nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
aca 2025-06-02 14:22:50 +00:00
parent 4a0c909281
commit 2cf37a123e
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-cb437c21eb02a6e831659425531e5e7d23e487bb" tag: "r-600995cbc553d18c54c86ca5293768f8370bb7da"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

18
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
View File

@ -1,3 +1,12 @@
import java.time.Duration
// authentication cookie map
def AUTHENTICATON_URN_TO_COOKIE_MAPPER = [
'urn:qa.agov.ch:names:tc:authfactor:accessapp' : 'accessApp',
'urn:qa.agov.ch:names:tc:authfactor:fido' : 'securityKey',
'urn:qa.agov.ch:names:tc:authfactor:eid' : 'eid'
]
// Accounting // Accounting
def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
@ -10,10 +19,9 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'") LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
// BUNDBITBK-4824: Address was missing after bmid verification
def session = request.getAuthSession(true) def session = request.getAuthSession(true)
// BUNDBITBK-4824: Address was missing after bmid verification
def loa_str = session.get('agov.actualRoleLevel') def loa_str = session.get('agov.actualRoleLevel')
if(loa_str){ if(loa_str){
@ -30,7 +38,9 @@ if(loa_str){
} }
} }
// BUNDBITBK-4824 END // BUNDBITBK-5005: Set cookie to remember the last authentication method
response.setCookie("loa", AUTHENTICATON_URN_TO_COOKIE_MAPPER[session.getAttribute('authenticatedWith')], "/", parameters.get('cookie.domain'), Duration.ofDays(7), true, true)
// delete the login cookie // delete the login cookie
def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly" def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"