nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-11-28 17:26:56 +00:00
parent bbc82e8ff1
commit e1b78f9bb9
6 changed files with 41 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-28e22366b5275caf004643b5b80134140fa1fd6d" tag: "r-beaf79e44e7ba37c49fe5e4cd4ac1aa2d15208e2"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy
View File

@ -13,7 +13,7 @@ LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${request
// delete the login cookie // delete the login cookie
def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly" def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
response.setHeader('Set-Cookie2', agovLoginCookie) response.setHeader('Set-Cookie', agovLoginCookie)
response.setResult('ok') response.setResult('ok')
return return

11
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
View File

@ -3,8 +3,6 @@ import ch.nevis.idm.client.IdmRestClient
import ch.nevis.idm.client.IdmRestClientFactory import ch.nevis.idm.client.IdmRestClientFactory
import ch.nevis.idm.client.HTTPRequestWrapper import ch.nevis.idm.client.HTTPRequestWrapper
import java.time.Duration
import groovy.json.JsonSlurper import groovy.json.JsonSlurper
import groovy.xml.XmlSlurper import groovy.xml.XmlSlurper
@ -52,10 +50,11 @@ if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && ina
LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'") LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
response.setCookie("testcookie", "testvalue", "/path", "Thu, 01 Jan 2025 00:00:00 GMT", // persistent cookie for 30d;
Duration.ofDays(1), true, false); def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=86400; SameSite=Strict; Secure; HttpOnly" // setHeader doesn't support multiple headers with the same name, so we use
response.setHeader('Set-Cookie', agovSkipAskingMobileCookie) // a different one, and rewrite it in the proxy with Lua
response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
response.setResult('done') response.setResult('done')
return return
} }

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-be07db7d106d7437ffe94f8044ae723f7acf4b7c" tag: "r-beaf79e44e7ba37c49fe5e4cd4ac1aa2d15208e2"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

12
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/idp_responseheader_post_processing.lua Normal file
View File

@ -0,0 +1,12 @@
function outputHeader(request, response)
trace = request:getTracer()
-- rename Set-Cookie2 header
local setCookieHeader = response:getHeader("Set-Cookie2")
if (setCookieHeader ~= nil) then
trace:debug("Set a new cookie: " .. setCookieHeader)
response:addHeader("Set-Cookie", setCookieHeader)
response:removeHeader("Set-Cookie2")
end
end

20
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -532,6 +532,21 @@
<param-value>outputHeader</param-value> <param-value>outputHeader</param-value>
</init-param> </init-param>
</filter> </filter>
<!-- source: pattern://4f6692a69e4f33c8ed4c145f -->
<filter>
<filter-name>Lua_IdP_ResponseHeader_Post_Processing</filter-name>
<filter-class>ch::nevis::isiweb4::filter::lua::LuaFilter</filter-class>
<!-- source: pattern://4f6692a69e4f33c8ed4c145f -->
<init-param>
<param-name>Script.OutputHeaderFunctionName</param-name>
<param-value>outputHeader</param-value>
</init-param>
<!-- source: pattern://4f6692a69e4f33c8ed4c145f -->
<init-param>
<param-name>Script.Path</param-name>
<param-value>/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/idp_responseheader_post_processing.lua</param-value>
</init-param>
</filter>
<!-- source: pattern://64f16c5d4c99eff0acbc8fdf --> <!-- source: pattern://64f16c5d4c99eff0acbc8fdf -->
<filter> <filter>
<filter-name>Lua_Lua_HTTP_Processing_terminate_session</filter-name> <filter-name>Lua_Lua_HTTP_Processing_terminate_session</filter-name>
@ -993,6 +1008,11 @@
<filter-name>Lua_CSP_Security_Response_Headers</filter-name> <filter-name>Lua_CSP_Security_Response_Headers</filter-name>
<url-pattern>/*</url-pattern> <url-pattern>/*</url-pattern>
</filter-mapping> </filter-mapping>
<!-- source: pattern://4f6692a69e4f33c8ed4c145f -->
<filter-mapping>
<filter-name>Lua_IdP_ResponseHeader_Post_Processing</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- source: pattern://0d3511bed6798a78cc3237f6 --> <!-- source: pattern://0d3511bed6798a78cc3237f6 -->
<filter-mapping> <filter-mapping>
<filter-name>ResponseHeader_Base_Security_Response_Headers</filter-name> <filter-name>ResponseHeader_Base_Security_Response_Headers</filter-name>