nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-11-22 09:03:13 +00:00
parent 61ade11dd3
commit db6eaa6799
3 changed files with 96 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-c4461bfe63af2bfac8b5b204bdb8b9f66d9e392f"
tag: "r-4caccf4cf0af3ba86274f4d1fd247bb9b65d1ed3"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
keystores:

37
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy Normal file
View File

@ -0,0 +1,37 @@
import ch.nevis.esauth.auth.engine.AuthResponse
import ch.nevis.idm.client.IdmRestClient
import ch.nevis.idm.client.IdmRestClientFactory
import ch.nevis.idm.client.HTTPRequestWrapper
import groovy.json.JsonSlurper
import groovy.xml.XmlSlurper
// Accounting
def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
def credentialType = session['authenticatedWith'] ?: 'unknown'
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
String mobile = session.get('ch.nevis.idm.User.mobile')
if (mobile) {
response.setResult('done')
return
}
if (inargs['submit'] && inargs['mobile']) {
// TODO: save the mobile number to IDM
response.setResult('done')
}
// we should ask the user
response.setStatus(AuthResponse.AUTH_CONTINUE)

83
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -90,6 +90,11 @@
<KeyObject name="internal_tls_Truststore" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
</KeyStore>
<!-- source: pattern://bcfe78c02cbe0588528bc3cb -->
<KeyStore name="Ask_Mobile_Number">
<!-- source: pattern://bcfe78c02cbe0588528bc3cb -->
<KeyObject name="TlsTrustStore" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
</KeyStore>
<!-- source: pattern://bcfe78c02cbe0588528bc3cb -->
<KeyStore name="Ensure_Recovery_Code">
<!-- source: pattern://bcfe78c02cbe0588528bc3cb -->
<KeyObject name="TlsTrustStore" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
@ -176,7 +181,7 @@
<Gui name="NotUsed"/>
</Response>
<!-- source: pattern://4c65de021d362462324a3a5f -->
<property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/>
<property name="parameter.cookie.domain" value=".agov-w.azure.adnovum.net"/>
<!-- source: pattern://4c65de021d362462324a3a5f -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://4c65de021d362462324a3a5f -->
@ -389,7 +394,7 @@
<Gui name="NotUsed"/>
</Response>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/>
<property name="parameter.cookie.domain" value=".agov-w.azure.adnovum.net"/>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy"/>
</AuthState>
@ -541,7 +546,7 @@
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://c686c1bdd5355351f7f98cc8 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality"/>
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality,mobile"/>
<!-- source: pattern://c686c1bdd5355351f7f98cc8 -->
<property name="user.properties" value="eIdNumber,placeOfBirth,svnr,nationality"/>
<!-- source: pattern://c686c1bdd5355351f7f98cc8 -->
@ -610,7 +615,7 @@
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="forceDataReload" value="true"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality"/>
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality,mobile"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.properties" value="eIdNumber,placeOfBirth,svnr,nationality"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
@ -728,7 +733,7 @@
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="client.name" value="agov"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality"/>
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality,mobile"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="user.properties" value="eIdNumber,placeOfBirth,svnr,nationality"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
@ -819,11 +824,11 @@
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_CheckLoa"/>
<ResultCond name="done" next="Auth_Realm_Main_IDP_Ask_Mobile_Number"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="encryptCode" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_encryptCode"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_CheckLoa"/>
<ResultCond name="failed" next="Auth_Realm_Main_IDP_Ask_Mobile_Number"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
@ -849,7 +854,47 @@
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ensure_Recovery_Code"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
<property name="parameter.cookie.domain" value=".agov-w.azure.adnovum.net"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ask_Mobile_Number" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_CheckLoa"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<Gui name="ask_mobile_number" label="general.askMobileNumber">
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<GuiElem name="mobile" type="text" optional="true"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<GuiElem name="skip" type="checkbox" value="false" optional="true"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<GuiElem name="submit" type="button" label="continue.button.label" value="submit"/>
</Gui>
</Response>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/askMobileNumber.groovy"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<property name="parameter.idm.baseUrl" value="https://idm:8989/nevisidm/api"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ask_Mobile_Number"/>
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
<property name="parameter.cookie.domain" value=".agov-w.azure.adnovum.net"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_encryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="!${sess:agov.new.recovery.code.cipher}?sess:agov.new.recovery.code.cipher:encrypt-b64" value="${notes:agov.new.recovery.code}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_CheckLoa" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://2cdd910036aa06b102863a4f -->
@ -870,18 +915,6 @@
<!-- source: pattern://2cdd910036aa06b102863a4f -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/checkloa.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_encryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="!${sess:agov.new.recovery.code.cipher}?sess:agov.new.recovery.code.cipher:encrypt-b64" value="${notes:agov.new.recovery.code}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://50b861438e79c2332862d3ca -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
@ -1103,7 +1136,7 @@
<Gui name="not_used"/>
</Response>
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
<property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/>
<property name="parameter.cookie.domain" value=".agov-w.azure.adnovum.net"/>
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
@ -1169,7 +1202,7 @@
<!-- source: pattern://9a8294b080ea769d22924af0 -->
<property name="client.name" value="agov"/>
<!-- source: pattern://9a8294b080ea769d22924af0 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality"/>
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality,mobile"/>
<!-- source: pattern://9a8294b080ea769d22924af0 -->
<property name="user.properties" value="eIdNumber,placeOfBirth,svnr,nationality"/>
<!-- source: pattern://9a8294b080ea769d22924af0 -->
@ -1254,7 +1287,7 @@
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
<property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/>
<property name="parameter.cookie.domain" value=".agov-w.azure.adnovum.net"/>
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/idp_status_check.groovy"/>
</AuthState>
@ -1954,7 +1987,7 @@
<!-- source: pattern://81ae3547acc02160f787a546 -->
<property name="forceDataReload" value="true"/>
<!-- source: pattern://81ae3547acc02160f787a546 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality"/>
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality,mobile"/>
<!-- source: pattern://81ae3547acc02160f787a546 -->
<property name="user.properties" value="eIdNumber,placeOfBirth,svnr,nationality"/>
<!-- source: pattern://81ae3547acc02160f787a546 -->
@ -1991,7 +2024,7 @@
<!-- source: pattern://584964c837512845d7940809 -->
<property name="forceDataReload" value="true"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality"/>
<property name="user.attributes" value="loginId,extId,firstName,name,email,gender,birthDate,language,sex,addressLine1,postalCode,city,country,street,houseNumber,locality,mobile"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="user.properties" value="eIdNumber,placeOfBirth,svnr,nationality"/>
<!-- source: pattern://584964c837512845d7940809 -->