adn-agov-iam-project/patterns/6061abea33a234fad73897b7_au.../redirectToAgovMe.xml

43 lines
2.7 KiB
XML

<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="false">
<ResultCond name="ok" next="${state.entry}_Handle_Redirect"/>
<Response value="AUTH_ERROR">
<Gui name="internal_error">
<GuiElem name="transferId" type="hidden" value="${request:traceId}" optional="true"/>
</Gui>
</Response>
<property name="in.binding" value="none"/>
<property name="out.binding" value="internal"/>
<property name="out.sign" value="Response Assertion"/>
<property name="out.signatureKeyInfo" value="Certificate"/>
<!-- assertion validity time -->
<property name="out.ttl" value="${param.assertionValidityTime}"/>
<!-- subject confirmation: Bearer -->
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
<property name="Bearer.ttl" value="${param.assertionValidityTime}"/>
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
<property name="spURL" value="${param.agovmedirecturl}"/>
<property name="acsUrlWhitelist.uris" value="not used"/>
<!-- adttributes -->
<property name="out.authnContextClassRef" value="${sess:agov.recovery.authnContextClassRef}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith" value="${sess:agov.recovery.authenticatedWith}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/11/identity/claims/currentAgovAq" value="${sess:agov.recovery.currentAgovAq}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2024/01/identity/claims/currentIdVerification" value="${sess:agov.recovery.currentIdVerification}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification"
value="${sess:agov.recovery.currentAgovAqRoleValidFrom}"/>
<property name="out.attributeDelimiter" value=",\s*" />
<property name="out.subject" value="${sess:ch.adnovum.nevisidm.user.extId}"/>
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
<property name="out.issuer" value="${param.issuer}"/>
<property name="out.audienceRestriction" value="${param.directAudience}"/>
</AuthState>
<AuthState name="${state.entry}_Handle_Redirect" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<ResultCond name="ok" next="${state.done}"/>
<Response value="AUTH_CONTINUE">
<Gui name="not_used"/>
</Response>
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<property name="parameter.agovmedirecturl" value="${param.agovmedirecturl}"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy"/>
</AuthState>