From 2cf37a123e8c620d11cfda7c59ef6f0841a0e8f5 Mon Sep 17 00:00:00 2001
From: aca <aca>
Date: Mon, 2 Jun 2025 14:22:50 +0000
Subject: [PATCH] new configuration version

---
 ...k8s-nevisauth-7022472ae407577ae604bbb8.yaml |  2 +-
 .../conf/SendSamlResponseWithAssertion.groovy  | 18 ++++++++++++++----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
index 3e4a51b..fe84fae 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-cb437c21eb02a6e831659425531e5e7d23e487bb"
+    tag: "r-600995cbc553d18c54c86ca5293768f8370bb7da"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
index fa9deae..732eb14 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
@@ -1,3 +1,12 @@
+import java.time.Duration
+
+// authentication cookie map
+def AUTHENTICATON_URN_TO_COOKIE_MAPPER = [
+		'urn:qa.agov.ch:names:tc:authfactor:accessapp'  :     'accessApp',
+        'urn:qa.agov.ch:names:tc:authfactor:fido'       :     'securityKey',
+		'urn:qa.agov.ch:names:tc:authfactor:eid'        :     'eid'  
+]
+
 // Accounting
 def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
 def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
@@ -10,10 +19,9 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
 
 LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
-// BUNDBITBK-4824: Address was missing after bmid verification
-
-
 def session = request.getAuthSession(true)
+
+// BUNDBITBK-4824: Address was missing after bmid verification
 def loa_str = session.get('agov.actualRoleLevel')
 
 if(loa_str){
@@ -30,7 +38,9 @@ if(loa_str){
     }
 }
 
-// BUNDBITBK-4824 END
+// BUNDBITBK-5005: Set cookie to remember the last authentication method
+response.setCookie("loa", AUTHENTICATON_URN_TO_COOKIE_MAPPER[session.getAttribute('authenticatedWith')], "/", parameters.get('cookie.domain'), Duration.ofDays(7), true, true)
+
 
 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"