diff --git a/bundles.yml b/bundles.yml
index 8b092fd..f7b8d2b 100644
--- a/bundles.yml
+++ b/bundles.yml
@@ -1,13 +1,13 @@
schemaVersion: "1.0"
bundles:
-- "nevisadmin-plugin-authcloud:8.2411.2.4"
- "nevisadmin-plugin-base-generation:8.2411.2.4"
-- "nevisadmin-plugin-fido2:8.2411.2.4"
-- "nevisadmin-plugin-mobile-auth:8.2411.2.4"
-- "nevisadmin-plugin-nevisadapt:8.2411.2.4"
-- "nevisadmin-plugin-nevisauth:8.2411.2.4"
-- "nevisadmin-plugin-nevisdetect:8.2411.2.4"
-- "nevisadmin-plugin-nevisdp:8.2411.2.4"
-- "nevisadmin-plugin-nevisidm:8.2411.2.4"
- "nevisadmin-plugin-nevisproxy:8.2411.2.4"
+- "nevisadmin-plugin-nevisauth:8.2411.2.4"
+- "nevisadmin-plugin-nevisidm:8.2411.2.4"
+- "nevisadmin-plugin-mobile-auth:8.2411.2.4"
+- "nevisadmin-plugin-fido2:8.2411.2.4"
+- "nevisadmin-plugin-nevisadapt:8.2411.2.4"
+- "nevisadmin-plugin-nevisdetect:8.2411.2.4"
- "nevisadmin-plugin-oauth:8.2411.2.4"
+- "nevisadmin-plugin-authcloud:8.2411.2.4"
+- "nevisadmin-plugin-nevisdp:8.2411.2.4"
diff --git a/patterns/1f0702aaabef60a615abf41f_resources/resources.zip b/patterns/1f0702aaabef60a615abf41f_resources/resources.zip
index ebbeb82..5062030 100644
Binary files a/patterns/1f0702aaabef60a615abf41f_resources/resources.zip and b/patterns/1f0702aaabef60a615abf41f_resources/resources.zip differ
diff --git a/patterns/204c22beaccdfd22727af378_labels/labels.zip b/patterns/204c22beaccdfd22727af378_labels/labels.zip
index d8768dc..4f90ed4 100644
Binary files a/patterns/204c22beaccdfd22727af378_labels/labels.zip and b/patterns/204c22beaccdfd22727af378_labels/labels.zip differ
diff --git a/patterns/204c22beaccdfd22727af378_template/webdata.zip b/patterns/204c22beaccdfd22727af378_template/webdata.zip
index 99fdfca..474a67f 100644
Binary files a/patterns/204c22beaccdfd22727af378_template/webdata.zip and b/patterns/204c22beaccdfd22727af378_template/webdata.zip differ
diff --git a/patterns/4fcfadb4a5c946ead7e6e995_labels/labels.zip b/patterns/4fcfadb4a5c946ead7e6e995_labels/labels.zip
index d8768dc..4f90ed4 100644
Binary files a/patterns/4fcfadb4a5c946ead7e6e995_labels/labels.zip and b/patterns/4fcfadb4a5c946ead7e6e995_labels/labels.zip differ
diff --git a/patterns/4fcfadb4a5c946ead7e6e995_template/webdata.zip b/patterns/4fcfadb4a5c946ead7e6e995_template/webdata.zip
index 99fdfca..474a67f 100644
Binary files a/patterns/4fcfadb4a5c946ead7e6e995_template/webdata.zip and b/patterns/4fcfadb4a5c946ead7e6e995_template/webdata.zip differ
diff --git a/patterns/68665057549fd887ea09fb86_scriptFile/requestedRoleLevel.groovy b/patterns/68665057549fd887ea09fb86_scriptFile/requestedRoleLevel.groovy
index 0756d87..cad5a2b 100644
--- a/patterns/68665057549fd887ea09fb86_scriptFile/requestedRoleLevel.groovy
+++ b/patterns/68665057549fd887ea09fb86_scriptFile/requestedRoleLevel.groovy
@@ -26,6 +26,12 @@ int getRequestedLevel(String authnContextClassRef, def roleList){
def session = request.getAuthSession(true)
def context = session.get('ch.nevis.auth.saml.request.authnContextClassRef')
+if (!context || context == '' || context == 'null') {
+ // EPD call, we set a default of aq300
+ session.setAttribute('ch.nevis.auth.saml.request.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:300')
+ conext = 'urn:qa.agov.ch:names:tc:ac:classes:300'
+}
+
def roleLevels = [100,200,300,400,500,600]
def requestedRoleLevelNumber = getRequestedLevel(context, roleLevels)
diff --git a/patterns/7a913eec7f78ce674cd87854_authStatesFile/IDP_IDP_Status_Check_State.xml b/patterns/7a913eec7f78ce674cd87854_authStatesFile/IDP_IDP_Status_Check_State.xml
index f191f07..e625ddb 100644
--- a/patterns/7a913eec7f78ce674cd87854_authStatesFile/IDP_IDP_Status_Check_State.xml
+++ b/patterns/7a913eec7f78ce674cd87854_authStatesFile/IDP_IDP_Status_Check_State.xml
@@ -6,7 +6,7 @@
-
-
+
+
diff --git a/patterns/7a913eec7f78ce674cd87854_resources/idp_status_check.groovy b/patterns/7a913eec7f78ce674cd87854_resources/idp_status_check.groovy
index 2e18d45..9e4e67c 100644
--- a/patterns/7a913eec7f78ce674cd87854_resources/idp_status_check.groovy
+++ b/patterns/7a913eec7f78ce674cd87854_resources/idp_status_check.groovy
@@ -78,6 +78,10 @@ if (inargs['SAMLRequest'] != null) {
request.getInArgs().setProperty('onReload', 'now')
def eidEnabled = parameters.get('eidPassthroughEnabled') == "true" || parameters.get('eidFullEnabled') == "true"
+ eidEnabled
+ LOG.error("EID?: " + eidEnabled)
+ LOG.error("Full?: " + parameters.get('eidFullEnabled'))
+ LOG.error("Pass?: " + parameters.get('eidPassthroughEnabled'))
def requestedLoa = s.getAttribute("agov.requestedRoleLevel")
if( eidEnabled && ( requestedLoa == "600" || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == 'OidcPlaygroundWork' ) ){
// EID request -> goto correct state
diff --git a/patterns/IDM_DB_2951ead44a7a9362a4545094.yml b/patterns/IDM_DB_2951ead44a7a9362a4545094.yml
index a8658ec..a1284db 100644
--- a/patterns/IDM_DB_2951ead44a7a9362a4545094.yml
+++ b/patterns/IDM_DB_2951ead44a7a9362a4545094.yml
@@ -13,8 +13,6 @@ pattern:
user: "var://idm_db-database-user"
password: "var://idm_db-database-password"
encryption: "var://idm_db-tls-encryption"
- trustStore:
- - "pattern://326adce95ad1a0761f2259b7"
jdbcDriver: "var://idm_db-database-jdbc-driver"
oracleVolumeClaimName: "var://idm_db-database-volume-claim"
databaseManagement: "var://agov_dev_idm-db-management"
diff --git a/patterns/e335f57d4c64dfc97223697a_resources/eid_verification_auth.groovy b/patterns/e335f57d4c64dfc97223697a_resources/eid_verification_auth.groovy
index f7336e0..02ed318 100644
--- a/patterns/e335f57d4c64dfc97223697a_resources/eid_verification_auth.groovy
+++ b/patterns/e335f57d4c64dfc97223697a_resources/eid_verification_auth.groovy
@@ -225,6 +225,7 @@ HttpClient httpClient = HttpClients.create(parameters)
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+/*
if (!session['agov.eid.verification']) {
LOG.debug("Initializing verification")
if(!getNewVerification(sess, httpClient, verification_request_template, traceparent)){
@@ -232,20 +233,28 @@ if (!session['agov.eid.verification']) {
return
}
}
+*/
if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.v')) {
LOG.debug("Request Status Update")
// request for a status update from the verifier
def result
- // TODO/haburger/2025-03-24: we should make sure, that we have an actual session on the verifier with id.v
- // and that authRequestId is correct
- def idvalue = (!inargs['o.id.v'] || inargs['o.id.v'] == 'NEW') ? session['agov.eid.verification.id'] : inargs['o.id.v']
+ // FE requested a new verification
+ if (inargs['o.id.v'] == 'NEW' || inargs['o.id.v'] == 'RESET') {
+ LOG.debug("Initializing new verification")
+ if(!getNewVerification(sess, httpClient, verification_request_template, traceparent)){
+ response.setResult('error')
+ return
+ }
+ }
- // check, whether we are still processing the correct verification request
- //
- if(inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])){
- //if(inargs['o.id.v'] && inargs['o.id.v'] != 'NEW' && inargs['o.id.v'] != session['agov.eid.verification.id']){
+ def idvalue = (!inargs['o.id.v'] || inargs['o.id.v'] == 'NEW' || inargs['o.id.v'] == 'RESET') ? session['agov.eid.verification.id'] : inargs['o.id.v']
+
+ LOG.error("IDValSent: " + idvalue)
+
+ // check, whether we are still processing the same verification request or if a new one was generated in e.g. another Tab
+ if(inargs['o.id.v'] && inargs['o.id.v'] != 'NEW' && inargs['o.id.v'] != 'RESET' && inargs['o.id.v'] != session['agov.eid.verification.id']){
// wrong request, tell fe to stop polling and request a timeout
LOG.debug('authentication timeout enforced, due to concurrent requests (verificationRequest missmatch) -> Notify FE & then return a 408')
result = """{
@@ -356,6 +365,7 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
LOG
.error("Eid verification failed: ${json.wallet_response.error_code} (${json.wallet_response.error_description})")
+
def status = ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] ?: 'ERROR'
// Send new request & return variables with new id and url
@@ -379,7 +389,7 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
else {
result = """{
"oid4vp": {
- "status": "${inargs['o.id.v'] == 'NEW' ? 'INITIATED' : 'PENDING'}",
+ "status": "${inargs['o.id.v'] == 'NEW' || inargs['o.id.v'] == 'RESET' ? 'INITIATED' : 'PENDING'}",
"verification_url": "${session['agov.eid.verification.link']}",
"id": "${idvalue}",
"error_code": "NONE"
@@ -400,6 +410,8 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
}}"""
}
+
+
response.setContent(result.toString())
response.setContentType('application/json')
response.setHttpStatusCode(200)