adn-agov-iam-project/patterns/IDP_SP_EPD_Connector_b8139a4b73abce1ce1a22170.yml

schemaVersion: "1.0"
pattern:
  id: "b8139a4b73abce1ce1a22170"
  className: "ch.nevis.admin.v4.plugin.nevisauth.patterns.SamlSpConnector"
  name: "IDP_SP_EPD_Connector"
  label: "IDP"
  notes: "- Subject NameID Format -> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\n\
    - dateOfBirth: to have a date suitable for SAML and OIDC, we remove the TimeZone\
    \ charachter ('1993-03-03Z' --> '1993-03-03')\n- verificationMethod: BUNDBITBK-2892\
    \ SelfPaid is only for internal use, we remove this from the public assertion\n\
    - address.verificationMethod: BUNDBITBK-2921 avoid interface change for hotfix\n\
    \n- todo: GLN"
  properties:
    issuer: "var://idp_sp_epd_connector-sp-issuer"
    url: "var://idp_sp_epd_connector-sp-url---assertion-consumer-services"
    signerTrust:
    - "pattern://8052fd68f4a663629d651f7b"
    binding: "http-post"
    subjectFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
    subjectConfirmation: "bearer"
    attributes:
    - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: "${sess:ch.nevis.idm.User.firstName}"
    - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: "${sess:ch.nevis.idm.User.lastName}"
    - http://schemas.agov.ch/ws/2023/05/identity/claims/sex: "${sess:ch.nevis.idm.User.gender}"
    - http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber: "#{\
        \ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr']\
        \ : ''}"
    - http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth: "${sess:ch.nevis.idm.User.birthDate:^(\\\
        d\\d\\d\\d-\\d\\d-\\d\\d).*$}"
    context: "PasswordProtectedTransport"
    assertionLifetime: "30s"
    sign:
    - "Response"
    - "Assertion"
    keyInfo: "Certificate"
    properties: "var://epd_idp-parameters"