From 2e245c3c57db59d02ae12a521e3e31f958f02ed6 Mon Sep 17 00:00:00 2001
From: Robert Butora <robert.butora@inaf.it>
Date: Fri, 25 Oct 2024 16:56:20 +0200
Subject: [PATCH] removes remnants of security-tokens from docker build (leaves
possible incomplete TLS support)
---
docker/Makefile | 30 ++----------------
docker/example-compose.yaml | 2 +-
docker/example-security/README.tex | 23 +++-----------
.../example-security/garrtoken/keystore.jks | Bin 2696 -> 0 bytes
.../garrtoken/neatoken.properties | 10 ------
...onnector-8443.xml-self-signed-keystore-jks | 11 -------
.../example-security/ia2token/auth.properties | 10 ------
.../ia2token/authpolicy.properties | 7 ----
...onnector-8443.xml-SECTIGO-vlkb.ia2.inaf.it | 11 -------
.../iamtoken/iamtoken.properties | 13 --------
docker/example-security/iamtoken/keystore.jks | Bin 2696 -> 0 bytes
...onnector-8443.xml-self-signed-keystore-jks | 11 -------
12 files changed, 8 insertions(+), 120 deletions(-)
delete mode 100644 docker/example-security/garrtoken/keystore.jks
delete mode 100644 docker/example-security/garrtoken/neatoken.properties
delete mode 100644 docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks
delete mode 100644 docker/example-security/ia2token/auth.properties
delete mode 100644 docker/example-security/ia2token/authpolicy.properties
delete mode 100644 docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
delete mode 100644 docker/example-security/iamtoken/iamtoken.properties
delete mode 100644 docker/example-security/iamtoken/keystore.jks
delete mode 100644 docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
diff --git a/docker/Makefile b/docker/Makefile
index b2200b1..252a8d5 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -28,7 +28,8 @@ download:
ast-9.2.9.tar.gz:
wget https://github.com/Starlink/ast/files/8843897/ast-9.2.9.tar.gz
-.PHONY: warlink
+
+.PHONY: fetchwar
fetchwar:
cp ../data-discovery/target/vlkb-siav2-$(VERSION).war .
@@ -36,39 +37,14 @@ fetchwar:
build: fetchwar
docker build --build-arg VLKB_VERSION=$(VERSION) -t siav2 -f Dockerfile .
+
# the docker-login below needed a ca-cert(?) which in the middle of the certificate-chain,
# but was not automatically downloaded and also local cert/ket pair(?) ->
# -> see: /etc/docker/certs.d/git.ia2.ianf.it:5050/*
#
# docker login git.ia2.inaf.it:5050 (robert.butora C-tol szokasos-hossu)
-# to download: use image: ... in compose.yaml or
-# docker run ... git.ia2.inaf.it:5050/butora/vlkb-datasets/vlkb
-
publish-locally-siav2:
docker tag siav2 git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)
docker push git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)
docker image rm git.ia2.inaf.it:5050/vialactea/vlkb-siav2/siav2:$(VERSION)
-
-##docker login registry.gitlab.com --> robert.butora xC*n
-publish-remotely-to-ska:
- docker tag soda registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)
- docker push registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)
- docker image rm registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(VERSION)
-
-###############################################################################
-#TAG ?= $(VERSION)
-#REMOTE_SODA_IMAGE_NAME = registry.gitlab.com/ska-telescope/src/visivo-vlkb-soda:$(TAG)
-#SODA_IMAGE_NAME = soda:$(TAG)
-# https://gitlab.com/ska-telescope/src/visivo-vlkb-soda/container_registry/3917365
-###############################################################################
-#.PHONY: publish
-#publish:
-# docker tag $(SODA_IMAGE_NAME) $(REMOTE_SODA_IMAGE_NAME)
-# docker push $(REMOTE_SODA_IMAGE_NAME)
-# docker image rm $(REMOTE_SODA_IMAGE_NAME)
-# @echo "SODA_IMAGE_NAME : "$(SODA_IMAGE_NAME)
-# @echo "REMOTE_SODA_IMAGE_NAME : "$(REMOTE_SODA_IMAGE_NAME)
-###############################################################################
-
-
diff --git a/docker/example-compose.yaml b/docker/example-compose.yaml
index ef7e07e..17f0998 100644
--- a/docker/example-compose.yaml
+++ b/docker/example-compose.yaml
@@ -25,7 +25,7 @@ services:
- DB_URI=jdbc:postgresql://vlkb-db:5432/vialactea
- DB_USERNAME=vialactea
- DB_PASSWORD=ia2vlkb
- - CUTOUT_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/vlkb_cutout
+ - CUTOUT_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/soda
volumes:
diff --git a/docker/example-security/README.tex b/docker/example-security/README.tex
index 8352fe1..ac7adc4 100644
--- a/docker/example-security/README.tex
+++ b/docker/example-security/README.tex
@@ -2,30 +2,15 @@
# notes on security:
# set volume mapping in compose.yaml: security/ -> /etc/pki/tls/
# configure port/SSL connector: (path is relative to the dir where compose.yaml is
-# * server-connector.xml : set tomcat connector with certificates
-# -- ia2 needs SECTIGO
-# -- iam needs self-signed keystore.jks
-# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)
-# FIXME implement *.properties and server-connector.xml by paramters
+# * server-connector.xml : set tomcat connector with certificates (ia2 needs SECTIGO)
+#
#### Security
# SSL-certificates are site-dependent and must be regularly updated:
-# vlkb-cutout expects them in /etc/pki/tls
-#
-# map volume: ./security:/etc/pki/tls:z,ro
+# vlkb-soda expects them in /etc/pki/tls
#
-# ia2token:
-# auth.propeties
-# authpolicy.properties
-# server-connector.xml
-# SECTIGO/*
+# map volume: ./security:/etc/pki/tls:ro
#
-# iamtoken:
-# iamtoken.properties
-# server-connector.xml
-# keystore.jks
-#
-
diff --git a/docker/example-security/garrtoken/keystore.jks b/docker/example-security/garrtoken/keystore.jks
deleted file mode 100644
index 57c469584925bdc3de5f6919123d67c5a3189560..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 2696
zcmXqL;%Z@HWHxBx(qrS)YV&CO&dbQoxS)wko~4OP+MtO`+@Ohd9f}m|e3mBG*#=Fl
z(+!$fC$n)wb@6a9GA(FgbuegRwJ}J8>tN+Ih%~T3aCr>0Swwoy-!5T2an-bV!Exr7
z`d^OPRCARwF{ukMF)A4FuyH_4Wa4CHFpy>AOlb39Ol4+a)M62s`ut~rMp<C0t-bE!
zt@o5ISejTa1ahn>+!lHH;AKVoV_{B{oEG^p);+iq(aRZHZx^xcJ^NOZ`*S~i@MaRd
zmnO)+=3@COojI@V<jk%FrS3gG|J>%e6CeK7o^e8hKcU&Gx5W4VH%<eepX=-|ShC;P
zCG)Sxk5ME;b?1U`1EbaNMLxB2uuRS4t9s1hn44`Se9U?E0psFRF-5-bmhIjqF`e=C
zPs7|5@gFT_8yu~k7_n}uC*PdnlwJE*{rR^1>z6LiMSdZtxGz`CiMPM1t=-o6$N0gw
zuKm_+FDg$xo)K97Ead-(6LY-lp3b#itj}{<tVH7YTa!Oo+s_%Vu-MMq|MSy6NB>`G
zp*}W?_|Gt`O^M8@v0!cRxwKiN+#smnBhTA=r?gV6jRelm*md#zjR}4K?;hEdeyTK$
zBbQ<K+g+|xuPNm@S>z{I&FAP6WU+Uc#`5aTGryaWs#*G31xm%IRO|PvS4S+cxy!Dw
zCC>28ZOsbZSz8ly#eVfXdY9R3rx(o`CU)oFVlnp87y573+>J@QnJy6jA(ipb+Wc&Z
zr@mX2^_I<v$y&5F!T)i?sT;zFrp1b`{mD9G<)#h!O4A>`Ia%Pt7=K&S^tLsB<^uWF
zDPracLLQj`e6=~b_WFxwst8tBUCX~N-x_mOCoe#K%`^8;6Y|+Fzk0~Df2rN8Bac=^
zgqA<f@hvz~bEa5do;%XftLv7EzHQwc)~!5uF1=0Rcr{^L=0~~avOAI=d`*=^w@E!X
z!FITUJM824uV-soJmusHzAwDDI6S7N)6R6=Q?6Mpzck{C;zLaQ0(cxu-5xKPDbqIN
z_=hX=w%&cYPGHm7-hRQIg&w~HcK(03?75dC$AxtHFRR4P%9p4WtEH9fl74%U<x`S(
zOHNyyadbkZsGGtGRuLV?s7veTC_6Wl%szW}`tRwnQR$-3lEkwgU5@e-RJ_?-H2LSF
zlbN&ryWTdeI6ccmAbic#4GH?yhwe|fJvES<x30A68RurL<#&P%ryqVadr#Z>=xZ?(
z7Q1e{92<G}+2bh*N)1*r#j`ec8ZpK?g&J_)bC@E?|3|1sH0V8xl?d<V|9biiZ3(k-
zO%57=j;Iz7+VMtAyLH_=@f*T|ueiTmm2`R&@#(gFjQ*0QPw|(Pw|9Fiy5AA-{O_g*
zt$EkxGJMvG4cKuqqd#Wr`j!8E3y;+sg@698mgDSnS0?L@_?v&S!NRNODVknTGTZCE
z;=wA-=?ND?=UZ;i_M5!l<>B9w2eLbPf6a6WbBNhlZ1ksi|2e(2ytf1-Ht#UDFs%9&
z)DdGP;Wy`A-l<I{{j2|3iHdQiMxByg)>`(h@VDTFWBk7=?i$Uy<Xs(I(&v4o;a@H@
z@0w-VicBS*i&SH+&ous8aD4LwQ$;nQSx0$~++#`Zf0o%@bmCdb7wNuZCmeYetQCt*
z5n(sdQO{jr{a|ihc4FaL=gV9QJx?ZX+{aV%dUr_#=aplbHN4_sZ<RD2T@~|KJ+JIQ
zU_ZBM#r0qJ=I$2Q6lL7*W$4Q*Tk8?Hh^uMg_f6N$72f+j+r3mjAobVIhe6G9)~2k=
zx0g&jD)oHQvs<Et!aap+?Y2(b%TxTG<9D}X-jDUOIUg8Hr$6t~3$HAf+W*I;B1@ZP
zR(ST#P0<V7V)o2ToFw$>fT*GU?G3hfr>VDGJ@(}B%#f;JON(_c4ILZYT)6uFnK<2@
zzU_Lwx1oc9G`zUv6fxwJ<6$Ua$Y;o9NM=Z6C^1k(NQxSYun2`@=B6qbnj4rKnHZXz
zTNoOf88opZ!WFTzEofp1GH7D)V`5}5Xku|k$S@KrrVUNR8tg8{Oq{+WtjVU~!q$BE
z+)u<5(`;rl9Pc)=mIU<jGW}Q~pwiI9e1UnEwfv`uDSC>twrbC?{wmYp<o)i9i;4fi
z636pr?%egtn%EW7tjAx_qszf@_~wg$Rdpv01)pxwIJfWjniKU|JVE!>3rqGl1swfl
zz!Tn>y>yxJj0vlHCfNEPJCkM;buLNqYFPU}%Ps%hF7*p-;B=dH@pf;?N29XLoQ5ll
z)=s&){hP#+Ni*H0{oCyo#HQalcqq>xtbX-DKB1M{lKNC_mwaCkrMt$~Id4^pZQ--H
z7l$}QZ_RIuR{Xb3oFP=yoo739fw-T9`xgHnZc|saE0{4}czRHD$L*c(U4PluT>6pR
z<9H>{$H>^yWY1>Rv)+nx4;|9foG_y>`@&h<<b9$a{|j6Hm3yaiI;r8<6{fBn*R}OG
zpK9(4o*J04l6%drnd*_Myh)~U!c%wb{C4kE%Blc0&!k;G_x6~%XLAYPTw!c9i*s*h
z{+pw1QvKV%uijngy?SZn^gh|pXI{GZ4+*@HdZ`-T(DB?n?Du)L%T=D1s$Un}P@M2Y
z-Se@)d95|~m*mCOYTe*2Zri&{l}AFy#OD>mixvqVk7ueU)~vmmbjGDG!NJy1VAuAw
zUu=s$E-9}%%EGg4wbIl}QU~;&uDO0|(lh4oZ0xKB0oD6bIa~iV|8bw{WbByaRFln=
zB=hO@!IjHcm;yUnt2_Jl_OymDcOTK8Q>UP`KVQ6HN8SG2oDP#Gvi_|u+4N9$vY(;>
zNB+IzoSi2>J+hF0pRwclQ;Xa*0k1<2{d>-D4r{u1%#!u}2Iqs8C9f)0AIs@$y!m>j
zw1zT2&j+9W!fz>4JVi^dTZPAZ-*K3fp&2Z4@YKa}qw^WAQ{+6g<@^t>c2MJ0ekI7?
zz~<d>G=p{4t<aJ$O9KwK1ov5QIVBUe_YBY0_Lhmp!ZFLHyc4$gzFPU;T_y47CuS);
zb18c2z}Vp*_>-$__3t&M;$6J*Np>2Ol7g09ne$=k2X@!2PvxlsFHKheUl#DaNBzOf
zRJCWf4Ekr?Rr~ru!|%qIz5fnX?)_C_6&YRCT*r1nLjQa7;(yHIMYkTS`=^z!H+fX|
zA>s5SIW4~D=PXiodanNXeNkI{z|wBki?!G0+Ff|Sf9314_YYTpT&VnCIXIj@(D%&B
zYqtVFC1f15tI~XU_0YMSS>4g~49?-24l!@uDC_E*ecDvV+}WU+%O4#P=rL)zX>$W-
z!o9c&m;SClxa7!Eo+;d-5%<KiKHgiD@#Ds1gHsF>G#mX-H;CQo5f7<~PxI+!_mt32
zzZupvf9Lr-;??z%o0k1kulw2j>wQmEV8Ap{#kZ@U_<uSlY<K)Z{-f*fy_+RcV$@#l
zinWRgcpLqF$E^Jqd<}dJ3=MeUturP@Rt6S@-?FC)u3bHt@gO}({=|PNzm*J2?+du{
o78dPcduDHt`kY0i{>&}rGm2)c6BLvDcHaLmsW$e|9#D}20F5WYiU0rr
diff --git a/docker/example-security/garrtoken/neatoken.properties b/docker/example-security/garrtoken/neatoken.properties
deleted file mode 100644
index 839e15d..0000000
--- a/docker/example-security/garrtoken/neatoken.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-
-# certificates endpoint
-jwks_url=
-
-# account created for the service
-resource_id=
-
-# username for non-authenticated requests
-non_authn_username=anonymous
-
diff --git a/docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks b/docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks
deleted file mode 100644
index 02ca450..0000000
--- a/docker/example-security/garrtoken/server-connector-8443.xml-self-signed-keystore-jks
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyAlias="tomcat"
- certificateKeystoreFile="/etc/pki/tls/keystore.jks"
- certificateKeystorePassword="tomcatskassl"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/example-security/ia2token/auth.properties b/docker/example-security/ia2token/auth.properties
deleted file mode 100644
index c9c8aee..0000000
--- a/docker/example-security/ia2token/auth.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-rap_uri=https://sso.ia2.inaf.it/rap-ia2
-gms_uri=https://sso.ia2.inaf.it/gms
-client_id=vospace_ui_demo
-client_secret=VOSpaceDemo123
-
-groups_autoload=true
-store_state_on_login_endpoint=true
-scope=openid email profile read:rap
-
-allow_anonymous_access=true
diff --git a/docker/example-security/ia2token/authpolicy.properties b/docker/example-security/ia2token/authpolicy.properties
deleted file mode 100644
index d1d5756..0000000
--- a/docker/example-security/ia2token/authpolicy.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-# database for table with permissions
-db_uri=
-db_schema=
-db_user_name=
-db_password=
-
-
diff --git a/docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it b/docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
deleted file mode 100644
index 1ad6147..0000000
--- a/docker/example-security/ia2token/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
- certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
- certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/example-security/iamtoken/iamtoken.properties b/docker/example-security/iamtoken/iamtoken.properties
deleted file mode 100644
index d275d68..0000000
--- a/docker/example-security/iamtoken/iamtoken.properties
+++ /dev/null
@@ -1,13 +0,0 @@
-
-# certificates endpoint
-#jwks_url=
-introspect=
-client_name=
-client_password=
-
-# account created for the service
-resource_id=
-
-# username for non-authenticated requests
-non_authn_username=anonymous
-
diff --git a/docker/example-security/iamtoken/keystore.jks b/docker/example-security/iamtoken/keystore.jks
deleted file mode 100644
index 57c469584925bdc3de5f6919123d67c5a3189560..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 2696
zcmXqL;%Z@HWHxBx(qrS)YV&CO&dbQoxS)wko~4OP+MtO`+@Ohd9f}m|e3mBG*#=Fl
z(+!$fC$n)wb@6a9GA(FgbuegRwJ}J8>tN+Ih%~T3aCr>0Swwoy-!5T2an-bV!Exr7
z`d^OPRCARwF{ukMF)A4FuyH_4Wa4CHFpy>AOlb39Ol4+a)M62s`ut~rMp<C0t-bE!
zt@o5ISejTa1ahn>+!lHH;AKVoV_{B{oEG^p);+iq(aRZHZx^xcJ^NOZ`*S~i@MaRd
zmnO)+=3@COojI@V<jk%FrS3gG|J>%e6CeK7o^e8hKcU&Gx5W4VH%<eepX=-|ShC;P
zCG)Sxk5ME;b?1U`1EbaNMLxB2uuRS4t9s1hn44`Se9U?E0psFRF-5-bmhIjqF`e=C
zPs7|5@gFT_8yu~k7_n}uC*PdnlwJE*{rR^1>z6LiMSdZtxGz`CiMPM1t=-o6$N0gw
zuKm_+FDg$xo)K97Ead-(6LY-lp3b#itj}{<tVH7YTa!Oo+s_%Vu-MMq|MSy6NB>`G
zp*}W?_|Gt`O^M8@v0!cRxwKiN+#smnBhTA=r?gV6jRelm*md#zjR}4K?;hEdeyTK$
zBbQ<K+g+|xuPNm@S>z{I&FAP6WU+Uc#`5aTGryaWs#*G31xm%IRO|PvS4S+cxy!Dw
zCC>28ZOsbZSz8ly#eVfXdY9R3rx(o`CU)oFVlnp87y573+>J@QnJy6jA(ipb+Wc&Z
zr@mX2^_I<v$y&5F!T)i?sT;zFrp1b`{mD9G<)#h!O4A>`Ia%Pt7=K&S^tLsB<^uWF
zDPracLLQj`e6=~b_WFxwst8tBUCX~N-x_mOCoe#K%`^8;6Y|+Fzk0~Df2rN8Bac=^
zgqA<f@hvz~bEa5do;%XftLv7EzHQwc)~!5uF1=0Rcr{^L=0~~avOAI=d`*=^w@E!X
z!FITUJM824uV-soJmusHzAwDDI6S7N)6R6=Q?6Mpzck{C;zLaQ0(cxu-5xKPDbqIN
z_=hX=w%&cYPGHm7-hRQIg&w~HcK(03?75dC$AxtHFRR4P%9p4WtEH9fl74%U<x`S(
zOHNyyadbkZsGGtGRuLV?s7veTC_6Wl%szW}`tRwnQR$-3lEkwgU5@e-RJ_?-H2LSF
zlbN&ryWTdeI6ccmAbic#4GH?yhwe|fJvES<x30A68RurL<#&P%ryqVadr#Z>=xZ?(
z7Q1e{92<G}+2bh*N)1*r#j`ec8ZpK?g&J_)bC@E?|3|1sH0V8xl?d<V|9biiZ3(k-
zO%57=j;Iz7+VMtAyLH_=@f*T|ueiTmm2`R&@#(gFjQ*0QPw|(Pw|9Fiy5AA-{O_g*
zt$EkxGJMvG4cKuqqd#Wr`j!8E3y;+sg@698mgDSnS0?L@_?v&S!NRNODVknTGTZCE
z;=wA-=?ND?=UZ;i_M5!l<>B9w2eLbPf6a6WbBNhlZ1ksi|2e(2ytf1-Ht#UDFs%9&
z)DdGP;Wy`A-l<I{{j2|3iHdQiMxByg)>`(h@VDTFWBk7=?i$Uy<Xs(I(&v4o;a@H@
z@0w-VicBS*i&SH+&ous8aD4LwQ$;nQSx0$~++#`Zf0o%@bmCdb7wNuZCmeYetQCt*
z5n(sdQO{jr{a|ihc4FaL=gV9QJx?ZX+{aV%dUr_#=aplbHN4_sZ<RD2T@~|KJ+JIQ
zU_ZBM#r0qJ=I$2Q6lL7*W$4Q*Tk8?Hh^uMg_f6N$72f+j+r3mjAobVIhe6G9)~2k=
zx0g&jD)oHQvs<Et!aap+?Y2(b%TxTG<9D}X-jDUOIUg8Hr$6t~3$HAf+W*I;B1@ZP
zR(ST#P0<V7V)o2ToFw$>fT*GU?G3hfr>VDGJ@(}B%#f;JON(_c4ILZYT)6uFnK<2@
zzU_Lwx1oc9G`zUv6fxwJ<6$Ua$Y;o9NM=Z6C^1k(NQxSYun2`@=B6qbnj4rKnHZXz
zTNoOf88opZ!WFTzEofp1GH7D)V`5}5Xku|k$S@KrrVUNR8tg8{Oq{+WtjVU~!q$BE
z+)u<5(`;rl9Pc)=mIU<jGW}Q~pwiI9e1UnEwfv`uDSC>twrbC?{wmYp<o)i9i;4fi
z636pr?%egtn%EW7tjAx_qszf@_~wg$Rdpv01)pxwIJfWjniKU|JVE!>3rqGl1swfl
zz!Tn>y>yxJj0vlHCfNEPJCkM;buLNqYFPU}%Ps%hF7*p-;B=dH@pf;?N29XLoQ5ll
z)=s&){hP#+Ni*H0{oCyo#HQalcqq>xtbX-DKB1M{lKNC_mwaCkrMt$~Id4^pZQ--H
z7l$}QZ_RIuR{Xb3oFP=yoo739fw-T9`xgHnZc|saE0{4}czRHD$L*c(U4PluT>6pR
z<9H>{$H>^yWY1>Rv)+nx4;|9foG_y>`@&h<<b9$a{|j6Hm3yaiI;r8<6{fBn*R}OG
zpK9(4o*J04l6%drnd*_Myh)~U!c%wb{C4kE%Blc0&!k;G_x6~%XLAYPTw!c9i*s*h
z{+pw1QvKV%uijngy?SZn^gh|pXI{GZ4+*@HdZ`-T(DB?n?Du)L%T=D1s$Un}P@M2Y
z-Se@)d95|~m*mCOYTe*2Zri&{l}AFy#OD>mixvqVk7ueU)~vmmbjGDG!NJy1VAuAw
zUu=s$E-9}%%EGg4wbIl}QU~;&uDO0|(lh4oZ0xKB0oD6bIa~iV|8bw{WbByaRFln=
zB=hO@!IjHcm;yUnt2_Jl_OymDcOTK8Q>UP`KVQ6HN8SG2oDP#Gvi_|u+4N9$vY(;>
zNB+IzoSi2>J+hF0pRwclQ;Xa*0k1<2{d>-D4r{u1%#!u}2Iqs8C9f)0AIs@$y!m>j
zw1zT2&j+9W!fz>4JVi^dTZPAZ-*K3fp&2Z4@YKa}qw^WAQ{+6g<@^t>c2MJ0ekI7?
zz~<d>G=p{4t<aJ$O9KwK1ov5QIVBUe_YBY0_Lhmp!ZFLHyc4$gzFPU;T_y47CuS);
zb18c2z}Vp*_>-$__3t&M;$6J*Np>2Ol7g09ne$=k2X@!2PvxlsFHKheUl#DaNBzOf
zRJCWf4Ekr?Rr~ru!|%qIz5fnX?)_C_6&YRCT*r1nLjQa7;(yHIMYkTS`=^z!H+fX|
zA>s5SIW4~D=PXiodanNXeNkI{z|wBki?!G0+Ff|Sf9314_YYTpT&VnCIXIj@(D%&B
zYqtVFC1f15tI~XU_0YMSS>4g~49?-24l!@uDC_E*ecDvV+}WU+%O4#P=rL)zX>$W-
z!o9c&m;SClxa7!Eo+;d-5%<KiKHgiD@#Ds1gHsF>G#mX-H;CQo5f7<~PxI+!_mt32
zzZupvf9Lr-;??z%o0k1kulw2j>wQmEV8Ap{#kZ@U_<uSlY<K)Z{-f*fy_+RcV$@#l
zinWRgcpLqF$E^Jqd<}dJ3=MeUturP@Rt6S@-?FC)u3bHt@gO}({=|PNzm*J2?+du{
o78dPcduDHt`kY0i{>&}rGm2)c6BLvDcHaLmsW$e|9#D}20F5WYiU0rr
diff --git a/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks b/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
deleted file mode 100644
index 02ca450..0000000
--- a/docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jks
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyAlias="tomcat"
- certificateKeystoreFile="/etc/pki/tls/keystore.jks"
- certificateKeystorePassword="tomcatskassl"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
--
GitLab