DJIN#36213 SAML/Authenticatie verbeteringen. Hernoemen fac_idp naar aut_idp

svn path=/Database/trunk/; revision=33446
2017-04-10 13:09:24 +00:00
parent 1bfdd26a75
commit f4480dcb10
13 changed files with 295 additions and 105 deletions
--- a/AUT/AUT_IND.SRC
+++ b/AUT/AUT_IND.SRC
@@ -2,6 +2,9 @@
 *  $Id$
 */

+CREATE UNIQUE INDEX aut_i_idp_code ON aut_idp(aut_idp_code);
+CREATE UNIQUE INDEX aut_i_idp2 ON aut_idp(aut_idp_issuer, aut_idp_audience, aut_idp_type);
+
 CREATE UNIQUE INDEX aut_i_cp_refreshtkn  ON aut_client_perslid(aut_client_perslid_refreshtkn);
 CREATE UNIQUE INDEX aut_i_cp_accesstoken ON aut_client_perslid(aut_client_perslid_accesstoken);

--- a/AUT/AUT_SEQ.SRC
+++ b/AUT/AUT_SEQ.SRC
@@ -3,7 +3,10 @@
 * $Id$
 */

-CREATE SEQUENCE aut_s_aut_client_key         MINVALUE 1;
-CREATE SEQUENCE aut_s_aut_client_perslid_key MINVALUE 1;
+CREATE SEQUENCE aut_s_aut_idp_key               MINVALUE 1;
+CREATE SEQUENCE aut_s_aut_idp_map_key           MINVALUE 1;
+
+CREATE SEQUENCE aut_s_aut_client_key            MINVALUE 1;
+CREATE SEQUENCE aut_s_aut_client_perslid_key    MINVALUE 1;

 REGISTERONCE('$Id$')
--- a/AUT/AUT_TAB.SRC
+++ b/AUT/AUT_TAB.SRC
@@ -3,6 +3,88 @@
 * $Id$
 */

+// Documentatie in de wiki onder Authenticeren
+CREATE TABLE aut_idp
+(
+    aut_idp_key
+        NUMBER(10)
+        CONSTRAINT aut_k_idp_key PRIMARY KEY,
+    aut_idp_code            -- Voor &sso=<code>
+        VARCHAR2(30),
+    aut_idp_type            -- 1=Internal (login.asp, future use), 2=UID_DEC (deprecated),
+        NUMBER(3),          -- 3=GUID-encrypted (deprecated), 4=JWT, 5=SAML (future use)
+    aut_idp_algorithm       -- HS256 is HMAC-SHA256
+        VARCHAR2(30),
+    aut_idp_omschrijving
+        VARCHAR2(30),
+    aut_idp_opmerking
+        VARCHAR2(320),
+    aut_idp_secret
+        VARCHAR2(128),
+    aut_idp_audience
+        VARCHAR2(128),
+    aut_idp_issuer
+        VARCHAR2(128),
+    aut_idp_remote_loginurl
+        VARCHAR2(128),
+    aut_idp_remote_logouturl
+        VARCHAR2(128),
+    aut_idp_saml_metaurl
+        VARCHAR2(128),
+    aut_idp_clockskew
+        NUMBER(10),
+    aut_idp_duration
+        NUMBER(10),
+    aut_idp_autocreate
+        NUMBER(1)
+        DEFAULT 0 -- +1: create; +2: update
+        NOT NULL,
+-- Note: these column are defined in PRS_TAB.SRC
+--    prs_afdeling_key         NUMBER(10)
+--    prs_bedrijf_key          NUMBER(10)
+    fac_functie_key
+        NUMBER(10)
+        CONSTRAINT aut_r_idp_functie REFERENCES fac_functie(fac_functie_key),
+    aut_idp_internal        -- can be used for FACFAC
+        NUMBER(1)
+        DEFAULT 0 NOT NULL,
+    aut_idp_ipfilter
+        VARCHAR2(320),
+    aut_idp_ipauto
+        NUMBER(1)
+        DEFAULT 0 NOT NULL,
+    aut_idp_loglevel
+      NUMBER(1) DEFAULT 0 NOT NULL,
+    aut_idp_aanmaak
+        DATE
+        DEFAULT SYSDATE
+);
+
+CREATE TABLE aut_idp_map
+(
+    aut_idp_map_key
+        NUMBER(10)
+        CONSTRAINT aut_k_idp_map_key PRIMARY KEY,
+    aut_idp_key
+        NUMBER(10)
+        CONSTRAINT aut_r_idp_map_id REFERENCES aut_idp(aut_idp_key),
+    aut_idp_map_from --  as sent in JWT
+        VARCHAR(100)
+        NOT NULL,
+    aut_idp_map_to -- FACILITOR column of 1000+kenmerk_key
+        NUMBER(10)
+        NOT NULL,
+    aut_idp_map_identify
+        NUMBER(1)
+        DEFAULT 0
+        NOT NULL,
+    aut_idp_map_default
+        VARCHAR(256),
+    aut_idp_map_aanmaak
+        DATE
+        DEFAULT SYSDATE
+);
+
 CREATE TABLE aut_client
 (
    aut_client_key
--- a/AUT/AUT_TRI.SRC
+++ b/AUT/AUT_TRI.SRC
@@ -3,6 +3,24 @@
 *  $Id$
 *
 */
+
+CREATE_TRIGGER(aut_t_aut_idp_B_IU)
+BEFORE INSERT OR UPDATE ON aut_idp
+FOR EACH ROW
+BEGIN
+   UPDATE_PRIMARY_KEY(aut_idp_key, aut_s_aut_idp_key);
+   :new.aut_idp_code := UPPER(:new.aut_idp_code);
+END;
+/
+
+CREATE_TRIGGER(aut_t_aut_idp_map_B_I)
+BEFORE INSERT ON aut_idp_map
+FOR EACH ROW
+BEGIN
+   UPDATE_PRIMARY_KEY(aut_idp_map_key, aut_s_aut_idp_map_key);
+END;
+/
+
 CREATE_TRIGGER(aut_t_aut_client_B_I)
 BEFORE INSERT ON aut_client
 FOR EACH ROW