote_certificate: MIID5DCCAkwCCQC5XK3oVEwVcDANBgkqhkiG9w0BAQUFADA0MRkwFwYDVQQDDBBHYXRld2F5IFRpcXIgSWRQMRcwFQYDVQQKDA5EZXZlbG9wbWVudCBWTTAeFw0yMDEwMTkxMDAzMzFaFw0yNTEwMTgxMDAzMzFaMDQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAucLa2a41JqdnLni/Zrftr5o/ylNMazOYuwaQx3qvu36IAysLOq9eLORb1MGa/0UtnNpSiSxJdg6yJmiWOJrTEzPetlBXTfny3Jl5yOL5kaQ1GTSzYvjHMzVa7AwgQQhYa/Au0kHRCrCGfgYvAEgSLzATE6SMoyqka9b+JLfM7H051PG3G0YTIRC8w0dnjTI5ceYyfSr396UoxzDA+cym0wc3XWbwE4Dn8xAdeSBGXLFyueJydf5SJoThOYUwXEsrjKX1tGcQhOsqIgr3fO2h7lhae6hNbgzDWOGWJUUK2RgCkQH9nOOfMGC9g/a2ms46Lmi5BuTrGqVHprUWEWihxRIh+6/AOcjA1fSrA34Fb9k/ysvZFaP9j+pdmw485Mc/3Hgl8F6BEarhK3ZYoT6Bu6wYGDu04wvERBc1aFqsw8MqXkPRDW7U5LbYZ0E/n8nr2AbXxCzV8Keofpi51hvzu8klmBWakB/fNnafqejmsxtizG3yUp6oSW1GNUKeDDGFAgMBAAEwDQYJKoZIhvcNAQEFBQADggGBAKDbik0M7zdg4TcZ8KvRhksujf5k+YOH/qqNWrT3+4X/slhC4r1URJFoOEz5/PqkgremgFXsSvahyIAMnrL8xl32ra0RW/pED/6LYAAWkhuUWcL9vnsPV/OmgaULCmct1qxM+E/XRTO0MLORGDY4EUzWuRfA4sPZ9tXyQ3MA9d0UfrV+wivMIt9oOaTwVj0I+I5TnYHgD9un6OHxbYggnYAb+UlBWaNUVjwQiNf3gDRkD1ph8nbEgEUDlfg8ZiSoC0pUMcFK09zANDaU5X1gHWcQJtFHWI3JSdS0vJLWijpSxABtszsoH5ANsWTyl0xSCaAS+OHXJ9IvIiuARVQcOT57A1hpD5iBj5JTbK9oh+QG6FmtOK0u1uW/PsS6pqjR52fz0+YiDKSkWW1OegbH7RyE8RwJ0X3kEPl4G/VyY8nPsNEGqzOi7efj47Es9PX4jLlh70Jm0jszBWdO/64G5N1MbcnfMInWy8HO8r2VcJ/t3LenFCzQc0cXA+uSfp1hiA== + gssp_tiqr_sp_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_tiqr_sp_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_tiqr_metadata_publickey: /config/selfservice/selfservice_gssp_sp.crt + gssp_tiqr_metadata_privatekey: /config/selfservice/selfservice_gssp_sp.key + gssp_tiqr_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/tiqr/metadata' + gssp_tiqr_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/tiqr/single-sign-on' + gssp_tiqr_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_tiqr_loa: 3 gssp_tiqr_logo: /images/second-factor/tiqr.png gssp_tiqr_app_android_url: 'https://play.google.com/store/apps/details?id=org.tiqr.authenticator&hl=en' @@ -150,19 +150,19 @@ parameters: nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.' en_GB: 'Registration of your token failed. Please try again.' # GSSP Proxy SP used to authenticate to the Real GSSP IdP though GSSP IdP proxy in the gateway - gssp_demo_gssp_sp_publickey: '/src/Stepup-SelfService/app/files/sp_gssp.crt' - gssp_demo_gssp_sp_privatekey: '/src/Stepup-SelfService/app/files/sp_gssp.key' + gssp_demo_gssp_sp_publickey: '/config/selfservice/selfservice_gssp_sp.crt' + gssp_demo_gssp_sp_privatekey: '/config/selfservice/selfservice_gssp_sp.key' # Certificate used to sign metadata of the GSSP Proxy SP on the gateway - gssp_demo_gssp_metadata_publickey: '/src/Stepup-SelfService/app/files/sp_gssp.crt' - gssp_demo_gssp_metadata_privatekey: '/src/Stepup-SelfService/app/files/sp_gssp.key' + gssp_demo_gssp_metadata_publickey: '/config/selfservice/selfservice_gssp_sp.crt' + gssp_demo_gssp_metadata_privatekey: '/config/selfservice/selfservice_gssp_sp.key' # EntityID and SSO Location of the GSSP IdP Proxy on the Gateway - gssp_demo_gssp_remote_entity_id: 'https://gateway.stepup.example.com/gssp/demo_gssp/metadata' - gssp_demo_gssp_remote_sso_url: 'https://gateway.stepup.example.com/gssp/demo_gssp/single-sign-on' + gssp_demo_gssp_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/demo_gssp/metadata' + gssp_demo_gssp_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/demo_gssp/single-sign-on' # base64 without pem headers - gssp_demo_gssp_remote_certificate: 'MIID5DCCAkwCCQC5XK3oVEwVcDANBgkqhkiG9w0BAQUFADA0MRkwFwYDVQQDDBBHYXRld2F5IFRpcXIgSWRQMRcwFQYDVQQKDA5EZXZlbG9wbWVudCBWTTAeFw0yMDEwMTkxMDAzMzFaFw0yNTEwMTgxMDAzMzFaMDQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxFzAVBgNVBAoMDkRldmVsb3BtZW50IFZNMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAucLa2a41JqdnLni/Zrftr5o/ylNMazOYuwaQx3qvu36IAysLOq9eLORb1MGa/0UtnNpSiSxJdg6yJmiWOJrTEzPetlBXTfny3Jl5yOL5kaQ1GTSzYvjHMzVa7AwgQQhYa/Au0kHRCrCGfgYvAEgSLzATE6SMoyqka9b+JLfM7H051PG3G0YTIRC8w0dnjTI5ceYyfSr396UoxzDA+cym0wc3XWbwE4Dn8xAdeSBGXLFyueJydf5SJoThOYUwXEsrjKX1tGcQhOsqIgr3fO2h7lhae6hNbgzDWOGWJUUK2RgCkQH9nOOfMGC9g/a2ms46Lmi5BuTrGqVHprUWEWihxRIh+6/AOcjA1fSrA34Fb9k/ysvZFaP9j+pdmw485Mc/3Hgl8F6BEarhK3ZYoT6Bu6wYGDu04wvERBc1aFqsw8MqXkPRDW7U5LbYZ0E/n8nr2AbXxCzV8Keofpi51hvzu8klmBWakB/fNnafqejmsxtizG3yUp6oSW1GNUKeDDGFAgMBAAEwDQYJKoZIhvcNAQEFBQADggGBAKDbik0M7zdg4TcZ8KvRhksujf5k+YOH/qqNWrT3+4X/slhC4r1URJFoOEz5/PqkgremgFXsSvahyIAMnrL8xl32ra0RW/pED/6LYAAWkhuUWcL9vnsPV/OmgaULCmct1qxM+E/XRTO0MLORGDY4EUzWuRfA4sPZ9tXyQ3MA9d0UfrV+wivMIt9oOaTwVj0I+I5TnYHgD9un6OHxbYggnYAb+UlBWaNUVjwQiNf3gDRkD1ph8nbEgEUDlfg8ZiSoC0pUMcFK09zANDaU5X1gHWcQJtFHWI3JSdS0vJLWijpSxABtszsoH5ANsWTyl0xSCaAS+OHXJ9IvIiuARVQcOT57A1hpD5iBj5JTbK9oh+QG6FmtOK0u1uW/PsS6pqjR52fz0+YiDKSkWW1OegbH7RyE8RwJ0X3kEPl4G/VyY8nPsNEGqzOi7efj47Es9PX4jLlh70Jm0jszBWdO/64G5N1MbcnfMInWy8HO8r2VcJ/t3LenFCzQc0cXA+uSfp1hiA==' + gssp_demo_gssp_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' # GUI gssp_demo_gssp_logo: '/images/demo-gssp.png' @@ -197,41 +197,3 @@ parameters: gssp_demo_gssp_pop_failed: nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.' en_GB: 'Registration of your token failed. Please try again.' - - gssp_biometric_sp_publickey: /full/path/to/the/gateway-as-sp/public-key-file.cer - gssp_biometric_sp_privatekey: /full/path/to/the/gateway-as-sp/private-key-file.pem - gssp_biometric_metadata_publickey: /full/path/to/the/gateway-metadata/public-key-file.cer - gssp_biometric_metadata_privatekey: /full/path/to/the/gateway-as-sp/private-key-file.pem - gssp_biometric_remote_entity_id: 'https://actual-gssp.entity-id.tld' - gssp_biometric_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url' - gssp_biometric_remote_certificate: 'The contents of the certificate published by the gssp' - gssp_biometric_loa: 3 - gssp_biometric_logo: /images/second-factor/biometric.png - gssp_biometric_alt: - en_GB: 'Biometric device' - nl_NL: 'Biometrisch apparaat' - gssp_biometric_title: - en_GB: 'Biometric device' - nl_NL: 'Biometrisch apparaat' - gssp_biometric_description: - en_GB: 'Log in using a biometric device.' - nl_NL: 'Log in met een biometrisch apparaat.' - gssp_biometric_button_use: - en_GB: Select - nl_NL: Selecteer - gssp_biometric_initiate_title: - en_GB: 'Register a biometric device' - nl_NL: 'Registratie biometrisch apparaat' - gssp_biometric_initiate_button: - en_GB: 'Register biometric device' - nl_NL: 'Registreer biometrisch apparaat' - gssp_biometric_explanation: - en_GB: 'Click the button below to register a biometric device.' - nl_NL: 'Klik op de knop hieronder om je biometrisch apparaat te registreren.' - gssp_biometric_authn_failed: - en_GB: 'Registration of biometric device has failed. Please try again.' - nl_NL: 'Registratie biometrisch apparaat is mislukt. Probeer het nogmaals.' - gssp_biometric_pop_failed: - en_GB: 'Registration of your token failed. Please try again.' - nl_NL: 'De registratie van uw token is mislukt. Probeer het nogmaals.' - diff --git a/config/packages/prod/monolog.yaml.docker b/config/packages/prod/monolog.yaml.docker new file mode 100644 index 000000000..f87606f71 --- /dev/null +++ b/config/packages/prod/monolog.yaml.docker @@ -0,0 +1,12 @@ +monolog: + handlers: + prod-signaler: + type: fingers_crossed + action_level: ERROR + passthru_level: NOTICE # this means that all message of level NOTICE or higher are always logged + handler: main_syslog + bubble: false # if we handle it, nothing else should + main_syslog: + type: stream + path: "php://stderr" + formatter: surfnet_stepup.monolog.json_formatter diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev new file mode 100644 index 000000000..a8108a02d --- /dev/null +++ b/docker/Dockerfile.dev @@ -0,0 +1,10 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2-node14-composer2:latest + +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/apache2.conf /etc/apache2/sites-enabled/apache2.conf +EXPOSE 80 + +# Set the default workdir +WORKDIR /var/www/html + +CMD ["apache2-foreground"] diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod new file mode 100644 index 000000000..d542d72f4 --- /dev/null +++ b/docker/Dockerfile.prod @@ -0,0 +1,19 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build +COPY *.tar.bz2 /tmp/ +RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ + rm -rf /tmp/*.tar.bz2 + +# Add the application configuration files +COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml +COPY config/legacy/samlstepupproviders_parameters.yaml.dist config/legacy/samlstepupproviders_parameters.yaml +COPY config/packages/prod/monolog.yaml.docker config/packages/prod/monolog.yaml + +# Add the config files for Apache2 +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/apache2.conf /etc/apache2/sites-enabled/apache2.conf +RUN rm -rf /var/www/html/var/cache/prod && chown -R www-data /var/www/html/var + +# Set the default workdir +WORKDIR /var/www/html +EXPOSE 80 +ENTRYPOINT ["apache2-foreground"] diff --git a/docker/conf/apache2.conf b/docker/conf/apache2.conf new file mode 100644 index 000000000..089f5565e --- /dev/null +++ b/docker/conf/apache2.conf @@ -0,0 +1,34 @@ + + ServerName selfservice + ServerAdmin admin@dev.openconext.local + + DocumentRoot /var/www/html/public + + SetEnv HTTPS on + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + + + Require all granted + + Options -MultiViews + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ index.php [QSA,L] + + + Require all granted + + + Header always set X-Content-Type-Options "nosniff" + + # Set the php application handler so mod_php interpets the files + + SetHandler application/x-httpd-php + + + ExpiresActive on + ExpiresByType font/* "access plus 1 year" + ExpiresByType image/* "access plus 6 months" + ExpiresByType text/css "access plus 1 year" + ExpiresByType text/js "access plus 1 year" +