nevis
/
adn-agov-iam-admin-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-10-30 15:20:36 +00:00
parent 7cd358babd
commit be8368b0a3
3 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-nevisauth-ac27dd7daad0ca2b7229bfaf.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-51ca9db578a2820945a06c2b1f6661c4ee51d76a"
tag: "r-64e7c8657e319dd2784c3d579040cfd79cd13611"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth"
credentials: "git-credentials"
keystores:

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/selectIdmProfile.groovy
View File

@ -25,7 +25,7 @@ try {
prf.'**'.findAll
{ role -> role.name() == 'roles'
&& role.applicationName.text() == 'nevisIdm'
}.collect{ rolePrioEntry -> idmSeverityRoleMap[rolePrioEntry.name.text()] ?: [1000, "DO-NOT-USE(${rolePrioEntry.name.text()})"]
}.collect{ rolePrioEntry -> idmSeverityRoleMap[rolePrioEntry.name.text()].?concat("(${prf.name.text()})") ?: [1000, "DO-NOT-USE(${rolePrioEntry.name.text()}, ${prf.name.text()})"]
}.sort { a, b -> a[0] <=> b[0] // sort by severity
}.last()[1] // take label of the ighest one
] }

21
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/set_userextid_groovy_script_step.groovy
View File

@ -13,22 +13,17 @@ try {
response.setSessionAttribute('operationsExtId', notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'])
if (! notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].contains('130274ee-7e24-4050-9b94-d5717ef52ade') )
// we take the first one, if there is no profile in the operations unit
def unitAndProfileExtidPar = notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']
.split(',').find{pairstr -> pairstr.split("\\\\")[1] == "130274ee-7e24-4050-9b94-d5717ef52ade" }
?: notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].split(',')[0]
if (! unitAndProfileExtidPar.contains('130274ee-7e24-4050-9b94-d5717ef52ade') )
{
LOG.warn("[OPACCESS] User ${notes['saml.assertion.subject']} with opaccount ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']} has not operations profile")
response.setResult('error');
return
}
notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].split(',').eachWithIndex { pairstr, i ->
pair = pairstr.split("\\\\")
if (pair[1] == "130274ee-7e24-4050-9b94-d5717ef52ade") {
response.setSessionAttribute('operationsProfileExtId', pair[0])
LOG.warn(pair[0] + " userprofileExtid has the wanted unitExtId " + pair[1])
}
LOG.info("[OPACCESS] User ${notes['saml.assertion.subject']} with opaccount ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']} has no operations profile, we use the first one")
}
response.setSessionAttribute('operationsProfileExtId', unitAndProfileExtidPar.split("\\\\")[0])
response.setResult('ok');
} catch(Exception ex) {