Add SP Connector to IPD_AGOV for the EPD Trustbroker

patterns/IDP_AGOV_c642107fde6b2e07f16bfedb.yml

@@ -19,6 +19,7 @@ pattern:
     - "pattern://4fcfadb4a5c946ead7e6e995"
     sp:
     - "pattern://27cefc3861bce987f6766342"
+    - "pattern://b8139a4b73abce1ce1a22170"
     samlSigner:
     - "pattern://56d6268c95f766c86c6aaae9"
     metadataService: "disabled"

patterns/IDP_SP_EPD_Connector_b8139a4b73abce1ce1a22170.yml

@@ -0,0 +1,62 @@
+schemaVersion: "1.0"
+pattern:
+  id: "b8139a4b73abce1ce1a22170"
+  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlSpConnector"
+  name: "IDP_SP_EPD_Connector"
+  label: "IDP"
+  notes: "- Subject NameID Format -> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\n\
+    - dateOfBirth: to have a date suitable for SAML and OIDC, we remove the TimeZone\
+    \ charachter ('1993-03-03Z' --> '1993-03-03')\n- verificationMethod: BUNDBITBK-2892\
+    \ SelfPaid is only for internal use, we remove this from the public assertion\n\
+    - address.verificationMethod: BUNDBITBK-2921 avoid interface change for hotfix"
+  properties:
+    issuer: "var://idp_sp_epd_connector-sp-issuer"
+    url: "var://idp_sp_epd_connector-sp-url---assertion-consumer-services"
+    signerTrust:
+    - "pattern://8052fd68f4a663629d651f7b"
+    subjectFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
+    subjectConfirmation: "bearer"
+    attributes:
+    - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: "${sess:ch.nevis.idm.User.email}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance: "${sess:ch.nevis.idm.User.language}"
+    - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: "${sess:ch.nevis.idm.User.firstName}"
+    - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: "${sess:ch.nevis.idm.User.lastName}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth: "${sess:ch.nevis.idm.User.birthDate:^(\\\
+        d\\d\\d\\d-\\d\\d-\\d\\d).*$}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/sex: "${sess:ch.nevis.idm.User.gender}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber: "#{\
+        \ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr']\
+        \ : ''}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/placeOfBirth: "#{ (sess['agov.appSvnrAllowed']\
+        \ == 'true') ? sess['ch.nevis.idm.User.prop.placeOfBirth'] : ''}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/eIdNumber: "${sess:ch.nevis.idm.User.prop.eIdNumber}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification: "${sess:ValidFrom}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/validTillDate: "${sess:ValidTo}"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/verificationMethod: "#{\
+        \ ''.concat(sess.get('idVerification')).replace('SelfPaid', '') }"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/nationality: "#{ sess.containsKey('ch.nevis.idm.User.prop.nationality')\
+        \ ? sess['ch.nevis.idm.User.prop.nationality'].toUpperCase(): '' }"
+    - http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith: "${sess:authenticatedWith}"
+    - http://schemas.agov.ch/ws/2023/08/identity/claims/emailVerified: "true"
+    - http://schemas.agov.ch/ws/2023/08/identity/claims/address/street: "#{ (sess['agov.appAddressRequired']\
+        \ == 'true') ? sess['ch.nevis.idm.User.street'] : '' }"
+    - http://schemas.agov.ch/ws/2023/08/identity/claims/address/houseNumber: "#{ (sess['agov.appAddressRequired']\
+        \ == 'true') ? sess['ch.nevis.idm.User.houseNumber'] : '' }"
+    - http://schemas.agov.ch/ws/2023/08/identity/claims/address/zipCode: "#{ (sess['agov.appAddressRequired']\
+        \ == 'true') ? sess['ch.nevis.idm.User.postalCode'] : '' }"
+    - http://schemas.agov.ch/ws/2023/08/identity/claims/address/town: "#{ (sess['agov.appAddressRequired']\
+        \ == 'true') ? sess['ch.nevis.idm.User.city'] : '' }"
+    - http://schemas.agov.ch/ws/2024/02/identity/claims/address/country: "#{ (sess['agov.appAddressRequired']\
+        \ == 'true') ? sess['ch.nevis.idm.User.country'].toUpperCase() : '' }"
+    - http://schemas.agov.ch/ws/2024/02/identity/claims/address/qa/verificationMethod: "#{\
+        \ (sess['agov.appAddressRequired'] == 'true') ? ''.concat(sess.get('agov.adressVerification')).replace('Location',\
+        \ 'Domicile') : '' }"
+    - http://schemas.agov.ch/ws/2024/02/identity/claims/address/countryName: "#{ (sess['agov.appAddressRequired']\
+        \ == 'true') ? sess['agov.countryName'] : ''}"
+    context: "PasswordProtectedTransport"
+    assertionLifetime: "30s"
+    sign:
+    - "Response"
+    - "Assertion"
+    keyInfo: "Certificate"
+    properties: "var://idp-sp-connector-properties"

variables.yml

@@ -554,6 +554,26 @@ variables:
       queryInputMode: "OPTIONAL"
     value: "https://trustbroker.agov-d.azure.adnovum.net/adfs/ls"
     requireOverloading: true
+  idp_sp_epd_connector-sp-issuer:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.SimpleTextProperty"
+    parameters:
+      minRequired: 1
+      maxAllowed: 1
+      format: "^[^\\s,]*$"
+    value: "https://trustbroker-idp.agov-d.azure.adnovum.net"
+    requireOverloading: true
+  idp_sp_epd_connector-sp-url---assertion-consumer-services:
+    className: "ch.nevis.admin.v4.plugin.base.generation.property.URLProperty"
+    parameters:
+      minRequired: 1
+      schemeInputMode: "OPTIONAL"
+      allowedSchemes: "http,https"
+      hostNameInputMode: "OPTIONAL"
+      portInputMode: "OPTIONAL"
+      pathInputMode: "OPTIONAL"
+      queryInputMode: "OPTIONAL"
+    value: "https://trustbroker-idp.agov-d.azure.adnovum.net/adfs/ls"
+    requireOverloading: true
   log_auth-default-log-level:
     className: "ch.nevis.admin.v4.plugin.base.generation.property.SelectionProperty"
     parameters: