diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
index 8fab40d..df92bf6 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-409fd32f98389c9644504cf12ed02ff8c84a9d7a"
+ tag: "r-ad7700b35fd4f776a3e64f37dce372a63b90531b"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
database:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
index 578de12..e699e16 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
@@ -950,52 +950,18 @@
-
+
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
+
@@ -1252,6 +1218,100 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy
index 9dd0339..4156a38 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy
@@ -84,6 +84,10 @@ String getAttributeConsumingServiceIndex(String value) {
return getAttribute(value, 'AttributeConsumingServiceIndex')
}
+String getProtocolBinding(String value) {
+ return getAttribute(value, 'ProtocolBinding')
+}
+
def dispatchIssuer(i2s, String issuer, boolean secureMode) {
def result = i2s.get(issuer)
if (result == null) {
@@ -99,7 +103,7 @@ def dispatchIssuer(i2s, String issuer, boolean secureMode) {
result = result + "_secure"
}
response.setResult(result)
- session.put("saml.inbound.issuer", issuer)
+ session.put('saml.inbound.issuer', issuer)
session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message
}
@@ -111,12 +115,15 @@ def dispatchIssuer(i2s, String issuer) {
def dispatchMessage(i2s, String message) {
def issuer = getIssuer(message)
def secureMode = (getAttributeConsumingServiceIndex(message) == '10101')
+ def useArtifact = ('urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' == getProtocolBinding(message))
+
LOG.info("secureMode requested: ${secureMode}")
if (issuer == null) {
LOG.info("No issuer found in incoming SAML message. Giving up.")
}
- session.put("saml.inbound.issuer", issuer)
+ session.put('saml.inbound.issuer', issuer)
+ session.put('agov.idp.use.artifact', '' + useArtifact)
dispatchIssuer(i2s, issuer, secureMode)
}