new configuration version
This commit is contained in:
haburger
parent
bf881d7071
commit
4c5e30e1b9
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec"
|
||||
tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -98,9 +98,11 @@ if (path == '/nevisfido/fido2/attestation/options') {
|
|||
}
|
||||
post(connection, json)
|
||||
def responseCode = connection.responseCode
|
||||
def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
|
||||
def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
|
||||
|
||||
// non existing account, or account without FIDO2 key case
|
||||
if (responseCode == 404 || responseCode == 400) {
|
||||
// non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
|
||||
if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
|
||||
|
||||
LOG.debug("Fido2Auth: <== Response: ${responseCode}")
|
||||
|
||||
|
|
@ -113,8 +115,15 @@ if (path == '/nevisfido/fido2/attestation/options') {
|
|||
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
|
||||
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
|
||||
def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
|
||||
def details = "no account (404)"
|
||||
if (responseCode == 400 ) {
|
||||
details = "no fido2 keys for account (400)"
|
||||
} else if (responseCode == 200) {
|
||||
details = "no active fido2 key for account (200, empty allowCredentials array)"
|
||||
}
|
||||
|
||||
LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||
LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
|
||||
|
||||
// returning a fake options structure, which shouldn't leak whether the user account exists or not
|
||||
// keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
|
||||
def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
|
||||
|
|
@ -140,7 +149,6 @@ if (path == '/nevisfido/fido2/attestation/options') {
|
|||
return
|
||||
}
|
||||
|
||||
def responseText = connection.inputStream.text
|
||||
LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
|
||||
response.setContent(responseText) // return response from nevisFIDO "as-is"
|
||||
response.setContentType('application/json')
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec"
|
||||
tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
|
||||
credentials: "git-credentials"
|
||||
podSecurity:
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
$text.get("footer.text")
|
||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||
</div>
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
$text.get("footer.text")
|
||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||
</div>
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec"
|
||||
tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.2578-20250127T115900Z</p>
|
||||
<p>1.8.x.2598-20250129T202245Z</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
Loading…
Reference in New Issue