Compare commits
17 Commits
r-b0ee5bf8
...
master
| Author | SHA1 | Date |
|---|---|---|
aca
|
07286b9fb4 | |
|
aca
|
81e7ad3071 | |
|
aca
|
2ef76e0d1b | |
|
aca
|
35d7325a20 | |
|
aca
|
10b146e346 | |
|
aca
|
6c3b7e672a | |
haburger
|
b938bd429b | |
|
haburger
|
1c1010d832 | |
|
haburger
|
121c858566 | |
|
haburger
|
6f5dd59161 | |
|
aca
|
0e6d812f80 | |
|
haburger
|
0e04da9e17 | |
|
aca
|
d898d77a96 | |
|
haburger
|
cab6910fb9 | |
|
haburger
|
5d6bae4a94 | |
|
aca
|
f1d1467d07 | |
|
aca
|
b60c61da81 |
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisAuth"
|
||||
replicas: 1
|
||||
version: "8.2411.2"
|
||||
version: "8.2411.3"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-b0ee5bf8f21b6deb852634ece4565dee10c29032"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
|
||||
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
|
||||
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: "operator.nevis-security.ch/v1"
|
||||
kind: "NevisTrustStore"
|
||||
metadata:
|
||||
name: "auth-default-default-signer-trust"
|
||||
name: "auth-internal-idp-auth-signer-trust"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
labels:
|
||||
deploymentTarget: "auth"
|
||||
|
|
@ -10,5 +10,7 @@ metadata:
|
|||
patternId: "7022472ae407577ae604bbb8"
|
||||
spec:
|
||||
keystores:
|
||||
- name: "auth-sts-sh4r3d-internal-idp-auth-signer"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
- name: "auth-sh4r3d-internal-idp-auth-signer"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
|
|
@ -12,6 +12,8 @@ spec:
|
|||
keystores:
|
||||
- name: "proxy-idp-notused-auth-realm-identity"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
- name: "proxy-idp-auth-realm-main-idp-identity"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
- name: "proxy-idp-auth-realm-mobile-fido-uaf-identity"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
- name: "proxy-idp-auth-realm-recovery-identity"
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisAuth"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.3"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -45,7 +45,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-b0ee5bf8f21b6deb852634ece4565dee10c29032"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
@ -55,7 +55,7 @@ spec:
|
|||
truststores:
|
||||
- "auth-default-tls-trust"
|
||||
- "auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido"
|
||||
- "auth-default-default-signer-trust"
|
||||
- "auth-internal-idp-auth-signer-trust"
|
||||
- "auth-technical-trust-store"
|
||||
podSecurity:
|
||||
policy: "baseline"
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -224,6 +224,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sprache wählen
|
||||
loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
|
||||
loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
|
||||
loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
|
||||
loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
|
||||
loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
|
||||
loainfo.later=Später
|
||||
loainfo.startNow=Möchten Sie den Prozess jetzt starten?
|
||||
|
|
@ -224,6 +224,8 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
|
|||
recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
|
||||
recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
|
||||
recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
|
||||
recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_noCode.banner.error=Zu viele Versuche.
|
||||
recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
|
||||
recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -224,6 +224,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sélectionner la langue
|
||||
loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
|
||||
loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
|
||||
loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
|
||||
loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
|
||||
loainfo.helper=Vos données doivent être vérifiées!
|
||||
loainfo.later=Plus tard
|
||||
loainfo.startNow=Voulez-vous commencer le processus maintenant?
|
||||
|
|
@ -224,6 +224,8 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
|
|||
recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
|
||||
recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
|
||||
recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
|
||||
recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_noCode.banner.error=Trop de tentatives.
|
||||
recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
|
||||
recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la récupération du compte dans dix minutes à partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Selezionare la lingua
|
||||
loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
|
||||
loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
|
||||
loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
|
||||
loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
|
||||
loainfo.helper=I dati devono essere verificati!
|
||||
loainfo.later=Più tardi
|
||||
loainfo.startNow=Iniziare la procedura?
|
||||
|
|
@ -224,6 +224,8 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
|
|||
recovery_check_code.noAccess=Non ho il mio codice.
|
||||
recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
|
||||
recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
|
||||
recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
|
||||
recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
|
||||
recovery_check_noCode.banner.error=Troppi tentativi.
|
||||
recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
|
||||
recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -10,6 +10,20 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
|
|||
|
||||
LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||
|
||||
// BUNDBITBK-4824: Address was missing after bmid verification
|
||||
def session = request.getAuthSession(true)
|
||||
int loa = session.get('agov.actualRoleLevel') as int
|
||||
|
||||
// Best Token Available only if account's AQlevel is high enough
|
||||
if ((session.getAttribute('agov.appAddressRequired') == 'true') && (loa < 200)) {
|
||||
LOG.debug("Best Token: Address requested but account has to low AQ (${loa})")
|
||||
session.setAttribute('agov.appAddressRequired', 'false')
|
||||
}
|
||||
if ((session.getAttribute('agov.appSvnrAllowed') == 'true') && (loa < 400)) {
|
||||
LOG.debug("Best Token: SVNr requested but account has to low AQ (${loa})")
|
||||
session.setAttribute('agov.appSvnrAllowed', 'false')
|
||||
}
|
||||
// BUNDBITBK-4824 END
|
||||
|
||||
// delete the login cookie
|
||||
def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
|
||||
|
|
|
|||
|
|
@ -167,7 +167,8 @@ def i2r = [:]
|
|||
|
||||
// issuer to ResultCond name
|
||||
def i2e = [:]
|
||||
i2e.put('https://trustbroker.agov-d.azure.adnovum.net', 'forbidden_0')
|
||||
i2e.put('https://trustbroker.agov-epr-lab.azure.adnovum.net', 'forbidden_0')
|
||||
i2e.put('https://trustbroker-idp.agov-epr-lab.azure.adnovum.net', 'forbidden_1')
|
||||
|
||||
|
||||
if (!i2r.isEmpty() && !hasAnyRequiredRole(i2r, issuer)) {
|
||||
|
|
@ -2,9 +2,8 @@ import org.codehaus.groovy.runtime.StackTraceUtils
|
|||
import groovy.xml.XmlSlurper
|
||||
|
||||
def getUserAGOVLoiRoles() {
|
||||
// set attibutes from DTO: -> AGOVaq
|
||||
def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
|
||||
return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() })
|
||||
// we take the roles from actualRoles
|
||||
return request.getActualRoles().findAll { role -> role.startsWith('AGOV-Loi.') }.collect({ role -> role.substring(9) })
|
||||
}
|
||||
|
||||
def getUserAGOVRecoveryRoles() {
|
||||
|
|
@ -141,6 +140,11 @@ try {
|
|||
LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||
|
||||
session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100')
|
||||
|
||||
// if the account has no profile, we must not return address or svnr
|
||||
session.setAttribute('agov.appAddressRequired', 'false')
|
||||
session.setAttribute('agov.appSvnrAllowed', 'false')
|
||||
|
||||
response.setResult('ok')
|
||||
return
|
||||
}
|
||||
|
|
@ -161,9 +165,7 @@ try {
|
|||
if (role.startsWith('level')) {
|
||||
def roleLevel = role.substring(5)
|
||||
int roleLevelNumber = Integer.parseInt(roleLevel)
|
||||
if (highestRoleLevelNumber == 0) {
|
||||
highestRoleLevelNumber = roleLevelNumber
|
||||
}
|
||||
|
||||
if (highestRoleLevelNumber< roleLevelNumber) {
|
||||
highestRoleLevelNumber=roleLevelNumber
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,326 @@
|
|||
import ch.nevis.esauth.auth.engine.AuthResponse
|
||||
import ch.nevis.esauth.util.httpclient.api.HttpClient
|
||||
import groovy.json.JsonSlurper
|
||||
import io.opentelemetry.api.trace.Span
|
||||
|
||||
def getHeader(String name) {
|
||||
def inctx = request.getLoginContext()
|
||||
// case-insensitive lookup of HTTP headers
|
||||
def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
|
||||
map.putAll(inctx)
|
||||
return map['connection.HttpHeader.' + name]
|
||||
}
|
||||
|
||||
def verification_request_template = '''
|
||||
{ "presentation_definition": {
|
||||
"id": "{{UUID}}",
|
||||
"name": "AGOV Verification",
|
||||
"purpose": "AGOV Login",
|
||||
"format": {
|
||||
"vc+sd-jwt": {
|
||||
"sd-jwt_alg_values": [
|
||||
"ES256"
|
||||
],
|
||||
"kb-jwt_alg_values": [
|
||||
"ES256"
|
||||
]
|
||||
}
|
||||
},
|
||||
"input_descriptors": [
|
||||
{
|
||||
"id": "agov-all-attributes",
|
||||
"name": "AGOV Identity Verification",
|
||||
"purpose": "verification and authentication",
|
||||
"format": {
|
||||
"vc+sd-jwt": {
|
||||
"sd-jwt_alg_values": [
|
||||
"ES256"
|
||||
],
|
||||
"kb-jwt_alg_values": [
|
||||
"ES256"
|
||||
]
|
||||
}
|
||||
},
|
||||
"constraints": {
|
||||
"fields": [
|
||||
{
|
||||
"path": [
|
||||
"$.family_name"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.given_name"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.birth_date"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.sex"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.place_of_origin"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.birth_place"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.nationality"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.personal_administrative_number"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.document_number"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.issuance_date"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.expiry_date"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.issuing_authority"
|
||||
]
|
||||
},
|
||||
{
|
||||
"path": [
|
||||
"$.issuing_country"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
'''
|
||||
|
||||
def ERROR_CODE_TO_STATUS_MAPPER = [
|
||||
'CREDENTIAL_INVALID' : 'FAILED',
|
||||
'JWT_EXPIRED' : 'ERROR',
|
||||
'INVALID_FORMAT' : 'ERROR',
|
||||
'CREDENTIAL_EXPIRED' : 'FAILED',
|
||||
'MISSING_NONCE' : 'ERROR',
|
||||
'UNSUPPORTED_FORMAT' : 'ERROR',
|
||||
'CREDENTIAL_REVOKED' : 'FAILED',
|
||||
'CREDENTIAL_SUSPENDED' : 'FAILED',
|
||||
'HOLDER_BINDING_MISMATCH' : 'ERROR',
|
||||
'CREDENTIAL_MISSING_DATA' : 'FAILED',
|
||||
'UNRESOLVABLE_STATUS_LIST' : 'ERROR',
|
||||
'PUBLIC_KEY_OF_ISSUER_UNRESOLVABLE': 'ERROR',
|
||||
'CLIENT_REJECTED' : 'CANCELED',
|
||||
'ISSUER_NOT_ACCEPTED' : 'ERROR'
|
||||
]
|
||||
|
||||
// ---------------
|
||||
// check, whether we are still processing the correct AuthnRequest
|
||||
if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) {
|
||||
// wrong request, "force" a timeout
|
||||
LOG.debug('authentication timeout enforced, due to concurrent requests -> return a 408')
|
||||
|
||||
response.setIsDirectResponse(true)
|
||||
response.setContentType('text/html; charset=UTF-8')
|
||||
response.setContent('Timeout')
|
||||
response.setHttpStatusCode(205)
|
||||
response.setHeader('IDP-AUTH', 'Timeout')
|
||||
|
||||
// CONTINUE to keep the other request beeing processed
|
||||
response.setStatus(AuthResponse.AUTH_CONTINUE)
|
||||
return
|
||||
}
|
||||
|
||||
if (inargs['oid4vp'] == 'ERROR') {
|
||||
response.setResult('error')
|
||||
return
|
||||
}
|
||||
|
||||
if (inargs['oid4vp'] == 'SUCCEEDED') {
|
||||
response.setResult('ok')
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
def sess = request.getAuthSession(true)
|
||||
|
||||
HttpClient httpClient = HttpClients.create(parameters)
|
||||
def spanCtxt = Span.current().getSpanContext()
|
||||
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
|
||||
|
||||
if (!session['agov.eid.verification']) {
|
||||
// Initialize the verification session on the verifier
|
||||
def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications"
|
||||
|
||||
try {
|
||||
def httpResponse = Http.post()
|
||||
.url(endPoint)
|
||||
.header("Accept", "application/json")
|
||||
.header("traceparent", traceparent)
|
||||
.entity(Http.entity()
|
||||
.content(verification_request_template.replaceAll("\\{\\{UUID}}", UUID.randomUUID().toString()))
|
||||
.contentType("application/json")
|
||||
.build())
|
||||
.build()
|
||||
.send(httpClient)
|
||||
|
||||
|
||||
if (httpResponse.code() != 200) {
|
||||
LOG.debug("Result: ${httpResponse}")
|
||||
response.setResult('error')
|
||||
return
|
||||
}
|
||||
|
||||
def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
|
||||
LOG.debug("Result: ${json}")
|
||||
|
||||
sess.setAttribute('agov.eid.verification', 'true')
|
||||
sess.setAttribute('agov.eid.verification.id', json.id)
|
||||
sess.setAttribute('agov.eid.verification.link', json.verification_url)
|
||||
|
||||
if (json.state != 'PENDING') {
|
||||
response.setResult('error')
|
||||
return
|
||||
}
|
||||
}
|
||||
catch (Exception e) {
|
||||
LOG.error("Eid verification failed: $e")
|
||||
response.setResult('error')
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.v')) {
|
||||
// request for a status update from the verifier
|
||||
def result
|
||||
|
||||
// TODO/haburger/2025-03-24: we should make sure, that we have an actual session on the verifier with id.v
|
||||
// and that authRequestId is correct
|
||||
def idvalue = (!inargs['o.id.v'] || inargs['o.id.v'] == 'NEW') ? session['agov.eid.verification.id'] : inargs['o.id.v']
|
||||
|
||||
try {
|
||||
def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${idvalue}"
|
||||
|
||||
def httpResponse = Http.get()
|
||||
.url(endPoint)
|
||||
.header("Accept", "application/json")
|
||||
.header("traceparent", traceparent)
|
||||
.build()
|
||||
.send(httpClient)
|
||||
|
||||
if (httpResponse.code() != 200) {
|
||||
// TODO/haburger/2025-03-25: 404 we should create a new verification request
|
||||
LOG.debug("Result: ${httpResponse}")
|
||||
result = """{
|
||||
"oid4vp": {
|
||||
"status": "ERROR",
|
||||
"verification_url": "${session['agov.eid.verification.link']}",
|
||||
"id": "${idvalue}",
|
||||
"error_code": "HTTP-ERROR",
|
||||
"error_message": "failed to verify status of verification ${idvalue}, http status: ${httpResponse.code()}"
|
||||
}}"""
|
||||
LOG.warn("<== Response: ${responseCode}")
|
||||
}
|
||||
else {
|
||||
|
||||
def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
|
||||
|
||||
if (json.state == 'SUCCESS') {
|
||||
def claims = json.wallet_response.credential_subject_data
|
||||
|
||||
// TODO/haburger/2025-03-25: format changes to align with IDM read data
|
||||
sess.setAttribute('ch.nevis.idm.User.firstName', claims.given_name)
|
||||
sess.setAttribute('ch.nevis.idm.User.lastName', claims.family_name)
|
||||
sess.setAttribute('ch.nevis.idm.User.birthDate', claims.birth_date)
|
||||
sess.setAttribute('ch.nevis.idm.User.gender', claims.sex)
|
||||
sess.setAttribute('ch.nevis.idm.User.prop.svnr', claims.personal_administrative_number)
|
||||
sess.setAttribute('ch.nevis.idm.User.prop.placeOfBirth', claims.birth_place)
|
||||
sess.setAttribute('ch.nevis.idm.User.prop.eIdNumber', claims.personal_administrative_number)
|
||||
sess.setAttribute('ch.nevis.idm.User.prop.nationality', claims.nationality.toString())
|
||||
sess.setAttribute('ValidFrom', claims.issuance_date)
|
||||
sess.setAttribute('ValidTo', claims.expiry_date)
|
||||
sess.setAttribute('authenticatedWith', "urn:qa.agov.ch:names:tc:authfactor:eid")
|
||||
sess.setAttribute('idVerification', "Eid")
|
||||
sess.setAttribute('contextClassRefToSet', "urn:qa.agov.ch:names:tc:ac:classes:600")
|
||||
|
||||
response.setUserId(claims.personal_administrative_number)
|
||||
response.setLoginId(claims.document_number)
|
||||
response.setAuthLevel("EID")
|
||||
|
||||
result = """{
|
||||
"oid4vp": {
|
||||
"status": "SUCCEEDED",
|
||||
"verification_url": "${session['agov.eid.verification.link']}",
|
||||
"id": "${idvalue}",
|
||||
"error_code": "NONE"
|
||||
}}"""
|
||||
}
|
||||
else if (json.state == 'FAILED') {
|
||||
// TODO/haburger/2025-03-25: ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] == 'FAILED' we should
|
||||
// initiate a new verification and return the new id, url together with the message
|
||||
|
||||
LOG
|
||||
.error("Eid verification failed: ${json.wallet_response.error_code} (${json.wallet_response.error_description})")
|
||||
result = """{
|
||||
"oid4vp": {
|
||||
"status": "${ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] ?: 'ERROR'}",
|
||||
"verification_url": "${session['agov.eid.verification.link']}",
|
||||
"id": "${idvalue}",
|
||||
"error_code": "${json.wallet_response.error_code}",
|
||||
"error_message": "${json.wallet_response.error_description}"
|
||||
}}"""
|
||||
}
|
||||
else {
|
||||
result = """{
|
||||
"oid4vp": {
|
||||
"status": "${inargs['o.id.v'] == 'NEW' ? 'INITIATED' : 'PENDING'}",
|
||||
"verification_url": "${session['agov.eid.verification.link']}",
|
||||
"id": "${idvalue}",
|
||||
"error_code": "NONE"
|
||||
}}"""
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
catch (Exception e) {
|
||||
LOG.error("Eid verification failed: ${e}")
|
||||
result = """{
|
||||
"oid4vp": {
|
||||
"status": "ERROR",
|
||||
"verification_url": "${session['agov.eid.verification.link']}",
|
||||
"id": "${idvalue}",
|
||||
"error_code": "HTTP-ERROR",
|
||||
"error_message": "failed to verify status of verification ${idvalue}, http exception"
|
||||
}}"""
|
||||
}
|
||||
|
||||
response.setContent(result.toString())
|
||||
response.setContentType('application/json')
|
||||
response.setHttpStatusCode(200)
|
||||
response.setIsDirectResponse(true)
|
||||
response.setStatus(AuthResponse.AUTH_CONTINUE)
|
||||
return
|
||||
}
|
||||
|
||||
// if we reach this place, display GUI
|
||||
response.setStatus(AuthResponse.AUTH_CONTINUE)
|
||||
return
|
||||
|
|
@ -13,7 +13,7 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
|
||||
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
|
||||
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@
|
|||
<!-- source: pattern://7022472ae407577ae604bbb8 -->
|
||||
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/auth-sh4r3d-internal-idp-auth-signer/cert.pem" privateKey="/var/opt/keys/own/auth-sh4r3d-internal-idp-auth-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/auth-sh4r3d-internal-idp-auth-signer/keypass"/>
|
||||
<!-- source: pattern://7022472ae407577ae604bbb8 -->
|
||||
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/auth-default-default-signer-trust/truststore.jks"/>
|
||||
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/auth-internal-idp-auth-signer-trust/truststore.jks"/>
|
||||
<!-- source: pattern://94e0b7b92ff2593f958c1eec -->
|
||||
<KeyObject name="Signer_SecToken" certificate="/var/opt/keys/own/auth-sh4r3d-internal-idp-auth-signer/cert.pem" privateKey="/var/opt/keys/own/auth-sh4r3d-internal-idp-auth-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/auth-sh4r3d-internal-idp-auth-signer/keypass"/>
|
||||
</KeyStore>
|
||||
|
|
@ -99,12 +99,14 @@
|
|||
<!-- source: pattern://95220b3005deb118adeb01aa -->
|
||||
<KeyObject name="FIDO_UAF_Truststore" certificate="/var/opt/keys/trust/env-ca/truststore.jks"/>
|
||||
</KeyStore>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<!-- source: pattern://0a15213c00dec3668fb94a65, pattern://c0f2c118a88327acce1687fe, pattern://8dbec5bb024707d73fca93ef -->
|
||||
<KeyStore name="Store_IDP_AGOV">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<!-- source: pattern://c0f2c118a88327acce1687fe -->
|
||||
<KeyObject name="Signer_IDP_AGOV" certificate="/var/opt/keys/own/idp-pem-signer/cert.pem" privateKey="/var/opt/keys/own/idp-pem-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/idp-pem-signer/keypass"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<!-- source: pattern://0a15213c00dec3668fb94a65 -->
|
||||
<KeyObject name="https://trustbroker.agov-d.azure.adnovum.net" certificate="/var/opt/keys/trust/idp-pem-atb/truststore.jks"/>
|
||||
<!-- source: pattern://8dbec5bb024707d73fca93ef -->
|
||||
<KeyObject name="https://trustbroker-idp.agov-w.azure.adnovum.net" certificate="/var/opt/keys/trust/idp-pem-atb/truststore.jks"/>
|
||||
</KeyStore>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<KeyStore name="Auth_Realm_Mobile_FIDO_UAFKeyStore">
|
||||
|
|
@ -130,8 +132,9 @@
|
|||
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisidmcl/nevisauth/lib:/opt/nevisfidocl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
|
||||
<!-- source: pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Domain name="Auth_Realm_Main_IDP" default="false" inactiveInterval="1800" reauthInterval="0" resetAuthenticationCondition="#{ (inargs.containsKey('SAMLRequest') and session.containsKey('ch.nevis.auth.saml.request.id')) ? 'restart' : '' }">
|
||||
<Entry method="authenticate" state="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<Entry method="authenticate" state="Auth_Realm_Main_IDP_IDP_Status_Check"/>
|
||||
<Entry method="authenticate" state="Auth_Realm_Main_IDP_IDP_Status_Check" selector="${request:currentResource:^http[s]?\u003A//[^/]+/SAML2/SSO/.*$:true}"/>
|
||||
<Entry method="logout" state="Auth_Realm_Main_IDP_IDP_Status_Check"/>
|
||||
<Entry method="logout" state="Auth_Realm_Main_IDP_IDP_Status_Check" selector="${request:currentResource:^http[s]?\u003A//[^/]+/SAML2/SSO/.*$:true}"/>
|
||||
<Entry method="stepup" state="Auth_Realm_Main_IDP_Selector"/>
|
||||
<Entry method="stepup" state="Auth_Realm_Main_IDP_IDP_Status_Check" selector="${request:currentResource:^http[s]?\u003A//[^/]+/SAML2/SSO/.*$:true}"/>
|
||||
|
|
@ -155,37 +158,19 @@
|
|||
<Entry method="authenticate" state="NotUsed_Auth_Realm_NotUsed_Pwd_Login"/>
|
||||
<Entry method="stepup" state="NotUsed_Auth_Realm_Selector"/>
|
||||
</Domain>
|
||||
<AuthState name="Auth_Realm_Main_IDP_RequestedRoleLevel" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<ResultCond name="error" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="parameter.appAddressRequired.whitelist" value="https://testapp-01.agov-d.azure.adnovum.net/test/api/saml2/service-provider-metadata/agovidp, OidcPlayground"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/connect/billing/relying-party"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<AuthState name="Auth_Realm_Main_IDP_IDP_Status_Check" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<ResultCond name="continueAfterRepost" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Preprocess_Done"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<Response value="AUTH_ERROR"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/requestedrolelevel.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_SendSamlResponseWithError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<Gui name="NotUsed"/>
|
||||
</Response>
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/SendSamlResponseWithError.groovy"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/idp_status_check.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Mobile_NLess_Auth" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
|
||||
|
|
@ -225,6 +210,19 @@
|
|||
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
|
||||
<property name="parameter.recoveryurl" value="https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Preprocess_Done" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://03326b180687860ffe06a58c -->
|
||||
<ResultCond name="nomatch" next="Auth_Realm_Main_IDP_Auth_Failed"/>
|
||||
<!-- source: pattern://03326b180687860ffe06a58c -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_IDP_Dispatcher"/>
|
||||
<!-- source: pattern://03326b180687860ffe06a58c -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://03326b180687860ffe06a58c -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://03326b180687860ffe06a58c -->
|
||||
<property name="condition:ok" value="${request:currentResource:^http[s]?\u003A//[^/]+/SAML2/SSO/.*$:true}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
|
||||
<ResultCond name="error" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
|
||||
|
|
@ -278,6 +276,48 @@
|
|||
<!-- source: pattern://d76231eaa88cb1645ce44cf3 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/createuuid.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
|
||||
<!-- source: pattern://473f9d6b4ab9d61c1eb8c689 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://473f9d6b4ab9d61c1eb8c689 -->
|
||||
<Gui name="Error">
|
||||
<!-- source: pattern://473f9d6b4ab9d61c1eb8c689 -->
|
||||
<GuiElem name="info" type="error" label="error_99"/>
|
||||
<!-- source: pattern://473f9d6b4ab9d61c1eb8c689 -->
|
||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_IDP_Dispatcher" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<ResultCond name="confirm" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Confirm"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<ResultCond name="epd" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_IDP"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<ResultCond name="epd_artifact" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_Artifact_IDP"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<ResultCond name="main" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<Gui name="saml_dispatcher" label="title.saml.failed">
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.logoutConfirmation" value="false"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.spInitiated" value="true"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.epdMode" value="post"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.atb" value="https://trustbroker.agov-d.azure.adnovum.net"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="parameter.epd_atb" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://73efd00d67082ff1eb927922 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/idp_dispatcher.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Email_Input" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
|
||||
<!-- source: pattern://e3cac41e75980361d7d26bde -->
|
||||
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
|
||||
|
|
@ -347,6 +387,10 @@
|
|||
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
|
||||
<property name="in.binding" value="none"/>
|
||||
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
|
||||
<property name="in.keystoreref" value=""/>
|
||||
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
|
||||
<property name="in.keyobjectref" value=""/>
|
||||
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
|
||||
<property name="out.binding" value="internal"/>
|
||||
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
|
||||
<property name="out.sign" value="Response Assertion"/>
|
||||
|
|
@ -387,6 +431,311 @@
|
|||
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
|
||||
<property name="out.audienceRestriction" value="https://ob.agov-w.azure.adnovum.net/mock-me/registration"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Confirm" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://9196b809b539716b03ad8565 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://9196b809b539716b03ad8565 -->
|
||||
<Gui name="saml_logout_confirm" label="title.logout.confirmation"/>
|
||||
</Response>
|
||||
<!-- source: pattern://9196b809b539716b03ad8565 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/logout_confirm.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_IDP" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_IDP"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<Gui name="saml_idp" label="title.saml.failed">
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="session.participants-store.key" value="IDP_AGOV-session-participants"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="logoutMode" value="ConcurrentLogout-Redirect"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="logoutTrigger" value="#{request['currentResource'].contains('logout') || inargs.containsKey('logout') || inargs.containsKey('SAMLLogout')}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.binding" value="http-post"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.post.relayStateEncoding" value="HTML"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.sign" value="Response Assertion LogoutResponse"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.signatureKeyInfo" value="Certificate"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.ttl" value="30"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.subject" value="${response:userId}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="spIssuer" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="spURL" value="https://trustbroker-idp.agov-w.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="acsUrlWhitelist.uris" value="https://trustbroker-idp.agov-w.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="in.binding" value="auto"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="in.max_age" value="60"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="in.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:ch.nevis.idm.User.lastName}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
|
||||
<!-- source: pattern://1d81bd987455a8e1ee044ccf -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_Artifact_IDP" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_EPD_Artifact_IDP"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<Gui name="saml_idp" label="title.saml.failed">
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="session.participants-store.key" value="IDP_AGOV-session-participants"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="logoutMode" value="ConcurrentLogout-Redirect"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="logoutTrigger" value="#{request['currentResource'].contains('logout') || inargs.containsKey('logout') || inargs.containsKey('SAMLLogout')}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.binding" value="http-artifact"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.artifactSourceId" value="0x49899452c60f53e500d7d8b221536c9745dfaf0f"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.post.relayStateEncoding" value="HTML"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.sign" value="Response Assertion LogoutResponse ArtifactResponse"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.signatureKeyInfo" value="Certificate"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.ttl" value="30"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.subject" value="${response:userId}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="spIssuer" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="spURL" value="https://trustbroker-idp.agov-w.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="acsUrlWhitelist.uris" value="https://trustbroker-idp.agov-w.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="in.binding" value="auto"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="in.max_age" value="60"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="in.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker-idp.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:ch.nevis.idm.User.lastName}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
|
||||
<!-- source: pattern://5a75ffc73b91b88cfab6168e -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_AGOV_IDP"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<Gui name="saml_idp" label="title.saml.failed">
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="session.participants-store.key" value="IDP_AGOV-session-participants"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="logoutMode" value="ConcurrentLogout-Redirect"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="logoutTrigger" value="#{request['currentResource'].contains('logout') || inargs.containsKey('logout') || inargs.containsKey('SAMLLogout')}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.binding" value="http-post"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.post.relayStateEncoding" value="HTML"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.sign" value="Response Assertion"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.signatureKeyInfo" value="Certificate"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.ttl" value="30"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.subject" value="${response:userId}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="spIssuer" value="https://trustbroker.agov-d.azure.adnovum.net"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="spURL" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="acsUrlWhitelist.uris" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="in.binding" value="auto"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="in.max_age" value="60"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="in.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker.agov-d.azure.adnovum.net"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="${sess:ch.nevis.idm.User.email}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance" value="${sess:ch.nevis.idm.User.language}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:ch.nevis.idm.User.lastName}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr'] : ''}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/placeOfBirth" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.placeOfBirth'] : ''}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/eIdNumber" value="${sess:ch.nevis.idm.User.prop.eIdNumber}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification" value="${sess:ValidFrom}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/validTillDate" value="${sess:ValidTo}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/verificationMethod" value="#{ ''.concat(sess.get('idVerification')).replace('SelfPaid', '') }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/nationality" value="#{ sess.containsKey('ch.nevis.idm.User.prop.nationality') ? sess['ch.nevis.idm.User.prop.nationality'].toUpperCase(): '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith" value="${sess:authenticatedWith}"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/emailVerified" value="true"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/street" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.street'] : '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/houseNumber" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.houseNumber'] : '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/zipCode" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.postalCode'] : '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/town" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.city'] : '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/country" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.country'].toUpperCase() : '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/qa/verificationMethod" value="#{ (sess['agov.appAddressRequired'] == 'true') ? ''.concat(sess.get('agov.adressVerification')).replace('Location', 'Domicile') : '' }"/>
|
||||
<!-- source: pattern://92cb6d5256008a32f12ceb93 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/countryName" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['agov.countryName'] : ''}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://826166d230a6a4849f2837ae -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
|
|
@ -473,6 +822,75 @@
|
|||
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Concurrent_Logout" class="ch.nevis.esauth.auth.states.standard.AuthLogout" final="false" resumeState="false">
|
||||
<!-- source: pattern://db4eead0bb25b03205afd79f -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://db4eead0bb25b03205afd79f -->
|
||||
<Gui name="saml_logout" label="title.logout">
|
||||
<!-- source: pattern://db4eead0bb25b03205afd79f -->
|
||||
<GuiElem name="saml.logoutURLs" type="hidden" value="${outargs:saml.logoutURLs}" optional="true"/>
|
||||
<!-- source: pattern://db4eead0bb25b03205afd79f -->
|
||||
<GuiElem name="saml.logoutURL" type="hidden" value="#{ session.containsKey('saml.logoutURL') ? session.get('saml.logoutURL') : '/' }" optional="true"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://2f81f8b878ef787fc5cc284a -->
|
||||
<ResultCond name="default" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Authorization"/>
|
||||
<!-- source: pattern://2f81f8b878ef787fc5cc284a -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://2f81f8b878ef787fc5cc284a -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://2f81f8b878ef787fc5cc284a -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Done" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true" resumeState="true">
|
||||
<!-- source: pattern://06515d4815de4afde6f8116a -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://06515d4815de4afde6f8116a -->
|
||||
<Gui name="empty"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Logout_Fail" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true" resumeState="true">
|
||||
<!-- source: pattern://3f719a1e5c1447ee46c69cb2 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://3f719a1e5c1447ee46c69cb2 -->
|
||||
<Gui name="empty"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_RequestedRoleLevel" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<ResultCond name="error" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<ResultCond name="exit.1" next="Auth_Realm_Main_IDP_EId_Verification_Auth"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="parameter.bestTokenAddressWhitelist" value="https://testapp-01.agov-d.azure.adnovum.net/test/api/saml2/service-provider-metadata/agovidp, OidcPlayground, https://admin.agov-w.azure.adnovum.net/SAML2/ACS/"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="parameter.bestTokenSvnrWhitelist" value="https://testapp-01.agov-d.azure.adnovum.net/test/api/saml2/service-provider-metadata/agovidp, OidcPlayground, https://op.agov-w.azure.adnovum.net/SAML2/ACS/"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/connect/billing/relying-party"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://68665057549fd887ea09fb86 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/requestedrolelevel.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="true">
|
||||
<!-- source: pattern://5f7e44f4fb2e3f710e4a3e91 -->
|
||||
<ResultCond name="nomatch" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Prepare_Done"/>
|
||||
<!-- source: pattern://5f7e44f4fb2e3f710e4a3e91 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://5f7e44f4fb2e3f710e4a3e91 -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
|
||||
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
|
||||
<ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
|
||||
|
|
@ -529,6 +947,19 @@
|
|||
<!-- source: pattern://0b3ce3ceec7bfca3ea524983 -->
|
||||
<property name="notes:saml.errorMessage" value="permanent error, not linked to user, but to system , Request ID: ${request:traceId}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_SendSamlResponseWithError" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<Gui name="NotUsed"/>
|
||||
</Response>
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://4c65de021d362462324a3a5f -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/SendSamlResponseWithError.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Mobile_UserID_Verify_IdmGetPropertiesState" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="false">
|
||||
<!-- source: pattern://c686c1bdd5355351f7f98cc8 -->
|
||||
<ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
|
||||
|
|
@ -586,6 +1017,59 @@
|
|||
<!-- source: pattern://e0fda9336be9c69dafc9b69e -->
|
||||
<property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Authorization" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<ResultCond name="forbidden_0" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Authorization"/>
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<ResultCond name="forbidden_1" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Authorization"/>
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Auth_Done_GUI"/>
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<ResultCond name="stepup" next="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Selector"/>
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<property name="parameter.paths" value="^http[s]?\u003A//[^/]+/SAML2/SSO/.*$"/>
|
||||
<!-- source: pattern://596e3e37c4d524690ea35897 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/authorization.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_EId_Verification_Auth" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<ResultCond name="default" next="Auth_Realm_Main_IDP_EId_Verification_Auth"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<ResultCond name="error" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_SendSamlResponseWithAssertion"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<Gui name="eid_verification">
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<GuiElem name="agov.appDisplayNameDE" type="hidden" value="${sess:agov.appDisplayNameDE}" optional="true"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<GuiElem name="agov.appDisplayNameFR" type="hidden" value="${sess:agov.appDisplayNameFR}" optional="true"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<GuiElem name="agov.appDisplayNameIT" type="hidden" value="${sess:agov.appDisplayNameIT}" optional="true"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<GuiElem name="agov.appDisplayNameEN" type="hidden" value="${sess:agov.appDisplayNameEN}" optional="true"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<GuiElem name="agov.appSamlRpEntityId" type="hidden" value="https://auth.agov-w.azure.adnovum.net/app-info/app-icon?entity-id=${sess:ch.nevis.auth.saml.request.scoping.requesterId}" optional="true"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<GuiElem name="oid4vp" type="hidden" value="UNKNOWN" optional="true"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/eid_verification_auth.groovy"/>
|
||||
<!-- source: pattern://e335f57d4c64dfc97223697a -->
|
||||
<property name="parameter.eidVerifierBaseUrl" value="https://verifier-management.agov-epr-lab.azure.adnovum.net"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
|
||||
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
|
||||
<ResultCond name="default" next="Auth_Realm_Main_IDP_FIDO2_Authentication"/>
|
||||
|
|
@ -669,6 +1153,28 @@
|
|||
<!-- source: pattern://f393012a278e525956a362d3 -->
|
||||
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ensure_Account_State"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Realm_Main_IDP_Custom_Auth_Done_GUI" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false" resumeState="true">
|
||||
<!-- source: pattern://cf0e8f8de1c8ac7345c5a6bb -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://cf0e8f8de1c8ac7345c5a6bb -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_SendSamlResponseWithAssertion" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Prepare_Done"/>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<Gui name="not_used"/>
|
||||
</Response>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_FIDO2_Authentication" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
|
||||
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_OnCancel_Dispatch"/>
|
||||
|
|
@ -763,6 +1269,17 @@
|
|||
<!-- source: pattern://f393012a278e525956a362d3 -->
|
||||
<property name="detaillevel.default" value="EXCLUDE"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<ResultCond name="default" next="Auth_Realm_Main_IDP_Auth_Done"/>
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_OnCancel_Dispatch" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://af4ec934e8efbef422f03926 -->
|
||||
<ResultCond name="AccessApp" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
|
||||
|
|
@ -803,6 +1320,13 @@
|
|||
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
|
||||
<property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_clear_request_session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
|
||||
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
|
||||
|
|
@ -1129,21 +1653,6 @@
|
|||
<!-- source: pattern://6061abea33a234fad73897b7 -->
|
||||
<property name="out.audienceRestriction" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_SendSamlResponseWithAssertion" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Prepare_Done"/>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<Gui name="not_used"/>
|
||||
</Response>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://b87d0d2b640e8e545ad70234 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Redirect_to_IDVerification_Handle_Redirect" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
||||
<!-- source: pattern://cdb228eccc12b4b1dea20d9d -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fetch_Attributes"/>
|
||||
|
|
@ -1174,17 +1683,6 @@
|
|||
<!-- source: pattern://6061abea33a234fad73897b7 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<ResultCond name="default" next="Auth_Realm_Main_IDP_IDP_AGOV_Authorization"/>
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Fetch_Attributes" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="false">
|
||||
<!-- source: pattern://9a8294b080ea769d22924af0 -->
|
||||
<ResultCond name="insufficientLoa" next="Auth_Realm_Main_IDP_Insufficient_LoaInfo"/>
|
||||
|
|
@ -1234,22 +1732,6 @@
|
|||
<!-- source: pattern://9a8294b080ea769d22924af0 -->
|
||||
<property name="detaillevel.default" value="EXCLUDE"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_IDP_AGOV_Authorization" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Auth_Done"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<ResultCond name="forbidden_0" next="Auth_Realm_Main_IDP_IDP_AGOV_Authorization"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<ResultCond name="stepup" next="Auth_Realm_Main_IDP_Selector"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<property name="parameter.paths" value="^http[s]?\u003A//[^/]+/SAML2/SSO/.*$"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/saml_idp_agov_authorization.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Fetch_Attributes_Check_new_LOA" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
|
||||
<!-- source: pattern://9a8294b080ea769d22924af0 -->
|
||||
<ResultCond name="insufficientLoa" next="Auth_Realm_Main_IDP_Insufficient_LoaInfo"/>
|
||||
|
|
@ -1263,13 +1745,6 @@
|
|||
<!-- source: pattern://9a8294b080ea769d22924af0 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/checkInsufficientLoa.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Response value="AUTH_DONE">
|
||||
<!-- source: pattern://6061abea33a234fad73897b7, pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<Gui name="ContinueResponse"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://4fcfadb4a5c946ead7e6e995 -->
|
||||
<ResultCond name="nomatch" next="Auth_Realm_Main_IDP_Prepare_Done"/>
|
||||
|
|
@ -1279,208 +1754,6 @@
|
|||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_IDP_Status_Check" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<ResultCond name="continueAfterRepost" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_PreProcess_Done"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<Response value="AUTH_ERROR"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
|
||||
<!-- source: pattern://7a913eec7f78ce674cd87854 -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/idp_status_check.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_PreProcess_Done" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<ResultCond name="idp_2055108788" next="Auth_Realm_Main_IDP_IDP_AGOV_Dispatcher"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||
</Response>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<property name="condition:idp_2055108788" value="${request:currentResource:^http[s]?\u003A//[^/]+/SAML2/SSO/.*$:true}"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_IDP_AGOV_Dispatcher" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<ResultCond name="confirm" next="Auth_Realm_Main_IDP_IDP_AGOV_Logout_Confirm"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<ResultCond name="state0" next="Auth_Realm_Main_IDP_IDP_AGOV_IDP_SP_Connector"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Gui name="saml_dispatcher" label="title.saml.failed">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<property name="parameter.logoutConfirmation" value="false"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<property name="parameter.spInitiated" value="true"/>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_IDP_AGOV_Logout_Confirm" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<Gui name="saml_logout_confirm" label="title.logout.confirmation"/>
|
||||
</Response>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<property name="script" value="file:///var/opt/nevisauth/default/conf/saml_idp_logout_confirm.groovy"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_IDP_AGOV_IDP_SP_Connector" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="IDP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Concurrent_Logout"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="IDP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Prepare_Done"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="LogoutCompleted" next="Auth_Realm_Main_IDP_Logout_Done"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="LogoutFailed" next="Auth_Realm_Main_IDP_Logout_Fail"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="SP-initiated-ConcurrentLogout" next="Auth_Realm_Main_IDP_Concurrent_Logout"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="SP-initiated-SingleLogout" next="Auth_Realm_Main_IDP_Prepare_Done"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="authenticate:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="authenticate:SP-initiated-SSO" next="Auth_Realm_Main_IDP_RequestedRoleLevel"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="invalidAssertionConsumerUrl" next="Auth_Realm_Main_IDP_IDP_AGOV_IDP_SP_Connector"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Prepare_Done"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="stepup:IDP-initiated-SSO" next="Auth_Realm_Main_IDP_Selector"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<ResultCond name="stepup:SP-initiated-SSO" next="Auth_Realm_Main_IDP_Selector"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Gui name="saml_idp" label="title.saml.failed">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="session.participants-store.key" value="IDP_AGOV-session-participants"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="logoutMode" value="ConcurrentLogout-Redirect"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="in.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="logoutTrigger" value="#{request['currentResource'].contains('logout') || inargs.containsKey('logout') || inargs.containsKey('SAMLLogout')}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.binding" value="http-post"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.post.relayStateEncoding" value="HTML"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.sign" value="Response Assertion"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.signatureKeyInfo" value="Certificate"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.ttl" value="30"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.subject" value="${response:userId}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.issuer" value="https://auth.agov-w.azure.adnovum.net/SAML2/"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="spURL" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="spIssuer" value="https://trustbroker.agov-d.azure.adnovum.net"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="acsUrlWhitelist.uris" value="https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="in.binding" value="auto"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="in.max_age" value="60"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="${sess:ch.nevis.idm.User.email}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance" value="${sess:ch.nevis.idm.User.language}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:ch.nevis.idm.User.lastName}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr'] : ''}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/placeOfBirth" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.placeOfBirth'] : ''}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/eIdNumber" value="${sess:ch.nevis.idm.User.prop.eIdNumber}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification" value="${sess:ValidFrom}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/validTillDate" value="${sess:ValidTo}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/verificationMethod" value="#{ ''.concat(sess.get('idVerification')).replace('SelfPaid', '') }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/nationality" value="#{ sess.containsKey('ch.nevis.idm.User.prop.nationality') ? sess['ch.nevis.idm.User.prop.nationality'].toUpperCase(): '' }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith" value="${sess:authenticatedWith}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/emailVerified" value="true"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/street" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.street'] : '' }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/houseNumber" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.houseNumber'] : '' }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/zipCode" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.postalCode'] : '' }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2023/08/identity/claims/address/town" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.city'] : '' }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/country" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['ch.nevis.idm.User.country'].toUpperCase() : '' }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/qa/verificationMethod" value="#{ (sess['agov.appAddressRequired'] == 'true') ? ''.concat(sess.get('agov.adressVerification')).replace('Location', 'Domicile') : '' }"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.attribute.http://schemas.agov.ch/ws/2024/02/identity/claims/address/countryName" value="#{ (sess['agov.appAddressRequired'] == 'true') ? sess['agov.countryName'] : ''}"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<property name="out.audienceRestriction" value="https://trustbroker.agov-d.azure.adnovum.net"/>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Concurrent_Logout" class="ch.nevis.esauth.auth.states.standard.AuthLogout" final="false" resumeState="false">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Response value="AUTH_CONTINUE">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Gui name="saml_logout" label="title.logout">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<GuiElem name="saml.logoutURLs" type="hidden" value="${outargs:saml.logoutURLs}" optional="true"/>
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<GuiElem name="saml.logoutURL" type="hidden" value="#{ session.containsKey('saml.logoutURL') ? session.get('saml.logoutURL') : '/' }" optional="true"/>
|
||||
</Gui>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Logout_Done" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Gui name="empty"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Main_IDP_Logout_Fail" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
<!-- source: pattern://27cefc3861bce987f6766342 -->
|
||||
<Gui name="empty"/>
|
||||
</Response>
|
||||
</AuthState>
|
||||
<AuthState name="Auth_Realm_Mobile_FIDO_UAF_DirectFidoAuthRequired" class="ch.nevis.esauth.auth.states.directResponse.DirectResponseState" final="true" resumeState="false">
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
<Response value="AUTH_ERROR">
|
||||
|
|
@ -2680,4 +2953,13 @@
|
|||
<property name="generateNow" value="true"/>
|
||||
</AuthState>
|
||||
</AuthEngine>
|
||||
<!-- source: pattern://ab5a82719993921822e95751 -->
|
||||
<WebService name="ArtifactResolutionService" class="ch.nevis.esauth.auth.adapter.saml.ArtifactResolutionService" uri="/nevisauth/services/artifactresolution" SSODomain="Auth_Realm_Main_IDP">
|
||||
<!-- source: pattern://ab5a82719993921822e95751 -->
|
||||
<property name="issuer" value="Auth_Realm_Main_IDP_Custom_EPD_Artifact_IDP"/>
|
||||
<!-- source: pattern://ab5a82719993921822e95751 -->
|
||||
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
|
||||
<!-- source: pattern://ab5a82719993921822e95751 -->
|
||||
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
||||
</WebService>
|
||||
</esauth-server>
|
||||
|
|
|
|||
|
|
@ -75,9 +75,18 @@ def dispatchIssuer(i2s, String issuer) {
|
|||
if (result == null) {
|
||||
LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
|
||||
}
|
||||
|
||||
// dispatch different idp if artifact binding is enabled
|
||||
if(parameters.get('epdMode') == 'artifact' && result == 'epd'){
|
||||
LOG.debug("EPD: Artifact mode")
|
||||
result = result + "_artifact"
|
||||
}else{
|
||||
LOG.debug("EPD: POST mode")
|
||||
}
|
||||
response.setResult(result)
|
||||
session.put("saml.inbound.issuer", issuer)
|
||||
session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message
|
||||
|
||||
}
|
||||
|
||||
def dispatchMessage(i2s, String message) {
|
||||
|
|
@ -108,7 +117,8 @@ if (request.getSession(false) == null) {
|
|||
def i2s = new TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER)
|
||||
|
||||
|
||||
i2s.put('https://trustbroker.agov-d.azure.adnovum.net', 'state0')
|
||||
i2s.put(parameters.get('atb'), 'main')
|
||||
i2s.put(parameters.get('epd_atb'), 'epd')
|
||||
|
||||
if (parameters.get('spInitiated') == 'true' && inargs.containsKey('SAMLRequest')) { // SP-initiated authentication
|
||||
LOG.debug("found SAMLRequest parameter for SP-initiated authentication")
|
||||
|
|
@ -26,7 +26,7 @@ int getRequestedLevel(String authnContextClassRef, def roleList){
|
|||
|
||||
def session = request.getAuthSession(true)
|
||||
def context = session.get('ch.nevis.auth.saml.request.authnContextClassRef')
|
||||
def roleLevels = [100,200,300,400]
|
||||
def roleLevels = [100,200,300,400,500,600]
|
||||
def requestedRoleLevelNumber = getRequestedLevel(context, roleLevels)
|
||||
|
||||
//set attribute Requested Role Level
|
||||
|
|
@ -44,17 +44,27 @@ def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
|
|||
def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
|
||||
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
|
||||
|
||||
LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||
def bestTokenAddressWhitelist = ',' + (parameters.get('bestTokenAddressWhitelist') ?: '').replaceAll('\\s','') + ','
|
||||
def appRequiresBestTokenWithAddress = bestTokenAddressWhitelist.contains(','+requester+',')
|
||||
|
||||
def bestTokenSvnrWhitelist = ',' + (parameters.get('bestTokenSvnrWhitelist') ?: '').replaceAll('\\s','') + ','
|
||||
def appRequiresBestTokenWithSvnr = bestTokenSvnrWhitelist.contains(','+requester+',')
|
||||
|
||||
LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, BestTokenRequired='svnr: ${appRequiresBestTokenWithSvnr}; address: ${appRequiresBestTokenWithAddress}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
|
||||
|
||||
def appAddressRequiredWhitelist = ',' + (parameters.get('appAddressRequired.whitelist') ?: '').replaceAll('\\s','') + ','
|
||||
def appIsOnappAddressRequiredWhitelist = appAddressRequiredWhitelist.contains(','+requester+',')
|
||||
|
||||
if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == null) {
|
||||
response.setResult('error');
|
||||
return
|
||||
}
|
||||
|
||||
// TODO/haburger/2024-03-21: move this later, now here for a simple start
|
||||
if (requestedRoleLevelNumber == 600 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == 'OidcPlaygroundWork') {
|
||||
session.setAttribute('agov.appSvnrAllowed', 'true')
|
||||
response.setResult('exit.1');
|
||||
return
|
||||
}
|
||||
|
||||
try {
|
||||
def spanCtxt = Span.current().getSpanContext()
|
||||
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
|
||||
|
|
@ -71,16 +81,18 @@ try {
|
|||
def json = jsonSlurper.parseText(httpResponse.bodyAsString())
|
||||
LOG.debug('AdressRequired: ' + json.addrRequired)
|
||||
LOG.debug('SvnrAllowed: ' + json.svnrAllowed)
|
||||
LOG.debug('appAddressRequiredWhitelist applies: ' + appIsOnappAddressRequiredWhitelist)
|
||||
LOG.debug('appRequiresBestTokenWithAddress: ' + appRequiresBestTokenWithAddress)
|
||||
LOG.debug('appRequiresBestTokenWithSvnr: ' + appRequiresBestTokenWithSvnr)
|
||||
|
||||
// address will be returned to the application if allowed by connect (json.addrRequired)
|
||||
// and the authRequest was done with at least AGOVaq 200
|
||||
// BITBKAGOVSUP-362: or whitelisted to receive the address
|
||||
session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appIsOnappAddressRequiredWhitelist)))
|
||||
// BUNDBITBK-4307: or best token for address is enabled
|
||||
session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appRequiresBestTokenWithAddress)))
|
||||
|
||||
// address will be returned to the application if allowed by connect (json.svnrAllowed)
|
||||
// and the authRequest was done with at least AGOVaq 300
|
||||
session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && requestedRoleLevelNumber >= 300))
|
||||
// BUNDBITBK-4307: or best token for svnr is enabled
|
||||
session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && ((requestedRoleLevelNumber >= 300) || appRequiresBestTokenWithSvnr)))
|
||||
|
||||
session.setAttribute('agov.appDisplayNameDE', '' + json.displayNameDe)
|
||||
session.setAttribute('agov.appDisplayNameFR', '' + json.displayNameFr)
|
||||
|
|
@ -93,7 +105,7 @@ try {
|
|||
LOG.warn('Unexcpected HTTP response code: ' + httpResponse.code())
|
||||
|
||||
if ( requestedRoleLevelNumber == 100) {
|
||||
session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
|
||||
session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
|
||||
session.setAttribute('agov.appSvnrAllowed', 'false')
|
||||
response.setResult('ok')
|
||||
}
|
||||
|
|
@ -112,7 +124,7 @@ try {
|
|||
} catch (Exception e) {
|
||||
LOG.error("Failed to fetch connect meta data for relying party '${session.get('ch.nevis.auth.saml.request.scoping.requesterId')}'", e)
|
||||
if ( requestedRoleLevelNumber == 100) {
|
||||
session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
|
||||
session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
|
||||
session.setAttribute('agov.appSvnrAllowed', 'false')
|
||||
response.setResult('ok')
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisFIDO"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-b0ee5bf8f21b6deb852634ece4565dee10c29032"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
|
||||
credentials: "git-credentials"
|
||||
database:
|
||||
|
|
|
|||
|
|
@ -7,5 +7,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
|
|
@ -32,7 +32,7 @@ fido-uaf:
|
|||
token-registration: "180s"
|
||||
token-deregistration: "180s"
|
||||
token-authentication: "180s"
|
||||
device-request: "300s"
|
||||
device-request: "600s"
|
||||
transaction-confirmation:
|
||||
max-text-length: 2000
|
||||
metadata:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisFIDO"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-b0ee5bf8f21b6deb852634ece4565dee10c29032"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
|
|
@ -29,7 +29,7 @@ fido2:
|
|||
rp-name: "AGOV-RelPartName"
|
||||
rp-id: "adnovum.net"
|
||||
origins:
|
||||
- "https://me.agov-w.azure.adnovum.net"
|
||||
- "https://ob.agov-w.azure.adnovum.net"
|
||||
- "https://nevisidm.agov-w.azure.adnovum.net"
|
||||
- "https://auth.agov-w.azure.adnovum.net"
|
||||
signature-algorithms:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
apiVersion: "operator.nevis-security.ch/v1"
|
||||
kind: "NevisDatabase"
|
||||
metadata:
|
||||
name: "idm"
|
||||
namespace: "adn-agov-nevisidm-01-uat"
|
||||
labels:
|
||||
deploymentTarget: "idm"
|
||||
trustImport: "idm-technical-trust-store-1058498828"
|
||||
annotations:
|
||||
projectKey: "DEFAULT-ADN-AGOV-PROJECT"
|
||||
patternId: "2951ead44a7a9362a4545094"
|
||||
spec:
|
||||
type: "NevisIDM"
|
||||
databaseType: "MariaDB"
|
||||
version: "8.2411.1"
|
||||
url: "mariadb-agov-uat.mariadb.database.azure.com"
|
||||
port: 3306
|
||||
ssl: true
|
||||
database: "nevisidm_uat"
|
||||
bootstrap: true
|
||||
migrate: true
|
||||
rootCredentials:
|
||||
name: "root-adn-agov-nevisidm-admin-01-uat-idm"
|
||||
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||
podSecurity:
|
||||
policy: "baseline"
|
||||
automountServiceAccountToken: false
|
||||
timeZone: "Europe/Zurich"
|
||||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisIDM"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -46,9 +46,12 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-b0ee5bf8f21b6deb852634ece4565dee10c29032"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
|
||||
credentials: "git-credentials"
|
||||
database:
|
||||
name: "idm"
|
||||
requiredVersion: "8.2411.1"
|
||||
keystores:
|
||||
- "idm-default-identity"
|
||||
truststores:
|
||||
|
|
@ -61,4 +64,3 @@ spec:
|
|||
secrets:
|
||||
secret:
|
||||
- "0eb37a5f44023ef0ad1013b6-89ec31e5"
|
||||
- "a2068eb83a60702322c13949-27ed70d3"
|
||||
|
|
|
|||
|
|
@ -4,5 +4,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
|
|
@ -3,9 +3,9 @@ web.gui.languages.default=de
|
|||
# source: pattern://2951ead44a7a9362a4545094
|
||||
database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
|
||||
# source: pattern://2951ead44a7a9362a4545094
|
||||
database.connection.username=adndbadmin
|
||||
database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
|
||||
# source: pattern://2951ead44a7a9362a4545094
|
||||
database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
|
||||
database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
|
||||
# source: pattern://b8a36646f81c3247cdb5d90b
|
||||
application.mail.smtp.host=greenmail.adn-agov-mail-01-uat.svc
|
||||
# source: pattern://b8a36646f81c3247cdb5d90b
|
||||
|
|
@ -13,6 +13,8 @@ application.mail.smtp.port=3025
|
|||
# source: pattern://b8a36646f81c3247cdb5d90b
|
||||
application.mail.sender=noreply-agov-uat@adnovum.ch
|
||||
# source: pattern://71411a755a625f9b850c6cf5
|
||||
application.config.credentialTypesToBeLockedInDatabase=URLTICKET,SAMLFEDERATION,CONTEXTPASSWORD
|
||||
# source: pattern://71411a755a625f9b850c6cf5
|
||||
application.feature.email.validation.enabled=false
|
||||
# source: pattern://71411a755a625f9b850c6cf5, pattern://b8a36646f81c3247cdb5d90b
|
||||
application.feature.multiclientmode.enabled=true
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ metadata:
|
|||
spec:
|
||||
type: "NevisLogrend"
|
||||
replicas: 1
|
||||
version: "8.2411.1"
|
||||
version: "8.2411.2"
|
||||
gitInitVersion: "1.3.0"
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
|
|
@ -44,7 +44,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-b0ee5bf8f21b6deb852634ece4565dee10c29032"
|
||||
tag: "r-ba39848d1c443859cdedb92e5cb503a09a1feaca"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
|
||||
credentials: "git-credentials"
|
||||
podSecurity:
|
||||
|
|
|
|||
|
|
@ -10,5 +10,5 @@ JAVA_OPTS=(
|
|||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||
"-Dotel.javaagent.logging=application"
|
||||
"-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.1,service.instance.id=$HOSTNAME"
|
||||
"-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
|
||||
)
|
||||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sprache wählen
|
||||
loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
|
||||
loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
|
||||
loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
|
||||
loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
|
||||
loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
|
||||
loainfo.later=Später
|
||||
loainfo.startNow=Möchten Sie den Prozess jetzt starten?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
|
|||
recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
|
||||
recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
|
||||
recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
|
||||
recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_noCode.banner.error=Zu viele Versuche.
|
||||
recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
|
||||
recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sélectionner la langue
|
||||
loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
|
||||
loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
|
||||
loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
|
||||
loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
|
||||
loainfo.helper=Vos données doivent être vérifiées!
|
||||
loainfo.later=Plus tard
|
||||
loainfo.startNow=Voulez-vous commencer le processus maintenant?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
|
|||
recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
|
||||
recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
|
||||
recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
|
||||
recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_noCode.banner.error=Trop de tentatives.
|
||||
recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
|
||||
recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la récupération du compte dans dix minutes à partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Selezionare la lingua
|
||||
loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
|
||||
loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
|
||||
loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
|
||||
loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
|
||||
loainfo.helper=I dati devono essere verificati!
|
||||
loainfo.later=Più tardi
|
||||
loainfo.startNow=Iniziare la procedura?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
|
|||
recovery_check_code.noAccess=Non ho il mio codice.
|
||||
recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
|
||||
recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
|
||||
recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
|
||||
recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
|
||||
recovery_check_noCode.banner.error=Troppi tentativi.
|
||||
recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
|
||||
recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -0,0 +1,4 @@
|
|||
document.addEventListener('DOMContentLoaded', function() {
|
||||
document.dispatchEvent(new Event('initEidVerification'));
|
||||
document.dispatchEvent(new Event('initCantonalBranding'));
|
||||
});
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -0,0 +1,3 @@
|
|||
module.exports = {
|
||||
...require('./mock-defaults')
|
||||
};
|
||||
|
|
@ -0,0 +1,224 @@
|
|||
#parse("${templatePath}/header.vm")
|
||||
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
|
||||
|
||||
<agov-backdrop></agov-backdrop>
|
||||
<div id="mainContent" class="container mx-auto sm:mt-2 sm:max-w-full flex h-full sm:h-auto">
|
||||
<div class="flex flex-col items-start gap-4 w-full rounded-[36px] sm:p-6 mx-auto
|
||||
max-w-[600px] md:max-w-[1200px] sm:bg-lily-blue dark:sm:bg-purple-black">
|
||||
|
||||
<div id="cantonalBranding"
|
||||
class="flex items-center rounded-xl gap-5 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
|
||||
<div class="flex items-center p-2 bg-white rounded sm:rounded-xl w-16 h-16" id="logo"></div>
|
||||
<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
|
||||
#if ($login.language =="en")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
|
||||
#elseif ($login.language =="de")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
|
||||
#elseif ($login.language =="fr")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
|
||||
#else
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
|
||||
#end
|
||||
</h1>
|
||||
</div>
|
||||
|
||||
<div class="flex flex-col md:flex-row w-full gap-6">
|
||||
<div id="registerCard" class="w-full md:min-h-[689px] flex flex-col justify-between">
|
||||
<div id="swiyuLoginImage"
|
||||
class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
|
||||
<img alt="" src="${login.appDataPath}/static/images/login.svg"
|
||||
class="hidden md:block dark:hidden w-full">
|
||||
<img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
|
||||
class="hidden md:hidden dark:md:block w-full">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="loginModal"
|
||||
class="flex flex-col bg-white dark:bg-surface-black rounded-[20px] sm:min-h-[700px] p-6 sm:pb-8 sm:pt-10 sm:px-10
|
||||
max-w-[550px] w-full">
|
||||
|
||||
<div class="flex mb-4 sm:mb-6 items-baseline">
|
||||
<h1 class="font-header text-h4 text-space-blue dark:text-white mr-3">$text.get("eid_verification.login")</h1>
|
||||
</div>
|
||||
|
||||
<div id="cantonalBrandingMobile"
|
||||
class="flex items-center rounded-xl gap-5 mb-4 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
|
||||
<div class="flex items-center p-2 bg-white dark:bg-black rounded sm:rounded-xl w-16 h-16"
|
||||
id="logoMobile"></div>
|
||||
<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
|
||||
#if ($login.language =="en")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
|
||||
#elseif ($login.language =="de")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
|
||||
#elseif ($login.language =="fr")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
|
||||
#else
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
|
||||
#end
|
||||
</h1>
|
||||
</div>
|
||||
|
||||
<div id="swiyuWalletAppModal" class="h-full">
|
||||
|
||||
<div class="desktopBanner" aria-live="assertive">
|
||||
<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center p-4
|
||||
mb-4">
|
||||
<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.info")
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
|
||||
items-center p-4 mb-4">
|
||||
<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
|
||||
<div>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.success")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center
|
||||
p-4 mb-4">
|
||||
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.error")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="relative flex flex-col h-full">
|
||||
<div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-8 -left-4 -right-4
|
||||
z-10"></div>
|
||||
<div class="mobileBanner relative z-20" aria-live="assertive">
|
||||
<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center
|
||||
p-4 mb-4">
|
||||
<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.info")
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
|
||||
items-center p-4 mb-4">
|
||||
<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
|
||||
<div>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.success")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background
|
||||
items-center p-4 mb-4">
|
||||
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.error")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="swiyuLoginImageMobile"
|
||||
class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login.svg"
|
||||
class="block dark:hidden w-full">
|
||||
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login-dark.svg"
|
||||
class="hidden dark:block w-full">
|
||||
</div>
|
||||
<div id="QRCodeHolder">
|
||||
<div class="relative">
|
||||
<canvas role="img" aria-labelledby="labelQRCodeInstructions" id="swiyu_qrcode"
|
||||
class="mb-6 mx-auto"></canvas>
|
||||
<div class="hidden" id="QRcodeHiddenLink"></div>
|
||||
<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2
|
||||
z-20">
|
||||
<img src="${login.appDataPath}/static/images/spinner.svg" class="animate-spin block dark:hidden">
|
||||
<img src="${login.appDataPath}/static/images/spinner-dark.svg"
|
||||
class="animate-spin hidden dark:block">
|
||||
</span>
|
||||
</div>
|
||||
|
||||
<a id="swiyuWalletAppLinkIpad" href="" class="hidden">
|
||||
<agov-button
|
||||
class="block basis-full mb-6"
|
||||
data-name="swiyuWalletApp"
|
||||
data-value="swiyuWalletApp"
|
||||
data-id="swiyuWalletAppIpad"
|
||||
data-label="$text.get("general.goSwiyuWalletApp")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
</a>
|
||||
|
||||
<div class="swiyuWalletAppInstructions flex bg-indigo-light rounded-xl p-4 mb-2 items-center
|
||||
dark:bg-purple-black">
|
||||
<img alt="" src="${login.appDataPath}/static/images/access-app.svg" class="h-12 mr-4">
|
||||
<p id="labelQRCodeInstructions" class="font-header text-h5 text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.instructions")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8" class="w-full sm:static mt-auto mb-20 sm:mb-0">
|
||||
|
||||
<div id="mobileButtons" class="hidden w-full">
|
||||
<div class="flex flex-col">
|
||||
<a id="swiyuWalletAppLink" href="">
|
||||
<agov-button
|
||||
class="block basis-full mb-4"
|
||||
data-name="swiyuWalletApp"
|
||||
data-value="swiyuWalletApp"
|
||||
data-id="swiyuWalletApp"
|
||||
data-label="$text.get("general.goSwiyuWalletApp")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
</a>
|
||||
<agov-button
|
||||
id="showQR"
|
||||
class="block basis-full"
|
||||
data-style="frameless"
|
||||
data-name="EID"
|
||||
data-value="EID"
|
||||
data-id="EID"
|
||||
data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
|
||||
"eid_verification.showQR")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
|
||||
<agov-button
|
||||
id="hideQR"
|
||||
class="hidden basis-full"
|
||||
data-style="frameless"
|
||||
data-name="EID"
|
||||
data-value="EID"
|
||||
data-id="EID"
|
||||
data-label="<i class='fa-regular fa-eye-slash align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
|
||||
"eid_verification.hideQR")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
</div>
|
||||
</div>
|
||||
<input class="hidden" name="authRequestId" type="hidden"
|
||||
value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script src="${login.appDataPath}/static/js-code/eid_verification.js" defer>
|
||||
</script>
|
||||
<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
|
||||
data-language="$login.language">
|
||||
</div>
|
||||
|
||||
#parse("${templatePath}/footer.vm")
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
$text.get("footer.text")
|
||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||
</div>
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -150,15 +150,15 @@
|
|||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="agovLoginImageMobile" class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full
|
||||
mx-auto mb-6">
|
||||
<div id="agovLoginImageMobile"
|
||||
class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login.svg"
|
||||
class="block sm:hidden md:block dark:hidden w-full">
|
||||
class="block dark:hidden w-full">
|
||||
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login-dark.svg"
|
||||
class="dark:sm:hidden dark:md:block hidden dark:block w-full">
|
||||
class="hidden dark:block w-full">
|
||||
</div>
|
||||
<div id="QRCodeHolder">
|
||||
<div class="relative">
|
||||
|
|
@ -242,7 +242,7 @@
|
|||
</form>
|
||||
</div>
|
||||
</div>
|
||||
<div id="securityKeyModal" class="hidden mt-16">
|
||||
<div id="securityKeyModal" class="hidden sm:mt-16">
|
||||
|
||||
<h2 class="font-header text-h5 text-space-blue dark:text-white mt-4 text-center">
|
||||
$text.get("mauth_usernameless.useSecurityKey")
|
||||
|
|
@ -253,7 +253,7 @@
|
|||
</p>
|
||||
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8">
|
||||
accept-charset="UTF-8" class="mb-20 sm:mb-0">
|
||||
<agov-button
|
||||
class="mb-4 block"
|
||||
data-name="fallback"
|
||||
|
|
|
|||
|
|
@ -82,14 +82,14 @@
|
|||
</div>
|
||||
</div>
|
||||
<div id="agovLoginImageMobile"
|
||||
class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full basis-1/2 mx-auto mb-4">
|
||||
class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-4">
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/recovery.svg"
|
||||
class="block sm:hidden md:block dark:hidden w-full">
|
||||
class="block w-full">
|
||||
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/recovery_dark.svg"
|
||||
class="dark:sm:hidden dark:md:block hidden dark:block w-full">
|
||||
class="hidden dark:block w-full">
|
||||
</div>
|
||||
<div id="QRCodeHolder">
|
||||
<div class="relative">
|
||||
|
|
|
|||
|
|
@ -28,6 +28,12 @@
|
|||
$text.get("recovery_check_code.banner.lockedError")
|
||||
</p>
|
||||
</div>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.too_many_tries.instruction1")
|
||||
</p>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.too_many_tries.instruction2")
|
||||
</p>
|
||||
#else
|
||||
<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
|
||||
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
|
||||
|
|
@ -35,13 +41,18 @@
|
|||
$text.get("recovery_check_code.codeIncorrect")
|
||||
</p>
|
||||
</div>
|
||||
#end
|
||||
#end
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.instruction")
|
||||
</p>
|
||||
#end
|
||||
#else
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.instruction")
|
||||
</p>
|
||||
#end
|
||||
</div>
|
||||
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
|
||||
#if (($error.value && $error.value != "locked") || !($error.value))
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8"
|
||||
class="flex flex-col flex-auto block">
|
||||
|
|
@ -84,10 +95,34 @@
|
|||
data-fullwidth="true"
|
||||
data-validate="false">
|
||||
</agov-button>
|
||||
<input class="hidden" name="authRequestId" type="hidden"
|
||||
value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</div>
|
||||
</div>
|
||||
<input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</form>
|
||||
#else
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8"
|
||||
class="flex flex-col flex-auto block">
|
||||
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
|
||||
<div class="flex flex-col flex-row-reverse gap-4">
|
||||
<agov-button
|
||||
id="recovery_code_btn_cancel"
|
||||
class="block basis-full"
|
||||
data-name="cancelFido2"
|
||||
data-value="cancelFido2"
|
||||
data-id="cancelFido2"
|
||||
data-label="$text.get("recovery_check_code.noAccess")"
|
||||
data-type="button"
|
||||
data-fullwidth="true"
|
||||
data-validate="false">
|
||||
</agov-button>
|
||||
<input class="hidden" name="authRequestId" type="hidden"
|
||||
value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
#end
|
||||
</div>
|
||||
<form class="hidden"
|
||||
id="$gui.name"
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sprache wählen
|
||||
loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
|
||||
loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
|
||||
loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
|
||||
loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
|
||||
loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
|
||||
loainfo.later=Später
|
||||
loainfo.startNow=Möchten Sie den Prozess jetzt starten?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
|
|||
recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
|
||||
recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
|
||||
recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
|
||||
recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_noCode.banner.error=Zu viele Versuche.
|
||||
recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
|
||||
recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sélectionner la langue
|
||||
loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
|
||||
loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
|
||||
loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
|
||||
loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
|
||||
loainfo.helper=Vos données doivent être vérifiées!
|
||||
loainfo.later=Plus tard
|
||||
loainfo.startNow=Voulez-vous commencer le processus maintenant?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
|
|||
recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
|
||||
recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
|
||||
recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
|
||||
recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_noCode.banner.error=Trop de tentatives.
|
||||
recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
|
||||
recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la récupération du compte dans dix minutes à partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Selezionare la lingua
|
||||
loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
|
||||
loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
|
||||
loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
|
||||
loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
|
||||
loainfo.helper=I dati devono essere verificati!
|
||||
loainfo.later=Più tardi
|
||||
loainfo.startNow=Iniziare la procedura?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
|
|||
recovery_check_code.noAccess=Non ho il mio codice.
|
||||
recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
|
||||
recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
|
||||
recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
|
||||
recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
|
||||
recovery_check_noCode.banner.error=Troppi tentativi.
|
||||
recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
|
||||
recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sprache wählen
|
||||
loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
|
||||
loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
|
||||
loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
|
||||
loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
|
||||
loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
|
||||
loainfo.later=Später
|
||||
loainfo.startNow=Möchten Sie den Prozess jetzt starten?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
|
|||
recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
|
||||
recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
|
||||
recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
|
||||
recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_noCode.banner.error=Zu viele Versuche.
|
||||
recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
|
||||
recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sélectionner la langue
|
||||
loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
|
||||
loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
|
||||
loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
|
||||
loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
|
||||
loainfo.helper=Vos données doivent être vérifiées!
|
||||
loainfo.later=Plus tard
|
||||
loainfo.startNow=Voulez-vous commencer le processus maintenant?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
|
|||
recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
|
||||
recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
|
||||
recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
|
||||
recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_noCode.banner.error=Trop de tentatives.
|
||||
recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
|
||||
recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la récupération du compte dans dix minutes à partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Selezionare la lingua
|
||||
loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
|
||||
loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
|
||||
loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
|
||||
loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
|
||||
loainfo.helper=I dati devono essere verificati!
|
||||
loainfo.later=Più tardi
|
||||
loainfo.startNow=Iniziare la procedura?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
|
|||
recovery_check_code.noAccess=Non ho il mio codice.
|
||||
recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
|
||||
recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
|
||||
recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
|
||||
recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
|
||||
recovery_check_noCode.banner.error=Troppi tentativi.
|
||||
recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
|
||||
recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -0,0 +1,4 @@
|
|||
document.addEventListener('DOMContentLoaded', function() {
|
||||
document.dispatchEvent(new Event('initEidVerification'));
|
||||
document.dispatchEvent(new Event('initCantonalBranding'));
|
||||
});
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -0,0 +1,3 @@
|
|||
module.exports = {
|
||||
...require('./mock-defaults')
|
||||
};
|
||||
|
|
@ -0,0 +1,224 @@
|
|||
#parse("${templatePath}/header.vm")
|
||||
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
|
||||
|
||||
<agov-backdrop></agov-backdrop>
|
||||
<div id="mainContent" class="container mx-auto sm:mt-2 sm:max-w-full flex h-full sm:h-auto">
|
||||
<div class="flex flex-col items-start gap-4 w-full rounded-[36px] sm:p-6 mx-auto
|
||||
max-w-[600px] md:max-w-[1200px] sm:bg-lily-blue dark:sm:bg-purple-black">
|
||||
|
||||
<div id="cantonalBranding"
|
||||
class="flex items-center rounded-xl gap-5 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
|
||||
<div class="flex items-center p-2 bg-white rounded sm:rounded-xl w-16 h-16" id="logo"></div>
|
||||
<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
|
||||
#if ($login.language =="en")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
|
||||
#elseif ($login.language =="de")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
|
||||
#elseif ($login.language =="fr")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
|
||||
#else
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
|
||||
#end
|
||||
</h1>
|
||||
</div>
|
||||
|
||||
<div class="flex flex-col md:flex-row w-full gap-6">
|
||||
<div id="registerCard" class="w-full md:min-h-[689px] flex flex-col justify-between">
|
||||
<div id="swiyuLoginImage"
|
||||
class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
|
||||
<img alt="" src="${login.appDataPath}/static/images/login.svg"
|
||||
class="hidden md:block dark:hidden w-full">
|
||||
<img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
|
||||
class="hidden md:hidden dark:md:block w-full">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="loginModal"
|
||||
class="flex flex-col bg-white dark:bg-surface-black rounded-[20px] sm:min-h-[700px] p-6 sm:pb-8 sm:pt-10 sm:px-10
|
||||
max-w-[550px] w-full">
|
||||
|
||||
<div class="flex mb-4 sm:mb-6 items-baseline">
|
||||
<h1 class="font-header text-h4 text-space-blue dark:text-white mr-3">$text.get("eid_verification.login")</h1>
|
||||
</div>
|
||||
|
||||
<div id="cantonalBrandingMobile"
|
||||
class="flex items-center rounded-xl gap-5 mb-4 p-2 sm:p-0 sm:w-auto w-full hidden bg-pale-blue dark:bg-purple-black sm:bg-transparent">
|
||||
<div class="flex items-center p-2 bg-white dark:bg-black rounded sm:rounded-xl w-16 h-16"
|
||||
id="logoMobile"></div>
|
||||
<h1 class="font-header text-h6 sm:text-h4 text-space-blue dark:text-white">
|
||||
#if ($login.language =="en")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameEN').value)
|
||||
#elseif ($login.language =="de")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameDE').value)
|
||||
#elseif ($login.language =="fr")
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameFR').value)
|
||||
#else
|
||||
$utils.escapeHtmlAttribute($gui.getGuiElem('agov.appDisplayNameIT').value)
|
||||
#end
|
||||
</h1>
|
||||
</div>
|
||||
|
||||
<div id="swiyuWalletAppModal" class="h-full">
|
||||
|
||||
<div class="desktopBanner" aria-live="assertive">
|
||||
<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center p-4
|
||||
mb-4">
|
||||
<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.info")
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
|
||||
items-center p-4 mb-4">
|
||||
<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
|
||||
<div>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.success")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center
|
||||
p-4 mb-4">
|
||||
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.error")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="relative flex flex-col h-full">
|
||||
<div id="blurBackdrop" class="hidden absolute backdrop-blur-sm -top-1 -bottom-8 -left-4 -right-4
|
||||
z-10"></div>
|
||||
<div class="mobileBanner relative z-20" aria-live="assertive">
|
||||
<div class="hidden info flex rounded-xl bg-info-background dark:bg-dark-info-background items-center
|
||||
p-4 mb-4">
|
||||
<i class="fa-regular fa-info-circle rounded-full p-3 text-info dark:text-dark-info bg-info/10 dark:bg-dark-info-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.info")
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="hidden success flex rounded-xl bg-success-background dark:bg-dark-success-background
|
||||
items-center p-4 mb-4">
|
||||
<i class="fa-regular fa-check-circle rounded-full p-3 text-success dark:text-dark-success bg-success/10 dark:bg-dark-success-icon mr-4 text-xl leading-none"></i>
|
||||
<div>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.success")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background
|
||||
items-center p-4 mb-4">
|
||||
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.banner.error")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="swiyuLoginImageMobile"
|
||||
class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login.svg"
|
||||
class="block dark:hidden w-full">
|
||||
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login-dark.svg"
|
||||
class="hidden dark:block w-full">
|
||||
</div>
|
||||
<div id="QRCodeHolder">
|
||||
<div class="relative">
|
||||
<canvas role="img" aria-labelledby="labelQRCodeInstructions" id="swiyu_qrcode"
|
||||
class="mb-6 mx-auto"></canvas>
|
||||
<div class="hidden" id="QRcodeHiddenLink"></div>
|
||||
<span id="spinner" class="hidden absolute left-1/2 top-1/2 -translate-x-1/2 -translate-y-1/2
|
||||
z-20">
|
||||
<img src="${login.appDataPath}/static/images/spinner.svg" class="animate-spin block dark:hidden">
|
||||
<img src="${login.appDataPath}/static/images/spinner-dark.svg"
|
||||
class="animate-spin hidden dark:block">
|
||||
</span>
|
||||
</div>
|
||||
|
||||
<a id="swiyuWalletAppLinkIpad" href="" class="hidden">
|
||||
<agov-button
|
||||
class="block basis-full mb-6"
|
||||
data-name="swiyuWalletApp"
|
||||
data-value="swiyuWalletApp"
|
||||
data-id="swiyuWalletAppIpad"
|
||||
data-label="$text.get("general.goSwiyuWalletApp")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
</a>
|
||||
|
||||
<div class="swiyuWalletAppInstructions flex bg-indigo-light rounded-xl p-4 mb-2 items-center
|
||||
dark:bg-purple-black">
|
||||
<img alt="" src="${login.appDataPath}/static/images/access-app.svg" class="h-12 mr-4">
|
||||
<p id="labelQRCodeInstructions" class="font-header text-h5 text-space-blue dark:text-white">
|
||||
$text.get("eid_verification.instructions")
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8" class="w-full sm:static mt-auto mb-20 sm:mb-0">
|
||||
|
||||
<div id="mobileButtons" class="hidden w-full">
|
||||
<div class="flex flex-col">
|
||||
<a id="swiyuWalletAppLink" href="">
|
||||
<agov-button
|
||||
class="block basis-full mb-4"
|
||||
data-name="swiyuWalletApp"
|
||||
data-value="swiyuWalletApp"
|
||||
data-id="swiyuWalletApp"
|
||||
data-label="$text.get("general.goSwiyuWalletApp")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
</a>
|
||||
<agov-button
|
||||
id="showQR"
|
||||
class="block basis-full"
|
||||
data-style="frameless"
|
||||
data-name="EID"
|
||||
data-value="EID"
|
||||
data-id="EID"
|
||||
data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
|
||||
"eid_verification.showQR")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
|
||||
<agov-button
|
||||
id="hideQR"
|
||||
class="hidden basis-full"
|
||||
data-style="frameless"
|
||||
data-name="EID"
|
||||
data-value="EID"
|
||||
data-id="EID"
|
||||
data-label="<i class='fa-regular fa-eye-slash align-middle text-xl text-indigo dark:text-lilac mr-2'></i>$text.get(
|
||||
"eid_verification.hideQR")"
|
||||
data-type="button"
|
||||
data-fullwidth="true">
|
||||
</agov-button>
|
||||
</div>
|
||||
</div>
|
||||
<input class="hidden" name="authRequestId" type="hidden"
|
||||
value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script src="${login.appDataPath}/static/js-code/eid_verification.js" defer>
|
||||
</script>
|
||||
<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
|
||||
data-language="$login.language">
|
||||
</div>
|
||||
|
||||
#parse("${templatePath}/footer.vm")
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
$text.get("footer.text")
|
||||
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
|
||||
</div>
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="${login.appDataPath}/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -150,15 +150,15 @@
|
|||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="agovLoginImageMobile" class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full
|
||||
mx-auto mb-6">
|
||||
<div id="agovLoginImageMobile"
|
||||
class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-6">
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login.svg"
|
||||
class="block sm:hidden md:block dark:hidden w-full">
|
||||
class="block dark:hidden w-full">
|
||||
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/login-dark.svg"
|
||||
class="dark:sm:hidden dark:md:block hidden dark:block w-full">
|
||||
class="hidden dark:block w-full">
|
||||
</div>
|
||||
<div id="QRCodeHolder">
|
||||
<div class="relative">
|
||||
|
|
@ -242,7 +242,7 @@
|
|||
</form>
|
||||
</div>
|
||||
</div>
|
||||
<div id="securityKeyModal" class="hidden mt-16">
|
||||
<div id="securityKeyModal" class="hidden sm:mt-16">
|
||||
|
||||
<h2 class="font-header text-h5 text-space-blue dark:text-white mt-4 text-center">
|
||||
$text.get("mauth_usernameless.useSecurityKey")
|
||||
|
|
@ -253,7 +253,7 @@
|
|||
</p>
|
||||
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8">
|
||||
accept-charset="UTF-8" class="mb-20 sm:mb-0">
|
||||
<agov-button
|
||||
class="mb-4 block"
|
||||
data-name="fallback"
|
||||
|
|
|
|||
|
|
@ -82,14 +82,14 @@
|
|||
</div>
|
||||
</div>
|
||||
<div id="agovLoginImageMobile"
|
||||
class="hidden md:max-w-[520px] max-w-[350px] sm:max-w-[300px] w-full basis-1/2 mx-auto mb-4">
|
||||
class="hidden max-w-[200px] sm:max-w-full sm:w-full basis-1/2 mx-auto mb-4">
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/recovery.svg"
|
||||
class="block sm:hidden md:block dark:hidden w-full">
|
||||
class="block w-full">
|
||||
|
||||
<img alt=""
|
||||
src="${login.appDataPath}/static/images/recovery_dark.svg"
|
||||
class="dark:sm:hidden dark:md:block hidden dark:block w-full">
|
||||
class="hidden dark:block w-full">
|
||||
</div>
|
||||
<div id="QRCodeHolder">
|
||||
<div class="relative">
|
||||
|
|
|
|||
|
|
@ -28,6 +28,12 @@
|
|||
$text.get("recovery_check_code.banner.lockedError")
|
||||
</p>
|
||||
</div>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.too_many_tries.instruction1")
|
||||
</p>
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.too_many_tries.instruction2")
|
||||
</p>
|
||||
#else
|
||||
<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4">
|
||||
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
|
||||
|
|
@ -35,13 +41,18 @@
|
|||
$text.get("recovery_check_code.codeIncorrect")
|
||||
</p>
|
||||
</div>
|
||||
#end
|
||||
#end
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.instruction")
|
||||
</p>
|
||||
#end
|
||||
#else
|
||||
<p class="font-body text-body-l text-space-blue dark:text-white">
|
||||
$text.get("recovery_check_code.instruction")
|
||||
</p>
|
||||
#end
|
||||
</div>
|
||||
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
|
||||
#if (($error.value && $error.value != "locked") || !($error.value))
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8"
|
||||
class="flex flex-col flex-auto block">
|
||||
|
|
@ -84,10 +95,34 @@
|
|||
data-fullwidth="true"
|
||||
data-validate="false">
|
||||
</agov-button>
|
||||
<input class="hidden" name="authRequestId" type="hidden"
|
||||
value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</div>
|
||||
</div>
|
||||
<input class="hidden" name="authRequestId" type="hidden" value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</form>
|
||||
#else
|
||||
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
|
||||
accept-charset="UTF-8"
|
||||
class="flex flex-col flex-auto block">
|
||||
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
|
||||
<div class="flex flex-col flex-row-reverse gap-4">
|
||||
<agov-button
|
||||
id="recovery_code_btn_cancel"
|
||||
class="block basis-full"
|
||||
data-name="cancelFido2"
|
||||
data-value="cancelFido2"
|
||||
data-id="cancelFido2"
|
||||
data-label="$text.get("recovery_check_code.noAccess")"
|
||||
data-type="button"
|
||||
data-fullwidth="true"
|
||||
data-validate="false">
|
||||
</agov-button>
|
||||
<input class="hidden" name="authRequestId" type="hidden"
|
||||
value="$gui.getGuiElem('authRequestId').value"/>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
#end
|
||||
</div>
|
||||
<form class="hidden"
|
||||
id="$gui.name"
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sprache wählen
|
||||
loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
|
||||
loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
|
||||
loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
|
||||
loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
|
||||
loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
|
||||
loainfo.later=Später
|
||||
loainfo.startNow=Möchten Sie den Prozess jetzt starten?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
|
|||
recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
|
||||
recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können?
|
||||
recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
|
||||
recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen.
|
||||
recovery_check_noCode.banner.error=Zu viele Versuche.
|
||||
recovery_check_noCode.instruction1=Möglicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
|
||||
recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Select language
|
||||
loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
|
||||
loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
|
||||
loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
|
||||
loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
|
||||
loainfo.helper=Your data needs to be verified!
|
||||
loainfo.later=Later
|
||||
loainfo.startNow=Do you want to start the process now?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=The code is too long
|
|||
recovery_check_code.noAccess=I do not have access to my code
|
||||
recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
|
||||
recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
|
||||
recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
|
||||
recovery_check_noCode.banner.error=Too many attempts.
|
||||
recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
|
||||
recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Sélectionner la langue
|
||||
loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
|
||||
loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
|
||||
loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
|
||||
loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
|
||||
loainfo.helper=Vos données doivent être vérifiées!
|
||||
loainfo.later=Plus tard
|
||||
loainfo.startNow=Voulez-vous commencer le processus maintenant?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Le code est trop long
|
|||
recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération
|
||||
recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ?
|
||||
recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_code.too_many_tries.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois.
|
||||
recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération.
|
||||
recovery_check_noCode.banner.error=Trop de tentatives.
|
||||
recovery_check_noCode.instruction1=Vous avez peut-être essayé de saisir le code de récupération trop de fois.
|
||||
recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la récupération du compte dans dix minutes à partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ language.it=Italiano
|
|||
languageDropdown.aria.label=Selezionare la lingua
|
||||
loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
|
||||
loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
|
||||
loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
|
||||
loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
|
||||
loainfo.helper=I dati devono essere verificati!
|
||||
loainfo.later=Più tardi
|
||||
loainfo.startNow=Iniziare la procedura?
|
||||
|
|
@ -174,6 +174,8 @@ recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo
|
|||
recovery_check_code.noAccess=Non ho il mio codice.
|
||||
recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
|
||||
recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino.
|
||||
recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte.
|
||||
recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
|
||||
recovery_check_noCode.banner.error=Troppi tentativi.
|
||||
recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
|
||||
recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ spec:
|
|||
podDisruptionBudget:
|
||||
maxUnavailable: "50%"
|
||||
git:
|
||||
tag: "r-b0ee5bf8f21b6deb852634ece4565dee10c29032"
|
||||
tag: "r-d9f8becba9a6acfa30f490d16e18038ab79e9d92"
|
||||
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
|
||||
credentials: "git-credentials"
|
||||
keystores:
|
||||
|
|
|
|||
|
|
@ -507,7 +507,7 @@
|
|||
trace = request:getTracer()
|
||||
if request:getHeader("Origin") then
|
||||
if not response:getHeader("Access-Control-Allow-Origin") then
|
||||
domains = {"trustbroker.agov-d.azure.adnovum.net", "auth.agov-w.azure.adnovum.net", "ob.agov-w.azure.adnovum.net"}
|
||||
domains = {"trustbroker.agov-d.azure.adnovum.net", "auth.agov-w.azure.adnovum.net", "trustbroker-idp.agov-w.azure.adnovum.net", "ob.agov-w.azure.adnovum.net"}
|
||||
for k, v in pairs(domains) do
|
||||
trace:info("Accepted domains="..v)
|
||||
end
|
||||
|
|
@ -1597,10 +1597,10 @@
|
|||
<param-value>true</param-value>
|
||||
</init-param>
|
||||
</servlet>
|
||||
<!-- source: pattern://e0fda9336be9c69dafc9b69e, pattern://c642107fde6b2e07f16bfedb, pattern://decb9b3f88d430fb5c95f466 -->
|
||||
<!-- source: pattern://e0fda9336be9c69dafc9b69e, pattern://a6f6dc6affdc7c692ff857b9, pattern://decb9b3f88d430fb5c95f466 -->
|
||||
<servlet>
|
||||
<servlet-name>Hosting_Default</servlet-name>
|
||||
<!-- source: pattern://e0fda9336be9c69dafc9b69e, pattern://c642107fde6b2e07f16bfedb, pattern://decb9b3f88d430fb5c95f466 -->
|
||||
<!-- source: pattern://e0fda9336be9c69dafc9b69e, pattern://a6f6dc6affdc7c692ff857b9, pattern://decb9b3f88d430fb5c95f466 -->
|
||||
<servlet-class>ch::nevis::isiweb4::servlet::defaults::DefaultServlet</servlet-class>
|
||||
</servlet>
|
||||
<!-- source: pattern://cb8c63274fe346280de0ffd5 -->
|
||||
|
|
@ -1671,7 +1671,7 @@
|
|||
<servlet-name>Hosting_Default</servlet-name>
|
||||
<url-pattern>/AUTH/RECOVERY/*</url-pattern>
|
||||
</servlet-mapping>
|
||||
<!-- source: pattern://c642107fde6b2e07f16bfedb -->
|
||||
<!-- source: pattern://a6f6dc6affdc7c692ff857b9 -->
|
||||
<servlet-mapping>
|
||||
<servlet-name>Hosting_Default</servlet-name>
|
||||
<url-pattern>/SAML2/SSO/*</url-pattern>
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@
|
|||
<link href="/resources/static/images/favicon.ico" rel="shortcut icon" type="image/x-icon"/>
|
||||
<link href="/resources/static/tailwind.css" rel="stylesheet" type="text/css"/>
|
||||
</head>
|
||||
|
||||
<body class="flex flex-col flex-auto sm:block">
|
||||
<nav class="w-full md:max-w-[1240px] lg:max-w-[1440px] mx-auto flex items-center justify-between h-20 mt-4 sm:mt-10 mb-4">
|
||||
<span class="flex-1 sm:flex-initial sm:hidden"></span>
|
||||
|
|
@ -31,36 +30,55 @@
|
|||
></agov-mobile-menu>
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
|
||||
<agov-backdrop></agov-backdrop>
|
||||
|
||||
<img alt="" class="mx-auto mt-16 block dark:hidden" src="/resources/static/images/logout-img.svg">
|
||||
<img alt="" class="mx-auto mt-16 hidden dark:block" src="/resources/static/images/logout-img-dark.svg">
|
||||
<div class="flex flex-col gap-6">
|
||||
<div class="flex flex-col md:flex-row justify-evenly gap-6 mt-10">
|
||||
<div class="mb-10">
|
||||
<h3 class="font-header text-h3 text-black dark:text-white mb-4 mx-auto text-center">Déconnecté</h3>
|
||||
<p class="font-body text-body-l text-black dark:text-white mx-auto text-center">Vous avez été déconnecté avec succès.</p>
|
||||
<p class="font-body text-body-l text-black dark:text-white mx-auto text-center">Vous avez été déconnecté avec
|
||||
succès.</p>
|
||||
</div>
|
||||
|
||||
<div class="mb-10">
|
||||
<h3 class="font-header text-h3 text-black dark:text-white mb-4 mx-auto text-center">Ausgeloggt</h3>
|
||||
<p class="font-body text-body-l text-black dark:text-white mx-auto text-center">Sie wurden erfolgreich abgemeldet.</p>
|
||||
</div>
|
||||
|
||||
<div class="mb-10">
|
||||
<h3 class="font-header text-h3 text-black dark:text-white mb-4 mx-auto text-center">Disconnesso</h3>
|
||||
<p class="font-body text-body-l text-black dark:text-white mx-auto text-center">Sei stato disconnesso con successo.</p>
|
||||
<p class="font-body text-body-l text-black dark:text-white mx-auto text-center">Sei stato disconnesso con
|
||||
successo.</p>
|
||||
</div>
|
||||
|
||||
<div class="mb-10">
|
||||
<h3 class="font-header text-h3 text-black dark:text-white mb-4 mx-auto text-center">Logged out</h3>
|
||||
<p class="font-body text-body-l text-black dark:text-white mx-auto text-center">You have been successfully logged out.</p>
|
||||
<p class="font-body text-body-l text-black dark:text-white mx-auto text-center">You have been successfully logged
|
||||
out.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="flex flex-col items-center">
|
||||
<agov-button
|
||||
id="login-button"
|
||||
data-style="primary"
|
||||
data-label="Login">
|
||||
</agov-button>
|
||||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
<script>
|
||||
document.getElementById("login-button").addEventListener('click', () => {
|
||||
this.loginAgain();
|
||||
});
|
||||
|
||||
function loginAgain() {
|
||||
if (window.history.length > 0) {
|
||||
window.history.back();
|
||||
} else {
|
||||
window.location.href = window.location.origin;
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@
|
|||
</div>
|
||||
</div>
|
||||
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
|
||||
<p>1.8.x.60-20250213T230854Z</p>
|
||||
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
|
||||
</footer>
|
||||
<script src="/resources/static/bundle.js"></script>
|
||||
</body>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue