BUNDBITBK-4824: Fix

2025-03-31 09:25:22 +00:00 · 2025-03-31 09:25:22 +00:00 · 8197ebd132
parent 4605d7367b
commit 8197ebd132
1 changed files with 14 additions and 0 deletions
--- a/patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy
+++ b/patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy
@ -10,6 +10,20 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi

 LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")

+// BUNDBITBK-4824: Address was missing after bmid verification
+def session = request.getAuthSession(true)
+int loa = session.get('agov.actualRoleLevel') as int
+
+// Best Token Available only if account's AQlevel is high enough
+if ((session.getAttribute('agov.appAddressRequired') == 'true') && (loa < 200)) {
+    LOG.debug("Best Token: Address requested but account has to low AQ (${loa})")
+    session.setAttribute('agov.appAddressRequired', 'false')
+}
+if ((session.getAttribute('agov.appSvnrAllowed') == 'true') && (loa < 400)) {
+    LOG.debug("Best Token: SVNr requested but account has to low AQ (${loa})")
+    session.setAttribute('agov.appSvnrAllowed', 'false')
+}
+// BUNDBITBK-4824 END

 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"