BUNDBITBK-4824: Fix

patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy

@@ -10,6 +10,20 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
 
 LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
+// BUNDBITBK-4824: Address was missing after bmid verification
+def session = request.getAuthSession(true)
+int loa = session.get('agov.actualRoleLevel') as int
+
+// Best Token Available only if account's AQlevel is high enough
+if ((session.getAttribute('agov.appAddressRequired') == 'true') && (loa < 200)) {
+    LOG.debug("Best Token: Address requested but account has to low AQ (${loa})")
+    session.setAttribute('agov.appAddressRequired', 'false')
+}
+if ((session.getAttribute('agov.appSvnrAllowed') == 'true') && (loa < 400)) {
+    LOG.debug("Best Token: SVNr requested but account has to low AQ (${loa})")
+    session.setAttribute('agov.appSvnrAllowed', 'false')
+}
+// BUNDBITBK-4824 END
 
 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"