DJIN#36213 SAML/Authenticatie verbeteringen. Hernoemen fac_idp naar aut_idp

svn path=/Database/trunk/; revision=33446

AUT/AUT_IND.SRC

@@ -2,6 +2,9 @@
  *  $Id$
  */
 
+CREATE UNIQUE INDEX aut_i_idp_code ON aut_idp(aut_idp_code);
+CREATE UNIQUE INDEX aut_i_idp2 ON aut_idp(aut_idp_issuer, aut_idp_audience, aut_idp_type);
+
 CREATE UNIQUE INDEX aut_i_cp_refreshtkn  ON aut_client_perslid(aut_client_perslid_refreshtkn);
 CREATE UNIQUE INDEX aut_i_cp_accesstoken ON aut_client_perslid(aut_client_perslid_accesstoken);
 

AUT/AUT_SEQ.SRC

@@ -3,7 +3,10 @@
  * $Id$
  */
 
-CREATE SEQUENCE aut_s_aut_client_key         MINVALUE 1;
+CREATE SEQUENCE aut_s_aut_idp_key               MINVALUE 1;
-CREATE SEQUENCE aut_s_aut_client_perslid_key MINVALUE 1;
+CREATE SEQUENCE aut_s_aut_idp_map_key           MINVALUE 1;
+
+CREATE SEQUENCE aut_s_aut_client_key            MINVALUE 1;
+CREATE SEQUENCE aut_s_aut_client_perslid_key    MINVALUE 1;
 
 REGISTERONCE('$Id$')

AUT/AUT_TAB.SRC

@@ -3,6 +3,88 @@
  * $Id$
  */
 
+// Documentatie in de wiki onder Authenticeren
+CREATE TABLE aut_idp
+(
+    aut_idp_key
+        NUMBER(10)
+        CONSTRAINT aut_k_idp_key PRIMARY KEY,
+    aut_idp_code            -- Voor &sso=<code>
+        VARCHAR2(30),
+    aut_idp_type            -- 1=Internal (login.asp, future use), 2=UID_DEC (deprecated),
+        NUMBER(3),          -- 3=GUID-encrypted (deprecated), 4=JWT, 5=SAML (future use)
+    aut_idp_algorithm       -- HS256 is HMAC-SHA256
+        VARCHAR2(30),
+    aut_idp_omschrijving
+        VARCHAR2(30),
+    aut_idp_opmerking
+        VARCHAR2(320),
+    aut_idp_secret
+        VARCHAR2(128),
+    aut_idp_audience
+        VARCHAR2(128),
+    aut_idp_issuer
+        VARCHAR2(128),
+    aut_idp_remote_loginurl
+        VARCHAR2(128),
+    aut_idp_remote_logouturl
+        VARCHAR2(128),
+    aut_idp_saml_metaurl
+        VARCHAR2(128),
+    aut_idp_clockskew
+        NUMBER(10),
+    aut_idp_duration
+        NUMBER(10),
+    aut_idp_autocreate
+        NUMBER(1)
+        DEFAULT 0 -- +1: create; +2: update
+        NOT NULL,
+-- Note: these column are defined in PRS_TAB.SRC
+--    prs_afdeling_key         NUMBER(10)
+--    prs_bedrijf_key          NUMBER(10)
+    fac_functie_key
+        NUMBER(10)
+        CONSTRAINT aut_r_idp_functie REFERENCES fac_functie(fac_functie_key),
+    aut_idp_internal        -- can be used for FACFAC
+        NUMBER(1)
+        DEFAULT 0 NOT NULL,
+    aut_idp_ipfilter
+        VARCHAR2(320),
+    aut_idp_ipauto
+        NUMBER(1)
+        DEFAULT 0 NOT NULL,
+    aut_idp_loglevel
+      NUMBER(1) DEFAULT 0 NOT NULL,
+    aut_idp_aanmaak
+        DATE
+        DEFAULT SYSDATE
+);
+
+CREATE TABLE aut_idp_map
+(
+    aut_idp_map_key
+        NUMBER(10)
+        CONSTRAINT aut_k_idp_map_key PRIMARY KEY,
+    aut_idp_key
+        NUMBER(10)
+        CONSTRAINT aut_r_idp_map_id REFERENCES aut_idp(aut_idp_key),
+    aut_idp_map_from --  as sent in JWT
+        VARCHAR(100)
+        NOT NULL,
+    aut_idp_map_to -- FACILITOR column of 1000+kenmerk_key
+        NUMBER(10)
+        NOT NULL,
+    aut_idp_map_identify
+        NUMBER(1)
+        DEFAULT 0
+        NOT NULL,
+    aut_idp_map_default
+        VARCHAR(256),
+    aut_idp_map_aanmaak
+        DATE
+        DEFAULT SYSDATE
+);
+
 CREATE TABLE aut_client
 (
     aut_client_key

AUT/AUT_TRI.SRC

@@ -3,6 +3,24 @@
  *  $Id$
  *
  */
+
+CREATE_TRIGGER(aut_t_aut_idp_B_IU)
+BEFORE INSERT OR UPDATE ON aut_idp
+FOR EACH ROW
+BEGIN
+   UPDATE_PRIMARY_KEY(aut_idp_key, aut_s_aut_idp_key);
+   :new.aut_idp_code := UPPER(:new.aut_idp_code);
+END;
+/
+
+CREATE_TRIGGER(aut_t_aut_idp_map_B_I)
+BEFORE INSERT ON aut_idp_map
+FOR EACH ROW
+BEGIN
+   UPDATE_PRIMARY_KEY(aut_idp_map_key, aut_s_aut_idp_map_key);
+END;
+/
+
 CREATE_TRIGGER(aut_t_aut_client_B_I)
 BEFORE INSERT ON aut_client
 FOR EACH ROW

FAC/FAC_IND.SRC

@@ -57,7 +57,6 @@ CREATE UNIQUE INDEX fac_i_fac_menuitems1 ON fac_menuitems (fac_menuitems_label);
 CREATE INDEX fac_i_fac_menu_perslid_key ON fac_menu (prs_perslid_key);
 
 CREATE UNIQUE INDEX fac_i_idp_code ON fac_idp(fac_idp_code);
-CREATE UNIQUE INDEX fac_i_idp2 ON fac_idp(fac_idp_issuer, fac_idp_audience, fac_idp_type);
 
 CREATE UNIQUE INDEX fac_i_imp_usrdata1 ON fac_imp_usrdata (fac_usrtab_naam, fac_usrdata_code);
 

FAC/FAC_INI.SRC

@@ -3055,7 +3055,8 @@ DEF_MENUENTRY(2, 99070, 'lcl_menu_cad_verify'          , '', 'FAC', 'appl/cad/ca
 DEF_MENUENTRY(2, 99080, 'lcl_menu_fac_verify_data'     , '', 'FAC', 'appl/fac/fac_verify_data.asp', 0, 0, 'WEB_FACTAB');
 DEF_MENUENTRY(2, 99090, 'lcl_menu_fac_email_setting'   , '', 'FAC', 'appl/mgt/fac_email_setting.asp', 0, 0, 'WEB_FACTAB');
 DEF_MENUENTRY(2, 99100, 'lcl_menu_fac_custnotificaties'  , '', 'FAC', 'appl/mgt/fac_srtnotificatie.asp?cust=1', 0, 0, 'WEB_FACTAB');
-DEF_MENUENTRY(2, 99110, 'lcl_menu_fac_idp'             , '', 'FAC', 'appl/mgt/fac_idp.asp', 0, 0, 'WEB_FACFAC');
+DEF_MENUENTRY(2, 99110, 'lcl_menu_aut_idp'             , '', 'FAC', 'appl/mgt/aut_idp.asp', 0, 0, 'WEB_FACTAB');
+DEF_MENUENTRY(2, 99110, 'lcl_menu_aut_client'          , '', 'FAC', 'appl/mgt/aut_client.asp', 0, 0, 'WEB_FACTAB');
 DEF_MENUENTRY(2, 99120, 'lcl_menu_fac_anytable'        , '', 'FAC', 'appl/mgt/user_tables.asp', 0, 0, 'WEB_FACFAC');
 
 

FAC/FAC_LCL.SRC

@@ -5008,6 +5008,7 @@ FAC_LCL('mld_typeopdr_slamodeLOV',
                '1;Supplier-SLA;2;Issue-SLA',
                '1;Lieferant-SLA;2;Meldung-SLA',
                '1;SLA de Fournisseur;2;SLA d''appel')
+FAC_LCL('lcl_typeopdr_sequential', 'Strikt sequentieel', 'Strictly sequentail', 'Streng sequentiell', 'Strictement s<>quentielle')
 
 FAC_LCL('mld_impropdr',              'Improductief',       'Unproductive',       'Unproduktiv',          'Improductif')
 FAC_LCL('mld_impropdr_m',            'Improductieve uren', 'Unproductive hours', 'Unproduktive Stunden', 'Heures improductives')
@@ -5502,37 +5503,38 @@ FAC_LCL('fac_gebruiker_schrijven', 'Schrijven', 'Write', 'Schreiben', 'Ecrire')
 FAC_LCL('fac_gebruiker_outerfunctie', 'Alleen geautoriseerde functies', 'Authorised functions only', 'Nur Autorisierte Funktionen', 'Seulement functions autoris<69>')
 FAC_LCL('fac_gebruiker_outergroep', 'Alleen geautoriseerde groepen', 'Authorised groups only', 'Nur Autorisierte Gruppen', 'Seulement groupes autoris<69>')
 FAC_LCL('fac_gebruiker_outerdisc', 'Alleen geautoriseerde vakgroepen/catalogi', 'Authorised disciplines only', 'Nur Autorisierte Kataloge', 'Seulement catalogues autoris<69>')
-FAC_LCL('fac_idp', 'Identity provider', 'Identity provider', 'Identity-Provider', 'Fournisseur d''identit<69>')
+FAC_LCL('aut_idp', 'Identity provider', 'Identity provider', 'Identity-Provider', 'Fournisseur d''identit<69>')
-FAC_LCL('fac_idp_m', 'Identity providers', 'Identity providers', 'Identity-Providers', 'Fournisseurs d''identit<69>')
+FAC_LCL('aut_idp_m', 'Identity providers', 'Identity providers', 'Identity-Providers', 'Fournisseurs d''identit<69>')
-FAC_LCL('lcl_menu_fac_idp', 'Identity providers', 'Identity providers', 'Identity-Providers', 'Fournisseurs d''identit<69>')
+FAC_LCL('lcl_menu_aut_idp', 'Identity providers', 'Identity providers', 'Identity-Providers', 'Fournisseurs d''identit<69>')
-FAC_LCL('fac_idp_code', 'Code voor ?sso=', 'Code for ?sso=', 'Code f<>r ?sso=', 'Code pour ?sso=')
+FAC_LCL('lcl_menu_aut_client', 'Identity clients', 'Identity clients', 'Identity-clients', 'Client d''identit<69>')
-FAC_LCL('fac_idp_omschrijving', 'Omschrijving', 'Description', 'Umschreibung', 'Description')
+FAC_LCL('aut_idp_code', 'Code voor ?sso=', 'Code for ?sso=', 'Code f<>r ?sso=', 'Code pour ?sso=')
-FAC_LCL('fac_idp_opmerking', 'Opmerking', 'Remark', 'Bemerkung', 'Remarque')
+FAC_LCL('aut_idp_omschrijving', 'Omschrijving', 'Description', 'Umschreibung', 'Description')
-FAC_LCL('fac_idp_type', 'Identity type', 'Identity type', 'Identit<69>tstyp', 'Type d''identit<69>')
+FAC_LCL('aut_idp_opmerking', 'Opmerking', 'Remark', 'Bemerkung', 'Remarque')
-FAC_LCL('fac_idp_typeLOV', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML')
+FAC_LCL('aut_idp_type', 'Identity type', 'Identity type', 'Identit<69>tstyp', 'Type d''identit<69>')
-FAC_LCL('fac_idp_secret', 'Gedeeld geheim', 'Shared secret', 'Geteiltes Geheimnis', 'Secret partag<61>')
+FAC_LCL('aut_idp_typeLOV', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML', '1;Internal (login.asp, future use);2;UID_DEC (deprecated);3;GUID-encrypted (deprecated);4;JWT sso;5;SAML')
-FAC_LCL('fac_idp_audience', 'JWT audience', 'JWT audience', 'JWT audience', 'JWT audience')
+FAC_LCL('aut_idp_secret', 'Gedeeld geheim', 'Shared secret', 'Geteiltes Geheimnis', 'Secret partag<61>')
-FAC_LCL('fac_idp_issuer', 'JWT issuer', 'JWT issuer', 'JWT issuer', 'JWT issuer')
+FAC_LCL('aut_idp_audience', 'JWT audience', 'JWT audience', 'JWT audience', 'JWT audience')
-FAC_LCL('fac_idp_algorithm', 'JWT algoritme', 'JWT algorithm', 'JWT algorithm', 'JWT algorithm')
+FAC_LCL('aut_idp_issuer', 'JWT issuer', 'JWT issuer', 'JWT issuer', 'JWT issuer')
-FAC_LCL('fac_idp_remote_loginurl', 'Remote Login URL', 'Remote Login URL', 'Remote-Login-URL', 'Remote Login URL')
+FAC_LCL('aut_idp_algorithm', 'JWT algoritme', 'JWT algorithm', 'JWT algorithm', 'JWT algorithm')
-FAC_LCL('fac_idp_remote_logouturl', 'Remote Logout URL', 'Remote Logout URL', 'Remote-Logout-URL', 'Remote Logout URL')
+FAC_LCL('aut_idp_remote_loginurl', 'Remote Login URL', 'Remote Login URL', 'Remote-Login-URL', 'Remote Login URL')
-FAC_LCL('fac_idp_ipfilter', 'IP adres filter', 'IP adress filter', 'IP-Adressfilter ', 'filtre d''adresse IP')
+FAC_LCL('aut_idp_remote_logouturl', 'Remote Logout URL', 'Remote Logout URL', 'Remote-Logout-URL', 'Remote Logout URL')
-FAC_LCL('fac_idp_ipauto', 'Automatisch SSO voor IP', 'Automatic SSO for IP', 'Automatische SSO f<>r IP', 'SSO automatique pour IP')
+FAC_LCL('aut_idp_ipfilter', 'IP adres filter', 'IP adress filter', 'IP-Adressfilter ', 'filtre d''adresse IP')
-FAC_LCL('fac_idp_clockskew', 'Toegestane klok afwijking', 'Allowed clock skew', 'Erlaubte Taktverschiebung', 'Allowed clock skew')
+FAC_LCL('aut_idp_ipauto', 'Automatisch SSO voor IP', 'Automatic SSO for IP', 'Automatische SSO f<>r IP', 'SSO automatique pour IP')
-FAC_LCL('fac_idp_duration', 'Maximale geldigheid', 'Maximum validity', 'Maximalen G<>ltigkeitsdauer', 'Validit<69> maximale')
+FAC_LCL('aut_idp_clockskew', 'Toegestane klok afwijking', 'Allowed clock skew', 'Erlaubte Taktverschiebung', 'Allowed clock skew')
+FAC_LCL('aut_idp_duration', 'Maximale geldigheid', 'Maximum validity', 'Maximalen G<>ltigkeitsdauer', 'Validit<69> maximale')
 FAC_LCL('lcl_idp_company', 'Voor bedrijf', 'For company', 'F<>r Betrieb', 'Pour entreprise')
 FAC_LCL('lcl_idp_department', 'Voor afdeling', 'For department', 'F<>r Abteilung', 'Pour d<>partement')
-FAC_LCL('fac_idp_functie_key', 'Alleen als autorisatie', 'Only for authorisation', 'Nur f<>r Autorisierung', 'Limit<69> <20> autorisation')
+FAC_LCL('aut_idp_functie_key', 'Alleen als autorisatie', 'Only for authorisation', 'Nur f<>r Autorisierung', 'Limit<69> <20> autorisation')
-FAC_LCL('fac_idp_internal', 'Internal', 'Internal', 'Internal', 'Internal')
+FAC_LCL('aut_idp_internal', 'Internal', 'Internal', 'Internal', 'Internal')
-FAC_LCL('fac_idp_autocreate', 'Aanmaken/bijwerken', 'Create/Update', 'Erzeugen/Aktualisieren', 'Cr<43>er/Actualiser')
+FAC_LCL('aut_idp_autocreate', 'Aanmaken/bijwerken', 'Create/Update', 'Erzeugen/Aktualisieren', 'Cr<43>er/Actualiser')
-FAC_LCL('fac_idp_saml_metaurl', 'SAML metaurl', 'SAML metaurl', 'SAML metaurl', 'SAML metaurl')
+FAC_LCL('aut_idp_saml_metaurl', 'SAML metaurl', 'SAML metaurl', 'SAML metaurl', 'SAML metaurl')
 
-FAC_LCL('fac_idp_map', 'Identity mapping', 'Identity mapping', 'Identity-Mapping', 'Mapping d''identit<69>')
+FAC_LCL('aut_idp_map', 'Identity mapping', 'Identity mapping', 'Identity-Mapping', 'Mapping d''identit<69>')
-FAC_LCL('fac_idp_map_m', 'Identity mappings', 'Identity mappings', 'Identity-Mappinge', 'Mapping d''identit<69>')
+FAC_LCL('aut_idp_map_m', 'Identity mappings', 'Identity mappings', 'Identity-Mappinge', 'Mapping d''identit<69>')
-FAC_LCL('fac_idp_map_identify', 'Identificeren', 'Identification', 'Identifikation', 'Identification')
+FAC_LCL('aut_idp_map_identify', 'Identificeren', 'Identification', 'Identifikation', 'Identification')
-FAC_LCL('fac_idp_map_to',   'FACILITOR attribuut', 'FACILITOR attribute', 'FACILITOR Attribut', 'FACILITOR attribut')
+FAC_LCL('aut_idp_map_to',   'FACILITOR attribuut', 'FACILITOR attribute', 'FACILITOR Attribut', 'FACILITOR attribut')
-FAC_LCL('fac_idp_map_from', 'Claim veld', 'Claim field', 'Claim Feld', 'Claim champ')
+FAC_LCL('aut_idp_map_from', 'Claim veld', 'Claim field', 'Claim Feld', 'Claim champ')
-FAC_LCL('fac_idp_map_default', 'Standaardwaarde', 'Default value', 'Standardwert', 'Par d<>faut')
+FAC_LCL('aut_idp_map_default', 'Standaardwaarde', 'Default value', 'Standardwert', 'Par d<>faut')
 
 FAC_LCL('aut_client_perslid', 'Persoon-App mapping', 'Person-App mapping', '@@', '@@')
 FAC_LCL('aut_client_perslid_m', 'Persoon-App mappings', 'Person-App mappings', '@@', '@@')

FAC/FAC_SEQ.SRC

@@ -46,7 +46,6 @@ CREATE SEQUENCE faq_s_faq_kenmerkwaarde_key     MINVALUE 1;
 CREATE SEQUENCE faq_s_fac_gui_counter_key       MINVALUE 1;
 CREATE SEQUENCE fac_s_fac_email_setting_key     MINVALUE 1;
 CREATE SEQUENCE fac_s_fac_idp_key               MINVALUE 1;
-CREATE SEQUENCE fac_s_fac_idp_map_key           MINVALUE 1;
 CREATE SEQUENCE fac_s_fac_bookmark_key          MINVALUE 1;
 CREATE SEQUENCE fac_s_fac_qvw_ticket_key        MINVALUE 1;
 CREATE SEQUENCE fac_s_fac_session_key           MINVALUE 1;

FAC/FAC_TAB.SRC

@@ -1948,6 +1948,8 @@ CREATE_TABLE(fac_sequence, 0)
 );
 
 // Documentatie in de wiki onder Authenticeren
+// LET OP: deprecated sinds 2017.1, gebruik aut_idp
+// Te verwijderen met 2017.2
 CREATE TABLE fac_idp
 (
     fac_idp_key
@@ -1973,16 +1975,12 @@ CREATE TABLE fac_idp
         VARCHAR2(128),
     fac_idp_remote_logouturl
         VARCHAR2(128),
-    fac_idp_saml_metaurl
+    fac_idp_usermapping
-        VARCHAR2(128),
+        VARCHAR2(30),
     fac_idp_clockskew
         NUMBER(10),
     fac_idp_duration
         NUMBER(10),
-    fac_idp_autocreate
-        NUMBER(1)
-        DEFAULT 0 -- +1: create; +2: update
-        NOT NULL,
 -- Note: these column are defined in PRS_TAB.SRC
 --    prs_afdeling_key         NUMBER(10)
 --    prs_bedrijf_key          NUMBER(10)
@@ -2002,29 +2000,4 @@ CREATE TABLE fac_idp
         DEFAULT SYSDATE
 );
 
-CREATE TABLE fac_idp_map
-(
-    fac_idp_map_key
-        NUMBER(10)
-        CONSTRAINT fac_k_idp_map_key PRIMARY KEY,
-    fac_idp_key
-        NUMBER(10)
-        CONSTRAINT fac_r_idp_map_id REFERENCES fac_idp(fac_idp_key),
-    fac_idp_map_from --  as sent in JWT
-        VARCHAR(100)
-        NOT NULL,
-    fac_idp_map_to -- FACILITOR column
-        NUMBER(3)
-        NOT NULL,
-    fac_idp_map_identify
-        NUMBER(1)
-        DEFAULT 0
-        NOT NULL,
-    fac_idp_map_default
-        VARCHAR(256),
-    fac_idp_map_aanmaak
-        DATE
-        DEFAULT SYSDATE
-);
-
 REGISTERONCE('$Id$')

FAC/FAC_TRI.SRC

@@ -925,14 +925,6 @@ BEGIN
 END;
 /
 
-CREATE_TRIGGER(fac_t_fac_idp_map_B_I)
-BEFORE INSERT ON fac_idp_map
-FOR EACH ROW
-BEGIN
-   UPDATE_PRIMARY_KEY(fac_idp_map_key, fac_s_fac_idp_map_key);
-END;
-/
-
 CREATE_TRIGGER(fac_t_fac_bookmark_B_I)
 BEFORE INSERT ON fac_bookmark
 FOR EACH ROW

FCLT.NMK

@@ -62,7 +62,7 @@ PROJEXE=z:\Project\FACILITOR\BUILD
 ##
 CURRENTVERSION=30
 NEXTVERSION=31
-FILEVERSION=z
+FILEVERSION=
 NEXTCAREVERSION=32
 NEXTROOT=DB$(NEXTVERSION)$(FILEVERSION)
 CURRENTUPDATE=DB$(CURRENTVERSION)to$(NEXTVERSION)

PRS/PRS_TAB.SRC

@@ -163,6 +163,14 @@ ADD
         CONSTRAINT fac_r_idp_prs_bedrijf REFERENCES prs_bedrijf(prs_bedrijf_key) ON DELETE CASCADE
 );
 
+ALTER TABLE aut_idp
+ADD
+(
+    prs_bedrijf_key
+        NUMBER(10)
+        CONSTRAINT aut_r_idp_prs_bedrijf REFERENCES prs_bedrijf(prs_bedrijf_key) ON DELETE CASCADE
+);
+
 /* Kruistabel met bedrijfsrelaties (use case Mareon): bedrijf 1 doet iets voor bedrijf 2 of andersom */
 CREATE_TABLE(prs_bedrijf_bedrijf,0)
 (
@@ -407,6 +415,12 @@ ALTER TABLE fac_idp ADD
        NUMBER(10)
        CONSTRAINT alg_r_idp_prs_afdeling REFERENCES prs_afdeling(prs_afdeling_key) ON DELETE CASCADE
 );
+ALTER TABLE aut_idp ADD
+(
+    prs_afdeling_key
+       NUMBER(10)
+       CONSTRAINT aut_r_idp_prs_afdeling REFERENCES prs_afdeling(prs_afdeling_key) ON DELETE CASCADE
+);
 
 CREATE_TABLE(prs_srtperslid,0)
 (

_UP/DB30to31.src

@@ -11,8 +11,6 @@ COMMIT;
 
 CREATE UNIQUE INDEX fac_i_fac_api1 ON fac_api (fac_api_name);
 
-CREATE UNIQUE INDEX fac_i_idp2 ON fac_idp(fac_idp_issuer, fac_idp_audience, fac_idp_type);
-
 CREATE UNIQUE INDEX fac_i_fac_session2 ON fac_session(fac_session_sessionid_hash);
 
 /////////////////////////////////////////////////////////////////////////////////////////// FSN#39394
@@ -477,45 +475,151 @@ ALTER TABLE fin_factuurregel MODIFY (fin_factuurregel_omschrijving VARCHAR2(250)
 ALTER TABLE fac_imp_factuur MODIFY (omschrijving VARCHAR2(250));
 
 /////////////////////////////////////////////////////////////////////////////////////////// DJIN#36213
-ALTER TABLE fac_idp
+
-ADD fac_idp_autocreate
+CREATE TABLE aut_idp
+(
+    aut_idp_key
+        NUMBER(10)
+        CONSTRAINT aut_k_idp_key PRIMARY KEY,
+    aut_idp_code            -- Voor &sso=<code>
+        VARCHAR2(30),
+    aut_idp_type            -- 1=Internal (login.asp, future use), 2=UID_DEC (deprecated),
+        NUMBER(3),          -- 3=GUID-encrypted (deprecated), 4=JWT, 5=SAML (future use)
+    aut_idp_algorithm       -- HS256 is HMAC-SHA256
+        VARCHAR2(30),
+    aut_idp_omschrijving
+        VARCHAR2(30),
+    aut_idp_opmerking
+        VARCHAR2(320),
+    aut_idp_secret
+        VARCHAR2(128),
+    aut_idp_audience
+        VARCHAR2(128),
+    aut_idp_issuer
+        VARCHAR2(128),
+    aut_idp_remote_loginurl
+        VARCHAR2(128),
+    aut_idp_remote_logouturl
+        VARCHAR2(128),
+    aut_idp_saml_metaurl
+        VARCHAR2(128),
+    aut_idp_clockskew
+        NUMBER(10),
+    aut_idp_duration
+        NUMBER(10),
+    aut_idp_autocreate
         NUMBER(1)
         DEFAULT 0 -- +1: create; +2: update
-        NOT NULL;
-
-ALTER TABLE fac_idp
-ADD fac_idp_saml_metaurl
-        VARCHAR2(128);
-
-
-ALTER TABLE fac_idp DROP COLUMN fac_idp_usermapping;
-
-CREATE TABLE fac_idp_map
-(
-    fac_idp_map_key
-        NUMBER(10)
-        CONSTRAINT fac_k_idp_map_key PRIMARY KEY,
-    fac_idp_key
-        NUMBER(10)
-        CONSTRAINT fac_r_idp_map_id REFERENCES fac_idp(fac_idp_key),
-    fac_idp_map_from --  as sent in JWT
-        VARCHAR(100)
         NOT NULL,
-    fac_idp_map_to -- FACILITOR column
+-- Note: these column are defined in PRS_TAB.SRC
+--    prs_afdeling_key         NUMBER(10)
+--    prs_bedrijf_key          NUMBER(10)
+    fac_functie_key
         NUMBER(10)
-        NOT NULL,
+        CONSTRAINT aut_r_idp_functie REFERENCES fac_functie(fac_functie_key),
-    fac_idp_map_identify
+    aut_idp_internal        -- can be used for FACFAC
         NUMBER(1)
-        DEFAULT 0
+        DEFAULT 0 NOT NULL,
-        NOT NULL,
+    aut_idp_ipfilter
-    fac_idp_map_default
+        VARCHAR2(320),
-        VARCHAR(256),
+    aut_idp_ipauto
-    fac_idp_map_aanmaak
+        NUMBER(1)
+        DEFAULT 0 NOT NULL,
+    aut_idp_loglevel
+      NUMBER(1) DEFAULT 0 NOT NULL,
+    aut_idp_aanmaak
         DATE
         DEFAULT SYSDATE
 );
 
-CREATE SEQUENCE fac_s_fac_idp_map_key MINVALUE 1;
+CREATE TABLE aut_idp_map
+(
+    aut_idp_map_key
+        NUMBER(10)
+        CONSTRAINT aut_k_idp_map_key PRIMARY KEY,
+    aut_idp_key
+        NUMBER(10)
+        CONSTRAINT aut_r_idp_map_id REFERENCES aut_idp(aut_idp_key),
+    aut_idp_map_from --  as sent in JWT
+        VARCHAR(100)
+        NOT NULL,
+    aut_idp_map_to -- FACILITOR column of 1000+kenmerk_key
+        NUMBER(10)
+        NOT NULL,
+    aut_idp_map_identify
+        NUMBER(1)
+        DEFAULT 0
+        NOT NULL,
+    aut_idp_map_default
+        VARCHAR(256),
+    aut_idp_map_aanmaak
+        DATE
+        DEFAULT SYSDATE
+);
+ALTER TABLE aut_idp
+ADD
+(
+    prs_bedrijf_key
+        NUMBER(10)
+        CONSTRAINT aut_r_idp_prs_bedrijf REFERENCES prs_bedrijf(prs_bedrijf_key) ON DELETE CASCADE
+);
+ALTER TABLE aut_idp ADD
+(
+    prs_afdeling_key
+       NUMBER(10)
+       CONSTRAINT aut_r_idp_prs_afdeling REFERENCES prs_afdeling(prs_afdeling_key) ON DELETE CASCADE
+);
+
+CREATE SEQUENCE aut_s_aut_idp_key               MINVALUE 1;
+CREATE SEQUENCE aut_s_aut_idp_map_key           MINVALUE 1;
+
+CREATE UNIQUE INDEX aut_i_idp_code ON aut_idp(aut_idp_code);
+CREATE UNIQUE INDEX aut_i_idp2 ON aut_idp(aut_idp_issuer, aut_idp_audience, aut_idp_type);
+
+-- Alleen nodig voor het conversiestatement
+CREATE OR REPLACE TRIGGER aut_t_aut_idp_B_IU
+BEFORE INSERT OR UPDATE ON aut_idp
+FOR EACH ROW
+BEGIN
+   UPDATE_PRIMARY_KEY(aut_idp_key, aut_s_aut_idp_key);
+   :new.aut_idp_code := UPPER(:new.aut_idp_code);
+END;
+/
+
+INSERT INTO aut_idp (
+    aut_idp_code,
+    aut_idp_type,
+    aut_idp_algorithm,
+    aut_idp_omschrijving,
+    aut_idp_opmerking,
+    aut_idp_secret,
+    aut_idp_audience,
+    aut_idp_issuer,
+    aut_idp_remote_loginurl,
+    aut_idp_remote_logouturl,
+    aut_idp_clockskew,
+    aut_idp_duration,
+    aut_idp_internal,
+    aut_idp_ipfilter,
+    aut_idp_aanmaak)
+SELECT
+    fac_idp_code,
+    fac_idp_type,
+    fac_idp_algorithm,
+    fac_idp_omschrijving,
+    fac_idp_opmerking,
+    fac_idp_secret,
+    fac_idp_audience,
+    fac_idp_issuer,
+    fac_idp_remote_loginurl,
+    fac_idp_remote_logouturl,
+    fac_idp_clockskew,
+    fac_idp_duration,
+    fac_idp_internal,
+    fac_idp_ipfilter,
+    fac_idp_aanmaak
+FROM fac_idp;
+
 
 /////////////////////////////////////////////////////////////////////////////////////////// FSN#39750
 -- Clients (zoals al dan niet native App's)