adn-agov-iam-admin-project/patterns/24cbc652d3166c8374eda3cd_au.../UpdateUserIfNeeded.xml

61 lines
4.7 KiB
XML

<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="false">
<ResultCond name="emailaddressDidntChange,givennameDidntChange,surnameDidntChange,languageDidntChange" next="${state.done}"/>
<ResultCond name="default" next="${state.entry}_Update"/>
<Response value="AUTH_ERROR"/>
<property name="condition:emailaddressDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress', 'missing').equals(sess.get('ch.nevis.idm.User.email')) }"/>
<property name="condition:givennameDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname', 'missing').equals(sess.get('ch.nevis.idm.User.firstName')) }"/>
<property name="condition:surnameDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname', 'missing').equals(sess.get('ch.nevis.idm.User.lastName')) }"/>
<property name="condition:languageDidntChange" value="#{ notes.getProperty('saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance', 'missing').equals(sess.get('ch.nevis.idm.User.language')) }"/>
</AuthState>
<AuthState name="${state.entry}_Update" class="ch.nevis.idm.authstate.IdmSetPropertiesState" final="false" resumeState="false">
<ResultCond name="emailExists" next="${state.entry}_AuditError"/>
<ResultCond name="inputInvalid" next="${state.entry}_AuditError"/>
<ResultCond name="inputMissing" next="${state.entry}_AuditError"/>
<ResultCond name="loginIdExists" next="${state.entry}_AuditError"/>
<ResultCond name="userIdExists" next="${state.entry}_AuditError"/>
<ResultCond name="ok" next="${state.entry}_AuditUpdate"/>
<Response value="AUTH_ERROR">
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<property name="user.loginid" value="${sess:ch.adnovum.nevisidm.user.loginId}"/>
<property name="client.name" value="${sess:ch.adnovum.nevisidm.clientName}"/>
<property name="user.attributes.optional" value="email,firstName,name,language"/>
<property name="user.attributes.mandatory" value="remarks"/>
<property name="user.attribute.email" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress}"/>
<property name="user.attribute.firstName" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname}"/>
<property name="user.attribute.name" value="${notes|saml.attributes.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname}"/>
<property name="user.attribute.language" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance}"/>
<property name="user.attribute.remarks" value="Updated based on assertion '${sess:ch.nevis.auth.saml.assertion.id}' (Request-ID: ${inctx:connection.HttpHeader.X-Request-ID})"/>
<property name="user.attributes.overwrite" value="email,firstName,name,language,remarks"/>
<property name="allowInvalidUserEmails" value="true"/>
</AuthState>
<AuthState name="${state.entry}_AuditUpdate" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<ResultCond name="default" next="${state.done}"/>
<Response value="AUTH_CONTINUE"/>
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
<property name="script" value="
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';
LOG.info(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'&quot;);
"/>
</AuthState>
<AuthState name="${state.entry}_AuditError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<Response value="AUTH_ERROR">
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<property name="scriptTraceGroup" value="AGOVOP-ACCT"/>
<property name="script" value="
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown';
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown';
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown';
LOG.error(&quot;Event='USERUPDATE', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', error='failed to update user in IDM', lasterrorinfo='${lasterrorinfo}'&quot;);
response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_ERROR);
"/>
</AuthState>