nevis
/
adn-agov-iam-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
adn-agov-iam-project/patterns/cdb228eccc12b4b1dea20d9d_au.../insufficientLoaAssertion.xml

47 lines
3.3 KiB
XML
Raw Permalink Blame History

<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="false">
<ResultCond name="ok" next="${state.entry}_Handle_Redirect"/>
<Response value="AUTH_ERROR">
<Gui name="internal_error">
<GuiElem name="transferId" type="hidden" value="${request:traceId}" optional="true"/>
</Gui>
</Response>
<property name="in.binding" value="none"/>
<property name="out.binding" value="internal"/>
<property name="out.sign" value="Response Assertion"/>
<property name="out.signatureKeyInfo" value="Certificate"/>
<!-- assertion validity time -->
<property name="out.ttl" value="${param.assertionValidityTime}"/>
<!-- subject confirmation: Bearer -->
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
<property name="Bearer.ttl" value="${param.assertionValidityTime}"/>
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
<property name="spURL" value="${param.agovmedirecturl}"/>
<property name="acsUrlWhitelist.uris" value="not used"/>
<!-- adttributes -->
<property name="out.authnContextClassRef" value="urn:qa.agov.ch:names:tc:ac:classes:${sess:agov.actualRoleLevel}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith" value="${sess:authenticatedWith}"/>
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="${sess:ch.nevis.idm.User.email}"/>
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:ch.nevis.idm.User.lastName}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/requestedRoleLevel" value="urn:qa.agov.ch:names:tc:ac:classes:${sess:agov.requestedRoleLevel}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/09/identity/claim/rpEntityId" value="${sess:ch.nevis.auth.saml.request.scoping.requesterId}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/09/identity/claim/allowedVerificationMethods" value="${sess:agov.appAllowedVerificationMethods}"/>
<property name="out.attributeDelimiter" value=",\s*" />
<property name="out.attribute.http://schemas.agov.ch/ws/2023/09/identity/claims/addressRequired" value="${sess:agov.appAddressRequired}"/>
<property name="out.subject" value="${response:userId}"/>
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
<property name="out.issuer" value="${param.issuer}"/>
<property name="out.audienceRestriction" value="${param.directAudience}"/>
</AuthState>
<AuthState name="${state.entry}_Handle_Redirect" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<ResultCond name="ok" next="${state.done}"/>
<Response value="AUTH_CONTINUE">
<Gui name="not_used"/>
</Response>
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<property name="parameter.agovmedirecturl" value="${param.agovmedirecturl}"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirect.groovy"/>
</AuthState>
Reference in New Issue View Git Blame Copy Permalink