diff --git a/bundles.yml b/bundles.yml
index 7783fa0..8b092fd 100644
--- a/bundles.yml
+++ b/bundles.yml
@@ -1,13 +1,13 @@
schemaVersion: "1.0"
bundles:
-- "nevisadmin-plugin-base-generation:8.2411.2.rc2"
-- "nevisadmin-plugin-nevisproxy:8.2411.2.rc2"
-- "nevisadmin-plugin-nevisauth:8.2411.2.rc2"
-- "nevisadmin-plugin-nevisidm:8.2411.2.rc2"
-- "nevisadmin-plugin-mobile-auth:8.2411.2.rc2"
-- "nevisadmin-plugin-fido2:8.2411.2.rc2"
-- "nevisadmin-plugin-nevisadapt:8.2411.2.rc2"
-- "nevisadmin-plugin-nevisdetect:8.2411.2.rc2"
-- "nevisadmin-plugin-oauth:8.2411.2.rc2"
-- "nevisadmin-plugin-authcloud:8.2411.2.rc2"
-- "nevisadmin-plugin-nevisdp:8.2411.2.rc2"
+- "nevisadmin-plugin-authcloud:8.2411.2.4"
+- "nevisadmin-plugin-base-generation:8.2411.2.4"
+- "nevisadmin-plugin-fido2:8.2411.2.4"
+- "nevisadmin-plugin-mobile-auth:8.2411.2.4"
+- "nevisadmin-plugin-nevisadapt:8.2411.2.4"
+- "nevisadmin-plugin-nevisauth:8.2411.2.4"
+- "nevisadmin-plugin-nevisdetect:8.2411.2.4"
+- "nevisadmin-plugin-nevisdp:8.2411.2.4"
+- "nevisadmin-plugin-nevisidm:8.2411.2.4"
+- "nevisadmin-plugin-nevisproxy:8.2411.2.4"
+- "nevisadmin-plugin-oauth:8.2411.2.4"
diff --git a/patterns/0f6977caedca600b17221f0a_authStatesFile/Ident_ProcessAndDispatch.xml b/patterns/0f6977caedca600b17221f0a_authStatesFile/Ident_ProcessAndDispatch.xml
new file mode 100644
index 0000000..20d671f
--- /dev/null
+++ b/patterns/0f6977caedca600b17221f0a_authStatesFile/Ident_ProcessAndDispatch.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/0f6977caedca600b17221f0a_resources/IdentProcessAndDispatch.groovy b/patterns/0f6977caedca600b17221f0a_resources/IdentProcessAndDispatch.groovy
new file mode 100644
index 0000000..15f0f09
--- /dev/null
+++ b/patterns/0f6977caedca600b17221f0a_resources/IdentProcessAndDispatch.groovy
@@ -0,0 +1,79 @@
+import groovy.json.JsonSlurper
+
+def cleanSession(boolean rpcodeToo) {
+ def s = request.getAuthSession(true)
+
+ if (rpcodeToo) {
+ s.removeAttribute('agov.ident.rpcode.backup')
+ s.removeAttribute('agov.ident.rpcode')
+ s.removeAttribute('agov.ident.entityId')
+ }
+ def sessionKeySet = new HashSet(session.keySet())
+ sessionKeySet.each { key ->
+ if ( key ==~ /ch.nevis.auth.saml..*/ ) {
+ LOG.debug("Deleted session attribute '${key}'")
+ s.removeAttribute(key)
+ }
+ }
+}
+
+// for auditing
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+def referer = request.getLoginContext()['connection.HttpHeader.referer'] ?: request.getLoginContext()['connection.HttpHeader' +
+ '.Referer'] ?: '-'
+def origin = request.getLoginContext()['connection.HttpHeader.origin'] ?: request.getLoginContext()['connection.HttpHeader' +
+ '.Origin'] ?: '-'
+
+// 0) clean up, if we have a SAML Response in session
+if (session['ch.nevis.auth.saml.response.id']) {
+ // keep rpcode in session, if retrying after SAML error
+ def keepRpcode = session['ch.nevis.auth.saml.response.statusCode'] == 'urn:oasis:names:tc:SAML:2.0:status:Responder'
+ cleanSession(!keepRpcode)
+}
+
+// 1) we need to know the code of the RP
+def rpcode = inargs['rpcode'] ?: inargs['RelayState'] ?: session['agov.ident.rpcode']
+def rpcodeBackup = session['agov.ident.rpcode']
+def rpentity = '-'
+
+if (rpcode)
+{
+ if (rpcodeBackup) {
+ response.setSessionAttribute('agov.ident.rpcode.backup', rpcodeBackup)
+ }
+ response.setSessionAttribute('agov.ident.rpcode', rpcode)
+} else {
+ cleanSession(true)
+ LOG.info("Event='IDENT-INVALIDREQ', rpcode='missing', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', Origin='${origin}'")
+ response.setResult('inavlidurl')
+ return
+}
+
+// 2) load rp settings in session (if needed)
+if (rpcode != rpcodeBackup) {
+ def slurper = new JsonSlurper()
+ def rpMap = slurper.parseText(parameters['rpcode.list'])
+ LOG.debug(">>> rpMaP: ${rpMap}")
+ if (!rpMap[rpcode]) {
+ cleanSession(true)
+ LOG.info("Event='IDENT-INVALIDREQ', rpcode='${rpcode}', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', Origin='${origin}'")
+ response.setResult('inavlidurl')
+ return
+ }
+ rpentity=rpMap[rpcode]
+ response.setSessionAttribute('agov.ident.entityId', rpMap[rpcode])
+}
+
+// 3) if we have a response ...
+if (inargs['SAMLResponse']) {
+ response.setResult('processResponse')
+ return
+}
+
+// 4) otherwise
+LOG.info("Event='IDENT-INITREQ', rpcode='${rpcode}', rpentity='${rpentity}', SourceIp=${sourceIp}, UserAgent=${userAgent}, Referer='${referer}', " +
+ "Origin='${origin}'")
+response.setResult('sendAuthnRequest')
+return
+
diff --git a/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip b/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip
index 066020a..68613de 100644
Binary files a/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip and b/patterns/1200a58c76686d520c21edb0_resources/resources-op.zip differ
diff --git a/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip b/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip
index 066020a..68613de 100644
Binary files a/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip and b/patterns/39ecde9a0d101628fed3e3be_resources/resources-op.zip differ
diff --git a/patterns/3fd09bb6cfbd34874595c263_labels/labels.zip b/patterns/3fd09bb6cfbd34874595c263_labels/labels.zip
new file mode 100644
index 0000000..d8768dc
Binary files /dev/null and b/patterns/3fd09bb6cfbd34874595c263_labels/labels.zip differ
diff --git a/patterns/3fd09bb6cfbd34874595c263_template/webdata.zip b/patterns/3fd09bb6cfbd34874595c263_template/webdata.zip
new file mode 100644
index 0000000..99fdfca
Binary files /dev/null and b/patterns/3fd09bb6cfbd34874595c263_template/webdata.zip differ
diff --git a/patterns/6df66943ca713eed2a25d935_labels/labels.zip b/patterns/6df66943ca713eed2a25d935_labels/labels.zip
index e3328b9..d8768dc 100644
Binary files a/patterns/6df66943ca713eed2a25d935_labels/labels.zip and b/patterns/6df66943ca713eed2a25d935_labels/labels.zip differ
diff --git a/patterns/6df66943ca713eed2a25d935_template/webdata.zip b/patterns/6df66943ca713eed2a25d935_template/webdata.zip
index 9c3cd16..99fdfca 100644
Binary files a/patterns/6df66943ca713eed2a25d935_template/webdata.zip and b/patterns/6df66943ca713eed2a25d935_template/webdata.zip differ
diff --git a/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip b/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip
index e3328b9..d8768dc 100644
Binary files a/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip and b/patterns/6f9c9f982dcc7ef59a34f1f7_labels/labels.zip differ
diff --git a/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip b/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip
index 9c3cd16..99fdfca 100644
Binary files a/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip and b/patterns/6f9c9f982dcc7ef59a34f1f7_template/webdata.zip differ
diff --git a/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip b/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip
index e3328b9..d8768dc 100644
Binary files a/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip and b/patterns/7518c6cc61e47eec6322ae17_labels/labels.zip differ
diff --git a/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip b/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip
index 9c3cd16..99fdfca 100644
Binary files a/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip and b/patterns/7518c6cc61e47eec6322ae17_template/webdata.zip differ
diff --git a/patterns/816a1456192f974b57418ca9_resources/resources-op.zip b/patterns/816a1456192f974b57418ca9_resources/resources-op.zip
new file mode 100644
index 0000000..68613de
Binary files /dev/null and b/patterns/816a1456192f974b57418ca9_resources/resources-op.zip differ
diff --git a/patterns/AGOV_Ident_Signer_KeyStore_f739deb8632efc4ff0c2a21d.yml b/patterns/AGOV_Ident_Signer_KeyStore_f739deb8632efc4ff0c2a21d.yml
new file mode 100644
index 0000000..de98b25
--- /dev/null
+++ b/patterns/AGOV_Ident_Signer_KeyStore_f739deb8632efc4ff0c2a21d.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "f739deb8632efc4ff0c2a21d"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.PemKeyStoreProvider"
+ name: "AGOV_Ident_Signer_KeyStore"
+ label: "IDENT"
+ properties:
+ keystoreFiles: "var://agov_ident_signer_keystore"
+ keyPass: "var://agov_ident_signer_passphrase"
diff --git a/patterns/GreenMail_f010ec68088ebd56349c7135.yml b/patterns/GreenMail_f010ec68088ebd56349c7135.yml
index 0f2dab6..f434991 100644
--- a/patterns/GreenMail_f010ec68088ebd56349c7135.yml
+++ b/patterns/GreenMail_f010ec68088ebd56349c7135.yml
@@ -10,10 +10,10 @@ pattern:
realm:
- "pattern://7518c6cc61e47eec6322ae17"
addons:
- - "pattern://4c0d206244a4e16e9aa49f5c"
+ - "pattern://a6db9f243e2ecabfba832868"
backends: "var://greenmail-backend-addresses"
hostnameCheck: "disabled"
hostHeader: "backend"
- responseRewrite: "header"
+ responseRewrite: "var://greenmail-response-rewriting"
csrf: "off"
requestValidation: "var://op-admin-mod-security-mode-greenmail"
diff --git a/patterns/IDENT-AuthenticationRealm_3fd09bb6cfbd34874595c263.yml b/patterns/IDENT-AuthenticationRealm_3fd09bb6cfbd34874595c263.yml
new file mode 100644
index 0000000..cd60384
--- /dev/null
+++ b/patterns/IDENT-AuthenticationRealm_3fd09bb6cfbd34874595c263.yml
@@ -0,0 +1,16 @@
+schemaVersion: "1.0"
+pattern:
+ id: "3fd09bb6cfbd34874595c263"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm"
+ name: "IDENT-AuthenticationRealm"
+ label: "IDENT"
+ properties:
+ authenticate:
+ - "pattern://0f6977caedca600b17221f0a"
+ auth:
+ - "pattern://ac27dd7daad0ca2b7229bfaf"
+ logrend:
+ - "pattern://8401da6318c6915d689cdfc9"
+ template: "res://3fd09bb6cfbd34874595c263#template"
+ labels: "res://3fd09bb6cfbd34874595c263#labels"
+ defaultProperties: "var://nevislogrend-configuration-logrendproperties"
diff --git a/patterns/IDENT-Entry-Point_6977f8a683f63744bbd56d69.yml b/patterns/IDENT-Entry-Point_6977f8a683f63744bbd56d69.yml
new file mode 100644
index 0000000..10be980
--- /dev/null
+++ b/patterns/IDENT-Entry-Point_6977f8a683f63744bbd56d69.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "6977f8a683f63744bbd56d69"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.AuthenticationFlow"
+ name: "IDENT-Entry-Point"
+ label: "IDENT"
+ properties:
+ host:
+ - "pattern://816a1456192f974b57418ca9"
+ path: "exact:/process"
+ realm:
+ - "pattern://3fd09bb6cfbd34874595c263"
diff --git a/patterns/IDENT-Failed-WithRetry_ea2c110e0adfa95722c2cc99.yml b/patterns/IDENT-Failed-WithRetry_ea2c110e0adfa95722c2cc99.yml
new file mode 100644
index 0000000..01234f8
--- /dev/null
+++ b/patterns/IDENT-Failed-WithRetry_ea2c110e0adfa95722c2cc99.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "ea2c110e0adfa95722c2cc99"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.UserInformation"
+ name: "IDENT-Failed-WithRetry"
+ label: "IDENT"
+ properties:
+ messageType: "warning"
+ buttonType: "submit"
+ onSubmit:
+ - "pattern://0f6977caedca600b17221f0a"
diff --git a/patterns/IDENT-Failed_026e4ae8ef4cc5496a7fe8c6.yml b/patterns/IDENT-Failed_026e4ae8ef4cc5496a7fe8c6.yml
new file mode 100644
index 0000000..2e14cb0
--- /dev/null
+++ b/patterns/IDENT-Failed_026e4ae8ef4cc5496a7fe8c6.yml
@@ -0,0 +1,9 @@
+schemaVersion: "1.0"
+pattern:
+ id: "026e4ae8ef4cc5496a7fe8c6"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.UserInformation"
+ name: "IDENT-Failed"
+ label: "IDENT"
+ properties:
+ messageType: "error"
+ buttonType: "none"
diff --git a/patterns/IDENT-Process-and-Dispatch_0f6977caedca600b17221f0a.yml b/patterns/IDENT-Process-and-Dispatch_0f6977caedca600b17221f0a.yml
new file mode 100644
index 0000000..b8839e2
--- /dev/null
+++ b/patterns/IDENT-Process-and-Dispatch_0f6977caedca600b17221f0a.yml
@@ -0,0 +1,14 @@
+schemaVersion: "1.0"
+pattern:
+ id: "0f6977caedca600b17221f0a"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "IDENT-Process-and-Dispatch"
+ label: "IDENT"
+ properties:
+ authStatesFile: "res://0f6977caedca600b17221f0a#authStatesFile"
+ onFailure:
+ - "pattern://026e4ae8ef4cc5496a7fe8c6"
+ nextSteps:
+ - "pattern://dce20cc904f88df4b77f93d9"
+ - "pattern://ac1151fe6a973b135fd4a460"
+ resources: "res://0f6977caedca600b17221f0a#resources"
diff --git a/patterns/IDENT-SamlServiceProvider-AuthnRequest_dce20cc904f88df4b77f93d9.yml b/patterns/IDENT-SamlServiceProvider-AuthnRequest_dce20cc904f88df4b77f93d9.yml
new file mode 100644
index 0000000..f85c05d
--- /dev/null
+++ b/patterns/IDENT-SamlServiceProvider-AuthnRequest_dce20cc904f88df4b77f93d9.yml
@@ -0,0 +1,11 @@
+schemaVersion: "1.0"
+pattern:
+ id: "dce20cc904f88df4b77f93d9"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "IDENT-SamlServiceProvider-AuthnRequest"
+ label: "IDENT"
+ properties:
+ authStatesFile: "res://dce20cc904f88df4b77f93d9#authStatesFile"
+ parameters: "var://op-samlserviceprovider-parameters"
+ keyObjects:
+ - "pattern://6589067d403de8c65bcdcb16"
diff --git a/patterns/IDENT-SamlServiceProvider-ProcessResponse_ac1151fe6a973b135fd4a460.yml b/patterns/IDENT-SamlServiceProvider-ProcessResponse_ac1151fe6a973b135fd4a460.yml
new file mode 100644
index 0000000..9ce1b32
--- /dev/null
+++ b/patterns/IDENT-SamlServiceProvider-ProcessResponse_ac1151fe6a973b135fd4a460.yml
@@ -0,0 +1,13 @@
+schemaVersion: "1.0"
+pattern:
+ id: "ac1151fe6a973b135fd4a460"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
+ name: "IDENT-SamlServiceProvider-ProcessResponse"
+ label: "IDENT"
+ properties:
+ authStatesFile: "res://ac1151fe6a973b135fd4a460#authStatesFile"
+ parameters: "var://op-samlserviceprovider-parameters"
+ onSuccess:
+ - "pattern://5f2cdff72cb899bff468ad90"
+ onFailure:
+ - "pattern://ea2c110e0adfa95722c2cc99"
diff --git a/patterns/IDENT-Succeeded_5f2cdff72cb899bff468ad90.yml b/patterns/IDENT-Succeeded_5f2cdff72cb899bff468ad90.yml
new file mode 100644
index 0000000..802c58c
--- /dev/null
+++ b/patterns/IDENT-Succeeded_5f2cdff72cb899bff468ad90.yml
@@ -0,0 +1,10 @@
+schemaVersion: "1.0"
+pattern:
+ id: "5f2cdff72cb899bff468ad90"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.UserInformation"
+ name: "IDENT-Succeeded"
+ label: "IDENT"
+ properties:
+ messageType: "info"
+ label: "not-used"
+ buttonType: "none"
diff --git a/patterns/IDENT_Signer_KeyObject_6589067d403de8c65bcdcb16.yml b/patterns/IDENT_Signer_KeyObject_6589067d403de8c65bcdcb16.yml
new file mode 100644
index 0000000..b4719e9
--- /dev/null
+++ b/patterns/IDENT_Signer_KeyObject_6589067d403de8c65bcdcb16.yml
@@ -0,0 +1,12 @@
+schemaVersion: "1.0"
+pattern:
+ id: "6589067d403de8c65bcdcb16"
+ className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.KeyObject"
+ name: "IDENT_Signer_KeyObject"
+ label: "IDENT"
+ properties:
+ keyObjectId: "AGOV_IDENT_SIGNER"
+ keyStoreName: "AGOV_IDENT_KS"
+ type: "keystore"
+ keyStore:
+ - "pattern://f739deb8632efc4ff0c2a21d"
diff --git a/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml b/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml
index 63a9967..0174f52 100644
--- a/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml
+++ b/patterns/OP-ONBRDNG-AuthenticationRealm_6df66943ca713eed2a25d935.yml
@@ -3,6 +3,7 @@ pattern:
id: "6df66943ca713eed2a25d935"
className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.NevisAuthRealm"
name: "OP-ONBRDNG-AuthenticationRealm"
+ label: "OP-ONBRDNG"
properties:
authenticate:
- "pattern://2787b678d9cce5310a335419"
diff --git a/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml b/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml
index 3043b28..e2d4ac7 100644
--- a/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml
+++ b/patterns/OP-ONBRDNG-Entry-Point_9415bf61610843e0f5c77e39.yml
@@ -3,6 +3,7 @@ pattern:
id: "9415bf61610843e0f5c77e39"
className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.AuthenticationFlow"
name: "OP-ONBRDNG-Entry-Point"
+ label: "OP-ONBRDNG"
properties:
host:
- "pattern://39ecde9a0d101628fed3e3be"
diff --git a/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml b/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml
index fd0a821..742fdfe 100644
--- a/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml
+++ b/patterns/OP-ONBRDNG-ModSecuritySettings_f02bc0de60aad829670e4c5b.yml
@@ -3,6 +3,7 @@ pattern:
id: "f02bc0de60aad829670e4c5b"
className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.RequestValidationSettings"
name: "OP-ONBRDNG-ModSecuritySettings"
+ label: "OP-ONBRDNG"
properties:
scope: "all"
logOnlyMode: "var://op-admin-mod-security-op-onboarding-log-only-mode"
diff --git a/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml b/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml
index 3e3253a..eeccc6b 100644
--- a/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml
+++ b/patterns/OP-ONBRDNG-PostProcessing_fd3912c7af7a88b6342a4c78.yml
@@ -3,6 +3,7 @@ pattern:
id: "fd3912c7af7a88b6342a4c78"
className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
name: "OP-ONBRDNG-PostProcessing"
+ label: "OP-ONBRDNG"
properties:
authStatesFile: "res://fd3912c7af7a88b6342a4c78#authStatesFile"
onSuccess:
diff --git a/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml b/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml
index 2b4ec0a..cf33a6d 100644
--- a/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml
+++ b/patterns/OP-ONBRDNG-PreProcessing_2787b678d9cce5310a335419.yml
@@ -3,6 +3,7 @@ pattern:
id: "2787b678d9cce5310a335419"
className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
name: "OP-ONBRDNG-PreProcessing"
+ label: "OP-ONBRDNG"
properties:
authStatesFile: "res://2787b678d9cce5310a335419#authStatesFile"
nextSteps:
diff --git a/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml b/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml
index a5a1d9d..cd7fc05 100644
--- a/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml
+++ b/patterns/OP-ONBRDNG-SamlServiceProvider-AuthnRequest_d56823f55065139ba437dc5c.yml
@@ -3,6 +3,7 @@ pattern:
id: "d56823f55065139ba437dc5c"
className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
name: "OP-ONBRDNG-SamlServiceProvider-AuthnRequest"
+ label: "OP-ONBRDNG"
properties:
authStatesFile: "res://d56823f55065139ba437dc5c#authStatesFile"
parameters: "var://op-samlserviceprovider-parameters"
diff --git a/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml b/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml
index f0f0b87..f35eeee 100644
--- a/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml
+++ b/patterns/OP-ONBRDNG-SamlServiceProvider-ProcessResponse_9be76d365909bb2ec294569c.yml
@@ -3,6 +3,7 @@ pattern:
id: "9be76d365909bb2ec294569c"
className: "ch.nevis.admin.v4.plugin.nevisauth.patterns2.GenericAuthenticationStep"
name: "OP-ONBRDNG-SamlServiceProvider-ProcessResponse"
+ label: "OP-ONBRDNG"
properties:
authStatesFile: "res://9be76d365909bb2ec294569c#authStatesFile"
parameters: "var://op-samlserviceprovider-parameters"
diff --git a/patterns/Virtual_Host_AgovIdent_816a1456192f974b57418ca9.yml b/patterns/Virtual_Host_AgovIdent_816a1456192f974b57418ca9.yml
new file mode 100644
index 0000000..db694cb
--- /dev/null
+++ b/patterns/Virtual_Host_AgovIdent_816a1456192f974b57418ca9.yml
@@ -0,0 +1,17 @@
+schemaVersion: "1.0"
+pattern:
+ id: "816a1456192f974b57418ca9"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HostContext"
+ name: "Virtual_Host_AgovIdent"
+ label: "IDENT"
+ properties:
+ proxy:
+ - "pattern://bd83dfbd467e8211ffe71d28"
+ addresses: "var://virtual_host_agovident-frontend-addresses"
+ defaultEntry: "/process"
+ resources: "res://816a1456192f974b57418ca9#resources"
+ securityHeaders: "custom"
+ trailingSlashRedirect: "disabled"
+ addons:
+ - "pattern://58ece0328f5bf4d78e1a82d2"
+ - "pattern://36886a1934993d1f69690e1d"
diff --git a/patterns/_GreenMail-OP-Headers_4c0d206244a4e16e9aa49f5c.yml b/patterns/_GreenMail-OP-Headers_a6db9f243e2ecabfba832868.yml
similarity index 87%
rename from patterns/_GreenMail-OP-Headers_4c0d206244a4e16e9aa49f5c.yml
rename to patterns/_GreenMail-OP-Headers_a6db9f243e2ecabfba832868.yml
index 4048d52..a84cd7e 100644
--- a/patterns/_GreenMail-OP-Headers_4c0d206244a4e16e9aa49f5c.yml
+++ b/patterns/_GreenMail-OP-Headers_a6db9f243e2ecabfba832868.yml
@@ -1,6 +1,6 @@
schemaVersion: "1.0"
pattern:
- id: "4c0d206244a4e16e9aa49f5c"
+ id: "a6db9f243e2ecabfba832868"
className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.HeaderCustomization"
name: " GreenMail-OP-Headers"
properties:
diff --git a/patterns/ac1151fe6a973b135fd4a460_authStatesFile/Ident_SamlResponseProcessing.xml b/patterns/ac1151fe6a973b135fd4a460_authStatesFile/Ident_SamlResponseProcessing.xml
new file mode 100644
index 0000000..bf6d49d
--- /dev/null
+++ b/patterns/ac1151fe6a973b135fd4a460_authStatesFile/Ident_SamlResponseProcessing.xml
@@ -0,0 +1,20 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/dce20cc904f88df4b77f93d9_authStatesFile/Ident_SamlServiceProvider.xml b/patterns/dce20cc904f88df4b77f93d9_authStatesFile/Ident_SamlServiceProvider.xml
new file mode 100644
index 0000000..9b2afa2
--- /dev/null
+++ b/patterns/dce20cc904f88df4b77f93d9_authStatesFile/Ident_SamlServiceProvider.xml
@@ -0,0 +1,26 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml b/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml
index f83c879..89bf75c 100644
--- a/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml
+++ b/patterns/nevisIdm_sectoken_Truststore_c4f291a121b2d19157049cdc.yml
@@ -6,4 +6,3 @@ pattern:
properties:
keystore:
- "pattern://02cc34b35d83a306f48abe47"
- truststoreFile: "var://nevisidm-signer-truststore-trusted-certificates"
diff --git a/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml b/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml
index ea6e54a..c543971 100644
--- a/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml
+++ b/patterns/operations_nevisProxy_Instance_bd83dfbd467e8211ffe71d28.yml
@@ -6,6 +6,8 @@ pattern:
deploymentHosts: "proxy-sp"
label: "Operations"
properties:
+ logging:
+ - "pattern://92be6cb7c75ce097f0219577"
defaultHostContext:
- "pattern://39ecde9a0d101628fed3e3be"
addons:
diff --git a/patterns/operations_nevisProxy_Log_Settings_92be6cb7c75ce097f0219577.yml b/patterns/operations_nevisProxy_Log_Settings_92be6cb7c75ce097f0219577.yml
new file mode 100644
index 0000000..5746266
--- /dev/null
+++ b/patterns/operations_nevisProxy_Log_Settings_92be6cb7c75ce097f0219577.yml
@@ -0,0 +1,10 @@
+schemaVersion: "1.0"
+pattern:
+ id: "92be6cb7c75ce097f0219577"
+ className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.CustomProxyLogFile"
+ name: "operations nevisProxy Log Settings"
+ properties:
+ logLevel: "NOTICE"
+ logLevelParameters:
+ - NavajoRequ: "DEBUG"
+ - NavajoStar: "DEBUG"
diff --git a/variables.yml b/variables.yml
index 256473a..9744750 100644
--- a/variables.yml
+++ b/variables.yml
@@ -18,6 +18,21 @@ variables:
- "disabled"
value: "disabled"
requireOverloading: true
+ agov_ident_signer_keystore:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
+ parameters:
+ minRequired: 0
+ secretPreserving: true
+ value: null
+ requireOverloading: true
+ agov_ident_signer_passphrase:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ secret: true
+ value: "sample password"
+ requireOverloading: true
agov_operations_pem_signer-key-store-content:
className: "ch.nevis.admin.v4.plugin.base.generation.property.AttachmentProperty"
parameters:
@@ -126,6 +141,18 @@ variables:
value:
- X-Frame-Options: "DENY"
requireOverloading: true
+ greenmail-response-rewriting:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
+ parameters:
+ minRequired: 0
+ maxAllowed: 1
+ options:
+ - "off"
+ - "header"
+ - "complete"
+ - "custom"
+ value: "header"
+ requireOverloading: true
idm-admin-settings:
className: "ch.nevis.admin.v4.plugin.base.generation.property.KeyValueProperty"
parameters:
@@ -677,7 +704,8 @@ variables:
syntax: "YAML"
value: "op.atb.ssoUrl: https://trustbroker.agov-d.azure.adnovum.net/adfs/ls\n\
op.onboarding.issuer: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING\n\
- op.onboarding.consumerURL: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING"
+ op.onboarding.consumerURL: https://op.agov-d.azure.adnovum.net/AUTH/ONBOARDING\n\
+ op.ident.consumerURL: https://ident.agov-d.azure.adnovum.net/process"
requireOverloading: true
operations-admin-signer-pem-key-store-private-key-passphrase:
className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
@@ -885,6 +913,17 @@ variables:
\ accounts (100d no activity)\"/>\n \n"
requireOverloading: true
+ virtual_host_agovident-frontend-addresses:
+ className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+ parameters:
+ minRequired: 1
+ schemeInputMode: "REQUIRED"
+ allowedSchemes: "http,https"
+ hostNameInputMode: "REQUIRED"
+ portInputMode: "OPTIONAL"
+ pathInputMode: "OPTIONAL"
+ value: "https://ident.agov-w.azure.adnovum.net/"
+ requireOverloading: true
virtual_host_idmadmin-frontend-addresses:
className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
parameters: