new configuration version
This commit is contained in:
haburger
parent
290f083292
commit
ed92f6738b
|
|
@ -45,7 +45,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-317ed268556b37656f27fb58fcffd4797cea27e4"
|
tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
|
||||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ def getUserAGOVLoiIdVerification(level) {
|
||||||
// set attibutes from DTO: -> idVerification
|
// set attibutes from DTO: -> idVerification
|
||||||
def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
|
def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
|
||||||
return list.'**'.findAll {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-Loi,level' + level}.collect({ node -> node.value.text()})
|
return list.'**'.findAll {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-Loi,level' + level}.collect({ node -> node.value.text()})
|
||||||
}
|
}
|
||||||
|
|
||||||
def getUserAGOVLoiValidFrom(level) {
|
def getUserAGOVLoiValidFrom(level) {
|
||||||
// set attibutes from DTO: -> validFrom
|
// set attibutes from DTO: -> validFrom
|
||||||
|
|
@ -84,6 +84,9 @@ def getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelN
|
||||||
case 'Counter':
|
case 'Counter':
|
||||||
result = result.concat((highestRoleLevelNumber == 400) ? '400' : '300')
|
result = result.concat((highestRoleLevelNumber == 400) ? '400' : '300')
|
||||||
break
|
break
|
||||||
|
case 'Eid':
|
||||||
|
result = result.concat('400')
|
||||||
|
break
|
||||||
default:
|
default:
|
||||||
LOG.warn("unexpected idVerification for recovery on account: ${idVerification}")
|
LOG.warn("unexpected idVerification for recovery on account: ${idVerification}")
|
||||||
// safest default, should work in any case
|
// safest default, should work in any case
|
||||||
|
|
@ -111,125 +114,64 @@ def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?:
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// beef
|
// beef
|
||||||
def session = request.getAuthSession(true)
|
def s = request.getAuthSession(true)
|
||||||
def highestRoleLevelNumber = 0
|
def highestRoleLevelNumber = 0
|
||||||
def requestedRoleLevelNumber = session.get('agov.requestedRoleLevel').toInteger()
|
|
||||||
def adressVerificationList = getUserAGOVLoiIdVerification('200')
|
if (!session.get('agov.requestedRoleLevel')) {
|
||||||
def adressVerification = 'None'
|
LOG.error("IDP: internal error: agov.requestedRoleLevel not set in session")
|
||||||
if (adressVerificationList && !adressVerificationList.isEmpty()) {
|
response.setResult('error');
|
||||||
adressVerification = adressVerificationList[0]
|
return
|
||||||
}
|
}
|
||||||
|
def requestedRoleLevelNumber = session.get('agov.requestedRoleLevel').toInteger()
|
||||||
|
|
||||||
def authenticationMethod = session.get('authenticatedWith')
|
def authenticationMethod = session.get('authenticatedWith')
|
||||||
|
if (!authenticationMethod) {
|
||||||
LOG.debug('CheckLoa: Requested role level '+ requestedRoleLevelNumber)
|
LOG.error("IDP: internal error: authenticationMethod not set in session")
|
||||||
LOG.debug('CheckLoa: idVerification: ' + getUserAGOVLoiIdVerification())
|
|
||||||
LOG.debug('CheckLoa: adressVerification : ' + adressVerification)
|
|
||||||
|
|
||||||
def idVerificationMethodList = getUserAGOVLoiIdVerification()
|
|
||||||
|
|
||||||
session.setAttribute('idVerification', idVerificationMethodList.isEmpty() ? 'None' : idVerificationMethodList.last())
|
|
||||||
session.setAttribute('agov.adressVerification', '' + adressVerification)
|
|
||||||
|
|
||||||
|
|
||||||
if (requestedRoleLevelNumber == 0) {
|
|
||||||
// AuthnFailed_Zero_RoleLvl
|
|
||||||
response.setResult('error');
|
response.setResult('error');
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if (session.get('ch.adnovum.nevisidm.profileExtId') == '') {
|
// data transformations needed for SAML and OIDC
|
||||||
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
|
||||||
|
|
||||||
session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100')
|
|
||||||
|
|
||||||
// if the account has no profile, we must not return address or svnr
|
|
||||||
session.setAttribute('agov.appAddressRequired', 'false')
|
|
||||||
session.setAttribute('agov.appSvnrAllowed', 'false')
|
|
||||||
|
|
||||||
response.setResult('ok')
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Transform sex to number
|
// Transform sex to number
|
||||||
if(session.get('ch.nevis.idm.User.gender') == 'MALE'){
|
if(session.get('ch.nevis.idm.User.gender') == 'MALE'){
|
||||||
session.setAttribute('ch.nevis.idm.User.gender', '1')
|
s.setAttribute('ch.nevis.idm.User.gender', '1')
|
||||||
}
|
}
|
||||||
if(session.get('ch.nevis.idm.User.gender') == 'FEMALE'){
|
if(session.get('ch.nevis.idm.User.gender') == 'FEMALE'){
|
||||||
session.setAttribute('ch.nevis.idm.User.gender', '2')
|
s.setAttribute('ch.nevis.idm.User.gender', '2')
|
||||||
}
|
}
|
||||||
if(session.get('ch.nevis.idm.User.gender') == 'OTHER'){
|
if(s.get('ch.nevis.idm.User.gender') == 'OTHER'){
|
||||||
session.setAttribute('ch.nevis.idm.User.gender', '3')
|
session.setAttribute('ch.nevis.idm.User.gender', '3')
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String role : getUserAGOVLoiRoles()) {
|
|
||||||
|
// handle accounts qa attributes, and set them in session
|
||||||
|
// account itself, only needed if not authenticated with e-ID
|
||||||
|
if (!'urn:qa.agov.ch:names:tc:authfactor:eid'.equalsIgnoreCase(authenticationMethod)) {
|
||||||
|
def idVerificationList = getUserAGOVLoiIdVerification()
|
||||||
|
def idVerification = 'None'
|
||||||
|
if (idVerificationList && !idVerificationList.isEmpty()) {
|
||||||
|
idVerification = idVerificationList.last()
|
||||||
|
}
|
||||||
|
s.setAttribute('idVerification', idVerification)
|
||||||
|
|
||||||
|
// contextClassRefToSet based on highest level-role assigned to default profile
|
||||||
|
for (String role : getUserAGOVLoiRoles()) {
|
||||||
if (role.startsWith('level')) {
|
if (role.startsWith('level')) {
|
||||||
def roleLevel = role.substring(5)
|
def roleLevel = role.substring(5)
|
||||||
int roleLevelNumber = Integer.parseInt(roleLevel)
|
int roleLevelNumber = Integer.parseInt(roleLevel)
|
||||||
|
|
||||||
if (highestRoleLevelNumber< roleLevelNumber) {
|
|
||||||
highestRoleLevelNumber=roleLevelNumber
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
LOG.debug('CheckLoa: Highest role Level ' + highestRoleLevelNumber.toString() +' contextclassref ' + requestedRoleLevelNumber.toString())
|
|
||||||
LOG.debug('CheckLoa: Compare ' + (highestRoleLevelNumber>=requestedRoleLevelNumber))
|
|
||||||
|
|
||||||
//set attribute Actual Role Level
|
if (highestRoleLevelNumber< roleLevelNumber) {
|
||||||
session.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
|
highestRoleLevelNumber=roleLevelNumber
|
||||||
LOG.debug('CheckLoa: actual role level (agov) '+ highestRoleLevelNumber)
|
}
|
||||||
|
}
|
||||||
if (highestRoleLevelNumber > 0) {
|
|
||||||
// set attribute contextClassRefToSet
|
|
||||||
session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:' .concat(highestRoleLevelNumber.toString()))
|
|
||||||
} else {
|
|
||||||
// by default 100
|
|
||||||
session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:100' )
|
|
||||||
}
|
|
||||||
|
|
||||||
// no login for users with a recovery role
|
|
||||||
def recoveryRoleList = getUserAGOVRecoveryRoles()
|
|
||||||
|
|
||||||
if (recoveryRoleList.contains('mustRecover')) {
|
|
||||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
|
|
||||||
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' )
|
|
||||||
|
|
||||||
def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
|
|
||||||
def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
|
|
||||||
session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
|
|
||||||
|
|
||||||
// align currentAgovAq with the method selected for idVerification
|
|
||||||
def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
|
|
||||||
session.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
|
|
||||||
|
|
||||||
def validFrom = getUserMustRecoverValidFrom() ?: ''
|
|
||||||
session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom )
|
|
||||||
|
|
||||||
LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
|
|
||||||
|
|
||||||
response.setResult('exit.2')
|
|
||||||
return
|
|
||||||
|
|
||||||
} else if (recoveryRoleList.contains('recovery')) {
|
|
||||||
if (recoveryRoleList.contains('recoveryCascade')) {
|
|
||||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
|
|
||||||
} else {
|
|
||||||
session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
|
|
||||||
}
|
}
|
||||||
session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
|
|
||||||
session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
|
|
||||||
LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
|
|
||||||
def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
|
|
||||||
session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
|
|
||||||
def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
|
|
||||||
session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom)
|
|
||||||
|
|
||||||
response.setResult('exit.2')
|
LOG.debug('CheckLoa: Highest role Level ' + highestRoleLevelNumber.toString() +' contextclassref ' + requestedRoleLevelNumber.toString())
|
||||||
return
|
LOG.debug('CheckLoa: Compare ' + (highestRoleLevelNumber>=requestedRoleLevelNumber))
|
||||||
}
|
|
||||||
|
|
||||||
|
//set attribute Actual Role Level
|
||||||
if (highestRoleLevelNumber>=requestedRoleLevelNumber) {
|
s.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
|
||||||
|
LOG.debug('CheckLoa: actual role level (agov) '+ highestRoleLevelNumber)
|
||||||
|
|
||||||
// set attribute ValidFrom and ValidTo (only for higher than 100)
|
// set attribute ValidFrom and ValidTo (only for higher than 100)
|
||||||
if (highestRoleLevelNumber > 100) {
|
if (highestRoleLevelNumber > 100) {
|
||||||
|
|
@ -240,18 +182,97 @@ try {
|
||||||
LOG.debug('CheckLoa: ValidTo :' + validTo)
|
LOG.debug('CheckLoa: ValidTo :' + validTo)
|
||||||
|
|
||||||
if(validFrom != '') {
|
if(validFrom != '') {
|
||||||
session.setAttribute('ValidFrom', '' + validFrom)
|
s.setAttribute('ValidFrom', '' + validFrom)
|
||||||
}
|
}
|
||||||
if(validTo != '') {
|
if(validTo != '') {
|
||||||
session.setAttribute('ValidTo', '' + validTo)
|
s.setAttribute('ValidTo', '' + validTo)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (highestRoleLevelNumber > 0) {
|
||||||
|
// set attribute contextClassRefToSet
|
||||||
|
s.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:' .concat(highestRoleLevelNumber.toString()))
|
||||||
|
} else {
|
||||||
|
// by default 100
|
||||||
|
s.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:100' )
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// address related, needed in any case (also e-ID)
|
||||||
|
def adressVerificationList = getUserAGOVLoiIdVerification('200')
|
||||||
|
def adressVerification = 'None'
|
||||||
|
if (adressVerificationList && !adressVerificationList.isEmpty()) {
|
||||||
|
adressVerification = adressVerificationList[0]
|
||||||
|
}
|
||||||
|
s.setAttribute('agov.adressVerification', '' + adressVerification)
|
||||||
|
|
||||||
|
if (!session.get('ch.adnovum.nevisidm.profileExtId')) {
|
||||||
|
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||||
|
|
||||||
|
// if the account has no profile, we must not return address or svnr
|
||||||
|
s.setAttribute('agov.appAddressRequired', 'false')
|
||||||
|
s.setAttribute('agov.appSvnrAllowed', 'false')
|
||||||
|
|
||||||
response.setResult('ok')
|
response.setResult('ok')
|
||||||
return;
|
return
|
||||||
} else {
|
}
|
||||||
|
|
||||||
|
// no login for users with a recovery role (but onyl when not logging in with e-Id)
|
||||||
|
// TODO/haburger/2025-07-01: automatic recovery if logging in with e-Id
|
||||||
|
if (!'urn:qa.agov.ch:names:tc:authfactor:eid'.equalsIgnoreCase(authenticationMethod)) {
|
||||||
|
// no login for users with a recovery role
|
||||||
|
def recoveryRoleList = getUserAGOVRecoveryRoles()
|
||||||
|
|
||||||
|
if (recoveryRoleList.contains('mustRecover')) {
|
||||||
|
s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
|
||||||
|
s.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' )
|
||||||
|
|
||||||
|
def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
|
||||||
|
def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
|
||||||
|
s.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
|
||||||
|
|
||||||
|
// align currentAgovAq with the method selected for idVerification
|
||||||
|
def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
|
||||||
|
s.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
|
||||||
|
|
||||||
|
def validFrom = getUserMustRecoverValidFrom() ?: ''
|
||||||
|
s.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom )
|
||||||
|
|
||||||
|
LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
|
||||||
|
|
||||||
|
response.setResult('exit.2')
|
||||||
|
return
|
||||||
|
|
||||||
|
} else if (recoveryRoleList.contains('recovery')) {
|
||||||
|
if (recoveryRoleList.contains('recoveryCascade')) {
|
||||||
|
s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
|
||||||
|
} else {
|
||||||
|
s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
|
||||||
|
}
|
||||||
|
s.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
|
||||||
|
s.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
|
||||||
|
LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
|
||||||
|
def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
|
||||||
|
s.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
|
||||||
|
def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
|
||||||
|
s.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom)
|
||||||
|
|
||||||
|
response.setResult('exit.2')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// authenticated with e-ID, we adjust highestRoleLevelNumber to e-ID login
|
||||||
|
highestRoleLevelNumber = 500
|
||||||
|
s.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
|
||||||
|
LOG.debug('CheckLoa: actual role level (agov) '+ highestRoleLevelNumber)
|
||||||
|
}
|
||||||
|
|
||||||
|
// verifiy that AQ level is high enough
|
||||||
|
if (highestRoleLevelNumber>=requestedRoleLevelNumber) {
|
||||||
|
response.setResult('ok')
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
// Insufficient_LoaInfo
|
// Insufficient_LoaInfo
|
||||||
response.setResult('exit.1');
|
response.setResult('exit.1');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='exception occured: ${ex}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='exception occured: ${ex}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@ def compareAndUpdateSessionVariables(sess, keys, isProperty){
|
||||||
return updatedKeys
|
return updatedKeys
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO/haburger/2025-07-01: we should also set the verificationMethod, etc. of the level400 role
|
||||||
String user_update_dto_template = '''
|
String user_update_dto_template = '''
|
||||||
{
|
{
|
||||||
"name": {
|
"name": {
|
||||||
|
|
|
||||||
|
|
@ -33,31 +33,6 @@ def clearEidSession(){
|
||||||
s.removeAttribute('agov.eid.User.origin')
|
s.removeAttribute('agov.eid.User.origin')
|
||||||
}
|
}
|
||||||
|
|
||||||
def updateLoginHistory(idmRestClient, userExtId, credentialExtId) {
|
|
||||||
try {
|
|
||||||
def baseUrl = parameters.get("baseUrl")
|
|
||||||
def clientExtId = parameters.get("clientExtId")
|
|
||||||
def endpoint = "$baseUrl/api/core/v1/$clientExtId/users/$userExtId/login-info"
|
|
||||||
def dto = "{\"success\": true,\"credentialExtId\": \"${credentialExtId}\"}"
|
|
||||||
|
|
||||||
def postRequest = new HTTPRequestWrapper()
|
|
||||||
postRequest.addToHeaders('Content-Type', ['application/json'])
|
|
||||||
postRequest.setPayLoad(dto.getBytes('UTF-8'))
|
|
||||||
postRequest.setPayLoad(dto.getBytes('UTF-8'))
|
|
||||||
|
|
||||||
def result = idmRestClient.postWithResponse(endpoint, postRequest)
|
|
||||||
if (result.getStatusCode() != 200) {
|
|
||||||
// best effort, we log only
|
|
||||||
// TODO/haburger/2025-06-24: context parameters are missing here (also in getAccounts)
|
|
||||||
LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${userExtId}, CredentialType='E-ID Link', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='failed to update login history for credential ${credentialExtId} (http status: ${result.getStatusCode()})'")
|
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
|
||||||
// best effort, we log only
|
|
||||||
// TODO/haburger/2025-06-24: context parameters are missing here (also in getAccounts)
|
|
||||||
LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${userExtId}, CredentialType='E-ID Link', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='failed to update login history for credential ${credentialExtId} (${e})'")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
def getAccounts(json, String svnr) {
|
def getAccounts(json, String svnr) {
|
||||||
def idm_users_dto = json["Resources"]
|
def idm_users_dto = json["Resources"]
|
||||||
def accounts = [:]
|
def accounts = [:]
|
||||||
|
|
@ -126,9 +101,6 @@ if(inargs['submit'] && inargs['login'] && inargs['login'] != ''){
|
||||||
sess.setAttribute('agov.eid.linkingCredentialExtId', account["credentialExtId"])
|
sess.setAttribute('agov.eid.linkingCredentialExtId', account["credentialExtId"])
|
||||||
sess.setAttribute('agov.eid.linkedAccountExtId', account["extId"])
|
sess.setAttribute('agov.eid.linkedAccountExtId', account["extId"])
|
||||||
|
|
||||||
// update login history
|
|
||||||
updateLoginHistory(idmRestClient, account["extId"], account["credentialExtId"])
|
|
||||||
|
|
||||||
if(account["firstLogin"]){
|
if(account["firstLogin"]){
|
||||||
response.setResult('firstLogin')
|
response.setResult('firstLogin')
|
||||||
return
|
return
|
||||||
|
|
@ -206,9 +178,6 @@ try {
|
||||||
sess.setAttribute('agov.eid.linkingCredentialExtId', account["credentialExtId"])
|
sess.setAttribute('agov.eid.linkingCredentialExtId', account["credentialExtId"])
|
||||||
sess.setAttribute('agov.eid.linkedAccountExtId', account["extId"])
|
sess.setAttribute('agov.eid.linkedAccountExtId', account["extId"])
|
||||||
|
|
||||||
// update login history
|
|
||||||
updateLoginHistory(idmRestClient, account["extId"], account["credentialExtId"])
|
|
||||||
|
|
||||||
if(account["firstLogin"]){
|
if(account["firstLogin"]){
|
||||||
response.setResult('firstLogin')
|
response.setResult('firstLogin')
|
||||||
return
|
return
|
||||||
|
|
|
||||||
|
|
@ -1566,7 +1566,7 @@
|
||||||
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
||||||
<ResultCond name="error" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
<ResultCond name="error" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
||||||
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
||||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithAssertion"/>
|
<ResultCond name="ok" next="Auth_Realm_Main_IDP_CheckLoa"/>
|
||||||
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
||||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/eid_update_login_info.groovy"/>
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/eid_update_login_info.groovy"/>
|
||||||
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
<!-- source: pattern://306ce091fd87bad6174d9e8b -->
|
||||||
|
|
@ -1616,6 +1616,25 @@
|
||||||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||||
<property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
|
<property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
|
||||||
</AuthState>
|
</AuthState>
|
||||||
|
<AuthState name="Auth_Realm_Main_IDP_CheckLoa" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<ResultCond name="error" next="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl"/>
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<ResultCond name="exit.1" next="Auth_Realm_Main_IDP_Insufficient_LoaInfo"/>
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<ResultCond name="exit.2" next="Auth_Realm_Main_IDP_Recovery_ongoing"/>
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fetch_Country_Name"/>
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||||
|
</Response>
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||||
|
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
||||||
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/checkloa.groovy"/>
|
||||||
|
</AuthState>
|
||||||
<AuthState name="Auth_Realm_Main_IDP_clear_request_session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
<AuthState name="Auth_Realm_Main_IDP_clear_request_session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
||||||
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
|
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
|
||||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
|
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
|
||||||
|
|
@ -1669,69 +1688,6 @@
|
||||||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||||
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
||||||
</AuthState>
|
</AuthState>
|
||||||
<AuthState name="Auth_Realm_Main_IDP_Ask_Mobile_Number" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<ResultCond name="done" next="Auth_Realm_Main_IDP_CheckLoa"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<Response value="AUTH_CONTINUE">
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<Gui name="ask_mobile_number" label="general.askMobileNumber">
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<GuiElem name="mobile" type="text" label="mobile number" optional="true"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<GuiElem name="skip" type="text" label="skip me" value="false" optional="true"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<GuiElem name="submit" type="button" label="continue.button.label" value="submit"/>
|
|
||||||
</Gui>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/askMobileNumber.groovy"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<property name="parameter.baseUrl" value="https://idm.adn-agov-nevisidm-01-dev:8989/nevisidm/api"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<property name="parameter.idm.httpclient.tls.keyObjectRef" value="DefaultKeyStore"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ask_Mobile_Number"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
|
||||||
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
|
||||||
<property name="parameter.ask_mobile_number_enabled" value="true"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_encryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
|
|
||||||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
|
||||||
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
|
|
||||||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
|
||||||
<Response value="AUTH_CONTINUE"/>
|
|
||||||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
|
||||||
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
|
|
||||||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
|
||||||
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
|
|
||||||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
|
||||||
<property name="!${sess:agov.new.recovery.code.cipher}?sess:agov.new.recovery.code.cipher:encrypt-b64" value="${notes:agov.new.recovery.code}"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="Auth_Realm_Main_IDP_CheckLoa" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<ResultCond name="error" next="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl"/>
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<ResultCond name="exit.1" next="Auth_Realm_Main_IDP_Insufficient_LoaInfo"/>
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<ResultCond name="exit.2" next="Auth_Realm_Main_IDP_Recovery_ongoing"/>
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fetch_Country_Name"/>
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<Response value="AUTH_ERROR">
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
||||||
</Response>
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
|
||||||
<!-- source: pattern://2cdd910036aa06b102863a4f -->
|
|
||||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/checkloa.groovy"/>
|
|
||||||
</AuthState>
|
|
||||||
<AuthState name="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
<AuthState name="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
||||||
<!-- source: pattern://50b861438e79c2332862d3ca -->
|
<!-- source: pattern://50b861438e79c2332862d3ca -->
|
||||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
<ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
||||||
|
|
@ -1805,6 +1761,50 @@
|
||||||
<!-- source: pattern://4c7ad5e93c0ed94844e6bbfe -->
|
<!-- source: pattern://4c7ad5e93c0ed94844e6bbfe -->
|
||||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/fetch_country_name.groovy"/>
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/fetch_country_name.groovy"/>
|
||||||
</AuthState>
|
</AuthState>
|
||||||
|
<AuthState name="Auth_Realm_Main_IDP_Ask_Mobile_Number" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<ResultCond name="done" next="Auth_Realm_Main_IDP_CheckLoa"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<Response value="AUTH_CONTINUE">
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<Gui name="ask_mobile_number" label="general.askMobileNumber">
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<GuiElem name="mobile" type="text" label="mobile number" optional="true"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<GuiElem name="skip" type="text" label="skip me" value="false" optional="true"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<GuiElem name="submit" type="button" label="continue.button.label" value="submit"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/askMobileNumber.groovy"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<property name="parameter.baseUrl" value="https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/api"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<property name="parameter.idm.httpclient.tls.keyObjectRef" value="DefaultKeyStore"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ask_Mobile_Number"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
||||||
|
<!-- source: pattern://6d83506dfcc430c12d81dfa3 -->
|
||||||
|
<property name="parameter.ask_mobile_number_enabled" value="true"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_encryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
|
||||||
|
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||||
|
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
|
||||||
|
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||||
|
<Response value="AUTH_CONTINUE"/>
|
||||||
|
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||||
|
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
|
||||||
|
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||||
|
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
|
||||||
|
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||||
|
<property name="!${sess:agov.new.recovery.code.cipher}?sess:agov.new.recovery.code.cipher:encrypt-b64" value="${notes:agov.new.recovery.code}"/>
|
||||||
|
</AuthState>
|
||||||
<AuthState name="Auth_Realm_Main_IDP_NoAuthnContext" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
<AuthState name="Auth_Realm_Main_IDP_NoAuthnContext" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
||||||
<!-- source: pattern://1793638a6715537e8f491f25 -->
|
<!-- source: pattern://1793638a6715537e8f491f25 -->
|
||||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
<ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-03ba964be38de059bd62eac8e8eeb6f39135ef6e"
|
tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
|
||||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
|
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
database:
|
database:
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ session-repository:
|
||||||
automatic-db-schema-setup: false
|
automatic-db-schema-setup: false
|
||||||
credential-repository:
|
credential-repository:
|
||||||
type: "nevisidm"
|
type: "nevisidm"
|
||||||
client-id: "agov"
|
client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
|
||||||
user-attribute: "extId"
|
user-attribute: "extId"
|
||||||
administration-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1_46/AdminService"
|
administration-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1_46/AdminService"
|
||||||
admin-service-version: "v1_46"
|
admin-service-version: "v1_46"
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-03ba964be38de059bd62eac8e8eeb6f39135ef6e"
|
tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
|
||||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
|
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
podSecurity:
|
podSecurity:
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ application.webdata.pathparam=logrendresourcepath
|
||||||
application.webdata.pathparam.default=/login/resources
|
application.webdata.pathparam.default=/login/resources
|
||||||
cache.revalidate.delay=-1
|
cache.revalidate.delay=-1
|
||||||
cache.source=file
|
cache.source=file
|
||||||
env.name=WORK
|
env.name=work
|
||||||
keytag.end=}
|
keytag.end=}
|
||||||
keytag.start=${
|
keytag.start=${
|
||||||
management.healthchecks.enabled=true
|
management.healthchecks.enabled=true
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ application.language.cookie.rm=LANG:rm:.agov-d.azure.adnovum.net
|
||||||
# source: pattern://4fcfadb4a5c946ead7e6e995, pattern://097929211988398a87bcbb0c
|
# source: pattern://4fcfadb4a5c946ead7e6e995, pattern://097929211988398a87bcbb0c
|
||||||
application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
|
application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
|
||||||
# source: pattern://4fcfadb4a5c946ead7e6e995
|
# source: pattern://4fcfadb4a5c946ead7e6e995
|
||||||
env.name=WORK
|
env.name=work
|
||||||
# source: pattern://4fcfadb4a5c946ead7e6e995
|
# source: pattern://4fcfadb4a5c946ead7e6e995
|
||||||
page.title=AGOV Work IdP
|
page.title=AGOV Work IdP
|
||||||
# source: pattern://4fcfadb4a5c946ead7e6e995
|
# source: pattern://4fcfadb4a5c946ead7e6e995
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
|
|
@ -77,7 +77,7 @@
|
||||||
$text.get("footer.text")
|
$text.get("footer.text")
|
||||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||||
</div>
|
</div>
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
$text.get("footer.text")
|
$text.get("footer.text")
|
||||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||||
</div>
|
</div>
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,9 @@
|
||||||
<img alt="agov Logo" src="${login.appDataPath}/static/images/agov-logo-dark.svg" class="h-5 sm:h-8 sm:mr-6 hidden dark:block">
|
<img alt="agov Logo" src="${login.appDataPath}/static/images/agov-logo-dark.svg" class="h-5 sm:h-8 sm:mr-6 hidden dark:block">
|
||||||
<div class="flex items-center flex-1 sm:flex-initial justify-end">
|
<div class="flex items-center flex-1 sm:flex-initial justify-end">
|
||||||
#set ($langMenu = '')
|
#set ($langMenu = '')
|
||||||
#foreach ($locale in $login.locales)
|
## NOTE/2025-06-30/haburger: using hard coded, sorted array instead of $login.locales
|
||||||
|
#set($localeList = ["de", "fr", "it", "rm", "en"])
|
||||||
|
#foreach ($locale in $localeList)
|
||||||
## find translated label of current locale
|
## find translated label of current locale
|
||||||
#if ($text.contains("language.$locale"))
|
#if ($text.contains("language.$locale"))
|
||||||
#set ($langLabel = $text.get("language.$locale"))
|
#set ($langLabel = $text.get("language.$locale"))
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ application.language.cookie.rm=LANG:rm:.agov-d.azure.adnovum.net
|
||||||
# source: pattern://204c22beaccdfd22727af378, pattern://097929211988398a87bcbb0c
|
# source: pattern://204c22beaccdfd22727af378, pattern://097929211988398a87bcbb0c
|
||||||
application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
|
application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
|
||||||
# source: pattern://204c22beaccdfd22727af378
|
# source: pattern://204c22beaccdfd22727af378
|
||||||
env.name=WORK
|
env.name=work
|
||||||
# source: pattern://204c22beaccdfd22727af378
|
# source: pattern://204c22beaccdfd22727af378
|
||||||
page.title=AGOV Work IdP
|
page.title=AGOV Work IdP
|
||||||
# source: pattern://204c22beaccdfd22727af378
|
# source: pattern://204c22beaccdfd22727af378
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
|
|
@ -77,7 +77,7 @@
|
||||||
$text.get("footer.text")
|
$text.get("footer.text")
|
||||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||||
</div>
|
</div>
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
$text.get("footer.text")
|
$text.get("footer.text")
|
||||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||||
</div>
|
</div>
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,9 @@
|
||||||
<img alt="agov Logo" src="${login.appDataPath}/static/images/agov-logo-dark.svg" class="h-5 sm:h-8 sm:mr-6 hidden dark:block">
|
<img alt="agov Logo" src="${login.appDataPath}/static/images/agov-logo-dark.svg" class="h-5 sm:h-8 sm:mr-6 hidden dark:block">
|
||||||
<div class="flex items-center flex-1 sm:flex-initial justify-end">
|
<div class="flex items-center flex-1 sm:flex-initial justify-end">
|
||||||
#set ($langMenu = '')
|
#set ($langMenu = '')
|
||||||
#foreach ($locale in $login.locales)
|
## NOTE/2025-06-30/haburger: using hard coded, sorted array instead of $login.locales
|
||||||
|
#set($localeList = ["de", "fr", "it", "rm", "en"])
|
||||||
|
#foreach ($locale in $localeList)
|
||||||
## find translated label of current locale
|
## find translated label of current locale
|
||||||
#if ($text.contains("language.$locale"))
|
#if ($text.contains("language.$locale"))
|
||||||
#set ($langLabel = $text.get("language.$locale"))
|
#set ($langLabel = $text.get("language.$locale"))
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ application.language.cookie.rm=LANG:rm:.agov-d.azure.adnovum.net
|
||||||
# source: pattern://06aeae2d799e492f5580d03b, pattern://097929211988398a87bcbb0c
|
# source: pattern://06aeae2d799e492f5580d03b, pattern://097929211988398a87bcbb0c
|
||||||
application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
|
application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
|
||||||
# source: pattern://06aeae2d799e492f5580d03b
|
# source: pattern://06aeae2d799e492f5580d03b
|
||||||
env.name=WORK
|
env.name=work
|
||||||
# source: pattern://06aeae2d799e492f5580d03b
|
# source: pattern://06aeae2d799e492f5580d03b
|
||||||
page.title=AGOV Work IdP
|
page.title=AGOV Work IdP
|
||||||
# source: pattern://06aeae2d799e492f5580d03b
|
# source: pattern://06aeae2d799e492f5580d03b
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-317ed268556b37656f27fb58fcffd4797cea27e4"
|
tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
|
||||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
|
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="/resources/static/bundle.js"></script>
|
<script src="/resources/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
|
|
@ -60,7 +60,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="/resources/static/bundle.js"></script>
|
<script src="/resources/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
|
|
@ -61,7 +61,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="/resources/static/bundle.js"></script>
|
<script src="/resources/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="/resources/static/bundle.js"></script>
|
<script src="/resources/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
|
|
@ -64,7 +64,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
<script src="/resources/static/bundle.js"></script>
|
<script src="/resources/static/bundle.js"></script>
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="/resources/static/bundle.js"></script>
|
<script src="/resources/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
|
|
@ -63,7 +63,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||||
<p data-test="agovVersionNumber">1.11.0.local-20250627T145008Z-haburger: Mon Jun 30 16:49:40 CEST 2025</p>
|
<p data-test="agovVersionNumber">1.11.0.local-20250704T042155Z-haburger: Fri Jul 4 06:28:02 CEST 2025</p>
|
||||||
</footer>
|
</footer>
|
||||||
<script src="/resources/static/bundle.js"></script>
|
<script src="/resources/static/bundle.js"></script>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue