diff --git a/documentation/ADR_Creation_of_HTTP-based_API.pdf b/documentation/ADR_Creation_of_HTTP-based_API.pdf deleted file mode 100644 index 1b845d0c821b2b956d6d01d18757f79cfa9611e2..0000000000000000000000000000000000000000 Binary files a/documentation/ADR_Creation_of_HTTP-based_API.pdf and /dev/null differ diff --git a/documentation/Architectural_draft_Virus_Scanning.pdf b/documentation/Architectural_draft_Virus_Scanning.pdf deleted file mode 100644 index cc9c7fe1a7b1f93aaa382f2d1d51871c940ab8b0..0000000000000000000000000000000000000000 Binary files a/documentation/Architectural_draft_Virus_Scanning.pdf and /dev/null differ diff --git a/documentation/BayernIdLogin.md b/documentation/BayernIdLogin.md index 59ca4f478be0291489eeb4adb113d8b1b59cf5f7..80cac4769e74dba62516019cc180676cb4a63603 100644 --- a/documentation/BayernIdLogin.md +++ b/documentation/BayernIdLogin.md @@ -144,4 +144,24 @@ bezahlt werden. ## Implementierung Es wird das Spring Framework verwendet, um den Login zu implementieren. -Siehe [SAML 2.0 Login Overview](https://docs.spring.io/spring-security/reference/servlet/saml2/login/overview.html) \ No newline at end of file +Siehe [SAML 2.0 Login Overview](https://docs.spring.io/spring-security/reference/servlet/saml2/login/overview.html) + +## Keycloak als Broker zwischen BayernID und OAuth + +Da der Antragsraum Client die SPA-Anwendung in React ist, würde es Sinn machen OpenId als Authentifizierung zu +verwenden. +Keycloak ist in der Lage als SAML IDPs wie BayerId zu verwenden uns als Broker zwischen SAML und OpenId zu +funktionieren. + +Aber da bei BayerId in der Authentifizierungsrequest angegeben werden muss welche Information man vom BayernId Portal +erhalten möchte, muss im Keycloak ein Plugin installiert werden, das diese Anfrage macht. + +Es gibt ein solches Plugin +hier [landeshauptstadt-muenchen/bayernid-plugin](https://gitlab.opencode.de/landeshauptstadt-muenchen/bayernid-plugin) + +Zum Zeitpunkt der Evaluierung war das Plugin aber nicht kompatibel zum verwendeten Keycloak. + +Um das Plugin zu verwenden, müsste auch eine Anpassung an der Loginseite des passenden Realm im Keycloak gemacht werden. + + + diff --git "a/documentation/Beitrittserkl\303\244rung_Testbetrieb_v1.2.pdf" "b/documentation/Beitrittserkl\303\244rung_Testbetrieb_v1.2.pdf" deleted file mode 100644 index 2708992a0bf246c966d65427043778503239b125..0000000000000000000000000000000000000000 Binary files "a/documentation/Beitrittserkl\303\244rung_Testbetrieb_v1.2.pdf" and /dev/null differ diff --git a/documentation/KeycloakSetup.md b/documentation/KeycloakSetup.md index 2897a967b96cb0d884f42a1d1fe871fdc7c9fad2..02688cc69e78fcb2707beaaf537b9c3bed3df708 100644 --- a/documentation/KeycloakSetup.md +++ b/documentation/KeycloakSetup.md @@ -112,12 +112,14 @@ Anschließend den "Import" Button drücken. ### Users -| login | Password | Trustlevel | Postfachhandle | BayernId User | -|------------|----------|-------------------|--------------------------------------|-----------------------------------------------------| -| test | test | STORK-QAA-Level-1 | 5fcff5a2-f18e-47c7-9547-fb29970e7134 | ozg-kop | -| testLevel1 | Y9nk43yrQ_zzIPpfFU-I | STORK-QAA-Level-1 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | -| testLevel2 | Y9nk43yrQ_zzIPpfFU-I | STORK-QAA-Level-2 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | -| testLevel3 | Y9nk43yrQ_zzIPpfFU-I | STORK-QAA-Level-3 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | -| testLevel4 | Y9nk43yrQ_zzIPpfFU-I | STORK-QAA-Level-4 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | -| ohl | Y9nk43yrQ_zzIPpfFU-I | STORK-QAA-Level-3 | 8456e4d4-87fe-4351-951d-8c77b19b5d04 | Zertifikat(xOCA0002_elsterOrg_08.05.2024_16.48.pfx) | -| ohllevel1 | Y9nk43yrQ_zzIPpfFU-I | STORK-QAA-Level-1 | 8456e4d4-87fe-4351-951d-8c77b19b5d04 | bitherstone | +| login | Trustlevel | Postfachhandle | BayernId User | +|------------|-------------------|--------------------------------------|-----------------------------------------------------| +| test | STORK-QAA-Level-1 | 5fcff5a2-f18e-47c7-9547-fb29970e7134 | ozg-kop | +| testLevel1 | STORK-QAA-Level-1 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | +| testLevel2 | STORK-QAA-Level-2 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | +| testLevel3 | STORK-QAA-Level-3 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | +| testLevel4 | STORK-QAA-Level-4 | 28721c6f-b78f-4d5c-a048-19fd2fc429d2 | | +| ohl | STORK-QAA-Level-3 | 8456e4d4-87fe-4351-951d-8c77b19b5d04 | Zertifikat(xOCA0002_elsterOrg_08.05.2024_16.48.pfx) | +| ohllevel1 | STORK-QAA-Level-1 | 8456e4d4-87fe-4351-951d-8c77b19b5d04 | bitherstone | + +Die Passwörter sind im Keycloak hinterlegt. diff --git a/documentation/ozg-antragsraum-bayernid.pdf b/documentation/ozg-antragsraum-bayernid.pdf deleted file mode 100644 index 786ca8bc942a23c2c51ca96f5610c8052d2d50ba..0000000000000000000000000000000000000000 Binary files a/documentation/ozg-antragsraum-bayernid.pdf and /dev/null differ diff --git a/documentation/ozg-antragsraum-technische-dokumentation.pdf b/documentation/ozg-antragsraum-technische-dokumentation.pdf deleted file mode 100644 index fcbb7a7ba7f262d11bccba49d27992641d988337..0000000000000000000000000000000000000000 Binary files a/documentation/ozg-antragsraum-technische-dokumentation.pdf and /dev/null differ diff --git a/documentation/ozg-antragsraum.pdf b/documentation/ozg-antragsraum.pdf deleted file mode 100644 index 5cfa923845c0735c1d5bc52a429914b40d8e6159..0000000000000000000000000000000000000000 Binary files a/documentation/ozg-antragsraum.pdf and /dev/null differ diff --git a/documentation/ozg-application-room-dev-saml-metadata.xml b/documentation/ozg-application-room-dev-saml-metadata.xml deleted file mode 100644 index 1e9cbc33ebebb919dfd61e87c9c31083d9233d9b..0000000000000000000000000000000000000000 --- a/documentation/ozg-application-room-dev-saml-metadata.xml +++ /dev/null @@ -1,96 +0,0 @@ -<md:EntityDescriptor entityID="https://antragsraum.ozgcloud.de/" - xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" - xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > - <md:SPSSODescriptor AuthnRequestsSigned="true" - WantAssertionsSigned="true" - protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <md:Extensions> - <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> - <mdui:DisplayName xml:lang="de">Antragsraum</mdui:DisplayName> - <mdui:Description xml:lang="de">Die Anwendung Antragsraum ermöglicht es den Bürgern auf Anfragen von Behörden zu antworten.</mdui:Description> - <mdui:InformationURL xml:lang="de">https://dev.antragsraum.de/imprint</mdui:InformationURL> - <mdui:PrivacyStatementURL xml:lang="de">https://dev.antragsraum.de/privacy-policy</mdui:PrivacyStatementURL> - </mdui:UIInfo> - </md:Extensions> - <md:KeyDescriptor use="signing"> - <ds:KeyInfo> - <ds:X509Data> - <ds:X509Certificate> - MIIEGzCCAwOgAwIBAgIUPBZDVDRuGt0H15FLy5JUzcDlmn4wDQYJKoZIhvcNAQEL - BQAwgZwxCzAJBgNVBAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcx - EjAQBgNVBAcMCVN0dXR0Z2FydDEhMB8GA1UECgwYbWdtIHRlY2hub2xvZ2llIHBh - cnRuZXJzMRIwEAYDVQQLDAlvemctY2xvdWQxJTAjBgkqhkiG9w0BCQEWFmplbnMu - cmVlc2VAZ21nbS10cC5jb20wHhcNMjQwMzIwMDc0NzE0WhcNMjUwMzIwMDc0NzE0 - WjCBnDELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzES - MBAGA1UEBwwJU3R1dHRnYXJ0MSEwHwYDVQQKDBhtZ20gdGVjaG5vbG9naWUgcGFy - dG5lcnMxEjAQBgNVBAsMCW96Zy1jbG91ZDElMCMGCSqGSIb3DQEJARYWamVucy5y - ZWVzZUBnbWdtLXRwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB - AKIZTQQ9CLos2JZ8Vmx2dIicsWlf6P5Br1IRf4i/CrekiiQGJaXnm0lMaL0mJ2ON - pyPxyctYtuxn0G8sdtLTGWC7fsCR4noe08wr0ufphkjXq24l/LPzdY1RM2n3PAml - VTmVg975T3joIU2xHHDFOAmDTDVUYBaCe984AnJgFQM4SO1hsPYLD5Y4otLiChAe - JRrqxLWc/49oxGkezgiOYo3qJ0y+m2okM//R5qcDxAAH2InyA1L7EX8gb7/bFN96 - xCXwhj1U7vW8ltFlFeCpU/gvXLPkSq/298EXiJZSqRTXXr0QQOyo6r0UH4FqFeBk - wXs8CTfaAqMEsCRuf6YVY8sCAwEAAaNTMFEwHQYDVR0OBBYEFOqZxTtPv4lPYnch - tvCAmzU7JuguMB8GA1UdIwQYMBaAFOqZxTtPv4lPYnchtvCAmzU7JuguMA8GA1Ud - EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACT/DASqepWxL2VCgbDS2v1G - L/utCUUgybKvOA393vRq2NLgGxeb58U3KBeiv2MFhHHy0TEmK50inPFL1aB6HEwZ - 10zi74WgRY/G+lfPUtORiAvm6dbQn+jhRFuJkHohb7VJuGwI9Q4EqeDY6tINOgHu - vuUrIyADWva/DF1rvVT7rgustKiPRRaOFNJMqhBb+458CfwrYWpUvbWDtTKpInmL - 7wmzEPIoebYlLD4EDPZ8sDLPbP2hQM4geuPorBybGjTDYWsXU3zCZNv2PLnmp61F - dcuDpnS9e+ZRVFVDJpmL9mWrsh7iJ+P9A7x3MQP4gRXe4yBMaGw1ExIjhEfkMac= - </ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </md:KeyDescriptor> - <md:KeyDescriptor use="encryption"> - <ds:KeyInfo> - <ds:X509Data> - <ds:X509Certificate> - MIIEGzCCAwOgAwIBAgIUWPZFfhB4+iI3XdjUTMqhhDkljGgwDQYJKoZIhvcNAQEL - BQAwgZwxCzAJBgNVBAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcx - EjAQBgNVBAcMCVN0dXR0Z2FydDEhMB8GA1UECgwYbWdtIHRlY2hub2xvZ2llIHBh - cnRuZXJzMRIwEAYDVQQLDAlvemctY2xvdWQxJTAjBgkqhkiG9w0BCQEWFmplbnMu - cmVlc2VAZ21nbS10cC5jb20wHhcNMjQwMzIwMDc0MDA5WhcNMjUwMzIwMDc0MDA5 - WjCBnDELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzES - MBAGA1UEBwwJU3R1dHRnYXJ0MSEwHwYDVQQKDBhtZ20gdGVjaG5vbG9naWUgcGFy - dG5lcnMxEjAQBgNVBAsMCW96Zy1jbG91ZDElMCMGCSqGSIb3DQEJARYWamVucy5y - ZWVzZUBnbWdtLXRwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB - ANogQ1D22S1V53sAch82/LvbbqjMUQWCNOAyUEzrbEW0SqJ3ED+93ZL0rTwstiAj - XQzPydKmo6keHlexm4f3EfBgJzUG6Y0O8BL/GG02n2ZaXZa3rtbY1y7CSBgICUGe - 9QPmHADUqTkzXwUVuKf6Ie1uyEbqLTr5T5PGOcESsQxVFkHG6/i2H7QhoeLDAWw5 - 2ENwDRigM/mDaMliI5TWmM4T8DxKLZ7FUiQGDt/7vpQdBs+vit2ndaoQvQbpraBd - /KVsbB3epXXFFX/y37+/lHMYtkCnPvHQljYjBz1hH6zcf1VcJLrmSElXHK74HLl5 - D/xYpUCCQX8EU0YIbPULejMCAwEAAaNTMFEwHQYDVR0OBBYEFFfqF7V0PscLpeAx - Vj3ADkWSftbnMB8GA1UdIwQYMBaAFFfqF7V0PscLpeAxVj3ADkWSftbnMA8GA1Ud - EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAK70r5o4oLPu5JXJmKWnI7CD - wjZR0XQX8x1+tWtqT/v6Trz4p6SGxdPzA+Z9dKl5TrHWn0Jue79NCTQO1fgn/L5Q - ZblOCxFhe+yvgeqyMPRHtlF1RicMn+yPwS3QKON0INmsch64IVXJZgJms0d7HRcF - GAn644FdxZH9IX39eqs1Y7l1Ac++4O9uSiB6N+js2ZTOI+KDrvVhKblE+0ehx3bM - +hqsXpRE6iq9wD1wAGiMxMTetG1kI0PMgDiDXTfG3ZkvpYtTyU2Mkl+F9FFWhwGI - LrLKJeLZRRpwkDvWNUpER5UveXJvY8TKV8HZDhEzWB3IAjRYufHnP5MHLgMZmXk= - </ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </md:KeyDescriptor> - <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> - <md:AssertionConsumerService - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - Location="https://dev.antragsraum.de/login/saml2/sso/bayernid" index="1"/> - <md:AssertionConsumerService - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="https://dev.antragsraum.de/login/saml2/sso/bayernid" index="2"/> - </md:SPSSODescriptor> - <md:Organization> - <md:OrganizationName xml:lang="de-DE">mgm technology partners GmbH</md:OrganizationName> - <md:OrganizationDisplayName xml:lang="de-DE">mgm technology partners GmbH</md:OrganizationDisplayName> - <md:OrganizationURL xml:lang="de-DE">https://www.mgm-tp.com/</md:OrganizationURL> - </md:Organization> - <md:ContactPerson contactType="technical"> - <md:GivenName>technischer Ansprechpartner</md:GivenName> - <md:EmailAddress>jens.reese@mgm-tp.com</md:EmailAddress> - </md:ContactPerson> - <md:ContactPerson contactType="support"> - <md:GivenName>Ansprechpartner für die Fachanwendung</md:GivenName> - <md:EmailAddress>ozg-cloud-admin3@mgm-tp.com</md:EmailAddress> - </md:ContactPerson> -</md:EntityDescriptor> diff --git a/documentation/ozg-application-room-saml-metadata-template.xml b/documentation/ozg-application-room-saml-metadata-template.xml deleted file mode 100644 index 6d3251ab18971fbb14112e41e7bd3895308634e0..0000000000000000000000000000000000000000 --- a/documentation/ozg-application-room-saml-metadata-template.xml +++ /dev/null @@ -1,53 +0,0 @@ -<md:EntityDescriptor entityID="https://antragsraum.ozgcloud.de/" - xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" - xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > - <md:SPSSODescriptor AuthnRequestsSigned="true" - WantAssertionsSigned="true" - protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> - <md:KeyDescriptor use="signing"> - <ds:KeyInfo> - <ds:X509Data> - <ds:X509Certificate> -<!-- signing certificate here --> - </ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </md:KeyDescriptor> - <md:KeyDescriptor use="encryption"> - <ds:KeyInfo> - <ds:X509Data> - <ds:X509Certificate> -<!-- encryption certificate here --> - </ds:X509Certificate> - </ds:X509Data> - </ds:KeyInfo> - </md:KeyDescriptor> - <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> - <md:AssertionConsumerService - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - Location="public address of antragsraum spring saml sso login" index="1"/> - <md:AssertionConsumerService - Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="public address of antragsraum spring saml sso login" index="2"/> - </md:SPSSODescriptor> - <md:Organization> - <md:OrganizationName xml:lang="de-DE">mgm technology partners GmbH</md:OrganizationName> - <md:OrganizationDisplayName xml:lang="de-DE">mgm technology partners GmbH</md:OrganizationDisplayName> - <md:OrganizationURL xml:lang="de-DE">https://www.mgm-tp.com/</md:OrganizationURL> - </md:Organization> - <md:ContactPerson contactType="technical"> - <md:GivenName>technischer Ansprechpartner</md:GivenName> - <md:EmailAddress>ansprechpartner</md:EmailAddress> - </md:ContactPerson> - <md:ContactPerson contactType="support"> - <md:GivenName>Ansprechpartner für die Fachanwendung</md:GivenName> - <md:EmailAddress>ozg-cloud-admin3@mgm-tp.com</md:EmailAddress> - </md:ContactPerson> - <md:Extensions> - <mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"> - <mdui:DisplayName xml:lang="de">Antragsraum</mdui:DisplayName> - <mdui:InformationURL xml:lang="de">https://dev.antragsraum.de/imprint</mdui:InformationURL> - <mdui:PrivacyStatementURL xml:lang="de">https://dev.antragsraum.de/privacy-policy</mdui:PrivacyStatementURL> - </mdui:UIInfo> - </md:Extensions> -</md:EntityDescriptor>