new configuration version

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml

@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-a42d028a31e525195a4836e6364a21cb0ad6f04e"
+    tag: "r-68680b2182672bd8a81d786c163e95b91fb89a64"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_verification_auth.groovy

@@ -1,4 +1,5 @@
 import groovy.json.JsonSlurper
+
 import ch.nevis.esauth.auth.engine.AuthResponse
 import ch.nevis.esauth.util.httpclient.api.HttpClient
 
@@ -127,6 +128,22 @@ def verification_request_template = '''
 }
 '''
 
+def ERROR_CODE_TO_STATUS_MAPPER = [
+	'CREDENTIAL_INVALID': 'FAILED',
+	'JWT_EXPIRED': 'ERROR',
+	'INVALID_FORMAT': 'ERROR',
+	'CREDENTIAL_EXPIRED': 'FAILED',
+	'MISSING_NONCE': 'ERROR',
+	'UNSUPPORTED_FORMAT': 'ERROR',
+	'CREDENTIAL_REVOKED': 'FAILED',
+	'CREDENTIAL_SUSPENDED': 'FAILED',
+	'HOLDER_BINDING_MISMATCH': 'ERROR',
+	'CREDENTIAL_MISSING_DATA': 'FAILED',
+	'UNRESOLVABLE_STATUS_LIST': 'ERROR',
+	'PUBLIC_KEY_OF_ISSUER_UNRESOLVABLE': 'ERROR',
+	'CLIENT_REJECTED': 'CANCELED',
+	'ISSUER_NOT_ACCEPTED' : 'ERROR'
+]
 
 // ---------------
 // check, whether we are still processing the correct AuthnRequest
@@ -163,6 +180,7 @@ def spanCtxt = Span.current().getSpanContext()
 def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
 
 if (!session['agov.eid.verification']) {
+	// Initialize the verification session on the verifier
     def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications"
 
 	try {
@@ -203,9 +221,15 @@ if (!session['agov.eid.verification']) {
 }
 
 if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.v')) {
-	try {
+	// request for a status update from the verifier
+	def result
 
-        def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${inargs['o.id.v']}"
+	// TODO/haburger/2025-03-24: we should make sure, that we have an actual session on the verifier with id.v
+	// and that authRequestId is correct
+	def idvalue = ( !inargs['o.id.v'] || inargs['o.id.v'] == 'NEW' ) ? session['agov.eid.verification.id'] : inargs['o.id.v']
+
+	try {
+		def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${idvalue}"
 
 		def httpResponse = Http.get()
 			.url(endPoint)
@@ -214,37 +238,91 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
 			.build()
 			.send(httpClient)
 
-
 		if (httpResponse.code() != 200) {
+			// TODO/haburger/2025-03-25: 404 we should create a new verification request
             LOG.debug("Result: ${httpResponse}")
-			response.setResult('error')
+			result = """{
-			return
+				"oid4vp": {
+					"status": "ERROR",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "HTTP-ERROR",
+					"error_message": "failed to verify status of verification ${idvalue}, http status: ${httpResponse.code()}"
+				}}"""
+			LOG.warn("<== Response: ${responseCode}")
 		}
 
 		def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
 
         if (json.state == 'SUCCESS') {
-            sesss.setAttribute('ch.nevis.idm.User.firstName', json.wallet_response.given_name)
+			def claims = json.wallet_response.credential_subject_data
-            sesss.setAttribute('ch.nevis.idm.User.lastName', json.wallet_response.family_name)
-            sesss.setAttribute('ch.nevis.idm.User.birthDate', json.wallet_response.birth_date)
-            sesss.setAttribute('ch.nevis.idm.User.gender', json.wallet_response.sex)
-            sesss.setAttribute('ch.nevis.idm.User.prop.svnr', json.wallet_response.personal_administrative_number)
-            sesss.setAttribute('ch.nevis.idm.User.prop.placeOfBirth', json.wallet_response.birth_place)
-            sesss.setAttribute('ch.nevis.idm.User.prop.eIdNumber', json.wallet_response.personal_administrative_number)
-            sesss.setAttribute('ch.nevis.idm.User.prop.nationality', json.wallet_response.nationality)
-            sesss.setAttribute('ValidFrom', json.wallet_response.issuance_date)
-            sesss.setAttribute('ValidTo', json.wallet_response.expiry_date)
-            sesss.setAttribute('authenticatedWith', "EID")
 
-        }
+			// TODO/haburger/2025-03-25: format changes to align with IDM read data
+            sess.setAttribute('ch.nevis.idm.User.firstName', claims.given_name)
+            sess.setAttribute('ch.nevis.idm.User.lastName', claims.family_name)
+            sess.setAttribute('ch.nevis.idm.User.birthDate', claims.birth_date)
+            sess.setAttribute('ch.nevis.idm.User.gender', claims.sex)
+            sess.setAttribute('ch.nevis.idm.User.prop.svnr', claims.personal_administrative_number)
+            sess.setAttribute('ch.nevis.idm.User.prop.placeOfBirth', claims.birth_place)
+            sess.setAttribute('ch.nevis.idm.User.prop.eIdNumber', claims.personal_administrative_number)
+            sess.setAttribute('ch.nevis.idm.User.prop.nationality', claims.nationality.toString())
+            sess.setAttribute('ValidFrom', claims.issuance_date)
+            sess.setAttribute('ValidTo', claims.expiry_date)
+            sess.setAttribute('authenticatedWith', "urn:qa.agov.ch:names:tc:authfactor:eid")
+			sess.setAttribute('idVerification', "Eid")
+			sess.setAttribute('contextClassRefToSet', "urn:qa.agov.ch:names:tc:ac:classes:600")
 
+			response.setUserId(claims.personal_administrative_number)
+			response.setLoginId(claims.document_number)
+			response.setAuthLevel("EID")
 
+			result = """{
+				"oid4vp": {
+					"status": "SUCCEEDED",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "NONE"
+				}}"""
+        } else if (json.state == 'FAILED') {
+			// TODO/haburger/2025-03-25: ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] == 'FAILED' we should
+			//  initiate a new verification and return the new id, url together with the message
+
+			LOG.error("Eid verification failed: ${json.wallet_response.error_code} (${json.wallet_response.error_description})")
+			result = """{
+				"oid4vp": {
+					"status": "${ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] ?: 'ERROR'}",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "${json.wallet_response.error_code}",
+					"error_message": "${json.wallet_response.error_description}"
+				}}"""
+		} else {
+			result = """{
+				"oid4vp": {
+					"status": "${inargs['o.id.v'] == 'NEW' ? 'INITIATED' : 'PENDING'}",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "NONE"
+				}}"""
+		}
 	} catch(Exception e) {
-		LOG.error("Eid verification failed: $e")
+		LOG.error("Eid verification failed: ${e}")
-		response.setResult('error')
+		result = """{
-		return
+				"oid4vp": {
+					"status": "ERROR",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "HTTP-ERROR",
+					"error_message": "failed to verify status of verification ${idvalue}, http exception"
+				}}"""
 	}
 
+	response.setContent(result.toString())
+	response.setContentType('application/json')
+	response.setHttpStatusCode(200)
+	response.setIsDirectResponse(true)
+	response.setStatus(AuthResponse.AUTH_CONTINUE)
+	return
 }
 
 // if we reach this place, display GUI

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml

@@ -44,7 +44,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-a42d028a31e525195a4836e6364a21cb0ad6f04e"
+    tag: "r-68680b2182672bd8a81d786c163e95b91fb89a64"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm

@@ -3,7 +3,7 @@
 			$text.get("footer.text")
 			<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
 		</div>
-		<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+		<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 	</footer>
 	<script src="${login.appDataPath}/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm

@@ -3,7 +3,7 @@
 			$text.get("footer.text")
 			<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
 		</div>
-		<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+		<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 	</footer>
 	<script src="${login.appDataPath}/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml

@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-a42d028a31e525195a4836e6364a21cb0ad6f04e"
+    tag: "r-68680b2182672bd8a81d786c163e95b91fb89a64"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
     credentials: "git-credentials"
   keystores:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html

@@ -63,7 +63,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+	<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html

@@ -60,7 +60,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+	<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html

@@ -61,7 +61,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+	<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html

@@ -62,7 +62,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+	<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html

@@ -64,7 +64,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+	<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 </footer>
 </body>
 <script src="/resources/static/bundle.js"></script>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html

@@ -66,7 +66,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+	<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html

@@ -63,7 +63,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
+	<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>