nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-02-03 16:12:41 +00:00
parent 4c5e30e1b9
commit 9fd9da890a
2 changed files with 15 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea" tag: "r-4bb9433bfd44d7e52eeb40e9d46accdaaf0e1dbf"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

34
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy
View File

@ -127,26 +127,20 @@ if (path == '/nevisfido/fido2/attestation/options') {
// returning a fake options structure, which shouldn't leak whether the user account exists or not // returning a fake options structure, which shouldn't leak whether the user account exists or not
// keyId is unique per environment and email, fido2SessionId and challenge are renewed each time // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes()) def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
def responseText = """{"status": "ok", responseText = """{"status": "ok",
"errorMessage": "", "errorMessage": "",
"fido2SessionId": "${UUID.randomUUID()}", "fido2SessionId": "${UUID.randomUUID()}",
"challenge": "${base64url(UUID.randomUUID())}", "challenge": "${base64url(UUID.randomUUID())}",
"timeout": 300000, "timeout": 300000,
"rpId": "${parameters['rpId']}", "rpId": "${parameters['rpId']}",
"allowCredentials": [ "allowCredentials": [
{ {
"type": "public-key", "type": "public-key",
"id": "${base64url(keyId)}", "id": "${base64url(keyId)}",
"transports": [] "transports": []
} }
], ],
"userVerification": "required"}""" "userVerification": "required"}"""
response.setContent(responseText) // return response from nevisFIDO "as-is"
response.setContentType('application/json')
response.setHttpStatusCode(200)
response.setIsDirectResponse(true)
return
} }
LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}") LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")