Merge branch 'feature/end-user-doc' into develop

.gitignore

-*.jar
 target/
 packer/
 *Jenkinsfile*
@@ -12,7 +11,10 @@ packer/
 
 # built stuff
 */_build
-docker/ssa/dist/*
+*.jar
+*.war*
+*.tgz
+
 
 #netbeans
 */**/nbactions.xml
@@ -22,4 +24,4 @@ docker/ssa/dist/*
 .classpath
 .settings
 */**/.settings
-/bin/
+*/**/workspace

create_client_delivery.sh

+#!/bin/bash
+#
+# script to build and pack the project as archive for delivery to client
+#
+# tobias.assmann@ecsec.de
+
+PCK_DIR=for-client-delivery
+TRG_DIR=eid-server
+TRG_ARC=eid-server.tgz
+
+echo "checking java version ..."
+command -v java 2>&1 >> /dev/null || { echo "no java found"; exit 1;}
+java -version 2>&1 | awk -F '"' '/version/ {print $2}' | grep -q 1.8 || { echo "java version is not 1.8"; exit 1;}
+
+echo "build the whole project ..."
+mvn clean install || { echo "maven build failed. please check!"; exit 1; }
+
+echo "copy builded stuff to $PCK_DIR/$TRG_DIR ..."
+cp configuration-wizard/target/configuration-wizard-1.2.0-SNAPSHOT.jar $PCK_DIR/$TRG_DIR/poseidas-configuration-wizard.jar
+cp docker/sam/sam-1.2.0-SNAPSHOT-thorntail.jar $PCK_DIR/$TRG_DIR/sam/sam-1.2.0-SNAPSHOT-thorntail.jar
+cp docker/ssa/dist/ssa-server.war $PCK_DIR/$TRG_DIR/ssa/dist/ssa-server.war
+
+echo "archiving $PCK_DIR/$TRG_DIR to $PCK_DIR/$TRG_ARC ..."
+cd $PCK_DIR
+test -f $TRG_ARC && rm $TRG_ARC
+tar -cvzf $TRG_ARC $TRG_DIR
+cd ..
+
+echo "done"
+
+exit 0

docker/deploy-to_stage.sh

-#!/bin/bash
-# deployment script for reqesidta
-# michael rauh, tobias assmann
-
-echo "fix setup first!"
-exit 1
-
-# setup env
-ENV=stage
-USER=tobias
-HOST=localhost
-DIR=/home/tobias/Projects/reqesidta/deploy
-
-# Synchronize this directory with the target on $HOST.
-# Exclude the dev files and rename the corresponding files on the server.
-rsync -av --delete --progress \
-	--exclude 'docker-compose.yml' \
-	--exclude 'poseidas/config/POSeIDAS.xml' \
-	--exclude 'poseidas/db/poseidas.mv.db' \
-	--exclude 'sam/config/ssa-server.conf' \
-	--exclude 'deploy-to_*' \
-	--exclude '*.dodeploy' \
-	--exclude '*.dodeploy' \
-	./ $USER@$HOST:$DIR
-
-ssh $USER@$HOST "mv $DIR/docker-compose_$ENV.yml $DIR/docker-compose.yml"
-ssh $USER@$HOST "mv $DIR/poseidas/config/POSeIDAS_stage.xml $DIR/poseidas/config/POSeIDAS.xml"
-ssh $USER@$HOST "mv $DIR/poseidas/db/poseidas_stage.mv.db $DIR/poseidas/db/poseidas.mv.db"
-ssh $USER@$HOST "mv $DIR/ssa/config/ssa-server_$ENV.yml $DIR/ssa/config/ssa-server.conf"
-
-# Restart / re-build the services
-ssh $USER@$HOST "cd $DIR/ && docker-compose up -d --build"

docker/deploy-to_vserver-001.sh

@@ -14,6 +14,7 @@ rsync -av --delete --progress \
 ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/docker-compose_vserver-001.yml /home/reqesidta/docker/docker-compose.yml"
 ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/poseidas/config/POSeIDAS_vserver-001.xml /home/reqesidta/docker/poseidas/config/POSeIDAS.xml"
 ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/poseidas/db/poseidas_vserver-001.mv.db /home/reqesidta/docker/poseidas/db/poseidas.mv.db"
+ssh reqesidta@vserver-001.ecsec.de "mv /home/reqesidta/docker/ssa/config/ssa-server_vserver-001.conf /home/reqesidta/docker/ssa/config/ssa-server.conf"
 
 # Restart / re-build the services
 ssh reqesidta@vserver-001.ecsec.de "cd /home/reqesidta/docker && docker-compose up -d --build"

docker/docker-compose_vserver-001.yml

@@ -107,15 +107,14 @@ services:
         aliases:
           - sam.docker.reqesidta.de
   
-    webui:
+  webui:
     image: "reqesidta/webui"
     container_name: "reqesidta_web-ui"
     labels:
       - "traefik.enable=true"
       - "traefik.http.services.webui.loadbalancer.server.port=80"
       - "traefik.http.routers.webui.rule=PathPrefix(`/`)"
-      - "traefik.http.routers.webui.entrypoints=web-secure"
-      - "traefik.http.routers.webui.tls=true"
+      - "traefik.http.routers.webui.entrypoints=web"
     build:
       context: ./web-ui
     ports:

docker/facade/traefik-dyn.yml

@@ -2,8 +2,3 @@ tls:
   certificates:
     - certFile: /certs/docker.reqesidta.de.cert
       keyFile: /certs/docker.reqesidta.de.key
-  # stores:
-  #   default:
-  #     defaultCertificate:
-  #       certFile: /certs/docker.reqesidta.de.cert
-  #       keyFile: /certs/docker.reqesidta.de.key

docker/ssa/config/ssa-server.conf

 ssa-config {
-	sessionMaxAge: 60,
-	sessionCheckAgeInterval: 30,
+	sessionMaxAge: 600,
+	sessionCheckAgeInterval: 340,
 	baseUrl: "https://docker.reqesidta.de/ssa-server"
 	eidUrl: "http://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
 	samUrl: "http://sam.docker.reqesidta.de:8080"

docker/ssa/dist/ssa-server.war.deployed

-ssa-server.war
\ No newline at end of file

docker/web-ui/www-data/reqesidta.js

@@ -51,7 +51,7 @@ dpz.on("processing", function(fileAdded) {
       // console.log("got response from client-signer ... ");
       // got it
       if(req.status == 200) {
-        console.log("success giving it back ... ");
+        //console.log("success giving it back ... ");
         var fileSigned = new Blob([req.response], {type: CONTENT_TYPE});
         var signedFileName = FILE_NAME_PREFIX+origFileName;
          // IE10+

for-client-delivery/eid-server/deploy.sh

+#!/bin/bash
+#
+# deployment script for reqesidta eid-server project
+# tobias.assmann@ecsec.de
+#
+# This file acts as a template for creating a deploy script
+# for a specific target environment. Please setup the env vars
+# accourding to your needs:
+#
+# the user on the target host used to copy the files there and run the project
+USER=TARGET_USER
+# the target host of the deployment
+HOST=TARGET_HOST
+# the directory on the target host where to put the project
+DIR=TARGET_DIR
+#
+#######################################################################################
+
+echo "check for correct replacement ..."
+! grep TARGET_ ./docker-compose.yml || { echo >&2 "Found text to be replaced in docker-compose.yml. Aborting."; exit 1; }
+! grep TARGET_ ./ssa/config/ssa-server.conf || { echo >&2 "Found text to be replaced in ssa-server.conf. Aborting."; exit 1; }
+! test $HOST = "TARGET_HOST" || { echo >&2 "Found text TARGET_HOST to be replaced in deploy.sh. Aborting."; exit 1; }
+! test $USER = "TARGET_USER" || { echo >&2 "Found text TARGET_USER to be replaced in deploy.sh. Aborting."; exit 1; }
+! test $DIR = "TARGET_DIR" || { echo >&2 "Found text TARGET_DIR be replaced in deploy.sh. Aborting."; exit 1; }
+
+echo "check target environment ..."
+ssh $USER@$HOST "cd $DIR >/dev/null 2>&1" || { echo >&2 "Could not reach $DIR as user $USER on $HOST Aborting."; exit 1; }
+
+echo "check for needed commands ..."
+command -v rsync >/dev/null 2>&1 || { echo >&2 "rsync is needed on localhost but it's not installed. Aborting."; exit 1; }
+command -v ssh >/dev/null 2>&1 || { echo >&2 "ssh is needed on localhost but it's not installed. Aborting."; exit 1; }
+ssh $USER@$HOST "command -v docker >/dev/null 2>&1" || { echo >&2 "docker is needed on $HOST but it's not installed. Aborting."; exit 1; }
+ssh $USER@$HOST "command -v docker-compose >/dev/null 2>&1" || { echo >&2 "docker is needed on $HOST but it's not installed. Aborting."; exit 1; }
+
+echo "copy files to server ..."
+rsync -av --delete --progress \
+	--exclude 'deploy.sh' \
+	--exclude 'poseidas-configuration-wizard.jar' \
+	--exclude 'readme.md' \
+	./ $USER@$HOST:$DIR
+
+echo "Build and start services on server ..."
+ssh $USER@$HOST "cd $DIR/ && docker-compose up -d --build"
+echo $?
+
+echo "Deployment done, please wait until all services are fully running without heavy load and then proceed with EJBCA key setup."
+
+exit 0

docker/docker-compose_stage.yml → for-client-delivery/eid-server/docker-compose.yml

@@ -2,23 +2,21 @@ version: "3.4"
 
 services:
   facade:
-    image: "reqesidta/facade"
+    image: "traefik:v2.0"
     container_name: "reqesidta_facade"
     labels:
       - "traefik.enable=true"
-    build:
-      context: ./facade
     command:
       --providers.docker=true
       --providers.docker.exposedbydefault=false
       --entryPoints.web.address=:80
-      --log.level=debug
+      --log.level=error
+    # change value to the port your reverse proxy is forwarding to
     ports:
-      - "80:80"
+      - "TARGET_PORT:80"
     networks:
       - reqesidta_net
     volumes:
-      # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
 
   poseidas:
@@ -33,8 +31,6 @@ services:
       context: ./poseidas
       args:
         JAR_FILE: POSeIDAS-exec.jar
-    # ports:
-    #   - "127.0.0.1:8443:8443"
     networks:
       reqesidta_net:
         aliases:
@@ -49,8 +45,6 @@ services:
     build:
       context: ./ejbca
     hostname: localhost:8444
-    # ports:
-    #   - "127.0.0.1:8444:8443"
     depends_on:
       - postgres
     environment:
@@ -85,10 +79,6 @@ services:
       - poseidas
       - ejbca
     command: /opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0
-    # ports:
-    #   - "127.0.0.1:28080:8080"
-    # volumes:
-    #   - ./ssa/dist:/opt/jboss/wildfly/standalone/deployments/:rw
     networks:
       reqesidta_net:
         aliases:
@@ -99,13 +89,26 @@ services:
     container_name: "reqesidta_sam"
     build:
       context: ./sam
-    # ports:
-    #   - "127.0.0.1:38080:8080"
     networks:
       reqesidta_net:
         aliases:
           - sam.docker.reqesidta.de
 
+  webui:
+    image: "reqesidta/webui"
+    container_name: "reqesidta_webui"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.webui.loadbalancer.server.port=80"
+      - "traefik.http.routers.webui.rule=PathPrefix(`/`)"
+      - "traefik.http.routers.webui.entrypoints=web"
+    build:
+      context: ./webui
+    networks:
+      reqesidta_net:
+        aliases:
+          - webui.docker.reqesidta.de
+
 networks:
   reqesidta_net:
     driver: bridge

for-client-delivery/eid-server/ejbca/Dockerfile

+FROM primekey/ejbca-ce:6.15.2.1
+
+# Add a shell script to configure EJBCA.
+COPY ejbca-config.sh /usr/local/bin/
+
+USER root
+
+# Replace the Organisation string with a custom one to better differentiate it
+# from productions certs.
+RUN sed -i "s/EJBCA Container Quickstart/EJBCA Docker dev certificate/g" \
+  /opt/primekey/bin/internal/after-deployed-app-create-certificate.sh
+
+RUN chown 10001:10001 /usr/local/bin/ejbca-config.sh
+RUN chmod 755 /usr/local/bin/ejbca-config.sh
+
+USER 10001

for-client-delivery/eid-server/ejbca/ejbca-config.sh

+#!/bin/sh
+
+cd /opt/primekey/bin/ || exit
+
+# Use the existing CA (see comment below)
+CA=ManagementCA
+ALIAS=ecsecCMP
+CN=sam.docker.reqesidta.de
+PW=testtest
+
+# Create a CMP config
+./ejbca.sh config cmp addalias $ALIAS
+
+./ejbca.sh config cmp updatealias $ALIAS --key operationmode --value ra
+
+./ejbca.sh config cmp updatealias $ALIAS --key authenticationmodule --value EndEntityCertificate
+./ejbca.sh config cmp updatealias $ALIAS --key authenticationparameters --value $CA
+
+./ejbca.sh config cmp updatealias $ALIAS --key allowraverifypopo --value true
+
+./ejbca.sh config cmp updatealias $ALIAS --key ra.caname --value $CA
+./ejbca.sh config cmp updatealias $ALIAS --key defaultca --value $CA
+
+# Make script idempotent by always deleting the user first
+./ejbca.sh ra delendentity -force --username $CN
+
+# Add end entity for the server key pair
+./ejbca.sh ra addendentity --username $CN --password $PW \
+  --dn "CN=$CN" --caname $CA --type 1 --token P12
+
+# Add entity to admin role
+./ejbca.sh roles addrolemember --role "Super Administrator Role" --caname $CA \
+  --with "CertificateAuthenticationToken:WITH_COMMONNAME" --value $CN
+
+# Enable batch mode
+./ejbca.sh ra setclearpwd $CN $PW
+
+# Create p12 file (saved in p12 subfolder)
+./ejbca.sh batch
+
+# Various (currently) unused commands:
+
+# Create a new CA. As you can't set auto-activation to true here, you will have
+# to do this manually or create custom cryptotokens (see below).
+# ./ejbca.sh ca init \
+	# --caname $CA \
+	# --dn "C=DE,O=ecsec GmbH,CN=ecsec Docker Root CA" \
+	# --tokenType soft \
+	# --tokenPass ecsecCATokenPass \
+	# --keytype ECDSA \
+	# --keyspec secp256r1 \
+	# -s SHA256withECDSA \
+	# -v 3650 \
+	# --policy null
+
+# ./ejbca.sh cryptotoken create --autoactivate true --pin 1234 --token $TOKEN --type SoftCryptoToken
+# ./ejbca.sh cryptotoken generatekey --alias signKey --keyspec secp256r1 --token $TOKEN
+# ./ejbca.sh cryptotoken generatekey --alias encryptKey --keyspec 2048 --token $TOKEN
+# ./ejbca.sh ca changecatoken --caname $CA --cryptotoken $TOKEN --execute
+# ./ejbca.sh ca activateca $CA --code ecsecCATokenPass
+# ./ejbca.sh ca changecatokensignalg --caname $CA --sigalg SHA256withECDSA

for-client-delivery/eid-server/poseidas/Dockerfile

+FROM governikus/zulu-openjdk:8u212
+
+RUN mkdir -p /opt/poseidas
+
+ENV JAVA_OPTS=""
+
+EXPOSE 8443
+
+WORKDIR /opt/poseidas
+
+ARG JAR_FILE
+ADD ${JAR_FILE} POSeIDAS-exec.jar
+
+ENTRYPOINT exec java $JAVA_OPTS -jar /opt/poseidas/POSeIDAS-exec.jar $0 $@
+

docker/poseidas/config/POSeIDAS_stage.xml → for-client-delivery/eid-server/poseidas/config/POSeIDAS.xml

 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <CoreConfiguration xmlns="http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig">
-  <ServerUrl>https://reqesidta.openecard.org/POSeIDAS/eidas-middleware</ServerUrl>
+  <ServerUrl>https://docker.reqesidta.de/POSeIDAS/eidas-middleware</ServerUrl>
   <sessionManagerUsesDatabase>true</sessionManagerUsesDatabase>
   <sessionMaxPendingRequests>500</sessionMaxPendingRequests>
   <TimerConfiguration>
@@ -10,14 +10,13 @@
   </TimerConfiguration>
   <ServiceProvider entityID="providerA" enabled="true">
     <EPAConnectorConfiguration updateCVC="false">
-      <!-- refID of the devDB from 001-->
       <CVCRefID>ecsec</CVCRefID>
       <PkiConnectorConfiguration>
         <!-- At least the certificates for blacklist, master and defectList have to be EC -->
         <blackListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</blackListTrustAnchor>
         <masterListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</masterListTrustAnchor>
         <defectListTrustAnchor>MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==</defectListTrustAnchor>
-        <policyImplementationId>govDvca</policyImplementationId>
+        <policyImplementationId>govDvca</policyImplementationId><!-- user 'budru' for Bundesdruckerei -->
         <sslKeys id="default">
           <serverCertificate>MIIEiDCCA3CgAwIBAgIDJlN5MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA0MTAyNDI3WhcNMjMwNDA0MTAyNDI3WjBTMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXAxLmQtdHJ1c3QubmV0MQ8wDQYDVQQIEwZCZXJsaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXQ4WEJtKZZUIRmplenLmNVlLg2cJMVZ0xT/FsUrUWk/JXH2C4LAxlsnx/tv9rxKYXZUi2oVhz43jEPiMsXZxVUo4n8mpH6I1vqvxiwR8rgxtsPiTOf+iUeVLYIXp24WLGXV80hWy+WSOL7rFO+TgQHoFv2MU7tzvmdnLeeTUJxfpU1Ac1JYkvq0jcU8LXVoRKfC+v8VMQ8zfmGu1ZnYOGyUyWcSjNRkXjchGMNc4ADDBTFIRBUCthjb9RuVc4HV3Cm6XholZGzxAIG8O3ybmWMdxyav/wcadnLumcgD7r5qE5KH0yIo3RaO6HAN5f/W9Vzr9JjCHGAh1PWogL/SddAgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU6ejGLsU+zo1cc+1gRpXM/H/i8HUwFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgWgMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCkszC7hGOQIekspM6l5KPDzKMEWmjQjTJ4BnlejcVNQxUZR8KPZa0bB1yeEcVPTcmi6LQQOlHMYvVfo6tZ2SoXQ9Sbo5uh9TaDTcohcmwCBasy5Wrgaq1AqxgKG4Pgd92pHBCm1uMekBVqA8j+HOSk7ig0+fTx2vtttI6rTK2fk5Z9QOqOirh6pBh2sSah1txfjWUVVTM/LZrTmPuyfBRrGOqCb5H/wrEffxgcxoCNcd3kIm11n67GoBDagBrhOl8sL2Dj2hNET+WlrQCZitJmB91fBrucZdIndWfzf0ShWhWZnNKqKUuRuX6vHq4G8/xyK9v3VP5S4JQpO/haodxI</serverCertificate>
           <clientCertificate>MIICqDCCAZCgAwIBAgIEWrTFLjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtkdmNhX2NsaWVudDAeFw0xODAzMjMwOTEzMThaFw0yODAzMjMwOTEzMThaMBYxFDASBgNVBAMMC2R2Y2FfY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5fB2RlgtG7cS225RTz6FixoSGKKdESdZTaGM2/fgYAYlXRa3SR8rhxLq5sbZmCjmXU5aPe9yOO9Qavx8YC5kTi1gIc4b+zVU2/Vr/XZGwjloUU3bqVCgIWhaqc3EvkznaSsv3YbBSeS9QlXDJkGVT+qp9RA4g2X47auAD2k6XRprgXXoubimGfIpswssIbPgEWPw2UbBnuhCFRHD0Yg1Y2oLTwK9Z1IaNp+7dvgt8Pskfs9alPB24x+0fiBc5BXUzKSCLGweITGkQKhTOXCmZDO67aEbCdlcpmCQJuZpS++AliFMgr12axBM225uf4wvmtCyxI9jP1HdzTus8+1twIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQByup3Q2+oHAefbkEW2R3mOc3E7wl3VqRBniN6hJ0kdzVYsbIsnf15O+moh6Yr5iBdKj7JGyKwVR9HOihdyGv8g3LuId9weiaHl/It0z5g5VFKdVJ0ziYpGFmbx5x2ikJDL+oAYvjqIJhIEtsYkDGtnWtUIp+Kq4hffg/z/1GTMVpXCWw//vnE7m0ps8QiwSNTA+iFHvrQMLIU/Vz1B0xzKvrcbb8JYPKYJsQlMYYBEsB1QUZM134ThctnsCOj9Zxbycwi1z5XnlqaQLGXut1juciXtm5TD5vP5FlBiaMEOlC/ngxDVAYbs3ln6K+JrQtd2Lp2rJN6HK3hBM3VmZwGS</clientCertificate>
@@ -36,7 +35,7 @@
           <url>https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service</url>
         </dvcaCertDescriptionService>
       </PkiConnectorConfiguration>
-      <PaosReceiverURL>https://reqesidta.openecard.org/POSeIDAS/eidas-middleware/paosreceiver</PaosReceiverURL>
+      <PaosReceiverURL>https://docker.reqesidta.de/POSeIDAS/eidas-middleware/paosreceiver</PaosReceiverURL>
       <hoursRefreshCVCBeforeExpires>48</hoursRefreshCVCBeforeExpires>
     </EPAConnectorConfiguration>
   </ServiceProvider>

for-client-delivery/eid-server/poseidas/config/application.properties

+# Server settings
+server.port = 8443
+server.ssl.enabled = false
+
+poseidas.admin.username = admin
+# Password: testtest
+poseidas.admin.hashed.password = $2a$10$CZGhlm6QkqHlDEX89cYtyuGKSx2iftevULiP.gvWETYH7riFIzHSG
+
+# Datasource
+spring.datasource.url=jdbc:h2:file:/opt/poseidas/database/poseidas;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
+
+#user/password of the database
+spring.datasource.username = admin
+spring.datasource.password = testtest
+
+spring.datasource.driver-class-name = org.h2.Driver
+spring.jpa.database-platform = org.hibernate.dialect.H2Dialect
+# Hibernate ddl auto (create, create-drop, update): with "update" the database
+# schema will be automatically updated accordingly to java entities found in
+# the project
+spring.jpa.hibernate.ddl-auto = update
+spring.jpa.hibernate.naming.implicit-strategy = org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl
+spring.jpa.hibernate.naming.physical-strategy = org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+
+# Show or not log for each sql query
+spring.jpa.show-sql = true
+
+logging.level.org.springframework = DEBUG
+logging.level.de.governikus.eumw = DEBUG