-
Notifications
You must be signed in to change notification settings - Fork 8
/
idp-binding-default.properties
128 lines (110 loc) · 5.84 KB
/
idp-binding-default.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server
# helm chart:
# db.dbuser.password
# keycloak.external.url
# keycloak.internal.host
# keycloak.internal.url
# keycloak.admin.password
# mosip.auth.client.secret (convention: <realm>.<keycloak client name>.secret)
# mosip.ida.client.secret
# mosip.admin.client.secret
# mosip.reg.client.secret
# mosip.prereg.client.secret
# softhsm.kernel.pin
# softhsm-security-pin
# email.smtp.host
# email.smtp.username
# email.smtp.secret
# mosip.kernel.tokenid.uin.salt
# mosip.kernel.tokenid.partnercode.salt
# mosip.api.internal.url
# mosip.api.public.url
# mosipbox.public.url
## -------------------------------------------- IdP Binding ------------------------------------------------------------
mosip.idp.binding.issuer-id=${mosipbox.public.url}${server.servlet.path}
mosip.idp.binding.public-key-expire-days=10
mosip.idp.binding.salt-length=16
mosip.idp.binding.send-binding-otp=SCOPE_send_binding_otp
mosip.idp.binding.wallet-binding=SCOPE_wallet_binding
mosip.idp.binding.systeminfo.get-certificate=SCOPE_get_certificate
mosip.idp.binding.auth-ignore-urls=${server.servlet.path}/validate-binding/**,${server.servlet.path}/actuator/**,/favicon.ico,\
/v1/notifier/actuator/prometheus,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\
${server.servlet.path}/v3/api-docs/**
spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs
mosip.idp.binding.validate-binding-url=${mosipbox.public.url}${server.servlet.path}/validate-binding
mosip.idp.binding.encrypt-binding-id=false
mosip.idp.binding.wrapper.impl=MockKeyBindingWrapperService
mosip.idp.authn.wrapper.validate-binding-url=${mosip.idp.binding.validate-binding-url}
mosip.idp.binding.key-expire-days=10
management.health.redis.enabled=false
##----------------------------------------- Database properties --------------------------------------------------------
mosip.idp.database.hostname=postgres-postgresql.postgres
mosip.idp.database.port=5432
spring.datasource.url=jdbc:postgresql://${mosip.idp.database.hostname}:${mosip.idp.database.port}/mosip_idpbinding?currentSchema=idpbinding
spring.datasource.username=idpbindinguser
spring.datasource.password=${db.dbuser.password}
spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect
spring.jpa.show-sql=false
spring.jpa.hibernate.ddl-auto=none
spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
#------------------------------------ Key-manager specific properties --------------------------------------------------
#Crypto asymmetric algorithm name
mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
#Crypto symmetric algorithm name
mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding
#Keygenerator asymmetric algorithm name
mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA
#Keygenerator symmetric algorithm name
mosip.kernel.keygenerator.symmetric-algorithm-name=AES
#Asymmetric algorithm key length
mosip.kernel.keygenerator.asymmetric-key-length=2048
#Symmetric algorithm key length
mosip.kernel.keygenerator.symmetric-key-length=256
#Encrypted data and encrypted symmetric key separator
mosip.kernel.data-key-splitter=#KEY_SPLITTER#
#GCM tag length
mosip.kernel.crypto.gcm-tag-length=128
#Hash algo name
mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512
#Symmtric key length used in hash
mosip.kernel.crypto.hash-symmetric-key-length=256
#No of iterations in hash
mosip.kernel.crypto.hash-iteration=100000
#Sign algo name
mosip.kernel.crypto.sign-algorithm-name=RS256
#Certificate Sign algo name
mosip.kernel.certificate.sign.algorithm=SHA256withRSA
#mosip.kernel.keymanager.hsm.config-path=local.p12
#mosip.kernel.keymanager.hsm.keystore-type=PKCS12
#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin}
#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE
mosip.kernel.keymanager.hsm.keystore-type=PKCS11
# For PKCS11 provide Path of config file.
# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name.
# For Offline & JCE property can be left blank, specified value will be ignored.
mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf
# Passkey of keystore for PKCS11, PKCS12
# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties.
mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin}
mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
mosip.kernel.keymanager.certificate.default.organization=IITB
mosip.kernel.keymanager.certificate.default.location=BANGALORE
mosip.kernel.keymanager.certificate.default.state=KA
mosip.kernel.keymanager.certificate.default.country=IN
mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io
mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP
mosip.kernel.keymanager.softhsm.certificate.organization=IITB
mosip.kernel.keymanager.softhsm.certificate.country=IN
# Application Id for PMS master key.
mosip.kernel.partner.sign.masterkey.application.id=PMS
mosip.kernel.partner.allowed.domains=DEVICE
mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate
mosip.kernel.keymanager.jwtsign.validate.json=false
mosip.keymanager.dao.enabled=false
crypto.PrependThumbprint.enable=true