nevis
/
adn-agov-iam-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
adn-agov-iam-project/patterns/5a75ffc73b91b88cfab6168e_au.../epd_artifact_idp.xml

74 lines
4.3 KiB
XML
Raw Blame History

<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.saml.IdentityProviderState" final="false" resumeState="true">
<!-- Auth_Realm_Main_IDP_Concurrent_Logout -->
<ResultCond name="IDP-initiated-ConcurrentLogout" next="${state.exit.1}"/>
<ResultCond name="SP-initiated-ConcurrentLogout" next="${state.exit.1}"/>
<!-- Auth_Realm_Main_IDP_Prepare_Done -->
<ResultCond name="IDP-initiated-SingleLogout" next="${state.done}"/>
<ResultCond name="SP-initiated-SingleLogout" next="${state.done}"/>
<ResultCond name="ok" next="${state.done}"/>
<!-- Auth_Realm_Main_IDP_Logout_Done -->
<ResultCond name="LogoutCompleted" next="${state.exit.2}"/>
<!-- Auth_Realm_Main_IDP_Logout_Fail -->
<ResultCond name="LogoutFailed" next="${state.exit.3}"/>
<!-- Auth_Realm_Main_IDP_RequestedRoleLevel -->
<ResultCond name="authenticate:IDP-initiated-SSO" next="${state.exit.4}"/>
<ResultCond name="authenticate:SP-initiated-SSO" next="${state.exit.4}"/>
<ResultCond name="invalidAssertionConsumerUrl" next="${state.entry}"/>
<!-- Auth_Realm_Main_IDP_Selector -->
<ResultCond name="stepup:IDP-initiated-SSO" next="${state.failed}"/>
<ResultCond name="stepup:SP-initiated-SSO" next="${state.failed}"/>
<Response value="AUTH_ERROR">
<Gui name="saml_idp" label="title.saml.failed">
<GuiElem name="lasterror" type="error" label="error.saml.failed"/>
</Gui>
</Response>
<property name="session.participants-store.key" value="IDP_AGOV-session-participants"/>
<property name="logoutMode" value="ConcurrentLogout-Redirect"/>
<property name="logoutTrigger" value="#{request['currentResource'].contains('logout') || inargs.containsKey('logout') || inargs.containsKey('SAMLLogout')}"/>
<property name="out.binding" value="http-artifact"/>
<!-- SHA1 of "https://auth.agov-epr-lab.azure.adnovum.net/SAML2/" -->
<property name="out.artifactSourceId" value="0x49899452c60f53e500d7d8b221536c9745dfaf0f"/>
<property name="out.post.relayStateEncoding" value="HTML"/>
<property name="out.sign" value="Response Assertion LogoutResponse ArtifactResponse"/>
<property name="out.signatureKeyInfo" value="Certificate"/>
<property name="out.ttl" value="30"/>
<property name="out.subject" value="${response:userId}"/>
<property name="out.subject.format" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
<property name="out.extension.Bearer" value="ch.nevis.esauth.auth.states.saml.extensions.SubjectConfirmationExtender"/>
<!-- TODO: use var -->
<property name="out.issuer" value="${var.idp_agov-saml-issuer}"/>
<property name="out.keystoreref" value="Store_IDP_AGOV"/>
<property name="out.keyobjectref" value="Signer_IDP_AGOV"/>
<property name="spIssuer" value="${var.idp_sp_epd_connector-sp-issuer}"/>
<property name="spURL" value="${var.idp_sp_epd_connector-sp-url---assertion-consumer-services}"/>
<property name="acsUrlWhitelist.uris" value="${var.idp_sp_epd_connector-sp-url---assertion-consumer-services}"/>
<property name="in.binding" value="auto"/>
<property name="in.max_age" value="60"/>
<property name="in.keystoreref" value="Store_IDP_AGOV"/>
<property name="out.authnContextClassRef" value="${sess:contextClassRefToSet}"/>
<property name="out.audienceRestriction" value="${var.idp_agov_epd-audience}"/>
<!-- SAML Attributes -->
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="${sess:ch.nevis.idm.User.firstName}"/>
<property name="out.attribute.http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="${sess:ch.nevis.idm.User.lastName}"/>
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/sex" value="${sess:ch.nevis.idm.User.gender}"/>
<!--<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/socialSecurityNumber" value="#{ (sess['agov.appSvnrAllowed'] == 'true') ? sess['ch.nevis.idm.User.prop.svnr'] : ''}"/> -->
<property name="out.attribute.http://schemas.agov.ch/ws/2023/05/identity/claims/dateOfBirth" value="${sess:ch.nevis.idm.User.birthDate:^(\d\d\d\d-\d\d-\d\d).*$}"/>
</AuthState>
Reference in New Issue View Git Blame Copy Permalink