As a Security Server Administrator I want that I can disable 'trusted federation'-feature in my Security Server so that federation is not in use if there is no need for it

[hanhaka]

Affected components: proxy Affected documentation: ug-syspar Estimated delivery: Q2/2017 External reference: https://jira.csc.fi/browse/PVAYLADEV-797

Problem If trusted federation is enabled and in use in Central Server of X-Road instance it also means that the federation is in use for all the Security Servers in that very same X-Road instance the Central Server is administering. If federation is enabled Security Servers are fetching periodically the configuration of federated X-Road instance. The source where from fetch the configuration, is usually configuration proxy deploying/delivering the federated configuration (or the source can also be Central Server of federated instance). To enable communication link to external configuration proxy usually means that to the firewall of client network has to opened proper port for communicating to external configuration proxy (or Central Server). If port not opened, configuration client cannot download the configuration (from proxy) and an error message is generated to log file (and of course federation cannot be used).

Security Server Administrator should have possibility to disable (and also enable) the trusted federation -feature in his/her Security Server if it is not used and not needed. By this way no firewall ports is needed to open and no extra error messages are stored to log files. Most probably the easiest way is to create a new parameter for this one and by setting it to false, trusted federation related functionalities are not executed. Federation should be set to 'disable' by default.

Security Server admin should have also possibility to select via whitelist the instances that he/she wants to federate with (comma separated list in configuration file etc.) For example if one of members knows that he wants to federate only with FI but not with any other partner then he/she would just add Fi instance. There must be also have some predefined values like “NONE/ALL” or “true/false” to describe that Security Server has federation disabled or wants to federate with all federations including these that will appear in the future.

Acceptance criteria

• Security Server Administrator can disable and enable trusted federation -feature in his/her Security Server
• Security Server Administrator can select the X-Road instances that he/she wants to federate with (comma separated list in configuration file etc.)
• Documentation is updated (in a case of new parameter documentation to update: https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/ug-syspar_x-road_v6_system_parameters.md)

[hanhaka]

Fixed in 6.16.0, https://github.com/ria-ee/X-Road/pull/61