nevis
/
adn-agov-iam-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- IDM_DB: readded truststore 

- new login mask: saving the last login method as a cookie + sending it to the fe
This commit is contained in:
aca 2025-06-04 07:33:15 +00:00
parent 1e60ed513d
commit e540a7029c
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
patterns/IDM_DB_2951ead44a7a9362a4545094.yml
View File

@ -13,6 +13,8 @@ pattern:
user: "var://idm_db-database-user" user: "var://idm_db-database-user"
password: "var://idm_db-database-password" password: "var://idm_db-database-password"
encryption: "var://idm_db-tls-encryption" encryption: "var://idm_db-tls-encryption"
trustStore:
- "pattern://326adce95ad1a0761f2259b7"
jdbcDriver: "var://idm_db-database-jdbc-driver" jdbcDriver: "var://idm_db-database-jdbc-driver"
oracleVolumeClaimName: "var://idm_db-database-volume-claim" oracleVolumeClaimName: "var://idm_db-database-volume-claim"
databaseManagement: "var://agov_dev_idm-db-management" databaseManagement: "var://agov_dev_idm-db-management"

20
patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy
View File

@ -1,3 +1,12 @@
import java.time.Duration
// authentication cookie map
def AUTHENTICATON_URN_TO_COOKIE_MAPPER = [
'urn:qa.agov.ch:names:tc:authfactor:accessapp' : 'accessApp',
'urn:qa.agov.ch:names:tc:authfactor:fido' : 'securityKey',
'urn:qa.agov.ch:names:tc:authfactor:eid' : 'eid'
]
// Accounting // Accounting
def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
@ -10,10 +19,9 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'") LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
// BUNDBITBK-4824: Address was missing after bmid verification
def session = request.getAuthSession(true) def session = request.getAuthSession(true)
// BUNDBITBK-4824: Address was missing after bmid verification
def loa_str = session.get('agov.actualRoleLevel') def loa_str = session.get('agov.actualRoleLevel')
if(loa_str){ if(loa_str){
@ -30,11 +38,15 @@ if(loa_str){
} }
} }
// BUNDBITBK-4824 END // BUNDBITBK-5005: Set cookie to remember the last authentication method
def agovAuthMethodCookie = "LOGINMETHOD=${AUTHENTICATON_URN_TO_COOKIE_MAPPER[session.getAttribute('authenticatedWith')]}; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=1800; SameSite=Strict; Secure; HttpOnly"
response.setHeader('Set-Cookie2', agovAuthMethodCookie)
// delete the login cookie // delete the login cookie
def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly" def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
response.setHeader('Set-Cookie', agovLoginCookie) response.setHeader('Set-Cookie', agovLoginCookie)
//response.setHeader('Set-Cookie', agovLoginCookie + ', ' + agovAuthMethodCookie)
response.setResult('ok') response.setResult('ok')
return return

1
patterns/f63c475c35b616b7c6c1901c_authStatesFile/Mobile_NLess_Auth.xml
View File

@ -11,6 +11,7 @@
<GuiElem name="agov.appDisplayNameEN" type="hidden" value="${sess:agov.appDisplayNameEN}" optional="true"/> <GuiElem name="agov.appDisplayNameEN" type="hidden" value="${sess:agov.appDisplayNameEN}" optional="true"/>
<GuiElem name="agov.appSamlRpEntityId" type="hidden" value="${var.appIconUrl}${sess:ch.nevis.auth.saml.request.scoping.requesterId}" optional="true"/> <GuiElem name="agov.appSamlRpEntityId" type="hidden" value="${var.appIconUrl}${sess:ch.nevis.auth.saml.request.scoping.requesterId}" optional="true"/>
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/> <GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<GuiElem name="lastLoginMethod" type="hidden" value="${cookie:LOGINMETHOD}" optional="true"/>
<GuiElem name="fallback" type="button" label="mobile_auth.cancel.button.label" value="true" optional="true"/> <GuiElem name="fallback" type="button" label="mobile_auth.cancel.button.label" value="true" optional="true"/>
</Gui> </Gui>
</Response> </Response>