- IDM_DB: readded truststore

- new login mask: saving the last login method as a cookie + sending it to the fe

patterns/IDM_DB_2951ead44a7a9362a4545094.yml

@@ -13,6 +13,8 @@ pattern:
     user: "var://idm_db-database-user"
     password: "var://idm_db-database-password"
     encryption: "var://idm_db-tls-encryption"
+    trustStore:
+    - "pattern://326adce95ad1a0761f2259b7"
     jdbcDriver: "var://idm_db-database-jdbc-driver"
     oracleVolumeClaimName: "var://idm_db-database-volume-claim"
     databaseManagement: "var://agov_dev_idm-db-management"

patterns/b87d0d2b640e8e545ad70234_resources/SendSamlResponseWithAssertion.groovy

@@ -1,3 +1,12 @@
+import java.time.Duration
+
+// authentication cookie map
+def AUTHENTICATON_URN_TO_COOKIE_MAPPER = [
+		'urn:qa.agov.ch:names:tc:authfactor:accessapp'  :     'accessApp',
+        'urn:qa.agov.ch:names:tc:authfactor:fido'       :     'securityKey',
+		'urn:qa.agov.ch:names:tc:authfactor:eid'        :     'eid'  
+]
+
 // Accounting
 def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
 def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
@@ -10,10 +19,9 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
 
 LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
-// BUNDBITBK-4824: Address was missing after bmid verification
-
-
 def session = request.getAuthSession(true)
+
+// BUNDBITBK-4824: Address was missing after bmid verification
 def loa_str = session.get('agov.actualRoleLevel')
 
 if(loa_str){
@@ -30,11 +38,15 @@ if(loa_str){
     }
 }
 
-// BUNDBITBK-4824 END
+// BUNDBITBK-5005: Set cookie to remember the last authentication method
+def agovAuthMethodCookie = "LOGINMETHOD=${AUTHENTICATON_URN_TO_COOKIE_MAPPER[session.getAttribute('authenticatedWith')]}; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=1800; SameSite=Strict; Secure; HttpOnly"
+response.setHeader('Set-Cookie2', agovAuthMethodCookie)
 
 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"
 response.setHeader('Set-Cookie', agovLoginCookie)
 
+//response.setHeader('Set-Cookie', agovLoginCookie + ', ' + agovAuthMethodCookie)
+
 response.setResult('ok')
 return

patterns/f63c475c35b616b7c6c1901c_authStatesFile/Mobile_NLess_Auth.xml

@@ -11,6 +11,7 @@
                         <GuiElem name="agov.appDisplayNameEN" type="hidden" value="${sess:agov.appDisplayNameEN}" optional="true"/>
                         <GuiElem name="agov.appSamlRpEntityId" type="hidden" value="${var.appIconUrl}${sess:ch.nevis.auth.saml.request.scoping.requesterId}" optional="true"/>
 			<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
+            <GuiElem name="lastLoginMethod" type="hidden" value="${cookie:LOGINMETHOD}" optional="true"/>
 			<GuiElem name="fallback" type="button" label="mobile_auth.cancel.button.label" value="true" optional="true"/>
 		</Gui>
 	</Response>