61 lines
4.7 KiB
XML
61 lines
4.7 KiB
XML
|
<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
|
||
|
<ResultCond name="emailaddressDidntChange,givennameDidntChange,surnameDidntChange,languageDidntChange" next="${state.done}"/>
|
||
|
<ResultCond name="default" next="${state.entry}_Update"/>
|
||
|
<Response value="AUTH_ERROR"/>
|
||
|
<property name="condition:emailaddressDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', 'missing').equals(sess.get('ch.nevis.idm.User.email')) }"/>
|
||
|
<property name="condition:givennameDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname', 'missing').equals(sess.get('ch.nevis.idm.User.firstName')) }"/>
|
||
|
<property name="condition:surnameDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname', 'missing').equals(sess.get('ch.nevis.idm.User.lastName')) }"/>
|
||
|
<property name="condition:languageDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance', 'missing').equals(sess.get('ch.nevis.idm.User.language')) }"/>
|
||
|
</AuthState>
|
||
|
<AuthState name="${state.entry}_Update" class="ch.nevis.idm.authstate.IdmSetPropertiesState" final="false" resumeState="false">
|
||
|
<ResultCond name="emailExists" next="${state.entry}_AuditError"/>
|
||
|
<ResultCond name="inputInvalid" next="${state.entry}_AuditError"/>
|
||
|
<ResultCond name="inputMissing" next="${state.entry}_AuditError"/>
|
||
|
<ResultCond name="loginIdExists" next="${state.entry}_AuditError"/>
|
||
|
<ResultCond name="userIdExists" next="${state.entry}_AuditError"/>
|
||
|
<ResultCond name="ok" next="${state.entry}_AuditUpdate"/>
|
||
|
<Response value="AUTH_ERROR">
|
||
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||
|
</Response>
|
||
|
<propertyRef name="nevisIDM_Connector"/>
|
||
|
<property name="user.loginid" value="${sess:ch.adnovum.nevisidm.user.loginId}"/>
|
||
|
<property name="client.name" value="${sess:ch.adnovum.nevisidm.clientName}"/>
|
||
|
<property name="user.attributes.optional" value="email,firstName,name,language"/>
|
||
|
<property name="user.attributes.mandatory" value="remarks"/>
|
||
|
<property name="user.attribute.email" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}"/>
|
||
|
<property name="user.attribute.firstName" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname}"/>
|
||
|
<property name="user.attribute.name" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}"/>
|
||
|
<property name="user.attribute.language" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance}"/>
|
||
|
<property name="user.attribute.remarks" value="Updated based on assertion '${sess:ch.nevis.auth.saml.assertion.id}' (Request-ID: ${inctx:connection.HttpHeader.X-Request-ID})"/>
|
||
|
<property name="user.attributes.overwrite" value="email,firstName,name,language,remarks"/>
|
||
|
<property name="allowInvalidUserEmails" value="true"/>
|
||
|
</AuthState>
|
||
|
<AuthState name="${state.entry}_AuditUpdate" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
|
||
|
<ResultCond name="default" next="${state.done}"/>
|
||
|
<Response value="AUTH_CONTINUE"/>
|
||
|
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
|
||
|
<property name="script" value="
|
||
|
|
||
|
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';
|
||
|
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';
|
||
|
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';
|
||
|
LOG.info("Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'");
|
||
|
|
||
|
"/>
|
||
|
</AuthState>
|
||
|
<AuthState name="${state.entry}_AuditError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
|
||
|
<Response value="AUTH_ERROR">
|
||
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||
|
</Response>
|
||
|
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
|
||
|
<property name="script" value="
|
||
|
|
||
|
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';
|
||
|
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';
|
||
|
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';
|
||
|
LOG.error("Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', error='failed to update user in IDM', lasterrorinfo='${lasterrorinfo}'");
|
||
|
response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_ERROR);
|
||
|
|
||
|
"/>
|
||
|
</AuthState>
|