schemaVersion: "1.0" pattern: id: "27cefc3861bce987f6766342" className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlSpConnector" name: "IDP_SP_Connector" label: "IDP" notes: "- Subject NameID Format -> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\n\ - dateOfBirth: to have a date suitable for SAML and OIDC, we remove the TimeZone\ \ charachter ('1993-03-03Z' --> '1993-03-03')\n- verificationMethod: BUNDBITBK-2892\ \ SelfPaid is only for internal use, we remove this from the public assertion\n\ - address.verificationMethod: BUNDBITBK-2921 avoid interface change for hotfix" link: sourceProjectKey: "DEFAULT-IAM-JAKOB" sourcePatternId: "27cefc3861bce987f6766342" author: "florip" lastCopied: "2023-03-30T08:57:06Z" properties: issuer: "var://idp_sp_connector-sp-issuer" url: "var://idp_sp_connector-sp-url---assertion-consumer-services" signerTrust: - "pattern://8052fd68f4a663629d651f7b" subjectFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" subjectConfirmation: "bearer" attributes: - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: "${sess:ch.nevis.idm.User.email}" - http://schemas.agov.ch/ws/2023/05/identity/claims/languageOfCorrespondance: "${sess:ch.nevis.idm.User.language}" - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: "${sess:ch.nevis.idm.User.firstName}" - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: "${sess:ch.nevis.idm.User.lastName}" - http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth: "${sess:ch.nevis.idm.User.birthDate:^(\\\ d\\d\\d\\d-\\d\\d-\\d\\d).*$}" - http://schemas.agov.ch/ws/2023/05/identity/claims/sex: "${sess:ch.nevis.idm.User.gender}" - http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber: "#{\ \ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr']\ \ : ''}" - http://schemas.agov.ch/ws/2023/05/identity/claims/placeOfBirth: "#{ (sess['agov.appSvnrAllowed']\ \ == 'true') ? sess['ch.nevis.idm.User.prop.placeOfBirth'] : ''}" - http://schemas.agov.ch/ws/2023/05/identity/claims/eIdNumber: "${sess:ch.nevis.idm.User.prop.eIdNumber}" - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification: "${sess:ValidFrom}" - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/validTillDate: "${sess:ValidTo}" - http://schemas.agov.ch/ws/2023/05/identity/claims/qa/verificationMethod: "#{\ \ ''.concat(sess.get('idVerification')).replace('SelfPaid', '') }" - http://schemas.agov.ch/ws/2023/05/identity/claims/nationality: "#{ sess.containsKey('ch.nevis.idm.User.prop.nationality')\ \ ? sess['ch.nevis.idm.User.prop.nationality'].toUpperCase(): '' }" - http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith: "${sess:authenticatedWith}" - http://schemas.agov.ch/ws/2023/08/identity/claims/emailVerified: "true" - http://schemas.agov.ch/ws/2023/08/identity/claims/address/street: "#{ (sess['agov.appAddressRequired']\ \ == 'true') ? sess['ch.nevis.idm.User.street'] : '' }" - http://schemas.agov.ch/ws/2023/08/identity/claims/address/houseNumber: "#{ (sess['agov.appAddressRequired']\ \ == 'true') ? sess['ch.nevis.idm.User.houseNumber'] : '' }" - http://schemas.agov.ch/ws/2023/08/identity/claims/address/zipCode: "#{ (sess['agov.appAddressRequired']\ \ == 'true') ? sess['ch.nevis.idm.User.postalCode'] : '' }" - http://schemas.agov.ch/ws/2023/08/identity/claims/address/town: "#{ (sess['agov.appAddressRequired']\ \ == 'true') ? sess['ch.nevis.idm.User.city'] : '' }" - http://schemas.agov.ch/ws/2024/02/identity/claims/address/country: "#{ (sess['agov.appAddressRequired']\ \ == 'true') ? sess['ch.nevis.idm.User.country'].toUpperCase() : '' }" - http://schemas.agov.ch/ws/2024/02/identity/claims/address/qa/verificationMethod: "#{\ \ (sess['agov.appAddressRequired'] == 'true') ? ''.concat(sess.get('agov.adressVerification')).replace('Location',\ \ 'Domicile') : '' }" - http://schemas.agov.ch/ws/2024/02/identity/claims/address/countryName: "#{ (sess['agov.appAddressRequired']\ \ == 'true') ? sess['agov.countryName'] : ''}" context: "PasswordProtectedTransport" assertionLifetime: "30s" sign: - "Response" - "Assertion" keyInfo: "Certificate" properties: "var://idp-sp-connector-properties"