adn-agov-iam-admin-project/patterns/488949a743edb1f46f73f232_sc.../setUserExtIdFromAssertion.g...

try {
  def s = request.getAuthSession(true)

  LOG.info("operationsExtId: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']}")
  LOG.info("operationsUserProfileExtIdList: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']}")


  if (notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'] == null || notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'] == null) {
    LOG.error("[OPACCESS] User ${notes['saml.assertion.subject']} tried to access without operations account or profile")
    response.setResult('error');
    return
  }

  response.setSessionAttribute('operationsExtId', notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'])

  if (! notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].contains('${var.operations-unitExtId}') )
  {
    LOG.warn("[OPACCESS] User ${notes['saml.assertion.subject']} with opaccount ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']} has not operations profile")
    response.setResult('error');
    return
  }


  notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].split(',').eachWithIndex { pairstr, i ->
    pair = pairstr.split("\\\\")
    if (pair[1] == "${var.operations-unitExtId}") {
        response.setSessionAttribute('operationsProfileExtId', pair[0])
        LOG.warn(pair[0] + " userprofileExtid has the wanted unitExtId " + pair[1])
    }
  }

  response.setResult('ok');  

} catch(Exception ex) {
   LOG.warn("Exception in selectProfile groovy script: " + ex)
   response.setResult('error');
}
85 files added and 1 file updated 2024-10-21 08:11:34 +00:00			`try {`
			`def s = request.getAuthSession(true)`

			`LOG.info("operationsExtId: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']}")`
			`LOG.info("operationsUserProfileExtIdList: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']}")`


			`if (notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'] == null \|\| notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'] == null) {`
			`LOG.error("[OPACCESS] User ${notes['saml.assertion.subject']} tried to access without operations account or profile")`
			`response.setResult('error');`
			`return`
			`}`

			`response.setSessionAttribute('operationsExtId', notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'])`

			`if (! notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].contains('${var.operations-unitExtId}') )`
			`{`
			`LOG.warn("[OPACCESS] User ${notes['saml.assertion.subject']} with opaccount ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']} has not operations profile")`
			`response.setResult('error');`
			`return`
			`}`


			`notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].split(',').eachWithIndex { pairstr, i ->`
			`pair = pairstr.split("\\\\")`
			`if (pair[1] == "${var.operations-unitExtId}") {`
			`response.setSessionAttribute('operationsProfileExtId', pair[0])`
			`LOG.warn(pair[0] + " userprofileExtid has the wanted unitExtId " + pair[1])`
			`}`
			`}`

			`response.setResult('ok');`

			`} catch(Exception ex) {`
			`LOG.warn("Exception in selectProfile groovy script: " + ex)`
			`response.setResult('error');`
			`}`