adn-agov-iam-admin-project/patterns/24cbc652d3166c8374eda3cd_au.../UpdateUserIfNeeded.xml

<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
	<ResultCond name="emailaddressDidntChange,givennameDidntChange,surnameDidntChange,languageDidntChange" next="${state.done}"/>
	<ResultCond name="default" next="${state.entry}_Update"/>
	<Response value="AUTH_ERROR"/>
	<property name="condition:emailaddressDidntChange" value="#{ !sess.containsKey('idp.email') or sess.get('idp.email').equals(sess.get('ch.nevis.idm.User.email')) }"/>
	<property name="condition:givennameDidntChange" value="#{ !sess.containsKey('idp.firstName') or sess.get('idp.firstName').equals(sess.get('ch.nevis.idm.User.firstName')) }"/>
	<property name="condition:surnameDidntChange" value="#{ !sess.containsKey('idp.lastName') or sess.get('idp.lastName').equals(sess.get('ch.nevis.idm.User.lastName')) }"/>
	<property name="condition:languageDidntChange" value="#{ !sess.containsKey('idp.language') or sess.get('idp.language').equals(sess.get('ch.nevis.idm.User.language')) }"/>
</AuthState>
<AuthState name="${state.entry}_Update" class="ch.nevis.idm.authstate.IdmSetPropertiesState" final="false" resumeState="false">
	<ResultCond name="emailExists" next="${state.entry}_AuditError"/>
	<ResultCond name="inputInvalid" next="${state.entry}_AuditError"/>
	<ResultCond name="inputMissing" next="${state.entry}_AuditError"/>
	<ResultCond name="loginIdExists" next="${state.entry}_AuditError"/>
	<ResultCond name="userIdExists" next="${state.entry}_AuditError"/>
	<ResultCond name="ok" next="${state.entry}_AuditUpdate"/>
	<Response value="AUTH_ERROR">
		<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
	</Response>
	<propertyRef name="nevisIDM_Connector"/>
	<property name="user.loginid" value="${sess:ch.adnovum.nevisidm.user.loginId}"/>
	<property name="client.name" value="${sess:ch.adnovum.nevisidm.clientName}"/>
	<property name="user.attributes.optional" value="email,firstName,name,language"/>
	<property name="user.attributes.mandatory" value="remarks"/>
	<property name="user.attribute.email" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}"/>
	<property name="user.attribute.firstName" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname}"/>
	<property name="user.attribute.name" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}"/>
	<property name="user.attribute.language" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance}"/>
	<property name="user.attribute.remarks" value="Updated based on assertion '${sess:ch.nevis.auth.saml.assertion.id}' (Request-ID: ${inctx:connection.HttpHeader.X-Request-ID})"/>
	<property name="user.attributes.overwrite" value="email,firstName,name,language,remarks"/>
	<property name="allowInvalidUserEmails" value="true"/>
</AuthState>
<AuthState name="${state.entry}_AuditUpdate" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
	<ResultCond name="default" next="${state.done}"/>
	<Response value="AUTH_CONTINUE"/>
	<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
	<property name="script" value="

def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';
LOG.info(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'&quot;);

	"/>
</AuthState>
<AuthState name="${state.entry}_AuditError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
	<Response value="AUTH_ERROR">
		<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
	</Response>
	<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
	<property name="script" value="

def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';
LOG.error(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', error='failed to update user in IDM', lasterrorinfo='${lasterrorinfo}'&quot;);
response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_ERROR);

	"/>
</AuthState>
85 files added and 1 file updated 2024-10-21 08:11:34 +00:00			`<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">`
			`<ResultCond name="emailaddressDidntChange,givennameDidntChange,surnameDidntChange,languageDidntChange" next="${state.done}"/>`
			`<ResultCond name="default" next="${state.entry}_Update"/>`
			`<Response value="AUTH_ERROR"/>`
2 files added and 12 files updated 2024-11-22 07:41:13 +00:00			`<property name="condition:emailaddressDidntChange" value="#{ !sess.containsKey('idp.email') or sess.get('idp.email').equals(sess.get('ch.nevis.idm.User.email')) }"/>`
			`<property name="condition:givennameDidntChange" value="#{ !sess.containsKey('idp.firstName') or sess.get('idp.firstName').equals(sess.get('ch.nevis.idm.User.firstName')) }"/>`
			`<property name="condition:surnameDidntChange" value="#{ !sess.containsKey('idp.lastName') or sess.get('idp.lastName').equals(sess.get('ch.nevis.idm.User.lastName')) }"/>`
			`<property name="condition:languageDidntChange" value="#{ !sess.containsKey('idp.language') or sess.get('idp.language').equals(sess.get('ch.nevis.idm.User.language')) }"/>`
85 files added and 1 file updated 2024-10-21 08:11:34 +00:00			`</AuthState>`
			`<AuthState name="${state.entry}_Update" class="ch.nevis.idm.authstate.IdmSetPropertiesState" final="false" resumeState="false">`
			`<ResultCond name="emailExists" next="${state.entry}_AuditError"/>`
			`<ResultCond name="inputInvalid" next="${state.entry}_AuditError"/>`
			`<ResultCond name="inputMissing" next="${state.entry}_AuditError"/>`
			`<ResultCond name="loginIdExists" next="${state.entry}_AuditError"/>`
			`<ResultCond name="userIdExists" next="${state.entry}_AuditError"/>`
			`<ResultCond name="ok" next="${state.entry}_AuditUpdate"/>`
			`<Response value="AUTH_ERROR">`
			`<Arg name="ch.nevis.isiweb4.response.status" value="403"/>`
			`</Response>`
			`<propertyRef name="nevisIDM_Connector"/>`
			`<property name="user.loginid" value="${sess:ch.adnovum.nevisidm.user.loginId}"/>`
			`<property name="client.name" value="${sess:ch.adnovum.nevisidm.clientName}"/>`
			`<property name="user.attributes.optional" value="email,firstName,name,language"/>`
			`<property name="user.attributes.mandatory" value="remarks"/>`
			`<property name="user.attribute.email" value="${notes\|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}"/>`
			`<property name="user.attribute.firstName" value="${notes\|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname}"/>`
			`<property name="user.attribute.name" value="${notes\|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}"/>`
			`<property name="user.attribute.language" value="${notes\|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance}"/>`
			`<property name="user.attribute.remarks" value="Updated based on assertion '${sess:ch.nevis.auth.saml.assertion.id}' (Request-ID: ${inctx:connection.HttpHeader.X-Request-ID})"/>`
			`<property name="user.attributes.overwrite" value="email,firstName,name,language,remarks"/>`
			`<property name="allowInvalidUserEmails" value="true"/>`
			`</AuthState>`
			`<AuthState name="${state.entry}_AuditUpdate" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">`
			`<ResultCond name="default" next="${state.done}"/>`
			`<Response value="AUTH_CONTINUE"/>`
			`<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>`
			`<property name="script" value="`

			`def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';`
			`def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';`
			`def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';`
			`LOG.info("Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'");`

			`"/>`
			`</AuthState>`
			`<AuthState name="${state.entry}_AuditError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">`
			`<Response value="AUTH_ERROR">`
			`<Arg name="ch.nevis.isiweb4.response.status" value="403"/>`
			`</Response>`
			`<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>`
			`<property name="script" value="`

			`def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';`
			`def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';`
			`def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';`
			`LOG.error("Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', error='failed to update user in IDM', lasterrorinfo='${lasterrorinfo}'");`
			`response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_ERROR);`

			`"/>`
			`</AuthState>`