new configuration version

2025-01-23 07:27:16 +00:00 · 2025-01-23 07:27:16 +00:00 · 480cfef2aa
parent e822cec46f
commit 480cfef2aa
2 changed files with 22 additions and 4 deletions
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@ -45,7 +45,7 @@ spec:
  podDisruptionBudget:
    maxUnavailable: "50%"
  git:
-    tag: "r-e1c8fb676d3cb1b89262d9f0a54f74c6fe4b3a00"
+    tag: "r-b14743723ffdec93c57595edef5e2386d20ea798"
    dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
    credentials: "git-credentials"
  keystores:
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy
@ -1,4 +1,22 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
 if (inargs['recovery'] != null && inargs['recovery'] == 'recovery' ) {
-   response.setResult('ok')
-   return
-}
+  // clean up SAML state, to make sure the redirect will really be processed 
+  // IdentityProviderState sets session attributes as follows
+  //   <IDP-State-Name>-session-participants.<SAML-RP-ISSUER> = <ACS-URL>
+  // State name contains the name of the pattern 'Recovery_redirectAgovMe'
+  def s = request.getAuthSession(true)
+  def sessionKeySet = new HashSet(session.keySet()) 
+  sessionKeySet.each { key -> 
+    if ( key ==~ /.*Recovery_redirectAgovMe-session-participants\.*/ ) {
+      LOG.info("Deleted session attribute '${key}'")
+      s.removeAttribute(key)
+    }
+  }
+  response.setResult('ok')
+  return
+}
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return