43 lines
2.7 KiB
XML
43 lines
2.7 KiB
XML
<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="false">
|
|
<ResultCond name="ok" next="${state.entry}_Handle_Redirect"/>
|
|
<Response value="AUTH_ERROR">
|
|
<Gui name="internal_error">
|
|
<GuiElem name="transferId" type="hidden" value="${request:traceId}" optional="true"/>
|
|
</Gui>
|
|
</Response>
|
|
<property name="in.binding" value="none"/>
|
|
<property name="out.binding" value="internal"/>
|
|
<property name="out.sign" value="Response Assertion"/>
|
|
<property name="out.signatureKeyInfo" value="Certificate"/>
|
|
<!-- assertion validity time -->
|
|
<property name="out.ttl" value="${param.assertionValidityTime}"/>
|
|
<!-- subject confirmation: Bearer -->
|
|
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
|
|
<property name="Bearer.ttl" value="${param.assertionValidityTime}"/>
|
|
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
|
|
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
|
|
<property name="spURL" value="${param.agovmedirecturl}"/>
|
|
<property name="acsUrlWhitelist.uris" value="not used"/>
|
|
<!-- adttributes -->
|
|
<property name="out.authnContextClassRef" value="${sess:agov.recovery.authnContextClassRef}"/>
|
|
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith" value="${sess:agov.recovery.authenticatedWith}"/>
|
|
<property name="out.attribute.http://schemas.agov.ch/ws/2023/11/identity/claims/currentAgovAq" value="${sess:agov.recovery.currentAgovAq}"/>
|
|
<property name="out.attribute.http://schemas.agov.ch/ws/2024/01/identity/claims/currentIdVerification" value="${sess:agov.recovery.currentIdVerification}"/>
|
|
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification"
|
|
value="${sess:agov.recovery.currentAgovAqRoleValidFrom}"/>
|
|
<property name="out.attributeDelimiter" value=",\s*" />
|
|
<property name="out.subject" value="${sess:ch.adnovum.nevisidm.user.extId}"/>
|
|
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
|
|
<property name="out.issuer" value="${param.issuer}"/>
|
|
<property name="out.audienceRestriction" value="${param.directAudience}"/>
|
|
</AuthState>
|
|
|
|
<AuthState name="${state.entry}_Handle_Redirect" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
|
<ResultCond name="ok" next="${state.done}"/>
|
|
<Response value="AUTH_CONTINUE">
|
|
<Gui name="not_used"/>
|
|
</Response>
|
|
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
|
<property name="parameter.agovmedirecturl" value="${param.agovmedirecturl}"/>
|
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy"/>
|
|
</AuthState> |