diff --git a/patterns/IDM_DB_2951ead44a7a9362a4545094.yml b/patterns/IDM_DB_2951ead44a7a9362a4545094.yml
index a1284db..a8658ec 100644
--- a/patterns/IDM_DB_2951ead44a7a9362a4545094.yml
+++ b/patterns/IDM_DB_2951ead44a7a9362a4545094.yml
@@ -13,6 +13,8 @@ pattern:
user: "var://idm_db-database-user"
password: "var://idm_db-database-password"
encryption: "var://idm_db-tls-encryption"
+ trustStore:
+ - "pattern://326adce95ad1a0761f2259b7"
jdbcDriver: "var://idm_db-database-jdbc-driver"
oracleVolumeClaimName: "var://idm_db-database-volume-claim"
databaseManagement: "var://agov_dev_idm-db-management"
diff --git a/patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy b/patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy
index ad2f7a0..43387b4 100644
--- a/patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy
+++ b/patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy
@@ -1,3 +1,12 @@
+import java.time.Duration
+
+// authentication cookie map
+def AUTHENTICATON_URN_TO_COOKIE_MAPPER = [
+ 'urn:qa.agov.ch:names:tc:authfactor:accessapp' : 'accessApp',
+ 'urn:qa.agov.ch:names:tc:authfactor:fido' : 'securityKey',
+ 'urn:qa.agov.ch:names:tc:authfactor:eid' : 'eid'
+]
+
// Accounting
def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
@@ -10,10 +19,9 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
-// BUNDBITBK-4824: Address was missing after bmid verification
-
-
def session = request.getAuthSession(true)
+
+// BUNDBITBK-4824: Address was missing after bmid verification
def loa_str = session.get('agov.actualRoleLevel')
if(loa_str){
@@ -30,11 +38,15 @@ if(loa_str){
}
}
-// BUNDBITBK-4824 END
+// BUNDBITBK-5005: Set cookie to remember the last authentication method
+def agovAuthMethodCookie = "LOGINMETHOD=${AUTHENTICATON_URN_TO_COOKIE_MAPPER[session.getAttribute('authenticatedWith')]}; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=1800; SameSite=Strict; Secure; HttpOnly"
+response.setHeader('Set-Cookie2', agovAuthMethodCookie)
// delete the login cookie
def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
response.setHeader('Set-Cookie', agovLoginCookie)
+//response.setHeader('Set-Cookie', agovLoginCookie + ', ' + agovAuthMethodCookie)
+
response.setResult('ok')
return
diff --git a/patterns/f63c475c35b616b7c6c1901c_authStatesFile/Mobile_NLess_Auth.xml b/patterns/f63c475c35b616b7c6c1901c_authStatesFile/Mobile_NLess_Auth.xml
index 2fc31da..6e42040 100644
--- a/patterns/f63c475c35b616b7c6c1901c_authStatesFile/Mobile_NLess_Auth.xml
+++ b/patterns/f63c475c35b616b7c6c1901c_authStatesFile/Mobile_NLess_Auth.xml
@@ -11,6 +11,7 @@
+