new configuration version
|
@ -45,7 +45,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-37b8bdb0132c567067431bc29f9e802beefd6510"
|
tag: "r-ccc3170b00e14827fb232c8f34bca95033f70bc0"
|
||||||
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth"
|
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
|
|
@ -12,3 +12,5 @@ spec:
|
||||||
keystores:
|
keystores:
|
||||||
- name: "ob-proxy-ob-realm-identity"
|
- name: "ob-proxy-ob-realm-identity"
|
||||||
namespace: "adn-agov-nevisidm-ob-01-uat"
|
namespace: "adn-agov-nevisidm-ob-01-uat"
|
||||||
|
- name: "ob-proxy-ob-mock-me-realm-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-ob-01-uat"
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
<!-- source: pattern://d00b0dcbe241793d30daf91c -->
|
<!-- source: pattern://d00b0dcbe241793d30daf91c -->
|
||||||
<TokenAssembler name="DefaultTokenAssembler">
|
<TokenAssembler name="DefaultTokenAssembler">
|
||||||
<Selector default="true"/>
|
<Selector default="true"/>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://14b02056879c3b8991597d2b, pattern://6e7b5a087711bd0ada9985fe -->
|
||||||
<TokenSpec ttl="28800">
|
<TokenSpec ttl="28800">
|
||||||
<!-- source: pattern://d00b0dcbe241793d30daf91c -->
|
<!-- source: pattern://d00b0dcbe241793d30daf91c -->
|
||||||
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
|
<field src="session" key="ch.nevis.session.sessid" as="sessid"/>
|
||||||
|
@ -48,32 +48,144 @@
|
||||||
</SessionCoordinator>
|
</SessionCoordinator>
|
||||||
<!-- source: pattern://d00b0dcbe241793d30daf91c -->
|
<!-- source: pattern://d00b0dcbe241793d30daf91c -->
|
||||||
<LocalOutOfContextDataStore reaperPeriod="60"/>
|
<LocalOutOfContextDataStore reaperPeriod="60"/>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://d00b0dcbe241793d30daf91c, pattern://e1784eecf2db74484dd1e1bb, pattern://25bdd7e6f5b76694f6688ab8, pattern://d00b0dcbe241793d30daf91c -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://d00b0dcbe241793d30daf91c, pattern://d00b0dcbe241793d30daf91c, pattern://e1784eecf2db74484dd1e1bb, pattern://25bdd7e6f5b76694f6688ab8, pattern://d00b0dcbe241793d30daf91c -->
|
||||||
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisidmcl/nevisauth/lib:/opt/nevisfidocl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
|
<AuthEngine useLiteralDictionary="true" literalDictionaryLanguages="en,de,fr,it" inputLanguageCookie="LANG" compatLevel="none" addAutheLevelToSecRoles="true" classPath="/opt/nevisidmcl/nevisauth/lib:/opt/nevisfidocl/nevisauth/lib:/opt/nevisauth/plugin" propagateSession="false">
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<Domain name="ob-mock-me-realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
||||||
|
<Entry method="authenticate" state="ob-mock-me-realm_ob-mock-me-auth-processor"/>
|
||||||
|
<Entry method="authenticate" state="ob-mock-me-realm_ob-mock-me-auth-processor" selector="${request:currentResource:^http[s]?\u003A//[^/]+/mock-me/.*$:true}"/>
|
||||||
|
<Entry method="stepup" state="ob-mock-me-realm_Selector"/>
|
||||||
|
<Entry method="stepup" state="ob-mock-me-realm_ob-mock-me-auth-processor" selector="${request:currentResource:^http[s]?\u003A//[^/]+/mock-me/.*$:true}"/>
|
||||||
|
</Domain>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
||||||
<Domain name="ob-realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
<Domain name="ob-realm" default="false" inactiveInterval="7200" reauthInterval="0" resetAuthenticationCondition="${inargs:cancel}">
|
||||||
<Entry method="authenticate" state="ob-realm_ob-realm-idm-pwd-login"/>
|
<Entry method="authenticate" state="ob-realm_ob-realm-idm-pwd-login"/>
|
||||||
|
<Entry method="authenticate" state="ob-realm_ob-realm-idm-pwd-login-IdmTicketVerifyState" selector="${request:currentResource:/pwreset/continue:true}"/>
|
||||||
|
<Entry method="authenticate" state="ob-realm_ob-realm-idm-pwd-login-IdmUserVerifyState" selector="${request:currentResource:/pwreset/start:true}"/>
|
||||||
<Entry method="stepup" state="ob-realm_Selector"/>
|
<Entry method="stepup" state="ob-realm_Selector"/>
|
||||||
</Domain>
|
</Domain>
|
||||||
<AuthState name="ob-realm_ob-realm-idm-pwd-login" class="ch.nevis.idm.authstate.IdmPasswordVerifyState" final="false">
|
<AuthState name="ob-mock-me-realm_ob-mock-me-auth-processor" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<ResultCond name="processResponse" next="ob-mock-me-realm_ob-mock-me-auth-processor_serviceProvider"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<Response value="AUTH_CONTINUE">
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<Gui name="AuthErrorDialog"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<Gui name="op_mock_me_gui" label="AGOV MOCK me">
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="subject" type="text" label="subject" value="${notes:saml.assertion.subject}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="statusCode" type="text" label="statusCode" value="${notes:saml.response.statusCode}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="authnContextClassRef" type="text" label="authnContextClassRef" value="${notes:saml.response.authnContextClassRef}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="authenticatedWith" type="text" label="authenticatedWith" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/authenticatedWith}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="rpEntityId" type="text" label="rpEntityId" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/09/identity/claim/rpEntityId}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="currentAgovAq" type="text" label="currentAgovAq" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/11/identity/claims/currentAgovAq}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="dateOfVerification" type="text" label="dateOfVerification" value="${notes|saml.attributes.http://schemas.agov.ch/ws/2023/05/identity/claims/qa/dateOfVerification}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="currentIdVerification" type="text" label="currentIdVerification" value="${notes|saml.attributes. http://schemas.agov.ch/ws/2024/01/identity/claims/currentIdVerification}" optional="true"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<GuiElem name="back" type="button" label="submit.button.label" value="go"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/mock-me-processing.groovy"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-mock-me-realm_ob-mock-me-auth-processor_serviceProvider" class="ch.nevis.esauth.auth.states.saml.ServiceProviderState" final="false" resumeState="true">
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<ResultCond name="default" next="ob-mock-me-realm_ob-mock-me-auth-processor"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<ResultCond name="ok" next="ob-mock-me-realm_ob-mock-me-auth-processor"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<Gui name="AuthErrorDialog"/>
|
||||||
|
</Response>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="consumerURL" value="https://ob.agov-w.azure.adnovum.net/mock-me/process"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="idpURL" value="https://auth.agov-w.azure.adnovum.net/SAML2/SSO/"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="in.verify" value="Response Assertion"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="in.prospectVerification" value="Response Assertion"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="in.binding" value="internal"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="in.internalBindingSource" value="${notes:SAMLAssertion}"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="in.max_age" value="30"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="in.keystoreref" value="DefaultKeyStore"/>
|
||||||
|
<!-- source: pattern://be8f8436b2ec70e9d601fdd3 -->
|
||||||
|
<property name="out.binding" value="none"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-mock-me-realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<ResultCond name="nomatch" next="ob-mock-me-realm_Prepare_Done"/>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-mock-me-realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<ResultCond name="default" next="ob-mock-me-realm_Auth_Done"/>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<Response value="AUTH_DONE">
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<Gui name="ContinueResponse"/>
|
||||||
|
</Response>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-mock-me-realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<Response value="AUTH_DONE">
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<Gui name="ContinueResponse"/>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="clientNotFound" next="ob-realm_ob-realm-idm-pwd-login"/>
|
<ResultCond name="ok" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="disabled" next="ob-realm_ob-realm-idm-pwd-login"/>
|
<ResultCond name="redirectionPathInvalid" next="ob-realm_ob-realm-idm-pwd-loginInvalidPath"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="failed" next="ob-realm_ob-realm-idm-pwd-login"/>
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
|
||||||
|
</Response>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="lockWarn" next="ob-realm_ob-realm-idm-pwd-login"/>
|
<property name="script" value="file:///var/opt/nevisauth/default/conf/filterRedirectionPaths.groovy"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-Login" class="ch.nevis.idm.authstate.IdmPasswordVerifyState" final="false">
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="locked" next="ob-realm_ob-realm-idm-pwd-login"/>
|
<ResultCond name="clientNotFound" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="nowLocked" next="ob-realm_ob-realm-idm-pwd-login"/>
|
<ResultCond name="disabled" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="failed" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="lockWarn" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="locked" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="nowLocked" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="ok" next="ob-realm_ob-realm-idm-pwd-login-IdmPostProcessing" authLevel="1"/>
|
<ResultCond name="ok" next="ob-realm_ob-realm-idm-pwd-login-IdmPostProcessing" authLevel="1"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="pwChange" next="ob-realm_ob-realm-idm-pwd-login-IdmPasswordChange"/>
|
<ResultCond name="pwChange" next="ob-realm_ob-realm-idm-pwd-login-IdmPasswordChange"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="tmpLocked" next="ob-realm_ob-realm-idm-pwd-login"/>
|
<ResultCond name="tmpLocked" next="ob-realm_ob-realm-idm-pwd-login-Login"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<Response value="AUTH_CONTINUE">
|
<Response value="AUTH_CONTINUE">
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
@ -90,12 +202,24 @@
|
||||||
<GuiElem name="isiwebpasswd" type="pw-text" label="prompt.password"/>
|
<GuiElem name="isiwebpasswd" type="pw-text" label="prompt.password"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
<GuiElem name="submit" type="button" label="continue.button.label"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="passwordforgottenlink" type="link" label="pwreset.info.linktext" value="/pwreset/start"/>
|
||||||
</Gui>
|
</Gui>
|
||||||
</Response>
|
</Response>
|
||||||
<propertyRef name="nevisIDM_Connector"/>
|
<propertyRef name="nevisIDM_Connector"/>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<property name="user.loginType" value="EMAIL"/>
|
<property name="user.loginType" value="EMAIL"/>
|
||||||
</AuthState>
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-loginInvalidPath" class="ch.nevis.esauth.auth.states.standard.AuthError" final="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="ob-realm-idm-pwd-loginInvalidPath" label="URL Path Invalid">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmPostProcessing" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false">
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmPostProcessing" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false">
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<ResultCond name="SOAP:showGui" next="ob-realm_ob-realm-dispatch-cred-type"/>
|
<ResultCond name="SOAP:showGui" next="ob-realm_ob-realm-dispatch-cred-type"/>
|
||||||
|
@ -368,6 +492,218 @@
|
||||||
<Gui name="ContinueResponse"/>
|
<Gui name="ContinueResponse"/>
|
||||||
</Response>
|
</Response>
|
||||||
</AuthState>
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmTicketVerifyState" class="ch.nevis.idm.authstate.IdmURLTicketVerifyState" final="false" resumeState="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="failed" next="ob-realm_ob-realm-idm-pwd-login-IdmTicketNotFoundState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="locked" next="ob-realm_ob-realm-idm-pwd-login-IdmTicketNotFoundState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="nowLocked" next="ob-realm_ob-realm-idm-pwd-login-IdmTicketNotFoundState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="ok" next="ob-realm_ob-realm-idm-pwd-login-IdmResetPasswordState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="AuthErrorDialog" label="title.pwreset">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
<propertyRef name="nevisIDM_Connector"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmTicketNotFoundState" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="default" next="ob-realm_ob-realm-idm-pwd-login-TerminateSessionState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_CONTINUE">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="AuthDoneDialog" label="title.pwreset">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="error" type="error" label="pwreset.noticket"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmResetPasswordState" class="ch.nevis.idm.authstate.IdmPasswordResetState" final="false" resumeState="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="ok" next="ob-realm_ob-realm-idm-pwd-login-IdmPasswordSetState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="policyFailure" next="ob-realm_ob-realm-idm-pwd-login-IdmResetPasswordState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_CONTINUE">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="AuthInputDialog" label="title.pwreset">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.allowLoginIdPasswordViolated" type="error" label="${notes.policyFailure.allowLoginIdPasswordViolated}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.minLength" type="error" label="${notes.policyFailure.regex.minLength}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.maxLength" type="error" label="${notes.policyFailure.regex.maxLength}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.upper" type="error" label="${notes.policyFailure.regex.upper}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.lower" type="error" label="${notes.policyFailure.regex.lower}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.numeric" type="error" label="${notes.policyFailure.regex.numeric}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.nonLetter" type="error" label="${notes.policyFailure.regex.nonLetter}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.nonAlnum" type="error" label="${notes.policyFailure.regex.nonAlnum}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.control" type="error" label="${notes.policyFailure.regex.control}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.nonGraph" type="error" label="${notes.policyFailure.regex.nonGraph}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.nonAscii" type="error" label="${notes.policyFailure.regex.nonAscii}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.dictionary" type="error" label="${notes.policyFailure.dictionary}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.history.History" type="error" label="${notes.policyFailure.history.History}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyFailure.regex.maxCharacterRepetitions" type="error" label="${notes.policyFailure.regex.maxCharacterRepetitions}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.title" type="info" label="#{!notes.containsKey('lasterror') || notes.lasterror != '4' ? 'policyInfo.title' : ''}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.minLength" type="info" label="${notes.policyInfo.regex.minLength}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.maxLength" type="info" label="${notes.policyInfo.regex.maxLength}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.upper" type="info" label="#{notes['policyInfo.regex.upper'].contains('upper[0]') ? '' : notes['policyInfo.regex.upper']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.lower" type="info" label="#{notes['policyInfo.regex.lower'].contains('lower[0]') ? '' : notes['policyInfo.regex.lower']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.numeric" type="info" label="#{notes['policyInfo.regex.numeric'].contains('numeric[0]') ? '' : notes['policyInfo.regex.numeric']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.nonLetter" type="info" label="#{notes['policyInfo.regex.nonLetter'].contains('nonLetter[0]') ? '' : notes['policyInfo.regex.nonLetter']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.nonAlnum" type="info" label="#{notes['policyInfo.regex.nonAlnum'].contains('nonAlnum[0]') ? '' : notes['policyInfo.regex.nonAlnum']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.control" type="info" label="#{notes['policyInfo.regex.control'].contains('control[0]') ? '' : notes['policyInfo.regex.control']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.nonGraph" type="info" label="#{notes['policyInfo.regex.nonGraph'].contains('nonGraph[0]') ? '' : notes['policyInfo.regex.nonGraph']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.nonAscii" type="info" label="#{notes['policyInfo.regex.nonAscii'].contains('nonAscii[0]') ? '' : notes['policyInfo.regex.nonAscii']}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.dictionary" type="info" label="${notes.policyInfo.dictionary}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.history.History" type="info" label="${notes.policyInfo.history.History}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="policyInfo.regex.maxCharacterRepetitions" type="info" label="${notes.policyInfo.regex.maxCharacterRepetitions}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="isiwebnewpw1" type="pw-text" label="prompt.newpassword"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="isiwebnewpw2" type="pw-text" label="prompt.newpassword.confirm"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
<propertyRef name="nevisIDM_Connector"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-TerminateSessionState" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Arg name="nevis.transfer.type" value="redirect"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Arg name="nevis.transfer.destination" value="${request:currentResource:(https?.//[^/]+).*:$1}#{session.get("redirect")}"/>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmPasswordSetState" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="default" next="ob-realm_ob-realm-idm-pwd-login-IdmSuccessfulChangeState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_CONTINUE">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="AuthDoneDialog" label="title.pwreset">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="info" type="info" label="pwreset.done.info"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmSuccessfulChangeState" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Arg name="nevis.transfer.type" value="redirect"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Arg name="nevis.transfer.destination" value="${request:currentResource:(https?.//[^/]+).*:$1}#{inargs.containsKey("redir") ? inargs.get("redir") : "/"}"/>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmUserVerifyState" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="true" resumeState="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="clientNotFound" next="ob-realm_ob-realm-idm-pwd-login-AuthGenericState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="default" next="ob-realm_ob-realm-idm-pwd-login-AuthGenericState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="failed" next="ob-realm_ob-realm-idm-pwd-login-AuthGenericState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="prospect" next="ob-realm_ob-realm-idm-pwd-login-IdmCreateCredentialState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_CONTINUE">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="AuthInputDialog" label="title.pwreset">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="client" type="text" label="prompt.client" value="#{notes['client'] ? notes['client'] : 'Default' }"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="isiwebuserid" type="text" label="prompt.userid"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
<propertyRef name="nevisIDM_Connector"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<property name="user.loginType" value="EMAIL"/>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-AuthGenericState" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="default" next="ob-realm_ob-realm-idm-pwd-login-TerminateSessionState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_CONTINUE">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="AuthDoneDialog" label="title.pwreset">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="info" type="info" label="pwreset.email.sent"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
</AuthState>
|
||||||
|
<AuthState name="ob-realm_ob-realm-idm-pwd-login-IdmCreateCredentialState" class="ch.nevis.idm.authstate.IdmCreateCredentialState" final="false" resumeState="true">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="clientNotFound" next="ob-realm_ob-realm-idm-pwd-login-IdmCreateCredentialState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="failed" next="ob-realm_ob-realm-idm-pwd-login-IdmCreateCredentialState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<ResultCond name="ok" next="ob-realm_ob-realm-idm-pwd-login-AuthGenericState"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Response value="AUTH_ERROR">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<Gui name="AuthErrorDialog" label="title.pwreset">
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<GuiElem name="continue" type="button" label="continue.button.label" value="true"/>
|
||||||
|
</Gui>
|
||||||
|
</Response>
|
||||||
|
<propertyRef name="nevisIDM_Connector"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<property name="cred.type" value="url_ticket"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<property name="cred.urlPrefix" value="${request:currentResource:(https?.//[^/]+).*:$1}/pwreset/continue/?redir=#{session.get("redirect")}&x="/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<property name="operationIfExists" value="FAIL"/>
|
||||||
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
|
<property name="recreateIfExists" value="true"/>
|
||||||
|
</AuthState>
|
||||||
<AuthState name="ob-realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
<AuthState name="ob-realm_Selector" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
||||||
<ResultCond name="nomatch" next="ob-realm_Prepare_Done"/>
|
<ResultCond name="nomatch" next="ob-realm_Prepare_Done"/>
|
||||||
|
|
|
@ -0,0 +1,59 @@
|
||||||
|
import java.util.regex.Matcher;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
|
def getPathFromURL(url) {
|
||||||
|
def pattern = ~/https?.\/\/[^\/]+(\/[^\?]*|.*).*/
|
||||||
|
def matcher = pattern.matcher(url)
|
||||||
|
|
||||||
|
if (matcher.matches()) {
|
||||||
|
return matcher.group(1)
|
||||||
|
} else {
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def redirectionPath = getPathFromURL(request['currentResource'])
|
||||||
|
def applicationPaths = ["/register/"]
|
||||||
|
def denyRegexes = [".*[\\n\\r]+.*"]
|
||||||
|
|
||||||
|
if (request.getSession(false) == null) {
|
||||||
|
LOG.debug("No session - create new session")
|
||||||
|
session = request.getSession(true).getData()
|
||||||
|
}
|
||||||
|
|
||||||
|
def denied = false
|
||||||
|
if (denyRegexes.size() > 0) {
|
||||||
|
for (def denyRegex : denyRegexes) {
|
||||||
|
def pattern = Pattern.compile(denyRegex)
|
||||||
|
def matcher = pattern.matcher(redirectionPath)
|
||||||
|
|
||||||
|
if (matcher.find()) {
|
||||||
|
denied = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!denied) {
|
||||||
|
session.put('redirect', redirectionPath)
|
||||||
|
response.setResult('ok')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if (!applicationPaths.isEmpty()) {
|
||||||
|
for (String path : applicationPaths) {
|
||||||
|
if (redirectionPath.startsWith(path)) {
|
||||||
|
session.put('redirect', path)
|
||||||
|
response.setResult('ok')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (denied) {
|
||||||
|
response.setResult('redirectionPathInvalid')
|
||||||
|
return
|
||||||
|
} else {
|
||||||
|
session.put('redirect', redirectionPath)
|
||||||
|
response.setResult('ok')
|
||||||
|
return
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
import ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE
|
||||||
|
|
||||||
|
if (inargs['SAMLResponse']) {
|
||||||
|
response.setNote('SAMLResponse', inargs['SAMLResponse'])
|
||||||
|
request.getInArgs().remove('SAMLResponse')
|
||||||
|
response.setResult('processResponse')
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if (inargs['back'] && inargs['back'] == 'go') {
|
||||||
|
response.setStatus(AuthResponse.AUTH_ERROR)
|
||||||
|
response.setTransferDestination(parameters['idp-sso-url'])
|
||||||
|
response.setIsRedirectTransfer(true)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// if we reach this line, display the GUI
|
||||||
|
response.setStatus(AuthResponse.AUTH_CONTINUE)
|
|
@ -44,7 +44,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-0d14bc8d1f507b55c11ab2b807d691b97d55b1dd"
|
tag: "r-ccc3170b00e14827fb232c8f34bca95033f70bc0"
|
||||||
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-logrend"
|
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-logrend"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
podSecurity:
|
podSecurity:
|
||||||
|
|
|
@ -5,7 +5,7 @@ application.gui.substitution=yes
|
||||||
application.input.charset=UTF-8
|
application.input.charset=UTF-8
|
||||||
application.inputs.htmlencode=yes
|
application.inputs.htmlencode=yes
|
||||||
application.loginapp.current=
|
application.loginapp.current=
|
||||||
application.loginapp.default=ob-realm
|
application.loginapp.default=ob-mock-me-realm
|
||||||
application.loginapp.override=header:channel
|
application.loginapp.override=header:channel
|
||||||
application.package.name=nevislogrend
|
application.package.name=nevislogrend
|
||||||
application.render.content.type=text/html; charset=UTF-8
|
application.render.content.type=text/html; charset=UTF-8
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
application.countries.default=CH
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
cache.file.exempt=
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
cache.filefolder.exempt=
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
application.language.source.1=param:language
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
application.language.source.2=cookie:LANG
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
application.language.source.3=gui
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
application.language.source.4=browser
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
application.languages=en,de,fr,it
|
||||||
|
# source: pattern://14b02056879c3b8991597d2b
|
||||||
|
application.languages.default=en
|
||||||
|
# source: pattern://bed300e1196a171ca12db431
|
||||||
|
application.language.cookie.en=LANG:en
|
||||||
|
# source: pattern://bed300e1196a171ca12db431
|
||||||
|
application.language.cookie.de=LANG:de
|
||||||
|
# source: pattern://bed300e1196a171ca12db431
|
||||||
|
application.language.cookie.fr=LANG:fr
|
||||||
|
# source: pattern://bed300e1196a171ca12db431
|
||||||
|
application.language.cookie.it=LANG:it
|
|
@ -0,0 +1,27 @@
|
||||||
|
|
||||||
|
button.submit=Submit
|
||||||
|
error.policy.failed=The new password does not comply with the policy.
|
||||||
|
info.login=Please enter your authentication information.
|
||||||
|
info.signup.passwordless=Log in quickly and securely next time using this device's fingerprint, face recognition, or PIN.
|
||||||
|
info.signup.passwordless.failed=Use the same method you already use on this device for login.
|
||||||
|
info.signup.passwordless.skip=<button name="cancel-bottom" type="submit" value="true" class="btn btn-link link-primary">Skip for now</button>
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
prompt.client=Client
|
||||||
|
prompt.newpassword=New Password
|
||||||
|
prompt.newpassword.confirm=Confirm Password
|
||||||
|
prompt.password=Password
|
||||||
|
prompt.userid=User-ID
|
||||||
|
pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
|
||||||
|
pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
|
||||||
|
pwreset.info.linktext=Password forgotten
|
||||||
|
pwreset.noticket=Your password reset link is no longer valid. Please generate a new one.
|
||||||
|
title=NEVIS SSO Portal
|
||||||
|
title.login=Login
|
||||||
|
title.pwchange.label=Password Change
|
||||||
|
title.pwreset=Password Forgotten
|
||||||
|
title.signup.passwordless=Go passwordless
|
||||||
|
title.signup.passwordless.failed=Failed to turn on passwordless
|
||||||
|
try_again.button.label=Try again
|
|
@ -0,0 +1,27 @@
|
||||||
|
|
||||||
|
button.submit=Senden
|
||||||
|
error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein.
|
||||||
|
info.login=Bitte geben Sie Ihre persönlichen Zugangsdaten ein.
|
||||||
|
info.signup.passwordless=Melden Sie sich beim nächsten Mal schnell und sicher mit dem Fingerabdruck, der Gesichtserkennung oder der PIN dieses Geräts an.
|
||||||
|
info.signup.passwordless.failed=Verwenden Sie dieselbe Methode, die Sie bereits für die Anmeldung verwenden.
|
||||||
|
info.signup.passwordless.skip=<button name="cancel-bottom" type="submit" value="true" class="btn btn-link link-primary">Vorerst überspringen</button>
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
prompt.client=Mandant
|
||||||
|
prompt.newpassword=Neues Passwort
|
||||||
|
prompt.newpassword.confirm=Passwort bestätigen
|
||||||
|
prompt.password=Passwort
|
||||||
|
prompt.userid=Benutzer-ID
|
||||||
|
pwreset.done.info=Ihr Passwort wurde erfolgreich geändert. Bitte klicken Sie auf Weiter, um sich einzuloggen.
|
||||||
|
pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
|
||||||
|
pwreset.info.linktext=Passwort vergessen
|
||||||
|
pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen.
|
||||||
|
title=NEVIS SSO Portal
|
||||||
|
title.login=Login
|
||||||
|
title.pwchange.label=Passwort ändern
|
||||||
|
title.pwreset=Passwort Vergesssen
|
||||||
|
title.signup.passwordless=Login ohne Passwort
|
||||||
|
title.signup.passwordless.failed=Login ohne Passwort konnte nicht aktiviert werden
|
||||||
|
try_again.button.label=Erneut versuchen
|
|
@ -0,0 +1,27 @@
|
||||||
|
|
||||||
|
button.submit=Submit
|
||||||
|
error.policy.failed=The new password does not comply with the policy.
|
||||||
|
info.login=Please enter your authentication information.
|
||||||
|
info.signup.passwordless=Log in quickly and securely next time using this device's fingerprint, face recognition, or PIN.
|
||||||
|
info.signup.passwordless.failed=Use the same method you already use on this device for login.
|
||||||
|
info.signup.passwordless.skip=<button name="cancel-bottom" type="submit" value="true" class="btn btn-link link-primary">Skip for now</button>
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
prompt.client=Client
|
||||||
|
prompt.newpassword=New Password
|
||||||
|
prompt.newpassword.confirm=Confirm Password
|
||||||
|
prompt.password=Password
|
||||||
|
prompt.userid=User-ID
|
||||||
|
pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
|
||||||
|
pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
|
||||||
|
pwreset.info.linktext=Password forgotten
|
||||||
|
pwreset.noticket=Your password reset link is no longer valid. Please generate a new one.
|
||||||
|
title=NEVIS SSO Portal
|
||||||
|
title.login=Login
|
||||||
|
title.pwchange.label=Password Change
|
||||||
|
title.pwreset=Password Forgotten
|
||||||
|
title.signup.passwordless=Go passwordless
|
||||||
|
title.signup.passwordless.failed=Failed to turn on passwordless
|
||||||
|
try_again.button.label=Try again
|
|
@ -0,0 +1,27 @@
|
||||||
|
|
||||||
|
button.submit=Envoyer
|
||||||
|
error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité
|
||||||
|
info.login=Veuillez entrer vos éléments de sécurité ci-après.
|
||||||
|
info.signup.passwordless=Connectez-vous rapidement et en toute sécurité la prochaine fois en utilisant l'empreinte digitale, la reconnaissance faciale ou le code PIN de cet appareil.
|
||||||
|
info.signup.passwordless.failed=Utilisez la même méthode que vous utilisez déjà sur cet appareil pour vous connecter.
|
||||||
|
info.signup.passwordless.skip=<button name="cancel-bottom" type="submit" value="true" class="btn btn-link link-primary">Sauter pour le moment</button>
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
prompt.client=Client
|
||||||
|
prompt.newpassword=Nouveau mot de passe
|
||||||
|
prompt.newpassword.confirm=Confirmez le mot de passe
|
||||||
|
prompt.password=Mot de passe
|
||||||
|
prompt.userid=ID de l'utilisateur
|
||||||
|
pwreset.done.info=Votre mot de passe a été changé avec succès. Veuillez cliquer sur continuer pour vous connecter.
|
||||||
|
pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe.
|
||||||
|
pwreset.info.linktext=Mot de passe oublié
|
||||||
|
pwreset.noticket=Votre lien n'est plus valide. Veuillez en générer un nouveau.
|
||||||
|
title=NEVIS SSO Portal
|
||||||
|
title.login=Login
|
||||||
|
title.pwchange.label=Changer mot de passe
|
||||||
|
title.pwreset=Mot de Passe Oublié
|
||||||
|
title.signup.passwordless=Aller sans mot de passe
|
||||||
|
title.signup.passwordless.failed=Impossible d'activer le sans mot de passe
|
||||||
|
try_again.button.label=Essayez à nouveau
|
|
@ -0,0 +1,27 @@
|
||||||
|
|
||||||
|
button.submit=Continua
|
||||||
|
error.policy.failed=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password.
|
||||||
|
info.login=Per favore inserisca i suoi dati di accesso.
|
||||||
|
info.signup.passwordless=Accedi in modo rapido e sicuro la prossima volta utilizzando l'impronta digitale, il riconoscimento facciale o il PIN di questo dispositivo.
|
||||||
|
info.signup.passwordless.failed=Utilizza lo stesso metodo che usi già su questo dispositivo per il login.
|
||||||
|
info.signup.passwordless.skip=<button name="cancel-bottom" type="submit" value="true" class="btn btn-link link-primary">Saltare per ora</button>
|
||||||
|
language.de=Deutsch
|
||||||
|
language.en=English
|
||||||
|
language.fr=Français
|
||||||
|
language.it=Italiano
|
||||||
|
prompt.client=Mandator
|
||||||
|
prompt.newpassword=Nuova Password
|
||||||
|
prompt.newpassword.confirm=Conferma password
|
||||||
|
prompt.password=Password
|
||||||
|
prompt.userid=Nome utente
|
||||||
|
pwreset.done.info=La password è stata modificata con successo. Fare clic su continua per accedere.
|
||||||
|
pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
|
||||||
|
pwreset.info.linktext=Password dimenticata
|
||||||
|
pwreset.noticket=Il biglietto per la reimpostazione della password non è più valido. Si prega di generarne uno nuovo.
|
||||||
|
title=NEVIS SSO Portal
|
||||||
|
title.login=Login
|
||||||
|
title.pwchange.label=Cambiare Password
|
||||||
|
title.pwreset=Password Dimenticata
|
||||||
|
title.signup.passwordless=Vai senza password
|
||||||
|
title.signup.passwordless.failed=Impossibile attivare senza password
|
||||||
|
try_again.button.label=Riprova
|
|
@ -0,0 +1,165 @@
|
||||||
|
let baseURL; // base URL
|
||||||
|
let statusToken; // used to check progress
|
||||||
|
let dispatcherElement; // to display link or QR code
|
||||||
|
let infoElement; // to display info text
|
||||||
|
let errorElement; // to display error text
|
||||||
|
|
||||||
|
function addInput(form, name, value) {
|
||||||
|
const input = document.createElement("input");
|
||||||
|
input.name = name;
|
||||||
|
input.value = value;
|
||||||
|
form.appendChild(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
function submitStatus(status) {
|
||||||
|
// we have to do a form POST instead of AJAX
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
addInput(form, "status", status);
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
|
||||||
|
const Status = {
|
||||||
|
_pollInterval: 2 * 1000, // Check every 2 seconds
|
||||||
|
latest: null,
|
||||||
|
|
||||||
|
startPolling: function (token, uiCallback) {
|
||||||
|
let interval = setInterval(async () => {
|
||||||
|
await this._check(token).then(function (resp) {
|
||||||
|
console.log("Polling status: %o", resp);
|
||||||
|
uiCallback && uiCallback(resp, false);
|
||||||
|
return Status.latest = resp;
|
||||||
|
})
|
||||||
|
.catch(function (err) {
|
||||||
|
console.error("Error during polling: %o", err);
|
||||||
|
return false;
|
||||||
|
});
|
||||||
|
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
|
||||||
|
// Done!
|
||||||
|
console.log('Latest status is: %o', this.latest);
|
||||||
|
uiCallback && uiCallback(this.latest, true);
|
||||||
|
clearInterval(interval);
|
||||||
|
}
|
||||||
|
}, this._pollInterval);
|
||||||
|
},
|
||||||
|
|
||||||
|
_check: async function (token) {
|
||||||
|
const payload = { statusToken: token };
|
||||||
|
const response = await fetch(baseURL + 'api/v1/status', {
|
||||||
|
method: 'POST',
|
||||||
|
mode: 'cors',
|
||||||
|
cache: 'no-cache',
|
||||||
|
credentials: 'omit',
|
||||||
|
headers: {
|
||||||
|
'Accept': 'application/json',
|
||||||
|
'Content-Type': 'application/json;charset=utf-8'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(payload),
|
||||||
|
redirect: 'follow',
|
||||||
|
referrerPolicy: 'no-referrer'
|
||||||
|
});
|
||||||
|
|
||||||
|
return await response.json();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
function setDeepLinkLabel(button) {
|
||||||
|
const text = document.getElementsByName('info.deeplink')[0].value;
|
||||||
|
button.innerHTML = text;
|
||||||
|
}
|
||||||
|
|
||||||
|
function messageScanQR() {
|
||||||
|
const text = document.getElementsByName('info.qrcode')[0].value;
|
||||||
|
infoElement.innerHTML = text;
|
||||||
|
}
|
||||||
|
|
||||||
|
function messageCheckPhone() {
|
||||||
|
const text = document.getElementsByName('info.check.phone')[0].value;
|
||||||
|
infoElement.innerHTML = text;
|
||||||
|
}
|
||||||
|
|
||||||
|
const Element = {
|
||||||
|
|
||||||
|
_elem: null, // QR code or deep link depending on device
|
||||||
|
|
||||||
|
show: function (appLink) {
|
||||||
|
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
|
||||||
|
const isIphone = 'iPhone' === navigator.platform;
|
||||||
|
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
|
||||||
|
if (isAndroid || isIphone) {
|
||||||
|
this._elem = document.createElement('a');
|
||||||
|
this._elem.setAttribute('href', appLink);
|
||||||
|
this._elem.setAttribute('class', 'btn btn-primary');
|
||||||
|
this._elem.setAttribute('target', '_blank');
|
||||||
|
dispatcherElement.appendChild(this._elem);
|
||||||
|
setDeepLinkLabel(this._elem);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
const authenticationType = document.getElementsByName('authenticationType')[0].value;
|
||||||
|
if (authenticationType == 'push') {
|
||||||
|
messageCheckPhone();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
messageScanQR();
|
||||||
|
this._elem = document.createElement('canvas');
|
||||||
|
dispatcherElement.appendChild(this._elem);
|
||||||
|
var qrcode = new QRious({
|
||||||
|
element: this._elem,
|
||||||
|
foreground: "#168CA9",
|
||||||
|
level: "M",
|
||||||
|
size: 280,
|
||||||
|
value: appLink
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
hide: function() {
|
||||||
|
// hide the element which was shown
|
||||||
|
if (this._elem != null) {
|
||||||
|
this._elem.style.display = "none";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
function authenticateUser(appLink) {
|
||||||
|
Element.show(appLink);
|
||||||
|
console.log('Starting Authentication Cloud status polling...');
|
||||||
|
Status.startPolling(statusToken, (st, done) => {
|
||||||
|
if (st.status === 'succeeded') {
|
||||||
|
console.log('Authentication Cloud login done.');
|
||||||
|
submitStatus('succeeded')
|
||||||
|
}
|
||||||
|
else if (st.status === 'failed') {
|
||||||
|
// failed: The transaction failed, either by timeout or because the user did not accept.
|
||||||
|
console.warn('Authentication Cloud login failed. User abort or timeout.');
|
||||||
|
submitStatus('failed')
|
||||||
|
}
|
||||||
|
else if (st.status === 'unknown') {
|
||||||
|
console.error('Authentication Cloud login failed. Unknown status.');
|
||||||
|
submitStatus('unknown')
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function init() {
|
||||||
|
|
||||||
|
const form = document.getElementById('authcloud_login');
|
||||||
|
|
||||||
|
baseURL = form.url.value;
|
||||||
|
statusToken = form.statusToken.value;
|
||||||
|
|
||||||
|
infoElement = document.getElementById('authcloud_info');
|
||||||
|
errorElement = document.getElementById('authcloud_error');
|
||||||
|
|
||||||
|
dispatcherElement = document.getElementById('authcloud_dispatch');
|
||||||
|
|
||||||
|
const appLink = form.appLink.value;
|
||||||
|
authenticateUser(appLink);
|
||||||
|
}
|
||||||
|
|
||||||
|
window.onload = function() {
|
||||||
|
init();
|
||||||
|
};
|
|
@ -0,0 +1,154 @@
|
||||||
|
let baseURL; // base URL
|
||||||
|
let statusToken; // used to check progress
|
||||||
|
let dispatcherElement; // to display link or QR code
|
||||||
|
let infoElement; // to display info text
|
||||||
|
let errorElement; // to display error text
|
||||||
|
|
||||||
|
function addInput(form, name, value) {
|
||||||
|
const input = document.createElement("input");
|
||||||
|
input.name = name;
|
||||||
|
input.value = value;
|
||||||
|
form.appendChild(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
function submitStatus(status) {
|
||||||
|
// we have to do a form POST instead of AJAX
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
addInput(form, "status", status);
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
|
||||||
|
const Status = {
|
||||||
|
_pollInterval: 2 * 1000, // Check every 2 seconds
|
||||||
|
latest: null,
|
||||||
|
|
||||||
|
startPolling: function (token, uiCallback) {
|
||||||
|
let interval = setInterval(async () => {
|
||||||
|
await this._check(token).then(function (resp) {
|
||||||
|
console.log("Polling status: %o", resp);
|
||||||
|
uiCallback && uiCallback(resp, false);
|
||||||
|
return Status.latest = resp;
|
||||||
|
})
|
||||||
|
.catch(function (err) {
|
||||||
|
console.error("Error during polling: %o", err);
|
||||||
|
return false;
|
||||||
|
});
|
||||||
|
if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) {
|
||||||
|
// Done!
|
||||||
|
console.log('Latest status is: %o', this.latest);
|
||||||
|
uiCallback && uiCallback(this.latest, true);
|
||||||
|
clearInterval(interval);
|
||||||
|
}
|
||||||
|
}, this._pollInterval);
|
||||||
|
},
|
||||||
|
|
||||||
|
_check: async function (token) {
|
||||||
|
const payload = { statusToken: token };
|
||||||
|
const response = await fetch(baseURL + 'api/v1/status', {
|
||||||
|
method: 'POST',
|
||||||
|
mode: 'cors',
|
||||||
|
cache: 'no-cache',
|
||||||
|
credentials: 'omit',
|
||||||
|
headers: {
|
||||||
|
'Accept': 'application/json',
|
||||||
|
'Content-Type': 'application/json;charset=utf-8'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(payload),
|
||||||
|
redirect: 'follow',
|
||||||
|
referrerPolicy: 'no-referrer'
|
||||||
|
});
|
||||||
|
|
||||||
|
return await response.json();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
function setDeepLinkLabel(button) {
|
||||||
|
const text = document.getElementsByName('info.deeplink')[0].value;
|
||||||
|
button.innerHTML = text;
|
||||||
|
}
|
||||||
|
|
||||||
|
function messageScanQR() {
|
||||||
|
const text = document.getElementsByName('info.qrcode')[0].value;
|
||||||
|
infoElement.innerHTML = text;
|
||||||
|
}
|
||||||
|
|
||||||
|
const Element = {
|
||||||
|
|
||||||
|
_elem: null, // QR code or deep link depending on device
|
||||||
|
|
||||||
|
show: function (appLink) {
|
||||||
|
const userAgent = navigator.userAgent || navigator.vendor || window.opera;
|
||||||
|
const isIphone = 'iPhone' === navigator.platform;
|
||||||
|
const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent);
|
||||||
|
if (isAndroid || isIphone) {
|
||||||
|
this._elem = document.createElement('a');
|
||||||
|
this._elem.setAttribute('href', appLink);
|
||||||
|
this._elem.setAttribute('class', 'btn btn-primary');
|
||||||
|
this._elem.setAttribute('target', '_blank');
|
||||||
|
dispatcherElement.appendChild(this._elem);
|
||||||
|
setDeepLinkLabel(this._elem);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
messageScanQR();
|
||||||
|
this._elem = document.createElement('canvas');
|
||||||
|
dispatcherElement.appendChild(this._elem);
|
||||||
|
var qrcode = new QRious({
|
||||||
|
element: this._elem,
|
||||||
|
foreground: "#168CA9",
|
||||||
|
level: "M",
|
||||||
|
size: 280,
|
||||||
|
value: appLink
|
||||||
|
});
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
hide: function() {
|
||||||
|
// hide the element which was shown
|
||||||
|
if (this._elem != null) {
|
||||||
|
this._elem.style.display = "none";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
function onboardUser(appLink) {
|
||||||
|
Element.show(appLink);
|
||||||
|
console.log('Starting Authentication Cloud status polling...');
|
||||||
|
Status.startPolling(statusToken, (st, done) => {
|
||||||
|
if (st.status === 'succeeded') {
|
||||||
|
console.log('Authentication Cloud onboarding done.');
|
||||||
|
submitStatus('succeeded')
|
||||||
|
}
|
||||||
|
else if (st.status === 'failed') {
|
||||||
|
// failed: The transaction failed, either by timeout or because the user did not accept.
|
||||||
|
console.warn('Authentication Cloud onboarding failed. User abort or timeout.');
|
||||||
|
submitStatus('failed')
|
||||||
|
}
|
||||||
|
else if (st.status === 'unknown') {
|
||||||
|
console.error('Authentication Cloud onboarding failed. Unknown status.');
|
||||||
|
submitStatus('unknown')
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
function init() {
|
||||||
|
|
||||||
|
const form = document.getElementById('authcloud_onboard');
|
||||||
|
|
||||||
|
baseURL = form.url.value;
|
||||||
|
statusToken = form.statusToken.value;
|
||||||
|
|
||||||
|
infoElement = document.getElementById('authcloud_info');
|
||||||
|
errorElement = document.getElementById('authcloud_error');
|
||||||
|
|
||||||
|
dispatcherElement = document.getElementById('authcloud_dispatch');
|
||||||
|
|
||||||
|
const appLink = form.appLink.value;
|
||||||
|
onboardUser(appLink);
|
||||||
|
}
|
||||||
|
|
||||||
|
window.onload = function() {
|
||||||
|
init();
|
||||||
|
};
|
|
@ -0,0 +1,87 @@
|
||||||
|
/*
|
||||||
|
* Base64URL-ArrayBuffer
|
||||||
|
* https://github.com/herrjemand/Base64URL-ArrayBuffer
|
||||||
|
*
|
||||||
|
* Copyright (c) 2017 Yuriy Ackermann <ackermann.yuriy@gmail.com>
|
||||||
|
* Copyright (c) 2012 Niklas von Hertzen
|
||||||
|
* Licensed under the MIT license.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
(function() {
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
|
||||||
|
|
||||||
|
// Use a lookup table to find the index.
|
||||||
|
var lookup = new Uint8Array(256);
|
||||||
|
for (var i = 0; i < chars.length; i++) {
|
||||||
|
lookup[chars.charCodeAt(i)] = i;
|
||||||
|
}
|
||||||
|
|
||||||
|
var encode = function(arraybuffer) {
|
||||||
|
var bytes = new Uint8Array(arraybuffer),
|
||||||
|
i, len = bytes.length, base64 = "";
|
||||||
|
|
||||||
|
for (i = 0; i < len; i+=3) {
|
||||||
|
base64 += chars[bytes[i] >> 2];
|
||||||
|
base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)];
|
||||||
|
base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)];
|
||||||
|
base64 += chars[bytes[i + 2] & 63];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((len % 3) === 2) {
|
||||||
|
base64 = base64.substring(0, base64.length - 1);
|
||||||
|
} else if (len % 3 === 1) {
|
||||||
|
base64 = base64.substring(0, base64.length - 2);
|
||||||
|
}
|
||||||
|
|
||||||
|
return base64;
|
||||||
|
};
|
||||||
|
|
||||||
|
var decode = function(base64) {
|
||||||
|
var bufferLength = base64.length * 0.75,
|
||||||
|
len = base64.length, i, p = 0,
|
||||||
|
encoded1, encoded2, encoded3, encoded4;
|
||||||
|
|
||||||
|
var arraybuffer = new ArrayBuffer(bufferLength),
|
||||||
|
bytes = new Uint8Array(arraybuffer);
|
||||||
|
|
||||||
|
for (i = 0; i < len; i+=4) {
|
||||||
|
encoded1 = lookup[base64.charCodeAt(i)];
|
||||||
|
encoded2 = lookup[base64.charCodeAt(i+1)];
|
||||||
|
encoded3 = lookup[base64.charCodeAt(i+2)];
|
||||||
|
encoded4 = lookup[base64.charCodeAt(i+3)];
|
||||||
|
|
||||||
|
bytes[p++] = (encoded1 << 2) | (encoded2 >> 4);
|
||||||
|
bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2);
|
||||||
|
bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63);
|
||||||
|
}
|
||||||
|
|
||||||
|
return arraybuffer;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Exporting and stuff
|
||||||
|
*/
|
||||||
|
if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') {
|
||||||
|
module.exports = {
|
||||||
|
'encode': encode,
|
||||||
|
'decode': decode
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
if (typeof define === 'function' && define.amd) {
|
||||||
|
define([], function() {
|
||||||
|
return {
|
||||||
|
'encode': encode,
|
||||||
|
'decode': decode
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
window.base64url = {
|
||||||
|
'encode': encode,
|
||||||
|
'decode': decode
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})();
|
|
@ -0,0 +1,222 @@
|
||||||
|
/********************************************************
|
||||||
|
* Layout
|
||||||
|
********************************************************/
|
||||||
|
|
||||||
|
html { /* magic to position footer */
|
||||||
|
position: relative;
|
||||||
|
min-height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
body {
|
||||||
|
margin-bottom: 76px; /* == footer height */
|
||||||
|
}
|
||||||
|
|
||||||
|
.container, .container-fluid {
|
||||||
|
padding-left: 36px;
|
||||||
|
padding-right: 36px;
|
||||||
|
}
|
||||||
|
|
||||||
|
nav {
|
||||||
|
min-height: 100px;
|
||||||
|
padding: 36px;
|
||||||
|
}
|
||||||
|
|
||||||
|
header {
|
||||||
|
margin-bottom: 16px; /* h1.logintitle adds 20px => 36px */
|
||||||
|
}
|
||||||
|
|
||||||
|
.container {
|
||||||
|
min-width: 260px;
|
||||||
|
max-width: 700px;
|
||||||
|
}
|
||||||
|
|
||||||
|
h1 {
|
||||||
|
margin-bottom: 50px;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer {
|
||||||
|
width: 100%;
|
||||||
|
position: absolute;
|
||||||
|
bottom: 0;
|
||||||
|
padding: 0 36px;
|
||||||
|
}
|
||||||
|
|
||||||
|
img {
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
/********************************************************
|
||||||
|
* Header
|
||||||
|
********************************************************/
|
||||||
|
|
||||||
|
header .logo {
|
||||||
|
/* width: 20%;*/
|
||||||
|
/*max-width: 600px;*/
|
||||||
|
max-height: 150px;
|
||||||
|
width: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
/********************************************************
|
||||||
|
* Dropdown
|
||||||
|
********************************************************/
|
||||||
|
a.dropdown-toggle {
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
a.dropdown-toggle:hover {
|
||||||
|
color: #168CA9;
|
||||||
|
border-bottom: 3px solid #168CA9;
|
||||||
|
}
|
||||||
|
|
||||||
|
.dropdown-menu {
|
||||||
|
padding: 5px 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.dropdown-menu li > a {
|
||||||
|
padding: 6px 28px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.dropdown-menu a > .prefix {
|
||||||
|
display: inline-block;
|
||||||
|
min-width: 22px;
|
||||||
|
margin-right: 28px;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
/********************************************************
|
||||||
|
* Form
|
||||||
|
********************************************************/
|
||||||
|
|
||||||
|
/* Labels should not be bold */
|
||||||
|
label {
|
||||||
|
font-weight: normal;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Make error messages bold */
|
||||||
|
.has-error .help-block {
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Change button size, by default 116px in width */
|
||||||
|
.btn {
|
||||||
|
min-width: 116px;
|
||||||
|
padding: 3px 12px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Disable gradient in buttons, ughhhh */
|
||||||
|
.btn.btn-primary {
|
||||||
|
border-color: transparent;
|
||||||
|
background-image: none;
|
||||||
|
text-shadow: none;
|
||||||
|
box-shadow: none;
|
||||||
|
-webkit-box-shadow: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.help-block a, .help-block a:visited {
|
||||||
|
color: #168CA9;
|
||||||
|
font-weight: bold;
|
||||||
|
text-decoration: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.help-block a:hover {
|
||||||
|
color: #168CA9;
|
||||||
|
text-decoration: underline;
|
||||||
|
}
|
||||||
|
|
||||||
|
/********************************************************
|
||||||
|
* Footer
|
||||||
|
********************************************************/
|
||||||
|
footer .row {
|
||||||
|
margin: 36px 0 0 0;
|
||||||
|
height: 40px;
|
||||||
|
padding-top: 14px;
|
||||||
|
line-height: 26px; /* to center text: height - padding-top = 26px */
|
||||||
|
border-top: 1px solid #168CA9;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer .row > div { /* Fix alignment between border + text on Bootstrap grid */
|
||||||
|
padding: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer .logo-round-container {
|
||||||
|
position: relative;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer .logo-round {
|
||||||
|
position: absolute;
|
||||||
|
left: 0;
|
||||||
|
right: 0;
|
||||||
|
top: -33px; /* found visually with Chrome Dev Tools */
|
||||||
|
height: 36px;
|
||||||
|
width: 36px;
|
||||||
|
border: 1px solid #00868c;
|
||||||
|
border-radius: 18px;
|
||||||
|
background: #fff;
|
||||||
|
padding: 8px;
|
||||||
|
}
|
||||||
|
|
||||||
|
footer .logo-round > img {
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
#dispatchTargets {
|
||||||
|
margin-top: 20px;
|
||||||
|
}
|
||||||
|
|
||||||
|
/********************************************************
|
||||||
|
* Social login
|
||||||
|
********************************************************/
|
||||||
|
.btn.line {
|
||||||
|
background-color: transparent;
|
||||||
|
display: block;
|
||||||
|
width: 100%;
|
||||||
|
padding: 0;
|
||||||
|
margin: 1.5em 0 1em;
|
||||||
|
border: 0.5px solid #ccc;
|
||||||
|
pointer-events: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.btn.socialLogin {
|
||||||
|
background-color: #fff;
|
||||||
|
border: thin solid #ccc;
|
||||||
|
color: #000;
|
||||||
|
font-weight: 600;
|
||||||
|
position: relative;
|
||||||
|
margin: 5px;
|
||||||
|
min-width: 140px;
|
||||||
|
width: 210px;
|
||||||
|
border-radius: 8px;
|
||||||
|
padding: 8px 12px;
|
||||||
|
text-align: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
.socialLogin img {
|
||||||
|
width: 1.5em;
|
||||||
|
height: 108%;
|
||||||
|
margin-right: 0.5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.btn.apple img {
|
||||||
|
width: 1.2em;
|
||||||
|
}
|
||||||
|
|
||||||
|
/********************************************************
|
||||||
|
* Show password
|
||||||
|
********************************************************/
|
||||||
|
.icon-inside {
|
||||||
|
position: relative;
|
||||||
|
}
|
||||||
|
|
||||||
|
.icon-inside input {
|
||||||
|
padding-right: calc(0.75rem + 1.25rem + 0.75rem);
|
||||||
|
}
|
||||||
|
|
||||||
|
.icon-inside button {
|
||||||
|
position: absolute;
|
||||||
|
right: 0;
|
||||||
|
top: 0;
|
||||||
|
margin-top: 0.45rem;
|
||||||
|
margin-right: 0.45rem;
|
||||||
|
background: #FFFFFF;
|
||||||
|
border: #FFFFFF;
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
(function() {
|
||||||
|
var closeDropdownTimeout;
|
||||||
|
|
||||||
|
function closeDropdown(event) {
|
||||||
|
var dropdowns = document.querySelectorAll('.dropdown');
|
||||||
|
for (var i = 0; i < dropdowns.length; i++) {
|
||||||
|
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
|
||||||
|
if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) {
|
||||||
|
dropdownMenu.style.display = 'none';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// remove event listener till we have a new dropdown menu open
|
||||||
|
if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) {
|
||||||
|
document.removeEventListener('click', closeDropdown);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var dropdowns = document.querySelectorAll('.dropdown');
|
||||||
|
for (var i = 0; i < dropdowns.length; i++) {
|
||||||
|
var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu');
|
||||||
|
dropdownMenu.style.display = 'none'; // ensure menu is initially hidden
|
||||||
|
|
||||||
|
dropdowns[i].addEventListener('click', function(e) {
|
||||||
|
// show dropdown menu
|
||||||
|
var dropdownMenu = this.querySelector('.dropdown-menu');
|
||||||
|
dropdownMenu.style.display = 'block';
|
||||||
|
|
||||||
|
// handle clicking away
|
||||||
|
clearTimeout(closeDropdownTimeout);
|
||||||
|
closeDropdownTimeout = setTimeout(function() {
|
||||||
|
document.addEventListener('click', closeDropdown);
|
||||||
|
}, 10);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}());
|
|
@ -0,0 +1,98 @@
|
||||||
|
var e2eenc = function() {
|
||||||
|
|
||||||
|
this.encryptForm = function(algoString, formId) {
|
||||||
|
// TODO: in case of an error we should return false, to prevent the for to be submitted
|
||||||
|
// or replace the fields with dummy values, just to prevent the the transmission
|
||||||
|
// of unencrypted values
|
||||||
|
|
||||||
|
|
||||||
|
// create the array of input fields to encrypt (needs to be done before setting the form
|
||||||
|
// invisible
|
||||||
|
var fieldsToEncrypt = new Array();
|
||||||
|
$.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));});
|
||||||
|
|
||||||
|
// hide the form, and display the splash screen
|
||||||
|
$('#loginform').css('display','none');
|
||||||
|
$('#e2eeSplashScreen').css('display','block');
|
||||||
|
|
||||||
|
// encryption logic
|
||||||
|
var pubKey = $("input[name='e2eenc.publicKey']").val();
|
||||||
|
|
||||||
|
var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey)
|
||||||
|
var iv = forge.random.getBytesSync(16);
|
||||||
|
keyB64 = forge.util.encode64(kemSessionKey.key);
|
||||||
|
encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation);
|
||||||
|
ivB64 = forge.util.encode64(iv);
|
||||||
|
|
||||||
|
//console.log("Encrypting form " + formId + " (" + algoString + ")");
|
||||||
|
var fields = "";
|
||||||
|
$.each(fieldsToEncrypt, function(index, _inputField) {
|
||||||
|
var inputField = $(_inputField);
|
||||||
|
if (inputField.attr("type") == "text" || inputField.attr("type") == "password") {
|
||||||
|
//console.log("Encrypting field " + JSON.stringify(inputField));
|
||||||
|
var plainValue = inputField.val();
|
||||||
|
|
||||||
|
var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue);
|
||||||
|
//console.log("Setting encrypted value in b64: " + encryptedValueB64);
|
||||||
|
inputField.val(encryptedValueB64);
|
||||||
|
if (fields.length > 0) {
|
||||||
|
fields = fields + ","
|
||||||
|
}
|
||||||
|
fields = fields + inputField.attr("name");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
$("input[name='e2eenc.iv']").val(ivB64);
|
||||||
|
$("input[name='e2eenc.encapsulation']").val(encapsulationB64);
|
||||||
|
$("input[name='e2eenc.fields']").val(fields);
|
||||||
|
}
|
||||||
|
|
||||||
|
function getRSApublicKey(pem) {
|
||||||
|
//console.log("PEM: " + pem);
|
||||||
|
|
||||||
|
var msg = forge.pem.decode(pem)[0];
|
||||||
|
|
||||||
|
//console.log("msg type: " + msg.type);
|
||||||
|
|
||||||
|
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
|
||||||
|
throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.');
|
||||||
|
}
|
||||||
|
|
||||||
|
// convert DER to ASN.1 object
|
||||||
|
var asn1obj = forge.asn1.fromDer(msg.body);
|
||||||
|
//console.log("ASN.1 obj: " + JSON.stringify(asn1obj))
|
||||||
|
|
||||||
|
var pubKey = forge.pki.publicKeyFromAsn1(asn1obj)
|
||||||
|
//console.log("PubKey: " + JSON.stringify(pubKey))
|
||||||
|
return pubKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
function generateKEMSessionKey(rsaPublicKey) {
|
||||||
|
// generate key-derivation-function and initializes it with sha1
|
||||||
|
var kdf1 = new forge.kem.kdf1(forge.md.sha1.create());
|
||||||
|
// creates a KEM function based on the key-derivation-function created above
|
||||||
|
var kem = forge.kem.rsa.create(kdf1);
|
||||||
|
// generate and encapsulate a 16-byte secret key.
|
||||||
|
// The secret key is generated using the kdf defined above.
|
||||||
|
var kemSessionKey = kem.encrypt(rsaPublicKey, 16);
|
||||||
|
// kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key)
|
||||||
|
return kemSessionKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
function readPublicKeyAndGenerateSessionKey(pem) {
|
||||||
|
var rsaPublicKey = getRSApublicKey(pem);
|
||||||
|
//console.log("PubKey: " + JSON.stringify(rsaPublicKey))
|
||||||
|
var kemSessionKey = generateKEMSessionKey(rsaPublicKey);
|
||||||
|
//console.log("KEM session key: " + JSON.stringify(kemSessionKey))
|
||||||
|
return kemSessionKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
function encrypt(kemSessionKey, iv, msg) {
|
||||||
|
var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key);
|
||||||
|
cipher.start({iv: iv});
|
||||||
|
cipher.update(forge.util.createBuffer(msg, 'utf-8'));
|
||||||
|
cipher.finish();
|
||||||
|
var encrypted = cipher.output.getBytes();
|
||||||
|
encryptedB64 = forge.util.encode64(encrypted);
|
||||||
|
return encryptedB64;
|
||||||
|
}
|
||||||
|
};
|
|
@ -0,0 +1,3 @@
|
||||||
|
<svg width="22" height="20" viewBox="0 0 22 20" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||||
|
<path d="M2 1L5.58916 4.58916M20 19L16.4112 15.4112M12.8749 16.8246C12.2677 16.9398 11.6411 17 11.0005 17C6.52281 17 2.73251 14.0571 1.45825 9.99997C1.80515 8.8955 2.33851 7.87361 3.02143 6.97118M8.87868 7.87868C9.42157 7.33579 10.1716 7 11 7C12.6569 7 14 8.34315 14 10C14 10.8284 13.6642 11.5784 13.1213 12.1213M8.87868 7.87868L13.1213 12.1213M8.87868 7.87868L5.58916 4.58916M13.1213 12.1213L5.58916 4.58916M13.1213 12.1213L16.4112 15.4112M5.58916 4.58916C7.14898 3.58354 9.00656 3 11.0004 3C15.4781 3 19.2684 5.94291 20.5426 10C19.8357 12.2507 18.3545 14.1585 16.4112 15.4112" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 769 B |
|
@ -0,0 +1,4 @@
|
||||||
|
<svg width="22" height="16" viewBox="0 0 22 16" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||||
|
<path d="M14 8C14 9.65685 12.6569 11 11 11C9.34315 11 8 9.65685 8 8C8 6.34315 9.34315 5 11 5C12.6569 5 14 6.34315 14 8Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
||||||
|
<path d="M1.45825 7.99997C2.73253 3.94288 6.52281 1 11.0004 1C15.4781 1 19.2684 3.94291 20.5426 8.00004C19.2684 12.0571 15.4781 15 11.0005 15C6.52281 15 2.73251 12.0571 1.45825 7.99997Z" stroke="#6D7C80" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 585 B |
|
@ -0,0 +1,61 @@
|
||||||
|
(function() {
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
async function assertion(options) {
|
||||||
|
let credential;
|
||||||
|
try {
|
||||||
|
credential = await navigator.credentials.get({ "publicKey": options });
|
||||||
|
}
|
||||||
|
// Cancel and timeout can occur besides error
|
||||||
|
catch (error) {
|
||||||
|
console.error(`Failed to get WebAuthn credential: ${error}`);
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
addInput(form, "path", "/nevisfido/fido2/assertion/result")
|
||||||
|
addInput(form, "id", credential.id);
|
||||||
|
addInput(form, "type", credential.type);
|
||||||
|
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
|
||||||
|
addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData));
|
||||||
|
addInput(form, "response.signature", base64url.encode(credential.response.signature));
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
|
||||||
|
function authenticate() {
|
||||||
|
// WebAuthn feature detection
|
||||||
|
if (!isWebAuthnSupportedByTheBrowser()) {
|
||||||
|
cancelFido2();
|
||||||
|
return;
|
||||||
|
};
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
request.path = "/nevisfido/fido2/attestation/options";
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
})
|
||||||
|
.then(res => res.json())
|
||||||
|
.then(options => {
|
||||||
|
options.challenge = base64url.decode(options.challenge);
|
||||||
|
options.allowCredentials = options.allowCredentials.map((c) => {
|
||||||
|
c.id = base64url.decode(c.id);
|
||||||
|
return c;
|
||||||
|
});
|
||||||
|
return assertion(options);
|
||||||
|
}).catch((error) => {
|
||||||
|
console.error(`Error during FIDO2 authentication: ${error}`);
|
||||||
|
cancelFido2();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
authenticate();
|
||||||
|
})();
|
|
@ -0,0 +1,175 @@
|
||||||
|
(function() {
|
||||||
|
'use strict'
|
||||||
|
|
||||||
|
async function authenticate(username, params) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params;
|
||||||
|
const { startAuthentication } = SimpleWebAuthnBrowser;
|
||||||
|
|
||||||
|
// fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use
|
||||||
|
const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint);
|
||||||
|
const fido2SessionId = authOptRespJson.fido2SessionId;
|
||||||
|
|
||||||
|
// do the client side authentication using the SimpleWebAuthn JS library
|
||||||
|
const authRespJson = await startAuthentication(authOptRespJson);
|
||||||
|
|
||||||
|
// in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests)
|
||||||
|
// then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it
|
||||||
|
if (!authRespJson.response.userHandle) {
|
||||||
|
const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint);
|
||||||
|
|
||||||
|
if (statusRespJson && statusRespJson.userId) {
|
||||||
|
console.log("adding userHandle: " + statusRespJson.userId);
|
||||||
|
authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
throw new Error('userHandle is missing and could not determine it using the status service');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
console.log("userHandle already set: " + authRespJson.response.userHandle);
|
||||||
|
}
|
||||||
|
|
||||||
|
// send the assertion response created by the authenticator to nevisFIDO
|
||||||
|
const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint);
|
||||||
|
|
||||||
|
// checking the server response of nevisFIDO
|
||||||
|
if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) {
|
||||||
|
let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error';
|
||||||
|
throw new Error('authentication failed: ' + errorMessage);
|
||||||
|
}
|
||||||
|
|
||||||
|
// send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the
|
||||||
|
// nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE
|
||||||
|
await updateNevisAuth(fido2SessionId, nevisAuthEndpoint);
|
||||||
|
|
||||||
|
console.log('authentication was successful');
|
||||||
|
|
||||||
|
console.log('reloading page...');
|
||||||
|
window.location.reload();
|
||||||
|
}
|
||||||
|
catch (error) {
|
||||||
|
console.error(`Error during FIDO2 authentication: ${error}`);
|
||||||
|
cancelFido2();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) {
|
||||||
|
|
||||||
|
const authOptReqJson = {
|
||||||
|
'username': username,
|
||||||
|
'userVerification': userVerification,
|
||||||
|
};
|
||||||
|
|
||||||
|
const authOptReq = JSON.stringify(authOptReqJson);
|
||||||
|
console.log('authOptReq ==> ' + authOptReq);
|
||||||
|
|
||||||
|
const authOptResp = await fetch(authenticationOptionsEndpoint, {
|
||||||
|
method: 'POST',
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json',
|
||||||
|
},
|
||||||
|
body: authOptReq,
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!authOptResp.ok) {
|
||||||
|
throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText);
|
||||||
|
}
|
||||||
|
|
||||||
|
const authOptRespJson = await authOptResp.json()
|
||||||
|
console.log('authOptResp <== ' + JSON.stringify(authOptRespJson));
|
||||||
|
|
||||||
|
return authOptRespJson;
|
||||||
|
};
|
||||||
|
|
||||||
|
async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) {
|
||||||
|
|
||||||
|
const statusReqJson = {
|
||||||
|
'fido2SessionId': fido2SessionId,
|
||||||
|
};
|
||||||
|
|
||||||
|
const statusReq = JSON.stringify(statusReqJson);
|
||||||
|
console.log('statusReq ==> ' + statusReq);
|
||||||
|
|
||||||
|
const statusResp = await fetch(statusServiceEndpoint, {
|
||||||
|
method: 'POST',
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json',
|
||||||
|
},
|
||||||
|
body: statusReq,
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!statusResp.ok) {
|
||||||
|
throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText);
|
||||||
|
}
|
||||||
|
|
||||||
|
const statusRespJson = await statusResp.json();
|
||||||
|
console.log('statusResp <== ' + JSON.stringify(statusRespJson));
|
||||||
|
|
||||||
|
return statusRespJson;
|
||||||
|
}
|
||||||
|
|
||||||
|
async function submitAssertion(authRespJson, authenticationEndpoint) {
|
||||||
|
|
||||||
|
console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle);
|
||||||
|
|
||||||
|
// TODO koenig 20230504: read btoa once nevisFIDO is adapted
|
||||||
|
let encodedAuthResp = {
|
||||||
|
"id": authRespJson.id,
|
||||||
|
"response": {
|
||||||
|
"authenticatorData": authRespJson.response.authenticatorData,
|
||||||
|
"signature": authRespJson.response.signature,
|
||||||
|
"userHandle": authRespJson.response.userHandle,
|
||||||
|
"clientDataJSON": authRespJson.response.clientDataJSON
|
||||||
|
},
|
||||||
|
"type": authRespJson.type
|
||||||
|
}
|
||||||
|
|
||||||
|
const authResp = JSON.stringify(encodedAuthResp);
|
||||||
|
console.log('authResp ==> ' + authResp);
|
||||||
|
|
||||||
|
const serverResp = await fetch(authenticationEndpoint, {
|
||||||
|
method: 'POST',
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json',
|
||||||
|
},
|
||||||
|
body: authResp,
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!serverResp.ok) {
|
||||||
|
throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText);
|
||||||
|
}
|
||||||
|
|
||||||
|
const serverRespJson = await serverResp.json();
|
||||||
|
console.log('serverResp <== ' + JSON.stringify(serverRespJson));
|
||||||
|
|
||||||
|
return serverRespJson;
|
||||||
|
};
|
||||||
|
|
||||||
|
async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) {
|
||||||
|
|
||||||
|
console.log('updateNevisAuth ==> ' + fido2SessionId);
|
||||||
|
|
||||||
|
const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, {
|
||||||
|
method: 'GET',
|
||||||
|
credentials: 'same-origin',
|
||||||
|
headers: {
|
||||||
|
'nevis-fido2-session-id': fido2SessionId,
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
if (!updateNevisAuthResponse.ok) {
|
||||||
|
throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText);
|
||||||
|
}
|
||||||
|
|
||||||
|
console.log('updateNevisAuth <== OK');
|
||||||
|
|
||||||
|
return;
|
||||||
|
};
|
||||||
|
|
||||||
|
// TODO koenig 20230206: we don't generate IDs into the HTML yet
|
||||||
|
let username = document.getElementsByName("username")[0].value;
|
||||||
|
params.nevisAuthEndpoint = window.location.href;
|
||||||
|
authenticate(username, params);
|
||||||
|
})();
|
|
@ -0,0 +1,70 @@
|
||||||
|
function dispatch(name) {
|
||||||
|
// we have to do a top-level request instead of AJAX
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
addInput(form, name, "true");
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
|
||||||
|
async function attestation(options) {
|
||||||
|
let credential;
|
||||||
|
try {
|
||||||
|
credential = await navigator.credentials.create({ "publicKey": options });
|
||||||
|
}
|
||||||
|
// cancel and timeout can occur besides error
|
||||||
|
catch (error) {
|
||||||
|
console.error(`Failed to create WebAuthn credential: ${error}`);
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
addInput(form, "path", "/nevisfido/fido2/attestation/result")
|
||||||
|
addInput(form, "id", credential.id);
|
||||||
|
addInput(form, "type", credential.type);
|
||||||
|
addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON));
|
||||||
|
addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject));
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
|
||||||
|
function start() {
|
||||||
|
|
||||||
|
if (!isWebAuthnSupportedByTheBrowser()) {
|
||||||
|
dispatch("unsupported");
|
||||||
|
return;
|
||||||
|
};
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
request.path = "/nevisfido/fido2/attestation/options";
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
})
|
||||||
|
.then(res => res.json())
|
||||||
|
.then(options => {
|
||||||
|
options.user.id = base64url.decode(options.user.id);
|
||||||
|
options.challenge = base64url.decode(options.challenge);
|
||||||
|
if (options.excludeCredentials != null) {
|
||||||
|
options.excludeCredentials = options.excludeCredentials.map((c) => {
|
||||||
|
c.id = base64url.decode(c.id);
|
||||||
|
return c;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
if (options.authenticatorSelection.authenticatorAttachment === null) {
|
||||||
|
options.authenticatorSelection.authenticatorAttachment = undefined;
|
||||||
|
}
|
||||||
|
return attestation(options);
|
||||||
|
}).catch((error) => {
|
||||||
|
console.log('Error during FIDO2 onboarding: ' + error);
|
||||||
|
dispatch("failed");
|
||||||
|
});
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
function addInput(form, name, value) {
|
||||||
|
const input = document.createElement("input");
|
||||||
|
input.name = name;
|
||||||
|
input.value = value;
|
||||||
|
form.appendChild(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks whether WebAuthn is supported by the browser or not.
|
||||||
|
* @return true if supported, false if it is not supported or not in secure context
|
||||||
|
*/
|
||||||
|
function isWebAuthnSupportedByTheBrowser() {
|
||||||
|
if (window.isSecureContext) {
|
||||||
|
// This feature is available only in secure contexts in some or all supporting browsers.
|
||||||
|
if ('credentials' in navigator) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
console.warn('Oh no! This browser does not support WebAuthn.');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".');
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Trigger on cancel pattern of the FIDO2 authentication step.
|
||||||
|
*
|
||||||
|
* Provides an alternative when the user decides to
|
||||||
|
* cancel the fido2 credential operation(create or fetch) or
|
||||||
|
* the operation fails and the error cannot be handled.
|
||||||
|
*/
|
||||||
|
function cancelFido2() {
|
||||||
|
// we have to do a top-level request instead of AJAX
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
addInput(form, "cancel_fido2", "true");
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
<svg width="842" height="1e3" xmlns="http://www.w3.org/2000/svg"><path d="M702 960c-54.2 52.6-114 44.4-171 19.6-60.6-25.3-116-26.9-180 0-79.7 34.4-122 24.4-170-19.6-271-279-231-704 77-720 74.7 4 127 41.3 171 44.4 65.4-13.3 128-51.4 198-46.4 84.1 6.8 147 40 189 99.7-173 104-132 332 26.9 396-31.8 83.5-72.6 166-141 227zM423 237C414.9 113 515.4 11 631 1c15.9 143-130 250-208 236z"/></svg>
|
After Width: | Height: | Size: 386 B |
After Width: | Height: | Size: 2.4 KiB |
|
@ -0,0 +1,9 @@
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<svg viewBox="0 0 24 24" width="24" height="24" xmlns="http://www.w3.org/2000/svg">
|
||||||
|
<g transform="matrix(1, 0, 0, 1, 27.009001, -39.238998)">
|
||||||
|
<path fill="#4285F4" d="M -3.264 51.509 C -3.264 50.719 -3.334 49.969 -3.454 49.239 L -14.754 49.239 L -14.754 53.749 L -8.284 53.749 C -8.574 55.229 -9.424 56.479 -10.684 57.329 L -10.684 60.329 L -6.824 60.329 C -4.564 58.239 -3.264 55.159 -3.264 51.509 Z"/>
|
||||||
|
<path fill="#34A853" d="M -14.754 63.239 C -11.514 63.239 -8.804 62.159 -6.824 60.329 L -10.684 57.329 C -11.764 58.049 -13.134 58.489 -14.754 58.489 C -17.884 58.489 -20.534 56.379 -21.484 53.529 L -25.464 53.529 L -25.464 56.619 C -23.494 60.539 -19.444 63.239 -14.754 63.239 Z"/>
|
||||||
|
<path fill="#FBBC05" d="M -21.484 53.529 C -21.734 52.809 -21.864 52.039 -21.864 51.239 C -21.864 50.439 -21.724 49.669 -21.484 48.949 L -21.484 45.859 L -25.464 45.859 C -26.284 47.479 -26.754 49.299 -26.754 51.239 C -26.754 53.179 -26.284 54.999 -25.464 56.619 L -21.484 53.529 Z"/>
|
||||||
|
<path fill="#EA4335" d="M -14.754 43.989 C -12.984 43.989 -11.404 44.599 -10.154 45.789 L -6.734 42.369 C -8.804 40.429 -11.514 39.239 -14.754 39.239 C -19.444 39.239 -23.494 41.939 -25.464 45.859 L -21.484 48.949 C -20.534 46.099 -17.884 43.989 -14.754 43.989 Z"/>
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 1.3 KiB |
|
@ -0,0 +1 @@
|
||||||
|
<svg xmlns="http://www.w3.org/2000/svg" aria-label="Microsoft" role="img" viewBox="0 0 512 512"><rect width="512" height="512" rx="15%" fill="#fff"/><path d="M75 75v171h171v-171z" fill="#f25022"/><path d="M266 75v171h171v-171z" fill="#7fba00"/><path d="M75 266v171h171v-171z" fill="#00a4ef"/><path d="M266 266v171h171v-171z" fill="#ffb900"/></svg>
|
After Width: | Height: | Size: 347 B |
|
@ -0,0 +1,31 @@
|
||||||
|
<svg width="38" height="38" viewBox="0 0 38 38" xmlns="http://www.w3.org/2000/svg">
|
||||||
|
<defs>
|
||||||
|
<linearGradient x1="8.042%" y1="0%" x2="65.682%" y2="23.865%" id="a">
|
||||||
|
<stop stop-color="#168CA9" stop-opacity="0" offset="0%"/>
|
||||||
|
<stop stop-color="#168CA9" stop-opacity=".631" offset="63.146%"/>
|
||||||
|
<stop stop-color="#168CA9" offset="100%"/>
|
||||||
|
</linearGradient>
|
||||||
|
</defs>
|
||||||
|
<g fill="none" fill-rule="evenodd">
|
||||||
|
<g transform="translate(1 1)">
|
||||||
|
<path d="M36 18c0-9.94-8.06-18-18-18" id="Oval-2" stroke="url(#a)" stroke-width="2">
|
||||||
|
<animateTransform
|
||||||
|
attributeName="transform"
|
||||||
|
type="rotate"
|
||||||
|
from="0 18 18"
|
||||||
|
to="360 18 18"
|
||||||
|
dur="0.9s"
|
||||||
|
repeatCount="indefinite" />
|
||||||
|
</path>
|
||||||
|
<circle fill="#fff" cx="36" cy="18" r="1">
|
||||||
|
<animateTransform
|
||||||
|
attributeName="transform"
|
||||||
|
type="rotate"
|
||||||
|
from="0 18 18"
|
||||||
|
to="360 18 18"
|
||||||
|
dur="0.9s"
|
||||||
|
repeatCount="indefinite" />
|
||||||
|
</circle>
|
||||||
|
</g>
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 1.2 KiB |
After Width: | Height: | Size: 9.5 KiB |
After Width: | Height: | Size: 68 KiB |
|
@ -0,0 +1,119 @@
|
||||||
|
(function () {
|
||||||
|
|
||||||
|
function createForm() {
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
return form;
|
||||||
|
}
|
||||||
|
|
||||||
|
function addInput(form, name, value) {
|
||||||
|
const input = document.createElement("input");
|
||||||
|
input.name = name;
|
||||||
|
input.value = value;
|
||||||
|
form.appendChild(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
let statusPolling;
|
||||||
|
|
||||||
|
function dispatchLink() {
|
||||||
|
|
||||||
|
document.getElementById("mauth_started").style.display = "block"; // show
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
// example response: {"dispatchResult":"..."}
|
||||||
|
if (o.dispatchResult == 'dispatched') {
|
||||||
|
// example response: {..., "dispatcherInformation":{..., "response":"admin4testing://authenticate?dispatchTokenResponse=ey..."}}
|
||||||
|
var link = o.dispatcherInformation.response;
|
||||||
|
console.log("received link: " + link);
|
||||||
|
var linkElem = document.getElementById("mauth_link");
|
||||||
|
linkElem.href = link; // custom scheme link does not work in Android 13
|
||||||
|
const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
|
||||||
|
if (isMobile) {
|
||||||
|
document.getElementById("mauth_link_parent").style.display = "inline"; // show
|
||||||
|
}
|
||||||
|
var url = new URL(link);
|
||||||
|
var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
|
||||||
|
// render QR code
|
||||||
|
var qrCodeElem = document.getElementById("mauth_qrcode");
|
||||||
|
var qrcode = new QRious({
|
||||||
|
element: qrCodeElem,
|
||||||
|
foreground: "#168CA9",
|
||||||
|
level: "M",
|
||||||
|
size: 256,
|
||||||
|
value: link
|
||||||
|
});
|
||||||
|
var sessionId = o.sessionId;
|
||||||
|
console.log("started polling for session ID: " + sessionId);
|
||||||
|
statusPolling = window.setInterval(function () {
|
||||||
|
poll(sessionId);
|
||||||
|
}, 2000);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
console.log("authentication failed: " + o.dispatchResult);
|
||||||
|
const form = createForm();
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
function poll(sessionId) {
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
request.fidoUafSessionId = sessionId;
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
var status = o.status;
|
||||||
|
console.log("status: " + status);
|
||||||
|
if (status == 'clientAuthenticating') {
|
||||||
|
// show process icon
|
||||||
|
document.getElementById("mauth_loading").style.display = 'block';
|
||||||
|
// hide QR-code and information
|
||||||
|
document.getElementById("mauth_qrcode").style.display = 'none';
|
||||||
|
document.getElementById("mauth_qrcode_info").style.display = 'none';
|
||||||
|
}
|
||||||
|
if (status == 'succeeded') {
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
addInput(form, "continue", "true"); // required for custom dispatching in usernameless
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
else if (status == 'failed' || status == 'unknown') {
|
||||||
|
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
console.error("authentication failed with status: " + status);
|
||||||
|
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
addInput(form, "fidoUafSessionId", sessionId);
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
dispatchLink();
|
||||||
|
})();
|
|
@ -0,0 +1,106 @@
|
||||||
|
(function () {
|
||||||
|
|
||||||
|
function createForm() {
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
return form;
|
||||||
|
}
|
||||||
|
|
||||||
|
function addInput(form, name, value) {
|
||||||
|
const input = document.createElement("input");
|
||||||
|
input.name = name;
|
||||||
|
input.value = value;
|
||||||
|
form.appendChild(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
let statusPolling;
|
||||||
|
|
||||||
|
function renderEnrollment() {
|
||||||
|
|
||||||
|
// link is provided by a hidden GuiElem
|
||||||
|
var link = document.getElementsByName("mauth_dispatcher_link")[0].value;
|
||||||
|
console.log("received dispatcher link: " + link);
|
||||||
|
|
||||||
|
const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
|
||||||
|
if (isMobile) {
|
||||||
|
var linkElem = document.getElementById("mauth_link");
|
||||||
|
linkElem.href = link;
|
||||||
|
document.getElementById("mauth_link_parent").style.display = "inline"; // show
|
||||||
|
}
|
||||||
|
|
||||||
|
var url = new URL(link);
|
||||||
|
var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
|
||||||
|
|
||||||
|
// render QR code into mauth_qrcode element
|
||||||
|
var qrCodeElem = document.getElementById("mauth_qrcode");
|
||||||
|
var qrcode = new QRious({
|
||||||
|
element: qrCodeElem,
|
||||||
|
foreground: "#168CA9",
|
||||||
|
level: "M",
|
||||||
|
size: 256,
|
||||||
|
value: link
|
||||||
|
});
|
||||||
|
|
||||||
|
// show entire element
|
||||||
|
document.getElementById("mauth_started").style.display = "block";
|
||||||
|
|
||||||
|
console.log("scheduling status polling (2s interval)");
|
||||||
|
statusPolling = window.setInterval(function () {
|
||||||
|
poll();
|
||||||
|
}, 2000);
|
||||||
|
}
|
||||||
|
|
||||||
|
function poll() {
|
||||||
|
|
||||||
|
// state is held on backend side
|
||||||
|
const request = {};
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
|
||||||
|
var status = o.status;
|
||||||
|
console.log("status: " + status);
|
||||||
|
|
||||||
|
if (status == 'clientRegistering') {
|
||||||
|
|
||||||
|
// show process icon
|
||||||
|
document.getElementById("mauth_loading").style.display = 'block';
|
||||||
|
|
||||||
|
// hide QR-code and information
|
||||||
|
document.getElementById("mauth_qrcode").style.display = 'none';
|
||||||
|
document.getElementById("mauth_qrcode_info").style.display = 'none';
|
||||||
|
}
|
||||||
|
else if (status == 'succeeded') {
|
||||||
|
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
console.error("onboarding successful");
|
||||||
|
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
else if (status == 'failed' || status == 'unknown') {
|
||||||
|
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
console.error("onboarding failed with status: " + status);
|
||||||
|
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
renderEnrollment();
|
||||||
|
})();
|
|
@ -0,0 +1,172 @@
|
||||||
|
(function () {
|
||||||
|
|
||||||
|
function createForm() {
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
return form;
|
||||||
|
}
|
||||||
|
|
||||||
|
function addInput(form, name, value) {
|
||||||
|
const input = document.createElement("input");
|
||||||
|
input.name = name;
|
||||||
|
input.value = value;
|
||||||
|
form.appendChild(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
let statusPolling;
|
||||||
|
|
||||||
|
function dispatch(id) {
|
||||||
|
|
||||||
|
document.getElementById("mauth_devices").style.display = "none"; // hide selection menu
|
||||||
|
document.getElementById("mauth_started").style.display = "block"; // show
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
request.dispatchTargetId = id;
|
||||||
|
request.dispatcher = "firebase-cloud-messaging";
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
console.log("dispatch response: " + JSON.stringify(o));
|
||||||
|
// example response: {"dispatchResult":"..."}
|
||||||
|
if (o.dispatchResult == 'dispatched') {
|
||||||
|
// example response: {"token":"...","sessionId":"...","dispatchResult":"dispatched","dispatcherInformation":{"name":"firebase-cloud-messaging","response":"..."}}
|
||||||
|
console.log("push dispatching successful");
|
||||||
|
// set numbers for number matching
|
||||||
|
if (o.channelLinking) {
|
||||||
|
document.getElementById('mauth_match_numbers').innerHTML = o.channelLinking.content;
|
||||||
|
}
|
||||||
|
// preparing content for QR-code
|
||||||
|
var token = o.token;
|
||||||
|
console.log("found token: " + token);
|
||||||
|
// hidden GuiElem
|
||||||
|
var redeemUrl = document.querySelector('input[name=redeem_url]').value;
|
||||||
|
console.log("found redeem URL: " + redeemUrl);
|
||||||
|
let qrCodeContents = {
|
||||||
|
nma_data_version: "1",
|
||||||
|
nma_data_content_type: "application/json",
|
||||||
|
nma_data: {
|
||||||
|
token: token,
|
||||||
|
redeem_url: redeemUrl
|
||||||
|
}
|
||||||
|
};
|
||||||
|
var qrCodeValue = window.btoa(JSON.stringify(qrCodeContents));
|
||||||
|
// render QR code
|
||||||
|
var qrCodeElem = document.getElementById("mauth_qrcode");
|
||||||
|
console.log("rendering QR code");
|
||||||
|
var qrcode = new QRious({
|
||||||
|
element: qrCodeElem,
|
||||||
|
foreground: "#168CA9",
|
||||||
|
level: "M",
|
||||||
|
size: 256,
|
||||||
|
value: qrCodeValue
|
||||||
|
});
|
||||||
|
var sessionId = o.sessionId;
|
||||||
|
console.log("started polling for session ID: " + sessionId);
|
||||||
|
statusPolling = window.setInterval(function () {
|
||||||
|
poll(sessionId);
|
||||||
|
}, 2000);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
console.log("authentication failed: " + o.dispatchResult);
|
||||||
|
const form = createForm();
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
function renderDeviceList() {
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
// example response: {"dispatchTargets":[{"id":"40a41ac7-0189-4c0b-8db9-cafcaa3e3f11","name":"Android Google Pixel 4 23.11.2022 07:26:25"}]}
|
||||||
|
var devices = o.dispatchTargets;
|
||||||
|
if (devices.length > 1) {
|
||||||
|
console.log("multiple devices found, selection menu required.");
|
||||||
|
let list = document.getElementById("mauth_devices");
|
||||||
|
for (let i = 0; i < devices.length; i++) {
|
||||||
|
let device = devices[i];
|
||||||
|
var item = document.createElement("li");
|
||||||
|
item.class = "list-group-item list-group-item-action";
|
||||||
|
item.onclick = function() { dispatch(device.id) };
|
||||||
|
item.innerHTML += device.name;
|
||||||
|
list.appendChild(item);
|
||||||
|
}
|
||||||
|
list.style.display = "block"; // show selection menu
|
||||||
|
}
|
||||||
|
else if (devices.length == 1) {
|
||||||
|
console.log("user has only 1 device, no selection required.");
|
||||||
|
dispatch(devices[0].id);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
console.error("user has no device.");
|
||||||
|
// TODO koenig 20221124: design this case
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
function poll(sessionId) {
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
request.fidoUafSessionId = sessionId;
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
var status = o.status;
|
||||||
|
console.log("status: " + status);
|
||||||
|
if (status == 'clientAuthenticating') {
|
||||||
|
document.getElementById("mauth_qrcode").style.display = 'none';
|
||||||
|
document.getElementById("mauth_qrcode_info").style.display = 'none';
|
||||||
|
document.getElementById("mauth_match_numbers").style.display = 'block';
|
||||||
|
document.getElementById("mauth_loading").style.display = 'block';
|
||||||
|
}
|
||||||
|
if (status == 'succeeded') {
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
else if (status == 'failed' || status == 'unknown') {
|
||||||
|
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
console.error("authentication failed with status: " + status);
|
||||||
|
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
addInput(form, "fidoUafSessionId", sessionId);
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
renderDeviceList();
|
||||||
|
})();
|
|
@ -0,0 +1,119 @@
|
||||||
|
(function () {
|
||||||
|
|
||||||
|
function createForm() {
|
||||||
|
const form = document.createElement("form");
|
||||||
|
form.method = "POST";
|
||||||
|
form.style.display = "none";
|
||||||
|
return form;
|
||||||
|
}
|
||||||
|
|
||||||
|
function addInput(form, name, value) {
|
||||||
|
const input = document.createElement("input");
|
||||||
|
input.name = name;
|
||||||
|
input.value = value;
|
||||||
|
form.appendChild(input);
|
||||||
|
}
|
||||||
|
|
||||||
|
let statusPolling;
|
||||||
|
|
||||||
|
function dispatch() {
|
||||||
|
|
||||||
|
console.log("initiating usernameless mobile authentication...");
|
||||||
|
|
||||||
|
document.getElementById("mauth_started").style.display = "block"; // show
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
console.log(o);
|
||||||
|
// example response: {"dispatchResult":"..."}
|
||||||
|
if (o.dispatchResult == 'dispatched') {
|
||||||
|
// example response: {..., "dispatcherInformation":{..., "response":"admin4testing://authenticate?dispatchTokenResponse=ey..."}}
|
||||||
|
var link = o.dispatcherInformation.response;
|
||||||
|
console.log("received link: " + link);
|
||||||
|
var linkElem = document.getElementById("mauth_link");
|
||||||
|
linkElem.href = link; // custom scheme link does not work in Android 13
|
||||||
|
const isMobile = !!/(iPhone|iPad|Android)/.test(window.navigator.userAgent);
|
||||||
|
if (isMobile) {
|
||||||
|
document.getElementById("mauth_link_parent").style.display = "inline"; // show
|
||||||
|
}
|
||||||
|
var url = new URL(link);
|
||||||
|
var dispatchTokenResponse = url.searchParams.get("dispatchTokenResponse");
|
||||||
|
// render QR code
|
||||||
|
var qrCodeElem = document.getElementById("mauth_qrcode");
|
||||||
|
var qrcode = new QRious({
|
||||||
|
element: qrCodeElem,
|
||||||
|
foreground: "#168CA9",
|
||||||
|
level: "M",
|
||||||
|
size: 256,
|
||||||
|
value: link
|
||||||
|
});
|
||||||
|
var sessionId = o.sessionId;
|
||||||
|
console.log("started polling for session ID: " + sessionId);
|
||||||
|
statusPolling = window.setInterval(function () {
|
||||||
|
poll(sessionId);
|
||||||
|
}, 2000);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
console.log("authentication failed: " + o.dispatchResult);
|
||||||
|
const form = createForm();
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
function poll(sessionId) {
|
||||||
|
|
||||||
|
const request = {};
|
||||||
|
request.fidoUafSessionId = sessionId;
|
||||||
|
|
||||||
|
// calling nevisFIDO through nevisAuth on current URL using AJAX
|
||||||
|
fetch("", {
|
||||||
|
method: "POST",
|
||||||
|
headers: {
|
||||||
|
'Content-Type': 'application/json'
|
||||||
|
},
|
||||||
|
body: JSON.stringify(request)
|
||||||
|
}).then(res => {
|
||||||
|
res.json().then(o => {
|
||||||
|
var status = o.status;
|
||||||
|
console.log("status: " + status);
|
||||||
|
if (status == 'clientAuthenticating') {
|
||||||
|
document.getElementById("mauth_qrcode").style.display = 'none';
|
||||||
|
document.getElementById("mauth_loading").style.display = 'block';
|
||||||
|
}
|
||||||
|
if (status == 'succeeded') {
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
addInput(form, "fidoUafDone", "true"); // checked by Groovy script
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
else if (status == 'failed' || status == 'unknown') {
|
||||||
|
|
||||||
|
clearInterval(statusPolling);
|
||||||
|
console.error("authentication failed with status: " + status);
|
||||||
|
|
||||||
|
// as this is the last call we have to do a top-level request instead of AJAX
|
||||||
|
const form = createForm();
|
||||||
|
addInput(form, "fidoUafSessionId", sessionId); // checked by Groovy script
|
||||||
|
document.body.appendChild(form);
|
||||||
|
form.submit();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}).catch((err) => console.error("error: ", err));
|
||||||
|
}
|
||||||
|
|
||||||
|
dispatch();
|
||||||
|
})();
|
|
@ -0,0 +1,43 @@
|
||||||
|
// display oauth scopes listed in input field 'consentInformation'
|
||||||
|
// change 'consentInformation' and 'scope_name' to the values used in your configuration.
|
||||||
|
$(function() {
|
||||||
|
|
||||||
|
var consentInformationFieldName = "consentInformation"; // name of the input field from which to parse the value as the consent information JSON
|
||||||
|
var scopeDescriptionSource = "scope_name"; // key of the field in the consent information JSON of which to get the value as the scope description
|
||||||
|
|
||||||
|
function displayOAuthScopesConsent() {
|
||||||
|
var jsonData = parseJson();
|
||||||
|
if (jsonData !== undefined) {
|
||||||
|
mapJsonToHtml(jsonData)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function mapJsonToHtml(jsonData) {
|
||||||
|
mapJsonToHtmlScopeList("listOfRequestedScopesWithExistingConsent", jsonData.requestedScopesWithExistingConsent, "Already accepted scopes:");
|
||||||
|
mapJsonToHtmlScopeList("listOfRequestedScopes", jsonData.requestedScopesRequiringConsent, "Requested scopes that require a consent:");
|
||||||
|
}
|
||||||
|
|
||||||
|
function mapJsonToHtmlScopeList(elementId, scopeInformation, title) {
|
||||||
|
if (scopeInformation !== undefined && Object.keys(scopeInformation).length > 0) {
|
||||||
|
$("input[name=" + consentInformationFieldName +"]").after("<p style='margin-top: 0.5em'>" + title + "</p><div class='scopeinfobox'><ul id='" + elementId + "' /> </div>");
|
||||||
|
jQuery.each(scopeInformation, function(key,value) {
|
||||||
|
var scopeDescription = value[scopeDescriptionSource];
|
||||||
|
if (scopeDescription) {
|
||||||
|
$("#" + elementId).append('<li>' + scopeDescription + '</li>');
|
||||||
|
} else {
|
||||||
|
$("#" + elementId).append('<li>' + key + '</li>');
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function parseJson() {
|
||||||
|
var consentInformationField = $("input[name=" +consentInformationFieldName +"]");
|
||||||
|
if (consentInformationField.length > 0) {
|
||||||
|
return JSON.parse(consentInformationField.val());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
displayOAuthScopesConsent();
|
||||||
|
});
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
function toggleInputType(passwordInputId, eyeIconId, resourcePath) {
|
||||||
|
const passwordInput = document.getElementById(passwordInputId);
|
||||||
|
const eyeIcon = document.getElementById(eyeIconId);
|
||||||
|
if (passwordInput.type === 'text') {
|
||||||
|
passwordInput.type = 'password';
|
||||||
|
eyeIcon.src = resourcePath + '/resources/eye.svg';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
passwordInput.type = 'text';
|
||||||
|
eyeIcon.src = resourcePath + '/resources/eye-off.svg';
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
#set($jsValidation = 1) ## enable JS validation, client-side
|
||||||
|
|
||||||
|
#set($useFormEncryption = $gui.encryption && ($gui.encryption.length() > 0))
|
||||||
|
|
||||||
|
#set($encryptionParamsOk = true)
|
||||||
|
|
||||||
|
#if ($useFormEncryption)
|
||||||
|
#* check the mandatory e2eenc.publicKey GuiElem *#
|
||||||
|
#set($encryptionParamsOk = $gui.getGuiElem("e2eenc.publicKey") && ($gui.getGuiElem("e2eenc.publicKey") != "" ))
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if (!$encryptionParamsOk)
|
||||||
|
$response.setStatus(502)
|
||||||
|
|
||||||
|
#else
|
||||||
|
#set($isAjaxRequest = "XMLHttpRequest" == $login.requestHeaders.get("X-Requested-With"))
|
||||||
|
|
||||||
|
#set($acceptHeader = $login.requestHeaders.accept)
|
||||||
|
#if (!$acceptHeader)
|
||||||
|
#set($acceptHeader = $login.requestHeaders.Accept)
|
||||||
|
#end
|
||||||
|
#if ($acceptHeader)
|
||||||
|
#set($isHtmlRequest = $acceptHeader.contains("text/html") || $acceptHeader.contains("*/*"))
|
||||||
|
#set($isJsonRequest = $acceptHeader.contains("application/json"))
|
||||||
|
#set($isSoapRequest = $acceptHeader.contains("application/soap+xml"))
|
||||||
|
#set($isXmlRequest = $acceptHeader.contains("application/xml")||$acceptHeader.contains("text/xml"))
|
||||||
|
#set($isCssRequest = $acceptHeader.contains("text/css"))
|
||||||
|
#else
|
||||||
|
#set($isHtmlRequest = true)
|
||||||
|
#set($isSoapRequest = false)
|
||||||
|
#set($isXmlRequest = false)
|
||||||
|
#set($isCssRequest = false)
|
||||||
|
#end
|
||||||
|
|
||||||
|
## sending the query parameter render=form will render only the inner form
|
||||||
|
#set($isFormRequest = "form" == $login.requestParameters.render && $isHtmlRequest)
|
||||||
|
|
||||||
|
#parse("${templatePath}/macros.vm")
|
||||||
|
|
||||||
|
#if ($isHtmlRequest)
|
||||||
|
#if ($isFormRequest)
|
||||||
|
#parse("${templatePath}/form.vm")
|
||||||
|
#else
|
||||||
|
## html.vm is generated from html provided via pattern
|
||||||
|
#parse("${templatePath}/html.vm")
|
||||||
|
#end
|
||||||
|
#end
|
||||||
|
|
||||||
|
## AJAX requests: signal to JS-Client that login is required
|
||||||
|
#if ($isAjaxRequest)
|
||||||
|
$response.setStatus(401)
|
||||||
|
$response.setHeader("WWW-Authenticate","$gui.domain")
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if (!$isHtmlRequest && $isXmlRequest)
|
||||||
|
$response.setHeader("Content-Type","text/xml")
|
||||||
|
## emit custom XML here, use $utils.escapeXml to sanitize values coming from clients
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if (!$isHtmlRequest && $isJsonRequest)
|
||||||
|
$response.setHeader("Content-Type","application/json")
|
||||||
|
#parse("${templatePath}/json.vm")
|
||||||
|
## emit custom JSON here, use $utils.escapeJs to sanitize values coming from clients
|
||||||
|
#end
|
||||||
|
#end
|
|
@ -0,0 +1,11 @@
|
||||||
|
<footer id="footer" class="text-primary">
|
||||||
|
<div class="row small">
|
||||||
|
<div class="col-md-4 hidden-xs hidden-sm">Copyright © 2023 NEVIS Security AG</div>
|
||||||
|
<div class="col-xs-12 col-md-4 text-center text-uppercase logo-round-container">
|
||||||
|
<div class="logo-round center-block">
|
||||||
|
<img src="${login.appDataPath}/resources/logo.png" alt="NEVIS Security Suite">
|
||||||
|
</div>
|
||||||
|
<strong>NEVIS Security Suite</strong>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</footer>
|
|
@ -0,0 +1,127 @@
|
||||||
|
## if only form, then we include javascript here (start of body)
|
||||||
|
#if ($isFormRequest)
|
||||||
|
#parse("${templatePath}/js_start.vm")
|
||||||
|
#end
|
||||||
|
|
||||||
|
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
|
||||||
|
|
||||||
|
#if ($useFormEncryption)
|
||||||
|
<div id="e2eeSplashScreen" style="display:none;">
|
||||||
|
<h2 class="logintitle text-center">$gui.label</h2>
|
||||||
|
<div class="field info" id="info">$text.get("e2ee.splashscreen.msg")</div>
|
||||||
|
</div>
|
||||||
|
#end
|
||||||
|
|
||||||
|
<div id="loginform">
|
||||||
|
|
||||||
|
<form id="$gui.name" name="$gui.name"
|
||||||
|
#if ($useFormEncryption) onsubmit="new e2eenc().encryptForm('$gui.encryption','$gui.name')" #end
|
||||||
|
method="POST" target="_self" action="$formTarget" autocomplete="off" accept-charset="UTF-8" class="form-horizontal">
|
||||||
|
|
||||||
|
<h1 class="logintitle text-center">$gui.label</h1>
|
||||||
|
|
||||||
|
#set ($tabindex = 0)
|
||||||
|
#set ($policyFailureOpen = false)
|
||||||
|
#set ($policyInfoOpen = false)
|
||||||
|
|
||||||
|
#foreach ($guiElem in $gui.getGuiElems())
|
||||||
|
#set ($tabindex = $tabindex+1)
|
||||||
|
#if ($guiElem.name.startsWith("policyInfo") && $guiElem.label && $guiElem.label.length() > 0)
|
||||||
|
#if (!$policyInfoOpen)
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="col-sm-offset-3 col-sm-6">
|
||||||
|
#set ($policyInfoOpen = true)
|
||||||
|
#end
|
||||||
|
<span class="help-block small" id="$guiElem.name">$guiElem.label</span>
|
||||||
|
#elseif ($guiElem.name.startsWith("policyFailure") && $guiElem.label && $guiElem.label.length() > 0)
|
||||||
|
#if (!$policyFailureOpen)
|
||||||
|
<div class="form-group has-error">
|
||||||
|
<div class="col-sm-offset-3 col-sm-6">
|
||||||
|
#set ($policyFailureOpen = true)
|
||||||
|
#end
|
||||||
|
<span class="help-block small" id="$guiElem.name">$guiElem.label</span>
|
||||||
|
#else
|
||||||
|
#if (!$guiElem.name.startsWith("policyInfo") && $policyInfoOpen) ## close
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
#set ($policyInfoOpen = false)
|
||||||
|
#end
|
||||||
|
#if (!$guiElem.name.startsWith("policyFailure") && $policyFailureOpen) ## close
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
#set ($policyFailureOpen = false)
|
||||||
|
#end
|
||||||
|
#renderFormField($guiElem, $gui, $tabindex)
|
||||||
|
#end
|
||||||
|
#end
|
||||||
|
|
||||||
|
## this block applies when Channel is set to Push / Link
|
||||||
|
#if ($gui.name == "mauth_link_qr" || $gui.name == "mauth_onboard")
|
||||||
|
<!-- shown after dispatching -->
|
||||||
|
<center id="mauth_started">
|
||||||
|
<img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
|
||||||
|
<br><br>
|
||||||
|
<p id="mauth_qrcode_info">$text.get("mobile_auth.scan")</p>
|
||||||
|
<canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
|
||||||
|
</canvas>
|
||||||
|
<div id="mauth_link_parent" class="form-group" style="display: none">
|
||||||
|
$text.get("mobile_auth.link")
|
||||||
|
</div>
|
||||||
|
</center>
|
||||||
|
#end
|
||||||
|
|
||||||
|
## this block applies when Channel is set to Push / QR-code (in-app)
|
||||||
|
#if ($gui.name == "mauth_push_qr")
|
||||||
|
<!-- shown if the user has multiple devices -->
|
||||||
|
<ul id="mauth_devices" style="display: none">
|
||||||
|
</ul>
|
||||||
|
<!-- shown after selecting the device -->
|
||||||
|
<center id="mauth_started" style="display: none">
|
||||||
|
<img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
|
||||||
|
<p id="mauth_match_numbers" style="font-size: 64px; display: none;"></p>
|
||||||
|
<p id="mauth_qrcode_info">$text.get("mobile_auth.push-or-scan")</p>
|
||||||
|
<canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
|
||||||
|
</canvas>
|
||||||
|
</center>
|
||||||
|
#end
|
||||||
|
|
||||||
|
## this block applies for usernameless mobile authentication
|
||||||
|
#if ($gui.name == "mauth_usernameless")
|
||||||
|
<center id="mauth_started" style="display: none">
|
||||||
|
<img id="mauth_loading" style="width: 60px; height: 60px; display: none;" src="${login.appDataPath}/resources/loading.svg"/>
|
||||||
|
<br><br>
|
||||||
|
<p id="mauth_qrcode_info">$text.get("mobile_auth.scan")</p>
|
||||||
|
<canvas id="mauth_qrcode" style="width: 256px; height: 256px;">
|
||||||
|
</canvas>
|
||||||
|
<div id="mauth_link_parent" class="form-group" style="display: none">
|
||||||
|
<a href="" id="mauth_link">$text.get("mobile_auth.link")</a>
|
||||||
|
</div>
|
||||||
|
</center>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($useFormEncryption)
|
||||||
|
<input type="hidden" name="e2eenc.fields" value="not-set">
|
||||||
|
<input type="hidden" name="e2eenc.iv" value="not-set">
|
||||||
|
<input type="hidden" name="e2eenc.encapsulation" value="not-set">
|
||||||
|
#end
|
||||||
|
|
||||||
|
#renderFormControls($gui)
|
||||||
|
#renderFormLinks($gui)
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<!-- position input focus into first element of form -->
|
||||||
|
<script type="text/javascript">
|
||||||
|
const form = document.forms['$gui.name'];
|
||||||
|
if (form) {
|
||||||
|
const input = form.elements[0];
|
||||||
|
if (input) {
|
||||||
|
input.focus();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
## if only form, then we include javascript here (end of body)
|
||||||
|
#if ($isFormRequest)
|
||||||
|
#parse("${templatePath}/js_end.vm")
|
||||||
|
#end
|
||||||
|
</div>
|
|
@ -0,0 +1,3 @@
|
||||||
|
<header id="header" class="container-fluid">
|
||||||
|
<img class="logo center-block" src="${login.appDataPath}/resources/logo_animated.gif" alt="NEVIS Security Suite">
|
||||||
|
</header>
|
|
@ -0,0 +1,32 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="${utils.escapeHtml($login.localeCode)}">
|
||||||
|
|
||||||
|
<head>
|
||||||
|
<title>$text.get('title')</title>
|
||||||
|
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
|
||||||
|
|
||||||
|
<link href="${login.appDataPath}/resources/bootstrap.min.css" rel="stylesheet" type="text/css">
|
||||||
|
<link href="${login.appDataPath}/resources/bootstrap-theme.min.css" rel="stylesheet" type="text/css" media="all">
|
||||||
|
<link href="${login.appDataPath}/resources/default.css" rel="stylesheet" type="text/css" media="all">
|
||||||
|
|
||||||
|
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
|
||||||
|
|
||||||
|
#parse("${templatePath}/js_start.vm")
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
#parse("${templatePath}/lang.vm")
|
||||||
|
|
||||||
|
#parse("${templatePath}/header.vm")
|
||||||
|
|
||||||
|
<main id="content" class="container">
|
||||||
|
#parse("${templatePath}/form.vm")
|
||||||
|
</main>
|
||||||
|
|
||||||
|
#parse("${templatePath}/footer.vm")
|
||||||
|
|
||||||
|
#parse("${templatePath}/js_end.vm")
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,76 @@
|
||||||
|
<script src="${login.appDataPath}/resources/dropdown.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/show-password.js"></script>
|
||||||
|
|
||||||
|
#if ($gui.name == "oauth_consent")
|
||||||
|
<script src="${login.appDataPath}/resources/oauth_consent.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "authcloud")
|
||||||
|
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/authcloud.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "authcloud_onboard")
|
||||||
|
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/authcloud_onboard.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "authcloud_login")
|
||||||
|
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/authcloud_login.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "mauth_onboard")
|
||||||
|
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/mauth_onboard.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "mauth_link_qr")
|
||||||
|
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/mauth_link_qr.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "mauth_push_qr")
|
||||||
|
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/mauth_push_qr.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "mauth_usernameless")
|
||||||
|
<script src="${login.appDataPath}/resources/qrious.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/mauth_usernameless.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "fido2_auth")
|
||||||
|
<script src="${login.appDataPath}/resources/base64.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/fido2_utils.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/fido2_auth.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "fido2_auth_std")
|
||||||
|
#set ($authenticationOptionsPath = $login.requestHeaders["fido2AuthenticationOptionsPath"])
|
||||||
|
#set ($authenticationPath = $login.requestHeaders["fido2AuthenticationPath"])
|
||||||
|
#set ($statusServicePath = $login.requestHeaders["fido2StatusServicePath"])
|
||||||
|
#set ($userVerification = $login.requestHeaders["fido2UserVerification"])
|
||||||
|
<script>
|
||||||
|
let params = {
|
||||||
|
authenticationOptionsEndpoint: "$authenticationOptionsPath",
|
||||||
|
authenticationEndpoint: "$authenticationPath",
|
||||||
|
statusServiceEndpoint: "$statusServicePath",
|
||||||
|
userVerification: "$userVerification",
|
||||||
|
};
|
||||||
|
</script>
|
||||||
|
<script src="${login.appDataPath}/resources/simplewebauthn-browser@7.1.0.min.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/fido2_utils.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/fido2_auth_std.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($gui.name == "fido2_onboard")
|
||||||
|
<script src="${login.appDataPath}/resources/base64.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/fido2_utils.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/fido2_onboard.js"></script>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($useFormEncryption)
|
||||||
|
<script src="${login.appDataPath}/resources/forge.bundle.js"></script>
|
||||||
|
<script src="${login.appDataPath}/resources/e2eenc.js"></script>
|
||||||
|
#end
|
|
@ -0,0 +1 @@
|
||||||
|
<script src="${login.appDataPath}/resources/jquery-3.6.0.min.js"></script>
|
|
@ -0,0 +1,88 @@
|
||||||
|
## This template is used to respond with a JSON format
|
||||||
|
## In this case, the client is supposed to parse and show the data
|
||||||
|
## The JSON data is close to the XML format of the GuiDesc
|
||||||
|
|
||||||
|
#set ($target = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
|
||||||
|
{
|
||||||
|
"name" : "$gui.name" ,
|
||||||
|
"target" : "$target" #if ($gui.label || $gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
|
||||||
|
|
||||||
|
#if ($gui.label) "label" : "$gui.label" #if ($gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
|
||||||
|
#end ## if
|
||||||
|
|
||||||
|
#if ($gui.language) "language" : "$gui.language" #if ($gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
|
||||||
|
#end ## if ($gui.language)
|
||||||
|
#if ($gui.domain) "domain" : "$gui.domain" #if ($gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if
|
||||||
|
#end ## if ($gui.domain)
|
||||||
|
|
||||||
|
#if ($gui.getGuiElems().size() > 0)
|
||||||
|
"elements" : [
|
||||||
|
#set ($i = 0)
|
||||||
|
#foreach ($guiElem in $gui.getGuiElems())
|
||||||
|
{
|
||||||
|
"name" : "$guiElem.name",
|
||||||
|
"type" : "$guiElem.type",
|
||||||
|
"optional" : "$guiElem.optional",
|
||||||
|
"label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end
|
||||||
|
#if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
|
||||||
|
#end ## if ($guiElem['validation-failed'])
|
||||||
|
|
||||||
|
#if ($guiElem.value) "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end
|
||||||
|
#end ## if ($guiElem.value)
|
||||||
|
|
||||||
|
#if ($guiElem.length) "max-length" : "$guiElem.length" #if ($guiElem.format), #end
|
||||||
|
#end ## if ($guiElem.length)
|
||||||
|
|
||||||
|
#if ($guiElem.format) "format" : "$guiElem.format"
|
||||||
|
#end
|
||||||
|
|
||||||
|
}
|
||||||
|
#set ($i = $i + 1)
|
||||||
|
#if ($i < ($gui.getGuiElems().size())), #end
|
||||||
|
|
||||||
|
#end ## loop
|
||||||
|
] #if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0), #end
|
||||||
|
#end ## if ($gui.getGuiGroup() && $gui.getGuiElem().size() > 0)
|
||||||
|
#if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0)
|
||||||
|
"groups" : [
|
||||||
|
#set ($j = 0)
|
||||||
|
#foreach ($guiGroup in $gui.getGuiGroup())
|
||||||
|
"name" : "$guiGroup.name",
|
||||||
|
"type" : "$guiGroup.type",
|
||||||
|
"label" : "$guiGroup.label",
|
||||||
|
"multiple" : "$guiGroup.multiple",
|
||||||
|
"format" : "$guiGroup.format",
|
||||||
|
"optional" : "$guiGroup.optional",
|
||||||
|
"validation-failed" : "$guiGroup.validationFailed" #if ($gui.getGuiElems().length() > 0), #end
|
||||||
|
#if ($gui.getGuiElems() && $gui.getGuiElems().length() > 0)
|
||||||
|
"elements" : [
|
||||||
|
#set ($i = 0)
|
||||||
|
#foreach ($guiElem in $gui.getGuiElems())
|
||||||
|
{
|
||||||
|
"name" : "$guiElem.name",
|
||||||
|
"type" : "$guiElem.type",
|
||||||
|
"optional" : "$guiElem.optional",
|
||||||
|
"validation-failed" : "$guiGroup.validationFailed",
|
||||||
|
"label" : "$guiElem.label" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end
|
||||||
|
#if ($guiElem.value)
|
||||||
|
"value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end
|
||||||
|
#end ## if ($guiElem.value)
|
||||||
|
#if ($guiElem.length)
|
||||||
|
"max-length" : "$guiElem.length" #if ($guiElem.format), #end
|
||||||
|
#end ## if ($guiElem.length)
|
||||||
|
#if ($guiElem.format)
|
||||||
|
"format" : "$guiElem.format"
|
||||||
|
#end ## if ($guiElem.format)
|
||||||
|
}
|
||||||
|
#set ($i = $i + 1)
|
||||||
|
#if ($i < ($gui.getGuiElems().size())), #end
|
||||||
|
|
||||||
|
#end ## loop
|
||||||
|
] #if ($foreach.hasNext), #end
|
||||||
|
#set ($j = $j + 1)
|
||||||
|
#if ($j < ($gui.getGuiGroup().size())), #end
|
||||||
|
#end ## foreach ($guiGroup in $gui.getGuiGroup())
|
||||||
|
#end ## if ($gui.getGuiElem() && $gui.getGuiElem().size() > 0)
|
||||||
|
]
|
||||||
|
#end ## if ($gui.getGuiGroup() && $gui.getGuiGroup().length() > 0)
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
## Nav =================================================================
|
||||||
|
<nav id="language-switch" class="container-fluid">
|
||||||
|
<div class="dropdown pull-right">
|
||||||
|
<a id="language-switch-btn" class="dropdown-toggle text-uppercase small" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
|
||||||
|
<strong id="language">$login.localeCode</strong>
|
||||||
|
<span class="caret"></span>
|
||||||
|
</a>
|
||||||
|
<ul class="dropdown-menu" aria-labelledby="language-switch-btn">
|
||||||
|
## loop over all defined languages/locales....
|
||||||
|
#foreach ($locale in $login.locales)
|
||||||
|
## find translated label of current locale
|
||||||
|
#if ($text.contains("language.$locale"))
|
||||||
|
#set ($langLabel = $text.get("language.$locale"))
|
||||||
|
#elseif ($locale.length() > 2)
|
||||||
|
#set ($langLabel = $text.get("language.${locale.substring(0,2).toLowercase()}"))
|
||||||
|
#else
|
||||||
|
#set ($langLabel = $locale)
|
||||||
|
#end
|
||||||
|
## emit link or text for each language
|
||||||
|
#if ($login.localeCode != $locale && $login.language != $locale)
|
||||||
|
#set ($langTarget = $utils.escapeHtmlAttribute($gui.target('language', $locale)))
|
||||||
|
<li>
|
||||||
|
<a class="lang" href="$langTarget">
|
||||||
|
<strong class="prefix text-primary text-uppercase">$locale</strong>
|
||||||
|
<span>$langLabel</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
|
#end
|
||||||
|
#end ## end foreach
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
</nav>
|
|
@ -0,0 +1,295 @@
|
||||||
|
|
||||||
|
#macro(renderFormField $guiElem, $gui, $tabindex)
|
||||||
|
|
||||||
|
#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset" || $guiElem.type == "link")
|
||||||
|
## do nothing, will be rendered in renderFormControls nd renderFormLinks
|
||||||
|
|
||||||
|
|
||||||
|
#elseif ($guiElem.type == "info" || $guiElem.type == "error")
|
||||||
|
#if ($guiElem.label && $guiElem.label.length() > 0)
|
||||||
|
## special fields: display some text only
|
||||||
|
#set ($class = "form-group")
|
||||||
|
#if ($guiElem.type == "error")
|
||||||
|
#set ($class = "$class has-error")
|
||||||
|
#end
|
||||||
|
<div class="$class">
|
||||||
|
<div class="col-sm-offset-3 col-sm-6">
|
||||||
|
<span class="help-block small" id="$guiElem.name">
|
||||||
|
$guiElem.label
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#elseif ($guiElem.type == "hidden" && $guiElem.name == "saml.logoutURLs")
|
||||||
|
<script>
|
||||||
|
var sp_urls = '$guiElem.value'.split(',');
|
||||||
|
var final_url = '$gui.getGuiElem("saml.logoutURL").value';
|
||||||
|
function kill_session() {
|
||||||
|
var current_url = window.location.href;
|
||||||
|
if (current_url.indexOf('?logout') == -1 && current_url.indexOf('&logout') == -1) {
|
||||||
|
console.log("current URL does not terminate the IDP session");
|
||||||
|
var logout_url = '';
|
||||||
|
if (current_url.indexOf('?') > 0) {
|
||||||
|
logout_url = current_url + "&logout";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
logout_url = current_url + "?logout";
|
||||||
|
}
|
||||||
|
$.ajax({
|
||||||
|
type: "GET",
|
||||||
|
url: logout_url,
|
||||||
|
async: false,
|
||||||
|
xhrFields: {
|
||||||
|
withCredentials: true
|
||||||
|
},
|
||||||
|
dataType: "text",
|
||||||
|
success: function() {},
|
||||||
|
error: function() {}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
var request_urls = sp_urls.filter(function(current_url) {
|
||||||
|
return current_url.indexOf('SAMLRequest') > 0;
|
||||||
|
});
|
||||||
|
var response_urls = sp_urls.filter(function(current_url) {
|
||||||
|
return current_url.indexOf('SAMLResponse') > 0;
|
||||||
|
});
|
||||||
|
function end_logout() {
|
||||||
|
if (response_urls.length == 0) {
|
||||||
|
console.log('IDP-initiated SAML logout detected');
|
||||||
|
kill_session(); // required to terminate IDP session
|
||||||
|
window.location.href = final_url;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
console.log('SP-initiated SAML logout detected');
|
||||||
|
kill_session(); // required to terminate IDP session
|
||||||
|
window.location.href = response_urls[0]; // only 1 such URL allowed. process ends on SP
|
||||||
|
}
|
||||||
|
}
|
||||||
|
var requests = [];
|
||||||
|
for (var i = 0; i < request_urls.length; i++) {
|
||||||
|
var current_url = request_urls[i];
|
||||||
|
requests.push($.ajax({
|
||||||
|
type: "GET",
|
||||||
|
url: current_url,
|
||||||
|
xhrFields: {
|
||||||
|
withCredentials: true
|
||||||
|
},
|
||||||
|
crossDomain: true,
|
||||||
|
dataType: 'jsonp',
|
||||||
|
error: function() {}
|
||||||
|
})
|
||||||
|
);
|
||||||
|
}
|
||||||
|
// send out the requests in parallel and afterwards terminate the logout process
|
||||||
|
// we have to terminate the logout no mather if the requests were successful or if there were failed requests
|
||||||
|
$.when.apply($, requests).then(function() { end_logout(); }, function() { end_logout(); });
|
||||||
|
</script>
|
||||||
|
|
||||||
|
#elseif ($guiElem.type == "hidden")
|
||||||
|
<input type="hidden" name="$guiElem.name" value="$utils.escapeHtml($guiElem.value)">
|
||||||
|
|
||||||
|
|
||||||
|
#else ## not info, error, button, submit, reset or hidden -> normal visual element
|
||||||
|
|
||||||
|
## define CSS class of representation in form
|
||||||
|
#set ($class = "form-group")
|
||||||
|
#if ($guiElem.optional)
|
||||||
|
#set ($class = "$class optional")
|
||||||
|
#else
|
||||||
|
#set ($class = "$class required")
|
||||||
|
#end
|
||||||
|
|
||||||
|
## highlight failed input validation, if flagged
|
||||||
|
|
||||||
|
#if ($guiElem.validationFailed && $guiElem.value && $guiElem.value.length() > 0)
|
||||||
|
#set ($class = "$class has-error")
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($guiElem.validationFailed && (!$guiElem.value || $guiElem.value.length() == 0))
|
||||||
|
#set ($class = "$class has-error")
|
||||||
|
#end
|
||||||
|
|
||||||
|
|
||||||
|
## the form field's container, a label, and optionally a validation-related message
|
||||||
|
|
||||||
|
<div class="$class">
|
||||||
|
## Special handling required for radios + checkboxes
|
||||||
|
#if ($guiElem.type != "radio" && $guiElem.type != "checkbox")
|
||||||
|
|
||||||
|
<label class="col-sm-3 control-label" for="$guiElem.name">
|
||||||
|
#if ($guiElem.name.startsWith("inputField") && !$guiElem.optional)
|
||||||
|
$guiElem.label<span style="color: red">*</span>
|
||||||
|
#else
|
||||||
|
$guiElem.label
|
||||||
|
#end
|
||||||
|
</label>
|
||||||
|
|
||||||
|
<div class="col-sm-6">
|
||||||
|
#if ($guiElem.type == "text")
|
||||||
|
<input class="form-control" type="text" name="$guiElem.name" id="$guiElem.name"
|
||||||
|
maxlength="$guiElem.length"
|
||||||
|
value="$utils.escapeHtml($guiElem.value)" tabindex="$tabindex">
|
||||||
|
|
||||||
|
#elseif ($guiElem.type == "pw-text")
|
||||||
|
<div class="icon-inside">
|
||||||
|
<input name="${guiElem.name}" type="password" class="form-control" id="${guiElem.name}" value="$utils.escapeHtml($guiElem.value)" tabindex="$tabindex">
|
||||||
|
<button class="icon-button" type="button" onclick="toggleInputType('${guiElem.name}', '${guiElem.name}eye-icon', '${login.appDataPath}')">
|
||||||
|
<img id="${guiElem.name}eye-icon" src="${login.appDataPath}/resources/eye.svg">
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
#elseif ($guiElem.type == "select")
|
||||||
|
#set ($scrollSize = $guiElem.getGuiElems().size())
|
||||||
|
#set ($scrollSize = $math.min($scrollSize,4))
|
||||||
|
#if ($guiElem.multiple)
|
||||||
|
<select name="$guiElem.name" class="form-control" size="$scrollSize" multiple>
|
||||||
|
#else
|
||||||
|
<select name="$guiElem.name" class="form-control">
|
||||||
|
#end
|
||||||
|
#foreach ($option in $guiElem.getGuiElems())
|
||||||
|
#if ($option.selected)
|
||||||
|
<option value="$utils.escapeHtml($option.value)" selected>$option.label</option>
|
||||||
|
#else
|
||||||
|
<option value="$utils.escapeHtml($option.value)">$option.label</option>
|
||||||
|
#end
|
||||||
|
#end ## foreach option
|
||||||
|
</select>
|
||||||
|
|
||||||
|
#elseif ($guiElem.type == "image" )
|
||||||
|
<img src="$utils.escapeHtml($guiElem.value)" alt="$guiElem.label" />
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0)
|
||||||
|
<span class="help-block small">$guiElem.validationMessage</span>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($jsValidation)
|
||||||
|
#renderElementValidation($guiElem, $gui)
|
||||||
|
#end
|
||||||
|
</div>
|
||||||
|
#else
|
||||||
|
## Special handling for checkboxes and radios
|
||||||
|
<div class="col-sm-offset-3 col-sm-6">
|
||||||
|
<label>
|
||||||
|
<input type="$guiElem.type" name="$guiElem.name"
|
||||||
|
value="$utils.escapeHtml($guiElem.value)"
|
||||||
|
#if ($guiElem.checked || $guiElem.value == 'true')
|
||||||
|
checked
|
||||||
|
#end
|
||||||
|
tabindex="$tabindex">
|
||||||
|
$guiElem.label
|
||||||
|
</label>
|
||||||
|
|
||||||
|
#if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0)
|
||||||
|
<span class="help-block small">$guiElem.validationMessage</span>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#if ($jsValidation)
|
||||||
|
#renderElementValidation($guiElem, $gui)
|
||||||
|
#end
|
||||||
|
</div>
|
||||||
|
#end
|
||||||
|
</div>
|
||||||
|
#end
|
||||||
|
|
||||||
|
#end ## end macro
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#macro(renderElementValidation $guiElem, $gui)
|
||||||
|
#if (($guiElem.validation && $guiElem.validation.length() > 0)||($guiElem.format && $guiElem.format.length() > 0))
|
||||||
|
|
||||||
|
|
||||||
|
<script type="text/javascript">
|
||||||
|
|
||||||
|
#if ($guiElem.validation && $guiElem.validation.length() > 0)
|
||||||
|
#if ($guiElem.validation.indexof('return ') > 0)
|
||||||
|
#set ($validationFunc="function () { $guiElem.validation }")
|
||||||
|
#else
|
||||||
|
#set ($validationFunc="function () { return $guiElem.validation ; }")
|
||||||
|
#end
|
||||||
|
#else
|
||||||
|
#set ($validationFunc="function () { return true; }")
|
||||||
|
#end
|
||||||
|
|
||||||
|
var form = document.getElementById('${gui.name}');
|
||||||
|
var formInput = form.elements["${guiElem.name}"];
|
||||||
|
formInput.onchange = function () {
|
||||||
|
var valid = ${validationFunc}.call(this);
|
||||||
|
#if ($guiElem.format && $guiElem.format.length() > 0)
|
||||||
|
valid = valid && (/${guiElem.format}/).test(this.value);
|
||||||
|
#end
|
||||||
|
var parent = this.parentNode;
|
||||||
|
if (!valid) {
|
||||||
|
parent.className += " has-error";
|
||||||
|
} else {
|
||||||
|
parent.className = parent.className.replace(/ has-error/g, '');
|
||||||
|
}
|
||||||
|
|
||||||
|
#if (!$guiElem.optional)
|
||||||
|
if (!this.value) {
|
||||||
|
parent.className += " has-warning";
|
||||||
|
} else {
|
||||||
|
parent.className = parent.className.replace(/ has-warning/g,'');
|
||||||
|
}
|
||||||
|
#end
|
||||||
|
};
|
||||||
|
</script>
|
||||||
|
|
||||||
|
#end
|
||||||
|
#end ## macro
|
||||||
|
|
||||||
|
|
||||||
|
#macro(renderFormLinks $gui)
|
||||||
|
#set ($noLinks = true)
|
||||||
|
#foreach ($guiElem in $gui.getGuiElems())
|
||||||
|
#if ($guiElem.type == "link")
|
||||||
|
#if ($noLinks)
|
||||||
|
<div class="form-group text-center">
|
||||||
|
#set ($noLinks = false)
|
||||||
|
#end
|
||||||
|
<a class="link" title="${utils.escapeHtml($guiElem.label)}" href="$utils.escapeHtml($guiElem.value)">${utils.escapeHtml($guiElem.label)}</a>
|
||||||
|
#end
|
||||||
|
#end
|
||||||
|
#if (!$noLinks)
|
||||||
|
</div>
|
||||||
|
#end
|
||||||
|
#end
|
||||||
|
|
||||||
|
#macro(renderFormControls $gui)
|
||||||
|
<div class="form-group text-center">
|
||||||
|
#set ($buttonClass = "btn")
|
||||||
|
#if ($isFormRequest)
|
||||||
|
#set ($buttonClass = "$buttonClass btn-default")
|
||||||
|
#else
|
||||||
|
#set ($buttonClass = "$buttonClass btn-primary")
|
||||||
|
#end
|
||||||
|
#foreach ($guiElem in $gui.getGuiElems())
|
||||||
|
#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset")
|
||||||
|
<button class="$buttonClass $guiElem.cssClass"
|
||||||
|
## special handling for button which execute a JS
|
||||||
|
#if ($guiElem.name == 'onclick')
|
||||||
|
type="button"
|
||||||
|
onClick="start()"
|
||||||
|
#else
|
||||||
|
name="$guiElem.name"
|
||||||
|
value="$utils.escapeHtml($guiElem.value)"
|
||||||
|
#end
|
||||||
|
>
|
||||||
|
#if ($guiElem.icon != "")
|
||||||
|
#if ($guiElem.icon.contains("http"))
|
||||||
|
<img src="$guiElem.icon" class="$guiElem.iconCssClass" />
|
||||||
|
#else
|
||||||
|
<img src="${login.appDataPath}/resources/$guiElem.icon" class="$guiElem.iconCssClass" />
|
||||||
|
#end
|
||||||
|
#end
|
||||||
|
$utils.escapeHtml($guiElem.label)
|
||||||
|
</button>
|
||||||
|
#end
|
||||||
|
#end ## foreach
|
||||||
|
</div>
|
||||||
|
|
||||||
|
#end ## end macro
|
|
@ -46,15 +46,18 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
|
tag: "r-ccc3170b00e14827fb232c8f34bca95033f70bc0"
|
||||||
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy"
|
dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-proxy"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
- "ob-proxy-ob-mock-me-realm-identity"
|
||||||
- "ob-proxy-ob-realm-identity"
|
- "ob-proxy-ob-realm-identity"
|
||||||
- "ob-proxy-346a2bebb04a0b74c7c9b5b9"
|
- "ob-proxy-346a2bebb04a0b74c7c9b5b9"
|
||||||
truststores:
|
truststores:
|
||||||
|
- "ob-proxy-ob-mock-me-realm-tls-trust"
|
||||||
- "ob-proxy-ob-realm-signer-trust"
|
- "ob-proxy-ob-realm-signer-trust"
|
||||||
- "ob-proxy-ob-realm-tls-trust"
|
- "ob-proxy-ob-realm-tls-trust"
|
||||||
|
- "ob-proxy-ob-mock-me-realm-signer-trust"
|
||||||
ingresses:
|
ingresses:
|
||||||
- "ob-proxy"
|
- "ob-proxy"
|
||||||
podSecurity:
|
podSecurity:
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisKeyStore"
|
||||||
|
metadata:
|
||||||
|
name: "ob-proxy-ob-mock-me-realm-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-ob-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "ob-proxy"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
|
||||||
|
patternId: "b4d2da2fa2d0b060752a1fe2"
|
||||||
|
spec:
|
||||||
|
cn: "ob-proxy"
|
||||||
|
usage: "<reserved for future use>"
|
||||||
|
san:
|
||||||
|
dns:
|
||||||
|
- "ob-proxy"
|
||||||
|
- "ob-proxy.adn-agov-nevisidm-ob-01-uat"
|
||||||
|
email: []
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "ob-proxy-ob-mock-me-realm-signer-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-ob-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "ob-proxy"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
|
||||||
|
patternId: "b4d2da2fa2d0b060752a1fe2"
|
||||||
|
spec:
|
||||||
|
keystores: []
|
|
@ -0,0 +1,14 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisTrustStore"
|
||||||
|
metadata:
|
||||||
|
name: "ob-proxy-ob-mock-me-realm-tls-trust"
|
||||||
|
namespace: "adn-agov-nevisidm-ob-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "ob-proxy"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
|
||||||
|
patternId: "b4d2da2fa2d0b060752a1fe2"
|
||||||
|
spec:
|
||||||
|
keystores:
|
||||||
|
- name: "ob-auth-default-identity"
|
||||||
|
namespace: "adn-agov-nevisidm-ob-01-uat"
|
|
@ -4,8 +4,69 @@
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
||||||
<context-param>
|
<context-param>
|
||||||
<param-name>SectokenVerifierCert</param-name>
|
<param-name>SectokenVerifierCert</param-name>
|
||||||
<param-value>/var/opt/keys/trust/ob-proxy-ob-realm-signer-trust/truststore.pem</param-value>
|
<param-value>/var/opt/keys/trust/ob-proxy-ob-mock-me-realm-signer-trust/truststore.pem
|
||||||
|
/var/opt/keys/trust/ob-proxy-ob-realm-signer-trust/truststore.pem</param-value>
|
||||||
</context-param>
|
</context-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<filter>
|
||||||
|
<filter-name>AuthenticationService_ob-mock-me-realm</filter-name>
|
||||||
|
<filter-class>ch::nevis::isiweb4::filter::auth::IdentityCreationFilter</filter-class>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>AuthenticationServlet</param-name>
|
||||||
|
<param-value>Connector_ob-mock-me-realm</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>BodyReadSize</param-name>
|
||||||
|
<param-value>32768</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>EntryPointID</param-name>
|
||||||
|
<param-value>ob.agov-w.azure.adnovum.net</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>InactiveInterval</param-name>
|
||||||
|
<param-value>7200</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>InterceptionRedirect</param-name>
|
||||||
|
<param-value>never</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>LoginRendererServlet</param-name>
|
||||||
|
<param-value>LoginRenderer_ob-logrend</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Realm</param-name>
|
||||||
|
<param-value>ob-mock-me-realm</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>RecheckAuthentication</param-name>
|
||||||
|
<param-value>On</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>RenewIdentification</param-name>
|
||||||
|
<param-value>true</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>StateKey</param-name>
|
||||||
|
<param-value>ob-mock-me-realm</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>StoreInterceptedRequest</param-name>
|
||||||
|
<param-value>false</param-value>
|
||||||
|
</init-param>
|
||||||
|
</filter>
|
||||||
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<filter>
|
<filter>
|
||||||
<filter-name>AuthenticationService_ob-realm</filter-name>
|
<filter-name>AuthenticationService_ob-realm</filter-name>
|
||||||
|
@ -198,6 +259,51 @@
|
||||||
</param-value>
|
</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
</filter>
|
</filter>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<filter>
|
||||||
|
<filter-name>SessionHandler_ob-mock-me-realm</filter-name>
|
||||||
|
<filter-class>ch::nevis::nevisproxy::filter::session::SessionManagementFilter</filter-class>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Cookie.ExtraAttributes</param-name>
|
||||||
|
<param-value>SameSite=None</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Cookie.Name</param-name>
|
||||||
|
<param-value>Session_ob-mock-me-realm</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Cookie.Secure</param-name>
|
||||||
|
<param-value>true</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Identification</param-name>
|
||||||
|
<param-value>COOKIE</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>MaxInactiveInterval</param-name>
|
||||||
|
<param-value>600</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>MaxLifetime</param-name>
|
||||||
|
<param-value>28800</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Servlet</param-name>
|
||||||
|
<param-value>LocalSessionStoreServlet</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>UpdateTimeStampMinInterval</param-name>
|
||||||
|
<param-value>120</param-value>
|
||||||
|
</init-param>
|
||||||
|
</filter>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://e1784eecf2db74484dd1e1bb -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe, pattern://e1784eecf2db74484dd1e1bb -->
|
||||||
<filter>
|
<filter>
|
||||||
<filter-name>SessionHandler_ob-realm</filter-name>
|
<filter-name>SessionHandler_ob-realm</filter-name>
|
||||||
|
@ -253,6 +359,11 @@
|
||||||
<filter-name>ResponseHeader_Default</filter-name>
|
<filter-name>ResponseHeader_Default</filter-name>
|
||||||
<url-pattern>/*</url-pattern>
|
<url-pattern>/*</url-pattern>
|
||||||
</filter-mapping>
|
</filter-mapping>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<filter-mapping>
|
||||||
|
<filter-name>SessionHandler_ob-mock-me-realm</filter-name>
|
||||||
|
<url-pattern>/mock-me/*</url-pattern>
|
||||||
|
</filter-mapping>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
||||||
<filter-mapping>
|
<filter-mapping>
|
||||||
<filter-name>SessionHandler_ob-realm</filter-name>
|
<filter-name>SessionHandler_ob-realm</filter-name>
|
||||||
|
@ -263,6 +374,11 @@
|
||||||
<filter-name>SessionHandler_ob-realm</filter-name>
|
<filter-name>SessionHandler_ob-realm</filter-name>
|
||||||
<url-pattern>/pwreset/*</url-pattern>
|
<url-pattern>/pwreset/*</url-pattern>
|
||||||
</filter-mapping>
|
</filter-mapping>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<filter-mapping>
|
||||||
|
<filter-name>AuthenticationService_ob-mock-me-realm</filter-name>
|
||||||
|
<url-pattern>/mock-me/*</url-pattern>
|
||||||
|
</filter-mapping>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
||||||
<filter-mapping>
|
<filter-mapping>
|
||||||
<filter-name>Authentication_ob-realm</filter-name>
|
<filter-name>Authentication_ob-realm</filter-name>
|
||||||
|
@ -298,6 +414,57 @@
|
||||||
<param-value>ob-fido-uaf:9443</param-value>
|
<param-value>ob-fido-uaf:9443</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
</servlet>
|
</servlet>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<servlet>
|
||||||
|
<servlet-name>Connector_ob-mock-me-realm</servlet-name>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<servlet-class>ch::nevis::isiweb4::servlet::connector::soap::esauth4::Esauth4ConnectorServlet</servlet-class>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.DNSCache.ttl</param-name>
|
||||||
|
<param-value>60</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.InetAddress</param-name>
|
||||||
|
<param-value>ob-auth:8991</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.KeepAlive.LifeTime</param-name>
|
||||||
|
<param-value>30</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.RequestTimeout</param-name>
|
||||||
|
<param-value>90000</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.ResourceManager.RetryTimeout</param-name>
|
||||||
|
<param-value>0</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.SSLCACertificateFile</param-name>
|
||||||
|
<param-value>/var/opt/keys/trust/ob-proxy-ob-mock-me-realm-tls-trust/truststore.pem</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.SSLCheckPeerHostname</param-name>
|
||||||
|
<param-value>false</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.SSLClientCertificateFile</param-name>
|
||||||
|
<param-value>/var/opt/keys/own/ob-proxy-ob-mock-me-realm-identity/cert.pem</param-value>
|
||||||
|
</init-param>
|
||||||
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>Transport.SSLClientKeyFile</param-name>
|
||||||
|
<param-value>/var/opt/keys/own/ob-proxy-ob-mock-me-realm-identity/key.pem</param-value>
|
||||||
|
</init-param>
|
||||||
|
</servlet>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
||||||
<servlet>
|
<servlet>
|
||||||
<servlet-name>Connector_ob-realm</servlet-name>
|
<servlet-name>Connector_ob-realm</servlet-name>
|
||||||
|
@ -371,22 +538,22 @@
|
||||||
<param-value>/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/</param-value>
|
<param-value>/var/opt/nevisproxy/default/host-ob.agov-w.azure.adnovum.net/register/</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
</servlet>
|
</servlet>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
<servlet>
|
<servlet>
|
||||||
<servlet-name>LocalSessionStoreServlet</servlet-name>
|
<servlet-name>LocalSessionStoreServlet</servlet-name>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
<servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
|
<servlet-class>ch::nevis::nevisproxy::servlet::cache::local::LocalSessionStoreServlet</servlet-class>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>MaxInactiveInterval</param-name>
|
<param-name>MaxInactiveInterval</param-name>
|
||||||
<param-value>600</param-value>
|
<param-value>600</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>MaxLifetime</param-name>
|
<param-name>MaxLifetime</param-name>
|
||||||
<param-value>28800</param-value>
|
<param-value>28800</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
<!-- source: pattern://6e7b5a087711bd0ada9985fe -->
|
<!-- source: pattern://14b02056879c3b8991597d2b -->
|
||||||
<init-param>
|
<init-param>
|
||||||
<param-name>MemorySize</param-name>
|
<param-name>MemorySize</param-name>
|
||||||
<param-value>512000000</param-value>
|
<param-value>512000000</param-value>
|
||||||
|
@ -434,6 +601,11 @@
|
||||||
<param-value>/nevislogrend</param-value>
|
<param-value>/nevislogrend</param-value>
|
||||||
</init-param>
|
</init-param>
|
||||||
</servlet>
|
</servlet>
|
||||||
|
<!-- source: pattern://ab2d7423513108f96767a0ec -->
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>Hosting_Default</servlet-name>
|
||||||
|
<url-pattern>/mock-me/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
<!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
|
<!-- source: pattern://25bdd7e6f5b76694f6688ab8 -->
|
||||||
<servlet-mapping>
|
<servlet-mapping>
|
||||||
<servlet-name>Connector_NevisFIDO</servlet-name>
|
<servlet-name>Connector_NevisFIDO</servlet-name>
|
||||||
|
|