new configuration version
This commit is contained in:
haburger
parent
6889d81ccb
commit
bc5a108481
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth
etc/nevis
var/opt/nevisauth/default/conf
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-c58cc47a5227560a26f98d3aa610b057d4a540ac"
|
||||
tag: "r-ca9c333b8eea500c04c843bc438a729cab8a92ee"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -211,7 +211,7 @@ try {
|
|||
if (recoveryRoleList.contains('recoveryCascade')) {
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
|
||||
} else {
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
|
||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
|
||||
}
|
||||
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
|
||||
session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
|
||||
|
|
|
|||
|
|
@ -960,7 +960,7 @@
|
|||
<!-- source: pattern://d1298ac82e8bab66583d5571 -->
|
||||
<property name="condition:timeout" value="#{ (inargs.containsKey('authRequestId') and inargs.getProperty('authRequestId') != sess.get('ch.nevis.auth.saml.request.id')) ? 'TIMEOUT' : '' }==TIMEOUT"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
|
||||
<AuthState name="Auth_Realm_Main_IDP_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="false">
|
||||
<!-- source: pattern://1d38203c48e017b5b3812385 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Recovery_redirectAgovMe"/>
|
||||
<!-- source: pattern://1d38203c48e017b5b3812385 -->
|
||||
|
|
@ -2166,7 +2166,7 @@
|
|||
<!-- source: pattern://9a1d3c6052019748d3510261 -->
|
||||
<property name="recreateIfExists" value="true"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Recovery_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
|
||||
<AuthState name="Auth_Realm_Recovery_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="false">
|
||||
<!-- source: pattern://1d38203c48e017b5b3812385 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_redirectAgovMe"/>
|
||||
<!-- source: pattern://1d38203c48e017b5b3812385 -->
|
||||
|
|
|
|||
|
|
@ -164,6 +164,8 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
|
|||
|
||||
def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' }
|
||||
|
||||
def hasRecoveryCascadeRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recoveryCascade' }
|
||||
|
||||
def hasNewLoginFactor = hasRecoveryRole && userHasNewLoginFactor()
|
||||
|
||||
if (mustRecover) {
|
||||
|
|
@ -176,6 +178,8 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
|
|||
agovAqValidFrom = getUserMustRecoverValidFrom()
|
||||
|
||||
maxLoi = getAqLevelBasedOnIdVerificationForRecovery(idVerification, maxLoi)
|
||||
} else if (hasRecoveryCascadeRole && hasNewLoginFactor) {
|
||||
response.setSessionAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
|
||||
}
|
||||
|
||||
LOG.debug("Recovery: MaxLoi is '${maxLoi}'")
|
||||
|
|
|
|||
Loading…
Reference in New Issue