nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-01-08 14:50:13 +00:00
parent b37f10612d
commit 0621111d2a
3 changed files with 55 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-25606babd85f4c8c0457d235e67672ec96405ebf" tag: "r-74652635df557afe285bd6c9b53c946dd0556fdf"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

69
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -1813,7 +1813,7 @@
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="invalidReasons" next="Auth_Realm_Recovery_Recovery_Auth_noRecovery"/> <ResultCond name="invalidReasons" next="Auth_Realm_Recovery_Recovery_Auth_noRecovery"/>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="validReasons" next="Auth_Realm_Recovery_Recovery_Auth_instructions"/> <ResultCond name="validReasons" next="Auth_Realm_Recovery_Recovery_Auth_saveReason"/>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<Response value="AUTH_CONTINUE"> <Response value="AUTH_CONTINUE">
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
@ -1823,11 +1823,13 @@
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/> <GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="reason" type="hidden" value="None" optional="true"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="question" type="hidden" value="${inargs:continue}" optional="true"/> <GuiElem name="question" type="hidden" value="${inargs:continue}" optional="true"/>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/> <GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/> <GuiElem name="continue" type="submit" label="submit.button.label" value="submit"/>
</Gui> </Gui>
</Response> </Response>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
@ -1920,29 +1922,13 @@
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:cancel" value="${inargs:cancel}==cancel"/> <property name="condition:cancel" value="${inargs:cancel}==cancel"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_instructions" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true"> <AuthState name="Auth_Realm_Recovery_Recovery_Auth_saveReason" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/> <ResultCond name="default" next="Auth_Realm_Recovery_Recovery_Auth_instructions"/>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="continue" next="Auth_Realm_Recovery_Recovery_Auth_enterEmail"/> <Response value="AUTH_CONTINUE"/>
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<Response value="AUTH_CONTINUE"> <property name="sess:agov.recovery.reason" value="${inargs:reason}"/>
<!-- source: pattern://584964c837512845d7940809 -->
<Gui name="recovery_questionnaire_instructions">
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:continue" value="${inargs:continue}==continue"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_sendEmail031" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false"> <AuthState name="Auth_Realm_Recovery_Recovery_sendEmail031" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://9f443ce76f9522dfae4c3aa0 --> <!-- source: pattern://9f443ce76f9522dfae4c3aa0 -->
@ -2032,6 +2018,30 @@
<!-- source: pattern://584964c837512845d7940809 --> <!-- source: pattern://584964c837512845d7940809 -->
<property name="detaillevel.credential" value="HIGH"/> <property name="detaillevel.credential" value="HIGH"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_instructions" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="continue" next="Auth_Realm_Recovery_Recovery_Auth_enterEmail"/>
<!-- source: pattern://584964c837512845d7940809 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://584964c837512845d7940809 -->
<Gui name="recovery_questionnaire_instructions">
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:continue" value="${inargs:continue}==continue"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Auth_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false"> <AuthState name="Auth_Realm_Recovery_Auth_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://473f9d6b4ab9d61c1eb8c689 --> <!-- source: pattern://473f9d6b4ab9d61c1eb8c689 -->
<Response value="AUTH_ERROR"> <Response value="AUTH_ERROR">
@ -2142,7 +2152,7 @@
<!-- source: pattern://9a1d3c6052019748d3510261 --> <!-- source: pattern://9a1d3c6052019748d3510261 -->
<ResultCond name="failed" next="Auth_Realm_Recovery_Recovery_emailSent_screen"/> <ResultCond name="failed" next="Auth_Realm_Recovery_Recovery_emailSent_screen"/>
<!-- source: pattern://9a1d3c6052019748d3510261 --> <!-- source: pattern://9a1d3c6052019748d3510261 -->
<ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_emailSent_screen"/> <ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_createURLTicket_logReason"/>
<!-- source: pattern://9a1d3c6052019748d3510261 --> <!-- source: pattern://9a1d3c6052019748d3510261 -->
<Response value="AUTH_CONTINUE"> <Response value="AUTH_CONTINUE">
<!-- source: pattern://9a1d3c6052019748d3510261 --> <!-- source: pattern://9a1d3c6052019748d3510261 -->
@ -2243,6 +2253,19 @@
<!-- source: pattern://c1c0941f54cc36340578ff5f --> <!-- source: pattern://c1c0941f54cc36340578ff5f -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/Recovery_getCredentials.groovy"/> <property name="script" value="file:///var/opt/nevisauth/default/conf/Recovery_getCredentials.groovy"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_createURLTicket_logReason" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://9a1d3c6052019748d3510261 -->
<ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_emailSent_screen"/>
<!-- source: pattern://9a1d3c6052019748d3510261 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://9a1d3c6052019748d3510261 -->
<Gui name="not_used"/>
</Response>
<!-- source: pattern://9a1d3c6052019748d3510261 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://9a1d3c6052019748d3510261 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/logRecoveryReason.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_redirectAgovMe" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="false"> <AuthState name="Auth_Realm_Recovery_Recovery_redirectAgovMe" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="false">
<!-- source: pattern://6061abea33a234fad73897b7 --> <!-- source: pattern://6061abea33a234fad73897b7 -->
<ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_redirectAgovMe_Handle_Redirect"/> <ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_redirectAgovMe_Handle_Redirect"/>

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logRecoveryReason.groovy Normal file
View File

@ -0,0 +1,8 @@
def requester = 'unknown'
def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
def reason = session['agov.recovery.reason'] ?: 'unknown'
LOG.info("Event='RECOVERY-REASON', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', Reason='${reason}'")