diff --git a/bundles.yml b/bundles.yml
index de1b4e9..00bcb0f 100644
--- a/bundles.yml
+++ b/bundles.yml
@@ -1,13 +1,12 @@
schemaVersion: "1.0"
bundles:
-- "nevisadmin-plugin-nevisproxy:7.2402.1.3"
-- "nevisadmin-plugin-base-generation:7.2402.1.3"
-- "nevisadmin-plugin-nevisdetect:7.2402.1.3"
-- "nevisadmin-plugin-marketplace:7.2402.1.3"
-- "nevisadmin-plugin-mobile-auth:7.2402.1.3"
-- "nevisadmin-plugin-authcloud:7.2402.1.3"
-- "nevisadmin-plugin-nevisdp:7.2402.1.3"
-- "nevisadmin-plugin-fido2:7.2402.1.3"
-- "nevisadmin-plugin-nevisidm:7.2402.1.3"
-- "nevisadmin-plugin-oauth:7.2402.1.3"
-- "nevisadmin-plugin-nevisauth:7.2402.1.3"
+- "nevisadmin-plugin-oauth:8.2405.2.0"
+- "nevisadmin-plugin-authcloud:8.2405.2.0"
+- "nevisadmin-plugin-nevisidm:8.2405.2.0"
+- "nevisadmin-plugin-mobile-auth:8.2405.2.0"
+- "nevisadmin-plugin-fido2:8.2405.2.0"
+- "nevisadmin-plugin-nevisdp:8.2405.2.0"
+- "nevisadmin-plugin-nevisauth:8.2405.2.0"
+- "nevisadmin-plugin-nevisproxy:8.2405.2.0"
+- "nevisadmin-plugin-nevisdetect:8.2405.2.0"
+- "nevisadmin-plugin-base-generation:8.2405.2.0"
diff --git a/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip b/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip
new file mode 100644
index 0000000..abeafde
Binary files /dev/null and b/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip differ
diff --git a/patterns/24cbc652d3166c8374eda3cd_authStatesFile/UpdateUserIfNeeded.xml b/patterns/24cbc652d3166c8374eda3cd_authStatesFile/UpdateUserIfNeeded.xml
new file mode 100644
index 0000000..11534e4
--- /dev/null
+++ b/patterns/24cbc652d3166c8374eda3cd_authStatesFile/UpdateUserIfNeeded.xml
@@ -0,0 +1,60 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/2787b678d9cce5310a335419_authStatesFile/OpOnbrdng-PreProcessing.xml b/patterns/2787b678d9cce5310a335419_authStatesFile/OpOnbrdng-PreProcessing.xml
new file mode 100644
index 0000000..a56813a
--- /dev/null
+++ b/patterns/2787b678d9cce5310a335419_authStatesFile/OpOnbrdng-PreProcessing.xml
@@ -0,0 +1,66 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/2787b678d9cce5310a335419_resources/OpOnbrdng-PreProcessing.groovy b/patterns/2787b678d9cce5310a335419_resources/OpOnbrdng-PreProcessing.groovy
new file mode 100644
index 0000000..1dbe99f
--- /dev/null
+++ b/patterns/2787b678d9cce5310a335419_resources/OpOnbrdng-PreProcessing.groovy
@@ -0,0 +1,128 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+import groovy.xml.XmlSlurper
+
+
+// AGOVaq conversion
+def minLoiRoleToCtxClssConvertorMap = [
+ "level100": "urn:qa.agov.ch:names:tc:ac:classes:100",
+ "level200": "urn:qa.agov.ch:names:tc:ac:classes:200",
+ "level300": "urn:qa.agov.ch:names:tc:ac:classes:300",
+ "level400": "urn:qa.agov.ch:names:tc:ac:classes:400",
+ "level500": "urn:qa.agov.ch:names:tc:ac:classes:500"
+]
+
+def cleanSession() {
+ def s = request.getAuthSession(true)
+
+ s.removeAttribute('agov.op.onboarding.ctxClass')
+ s.removeAttribute('agov.op.onboarding.minLoi')
+ s.removeAttribute('agov.op.onboarding.homeName')
+ s.removeAttribute('agov.op.onboarding.subject')
+ s.removeAttribute('agov.op.onboarding.process.state')
+ s.removeAttribute('ch.adnovum.nevisidm.userDto')
+ s.removeAttribute('saml.response.statusCode')
+ if (response.getActualRoles().length > 0) {
+ def actualRoles = Arrays.copyOf(response.getActualRoles(), response.getActualRoles().length)
+ actualRoles.each{ role -> response.removeActualRole(role) }
+ }
+}
+
+// for autditing
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+def minLoi = 'unknown'
+
+// 1) makes sure, that we are or were invoked with a correct URL ticket, set error code, if not
+if (inargs['cd'] == null && session['agov.op.onboarding.code'] == null) {
+ response.setNote('lasterror', '9901')
+ response.setNote('lasterrorinfo', 'valid on-boarding link required')
+}
+
+// 2a) if code as query param, store it to the session, and redirect
+if (inargs['cd'] != null) {
+ // make sure, we are clean to be able to start over
+ cleanSession()
+
+ response.setSessionAttribute('agov.op.onboarding.code', inargs['cd'])
+ response.setStatus(AuthResponse.AUTH_CONTINUE)
+ response.setTransferDestination('/AUTH/ONBOARDING/')
+ response.setIsRedirectTransfer(true)
+ return
+}
+
+
+// 2b) clean the url, if necessary
+if (request.currentResource.replaceAll('^https:\\/\\/[^\\/]+\\/AUTH\\/ONBOARDING\\/', '').length() > 0) {
+
+ response.setStatus(AuthResponse.AUTH_CONTINUE)
+ response.setTransferDestination('/AUTH/ONBOARDING/')
+ response.setIsRedirectTransfer(true)
+ return
+}
+
+
+// 3) if SAMLResponse available, process it
+if (inargs['SAMLResponse'] != null) {
+ // we don't use a RelayState, make sure he is ignored
+ request.getInArgs().remove("RelayState")
+ response.setResult('processResponse')
+ return
+}
+
+
+// 4) check if we could already validate the ticket, and load the user
+if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null) {
+ try {
+ def userDto = new XmlSlurper().parseText(session['ch.adnovum.nevisidm.userDto'])
+ def userState = userDto.state
+
+ if (userState == 'ACTIVE') {
+ def minLoiList = userDto.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'OP-MinLoi' }.collect({ node -> node.name.text() }).sort()
+ minLoi = minLoiList.isEmpty() ? null : minLoiList.first()
+
+ if (minLoi != null) {
+ response.setSessionAttribute('agov.op.onboarding.minLoi', minLoi)
+ if (minLoiRoleToCtxClssConvertorMap.containsKey(minLoi)) {
+ response.setSessionAttribute('agov.op.onboarding.ctxClass', minLoiRoleToCtxClssConvertorMap[minLoi])
+ } else {
+ LOG.warn("OP-ONBOARDING: Failed to convert '${minLoi}' to AGOVaq, taking 'urn:qa.agov.ch:names:tc:ac:classes:100'")
+ response.setSessionAttribute('agov.op.onboarding.ctxClass', "urn:qa.agov.ch:names:tc:ac:classes:100")
+ }
+ } else {
+ LOG.debug("OP-ONBOARDING: no 'OP-MinLoi'-role assigned to user ${user}, using AGOVaq100")
+ minLoi = "level100"
+ response.setSessionAttribute('agov.op.onboarding.minLoi', "level100")
+ response.setSessionAttribute('agov.op.onboarding.ctxClass', "urn:qa.agov.ch:names:tc:ac:classes:100")
+ }
+ LOG.info("Event='OP-AUTHNREQ', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent=${userAgent}")
+ response.setResult('sendAuthnRequest')
+ } else {
+ // state != ACTIVE and no lasterror should not happen
+ LOG.error("On boarding ticket processing failed: state='${userState}' but not lasterror set")
+ response.setNote('lasterror', '9909')
+ response.setNote('lasterrorinfo', 'internal error')
+ }
+ } catch (Exception e) {
+ LOG.error("On boarding ticket processing failed: Exception " + e)
+ response.setNote('lasterror', '9909')
+ response.setNote('lasterrorinfo', 'internal error')
+ }
+}
+
+// 5) validate URL Ticket?
+if (inargs['submit'] != null && notes['verifyTicket'] == null) {
+ response.setNote('verifyTicket', 'go')
+ response.setResult('verifyTicket')
+ return
+}
+
+
+// 6) if we reach that point, display the GUI
+if (response.getNote('lasterror') != null) {
+ minLoi = session['agov.op.onboarding.minLoi'] ?: 'unknown'
+ LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent=${userAgent}, lasterror=${response.getNote('lasterror')}, lasterrorinfo='${response.getNote('lasterrorinfo')}'")
+ cleanSession()
+}
+
+response.setStatus(AuthResponse.AUTH_CONTINUE)
diff --git a/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip b/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip
new file mode 100644
index 0000000..abeafde
Binary files /dev/null and b/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip differ
diff --git a/patterns/488949a743edb1f46f73f232_scriptFile/setUserExtIdFromAssertion.groovy b/patterns/488949a743edb1f46f73f232_scriptFile/setUserExtIdFromAssertion.groovy
new file mode 100644
index 0000000..5ab52ed
--- /dev/null
+++ b/patterns/488949a743edb1f46f73f232_scriptFile/setUserExtIdFromAssertion.groovy
@@ -0,0 +1,37 @@
+try {
+ def s = request.getAuthSession(true)
+
+ LOG.info("operationsExtId: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']}")
+ LOG.info("operationsUserProfileExtIdList: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']}")
+
+
+ if (notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'] == null || notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'] == null) {
+ LOG.error("[OPACCESS] User ${notes['saml.assertion.subject']} tried to access without operations account or profile")
+ response.setResult('error');
+ return
+ }
+
+ response.setSessionAttribute('operationsExtId', notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'])
+
+ if (! notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].contains('${var.operations-unitExtId}') )
+ {
+ LOG.warn("[OPACCESS] User ${notes['saml.assertion.subject']} with opaccount ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']} has not operations profile")
+ response.setResult('error');
+ return
+ }
+
+
+ notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].split(',').eachWithIndex { pairstr, i ->
+ pair = pairstr.split("\\\\")
+ if (pair[1] == "${var.operations-unitExtId}") {
+ response.setSessionAttribute('operationsProfileExtId', pair[0])
+ LOG.warn(pair[0] + " userprofileExtid has the wanted unitExtId " + pair[1])
+ }
+ }
+
+ response.setResult('ok');
+
+} catch(Exception ex) {
+ LOG.warn("Exception in selectProfile groovy script: " + ex)
+ response.setResult('error');
+}
diff --git a/patterns/50d6c91ace65f52fa56d7113_roleAssignmentFile/rolesAssignment.properties b/patterns/50d6c91ace65f52fa56d7113_roleAssignmentFile/rolesAssignment.properties
new file mode 100644
index 0000000..65fc6e9
--- /dev/null
+++ b/patterns/50d6c91ace65f52fa56d7113_roleAssignmentFile/rolesAssignment.properties
@@ -0,0 +1,30 @@
+# -- Semantics: in order to assign the 'key' role, you need one of the 'value' roles,
+# -- an empty value means 'no role is authorized'.
+# ------------------------------------------------------------------------------------
+
+# -- bootstrapping
+nevisIdm.Root=nevisIdm.Root
+
+# -- assigned by root only
+nevisIdm.SoapTechAccess=nevisIdm.Root
+nevisIdm.SoapTechAccessReadOnly=nevisIdm.Root
+nevisIdm.Impersonator=nevisIdm.Root
+
+# -- assigned by root or itself
+nevisIdm.ClientRoot=nevisIdm.Root,nevisIdm.ClientRoot
+nevisIdm.EnterpriseRoleAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
+
+# -- assigned by EnterpriseRoleAdmin
+nevisIdm.AppAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
+nevisIdm.UserAndUnitAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
+nevisIdm.Helpdesk=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
+nevisIdm.UserAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
+nevisIdm.AppOwner=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
+nevisIdm.TemplateAdmin=nevisIdm.Root,nevisIdm.EnterpriseRoleAdmin
+
+
+# -- not used (we leave it accessible by root)
+nevisIdm.EnterpriseRoleOwner=nevisIdm.Root
+nevisIdm.SelfAdmin=nevisIdm.Root
+nevisIdm.MainAppOwner=nevisIdm.Root
+nevisIdm.TechUser=nevisIdm.Root
diff --git a/patterns/50d6c91ace65f52fa56d7113_roleManagementFile/authorizationConfig.properties b/patterns/50d6c91ace65f52fa56d7113_roleManagementFile/authorizationConfig.properties
new file mode 100644
index 0000000..a8ce363
--- /dev/null
+++ b/patterns/50d6c91ace65f52fa56d7113_roleManagementFile/authorizationConfig.properties
@@ -0,0 +1,30 @@
+# -- defines which role is allowed to modify or delete which other role
+# ---------------------------------------------------------------------
+
+# -- not used
+nevisIdm.SelfAdmin=
+nevisIdm.Impersonator=
+nevisIdm.TechUser=
+nevisIdm.BatchJobAdmin=
+nevisIdm.SoapTechAccessReadOnly=
+nevisIdm.EnterpriseRoleOwner=
+nevisIdm.MainAppOwner=
+
+# -- low priviledge, not accessing users or not modifiying them
+nevisIdm.Helpdesk=nevisIdm.SelfAdmin
+nevisIdm.TemplateAdmin=nevisIdm.SelfAdmin
+nevisIdm.UserAndUnitAdmin=nevisIdm.SelfAdmin
+nevisIdm.AppAdmin=nevisIdm.SelfAdmin
+
+
+# -- medium priviledge admin tasks
+nevisIdm.UserAdmin=nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
+nevisIdm.AppOwner=nevisIdm.AppOwner,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin
+nevisIdm.EnterpriseRoleAdmin=nevisIdm.EnterpriseRoleAdmin,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
+nevisIdm.ClientRoot=nevisIdm.ClientRoot,nevisIdm.UserAdmin,nevisIdm.SelfAdmin,nevisIdm.Helpdesk,nevisIdm.TemplateAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.AppAdmin,nevisIdm.AppOwner
+
+# -- tech user access
+nevisIdm.SoapTechAccess=nevisIdm.SelfAdmin,nevisIdm.UserAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.MainAppOwner,nevisIdm.AppOwner,nevisIdm.Helpdesk,nevisIdm.TechUser,nevisIdm.AppAdmin,nevisIdm.SoapTechAccess,nevisIdm.SoapTechAccessReadOnly,nevisIdm.TemplateAdmin,nevisIdm.EnterpriseRoleOwner
+
+# -- priviledged account, high priviledge admin tasks, only exceptional usage
+nevisIdm.Root=nevisIdm.SelfAdmin,nevisIdm.UserAdmin,nevisIdm.UserAndUnitAdmin,nevisIdm.MainAppOwner,nevisIdm.AppOwner,nevisIdm.Helpdesk,nevisIdm.TechUser,nevisIdm.AppAdmin,nevisIdm.SoapTechAccess,nevisIdm.SoapTechAccessReadOnly,nevisIdm.Root,nevisIdm.TemplateAdmin,nevisIdm.ClientRoot,nevisIdm.Impersonator,nevisIdm.EnterpriseRoleAdmin,nevisIdm.EnterpriseRoleOwner
diff --git a/patterns/50d6c91ace65f52fa56d7113_rolePermissionsFile/agov-rolesMapping.properties b/patterns/50d6c91ace65f52fa56d7113_rolePermissionsFile/agov-rolesMapping.properties
new file mode 100644
index 0000000..24b3097
--- /dev/null
+++ b/patterns/50d6c91ace65f52fa56d7113_rolePermissionsFile/agov-rolesMapping.properties
@@ -0,0 +1,50 @@
+# -- base admin roles (AGOV specific role definition)
+# ------------------------------------------------------
+
+## user administrator (reduced rightd; CLIENT, UNIT)
+nevisIdm.UserAdmin=ApplicationView,AuthorizationSearch,AuthorizationApplView,AuthorizationClientView,AuthorizationUnitView,AuthorizationView,ClientSearch,ClientView,CredentialChangeState,CredentialCreate,CredentialSearch,CredentialView,EntityAttributeAccessOverride,ProfileCreate,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitSearch,UnitView,UserCreate,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,CollectionView,GenerateReport,SearchResultsExport,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
+
+## user and unit administrator (same as above + unit mgmt; CLIENT, UNIT)
+nevisIdm.UserAndUnitAdmin=ApplicationView,AuthorizationSearch,AuthorizationApplView,AuthorizationClientView,AuthorizationUnitView,AuthorizationView,ClientSearch,ClientView,CredentialChangeState,CredentialCreate,CredentialSearch,CredentialView,EntityAttributeAccessOverride,ProfileCreate,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitCreate,UnitDelete,UnitModify,UnitSearch,UnitView,UserCreate,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,CollectionView,GenerateReport,SearchResultsExport,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
+
+
+## General read-only access (CLIENT,UNIT,APPL)
+nevisIdm.Helpdesk=UserSearch,UserView,ProfileSearch,ProfileView,CredentialSearch,CredentialView,UnitSearch,UnitView,ApplicationSearch,ApplicationView,RoleSearch,RoleView,AuthorizationSearch,AuthorizationView,AuthorizationApplView,AuthorizationApplSearch,AuthorizationUnitSearch,AuthorizationUnitView,PropertySearch,PropertyAllowedValueSearch,PropertyValueSearch,ClientSearch,ClientView,SearchResultsExport,ClientApplView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,HistoryView
+
+## Basic L2 Task (Modify User; CLIENT,UNIT)
+nevisIdm.TemplateAdmin=ApplicationSearch,ApplicationView,AuthorizationApplSearch,AuthorizationApplView,AuthorizationClientView,AuthorizationSearch,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,ClientApplView,ClientSearch,ClientView,CollectionView,CredentialSearch,CredentialView,EntityAttributeAccessOverride,GenerateReport,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyAttributeAccessOverride,PropertySearch,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,SearchResultsExport,UnitSearch,UnitView,UserModify,UserSearch,UserView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,HistoryView
+
+## Management of Application Access (CLIENT, UNIT, APPL)
+nevisIdm.AppOwner=ApplicationSearch,ApplicationView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationView,ClientApplView,ClientSearch,ClientView,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitSearch,UnitView,UserSearch,UserView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
+
+## Management of base-date changes in nevisIdm (non user related; CLIENT)
+nevisIdm.AppAdmin=ApplicationCreate,ApplicationModify,ApplicationSearch,ApplicationView,BatchJobExecute,BatchJobView,ClientCreate,ClientModify,ClientApplAssign,ClientApplView,ClientSearch,ClientView,EntityAttributeAccessOverride,PersistentQueueRetry,PersistentQueueDelete,PersistentQueueView,PolicyConfigurationCreate,PolicyConfigurationModify,PolicyConfigurationSearch,PolicyConfigurationView,PropertyAllowedValueCreate,PropertyAllowedValueDelete,PropertyAllowedValueModify,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyCreate,PropertyDelete,PropertyModify,PropertySearch,PropertyValueSearch,PropertyValueView,PropertyView,RoleCreate,RoleDelete,RoleModify,RoleSearch,RoleView,UnitCreate,UnitCreateTopUnit,UnitDelete,UnitModify,UnitSearch,UnitView,PropertyAttributeAccessOverride,HistoryView,TemplateStore,CollectionView,CollectionCreate,CollectionModify,CollectionDelete,TemplateView,TemplateCreate,TemplateModify,TemplateDelete,TemplateTextView,TemplateTextCreate,TemplateTextModify,TemplateTextDelete,UnitCredPolicyView,UnitCredPolicyCreate,UnitCredPolicyDelete
+
+# -- Priviledged admin roles (AGOV specific role definition)
+# ------------------------------------------------------
+
+## Assign IDM User and Account management roles (CLIENT)
+nevisIdm.EnterpriseRoleAdmin=ApplicationSearch,ApplicationView,AuthorizationApplSearch,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationView,ClientApplView,ClientSearch,ClientView,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitCredPolicyView,UnitSearch,UnitView,UserSearch,UserView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView
+
+
+
+## Archive User and Profiles (CLIENT)
+nevisIdm.ClientRoot=ApplicationSearch,ApplicationView,AuthorizationDelete,AuthorizationSearch,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,ClientApplView,ClientSearch,ClientView,CredentialChangeState,CredentialDelete,CredentialSearch,CredentialView,EntityAttributeAccessOverride,ProfileArchive,ProfileDelete,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueDelete,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,UnitSearch,UnitView,UserArchive,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,HistoryView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,EnterpriseRoleMemberSearch,EnterpriseRoleView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,HistoryView
+
+
+# -- Root and tech user roles, in use with AGOV (definition as in product default)
+# ------------------------------------------------------
+## Super-user role over all clients (GLOBAL)
+nevisIdm.Root=ApplicationCreate,ApplicationDelete,ApplicationModify,ApplicationSearch,ApplicationView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,BatchJobExecute,BatchJobView,ClientCreate,ClientDelete,ClientModify,ClientApplAssign,ClientApplDelete,ClientApplView,ClientSearch,ClientView,CredentialChangeState,CredentialCreate,CredentialDelete,CredentialModify,CredentialSearch,CredentialView,EntityAttributeAccessOverride,PersistentQueueRetry,PersistentQueueDelete,PersistentQueueView,PolicyConfigurationCreate,PolicyConfigurationDelete,PolicyConfigurationModify,PolicyConfigurationSearch,PolicyConfigurationView,ProfileArchive,ProfileCreate,ProfileDelete,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueCreate,PropertyAllowedValueDelete,PropertyAllowedValueModify,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyCreate,PropertyDelete,PropertyModify,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleCreate,RoleDelete,RoleModify,RoleSearch,RoleView,SelfAdmin,UnitCreate,UnitCreateTopUnit,UnitDelete,UnitModify,UnitSearch,UnitView,UserArchive,UserCreate,UserDelete,UserModify,UserSearch,UserView,PropertyAttributeAccessOverride,HistoryView,LoginIdOverride,TemplateStore,CollectionView,CollectionCreate,CollectionModify,CollectionDelete,TemplateView,TemplateCreate,TemplateModify,TemplateDelete,TemplateTextView,TemplateTextCreate,TemplateTextModify,TemplateTextDelete,GenerateReport,SearchResultsExport,CredentialViewPlainValue,DeputyCreate,DeputyDelete,UnitCredPolicyView,UnitCredPolicyCreate,UnitCredPolicyDelete,UserCreateTechUser,UserModifyTechUser,UserDeleteTechUser,UserArchiveTechUser,CredentialPdfView,EnterpriseAuthorizationCreate,EnterpriseAuthorizationDelete,EnterpriseAuthorizationModify,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleCreate,AuthorizationEnterpriseRoleDelete,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleCreate,EnterpriseRoleModify,EnterpriseRoleDelete,EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberCreate,EnterpriseRoleMemberDelete,EnterpriseRoleMemberSearch,PersonalQuestionSearch,PersonalQuestionView,PersonalQuestionCreate,PersonalQuestionModify,PersonalQuestionDelete,LoginIdModify,TermsView,TermsCreate,TermsModify,TermsDelete,ConsentCreate,ConsentView
+## technical web service users (CLIENT,UNIT,APPL)
+nevisIdm.SoapTechAccess=ApplicationCreate,ApplicationDelete,ApplicationModify,ApplicationSearch,ApplicationView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,BatchJobExecute,BatchJobView,ClientCreate,ClientDelete,ClientModify,ClientApplAssign,ClientApplDelete,ClientApplView,ClientSearch,ClientView,CredentialChangeState,CredentialCreate,CredentialDelete,CredentialModify,CredentialSearch,CredentialView,PersistentQueueRetry,PersistentQueueDelete,PersistentQueueView,PolicyConfigurationCreate,PolicyConfigurationDelete,PolicyConfigurationModify,PolicyConfigurationSearch,PolicyConfigurationView,ProfileArchive,ProfileCreate,ProfileDelete,ProfileModify,ProfileSearch,ProfileView,PropertyAllowedValueCreate,PropertyAllowedValueDelete,PropertyAllowedValueModify,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyCreate,PropertyDelete,PropertyModify,PropertySearch,PropertyValueCreate,PropertyValueDelete,PropertyValueModify,PropertyValueSearch,PropertyValueView,PropertyView,RoleCreate,RoleDelete,RoleModify,RoleSearch,RoleView,SelfAdmin,UnitCreate,UnitCreateTopUnit,UnitDelete,UnitModify,UnitSearch,UnitView,UserArchive,UserCreate,UserDelete,UserModify,UserSearch,UserView,TemplateStore,CollectionView,CollectionCreate,CollectionModify,CollectionDelete,TemplateView,TemplateCreate,TemplateModify,TemplateDelete,TemplateTextView,TemplateTextCreate,TemplateTextModify,TemplateTextDelete,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,CredentialViewPlainValue,UnitCredPolicyView,UnitCredPolicyCreate,UnitCredPolicyDelete,EnterpriseAuthorizationCreate,EnterpriseAuthorizationDelete,EnterpriseAuthorizationModify,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleCreate,AuthorizationEnterpriseRoleDelete,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleCreate,EnterpriseRoleModify,EnterpriseRoleDelete,EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberCreate,EnterpriseRoleMemberDelete,EnterpriseRoleMemberSearch,HistoryView,PersonalQuestionSearch,PersonalQuestionView,PersonalQuestionCreate,PersonalQuestionModify,PersonalQuestionDelete,LoginIdModify,ConsentCreate,ConsentView
+## technical web service user with ReadOnly access (CLIENT,UNIT,APPL)
+nevisIdm.SoapTechAccessReadOnly=ApplicationSearch,ApplicationView,AuthorizationSearch,AuthorizationApplSearch,AuthorizationApplView,AuthorizationUnitSearch,AuthorizationUnitView,AuthorizationView,ClientApplView,ClientSearch,ClientView,CredentialSearch,CredentialView,ProfileSearch,ProfileView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,RoleView,SelfAdmin,UnitSearch,UnitView,UserSearch,UserView,TemplateStore,CollectionView,TemplateView,TemplateTextView,PersistentQueueView,PolicyConfigurationSearch,PolicyConfigurationView,AuthorizationClientSearch,AuthorizationClientView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberSearch,HistoryView,PersonalQuestionSearch,PersonalQuestionView
+
+# -- not used by AGOV (definition as in product default)
+# ------------------------------------------------------
+nevisIdm.EnterpriseRoleOwner=EnterpriseRoleSearch,EnterpriseRoleView,EnterpriseRoleMemberSearch,EnterpriseAuthorizationCreate,EnterpriseAuthorizationDelete,EnterpriseAuthorizationModify,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,AuthorizationSearch,AuthorizationView,ClientSearch,ClientView,UserSearch,UserView,ProfileSearch,ProfileView,UnitSearch,ApplicationSearch,ApplicationView,RoleSearch,RoleView,CollectionView,PropertySearch,PropertyView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertyValueSearch,PropertyValueView,SearchResultsExport,PersonalQuestionSearch,PersonalQuestionView
+nevisIdm.Impersonator=
+nevisIdm.MainAppOwner=ApplicationSearch,ApplicationView,PropertyAllowedValueSearch,PropertyAllowedValueView,PropertySearch,PropertyValueSearch,PropertyValueView,PropertyView,RoleSearch,UnitSearch,AuthorizationUnitSearch,AuthorizationApplCreate,AuthorizationApplDelete,AuthorizationApplSearch,AuthorizationApplView,AuthorizationCreate,AuthorizationDelete,AuthorizationModify,AuthorizationSearch,AuthorizationView,ProfileSearch,ProfileView,UserSearch,UserView,RoleView,AuthorizationUnitCreate,AuthorizationUnitDelete,AuthorizationUnitSearch,AuthorizationUnitView,CollectionView,ClientSearch,ClientView,SearchResultsExport,AuthorizationClientCreate,AuthorizationClientDelete,AuthorizationClientSearch,AuthorizationClientView,ClientApplView,EnterpriseAuthorizationSearch,EnterpriseAuthorizationView,AuthorizationEnterpriseRoleSearch,AuthorizationEnterpriseRoleView,EnterpriseRoleSearch,PersonalQuestionSearch,PersonalQuestionView,TermsView,TermsCreate,TermsModify,TermsDelete
+nevisIdm.SelfAdmin=SelfAdmin,LoginIdModify
+nevisIdm.TechUser=
diff --git a/patterns/56955e7b6b92c254d7d1aae1_authStatesFile/fetchUser.xml b/patterns/56955e7b6b92c254d7d1aae1_authStatesFile/fetchUser.xml
new file mode 100644
index 0000000..039bad5
--- /dev/null
+++ b/patterns/56955e7b6b92c254d7d1aae1_authStatesFile/fetchUser.xml
@@ -0,0 +1,48 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/56955e7b6b92c254d7d1aae1_resources/selectIdmProfile.groovy b/patterns/56955e7b6b92c254d7d1aae1_resources/selectIdmProfile.groovy
new file mode 100644
index 0000000..4951a61
--- /dev/null
+++ b/patterns/56955e7b6b92c254d7d1aae1_resources/selectIdmProfile.groovy
@@ -0,0 +1,74 @@
+import groovy.xml.XmlSlurper
+
+def idmSeverityRoleMap = [
+ "EnterpriseRoleAdmin": [11, "op-idmlogin.role.accs-mgmt-idm"],
+ "ClientRoot": [12, "op-idmlogin.role.support-priv"],
+ "AppAdmin": [20, "op-idmlogin.role.idmcfg-mgmt"],
+ "AppOwner": [5, "op-idmlogin.role.accs-mgmt-nonidm"],
+ "UserAndUnitAdmin": [7, "op-idmlogin.role.usr-unit-mgmt"],
+ "UserAdmin": [6, "op-idmlogin.role.usr-mgmt"],
+ "TemplateAdmin": [10, "op-idmlogin.role.support-basic"],
+ "Helpdesk": [1, "op-idmlogin.role.readonly-access" ]
+]
+
+try {
+ def dtoString = session['ch.adnovum.nevisidm.userDto']
+
+ def idmDto = new XmlSlurper().parseText(dtoString)
+ def idmPrfMap = idmDto.'**'.findAll
+ { prf -> prf.name() == 'profiles'
+ && prf.'**'.find
+ { role -> role.name() == 'roles'
+ && role.applicationName.text() == 'nevisIdm'
+ }
+ }.collectEntries { prf -> [ prf.extId.text(),
+ prf.'**'.findAll
+ { role -> role.name() == 'roles'
+ && role.applicationName.text() == 'nevisIdm'
+ }.collect{ rolePrioEntry -> idmSeverityRoleMap[rolePrioEntry.name.text()] ?: [1000, "DO-NOT-USE(${rolePrioEntry.name.text()})"]
+ }.sort { a, b -> a[0] <=> b[0] // sort by severity
+ }.last()[1] // take label of the ighest one
+ ] }
+
+ if ((inargs.getProperty('submit', '') == 'go') && idmPrfMap.containsKey(inargs.getProperty('profile_selection', 'missing'))) {
+
+ // user selected a profile which exists, we take it
+ def operationsProfileExtId = inargs.getProperty('profile_selection', 'missing')
+ LOG.info("User selected profile: ${operationsProfileExtId} '${idmPrfMap.get(operationsProfileExtId)}'")
+ response.setSessionAttribute('operationsProfileExtId', '' + operationsProfileExtId)
+ response.setResult('ok')
+ return
+
+ } else if (idmPrfMap.size() == 1) {
+
+ // we take the only profile, with an IDM role
+ def operationsProfileExtId = idmPrfMap.keySet().first()
+ LOG.info("taking the only profile with an idm role: ${operationsProfileExtId} '${idmPrfMap.get(operationsProfileExtId)}'")
+ response.setSessionAttribute('operationsProfileExtId', '' + operationsProfileExtId)
+ response.setResult('ok')
+ return
+
+ } else if (idmPrfMap.isEmpty()) {
+
+ // no profile with an IDM role, do nothing
+ response.setResult('ok')
+ return
+
+ } else {
+
+ // user should select a profile
+ response.setGuiName('op_idmlogin_select_profile')
+ idmPrfMap.each {
+ response.addRadioGuiField('profile_selection', it.value, it.key)
+ }
+ response.addButtonGuiField('submit', 'general.continue', 'go')
+
+ response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE)
+ return
+ }
+} catch (Exception e) {
+ def errorMsg = "Failed to process profile selection: ${e.getMessage()}"
+ LOG.error(errorMsg, e)
+ response.setError(9901, errorMsg)
+ response.setResult('error')
+}
\ No newline at end of file
diff --git a/patterns/6df66943ca713eed2a25d935_labels/labels.zip b/patterns/6df66943ca713eed2a25d935_labels/labels.zip
new file mode 100644
index 0000000..983af44
Binary files /dev/null and b/patterns/6df66943ca713eed2a25d935_labels/labels.zip differ
diff --git a/patterns/6df66943ca713eed2a25d935_template/webdata.zip b/patterns/6df66943ca713eed2a25d935_template/webdata.zip
new file mode 100644
index 0000000..f2f78aa
Binary files /dev/null and b/patterns/6df66943ca713eed2a25d935_template/webdata.zip differ
diff --git a/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip b/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip
new file mode 100644
index 0000000..983af44
Binary files /dev/null and b/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip differ
diff --git a/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip b/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip
new file mode 100644
index 0000000..f2f78aa
Binary files /dev/null and b/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip differ
diff --git a/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip b/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip
new file mode 100644
index 0000000..983af44
Binary files /dev/null and b/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip differ
diff --git a/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip b/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip
new file mode 100644
index 0000000..f2f78aa
Binary files /dev/null and b/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip differ
diff --git a/patterns/9be76d365909bb2ec294569c_authStatesFile/OpOnbrdng-SamlServiceProvider-ProecessResponse.xml b/patterns/9be76d365909bb2ec294569c_authStatesFile/OpOnbrdng-SamlServiceProvider-ProecessResponse.xml
new file mode 100644
index 0000000..9c94ac1
--- /dev/null
+++ b/patterns/9be76d365909bb2ec294569c_authStatesFile/OpOnbrdng-SamlServiceProvider-ProecessResponse.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/AGOV_nevisIDM_Authorizations_50d6c91ace65f52fa56d7113.yml b/patterns/AGOV_nevisIDM_Authorizations_50d6c91ace65f52fa56d7113.yml
new file mode 100644
index 0000000..cf9ae38
--- /dev/null
+++ b/patterns/AGOV_nevisIDM_Authorizations_50d6c91ace65f52fa56d7113.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "50d6c91ace65f52fa56d7113"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMAuthorizationsAddon"
+ name: "AGOV nevisIDM Authorizations"
+ properties:
+ roleManagementFile: "res://50d6c91ace65f52fa56d7113#roleManagementFile"
+ roleAssignmentFile: "res://50d6c91ace65f52fa56d7113#roleAssignmentFile"
+ rolePermissionsFile: "res://50d6c91ace65f52fa56d7113#rolePermissionsFile"
diff --git a/patterns/AdditionalMimeTypes_d9c194064d834ad41843ff4e.yml b/patterns/AdditionalMimeTypes_d9c194064d834ad41843ff4e.yml
new file mode 100644
index 0000000..b8fcba9
--- /dev/null
+++ b/patterns/AdditionalMimeTypes_d9c194064d834ad41843ff4e.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "d9c194064d834ad41843ff4e"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.GenericHostContextSettings"
+ name: "AdditionalMimeTypes"
+ properties:
+ mimeMappings: "\n ipa\n application/octet-stream\n\
+ "
diff --git a/patterns/ArtAccessPolicy_ae3127e7a6869fea8b850ad9.yml b/patterns/ArtAccessPolicy_ae3127e7a6869fea8b850ad9.yml
new file mode 100644
index 0000000..f58596b
--- /dev/null
+++ b/patterns/ArtAccessPolicy_ae3127e7a6869fea8b850ad9.yml
@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+ id: "ae3127e7a6869fea8b850ad9"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.AuthorizationPolicy"
+ name: "ArtAccessPolicy"
+ properties:
+ requiredRoles: "AGOV-Art.Access"
diff --git a/patterns/ArtReporting_4da72abf93d79d0698250e39.yml b/patterns/ArtReporting_4da72abf93d79d0698250e39.yml
new file mode 100644
index 0000000..12e3aec
--- /dev/null
+++ b/patterns/ArtReporting_4da72abf93d79d0698250e39.yml
@@ -0,0 +1,19 @@
+schemaVersion: "1.0"
+pattern:
+ id: "4da72abf93d79d0698250e39"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.WebApplicationAccess"
+ name: "ArtReporting"
+ properties:
+ host:
+ - "pattern://39ecde9a0d101628fed3e3be"
+ path: "/art/"
+ realm:
+ - "pattern://7518c6cc61e47eec6322ae17"
+ addons:
+ - "pattern://ae3127e7a6869fea8b850ad9"
+ backends: "var://artreporting-backend-addresses"
+ hostnameCheck: "disabled"
+ hostHeader: "backend"
+ responseRewrite: "header"
+ csrf: "off"
+ requestValidation: "var://op-admin-mod-security-mode-artreporting"
diff --git a/patterns/Authentication_Done_978626d19e57143eac5daa45.yml b/patterns/Authentication_Done_978626d19e57143eac5daa45.yml
new file mode 100644
index 0000000..edc3176
--- /dev/null
+++ b/patterns/Authentication_Done_978626d19e57143eac5daa45.yml
@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+ id: "978626d19e57143eac5daa45"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.AuthenticationDone"
+ name: "Authentication Done"
+ label: "Common"
+ properties: {}
diff --git a/patterns/Authentication_Failed_700ec185425d8645fea2caf5.yml b/patterns/Authentication_Failed_700ec185425d8645fea2caf5.yml
new file mode 100644
index 0000000..14f3e54
--- /dev/null
+++ b/patterns/Authentication_Failed_700ec185425d8645fea2caf5.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "700ec185425d8645fea2caf5"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.AuthenticationFailed"
+ name: "Authentication Failed"
+ label: "Common"
+ properties:
+ code: "403"
diff --git a/patterns/DefaulErrorPages_58ece0328f5bf4d78e1a82d2.yml b/patterns/DefaulErrorPages_58ece0328f5bf4d78e1a82d2.yml
new file mode 100644
index 0000000..ec0e980
--- /dev/null
+++ b/patterns/DefaulErrorPages_58ece0328f5bf4d78e1a82d2.yml
@@ -0,0 +1,21 @@
+schemaVersion: "1.0"
+pattern:
+ id: "58ece0328f5bf4d78e1a82d2"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.GenericHostContextSettings"
+ name: "DefaulErrorPages"
+ label: "UTILS"
+ properties:
+ filters: "\n DefaultErrorFilter\n ch::nevis::isiweb4::filter::error::ErrorFilter\n\
+ \ \n StatusCode\n \n\
+ \ 400:file:/resources/errorPages/404.html:reset-header:reset-status-code\n\
+ \ 403:file:/resources/errorPages/403.html:reset-header:reset-status-code\n\
+ \t 404:file:/resources/errorPages/404.html:reset-header:reset-status-code\n\
+ \ 500:file:/resources/errorPages/500.html:reset-header:reset-status-code\n\
+ \ 502:file:/resources/errorPages/502.html:reset-header:reset-status-code\n\
+ \ \n \n \n CheckAcceptHeader\n\
+ \ true\n \n \n\
+ \ PlaceHolders\n \n \
+ \ TransferIdHolder:TRANSFER_ID\n TimestampHolder:TIMESTAMP\n\
+ \ \n \n"
+ filterMappings: "automatic"
+ phase: "START"
diff --git a/patterns/GreenMail_f010ec68088ebd56349c7135.yml b/patterns/GreenMail_f010ec68088ebd56349c7135.yml
new file mode 100644
index 0000000..f0312b4
--- /dev/null
+++ b/patterns/GreenMail_f010ec68088ebd56349c7135.yml
@@ -0,0 +1,17 @@
+schemaVersion: "1.0"
+pattern:
+ id: "f010ec68088ebd56349c7135"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.WebApplicationAccess"
+ name: "GreenMail"
+ properties:
+ host:
+ - "pattern://39ecde9a0d101628fed3e3be"
+ path: "/mail/"
+ realm:
+ - "pattern://7518c6cc61e47eec6322ae17"
+ backends: "var://greenmail-backend-addresses"
+ hostnameCheck: "disabled"
+ hostHeader: "backend"
+ responseRewrite: "header"
+ csrf: "off"
+ requestValidation: "var://op-admin-mod-security-mode-greenmail"
diff --git a/patterns/IDM_DB_TLS_TrustStore_d356ddfbaf34aa51ae1e20e7.yml b/patterns/IDM_DB_TLS_TrustStore_d356ddfbaf34aa51ae1e20e7.yml
new file mode 100644
index 0000000..4f102c1
--- /dev/null
+++ b/patterns/IDM_DB_TLS_TrustStore_d356ddfbaf34aa51ae1e20e7.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "d356ddfbaf34aa51ae1e20e7"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.PemTrustStoreProvider"
+ name: "IDM_DB_TLS_TrustStore"
+ label: "IDM"
+ properties:
+ truststoreFile: "var://idm_db_tls_truststore-trusted-certificates"
diff --git a/patterns/IDM_DB_ca0629d86201d4c4ac857d60.yml b/patterns/IDM_DB_ca0629d86201d4c4ac857d60.yml
new file mode 100644
index 0000000..8f22af1
--- /dev/null
+++ b/patterns/IDM_DB_ca0629d86201d4c4ac857d60.yml
@@ -0,0 +1,25 @@
+schemaVersion: "1.0"
+pattern:
+ id: "ca0629d86201d4c4ac857d60"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMDatabase"
+ name: "IDM_DB"
+ label: "IDM"
+ properties:
+ type: "var://idm_db-database-type"
+ hosts: "var://idm_db-database-host"
+ database: "var://idm_db-database-name"
+ rootCredential: "var://idm_db-root-credential"
+ rootCredentialNamespace: "var://idm_db-root-credential-namespace"
+ user: "var://idm_db-database-user"
+ password: "var://idm_db-database-password"
+ encryption: "var://idm_db-tls-encryption"
+ trustStore:
+ - "pattern://d356ddfbaf34aa51ae1e20e7"
+ jdbcDriver: "var://idm_db-database-jdbc-driver"
+ oracleVolumeClaimName: "var://idm_db-database-volume-claim"
+ oracleIndexTablespaceName: "var://idm_db-index-tablespace"
+ oracleDataTablespaceName: "var://idm_db-data-tablespace"
+ oracleApplicationRoleName: "var://idm_db-application-role"
+ oracleOwnerRoleName: "var://idm_db-owner-role"
+ databaseManagement: "var://agov_admin_idm-db-management"
+ connectionUrl: "var://idm_db-database-connection-url"
diff --git a/patterns/IDM_Prune_History_Job_0957497767812057fbf138cf.yml b/patterns/IDM_Prune_History_Job_0957497767812057fbf138cf.yml
new file mode 100644
index 0000000..987631f
--- /dev/null
+++ b/patterns/IDM_Prune_History_Job_0957497767812057fbf138cf.yml
@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+ id: "0957497767812057fbf138cf"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMPruneHistoryJob"
+ name: "IDM Prune History Job"
+ label: "Batch"
+ properties: {}
diff --git a/patterns/IDM_Prune_Shadow_Accounts_Job_3600b7d00b6427226e451f8d.yml b/patterns/IDM_Prune_Shadow_Accounts_Job_3600b7d00b6427226e451f8d.yml
new file mode 100644
index 0000000..9126f13
--- /dev/null
+++ b/patterns/IDM_Prune_Shadow_Accounts_Job_3600b7d00b6427226e451f8d.yml
@@ -0,0 +1,28 @@
+schemaVersion: "1.0"
+pattern:
+ id: "3600b7d00b6427226e451f8d"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMGenericBatchJob"
+ name: "IDM Prune Shadow Accounts Job"
+ label: "Batch"
+ properties:
+ job: "\n \n \n \n \n \n \n\
+ \ \n \n \n\
+ \ \n\n"
+ trigger: "\n \n \n \n"
diff --git a/patterns/IDM_admin_Settings_fe4a248ac7b092a6a80624f1.yml b/patterns/IDM_admin_Settings_fe4a248ac7b092a6a80624f1.yml
new file mode 100644
index 0000000..b7c619d
--- /dev/null
+++ b/patterns/IDM_admin_Settings_fe4a248ac7b092a6a80624f1.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "fe4a248ac7b092a6a80624f1"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMAdvancedSettings"
+ name: "IDM_admin_Settings"
+ label: "IDM"
+ notes: "https://aww.sso.adnovum.com/confluence/pages/viewpage.action?pageId=263860693#NevisIDMdatastructure/configuration-IDMinstanceconcept"
+ properties:
+ properties: "var://idm-admin-settings"
diff --git a/patterns/IDM_batch_DB_0d4bbba28a4a76094d41df81.yml b/patterns/IDM_batch_DB_0d4bbba28a4a76094d41df81.yml
new file mode 100644
index 0000000..b3c9eb0
--- /dev/null
+++ b/patterns/IDM_batch_DB_0d4bbba28a4a76094d41df81.yml
@@ -0,0 +1,21 @@
+schemaVersion: "1.0"
+pattern:
+ id: "0d4bbba28a4a76094d41df81"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMDatabase"
+ name: "IDM_batch_DB"
+ label: "IDM"
+ properties:
+ type: "var://idm_db-database-type"
+ hosts: "var://idm_db-database-host"
+ database: "var://idm_db-database-name"
+ rootCredential: "var://idm_db-root-credential"
+ rootCredentialNamespace: "var://idm_db-root-credential-namespace"
+ user: "var://idm_db-database-user"
+ password: "var://idm_db-database-password"
+ encryption: "var://idm_db-tls-encryption"
+ trustStore:
+ - "pattern://d356ddfbaf34aa51ae1e20e7"
+ jdbcDriver: "var://idm_db-database-jdbc-driver"
+ oracleVolumeClaimName: "var://idm_db-database-volume-claim"
+ databaseManagement: "disabled"
+ connectionUrl: "var://idm_db-database-connection-url"
diff --git a/patterns/IDM_batch_Settings_0116b3002d0e713e23e6be72.yml b/patterns/IDM_batch_Settings_0116b3002d0e713e23e6be72.yml
new file mode 100644
index 0000000..187c2ad
--- /dev/null
+++ b/patterns/IDM_batch_Settings_0116b3002d0e713e23e6be72.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "0116b3002d0e713e23e6be72"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMAdvancedSettings"
+ name: "IDM_batch_Settings"
+ label: "IDM"
+ notes: "https://aww.sso.adnovum.com/confluence/pages/viewpage.action?pageId=263860693#NevisIDMdatastructure/configuration-IDMinstanceconcept"
+ properties:
+ properties: "var://idm-batch-settings"
diff --git a/patterns/Log_Login_User_a7b62b3dea12ecfc81ecc855.yml b/patterns/Log_Login_User_a7b62b3dea12ecfc81ecc855.yml
new file mode 100644
index 0000000..af1ecb9
--- /dev/null
+++ b/patterns/Log_Login_User_a7b62b3dea12ecfc81ecc855.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "a7b62b3dea12ecfc81ecc855"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GroovyScriptStep"
+ name: "Log_Login_User"
+ properties:
+ scriptFile: "res://a7b62b3dea12ecfc81ecc855#scriptFile"
+ scriptTraceGroup: "AGOVOP-ACCT"
diff --git a/patterns/NEVIS_SecToken_271d024334021208b71ac80a.yml b/patterns/NEVIS_SecToken_271d024334021208b71ac80a.yml
new file mode 100644
index 0000000..ea110ca
--- /dev/null
+++ b/patterns/NEVIS_SecToken_271d024334021208b71ac80a.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "271d024334021208b71ac80a"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.SecToken"
+ name: "NEVIS SecToken"
+ label: "Admin"
+ properties:
+ keystore:
+ - "pattern://02cc34b35d83a306f48abe47"
diff --git a/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml b/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml
new file mode 100644
index 0000000..8060dca
--- /dev/null
+++ b/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml
@@ -0,0 +1,24 @@
+schemaVersion: "1.0"
+pattern:
+ id: "6df66943ca713eed2a25d935"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm"
+ name: "OP-ONBRDNG-AuthenticationRealm"
+ properties:
+ authenticate:
+ - "pattern://2787b678d9cce5310a335419"
+ auth:
+ - "pattern://ac27dd7daad0ca2b7229bfaf"
+ signerTrustStore:
+ - "pattern://c4f291a121b2d19157049cdc"
+ logrend:
+ - "pattern://8401da6318c6915d689cdfc9"
+ template: "res://6df66943ca713eed2a25d935#template"
+ labels: "res://6df66943ca713eed2a25d935#labels"
+ labelsMode: "combined"
+ defaultLabels: "enabled"
+ sessionTracking: "COOKIE"
+ cookieName: "OP-ONBRDNG"
+ cookieSameSite: "Lax"
+ initialSessionTimeout: "20m"
+ sessionTimeout: "20m"
+ langCookieDomain: "var://admin-language-cookie-domain"
diff --git a/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml b/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml
new file mode 100644
index 0000000..3043b28
--- /dev/null
+++ b/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml
@@ -0,0 +1,15 @@
+schemaVersion: "1.0"
+pattern:
+ id: "9415bf61610843e0f5c77e39"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.AuthenticationFlow"
+ name: "OP-ONBRDNG-Entry-Point"
+ properties:
+ host:
+ - "pattern://39ecde9a0d101628fed3e3be"
+ path: "/AUTH/ONBOARDING/"
+ realm:
+ - "pattern://6df66943ca713eed2a25d935"
+ flow:
+ - "pattern://2787b678d9cce5310a335419"
+ addons:
+ - "pattern://f02bc0de60aad829670e4c5b"
diff --git a/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml b/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml
new file mode 100644
index 0000000..fd0a821
--- /dev/null
+++ b/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "f02bc0de60aad829670e4c5b"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.RequestValidationSettings"
+ name: "OP-ONBRDNG-ModSecuritySettings"
+ properties:
+ scope: "all"
+ logOnlyMode: "var://op-admin-mod-security-op-onboarding-log-only-mode"
+ level: "var://op-admin-mod-security-op-onboarding-paranoia-level"
diff --git a/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml b/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml
new file mode 100644
index 0000000..3e3253a
--- /dev/null
+++ b/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "fd3912c7af7a88b6342a4c78"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "OP-ONBRDNG-PostProcessing"
+ properties:
+ authStatesFile: "res://fd3912c7af7a88b6342a4c78#authStatesFile"
+ onSuccess:
+ - "pattern://50ca1ad35a73847a81e2ece8"
+ onFailure:
+ - "pattern://2787b678d9cce5310a335419"
+ resources: "res://fd3912c7af7a88b6342a4c78#resources"
diff --git a/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml b/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml
new file mode 100644
index 0000000..2b4ec0a
--- /dev/null
+++ b/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "2787b678d9cce5310a335419"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "OP-ONBRDNG-PreProcessing"
+ properties:
+ authStatesFile: "res://2787b678d9cce5310a335419#authStatesFile"
+ nextSteps:
+ - "pattern://d56823f55065139ba437dc5c"
+ - "pattern://9be76d365909bb2ec294569c"
+ resources: "res://2787b678d9cce5310a335419#resources"
diff --git a/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml b/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml
new file mode 100644
index 0000000..a5a1d9d
--- /dev/null
+++ b/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "d56823f55065139ba437dc5c"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "OP-ONBRDNG-SamlServiceProvider-AuthnRequest"
+ properties:
+ authStatesFile: "res://d56823f55065139ba437dc5c#authStatesFile"
+ parameters: "var://op-samlserviceprovider-parameters"
+ onSuccess:
+ - "pattern://fd3912c7af7a88b6342a4c78"
+ onFailure:
+ - "pattern://2787b678d9cce5310a335419"
diff --git a/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml b/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml
new file mode 100644
index 0000000..f0f0b87
--- /dev/null
+++ b/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "9be76d365909bb2ec294569c"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "OP-ONBRDNG-SamlServiceProvider-ProcessResponse"
+ properties:
+ authStatesFile: "res://9be76d365909bb2ec294569c#authStatesFile"
+ parameters: "var://op-samlserviceprovider-parameters"
+ onSuccess:
+ - "pattern://fd3912c7af7a88b6342a4c78"
+ onFailure:
+ - "pattern://fd3912c7af7a88b6342a4c78"
diff --git a/patterns/ObservabilitySettings_f4e909fcaf0ae3f6effb28ae.yml b/patterns/ObservabilitySettings_f4e909fcaf0ae3f6effb28ae.yml
new file mode 100644
index 0000000..06abff5
--- /dev/null
+++ b/patterns/ObservabilitySettings_f4e909fcaf0ae3f6effb28ae.yml
@@ -0,0 +1,15 @@
+schemaVersion: "1.0"
+pattern:
+ id: "f4e909fcaf0ae3f6effb28ae"
+ className: "ch.nevis.admin.v4.plugin.base.generation.patterns.JavaObservability"
+ name: "ObservabilitySettings"
+ properties:
+ type: "OpenTelemetry"
+ configuration: "otel.service.name = ${service.name}\notel.resource.attributes\
+ \ = service.version=${version}\notel.exporter.otlp.protocol = http/protobuf\n\
+ otel.exporter.otlp.traces.protocol = http/protobuf\notel.exporter.otlp.traces.endpoint\
+ \ = ${tracesEndpoint}\notel.exporter.otlp.metrics.protocol = http/protobuf\n\
+ otel.exporter.otlp.metrics.endpoint = ${metricsEndpoint}\notel.exporter.otlp.metrics.temporality.preference\
+ \ = cumulative\notel.exporter.otlp.logs.protocol = http/protobuf\notel.exporter.otlp.logs.endpoint\
+ \ = ${logsEndpoint}"
+ parameters: "var://observabilitysettings"
diff --git a/patterns/Operations_admin_signer_PEM_Key_Store_5bb4298ac076c30a3504da0a.yml b/patterns/Operations_admin_signer_PEM_Key_Store_5bb4298ac076c30a3504da0a.yml
new file mode 100644
index 0000000..3aae1d9
--- /dev/null
+++ b/patterns/Operations_admin_signer_PEM_Key_Store_5bb4298ac076c30a3504da0a.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "5bb4298ac076c30a3504da0a"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.PemKeyStoreProvider"
+ name: "Operations admin signer PEM Key Store"
+ label: "Operations"
+ properties:
+ keystoreFiles: "var://agov_operations_pem_signer-key-store-content"
+ keyPass: "var://operations-admin-signer-pem-key-store-private-key-passphrase"
diff --git a/patterns/ProxyObservabilitySettings_31ae68f6cc8ade7258adce8d.yml b/patterns/ProxyObservabilitySettings_31ae68f6cc8ade7258adce8d.yml
new file mode 100644
index 0000000..f493d63
--- /dev/null
+++ b/patterns/ProxyObservabilitySettings_31ae68f6cc8ade7258adce8d.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "31ae68f6cc8ade7258adce8d"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.NevisProxyObservabilitySettings"
+ name: "ProxyObservabilitySettings"
+ properties:
+ traceExporterAddress: "var://proxyobservabilitysettings-tracesEndpoint"
+ metricsExporterAddress: "var://proxyobservabilitysettings-metricsEndpoint"
diff --git a/patterns/SAML_IDP_admin_Connector_7e94f2eb346f07f78440e884.yml b/patterns/SAML_IDP_admin_Connector_7e94f2eb346f07f78440e884.yml
new file mode 100644
index 0000000..638dae1
--- /dev/null
+++ b/patterns/SAML_IDP_admin_Connector_7e94f2eb346f07f78440e884.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "7e94f2eb346f07f78440e884"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlIdpConnector"
+ name: "SAML IDP admin Connector"
+ label: "Operations"
+ properties:
+ issuer: "var://saml-idp-admin-connector-idp-issuer"
+ url: "var://saml-idp-admin-connector-idp-url"
+ signatureValidation:
+ - "recommended"
+ signerTrust:
+ - "pattern://2d301dab7ec7c6673f1fb58a"
+ properties: "var://saml-idp-admin-connector-properties"
diff --git a/patterns/SAML_IDP_admin_Connector_Trust_Store_2d301dab7ec7c6673f1fb58a.yml b/patterns/SAML_IDP_admin_Connector_Trust_Store_2d301dab7ec7c6673f1fb58a.yml
new file mode 100644
index 0000000..03b9e36
--- /dev/null
+++ b/patterns/SAML_IDP_admin_Connector_Trust_Store_2d301dab7ec7c6673f1fb58a.yml
@@ -0,0 +1,7 @@
+schemaVersion: "1.0"
+pattern:
+ id: "2d301dab7ec7c6673f1fb58a"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.AutomaticTrustStoreProvider"
+ name: "SAML IDP admin Connector Trust_Store"
+ properties:
+ truststoreFile: "var://saml-idp-admin-connector-trusted-signer"
diff --git a/patterns/SAML_IDP_op_Connector_36af90d50b0d6ba66136dbde.yml b/patterns/SAML_IDP_op_Connector_36af90d50b0d6ba66136dbde.yml
new file mode 100644
index 0000000..9ea7930
--- /dev/null
+++ b/patterns/SAML_IDP_op_Connector_36af90d50b0d6ba66136dbde.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "36af90d50b0d6ba66136dbde"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlIdpConnector"
+ name: "SAML IDP op Connector"
+ properties:
+ issuer: "var://saml-idp-op-connector-idp-issuer"
+ url: "var://saml-idp-op-connector-idp-url"
+ signatureValidation:
+ - "recommended"
+ signerTrust:
+ - "pattern://ff4a6eb193eee1e38a5c8e85"
+ properties: "var://saml-idp-op-connector-properties"
diff --git a/patterns/SAML_IDP_op_Connector_Trust_Store_ff4a6eb193eee1e38a5c8e85.yml b/patterns/SAML_IDP_op_Connector_Trust_Store_ff4a6eb193eee1e38a5c8e85.yml
new file mode 100644
index 0000000..2cb32b1
--- /dev/null
+++ b/patterns/SAML_IDP_op_Connector_Trust_Store_ff4a6eb193eee1e38a5c8e85.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "ff4a6eb193eee1e38a5c8e85"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.AutomaticTrustStoreProvider"
+ name: "SAML IDP op Connector Trust_Store"
+ label: "Operations"
+ properties:
+ truststoreFile: "var://saml-idp-op-connector-trusted-signer"
diff --git a/patterns/SAML_SP_nevisidm_admin_Realm_6f9c9f982dcc7ef59a34f1f7.yml b/patterns/SAML_SP_nevisidm_admin_Realm_6f9c9f982dcc7ef59a34f1f7.yml
new file mode 100644
index 0000000..a4ee84e
--- /dev/null
+++ b/patterns/SAML_SP_nevisidm_admin_Realm_6f9c9f982dcc7ef59a34f1f7.yml
@@ -0,0 +1,31 @@
+schemaVersion: "1.0"
+pattern:
+ id: "6f9c9f982dcc7ef59a34f1f7"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlSpRealm"
+ name: "SAML SP nevisidm admin Realm"
+ properties:
+ issuer: "var://saml-sp-nevisidm-admin-realm-saml-issuer"
+ idp:
+ - "pattern://7e94f2eb346f07f78440e884"
+ samlSigner:
+ - "pattern://5bb4298ac076c30a3504da0a"
+ tokens:
+ - "pattern://271d024334021208b71ac80a"
+ auth:
+ - "pattern://ac27dd7daad0ca2b7229bfaf"
+ signerTrustStore:
+ - "pattern://c4f291a121b2d19157049cdc"
+ logrend:
+ - "pattern://8401da6318c6915d689cdfc9"
+ template: "res://6f9c9f982dcc7ef59a34f1f7#template"
+ labels: "res://6f9c9f982dcc7ef59a34f1f7#labels"
+ labelsMode: "combined"
+ defaultProperties: "var://nevislogrend-configuration-logrendproperties"
+ cookieName: "OP-ADMIN"
+ cookieSameSite: "Strict"
+ initialSessionTimeout: "3m"
+ sessionTimeout: "30m"
+ maxSessionLifetime: "4h"
+ spLogoutTarget: "/loggedout"
+ postProcess:
+ - "pattern://fbf7b18179dda28d420420fd"
diff --git a/patterns/SAML_SP_nevisidm_operations_Realm_7518c6cc61e47eec6322ae17.yml b/patterns/SAML_SP_nevisidm_operations_Realm_7518c6cc61e47eec6322ae17.yml
new file mode 100644
index 0000000..4d56e9e
--- /dev/null
+++ b/patterns/SAML_SP_nevisidm_operations_Realm_7518c6cc61e47eec6322ae17.yml
@@ -0,0 +1,30 @@
+schemaVersion: "1.0"
+pattern:
+ id: "7518c6cc61e47eec6322ae17"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlSpRealm"
+ name: "SAML SP nevisidm operations Realm"
+ label: "Operations"
+ properties:
+ issuer: "var://saml-sp-nevisidm-operations-realm-saml-issuer"
+ idp:
+ - "pattern://36af90d50b0d6ba66136dbde"
+ samlSigner:
+ - "pattern://5bb4298ac076c30a3504da0a"
+ tokens:
+ - "pattern://271d024334021208b71ac80a"
+ auth:
+ - "pattern://ac27dd7daad0ca2b7229bfaf"
+ signerTrustStore:
+ - "pattern://c4f291a121b2d19157049cdc"
+ logrend:
+ - "pattern://8401da6318c6915d689cdfc9"
+ template: "res://7518c6cc61e47eec6322ae17#template"
+ labels: "res://7518c6cc61e47eec6322ae17#labels"
+ defaultProperties: "var://nevislogrend-configuration-logrendproperties"
+ cookieName: "OP-OPADMIN"
+ initialSessionTimeout: "3m"
+ sessionTimeout: "30m"
+ maxSessionLifetime: "4h"
+ spLogoutTarget: "/loggedout"
+ postProcess:
+ - "pattern://488949a743edb1f46f73f232"
diff --git a/patterns/UpdateUserIfNeeded_24cbc652d3166c8374eda3cd.yml b/patterns/UpdateUserIfNeeded_24cbc652d3166c8374eda3cd.yml
new file mode 100644
index 0000000..0e1427a
--- /dev/null
+++ b/patterns/UpdateUserIfNeeded_24cbc652d3166c8374eda3cd.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "24cbc652d3166c8374eda3cd"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "UpdateUserIfNeeded"
+ properties:
+ authStatesFile: "res://24cbc652d3166c8374eda3cd#authStatesFile"
+ onSuccess:
+ - "pattern://978626d19e57143eac5daa45"
diff --git a/patterns/Virtual_Host_idmAdmin_1200a58c76686d520c21edb0.yml b/patterns/Virtual_Host_idmAdmin_1200a58c76686d520c21edb0.yml
new file mode 100644
index 0000000..095e288
--- /dev/null
+++ b/patterns/Virtual_Host_idmAdmin_1200a58c76686d520c21edb0.yml
@@ -0,0 +1,15 @@
+schemaVersion: "1.0"
+pattern:
+ id: "1200a58c76686d520c21edb0"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HostContext"
+ name: "Virtual_Host_idmAdmin"
+ label: "Admin"
+ properties:
+ proxy:
+ - "pattern://3bc06037962ad13be0a3a95d"
+ addresses: "var://virtual_host_idmadmin-frontend-addresses"
+ defaultEntry: "/nevisidm/admin/"
+ resources: "res://1200a58c76686d520c21edb0#resources"
+ addons:
+ - "pattern://58ece0328f5bf4d78e1a82d2"
+ - "pattern://076ce5c5440843a23150b386"
diff --git a/patterns/Virtual_Host_idmOperations-Loggedout_076ce5c5440843a23150b386.yml b/patterns/Virtual_Host_idmOperations-Loggedout_076ce5c5440843a23150b386.yml
new file mode 100644
index 0000000..ff6f8e8
--- /dev/null
+++ b/patterns/Virtual_Host_idmOperations-Loggedout_076ce5c5440843a23150b386.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "076ce5c5440843a23150b386"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.URLHandler"
+ name: "Virtual_Host_idmOperations-Loggedout"
+ properties:
+ forwards:
+ - /loggedout.*: "/resources/errorPages/Loggedout.html"
+ - /favicon.ico: "/resources/favicon.ico"
diff --git a/patterns/Virtual_Host_idmOperations_39ecde9a0d101628fed3e3be.yml b/patterns/Virtual_Host_idmOperations_39ecde9a0d101628fed3e3be.yml
new file mode 100644
index 0000000..45547eb
--- /dev/null
+++ b/patterns/Virtual_Host_idmOperations_39ecde9a0d101628fed3e3be.yml
@@ -0,0 +1,17 @@
+schemaVersion: "1.0"
+pattern:
+ id: "39ecde9a0d101628fed3e3be"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HostContext"
+ name: "Virtual_Host_idmOperations"
+ label: "Operations"
+ properties:
+ proxy:
+ - "pattern://bd83dfbd467e8211ffe71d28"
+ addresses: "var://virtual_host_idmoperations-frontend-addresses"
+ defaultEntry: "/nevisidm/admin/"
+ resources: "res://39ecde9a0d101628fed3e3be#resources"
+ requireClientCert: "disabled"
+ addons:
+ - "pattern://58ece0328f5bf4d78e1a82d2"
+ - "pattern://076ce5c5440843a23150b386"
+ - "pattern://d9c194064d834ad41843ff4e"
diff --git a/patterns/Web_Application_canaryPage_backend_21d48876e12f7599c87ebd64.yml b/patterns/Web_Application_canaryPage_backend_21d48876e12f7599c87ebd64.yml
new file mode 100644
index 0000000..8786927
--- /dev/null
+++ b/patterns/Web_Application_canaryPage_backend_21d48876e12f7599c87ebd64.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "21d48876e12f7599c87ebd64"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.WebApplicationAccess"
+ name: "Web Application canaryPage backend"
+ properties:
+ host:
+ - "pattern://39ecde9a0d101628fed3e3be"
+ path: "/canary/api/"
+ realm:
+ - "pattern://7518c6cc61e47eec6322ae17"
+ backends: "var://web-application-canarypage-backend-backend-addresses"
+ requestValidation: "var://op-admin-mod-security-mode-canary-api"
diff --git a/patterns/Web_Application_canaryPage_frontend_2a09bff81af3e18af3e13d3f.yml b/patterns/Web_Application_canaryPage_frontend_2a09bff81af3e18af3e13d3f.yml
new file mode 100644
index 0000000..51abb9c
--- /dev/null
+++ b/patterns/Web_Application_canaryPage_frontend_2a09bff81af3e18af3e13d3f.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "2a09bff81af3e18af3e13d3f"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.WebApplicationAccess"
+ name: "Web Application canaryPage frontend"
+ properties:
+ host:
+ - "pattern://39ecde9a0d101628fed3e3be"
+ path: "/canary/"
+ realm:
+ - "pattern://7518c6cc61e47eec6322ae17"
+ backends: "var://web-application-canarypage-backend-frontend-addresses"
+ requestValidation: "var://op-admin-mod-security-mode-canary-app"
diff --git a/patterns/a7b62b3dea12ecfc81ecc855_scriptFile/logLoginUser.gy b/patterns/a7b62b3dea12ecfc81ecc855_scriptFile/logLoginUser.gy
new file mode 100644
index 0000000..e5dc6b7
--- /dev/null
+++ b/patterns/a7b62b3dea12ecfc81ecc855_scriptFile/logLoginUser.gy
@@ -0,0 +1,15 @@
+try {
+ def session = request.getAuthSession(true)
+
+ def emailFromAssertion = session.getAttribute('emailFromAssertion') ?: 'unknown'
+ def subjectFromAssertion = session.getAttribute('ch.nevis.auth.saml.assertion.subject') ?: 'unknown'
+ def loginId = inargs.getProperty('isiwebuserid') ?: 'unknown'
+ def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+ def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+ LOG.warn("Event='IDM-ADMIN-LOGIN', subject from assertion=${subjectFromAssertion}, email from assertion='${emailFromAssertion}', loginId=${loginId}, SourceIp=${sourceIp}, UserAgent='${userAgent}')")
+ response.setResult('ok');
+} catch(Exception ex) {
+ LOG.error("Exception in logLoginUser groovy script: " + ex)
+ response.setResult('error');
+}
diff --git a/patterns/admin_nevisIDM_Password_Login_12c979b6af0f15f1328656a4.yml b/patterns/admin_nevisIDM_Password_Login_12c979b6af0f15f1328656a4.yml
new file mode 100644
index 0000000..3bd15d8
--- /dev/null
+++ b/patterns/admin_nevisIDM_Password_Login_12c979b6af0f15f1328656a4.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "12c979b6af0f15f1328656a4"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns2.NevisIDMPasswordLogin"
+ name: "admin nevisIDM Password Login"
+ label: "Admin"
+ properties:
+ nevisIDM:
+ - "pattern://ba7c7a3b091df0c4b8ba0bb2"
+ onSuccess:
+ - "pattern://a7b62b3dea12ecfc81ecc855"
diff --git a/patterns/d356ddfbaf34aa51ae1e20e7_truststoreFile/BaltimoreCyberTrustRoot.crt.pem b/patterns/d356ddfbaf34aa51ae1e20e7_truststoreFile/BaltimoreCyberTrustRoot.crt.pem
new file mode 100644
index 0000000..2bd16eb
--- /dev/null
+++ b/patterns/d356ddfbaf34aa51ae1e20e7_truststoreFile/BaltimoreCyberTrustRoot.crt.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+
diff --git a/patterns/d356ddfbaf34aa51ae1e20e7_truststoreFile/DigiCertGlobalRootG2.crt.pem b/patterns/d356ddfbaf34aa51ae1e20e7_truststoreFile/DigiCertGlobalRootG2.crt.pem
new file mode 100644
index 0000000..798e002
--- /dev/null
+++ b/patterns/d356ddfbaf34aa51ae1e20e7_truststoreFile/DigiCertGlobalRootG2.crt.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
+5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
+1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
+NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
+Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
+8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
+pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
diff --git a/patterns/d56823f55065139ba437dc5c_authStatesFile/OpOnbrdng-SamlServiceProvider-AuthnRequest.xml b/patterns/d56823f55065139ba437dc5c_authStatesFile/OpOnbrdng-SamlServiceProvider-AuthnRequest.xml
new file mode 100644
index 0000000..0e4d810
--- /dev/null
+++ b/patterns/d56823f55065139ba437dc5c_authStatesFile/OpOnbrdng-SamlServiceProvider-AuthnRequest.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/fbf7b18179dda28d420420fd_scriptFile/saveEmailFromAssertionToSession.gy b/patterns/fbf7b18179dda28d420420fd_scriptFile/saveEmailFromAssertionToSession.gy
new file mode 100644
index 0000000..828aa4f
--- /dev/null
+++ b/patterns/fbf7b18179dda28d420420fd_scriptFile/saveEmailFromAssertionToSession.gy
@@ -0,0 +1,7 @@
+try {
+ response.setSessionAttribute('emailFromAssertion', notes['saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'])
+ response.setResult('ok');
+} catch(Exception ex) {
+ LOG.error("Exception in saveEmailFromAssertionToSession groovy script: " + ex)
+ response.setResult('error');
+}
\ No newline at end of file
diff --git a/patterns/fd3912c7af7a88b6342a4c78_authStatesFile/OpOnbrdng-PostProcessing.xml b/patterns/fd3912c7af7a88b6342a4c78_authStatesFile/OpOnbrdng-PostProcessing.xml
new file mode 100644
index 0000000..89a5f75
--- /dev/null
+++ b/patterns/fd3912c7af7a88b6342a4c78_authStatesFile/OpOnbrdng-PostProcessing.xml
@@ -0,0 +1,41 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/fd3912c7af7a88b6342a4c78_resources/OpOnbrdng-PostProcessing.groovy b/patterns/fd3912c7af7a88b6342a4c78_resources/OpOnbrdng-PostProcessing.groovy
new file mode 100644
index 0000000..abf8982
--- /dev/null
+++ b/patterns/fd3912c7af7a88b6342a4c78_resources/OpOnbrdng-PostProcessing.groovy
@@ -0,0 +1,79 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+// for autditing
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+def minLoi = session['agov.op.onboarding.minLoi'] ?: 'unknown'
+
+if (session['agov.op.onboarding.process.state'] == null) {
+ // 0) remove SAMLResponse, to avoid multiple processing
+ request.getInArgs().remove("SAMLResponse")
+
+ // check status
+ if (notes['saml.response.statusCode'] == 'urn:oasis:names:tc:SAML:2.0:status:Success') {
+
+ // we have to do the checks.
+ // 1) compare email
+ if (!notes['saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'].equalsIgnoreCase(session['ch.nevis.idm.User.email'])) {
+
+ def lasterrorinfo = "email don't match: idm=${session['ch.nevis.idm.User.email']} idp=${notes['saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress']}"
+ response.setNote('lasterror', '9902')
+ response.setNote('lasterrorinfo', lasterrorinfo)
+
+ LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent=${userAgent}, lasterror=${response.getNote('lasterror')}, lasterrorinfo='${lasterrorinfo}'")
+
+ response.setStatus(AuthResponse.AUTH_ERROR)
+ return
+ }
+
+ def homeName = notes['saml.attributes.http://schemas.eiam.admin.ch/ws/2013/12/identity/claims/fp/homeName'] ?: 'unknown'
+ def subject = session['ch.nevis.auth.saml.assertion.subject'] ?: 'unknown'
+ if (homeName == 'unknown' || subject == 'unknown') {
+ def lasterrorinfo = "invalid info from IdP: subject=${subject} homeName=${homeName}"
+ response.setNote('lasterror', '9903')
+ response.setNote('lasterrorinfo', lasterrorinfo)
+
+ LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', lasterror=${response.getNote('lasterror')}, lasterrorinfo='${lasterrorinfo}'")
+
+ response.setStatus(AuthResponse.AUTH_ERROR)
+ return
+ }
+
+ // ok - create the credential
+ response.setSessionAttribute('agov.op.onboarding.process.state', 'createCredential')
+ response.setSessionAttribute('agov.op.onboarding.homeName', homeName)
+ response.setSessionAttribute('agov.op.onboarding.subject', subject)
+
+ response.setSessionAttribute('agov.op.onboarding.subject', session['ch.nevis.auth.saml.assertion.subject'] ?: 'unknown')
+ response.setResult('createSamlFedCredential')
+ return
+
+ } else {
+
+ def lasterrorinfo = "authentication by IdP failed: ${notes['saml.response.statusCode']}"
+ response.setNote('lasterror', '9903')
+ response.setNote('lasterrorinfo', lasterrorinfo)
+
+ LOG.info("Event='OP-FAILED', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', lasterror=${response.getNote('lasterror')}, lasterrorinfo='${lasterrorinfo}'")
+
+ response.setStatus(AuthResponse.AUTH_ERROR)
+ return
+ }
+} else if (session['agov.op.onboarding.process.state'] == 'createCredential') {
+ // 2 Credential created, we or done
+ def responseId = session['ch.nevis.auth.saml.response.id']
+ def homeName = session['agov.op.onboarding.homeName'] ?: 'unknown'
+ def subject = session['agov.op.onboarding.subject'] ?: 'unknown'
+
+ LOG.info("Event='OP-SUCCESS', RequestedAq='${minLoi}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', ResponseID='${responseId}', subject='${subject}', homeName='${homeName}'")
+ response.setResult('done')
+ return
+
+} else {
+ LOG.error("invalid state: ${session['agov.op.onboarding.process.state']}")
+ response.setNote('lasterror', '9909')
+ response.setNote('lasterrorinfo', 'internal error')
+ response.setResult('failure')
+}
\ No newline at end of file
diff --git a/patterns/fetch_User_Authentication_Step_56955e7b6b92c254d7d1aae1.yml b/patterns/fetch_User_Authentication_Step_56955e7b6b92c254d7d1aae1.yml
new file mode 100644
index 0000000..195fc64
--- /dev/null
+++ b/patterns/fetch_User_Authentication_Step_56955e7b6b92c254d7d1aae1.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "56955e7b6b92c254d7d1aae1"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "fetch User Authentication Step"
+ label: "Operations"
+ properties:
+ authStatesFile: "res://56955e7b6b92c254d7d1aae1#authStatesFile"
+ parameters: "client.name: OPERATIONS\nattributes: loginId,extId,firstName,name,email,language"
+ onSuccess:
+ - "pattern://24cbc652d3166c8374eda3cd"
+ onFailure:
+ - "pattern://700ec185425d8645fea2caf5"
+ resources: "res://56955e7b6b92c254d7d1aae1#resources"
diff --git a/patterns/nevisAuth_Log_Settings_0eaddca6ad424c5d15e5312e.yml b/patterns/nevisAuth_Log_Settings_0eaddca6ad424c5d15e5312e.yml
new file mode 100644
index 0000000..099b2ec
--- /dev/null
+++ b/patterns/nevisAuth_Log_Settings_0eaddca6ad424c5d15e5312e.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "0eaddca6ad424c5d15e5312e"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.CustomAuthLogFile"
+ name: "nevisAuth Log Settings"
+ label: "Common"
+ properties:
+ levels: "var://nevisauth-log-settings-log-levels"
diff --git a/patterns/nevisAuth_ac27dd7daad0ca2b7229bfaf.yml b/patterns/nevisAuth_ac27dd7daad0ca2b7229bfaf.yml
new file mode 100644
index 0000000..9ac6a9c
--- /dev/null
+++ b/patterns/nevisAuth_ac27dd7daad0ca2b7229bfaf.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "ac27dd7daad0ca2b7229bfaf"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable"
+ name: "nevisAuth"
+ deploymentHosts: "auth"
+ label: "Common"
+ properties:
+ logging:
+ - "pattern://0eaddca6ad424c5d15e5312e"
+ signerKeyStore:
+ - "pattern://02cc34b35d83a306f48abe47"
+ addons:
+ - "pattern://f4e909fcaf0ae3f6effb28ae"
diff --git a/patterns/nevisIDM_Administration_GUI_4095d4e66ef51810f07a6ed3.yml b/patterns/nevisIDM_Administration_GUI_4095d4e66ef51810f07a6ed3.yml
new file mode 100644
index 0000000..28ec50a
--- /dev/null
+++ b/patterns/nevisIDM_Administration_GUI_4095d4e66ef51810f07a6ed3.yml
@@ -0,0 +1,18 @@
+schemaVersion: "1.0"
+pattern:
+ id: "4095d4e66ef51810f07a6ed3"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMWebApplicationAccess"
+ name: "nevisIDM Administration GUI"
+ label: "Admin"
+ properties:
+ host:
+ - "pattern://1200a58c76686d520c21edb0"
+ nevisIDM:
+ - "pattern://ba7c7a3b091df0c4b8ba0bb2"
+ realm:
+ - "pattern://6f9c9f982dcc7ef59a34f1f7"
+ token:
+ - "pattern://271d024334021208b71ac80a"
+ requestValidation: "var://op-admin-mod-security-mode-nevisidmgui"
+ selfAdmin: "disabled"
+ apiAccess: "disabled"
diff --git a/patterns/nevisIDM_Batch_Log_Settings_dcf3ce4f7d266c6da1e5beb2.yml b/patterns/nevisIDM_Batch_Log_Settings_dcf3ce4f7d266c6da1e5beb2.yml
new file mode 100644
index 0000000..4410411
--- /dev/null
+++ b/patterns/nevisIDM_Batch_Log_Settings_dcf3ce4f7d266c6da1e5beb2.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "dcf3ce4f7d266c6da1e5beb2"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.CustomNevisIDMLogFile"
+ name: "nevisIDM Batch Log Settings"
+ label: "IDM"
+ properties:
+ logLevel: "var://nevisidm-batch-log-settings-default-log-level"
+ levels: "var://nevisidm-batch-log-settings-log-levels"
diff --git a/patterns/nevisIDM_Custom_Property_agovId_54a502fe8e6d6280467df375.yml b/patterns/nevisIDM_Custom_Property_agovId_54a502fe8e6d6280467df375.yml
new file mode 100644
index 0000000..3808899
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_agovId_54a502fe8e6d6280467df375.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "54a502fe8e6d6280467df375"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property agovId"
+ properties:
+ propertyName: "agovId"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ maxLength: "36"
+ accessModify: "READ_ONLY"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_additionalAddress_449fd0f0de8d30fdcafe5dc5.yml b/patterns/nevisIDM_Custom_Property_counter_additionalAddress_449fd0f0de8d30fdcafe5dc5.yml
new file mode 100644
index 0000000..efed4ae
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_additionalAddress_449fd0f0de8d30fdcafe5dc5.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "449fd0f0de8d30fdcafe5dc5"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter additionalAddress"
+ properties:
+ propertyName: "additionalAddress"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "100"
+ description: "additional address line"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_counterExtId_1960dfb9b110a6d07bcd04b9.yml b/patterns/nevisIDM_Custom_Property_counter_counterExtId_1960dfb9b110a6d07bcd04b9.yml
new file mode 100644
index 0000000..2f6ac11
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_counterExtId_1960dfb9b110a6d07bcd04b9.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "1960dfb9b110a6d07bcd04b9"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter counterExtId"
+ properties:
+ propertyName: "counterExtId"
+ propertyScope: "USER_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ description: "the unitExtId of the counter, that the user selected intially, and\
+ \ visited (might be different)"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingFri_56797f553b7c2d5c7ae82726.yml b/patterns/nevisIDM_Custom_Property_counter_openingFri_56797f553b7c2d5c7ae82726.yml
new file mode 100644
index 0000000..b338dfe
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingFri_56797f553b7c2d5c7ae82726.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "56797f553b7c2d5c7ae82726"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingFri"
+ properties:
+ propertyName: "openingFri"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "50"
+ description: "Opening hours for Fridays"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingHol_83084230d0b4e443d7132203.yml b/patterns/nevisIDM_Custom_Property_counter_openingHol_83084230d0b4e443d7132203.yml
new file mode 100644
index 0000000..db26010
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingHol_83084230d0b4e443d7132203.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "83084230d0b4e443d7132203"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingHol"
+ properties:
+ propertyName: "openingHol"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "50"
+ description: "Opening hours for Sundays and Holidays"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingMon_5357a714fdc0a0d3eeffa72b.yml b/patterns/nevisIDM_Custom_Property_counter_openingMon_5357a714fdc0a0d3eeffa72b.yml
new file mode 100644
index 0000000..e3c7b82
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingMon_5357a714fdc0a0d3eeffa72b.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "5357a714fdc0a0d3eeffa72b"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingMon"
+ properties:
+ propertyName: "openingMon"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "50"
+ description: "Opening hours for Mondays"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingRemarksDe_18e8a301eac0d94260f4a4c4.yml b/patterns/nevisIDM_Custom_Property_counter_openingRemarksDe_18e8a301eac0d94260f4a4c4.yml
new file mode 100644
index 0000000..c75fa37
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingRemarksDe_18e8a301eac0d94260f4a4c4.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "18e8a301eac0d94260f4a4c4"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingRemarksDe"
+ properties:
+ propertyName: "openingRemarksDe"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ description: "remarks for the opening hours (DE)"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingRemarksEn_9ee7718965f72521184370cf.yml b/patterns/nevisIDM_Custom_Property_counter_openingRemarksEn_9ee7718965f72521184370cf.yml
new file mode 100644
index 0000000..9aa5082
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingRemarksEn_9ee7718965f72521184370cf.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "9ee7718965f72521184370cf"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingRemarksEn"
+ properties:
+ propertyName: "openingRemarksEn"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ description: "remarks for the opening hours (EN)"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingRemarksFr_3efe03e435f0e10aa988c017.yml b/patterns/nevisIDM_Custom_Property_counter_openingRemarksFr_3efe03e435f0e10aa988c017.yml
new file mode 100644
index 0000000..94e0cba
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingRemarksFr_3efe03e435f0e10aa988c017.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "3efe03e435f0e10aa988c017"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingRemarksFr"
+ properties:
+ propertyName: "openingRemarksFr"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ description: "remarks for the opening hours (FR)"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingRemarksIt_2a3b9474096a3da71634e557.yml b/patterns/nevisIDM_Custom_Property_counter_openingRemarksIt_2a3b9474096a3da71634e557.yml
new file mode 100644
index 0000000..eb3fe81
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingRemarksIt_2a3b9474096a3da71634e557.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "2a3b9474096a3da71634e557"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingRemarksIt"
+ properties:
+ propertyName: "openingRemarksIt"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ description: "remarks for the opening hours (IT)"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingSat_442eae5e7116ba47699836b1.yml b/patterns/nevisIDM_Custom_Property_counter_openingSat_442eae5e7116ba47699836b1.yml
new file mode 100644
index 0000000..0e02599
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingSat_442eae5e7116ba47699836b1.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "442eae5e7116ba47699836b1"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingSat"
+ properties:
+ propertyName: "openingSat"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "50"
+ description: "Opening hours for Saturdays"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingThu_f69b23de624fd47864013434.yml b/patterns/nevisIDM_Custom_Property_counter_openingThu_f69b23de624fd47864013434.yml
new file mode 100644
index 0000000..a599f80
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingThu_f69b23de624fd47864013434.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "f69b23de624fd47864013434"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingThu"
+ properties:
+ propertyName: "openingThu"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "50"
+ description: "Opening hours for Thursdays"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingTue_85c4a1f04841ebd03043a14e.yml b/patterns/nevisIDM_Custom_Property_counter_openingTue_85c4a1f04841ebd03043a14e.yml
new file mode 100644
index 0000000..90cbf94
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingTue_85c4a1f04841ebd03043a14e.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "85c4a1f04841ebd03043a14e"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingTue"
+ properties:
+ propertyName: "openingTue"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "50"
+ description: "Opening hours for Tuesdays"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_openingWed_214b0d9557566e008064bf5c.yml b/patterns/nevisIDM_Custom_Property_counter_openingWed_214b0d9557566e008064bf5c.yml
new file mode 100644
index 0000000..8655866
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_openingWed_214b0d9557566e008064bf5c.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "214b0d9557566e008064bf5c"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter openingWed"
+ properties:
+ propertyName: "openingWed"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "50"
+ description: "Opening hours for Wednesdays"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_position_b635ceb319d955203cc5f053.yml b/patterns/nevisIDM_Custom_Property_counter_position_b635ceb319d955203cc5f053.yml
new file mode 100644
index 0000000..c8affb1
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_position_b635ceb319d955203cc5f053.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "b635ceb319d955203cc5f053"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter position"
+ properties:
+ propertyName: "position"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ regex: "^\\-?([1-9][0-9]|[0-9])\\.[0-9][0-9][0-9][0-9][0-9],\\s*\\-?(1[0-8][0-9]|[1-9][0-9]|[0-9])\\\
+ .[0-9][0-9][0-9][0-9][0-9]$"
+ description: "coordinates of the office (WGS84)"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_street_6d61f581ca9fa3c2ab03004c.yml b/patterns/nevisIDM_Custom_Property_counter_street_6d61f581ca9fa3c2ab03004c.yml
new file mode 100644
index 0000000..8c9e46d
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_street_6d61f581ca9fa3c2ab03004c.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "6d61f581ca9fa3c2ab03004c"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter street"
+ properties:
+ propertyName: "street"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "100"
+ description: "address: street and house number"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_counter_town_2d5614b389904a87cbe05fb0.yml b/patterns/nevisIDM_Custom_Property_counter_town_2d5614b389904a87cbe05fb0.yml
new file mode 100644
index 0000000..b7eec05
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_counter_town_2d5614b389904a87cbe05fb0.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "2d5614b389904a87cbe05fb0"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property counter town"
+ notes: "eCH-0010:townType"
+ properties:
+ propertyName: "town"
+ propertyScope: "UNIT_GLOBAL"
+ clientExtId: "var://nevisidm-custom-property-client-external-id-counter"
+ maxLength: "40"
+ description: "twon, city where the counter is located"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_eIdNumber_9fc4ba53af217ae05e9a7b55.yml b/patterns/nevisIDM_Custom_Property_eIdNumber_9fc4ba53af217ae05e9a7b55.yml
new file mode 100644
index 0000000..6711f9f
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_eIdNumber_9fc4ba53af217ae05e9a7b55.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "9fc4ba53af217ae05e9a7b55"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property eIdNumber"
+ label: "IDM"
+ properties:
+ propertyName: "eIdNumber"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agov"
+ maxLength: "40"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_eIdNumber_agovs_4a284e141e40719eb58834ce.yml b/patterns/nevisIDM_Custom_Property_eIdNumber_agovs_4a284e141e40719eb58834ce.yml
new file mode 100644
index 0000000..e70614f
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_eIdNumber_agovs_4a284e141e40719eb58834ce.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "4a284e141e40719eb58834ce"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property eIdNumber agovs"
+ label: "IDM"
+ properties:
+ propertyName: "eIdNumber"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ maxLength: "40"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_nationality_agovs_6c60fe0d77fc5d7a08df5c73.yml b/patterns/nevisIDM_Custom_Property_nationality_agovs_6c60fe0d77fc5d7a08df5c73.yml
new file mode 100644
index 0000000..d70fbc5
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_nationality_agovs_6c60fe0d77fc5d7a08df5c73.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "6c60fe0d77fc5d7a08df5c73"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property nationality agovs"
+ label: "IDM"
+ properties:
+ propertyName: "nationality"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ maxLength: "40"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_nationality_bb4bc33af8c6389ff104348f.yml b/patterns/nevisIDM_Custom_Property_nationality_bb4bc33af8c6389ff104348f.yml
new file mode 100644
index 0000000..342065e
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_nationality_bb4bc33af8c6389ff104348f.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "bb4bc33af8c6389ff104348f"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property nationality"
+ label: "IDM"
+ properties:
+ propertyName: "nationality"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agov"
+ maxLength: "40"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_placeOfBirth_6f7e23ed7cc8de5bba2b7b61.yml b/patterns/nevisIDM_Custom_Property_placeOfBirth_6f7e23ed7cc8de5bba2b7b61.yml
new file mode 100644
index 0000000..3abb346
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_placeOfBirth_6f7e23ed7cc8de5bba2b7b61.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "6f7e23ed7cc8de5bba2b7b61"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property placeOfBirth"
+ label: "IDM"
+ properties:
+ propertyName: "placeOfBirth"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agov"
+ maxLength: "50"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_placeOfBirth_agovs_3c812a7f305d7ec5d054c1e9.yml b/patterns/nevisIDM_Custom_Property_placeOfBirth_agovs_3c812a7f305d7ec5d054c1e9.yml
new file mode 100644
index 0000000..c89f690
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_placeOfBirth_agovs_3c812a7f305d7ec5d054c1e9.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "3c812a7f305d7ec5d054c1e9"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property placeOfBirth agovs"
+ label: "IDM"
+ properties:
+ propertyName: "placeOfBirth"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ maxLength: "50"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_svnr_5d3c87e0a35de2bacdfdbc84.yml b/patterns/nevisIDM_Custom_Property_svnr_5d3c87e0a35de2bacdfdbc84.yml
new file mode 100644
index 0000000..f96c06f
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_svnr_5d3c87e0a35de2bacdfdbc84.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "5d3c87e0a35de2bacdfdbc84"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property svnr"
+ label: "IDM"
+ properties:
+ propertyName: "svnr"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agov"
+ maxLength: "13"
+ regex: "^[0-9]{13}$"
+ description: "ahv/avs"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_svnr_agovs_9a12e3a94959e1c7ae16db9a.yml b/patterns/nevisIDM_Custom_Property_svnr_agovs_9a12e3a94959e1c7ae16db9a.yml
new file mode 100644
index 0000000..a2eb9f0
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_svnr_agovs_9a12e3a94959e1c7ae16db9a.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "9a12e3a94959e1c7ae16db9a"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property svnr agovs"
+ label: "IDM"
+ properties:
+ propertyName: "svnr"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ maxLength: "13"
+ regex: "^[0-9]{13}$"
+ description: "ahv/avs"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_verificationStatus_641b47231c6c3ae6760bdf8b.yml b/patterns/nevisIDM_Custom_Property_verificationStatus_641b47231c6c3ae6760bdf8b.yml
new file mode 100644
index 0000000..25eb734
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_verificationStatus_641b47231c6c3ae6760bdf8b.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "641b47231c6c3ae6760bdf8b"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property verificationStatus"
+ properties:
+ propertyName: "verificationStatus"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ maxLength: "50"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Custom_Property_verificationTransactionId_706cabed89317b5e9ebd814f.yml b/patterns/nevisIDM_Custom_Property_verificationTransactionId_706cabed89317b5e9ebd814f.yml
new file mode 100644
index 0000000..48c361c
--- /dev/null
+++ b/patterns/nevisIDM_Custom_Property_verificationTransactionId_706cabed89317b5e9ebd814f.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "706cabed89317b5e9ebd814f"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMProperty"
+ name: "nevisIDM Custom Property verificationTransactionId"
+ properties:
+ propertyName: "verificationTransactionId"
+ clientExtId: "var://nevisidm-custom-property-svnr-client-external-id-agovs"
+ maxLength: "50"
+ accessModify: "READ_WRITE"
+ accessCreate: "READ_WRITE"
diff --git a/patterns/nevisIDM_Log_Settings_79c526f49d7765ce6ed1a619.yml b/patterns/nevisIDM_Log_Settings_79c526f49d7765ce6ed1a619.yml
new file mode 100644
index 0000000..8aca231
--- /dev/null
+++ b/patterns/nevisIDM_Log_Settings_79c526f49d7765ce6ed1a619.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "79c526f49d7765ce6ed1a619"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.CustomNevisIDMLogFile"
+ name: "nevisIDM Log Settings"
+ label: "IDM"
+ properties:
+ logLevel: "var://nevisidm-log-settings-default-log-level"
+ levels: "var://nevisidm-log-settings-log-levels"
diff --git a/patterns/nevisIDM_Operations_Administration_GUI_13ea034de32c190083ba9e35.yml b/patterns/nevisIDM_Operations_Administration_GUI_13ea034de32c190083ba9e35.yml
new file mode 100644
index 0000000..7e1814c
--- /dev/null
+++ b/patterns/nevisIDM_Operations_Administration_GUI_13ea034de32c190083ba9e35.yml
@@ -0,0 +1,17 @@
+schemaVersion: "1.0"
+pattern:
+ id: "13ea034de32c190083ba9e35"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMWebApplicationAccess"
+ name: "nevisIDM Operations Administration GUI"
+ label: "Operations"
+ properties:
+ host:
+ - "pattern://39ecde9a0d101628fed3e3be"
+ nevisIDM:
+ - "pattern://ba7c7a3b091df0c4b8ba0bb2"
+ realm:
+ - "pattern://7518c6cc61e47eec6322ae17"
+ token:
+ - "pattern://271d024334021208b71ac80a"
+ selfAdmin: "disabled"
+ apiAccess: "disabled"
diff --git a/patterns/nevisIDM_admin_ba7c7a3b091df0c4b8ba0bb2.yml b/patterns/nevisIDM_admin_ba7c7a3b091df0c4b8ba0bb2.yml
new file mode 100644
index 0000000..8ef64ef
--- /dev/null
+++ b/patterns/nevisIDM_admin_ba7c7a3b091df0c4b8ba0bb2.yml
@@ -0,0 +1,53 @@
+schemaVersion: "1.0"
+pattern:
+ id: "ba7c7a3b091df0c4b8ba0bb2"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMDeployable"
+ name: "nevisIDM admin"
+ deploymentHosts: "idm"
+ label: "Admin"
+ properties:
+ encryptionKey: "var://nevisidm-encryption-key"
+ authSignerTrustStore:
+ - "pattern://c4f291a121b2d19157049cdc"
+ database:
+ - "pattern://ca0629d86201d4c4ac857d60"
+ logging:
+ - "pattern://79c526f49d7765ce6ed1a619"
+ mailSMTPHost: "var://nevisidm-smtp-host"
+ mailSMTPPort: "var://nevisidm-smtp-port"
+ smtpTLSMode: "var://nevisidm-smtp-ssltls-mode"
+ mailSMTPUser: "var://nevisidm-smtp-user"
+ mailSMTPPass: "var://nevisidm-smtp-user"
+ mailSenderAddress: "var://nevisidm-mail-sender"
+ resources: "var://nevisidm-admin-custom-resources"
+ addons:
+ - "pattern://9a12e3a94959e1c7ae16db9a"
+ - "pattern://5d3c87e0a35de2bacdfdbc84"
+ - "pattern://4a284e141e40719eb58834ce"
+ - "pattern://9fc4ba53af217ae05e9a7b55"
+ - "pattern://6c60fe0d77fc5d7a08df5c73"
+ - "pattern://bb4bc33af8c6389ff104348f"
+ - "pattern://3c812a7f305d7ec5d054c1e9"
+ - "pattern://6f7e23ed7cc8de5bba2b7b61"
+ - "pattern://fe4a248ac7b092a6a80624f1"
+ - "pattern://54a502fe8e6d6280467df375"
+ - "pattern://641b47231c6c3ae6760bdf8b"
+ - "pattern://706cabed89317b5e9ebd814f"
+ - "pattern://50d6c91ace65f52fa56d7113"
+ - "pattern://449fd0f0de8d30fdcafe5dc5"
+ - "pattern://56797f553b7c2d5c7ae82726"
+ - "pattern://83084230d0b4e443d7132203"
+ - "pattern://5357a714fdc0a0d3eeffa72b"
+ - "pattern://18e8a301eac0d94260f4a4c4"
+ - "pattern://9ee7718965f72521184370cf"
+ - "pattern://3efe03e435f0e10aa988c017"
+ - "pattern://2a3b9474096a3da71634e557"
+ - "pattern://442eae5e7116ba47699836b1"
+ - "pattern://f69b23de624fd47864013434"
+ - "pattern://85c4a1f04841ebd03043a14e"
+ - "pattern://214b0d9557566e008064bf5c"
+ - "pattern://b635ceb319d955203cc5f053"
+ - "pattern://6d61f581ca9fa3c2ab03004c"
+ - "pattern://2d5614b389904a87cbe05fb0"
+ - "pattern://1960dfb9b110a6d07bcd04b9"
+ - "pattern://f4e909fcaf0ae3f6effb28ae"
diff --git a/patterns/nevisIDM_batch_641ac4edf0c17383d3c0ea38.yml b/patterns/nevisIDM_batch_641ac4edf0c17383d3c0ea38.yml
new file mode 100644
index 0000000..475b846
--- /dev/null
+++ b/patterns/nevisIDM_batch_641ac4edf0c17383d3c0ea38.yml
@@ -0,0 +1,28 @@
+schemaVersion: "1.0"
+pattern:
+ id: "641ac4edf0c17383d3c0ea38"
+ className: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMDeployable"
+ name: "nevisIDM batch"
+ deploymentHosts: "idm-job"
+ label: "Admin"
+ properties:
+ encryptionKey: "var://nevisidm-encryption-key"
+ database:
+ - "pattern://0d4bbba28a4a76094d41df81"
+ queryService: "disabled"
+ logging:
+ - "pattern://dcf3ce4f7d266c6da1e5beb2"
+ multiClientMode: "disabled"
+ mailSMTPHost: "var://nevisidm-smtp-host"
+ mailSMTPPort: "var://nevisidm-smtp-port"
+ smtpTLSMode: "var://nevisidm-smtp-ssltls-mode"
+ mailSMTPUser: "var://nevisidm-smtp-user"
+ mailSMTPPass: "var://nevisidm-smtp-password"
+ mailSenderAddress: "var://nevisidm-mail-sender"
+ jobStore: "db"
+ addons:
+ - "pattern://0116b3002d0e713e23e6be72"
+ - "pattern://0957497767812057fbf138cf"
+ - "pattern://3600b7d00b6427226e451f8d"
+ - "pattern://50d6c91ace65f52fa56d7113"
+ - "pattern://f4e909fcaf0ae3f6effb28ae"
diff --git a/patterns/nevisIdm_sectoken_Signer_02cc34b35d83a306f48abe47.yml b/patterns/nevisIdm_sectoken_Signer_02cc34b35d83a306f48abe47.yml
new file mode 100644
index 0000000..973720e
--- /dev/null
+++ b/patterns/nevisIdm_sectoken_Signer_02cc34b35d83a306f48abe47.yml
@@ -0,0 +1,8 @@
+schemaVersion: "1.0"
+pattern:
+ id: "02cc34b35d83a306f48abe47"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.AutomaticKeyStoreProvider"
+ name: "nevisIdm_sectoken_Signer"
+ properties:
+ owner:
+ - "pattern://ac27dd7daad0ca2b7229bfaf"
diff --git a/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml b/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml
new file mode 100644
index 0000000..f83c879
--- /dev/null
+++ b/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "c4f291a121b2d19157049cdc"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.AutomaticTrustStoreProvider"
+ name: "nevisIdm_sectoken_Truststore"
+ properties:
+ keystore:
+ - "pattern://02cc34b35d83a306f48abe47"
+ truststoreFile: "var://nevisidm-signer-truststore-trusted-certificates"
diff --git a/patterns/nevisLogrend_8401da6318c6915d689cdfc9.yml b/patterns/nevisLogrend_8401da6318c6915d689cdfc9.yml
new file mode 100644
index 0000000..293e294
--- /dev/null
+++ b/patterns/nevisLogrend_8401da6318c6915d689cdfc9.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "8401da6318c6915d689cdfc9"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisLogrendDeployable"
+ name: "nevisLogrend"
+ deploymentHosts: "logrend"
+ label: "Common"
+ properties:
+ logrendProperties: "var://nevislogrend-configuration-logrendproperties"
+ addons:
+ - "pattern://f4e909fcaf0ae3f6effb28ae"
diff --git a/patterns/nevisProxy_Instance_IDM_3bc06037962ad13be0a3a95d.yml b/patterns/nevisProxy_Instance_IDM_3bc06037962ad13be0a3a95d.yml
new file mode 100644
index 0000000..8ce2789
--- /dev/null
+++ b/patterns/nevisProxy_Instance_IDM_3bc06037962ad13be0a3a95d.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "3bc06037962ad13be0a3a95d"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.NevisProxyDeployable"
+ name: "nevisProxy Instance IDM"
+ deploymentHosts: "proxy-idm"
+ label: "Admin"
+ properties:
+ defaultHostContext:
+ - "pattern://1200a58c76686d520c21edb0"
+ addons:
+ - "pattern://31ae68f6cc8ade7258adce8d"
diff --git a/patterns/op_onbrdng_success_50ca1ad35a73847a81e2ece8.yml b/patterns/op_onbrdng_success_50ca1ad35a73847a81e2ece8.yml
new file mode 100644
index 0000000..ab70f8a
--- /dev/null
+++ b/patterns/op_onbrdng_success_50ca1ad35a73847a81e2ece8.yml
@@ -0,0 +1,10 @@
+schemaVersion: "1.0"
+pattern:
+ id: "50ca1ad35a73847a81e2ece8"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.UserInformation"
+ name: "op_onbrdng_success"
+ properties:
+ messageType: "info"
+ title: "op-onboarding.done.title"
+ label: "op-onboarding.done.message"
+ buttonType: "none"
diff --git a/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml b/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml
new file mode 100644
index 0000000..93dd8a0
--- /dev/null
+++ b/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "bd83dfbd467e8211ffe71d28"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.NevisProxyDeployable"
+ name: "operations nevisProxy Instance"
+ deploymentHosts: "proxy-sp"
+ label: "Operations"
+ properties:
+ defaultHostContext:
+ - "pattern://39ecde9a0d101628fed3e3be"
+ addons:
+ - "pattern://31ae68f6cc8ade7258adce8d"
diff --git a/patterns/saveEmailFromAssertionToSession_fbf7b18179dda28d420420fd.yml b/patterns/saveEmailFromAssertionToSession_fbf7b18179dda28d420420fd.yml
new file mode 100644
index 0000000..955b2df
--- /dev/null
+++ b/patterns/saveEmailFromAssertionToSession_fbf7b18179dda28d420420fd.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "fbf7b18179dda28d420420fd"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GroovyScriptStep"
+ name: "saveEmailFromAssertionToSession"
+ properties:
+ scriptFile: "res://fbf7b18179dda28d420420fd#scriptFile"
+ onSuccess:
+ - "pattern://12c979b6af0f15f1328656a4"
diff --git a/patterns/set_userExtId_Groovy_Script_Step_488949a743edb1f46f73f232.yml b/patterns/set_userExtId_Groovy_Script_Step_488949a743edb1f46f73f232.yml
new file mode 100644
index 0000000..f94f8cd
--- /dev/null
+++ b/patterns/set_userExtId_Groovy_Script_Step_488949a743edb1f46f73f232.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "488949a743edb1f46f73f232"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GroovyScriptStep"
+ name: "set userExtId Groovy Script Step"
+ label: "Operations"
+ properties:
+ scriptFile: "res://488949a743edb1f46f73f232#scriptFile"
+ onSuccess:
+ - "pattern://56955e7b6b92c254d7d1aae1"
+ onFailure:
+ - "pattern://700ec185425d8645fea2caf5"
diff --git a/variables.yml b/variables.yml
new file mode 100644
index 0000000..1166bae
--- /dev/null
+++ b/variables.yml
@@ -0,0 +1,776 @@
+schemaVersion: "1.0"
+variables:
+ admin-language-cookie-domain:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "contoso.org"
+ requireOverloading: true
+ agov_admin_idm-db-management:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "complete"
+ - "schema"
+ - "disabled"
+ value: "disabled"
+ requireOverloading: true
+ agov_operations_pem_signer-key-store-content:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ secretPreserving: true
+ value: null
+ requireOverloading: true
+ artreporting-backend-addresses:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ schemeInputMode: "OPTIONAL"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ value: "http://art-report-server:8080/art/"
+ requireOverloading: true
+ atb-sec-token-signer-pem-trust-store-trusted-certificates:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ secretPreserving: true
+ value: null
+ requireOverloading: true
+ azure_mariadb_ca-trusted-certificates:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ secretPreserving: true
+ value: null
+ requireOverloading: true
+ cert-login-root-ca:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.TextProperty"
+ parameters:
+ required: false
+ syntax: "YAML"
+ value: null
+ requireOverloading: true
+ cert-login-template-parameters:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.TextProperty"
+ parameters:
+ required: false
+ syntax: "YAML"
+ value: "caFile.pem"
+ requireOverloading: true
+ greenmail-backend-addresses:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ schemeInputMode: "OPTIONAL"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ value: "http://rainloop.adn-agov-mail-01-dev/"
+ requireOverloading: true
+ idm-admin-settings:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
+ parameters:
+ separators:
+ - "="
+ switchedSeparators: []
+ valueFormat: ".*"
+ value:
+ - application.feature.multiclientmode.enabled: "true"
+ - application.modules.auditing.enabled: "true"
+ - application.feature.email.validation.enabled: "false"
+ - application.generators.extid.client: "uuid"
+ - application.generators.extid.user: "uuid"
+ - application.generators.extid.profile: "uuid"
+ - application.generators.extid.unit: "uuid"
+ - application.generators.extid.credential: "uuid"
+ - application.generators.extid.application: "uuid"
+ - application.generators.extid.role: "uuid"
+ - application.generators.extid.policyconfig: "uuid"
+ - application.generators.extid.template: "uuid"
+ - application.generators.extid.enterpriserole: "uuid"
+ - application.generators.extid.authorization: "uuid"
+ - application.modules.event.autostartup.enabled: "false"
+ - application.modules.event.repeat.count: "0"
+ - application.modules.auditing.autostartup.enabled: "false"
+ - application.modules.auditing.repeat.count: "0"
+ - application.modules.provisioning.enabled: "false"
+ - database.connection.xa.enabled: "false"
+ - database.connection.pool.size.min: "10"
+ - database.connection.pool.size.max: "10"
+ - application.modules.reporting.separator: ";"
+ - application.modules.reporting.characterencoding: "ISO-8859-1"
+ - web.gui.facing.location: "/var/opt/nevisidm/default/conf/facing"
+ - web.gui.facing.cache.size: "10000"
+ requireOverloading: true
+ idm-batch-settings:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
+ parameters:
+ separators:
+ - "="
+ switchedSeparators: []
+ valueFormat: ".*"
+ value:
+ - application.feature.multiclientmode.enabled: "true"
+ - application.modules.auditing.enabled: "true"
+ - application.feature.email.validation.enabled: "false"
+ - application.generators.extid.client: "uuid"
+ - application.generators.extid.user: "uuid"
+ - application.generators.extid.profile: "uuid"
+ - application.generators.extid.unit: "uuid"
+ - application.generators.extid.credential: "uuid"
+ - application.generators.extid.application: "uuid"
+ - application.generators.extid.role: "uuid"
+ - application.generators.extid.policyconfig: "uuid"
+ - application.generators.extid.template: "uuid"
+ - application.generators.extid.enterpriserole: "uuid"
+ - application.generators.extid.authorization: "uuid"
+ - application.modules.auditing.autostartup.enabled: "true"
+ - application.modules.auditing.repeat.count: "-1"
+ - application.modules.event.autostartup.enabled: "true"
+ - application.modules.event.repeat.count: "-1"
+ - database.connection.xa.enabled: "false"
+ - application.modules.provisioning.enabled: "false"
+ - database.connection.pool.size.min: "5"
+ - database.connection.pool.size.max: "10"
+ - database.transaction.timeout: "60"
+ requireOverloading: true
+ idm_db-application-role:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ value: "RL_U_AGOV"
+ requireOverloading: true
+ idm_db-data-tablespace:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ value: "DATA_IDM"
+ requireOverloading: true
+ idm_db-database-connection-url:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: null
+ requireOverloading: true
+ idm_db-database-host:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.HostPortProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 2
+ portRequired: false
+ value: "mariadb-agov-dev.mariadb.database.azure.com:3306"
+ requireOverloading: true
+ idm_db-database-jdbc-driver:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ allowedFileName: ".*\\.jar"
+ value: null
+ requireOverloading: true
+ idm_db-database-name:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ value: "nevisidm_dev"
+ requireOverloading: true
+ idm_db-database-password:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ secret: true
+ value: "sample password"
+ requireOverloading: true
+ idm_db-database-type:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "MariaDB"
+ - "Oracle"
+ value: "Oracle"
+ requireOverloading: true
+ idm_db-database-user:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "adndbadmin"
+ requireOverloading: true
+ idm_db-database-volume-claim:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: null
+ requireOverloading: true
+ idm_db-index-tablespace:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ value: "INDEX_IDM"
+ requireOverloading: true
+ idm_db-owner-role:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ value: "RL_IDM_ADM"
+ requireOverloading: true
+ idm_db-root-credential:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "root-adn-agov-nevisidm-01-dev-idm"
+ requireOverloading: true
+ idm_db-root-credential-namespace:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "adn-agov-nevisidm-01-dev-idm"
+ requireOverloading: true
+ idm_db-tls-encryption:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "disabled"
+ - "trust"
+ - "verify-ca"
+ - "verify-full"
+ value: "trust"
+ requireOverloading: true
+ idm_db_tls_truststore-trusted-certificates:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ secretPreserving: true
+ value: null
+ requireOverloading: true
+ ingress_mtls_idmadmin-ca-secret:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "ca-secret"
+ requireOverloading: true
+ ingress_mtls_idmadmin-ca-secret-namespace:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "adn-agov-nevisidm-admin-01-dev"
+ requireOverloading: true
+ ingress_mtls_idmadmin-client-cert-authentication:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "enabled"
+ - "disabled"
+ - "optional"
+ - "optional_no_ca"
+ value: "enabled"
+ requireOverloading: true
+ ingress_mtls_idmadmin-client-cert-validation-depth:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.NumberProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ min: 1
+ max: 9
+ value: "2"
+ requireOverloading: true
+ ingress_mtls_idmadmin-ingress-class-name:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "nginx"
+ requireOverloading: true
+ nevisauth-log-settings-log-levels:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
+ parameters:
+ separators:
+ - "="
+ switchedSeparators: []
+ value:
+ - AuthEngine: "INFO"
+ - Vars: "WARN"
+ - IdmAuth: "WARN"
+ - Script: "WARN"
+ - StdAuth: "WARN"
+ requireOverloading: true
+ nevisidm-admin-custom-resources:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ value: null
+ requireOverloading: true
+ nevisidm-batch-log-settings-default-log-level:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ options:
+ - "ERROR"
+ - "WARN"
+ - "INFO"
+ - "DEBUG"
+ - "TRACE"
+ value: "INFO"
+ requireOverloading: true
+ nevisidm-batch-log-settings-log-levels:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
+ parameters:
+ separators:
+ - "="
+ switchedSeparators: []
+ value: null
+ requireOverloading: true
+ nevisidm-custom-property-client-external-id-counter:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "d9a334a6-b6f5-4982-a24e-13ae095a60fa"
+ requireOverloading: true
+ nevisidm-custom-property-svnr-client-external-id-agov:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
+ requireOverloading: true
+ nevisidm-custom-property-svnr-client-external-id-agovs:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: null
+ requireOverloading: true
+ nevisidm-encryption-key:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ secret: true
+ value: "this a sample password"
+ requireOverloading: true
+ nevisidm-log-settings-default-log-level:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ options:
+ - "ERROR"
+ - "WARN"
+ - "INFO"
+ - "DEBUG"
+ - "TRACE"
+ value: null
+ requireOverloading: true
+ nevisidm-log-settings-log-levels:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
+ parameters:
+ separators:
+ - "="
+ switchedSeparators: []
+ value:
+ - jcan.OpContent: "OFF"
+ - jcan.Op: "INFO"
+ - ch.nevis.ninja: "WARN"
+ - Ninja: "WARN"
+ - ch.adnovum.nevisidm.service.dbperformance: "INFO"
+ requireOverloading: true
+ nevisidm-mail-sender:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ format: "^\\S+@\\S+$"
+ value: "noreply-agov-dev@adnovum.ch"
+ requireOverloading: true
+ nevisidm-signer-truststore-trusted-certificates:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ secretPreserving: true
+ value: null
+ requireOverloading: true
+ nevisidm-smtp-host:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "greenmail.adn-agov-mail-01-dev.svc"
+ requireOverloading: true
+ nevisidm-smtp-password:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: null
+ requireOverloading: true
+ nevisidm-smtp-port:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.PortProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "3025"
+ requireOverloading: true
+ nevisidm-smtp-server:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.HostPortProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: "greenmail.adn-agov-mail-01-dev.svc"
+ requireOverloading: true
+ nevisidm-smtp-ssltls-mode:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ options:
+ - "disabled"
+ - "STARTTLS"
+ value: "disabled"
+ requireOverloading: true
+ nevisidm-smtp-user:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ value: null
+ requireOverloading: true
+ nevislogrend-configuration-logrendproperties:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
+ parameters: {}
+ value:
+ - cache.revalidate.delay: "60"
+ requireOverloading: true
+ observabilitysettings:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
+ parameters:
+ minRequired: 0
+ value:
+ - connectionString: "InstrumentationKey=00000000-0000-0000-0000-000000000000"
+ - tracesEndpoint: "http://otel-otel-collector.adn-agov-monitoring-01-dev:4318/v1/traces"
+ - metricsEndpoint: "http://otel-otel-collector.adn-agov-monitoring-01-dev:4318/v1/metrics"
+ - logsEndpoint: "http://otel-otel-collector.adn-agov-monitoring-01-dev:4318/v1/logs"
+ requireOverloading: true
+ op-admin-mod-security-mode-artreporting:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "off"
+ - "standard"
+ - "custom"
+ - "log only"
+ value: "log only"
+ requireOverloading: true
+ op-admin-mod-security-mode-canary-api:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "off"
+ - "standard"
+ - "custom"
+ - "log only"
+ value: "standard"
+ requireOverloading: true
+ op-admin-mod-security-mode-canary-app:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "off"
+ - "standard"
+ - "custom"
+ - "log only"
+ value: "standard"
+ requireOverloading: true
+ op-admin-mod-security-mode-greenmail:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "off"
+ - "standard"
+ - "custom"
+ - "log only"
+ value: "log only"
+ requireOverloading: true
+ op-admin-mod-security-mode-nevisidmgui:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ options:
+ - "off"
+ - "standard"
+ - "custom"
+ - "log only"
+ value: "log only"
+ requireOverloading: true
+ op-admin-mod-security-op-onboarding-log-only-mode:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ options:
+ - "enabled"
+ - "disabled"
+ value: "enabled"
+ requireOverloading: true
+ op-admin-mod-security-op-onboarding-paranoia-level:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ options:
+ - "1"
+ - "2"
+ - "3"
+ - "4"
+ value: "2"
+ requireOverloading: true
+ op-samlserviceprovider-parameters:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.TextProperty"
+ parameters:
+ required: false
+ syntax: "YAML"
+ value: "op.atb.ssoUrl: https://trustbroker.agov-d.azure.adnovum.net/adfs/ls\n\
+ op.onboarding.issuer: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING\n\
+ op.onboarding.consumerURL: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING"
+ requireOverloading: true
+ operations-admin-signer-pem-key-store-private-key-passphrase:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ secret: true
+ value: "sample password"
+ requireOverloading: true
+ proxyobservabilitysettings-metricsEndpoint:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ schemeInputMode: "NONE"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "REQUIRED"
+ pathInputMode: "NONE"
+ value: "otel-otel-collector.adn-agov-monitoring-01-dev:4318"
+ requireOverloading: true
+ proxyobservabilitysettings-tracesEndpoint:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ schemeInputMode: "NONE"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "REQUIRED"
+ pathInputMode: "NONE"
+ value: "otel-otel-collector.adn-agov-monitoring-01-dev:4318"
+ requireOverloading: true
+ saml-idp-admin-connector-idp-issuer:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ format: "^[^\\s,]*$"
+ value: "https://trustbroker.agov-d.azure.adnovum.net"
+ requireOverloading: true
+ saml-idp-admin-connector-idp-url:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ schemeInputMode: "OPTIONAL"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "OPTIONAL"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ queryInputMode: "OPTIONAL"
+ value: "https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"
+ requireOverloading: true
+ saml-idp-admin-connector-properties:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AuthStateProperty"
+ parameters:
+ separators:
+ - "->"
+ - "="
+ switchedSeparators: []
+ problematicSeparator: "->"
+ value:
+ - out.authnContextClassRef: "urn:qa.agov.ch:names:tc:ac:classes:300"
+ - out.sign: "AuthnRequest,LogoutRequest"
+ requireOverloading: true
+ saml-idp-admin-connector-trusted-signer:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ value: null
+ requireOverloading: true
+ saml-idp-op-connector-custom-properties:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AuthStateProperty"
+ parameters:
+ separators:
+ - "->"
+ - "="
+ switchedSeparators: []
+ problematicSeparator: "->"
+ value: null
+ requireOverloading: true
+ saml-idp-op-connector-idp-issuer:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ format: "^[^\\s,]*$"
+ value: "https://idp-priv.agov.admin.ch"
+ requireOverloading: true
+ saml-idp-op-connector-idp-url:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ schemeInputMode: "OPTIONAL"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "OPTIONAL"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ queryInputMode: "OPTIONAL"
+ value: "https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"
+ requireOverloading: true
+ saml-idp-op-connector-properties:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AuthStateProperty"
+ parameters:
+ separators:
+ - "->"
+ - "="
+ switchedSeparators: []
+ problematicSeparator: "->"
+ value:
+ - out.authnContextClassRef: "urn:qa.agov.ch:names:tc:ac:classes:300"
+ - out.sign: "AuthnRequest,LogoutRequest"
+ requireOverloading: true
+ saml-idp-op-connector-trusted-signer:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ value: null
+ requireOverloading: true
+ saml-idp-root-connector-idp-issuer:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ format: "^[^\\s,]*$"
+ value: null
+ requireOverloading: true
+ saml-idp-root-connector-idp-url:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ schemeInputMode: "OPTIONAL"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "OPTIONAL"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ queryInputMode: "OPTIONAL"
+ value: null
+ requireOverloading: true
+ saml-sp-nevisidm-admin-realm-saml-issuer:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ format: "^[^\\s,]*$"
+ value: "https://admin.agov-d.azure.adnovum.net/SAML2/ACS/"
+ requireOverloading: true
+ saml-sp-nevisidm-operations-realm-saml-issuer:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 1
+ maxAllowed: 1
+ format: "^[^\\s,]*$"
+ value: "https://op.agov-d.azure.adnovum.net/SAML2/ACS/"
+ requireOverloading: true
+ technical_trust_store-additional-trusted-certificates:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ value: null
+ requireOverloading: true
+ virtual_host_idmadmin-frontend-addresses:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ schemeInputMode: "REQUIRED"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ value: "https://admin.agov-d.azure.adnovum.net"
+ requireOverloading: true
+ virtual_host_idmoperations-frontend-addresses:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ schemeInputMode: "REQUIRED"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ value: "https://op.agov-d.azure.adnovum.net"
+ requireOverloading: true
+ web-application-canarypage-backend-backend-addresses:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ schemeInputMode: "OPTIONAL"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ value: "http://service.namespace:8081/url"
+ requireOverloading: true
+ web-application-canarypage-backend-frontend-addresses:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ schemeInputMode: "OPTIONAL"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ value: "http://connect-application.adn-agov-connect-01-dev:8080/connect/canary-page"
+ requireOverloading: true