diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
index 420f942..bef9106 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-28e22366b5275caf004643b5b80134140fa1fd6d"
+ tag: "r-beaf79e44e7ba37c49fe5e4cd4ac1aa2d15208e2"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
index 4572e29..680791c 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
@@ -13,7 +13,7 @@ LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${request
// delete the login cookie
def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
-response.setHeader('Set-Cookie2', agovLoginCookie)
+response.setHeader('Set-Cookie', agovLoginCookie)
response.setResult('ok')
return
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
index 64194fa..2450fe9 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
@@ -3,8 +3,6 @@ import ch.nevis.idm.client.IdmRestClient
import ch.nevis.idm.client.IdmRestClientFactory
import ch.nevis.idm.client.HTTPRequestWrapper
-import java.time.Duration
-
import groovy.json.JsonSlurper
import groovy.xml.XmlSlurper
@@ -51,11 +49,12 @@ if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && ina
// no mobile, and user wants to skip it
LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
-
- response.setCookie("testcookie", "testvalue", "/path", "Thu, 01 Jan 2025 00:00:00 GMT",
- Duration.ofDays(1), true, false);
- def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=86400; SameSite=Strict; Secure; HttpOnly"
- response.setHeader('Set-Cookie', agovSkipAskingMobileCookie)
+
+ // persistent cookie for 30d;
+ def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
+ // setHeader doesn't support multiple headers with the same name, so we use
+ // a different one, and rewrite it in the proxy with Lua
+ response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
response.setResult('done')
return
}
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
index 19dcde7..4ff9cc6 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
@@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-be07db7d106d7437ffe94f8044ae723f7acf4b7c"
+ tag: "r-beaf79e44e7ba37c49fe5e4cd4ac1aa2d15208e2"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/idp_responseheader_post_processing.lua b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/idp_responseheader_post_processing.lua
new file mode 100644
index 0000000..aa243d3
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/idp_responseheader_post_processing.lua
@@ -0,0 +1,12 @@
+function outputHeader(request, response)
+ trace = request:getTracer()
+
+ -- rename Set-Cookie2 header
+ local setCookieHeader = response:getHeader("Set-Cookie2")
+ if (setCookieHeader ~= nil) then
+ trace:debug("Set a new cookie: " .. setCookieHeader)
+ response:addHeader("Set-Cookie", setCookieHeader)
+ response:removeHeader("Set-Cookie2")
+ end
+
+end
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
index c27c76b..c473e8d 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -532,6 +532,21 @@
outputHeader
+
+
+ Lua_IdP_ResponseHeader_Post_Processing
+ ch::nevis::isiweb4::filter::lua::LuaFilter
+
+
+ Script.OutputHeaderFunctionName
+ outputHeader
+
+
+
+ Script.Path
+ /var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/idp_responseheader_post_processing.lua
+
+
Lua_Lua_HTTP_Processing_terminate_session
@@ -993,6 +1008,11 @@
Lua_CSP_Security_Response_Headers
/*
+
+
+ Lua_IdP_ResponseHeader_Post_Processing
+ /*
+
ResponseHeader_Base_Security_Response_Headers