nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-01-22 17:32:59 +00:00
parent 6889d81ccb
commit bc5a108481
4 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-c58cc47a5227560a26f98d3aa610b057d4a540ac" tag: "r-ca9c333b8eea500c04c843bc438a729cab8a92ee"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy
View File

@ -211,7 +211,7 @@ try {
if (recoveryRoleList.contains('recoveryCascade')) { if (recoveryRoleList.contains('recoveryCascade')) {
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade') session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
} else { } else {
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade') session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
} }
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown') session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' ) session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -960,7 +960,7 @@
<!-- source: pattern://d1298ac82e8bab66583d5571 --> <!-- source: pattern://d1298ac82e8bab66583d5571 -->
<property name="condition:timeout" value="#{ (inargs.containsKey('authRequestId') and inargs.getProperty('authRequestId') != sess.get('ch.nevis.auth.saml.request.id')) ? 'TIMEOUT' : '' }==TIMEOUT"/> <property name="condition:timeout" value="#{ (inargs.containsKey('authRequestId') and inargs.getProperty('authRequestId') != sess.get('ch.nevis.auth.saml.request.id')) ? 'TIMEOUT' : '' }==TIMEOUT"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true"> <AuthState name="Auth_Realm_Main_IDP_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="false">
<!-- source: pattern://1d38203c48e017b5b3812385 --> <!-- source: pattern://1d38203c48e017b5b3812385 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Recovery_redirectAgovMe"/> <ResultCond name="ok" next="Auth_Realm_Main_IDP_Recovery_redirectAgovMe"/>
<!-- source: pattern://1d38203c48e017b5b3812385 --> <!-- source: pattern://1d38203c48e017b5b3812385 -->
@ -2166,7 +2166,7 @@
<!-- source: pattern://9a1d3c6052019748d3510261 --> <!-- source: pattern://9a1d3c6052019748d3510261 -->
<property name="recreateIfExists" value="true"/> <property name="recreateIfExists" value="true"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true"> <AuthState name="Auth_Realm_Recovery_Recovery_ongoing" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="false">
<!-- source: pattern://1d38203c48e017b5b3812385 --> <!-- source: pattern://1d38203c48e017b5b3812385 -->
<ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_redirectAgovMe"/> <ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_redirectAgovMe"/>
<!-- source: pattern://1d38203c48e017b5b3812385 --> <!-- source: pattern://1d38203c48e017b5b3812385 -->

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-processing.groovy
View File

@ -164,6 +164,8 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' } def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' }
def hasRecoveryCascadeRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recoveryCascade' }
def hasNewLoginFactor = hasRecoveryRole && userHasNewLoginFactor() def hasNewLoginFactor = hasRecoveryRole && userHasNewLoginFactor()
if (mustRecover) { if (mustRecover) {
@ -176,6 +178,8 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
agovAqValidFrom = getUserMustRecoverValidFrom() agovAqValidFrom = getUserMustRecoverValidFrom()
maxLoi = getAqLevelBasedOnIdVerificationForRecovery(idVerification, maxLoi) maxLoi = getAqLevelBasedOnIdVerificationForRecovery(idVerification, maxLoi)
} else if (hasRecoveryCascadeRole && hasNewLoginFactor) {
response.setSessionAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
} }
LOG.debug("Recovery: MaxLoi is '${maxLoi}'") LOG.debug("Recovery: MaxLoi is '${maxLoi}'")