38 lines
2.2 KiB
XML
38 lines
2.2 KiB
XML
<AuthState name="${state.entry}" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
|
|
<ResultCond name="ok" next="${state.entry}_Processing"/>
|
|
<ResultCond name="default" next="${state.entry}"/>
|
|
<Response value="AUTH_CONTINUE">
|
|
<Gui name="recovery_accessapp_auth">
|
|
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
|
|
<GuiElem name="fallback" type="button" label="mobile_auth.cancel.button.label" value="true" optional="true"/>
|
|
<GuiElem name="accessApp" type="hidden" value="${sess:agov.recovery.accessapp}" optional="true"/>
|
|
</Gui>
|
|
</Response>
|
|
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
|
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy"/>
|
|
<property name="parameter.agovmeregistrationurl" value="${var.agovmeregistrationurl}"/>
|
|
<property name="parameter.recoveryurl" value="${var.recoveryurl}"/>
|
|
</AuthState>
|
|
|
|
<AuthState name="${state.entry}_Processing" class="ch.nevis.auth.fido.uaf.authstate.OutOfBandFidoUafAuthState" final="false" resumeState="false">
|
|
<ResultCond name="error" next="${state.entry}_Processing"/>
|
|
<ResultCond name="failed" next="${state.entry}"/>
|
|
<ResultCond name="ok" next="${state.entry}_PostProcessing" />
|
|
<Response value="AUTH_ERROR">
|
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
|
</Response>
|
|
<property name="fidoUafServerUrl" value="https://fido-uaf:9443/nevisfido"/>
|
|
<property name="dispatcher" value="link"/>
|
|
<property name="httpclient.tls.trustStoreRef" value="${keystore}"/>
|
|
<!-- we must ensure that the newly existed access app is used, and not another app -->
|
|
<property name="fidoUafUsername" value="${sess:ch.nevis.idm.User.extId}"/>
|
|
<property name="dispatchTargetId" value="${sess:agov.recovery.accessapp.dispatchTargetId}"/>
|
|
</AuthState>
|
|
|
|
<AuthState name="${state.entry}_PostProcessing" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
|
|
<ResultCond name="default" next="${state.done}"/>
|
|
<Response value="AUTH_CONTINUE"/>
|
|
<property name="sess:agov.recovery.authenticatedWith" value="urn:qa.agov.ch:names:tc:authfactor:accessapp"/>
|
|
</AuthState>
|
|
|