diff --git a/patterns/IDP_AGOV_c642107fde6b2e07f16bfedb.yml b/patterns/IDP_AGOV_c642107fde6b2e07f16bfedb.yml index 5d8ebfd..0877db1 100644 --- a/patterns/IDP_AGOV_c642107fde6b2e07f16bfedb.yml +++ b/patterns/IDP_AGOV_c642107fde6b2e07f16bfedb.yml @@ -19,6 +19,7 @@ pattern: - "pattern://4fcfadb4a5c946ead7e6e995" sp: - "pattern://27cefc3861bce987f6766342" + - "pattern://b8139a4b73abce1ce1a22170" samlSigner: - "pattern://56d6268c95f766c86c6aaae9" metadataService: "disabled" diff --git a/patterns/IDP_SP_EPD_Connector_b8139a4b73abce1ce1a22170.yml b/patterns/IDP_SP_EPD_Connector_b8139a4b73abce1ce1a22170.yml new file mode 100644 index 0000000..4ac6887 --- /dev/null +++ b/patterns/IDP_SP_EPD_Connector_b8139a4b73abce1ce1a22170.yml @@ -0,0 +1,62 @@ +schemaVersion: "1.0" +pattern: + id: "b8139a4b73abce1ce1a22170" + className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlSpConnector" + name: "IDP_SP_EPD_Connector" + label: "IDP" + notes: "- Subject NameID Format -> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\n\ + - dateOfBirth: to have a date suitable for SAML and OIDC, we remove the TimeZone\ + \ charachter ('1993-03-03Z' --> '1993-03-03')\n- verificationMethod: BUNDBITBK-2892\ + \ SelfPaid is only for internal use, we remove this from the public assertion\n\ + - address.verificationMethod: BUNDBITBK-2921 avoid interface change for hotfix" + properties: + issuer: "var://idp_sp_epd_connector-sp-issuer" + url: "var://idp_sp_epd_connector-sp-url---assertion-consumer-services" + signerTrust: + - "pattern://8052fd68f4a663629d651f7b" + subjectFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + subjectConfirmation: "bearer" + attributes: + - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: "${sess:ch.nevis.idm.User.email}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance: "${sess:ch.nevis.idm.User.language}" + - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: "${sess:ch.nevis.idm.User.firstName}" + - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: "${sess:ch.nevis.idm.User.lastName}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth: "${sess:ch.nevis.idm.User.birthDate:^(\\\ + d\\d\\d\\d-\\d\\d-\\d\\d).*$}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/sex: "${sess:ch.nevis.idm.User.gender}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber: "#{\ + \ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr']\ + \ : ''}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/placeOfBirth: "#{ (sess['agov.appSvnrAllowed']\ + \ == 'true') ? sess['ch.nevis.idm.User.prop.placeOfBirth'] : ''}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/eIdNumber: "${sess:ch.nevis.idm.User.prop.eIdNumber}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification: "${sess:ValidFrom}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/validTillDate: "${sess:ValidTo}" + - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/verificationMethod: "#{\ + \ ''.concat(sess.get('idVerification')).replace('SelfPaid', '') }" + - http://schemas.agov.ch/ws/2023/05/identity/claims/nationality: "#{ sess.containsKey('ch.nevis.idm.User.prop.nationality')\ + \ ? sess['ch.nevis.idm.User.prop.nationality'].toUpperCase(): '' }" + - http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith: "${sess:authenticatedWith}" + - http://schemas.agov.ch/ws/2023/08/identity/claims/emailVerified: "true" + - http://schemas.agov.ch/ws/2023/08/identity/claims/address/street: "#{ (sess['agov.appAddressRequired']\ + \ == 'true') ? sess['ch.nevis.idm.User.street'] : '' }" + - http://schemas.agov.ch/ws/2023/08/identity/claims/address/houseNumber: "#{ (sess['agov.appAddressRequired']\ + \ == 'true') ? sess['ch.nevis.idm.User.houseNumber'] : '' }" + - http://schemas.agov.ch/ws/2023/08/identity/claims/address/zipCode: "#{ (sess['agov.appAddressRequired']\ + \ == 'true') ? sess['ch.nevis.idm.User.postalCode'] : '' }" + - http://schemas.agov.ch/ws/2023/08/identity/claims/address/town: "#{ (sess['agov.appAddressRequired']\ + \ == 'true') ? sess['ch.nevis.idm.User.city'] : '' }" + - http://schemas.agov.ch/ws/2024/02/identity/claims/address/country: "#{ (sess['agov.appAddressRequired']\ + \ == 'true') ? sess['ch.nevis.idm.User.country'].toUpperCase() : '' }" + - http://schemas.agov.ch/ws/2024/02/identity/claims/address/qa/verificationMethod: "#{\ + \ (sess['agov.appAddressRequired'] == 'true') ? ''.concat(sess.get('agov.adressVerification')).replace('Location',\ + \ 'Domicile') : '' }" + - http://schemas.agov.ch/ws/2024/02/identity/claims/address/countryName: "#{ (sess['agov.appAddressRequired']\ + \ == 'true') ? sess['agov.countryName'] : ''}" + context: "PasswordProtectedTransport" + assertionLifetime: "30s" + sign: + - "Response" + - "Assertion" + keyInfo: "Certificate" + properties: "var://idp-sp-connector-properties" diff --git a/variables.yml b/variables.yml index 23e413b..341eeb1 100644 --- a/variables.yml +++ b/variables.yml @@ -554,6 +554,26 @@ variables: queryInputMode: "OPTIONAL" value: "https://trustbroker.agov-d.azure.adnovum.net/adfs/ls" requireOverloading: true + idp_sp_epd_connector-sp-issuer: + className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty" + parameters: + minRequired: 1 + maxAllowed: 1 + format: "^[^\\s,]*$" + value: "https://trustbroker-idp.agov-d.azure.adnovum.net" + requireOverloading: true + idp_sp_epd_connector-sp-url---assertion-consumer-services: + className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty" + parameters: + minRequired: 1 + schemeInputMode: "OPTIONAL" + allowedSchemes: "http,https" + hostNameInputMode: "OPTIONAL" + portInputMode: "OPTIONAL" + pathInputMode: "OPTIONAL" + queryInputMode: "OPTIONAL" + value: "https://trustbroker-idp.agov-d.azure.adnovum.net/adfs/ls" + requireOverloading: true log_auth-default-log-level: className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty" parameters: