nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-02-03 16:04:10 +00:00
parent bf881d7071
commit 009eed2b3c
13 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec" tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

16
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy
View File

@ -98,9 +98,11 @@ if (path == '/nevisfido/fido2/attestation/options') {
} }
post(connection, json) post(connection, json)
def responseCode = connection.responseCode def responseCode = connection.responseCode
def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
// non existing account, or account without FIDO2 key case // non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
if (responseCode == 404 || responseCode == 400) { if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
LOG.debug("Fido2Auth: <== Response: ${responseCode}") LOG.debug("Fido2Auth: <== Response: ${responseCode}")
@ -113,8 +115,15 @@ if (path == '/nevisfido/fido2/attestation/options') {
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000) def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
def details = "no account (404)"
if (responseCode == 400 ) {
details = "no fido2 keys for account (400)"
} else if (responseCode == 200) {
details = "no active fido2 key for account (200, empty allowCredentials array)"
}
LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'") LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
// returning a fake options structure, which shouldn't leak whether the user account exists or not // returning a fake options structure, which shouldn't leak whether the user account exists or not
// keyId is unique per environment and email, fido2SessionId and challenge are renewed each time // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes()) def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
@ -140,7 +149,6 @@ if (path == '/nevisfido/fido2/attestation/options') {
return return
} }
def responseText = connection.inputStream.text
LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}") LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
response.setContent(responseText) // return response from nevisFIDO "as-is" response.setContent(responseText) // return response from nevisFIDO "as-is"
response.setContentType('application/json') response.setContentType('application/json')

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
View File

@ -44,7 +44,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec" tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
credentials: "git-credentials" credentials: "git-credentials"
podSecurity: podSecurity:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text") $text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a> <a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div> </div>
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="${login.appDataPath}/static/bundle.js"></script> <script src="${login.appDataPath}/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text") $text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a> <a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div> </div>
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="${login.appDataPath}/static/bundle.js"></script> <script src="${login.appDataPath}/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec" tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html
View File

@ -63,7 +63,7 @@
</div> </div>
</div> </div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end"> <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="/resources/static/bundle.js"></script> <script src="/resources/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html
View File

@ -60,7 +60,7 @@
</div> </div>
</div> </div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end"> <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="/resources/static/bundle.js"></script> <script src="/resources/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html
View File

@ -61,7 +61,7 @@
</div> </div>
</div> </div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end"> <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="/resources/static/bundle.js"></script> <script src="/resources/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html
View File

@ -62,7 +62,7 @@
</div> </div>
</div> </div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end"> <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="/resources/static/bundle.js"></script> <script src="/resources/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html
View File

@ -59,7 +59,7 @@
</div> </div>
</div> </div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end"> <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="/resources/static/bundle.js"></script> <script src="/resources/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html
View File

@ -66,7 +66,7 @@
</div> </div>
</div> </div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end"> <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="/resources/static/bundle.js"></script> <script src="/resources/static/bundle.js"></script>
</body> </body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html
View File

@ -63,7 +63,7 @@
</div> </div>
</div> </div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end"> <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.x.2578-20250127T115900Z</p> <p>1.8.x.2598-20250129T202245Z</p>
</footer> </footer>
<script src="/resources/static/bundle.js"></script> <script src="/resources/static/bundle.js"></script>
</body> </body>