new configuration version
This commit is contained in:
haburger
parent
621e042c05
commit
6889d81ccb
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-3661d1b94c95cb7ba123e574390d8dbaaed8e7a2"
|
||||
tag: "r-c58cc47a5227560a26f98d3aa610b057d4a540ac"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -185,42 +185,46 @@ try {
|
|||
}
|
||||
|
||||
// no login for users with a recovery role
|
||||
for (String role : getUserAGOVRecoveryRoles()) {
|
||||
if (role == 'mustRecover') {
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
|
||||
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' )
|
||||
def recoveryRoleList = getUserAGOVRecoveryRoles()
|
||||
|
||||
if (recoveryRoleList.contains('mustRecover')) {
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
|
||||
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' )
|
||||
|
||||
def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
|
||||
def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
|
||||
def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
|
||||
session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
|
||||
|
||||
def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
|
||||
session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
|
||||
// align currentAgovAq with the method selected for idVerification
|
||||
def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
|
||||
session.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
|
||||
|
||||
// align currentAgovAq with the method selected for idVerification
|
||||
def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
|
||||
session.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
|
||||
def validFrom = getUserMustRecoverValidFrom() ?: ''
|
||||
session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom )
|
||||
|
||||
def validFrom = getUserMustRecoverValidFrom() ?: ''
|
||||
session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom )
|
||||
LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
|
||||
|
||||
LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
|
||||
response.setResult('exit.2')
|
||||
return
|
||||
|
||||
response.setResult('exit.2')
|
||||
return
|
||||
} else if (recoveryRoleList.contains('recovery')) {
|
||||
if (recoveryRoleList.contains('recoveryCascade')) {
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
|
||||
} else {
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
|
||||
}
|
||||
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
|
||||
session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
|
||||
LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
|
||||
def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
|
||||
session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
|
||||
def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
|
||||
session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom)
|
||||
|
||||
} else if (role == 'recovery') {
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
|
||||
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
|
||||
session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
|
||||
LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
|
||||
def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
|
||||
session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
|
||||
def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
|
||||
session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom)
|
||||
response.setResult('exit.2')
|
||||
return
|
||||
}
|
||||
|
||||
response.setResult('exit.2')
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if (highestRoleLevelNumber>=requestedRoleLevelNumber) {
|
||||
|
||||
|
|
|
|||
|
|
@ -1673,7 +1673,7 @@
|
|||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
|
||||
<!-- source: pattern://584964c837512845d7940809 -->
|
||||
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_handleCode"/>
|
||||
<ResultCond name="doCancel" next="Auth_Realm_Recovery_Recovery_handleCode"/>
|
||||
<!-- source: pattern://584964c837512845d7940809 -->
|
||||
<ResultCond name="loginFactorNo" next="Auth_Realm_Recovery_Recovery_Auth_reasonSelection"/>
|
||||
<!-- source: pattern://584964c837512845d7940809 -->
|
||||
|
|
@ -1805,7 +1805,7 @@
|
|||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_reasonSelection" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
|
||||
<!-- source: pattern://584964c837512845d7940809 -->
|
||||
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
|
||||
<ResultCond name="doCancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
|
||||
<!-- source: pattern://584964c837512845d7940809 -->
|
||||
<ResultCond name="invalidReasons" next="Auth_Realm_Recovery_Recovery_Auth_noRecovery"/>
|
||||
<!-- source: pattern://584964c837512845d7940809 -->
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
|
|||
def s = request.getAuthSession(true)
|
||||
s.removeAttribute('agov.recovery.moreThanOneLf')
|
||||
|
||||
response.setResult('cancel')
|
||||
response.setResult('doCancel')
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
|
|||
s.removeAttribute('agov.recovery.moreThanOneLf')
|
||||
s.removeAttribute('agov.recovery.reason')
|
||||
|
||||
response.setResult('cancel')
|
||||
response.setResult('doCancel')
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue