33 lines
1.8 KiB
Groovy
33 lines
1.8 KiB
Groovy
try {
|
|
def s = request.getAuthSession(true)
|
|
|
|
LOG.info("operationsExtId: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']}")
|
|
LOG.info("operationsUserProfileExtIdList: ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']}")
|
|
|
|
|
|
if (notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'] == null || notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'] == null) {
|
|
LOG.error("[OPACCESS] User ${notes['saml.assertion.subject']} tried to access without operations account or profile")
|
|
response.setResult('error');
|
|
return
|
|
}
|
|
|
|
response.setSessionAttribute('operationsExtId', notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId'])
|
|
|
|
// we take the first one, if there is no profile in the operations unit
|
|
def unitAndProfileExtidPar = notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId']
|
|
.split(',').find{pairstr -> pairstr.split("\\\\")[1] == "${var.operations-unitExtId}" }
|
|
?: notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserProfileExtId'].split(',')[0]
|
|
|
|
if (! unitAndProfileExtidPar.contains('${var.operations-unitExtId}') )
|
|
{
|
|
LOG.info("[OPACCESS] User ${notes['saml.assertion.subject']} with opaccount ${notes['saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/operationsUserExtId']} has no operations profile, we use the first one")
|
|
}
|
|
|
|
response.setSessionAttribute('operationsProfileExtId', unitAndProfileExtidPar.split("\\\\")[0])
|
|
response.setResult('ok');
|
|
|
|
} catch(Exception ex) {
|
|
LOG.warn("Exception in selectProfile groovy script: " + ex)
|
|
response.setResult('error');
|
|
}
|