From 2e9bf520f67642375e5d0c476c4d0ebdf5d1186a Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 19 Jun 2023 15:35:21 +0200 Subject: [PATCH 1/8] Add docker configs and rebuild the .dist files to reflect the new docker based development environment --- config/legacy/parameters.yaml.dist | 38 +++--- .../samlstepupproviders_parameters.yaml.dist | 122 +++++++----------- docker/Dockerfile.prod | 18 +++ docker/conf/apache2.conf | 34 +++++ 4 files changed, 120 insertions(+), 92 deletions(-) create mode 100644 docker/Dockerfile.prod create mode 100644 docker/conf/apache2.conf diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index 638f0068..dce12917 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -15,41 +15,39 @@ parameters: debug_redirects: false use_assetic_controller: true - gateway_api_url: https://gateway.tld/ + gateway_api_url: https://gateway.dev.openconext.local/ gateway_api_username: ra - gateway_api_password: ra + gateway_api_password: ra_secret middleware_credentials_username: ra - middleware_credentials_password: ra - middleware_url_command_api: https://middleware.tld/command - middleware_url_api: https://middleware.tld/ + middleware_credentials_password: ra_secret + middleware_url_command_api: https://middleware.dev.openconext.local/command + middleware_url_api: https://middleware.dev.openconext.local/ sms_originator: SURFStepup sms_otp_expiry_interval: 900 # 15 minutes sms_maximum_otp_requests: 10 - saml_sp_publickey: - saml_sp_privatekey: - saml_metadata_publickey: - saml_metadata_privatekey: - saml_remote_idp_entity_id: - saml_remote_idp_sso_url: - saml_remote_idp_certificate: 'FOR CI ONLY, REPLACE WITH ACTUAL VALUE' - loa_required_for_login: 'https://gateway.tld/authentication/loa3' + saml_sp_publickey: /config/ra/ra_saml_sp.crt + saml_sp_privatekey: /config/ra/ra_saml_sp.key + saml_metadata_publickey: /config/ra/ra_saml_sp.crt + saml_metadata_privatekey: /config/ra/ra_saml_sp.key + saml_remote_idp_entity_id: https://gateway.dev.openconext.local/authentication/metadata + saml_remote_idp_sso_url: https://gateway.dev.openconext.local/authentication/single-sign-on + saml_remote_idp_certificate: 'MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEUMBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIxNTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3dpiyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/VelUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOuVtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2yPWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWRDZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2VorMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56mS2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqfBFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nxSQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmzEiSroEg=' + loa_required_for_login: 'https://dev.openconext.local/authentication/loa3' enabled_second_factors: - sms - yubikey enabled_generic_second_factors: - biometric: - loa: 3 tiqr: loa: 3 asset_version: 1 - stepup_loa_loa1: https://gateway.tld/authentication/loa1 - stepup_loa_loa2: https://gateway.tld/authentication/loa2 - stepup_loa_loa3: https://gateway.tld/authentication/loa3 - stepup_loa_self_asserted: 'http://stepup.example.com/assurance/loa-self-asserted' + stepup_loa_loa1: https://dev.openconext.local/authentication/loa1 + stepup_loa_loa2: https://dev.openconext.local/authentication/loa2 + stepup_loa_loa3: https://dev.openconext.local/authentication/loa3 + stepup_loa_self_asserted: 'https://dev.openconext.local/assurance/loa-self-asserted' logout_redirect_url: nl_NL: https://www.surf.nl/over-surf/werkmaatschappijen/surfnet @@ -57,7 +55,7 @@ parameters: session_max_absolute_lifetime: 28800 # 8 hours * 60 minutes * 60 seconds session_max_relative_lifetime: 1800 # 30 minutes * 60 seconds - self_service_url: 'https://selfservice.tld/' + self_service_url: 'https://selfservice.dev.openconext.local/' # Date format defaults for Twig date functions date_format: 'Y-m-d H:i P' diff --git a/config/legacy/samlstepupproviders_parameters.yaml.dist b/config/legacy/samlstepupproviders_parameters.yaml.dist index b2684956..829fb434 100644 --- a/config/legacy/samlstepupproviders_parameters.yaml.dist +++ b/config/legacy/samlstepupproviders_parameters.yaml.dist @@ -1,11 +1,11 @@ parameters: - gssp_tiqr_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer' - gssp_tiqr_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_tiqr_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer' - gssp_tiqr_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_tiqr_remote_entity_id: 'https://actual-gssp.entity-id.tld' - gssp_tiqr_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url' - gssp_tiqr_remote_certificate: 'The contents of the certificate published by the gssp' + gssp_tiqr_sp_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_tiqr_sp_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_tiqr_metadata_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_tiqr_metadata_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_tiqr_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/tiqr/metadata' + gssp_tiqr_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/tiqr/single-sign-on' + gssp_tiqr_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_tiqr_title: en_GB: 'Tiqr' nl_NL: 'Tiqr' @@ -21,13 +21,13 @@ parameters: gssp_tiqr_gssf_id_mismatch: en_GB: "The Tiqr server responded with an ID that doesn't match the requested ID the registrant registered with using the Self-Service application." nl_NL: 'De Tiqr-server heeft een ID teruggegeven dat niet overeenkomt met het gevraagde ID, dat de registrant heeft geregistreerd in de Self-Service-applicatie.' - gssp_azuremfa_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer' - gssp_azuremfa_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_azuremfa_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer' - gssp_azuremfa_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_azuremfa_remote_entity_id: 'https://actual-gssp.entity-id.tld' - gssp_azuremfa_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url' - gssp_azuremfa_remote_certificate: 'The contents of the certificate published by the gssp' + gssp_azuremfa_sp_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_azuremfa_sp_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_azuremfa_metadata_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_azuremfa_metadata_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_azuremfa_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/azuremfa/metadata' + gssp_azuremfa_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/azuremfa/single-sign-on' + gssp_azuremfa_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_azuremfa_title: en_GB: 'AzureMFA' nl_NL: 'AzureMFA' @@ -43,13 +43,13 @@ parameters: gssp_azuremfa_gssf_id_mismatch: en_GB: "The institutions ADFS responded with an ID that doesn't match the requested ID the registrant registered with using the Self-Service application." nl_NL: 'De ADFS van de instelling heeft een ID teruggegeven dat niet overeenkomt met het gevraagde ID, dat de registrant heeft geregistreerd in de Self-Service-applicatie.' - gssp_webauthn_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer' - gssp_webauthn_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_webauthn_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer' - gssp_webauthn_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_webauthn_remote_entity_id: 'https://actual-gssp.entity-id.tld' - gssp_webauthn_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url' - gssp_webauthn_remote_certificate: 'The contents of the certificate published by the gssp' + gssp_webauthn_sp_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_webauthn_sp_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_webauthn_metadata_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_webauthn_metadata_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_webauthn_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/webauthn/metadata' + gssp_webauthn_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/webauthn/single-sign-on' + gssp_webauthn_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_webauthn_title: en_GB: 'Webauthn' nl_NL: 'Webauthn' @@ -65,57 +65,13 @@ parameters: gssp_webauthn_gssf_id_mismatch: en_GB: "The Webauthn server responded with an ID that doesn't match the requested ID the registrant registered with using the Self-Service application." nl_NL: 'De Webauthn-server heeft een ID teruggegeven dat niet overeenkomt met het gevraagde ID, dat de registrant heeft geregistreerd in de Self-Service-applicatie.' - gssp_biometric_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer' - gssp_biometric_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_biometric_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer' - gssp_biometric_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_biometric_remote_entity_id: 'https://actual-gssp.entity-id.tld' - gssp_biometric_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url' - gssp_biometric_remote_certificate: 'The contents of the certificate published by the gssp' - gssp_biometric_title: - en_GB: 'Biometric' - nl_NL: 'Biometrisch' - gssp_biometric_page_title: - en_GB: 'EN ra.vetting.gssf.initiate.biometric.title.page' - nl_NL: 'NL ra.vetting.gssf.initiate.biometric.title.page' - gssp_biometric_explanation: - en_GB: 'EN ra.vetting.gssf.initiate.biometric.text.explanation' - nl_NL: 'NL ra.vetting.gssf.initiate.biometric.text.explanation' - gssp_biometric_initiate: - en_GB: 'EN ra.vetting.gssf.initiate.biometric.button.initiate' - nl_NL: 'NL ra.vetting.gssf.initiate.biometric.button.initiate' - gssp_biometric_gssf_id_mismatch: - en_GB: 'EN ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch' - nl_NL: 'NL ra.vetting.gssf.initiate.biometric.error.gssf_id_mismatch' - gssp_demo_gssp_2_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer' - gssp_demo_gssp_2_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_demo_gssp_2_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer' - gssp_demo_gssp_2_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_demo_gssp_2_remote_entity_id: 'https://actual-gssp.entity-id.tld' - gssp_demo_gssp_2_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url' - gssp_demo_gssp_2_remote_certificate: 'The contents of the certificate published by the gssp' - gssp_demo_gssp_2_title: - en_GB: 'demo_gssp_2' - nl_NL: 'demo_gssp_2' - gssp_demo_gssp_2_page_title: - en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.title.page' - nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.title.page' - gssp_demo_gssp_2_explanation: - en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.text.explanation' - nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.text.explanation' - gssp_demo_gssp_2_initiate: - en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.button.initiate' - nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.button.initiate' - gssp_demo_gssp_2_gssf_id_mismatch: - en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.error.gssf_id_mismatch' - nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.error.gssf_id_mismatch' - gssp_demo_gssp_sp_publickey: '/full/path/to/the/gateway-as-sp/public-key-file.cer' - gssp_demo_gssp_sp_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_demo_gssp_metadata_publickey: '/full/path/to/the/gateway-metadata/public-key-file.cer' - gssp_demo_gssp_metadata_privatekey: '/full/path/to/the/gateway-as-sp/private-key-file.pem' - gssp_demo_gssp_remote_entity_id: 'https://actual-gssp.entity-id.tld' - gssp_demo_gssp_remote_sso_url: 'https://actual-gssp.entity-id.tld/single-sign-on/url' - gssp_demo_gssp_remote_certificate: 'The contents of the certificate published by the gssp' + gssp_demo_gssp_sp_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_demo_gssp_sp_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_demo_gssp_metadata_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_demo_gssp_metadata_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_demo_gssp_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/demo_gssp/metadata' + gssp_demo_gssp_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/demo_gssp/single-sign-on' + gssp_demo_gssp_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' gssp_demo_gssp_title: en_GB: 'demo_gssp' nl_NL: 'demo_gssp' @@ -131,3 +87,25 @@ parameters: gssp_demo_gssp_gssf_id_mismatch: en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp.error.gssf_id_mismatch' nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp.error.gssf_id_mismatch' + gssp_demo_gssp_2_sp_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_demo_gssp_2_sp_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_demo_gssp_2_metadata_publickey: '/config/ra/ra_gssp_sp.crt' + gssp_demo_gssp_2_metadata_privatekey: '/config/ra/ra_gssp_sp.key' + gssp_demo_gssp_2_remote_entity_id: 'https://gateway.dev.openconext.local/gssp/demo_gssp_2/metadata' + gssp_demo_gssp_2_remote_sso_url: 'https://gateway.dev.openconext.local/gssp/demo_gssp_2/single-sign-on' + gssp_demo_gssp_2_remote_certificate: 'MIIEDzCCAncCFCr9IG/lVOUCCSyMnD2Y+p1fqXEpMA0GCSqGSIb3DQEBCwUAMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDAeFw0yMzA1MjUwOTMzMTlaFw0yODA1MjMwOTMzMTlaMEQxGTAXBgNVBAMMEEdhdGV3YXkgVGlxciBJZFAxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKH20RosgtFT3WpCUnVSvdudJDzkSdAv8g16DPIU83g396SjxY7rrJHjLmf/RUChkUpCpV/7iCFhxuOi51sVRWZqdVYOjtAkK2it9CrSPdxx5u8XoDscX26DqC8Ii1RdO66GB0ErdtFcAxDdtzrUdLEJXF8vumEqNFBMmfJ9qZwJeOS9rnpYXHztRBtBANOYyJI5Qexr5I1Tmh8Jdg1h+VCosXBzk+iSAeQNzodnklIyJrlpJWh+FqR+LPK7cltkslX2eut/21uNBuKT5tcI+Uu9badWZWOHBxiaDI1B1eGHfcvG251DV5TvxQhClOrCZUea+ifTa18SMnuCO+8Da3lz7Oh+aNGPBT+Q+ynEr3LR36D+e0ZkzEtQ0aneS/JwHH9mgTGWVKxwbV81fVs6J7RQJtyfmbqkjQYXAad3uBQswMnHnQvHlFsh1Jd80BOM9ptNtNqIkXBcO9BzxAE2KXvSCglLISEj3o3L5N9XSYrnv3cPwxK1CddRR8CSm3S/PwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAciF351BTUE/1XbjXLAZXVUeC6Ss6X5RptK0J9XBqIdYhcHRDws5CjHVkFS11PGtFK8OW+bYWzyygi8d3uGZWq3S7LkK5Eck0O8KHNUf3fnJNN0G3WSZkG95ch/2cy76WVCwYdVZhwGx2sB08N9M2QectrW1rU1VnqkAlzpicBgBtNLwDvvWUj0/h/mG8ExL44ecesPkzhPsBT6en/C8v5zbgYlJmJekBwWJzRDZenhLQZSxiOKxy0VOVpeypeCRleJdrF/m37TevtXfZu5efYl4a4E4qEO03eSU0YJVz/1HIRJ0ojOiKc6pB0aDUbcdbwi5rs5VRAOrTorBwqQAAgsvYSMGC2KVA9YLGDwpwAUqGYn0lFTcDtZkE0NDqXkiExcXPVce1QrKC/sqP0T0z30x71k3cYY4gNRLr8yA1Zu0o3IhvRsw3QiqAS4w5+wb668a+nPqAND1vgljn3L7SE9V7GTHbjwkfYAW6EJwVIA4gGsarZBHiDHloDrvv9QtY=' + gssp_demo_gssp_2_title: + en_GB: 'demo_gssp_2' + nl_NL: 'demo_gssp_2' + gssp_demo_gssp_2_page_title: + en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.title.page' + nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.title.page' + gssp_demo_gssp_2_explanation: + en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.text.explanation' + nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.text.explanation' + gssp_demo_gssp_2_initiate: + en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.button.initiate' + nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.button.initiate' + gssp_demo_gssp_2_gssf_id_mismatch: + en_GB: 'EN ra.vetting.gssf.initiate.demo_gssp_2.error.gssf_id_mismatch' + nl_NL: 'NL ra.vetting.gssf.initiate.demo_gssp_2.error.gssf_id_mismatch' diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod new file mode 100644 index 00000000..5bd24a31 --- /dev/null +++ b/docker/Dockerfile.prod @@ -0,0 +1,18 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2:latest AS php-build +COPY *.tar.bz2 /tmp/ +RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ + rm -rf /tmp/*.tar.bz2 + +# Add the application configuration files +COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml +COPY config/legacy/samlstepupproviders_parameters.yaml.dist config/legacy/samlstepupproviders_parameters.yaml + +# Add the config files for Apache2 +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/apache2.conf /etc/apache2/sites-enabled/apache2.conf +RUN rm -rf /var/www/html/var/cache/prod && chown -R www-data /var/www/html/var + +# Set the default workdir +WORKDIR /var/www/html + +CMD ["apache2-foreground"] diff --git a/docker/conf/apache2.conf b/docker/conf/apache2.conf new file mode 100644 index 00000000..6aeb625b --- /dev/null +++ b/docker/conf/apache2.conf @@ -0,0 +1,34 @@ + + ServerName ra + ServerAdmin admin@dev.openconext.local + + DocumentRoot /var/www/html/public + + SetEnv HTTPS on + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + + + Require all granted + + Options -MultiViews + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ index.php [QSA,L] + + + Require all granted + + + Header always set X-Content-Type-Options "nosniff" + + # Set the php application handler so mod_php interpets the files + + SetHandler application/x-httpd-php + + + ExpiresActive on + ExpiresByType font/* "access plus 1 year" + ExpiresByType image/* "access plus 6 months" + ExpiresByType text/css "access plus 1 year" + ExpiresByType text/js "access plus 1 year" + From 4b46699ef8045bd5aec337ded4e7226a44fd0846 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 15:35:06 +0300 Subject: [PATCH 2/8] Configuring the github actions pipelines for this app --- .github/workflows/build-push-docker-image.yml | 58 +++++++++++++++++++ .github/workflows/tag-release.yml | 8 +++ 2 files changed, 66 insertions(+) create mode 100644 .github/workflows/build-push-docker-image.yml diff --git a/.github/workflows/build-push-docker-image.yml b/.github/workflows/build-push-docker-image.yml new file mode 100644 index 00000000..08b89aeb --- /dev/null +++ b/.github/workflows/build-push-docker-image.yml @@ -0,0 +1,58 @@ +name: build-push-docker-image + +#on: workflow_dispatch +on: + push: + branches: feature/docker_configs + workflow_dispatch: + +jobs: + build-push-docker-image: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Get the latest release + id: release + uses: robinraju/release-downloader@v1.7 + with: + latest: true + fileName: "*.tar.bz2" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push the Production image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.prod + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-ra/stepup-ra:prod + ghcr.io/openconext/stepup-ra/stepup-ra:${{ github.sha }} + ghcr.io/openconext/stepup-ra/stepup-ra:${{ steps.release.outputs.tag_name }} + + - name: Build and push the Development image + uses: docker/build-push-action@v4 + with: + context: . + file: docker/Dockerfile.dev + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ghcr.io/openconext/stepup-ra/stepup-ra:dev diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index db32f2b5..5bf83626 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -62,3 +62,11 @@ jobs: with: release_id: ${{ steps.create_release.outputs.id }} + after_build: + needs: build + runs-on: ubuntu-latest + steps: + - name: Trigger Docker container build + uses: benc-uk/workflow-dispatch@v1 + with: + workflow: build-push-docker-image.yml From cd646f4fcf8225511ed5420dfd858a8add525d15 Mon Sep 17 00:00:00 2001 From: Dan Date: Tue, 20 Jun 2023 15:37:26 +0300 Subject: [PATCH 3/8] Adding the dev image and fixing up some naming conventions --- docker/Dockerfile.dev | 10 ++++++++++ docker/Dockerfile.prod | 2 +- docker/conf/{apache2.conf => ra-apache2.conf} | 0 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 docker/Dockerfile.dev rename docker/conf/{apache2.conf => ra-apache2.conf} (100%) diff --git a/docker/Dockerfile.dev b/docker/Dockerfile.dev new file mode 100644 index 00000000..48dcb2dd --- /dev/null +++ b/docker/Dockerfile.dev @@ -0,0 +1,10 @@ +FROM ghcr.io/openconext/openconext-basecontainers/php72-apache2-node14-composer2:latest + +RUN rm -rf /etc/apache2/sites-enabled/* +COPY ./docker/conf/ra-apache2.conf /etc/apache2/sites-enabled/ra.conf +EXPOSE 80 + +# Set the default workdir +WORKDIR /var/www/html + +CMD ["apache2-foreground"] diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 5bd24a31..baf3ec6a 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -9,7 +9,7 @@ COPY config/legacy/samlstepupproviders_parameters.yaml.dist config/legacy/samlst # Add the config files for Apache2 RUN rm -rf /etc/apache2/sites-enabled/* -COPY ./docker/conf/apache2.conf /etc/apache2/sites-enabled/apache2.conf +COPY ./docker/conf/ra-apache2.conf /etc/apache2/sites-enabled/ra.conf RUN rm -rf /var/www/html/var/cache/prod && chown -R www-data /var/www/html/var # Set the default workdir diff --git a/docker/conf/apache2.conf b/docker/conf/ra-apache2.conf similarity index 100% rename from docker/conf/apache2.conf rename to docker/conf/ra-apache2.conf From 8c2eeb4c2cf7831bf3a9c6e3bad84ea716287a1e Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Fri, 14 Jul 2023 10:32:13 +0200 Subject: [PATCH 4/8] Default docker config: Add mailcatcher host --- config/legacy/parameters.yaml.dist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index dce12917..fcaa83f7 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -2,7 +2,7 @@ parameters: trusted_proxies: ~ mailer_transport: smtp - mailer_host: 127.0.0.1 + mailer_host: mailcatcher mailer_user: ~ mailer_password: ~ From 9e6ae713959c9ebec1d86f1261935d23f9549093 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Fri, 14 Jul 2023 13:45:20 +0200 Subject: [PATCH 5/8] Docker config: Make sure all second factors are the same --- config/legacy/parameters.yaml.dist | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index fcaa83f7..2a26a7e8 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -39,9 +39,20 @@ parameters: enabled_second_factors: - sms - yubikey + - tiqr + - demo_gssp + - webauthn + - azuremfa enabled_generic_second_factors: - tiqr: - loa: 3 + azuremfa: + loa: 2 + tiqr: + loa: 2 + webauthn: + loa: 3 + demo_gssp: + loa: 3 + asset_version: 1 stepup_loa_loa1: https://dev.openconext.local/authentication/loa1 From fed2a943276de9a96abc31943c377a7dff9252ae Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Fri, 14 Jul 2023 14:56:01 +0200 Subject: [PATCH 6/8] Docker config: Add correct loa1.5 --- config/legacy/parameters.yaml.dist | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index 2a26a7e8..d1be76e1 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -58,7 +58,7 @@ parameters: stepup_loa_loa1: https://dev.openconext.local/authentication/loa1 stepup_loa_loa2: https://dev.openconext.local/authentication/loa2 stepup_loa_loa3: https://dev.openconext.local/authentication/loa3 - stepup_loa_self_asserted: 'https://dev.openconext.local/assurance/loa-self-asserted' + stepup_loa_self_asserted: 'https://dev.openconext.local/assurance/loa1.5' logout_redirect_url: nl_NL: https://www.surf.nl/over-surf/werkmaatschappijen/surfnet From d8081431d59cf3ae334cdcb6a1de15fdf15e3713 Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Mon, 21 Aug 2023 15:54:29 +0200 Subject: [PATCH 7/8] Docker: Add monolog configuration when running as a container This will let the logs go to stdout when running as a container, which is the Docker way to send logs --- config/packages/prod/monolog.yaml.docker | 13 +++++++++++++ docker/Dockerfile.prod | 2 ++ 2 files changed, 15 insertions(+) create mode 100644 config/packages/prod/monolog.yaml.docker diff --git a/config/packages/prod/monolog.yaml.docker b/config/packages/prod/monolog.yaml.docker new file mode 100644 index 00000000..3928853e --- /dev/null +++ b/config/packages/prod/monolog.yaml.docker @@ -0,0 +1,13 @@ +monolog: + handlers: + prod-signaler: + type: fingers_crossed + action_level: ERROR + passthru_level: NOTICE # this means that all message of level NOTICE or higher are always logged + handler: main_syslog + bubble: false # if we handle it, nothing else should + main_syslog: + type: stream + path: "php://stderr" + formatter: surfnet_stepup.monolog.json_formatter + diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index baf3ec6a..d0283ced 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -6,6 +6,8 @@ RUN tar -xvjf /tmp/*.tar.bz2 -C /var/www/html/ && \ # Add the application configuration files COPY config/legacy/parameters.yaml.dist config/legacy/parameters.yaml COPY config/legacy/samlstepupproviders_parameters.yaml.dist config/legacy/samlstepupproviders_parameters.yaml +COPY config/packages/prod/monolog.yaml.docker config/packages/prod/monolog.yaml + # Add the config files for Apache2 RUN rm -rf /etc/apache2/sites-enabled/* From 66298e0644d847a0684c7c8eeed0404f4d31354b Mon Sep 17 00:00:00 2001 From: Bart Geesink Date: Wed, 6 Sep 2023 13:41:23 +0200 Subject: [PATCH 8/8] Rename loa's to a more standard name --- config/legacy/parameters.yaml.dist | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/legacy/parameters.yaml.dist b/config/legacy/parameters.yaml.dist index d1be76e1..36419875 100644 --- a/config/legacy/parameters.yaml.dist +++ b/config/legacy/parameters.yaml.dist @@ -35,7 +35,7 @@ parameters: saml_remote_idp_entity_id: https://gateway.dev.openconext.local/authentication/metadata saml_remote_idp_sso_url: https://gateway.dev.openconext.local/authentication/single-sign-on saml_remote_idp_certificate: 'MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEUMBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIxNTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwHVXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3dpiyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/VelUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOuVtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2yPWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWRDZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2VorMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56mS2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqfBFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nxSQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmzEiSroEg=' - loa_required_for_login: 'https://dev.openconext.local/authentication/loa3' + loa_required_for_login: 'http://dev.openconext.local/assurance/loa3' enabled_second_factors: - sms - yubikey @@ -55,10 +55,10 @@ parameters: asset_version: 1 - stepup_loa_loa1: https://dev.openconext.local/authentication/loa1 - stepup_loa_loa2: https://dev.openconext.local/authentication/loa2 - stepup_loa_loa3: https://dev.openconext.local/authentication/loa3 - stepup_loa_self_asserted: 'https://dev.openconext.local/assurance/loa1.5' + stepup_loa_loa1: http://dev.openconext.local/assurance/loa1 + stepup_loa_loa2: http://dev.openconext.local/assurance/loa2 + stepup_loa_loa3: http://dev.openconext.local/assurance/loa3 + stepup_loa_self_asserted: 'http://dev.openconext.local/assurance/loa1.5' logout_redirect_url: nl_NL: https://www.surf.nl/over-surf/werkmaatschappijen/surfnet