admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DJIN#36213 SAML/Authenticatie verbeteringen. Hernoemen fac_idp naar aut_idp

Browse Source 
svn path=/Website/trunk/; revision=33445
This commit is contained in:
Jos Groot Lipman
2017-04-10 13:08:34 +00:00
parent 1da064ca49
commit 06cefb3af5
13 changed files with 135 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
APPL/API2/api2_dispatch.inc
View File

@@ -57,7 +57,7 @@ var api2_mapper = {
"authorizationfunctions" : { "filename": "appl/mgt/fac_functie.asp" },
"authorizationgroups" : { "filename": "appl/mgt/fac_groep.asp" },
"authorizations" : { "filename": "appl/mgt/fac_groeprechten.asp", "nodoc": true },
"identityproviders" : { "filename": "appl/mgt/fac_idp.asp" },
"identityproviders" : { "filename": "appl/mgt/fac_aut.asp" },
"importfunctions" : { "filename": "appl/mgt/fac_import_app.asp" },
"notificationjobs" : { "filename": "appl/mgt/fac_notificatie_job.asp" },
"profiles" : { "filename": "appl/mgt/fac_profiel.asp" },

2
APPL/API2/model_aut_client.inc
View File

@@ -45,7 +45,7 @@ function model_aut_client(params)
"label": L("aut_client_type"),
"typ": "key",
"required": true,
"LOV": L("fac_idp_typeLOV") // TODO?
"LOV": L("fac_aut_typeLOV") // TODO?
},
"remark": {
"dbs": "aut_client_opmerking",

94
APPL/API2/model_fac_idp.inc → APPL/API2/model_aut_idp.inc
View File

@@ -2,113 +2,113 @@
$Revision$
$Id$
File: model_fac_idp.inc
File: model_aut_idp.inc
Description:
Notes: Documentatie in de wiki onder Authenticeren
*/
%>
<!-- #include file="./model_fac_idp_map.inc" -->
<!-- #include file="./model_aut_idp_map.inc" -->
<%
function model_fac_idp(params)
function model_aut_idp(params)
{
params = params || {};
this.records_name = "identityproviders";
this.record_name = "identityprovider";
this.table = "fac_idp";
this.primary = "fac_idp_key";
this.table = "aut_idp";
this.primary = "aut_idp_key";
this.autfunction = params.internal?false:"WEB_FACTAB";
this.record_title = L("fac_idp");
this.records_title = L("fac_idp_m");
this.record_title = L("aut_idp");
this.records_title = L("aut_idp_m");
this.askfirst = "type";
this.fields = {
"id": {
"dbs": "fac_idp_key",
"dbs": "aut_idp_key",
"label": L("lcl_key"),
"typ": "key",
"seq": "fac_s_fac_idp_key"
"seq": "aut_s_aut_idp_key"
},
"code": {
"dbs": "fac_idp_code",
"label": L("fac_idp_code"),
"dbs": "aut_idp_code",
"label": L("aut_idp_code"),
"typ": "varchar",
"filter": "exact"
},
"name": {
"dbs": "fac_idp_omschrijving",
"label": L("fac_idp_omschrijving"),
"dbs": "aut_idp_omschrijving",
"label": L("aut_idp_omschrijving"),
"typ": "varchar",
"required": true
},
"type": {
"dbs": "fac_idp_type",
"label": L("fac_idp_type"),
"dbs": "aut_idp_type",
"label": L("aut_idp_type"),
"typ": "key",
"required": true,
"insertonly": true,
"LOV": L("fac_idp_typeLOV")
"LOV": L("aut_idp_typeLOV")
},
"remark": {
"dbs": "fac_idp_opmerking",
"label": L("fac_idp_opmerking"),
"dbs": "aut_idp_opmerking",
"label": L("aut_idp_opmerking"),
"typ": "memo"
},
"secret": {
"dbs": "fac_idp_secret",
"label": L("fac_idp_secret"),
"dbs": "aut_idp_secret",
"label": L("aut_idp_secret"),
"typ": "varchar",
"defaultvalue": shared.random(32),
"secret": true
},
"audience": {
"dbs": "fac_idp_audience",
"label": L("fac_idp_audience"),
"dbs": "aut_idp_audience",
"label": L("aut_idp_audience"),
"typ": "varchar",
"placeholder": customerId + ".facilitor.nl",
"filter": "exact"
},
"issuer": {
"dbs": "fac_idp_issuer",
"label": L("fac_idp_issuer"),
"dbs": "aut_idp_issuer",
"label": L("aut_idp_issuer"),
"typ": "varchar",
"filter": "exact"
},
"algorithm": {
"dbs": "fac_idp_algorithm",
"label": L("fac_idp_algorithm"),
"dbs": "aut_idp_algorithm",
"label": L("aut_idp_algorithm"),
"typ": "varchar"
},
"clockskew": {
"dbs": "fac_idp_clockskew",
"label": L("fac_idp_clockskew"),
"dbs": "aut_idp_clockskew",
"label": L("aut_idp_clockskew"),
"typ": "number",
"defaultvalue": 30
},
"duration": {
"dbs": "fac_idp_duration",
"label": L("fac_idp_duration"),
"dbs": "aut_idp_duration",
"label": L("aut_idp_duration"),
"typ": "number"
},
"remoteloginurl": {
"dbs": "fac_idp_remote_loginurl",
"label": L("fac_idp_remote_loginurl"),
"dbs": "aut_idp_remote_loginurl",
"label": L("aut_idp_remote_loginurl"),
"typ": "varchar"
},
"samlmetaurl": {
"dbs": "fac_idp_saml_metaurl",
"label": L("fac_idp_saml_metaurl"),
"dbs": "aut_idp_saml_metaurl",
"label": L("aut_idp_saml_metaurl"),
"typ": "varchar"
},
"remotelogouturl": {
"dbs": "fac_idp_remote_logouturl",
"label": L("fac_idp_remote_logouturl"),
"dbs": "aut_idp_remote_logouturl",
"label": L("aut_idp_remote_logouturl"),
"typ": "varchar"
},
"ipfilter": {
"dbs": "fac_idp_ipfilter",
"label": L("fac_idp_ipfilter"),
"dbs": "aut_idp_ipfilter",
"label": L("aut_idp_ipfilter"),
"typ": "varchar"
},
"_currentIP" : {
@@ -118,16 +118,16 @@ function model_fac_idp(params)
"labelvalue": String(Request.ServerVariables("REMOTE_ADDR"))
},
"ipauto": {
"dbs": "fac_idp_ipauto",
"label": L("fac_idp_ipauto"),
"dbs": "aut_idp_ipauto",
"label": L("aut_idp_ipauto"),
"typ": "check0"
},
"autocreate": {
"dbs": "fac_idp_autocreate",
"label": L("fac_idp_autocreate"),
"dbs": "aut_idp_autocreate",
"label": L("aut_idp_autocreate"),
"typ": "key",
"required": "true",
"LOV": "0;Weigeren bij onbekend;1;Aanmaken;2;Alleen bijwerken;3;Aanmaken en bijwerken" ///L("fac_idp_autocreateLOV")
"LOV": "0;Weigeren bij onbekend;1;Aanmaken;2;Alleen bijwerken;3;Aanmaken en bijwerken" ///L("aut_idp_autocreateLOV")
},
"company": {
"dbs": "prs_bedrijf_key",
@@ -146,20 +146,20 @@ function model_fac_idp(params)
},
/* "authorization": {
"dbs": "fac_functie_key",
"label": L("fac_idp_functie_key"),
"label": L("aut_idp_functie_key"),
"typ": "key",
"foreign": "fac_functie"
},
*/
"internal": {
"dbs": "fac_idp_internal",
"label": L("fac_idp_internal"),
"dbs": "aut_idp_internal",
"label": L("aut_idp_internal"),
"typ": "check0",
"readonly": true
}
}
this.includes =
{"idpmappings": { model: new model_fac_idp_map(),
{"idpmappings": { model: new model_aut_idp_map(),
joinfield: "identityprovider",
enable_update: true
}

36
APPL/API2/model_fac_idp_map.inc → APPL/API2/model_aut_idp_map.inc
View File

@@ -2,44 +2,44 @@
$Revision$
$Id$
File: model_fac_idp_map.inc
File: model_aut_idp_map.inc
Description:
Notes:
*/
function model_fac_idp_map(params)
function model_aut_idp_map(params)
{
params = params || {};
this.records_name = "idpmappings";
this.record_name = "idpmapping";
this.table = "fac_idp_map";
this.primary = "fac_idp_map_key";
this.table = "aut_idp_map";
this.primary = "aut_idp_map_key";
this.autfunction = params.internal?false:"WEB_FACTAB";
this.record_title = L("fac_idp_map");
this.records_title = L("fac_idp_map_m");
this.record_title = L("aut_idp_map");
this.records_title = L("aut_idp_map_m");
this.fields = {
"id": {
"dbs": "fac_idp_map_key",
"dbs": "aut_idp_map_key",
"label": L("lcl_key"),
"typ": "key",
"seq": "fac_s_fac_idp_map_key"
"seq": "aut_s_aut_idp_map_key"
},
"identityprovider": {
"dbs": "fac_idp_key",
"label": L("fac_idp"),
"dbs": "aut_idp_key",
"label": L("aut_idp"),
"typ": "key",
"hidden_fld": true,
"required": true
},
"identify": {
"dbs": "fac_idp_map_identify",
"label": L("fac_idp_map_identify"),
"dbs": "aut_idp_map_identify",
"label": L("aut_idp_map_identify"),
"typ": "check0"
},
"name": { // Wel een beetje afwijkend, een name veld die een LOV is....
"dbs": "fac_idp_map_to",
"label": L("fac_idp_map_to"),
"dbs": "aut_idp_map_to",
"label": L("aut_idp_map_to"),
"typ": "key",
"required": true,
"LOV": "1;" + L("lcl_prs_person_login")
@@ -55,14 +55,14 @@ function model_fac_idp_map(params)
// 1000 + kenmerk_key komt hier nog achter
},
"from": {
"dbs": "fac_idp_map_from",
"label": L("fac_idp_map_from"),
"dbs": "aut_idp_map_from",
"label": L("aut_idp_map_from"),
"typ": "varchar",
"required": true
},
"default": {
"dbs": "fac_idp_map_default",
"label": L("fac_idp_map_default"),
"dbs": "aut_idp_map_default",
"label": L("aut_idp_map_default"),
"typ": "varchar"
}
}

2
APPL/API2/model_fac_sp.inc
View File

@@ -44,7 +44,7 @@ function model_fac_sp()
"label": L("fac_sp_type"),
"typ": "key",
"required": true,
"LOV": L("fac_idp_typeLOV") // TODO?
"LOV": L("fac_aut_typeLOV") // TODO?
},
"remark": {
"dbs": "fac_sp_opmerking",

10
APPL/AUT/LogOff.asp
View File

@@ -39,12 +39,12 @@ else
result.return_url = S("logoff_return_url");
if (Session("idp_key") > 0)
{
var sql = "SELECT fac_idp_remote_logouturl"
+ " FROM fac_idp"
+ " WHERE fac_idp_key = " + Session("idp_key");
var sql = "SELECT aut_idp_remote_logouturl"
+ " FROM aut_idp"
+ " WHERE aut_idp_key = " + Session("idp_key");
var oRs = Oracle.Execute(sql);
if (oRs("fac_idp_remote_logouturl").Value)
result.return_url = oRs("fac_idp_remote_logouturl").Value;
if (oRs("aut_idp_remote_logouturl").Value)
result.return_url = oRs("aut_idp_remote_logouturl").Value;
oRs.Close();
}

62
APPL/AUT/Login.inc
View File

@@ -15,7 +15,7 @@
*/
%>
<!-- #include file="../Shared/json2.js" -->
<!-- #include file="../api2/model_fac_idp.inc" -->
<!-- #include file="../api2/model_aut_idp.inc" -->
<!-- #include file="../api2/model_prs_perslid.inc" -->
<%
// Elders is prs_key geauthenticeerd. Registreer die hier als de actieve gebruiker.
@@ -40,13 +40,13 @@ function doLogin(prs_key, params)
if ("isFACFACinternal" in params) // vanuit JWT-sso
{
var deze = new Perslid(prs_key);
// SSO naar een FACFAC gebruiker mag alleen als fac_idp_internal aan staat
// SSO naar een FACFAC gebruiker mag alleen als aut_idp_internal aan staat
if (deze.has("WEB_FACFAC") && !params.isFACFACinternal)
{
__DoLog("Illegal login WEB_FACFAC");
shared.internal_error("IDP '{0}' cannot be used for users with WEB_FACFAC (prs_key={1}).".format(params.idp_code, prs_key));
}
// Als fac_idp_internal aan staat mag alleen je alleen SSO doen naar een FACFAC gebruiker
// Als aut_idp_internal aan staat mag alleen je alleen SSO doen naar een FACFAC gebruiker
// Tenzij S("idp_internal_anyuser") true is, dan mag je toch naar iedereen
// Dat doen we op OTA via custenc.wsc, dat doen we niet in PROD
if (params.isFACFACinternal && !S("idp_internal_anyuser") && !deze.has("WEB_FACFAC"))
@@ -1242,14 +1242,14 @@ function jwt_verify(decoded_jwt, secret, skew, duration)
function trySSO(ssocode)
{
var sql = "SELECT *"
+ " FROM fac_idp"
+ " WHERE fac_idp_code = " + safe.quoted_sql_upper(ssocode); // een trigger zorgt dat fac_idp_code uppercase is
+ " FROM aut_idp"
+ " WHERE aut_idp_code = " + safe.quoted_sql_upper(ssocode); // een trigger zorgt dat aut_idp_code uppercase is
var oRs = Oracle.Execute(sql);
if (oRs.Eof)
shared.internal_error("Identity provider '{0}' is not configured for {1}".format(safe.html(ssocode), customerId));
var isFACFACinternal = oRs("fac_idp_internal").Value != 0;
var ip_restrict = oRs("fac_idp_ipfilter").Value;
var isFACFACinternal = oRs("aut_idp_internal").Value != 0;
var ip_restrict = oRs("aut_idp_ipfilter").Value;
if (isFACFACinternal && S("idp_internal_anyuser"))
ip_restrict = ""; // dan niet al te moeilijk doen
var ip_ok = true;
@@ -1273,20 +1273,20 @@ function trySSO(ssocode)
var return_to = String(Request.ServerVariables("URL")).substr(rooturl.length) + "?" + String(Request.ServerVariables("QUERY_STRING"));
return_to = return_to.replace(/^\/default.asp/i, "/"); // default.asp vooraan hoeft niet, ik wil cleane url
if (oRs("fac_idp_type").Value == 3) // Oldstyle SecureSSO, die doet het verder zelf
if (oRs("aut_idp_type").Value == 3) // Oldstyle SecureSSO, die doet het verder zelf
{
SecureSSO({ strSharedKey: oRs("fac_idp_secret").Value,
Timeout: oRs("fac_idp_clockskew").Value,
ssoURL: oRs("fac_idp_remote_loginurl").Value,
SecureSSO({ strSharedKey: oRs("aut_idp_secret").Value,
Timeout: oRs("aut_idp_clockskew").Value,
ssoURL: oRs("aut_idp_remote_loginurl").Value,
sso: ssocode
});
/* keert niet terug */
}
else if (oRs("fac_idp_type").Value == 4) // JWT
else if (oRs("aut_idp_type").Value == 4) // JWT
{
var audience = oRs("fac_idp_audience").Value;
var issuer = oRs("fac_idp_issuer").Value;
var url = oRs("fac_idp_remote_loginurl").Value;
var audience = oRs("aut_idp_audience").Value;
var issuer = oRs("aut_idp_issuer").Value;
var url = oRs("aut_idp_remote_loginurl").Value;
if (!url) // regulier bij Logcenter-sso CUSTOMER als gebruiker (nog) niet bekend is
shared.internal_error("User unknown and Identity Provider '{0}' has no login url".format(ssocode));
if (url.indexOf("://") < 0) // geen protocol?
@@ -1295,16 +1295,16 @@ function trySSO(ssocode)
var redirect_uri = HTTP.urlzelf() + "/"; // TODO: /appl/aut/jwt is misschien logischer als 'endpoint'
url += "&redirect_uri={0}&return_to={1}".format(safe.url(redirect_uri), safe.url(return_to));
}
else if (oRs("fac_idp_type").Value == 5) // SAML
else if (oRs("aut_idp_type").Value == 5) // SAML
{ // https://grkl.facilitor.nl/Shibboleth.sso/Login?entityID=https://idp.testshib.org/idp/shibboleth&target=https://grkl.facilitor.nl/trunk/appl/aut/saml
var url = oRs("fac_idp_remote_loginurl").Value; // /Shibboleth.sso/Login?entityID=https://idp.testshib.org/idp/shibboleth
var url = "/Shibboleth.sso/Login?entityID={0}".format(safe.url(oRs("fac_idp_issuer").Value))
var url = oRs("aut_idp_remote_loginurl").Value; // /Shibboleth.sso/Login?entityID=https://idp.testshib.org/idp/shibboleth
var url = "/Shibboleth.sso/Login?entityID={0}".format(safe.url(oRs("aut_idp_issuer").Value))
// shib kent geen return_to parameter dus zelf maar in redirect_uri verwerken
var redirect_uri = HTTP.urlzelf() + "/appl/aut/saml/?return_to={0}&fac_id={1}".format(safe.url(return_to), customerId);
url += "&target={0}".format(safe.url(redirect_uri));
}
else
shared.internal_error("IDP '{0}' type {1} not supported yes.".format(params.idp_code, oRs("fac_idp_type").Value));
shared.internal_error("IDP '{0}' type {1} not supported yes.".format(params.idp_code, oRs("aut_idp_type").Value));
oRs.Close();
Response.Redirect(url); // die stuurt ons wel terug
Response.End;
@@ -1356,9 +1356,12 @@ function process_claim(payload, idp_data, params)
|| user_key > 0 && idp_data.autocreate.id & 2 // en/ of bijwerken
)
{
__Log("JWT user automatically created with data:");
if (user_key < 0)
__Log("JWT user automatically created with data:");
else
__Log("JWT user automatically updated with data:");
__Log(payload);
debugger;
// Tot nu toe waren we nog anoniem. Om personen aan te maken of bij te werken
// (via de API) mogen we echt(er) niet meer anoniem zijn.
// De API2 controleert daar (terecht) op-->niet meer sinds we internal: true gebruiken?
@@ -1373,7 +1376,7 @@ function process_claim(payload, idp_data, params)
var val = idpm["default"];
if (idpm.from in payload)
val = payload[idpm.from];
switch (idpm.name.id) // zie model_fac_idp_map.inc voor codering
switch (idpm.name.id) // zie model_aut_idp_map.inc voor codering
{
case 1: persdata["login"] = val; break;
case 2: persdata["lastname"] = val; break;
@@ -1401,17 +1404,24 @@ __DoLog(persdata)
}
else // nieuwe
{
var res = person.REST_POST( persparams, persdata);
var prs = person.REST_POST( persparams, persdata);
// user = user_key = null;
__DoLog("Created user '{0} {1}' with key {2} for idp '{3}'".format(persdata["firstname"], persdata["lastname"], res.key, idp_data.code));
shared.trackaction("PRSLOG", prs.key, "Created user '{0} {1}' for idp '{2}'".format(persdata["firstname"], persdata["lastname"], idp_data.code));
// De nieuw aangemaakte gebruiker inloggen:
doLogin(res.key, { idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
doLogin(prs.key, { idp_code: idp_data.code, isFACFACinternal: isFACFACinternal });
}
// Nu authorisatie groepen nog bijwerken
// Via het model was me even iets te hoog gegrepen: ik zou toch (nog) de id's er bij moeten halen
if ("authorisation" in persdata)
{ // authorisation bevat gebruikersgroepen gescheiden door '|'
var autharr = persdata["authorisation"].toLowerCase().split("|");
{ // authorisation bevat gebruikersgroepen gescheiden door '|' of ';'
/* SHIB: Within each CGI variable or header (see below), multiple attribute values
are separated by a semicolon, and semicolons in values are escaped with a backslash.
The data should be interpreted as UTF-8, which is a superset of ASCII.
*/
debugger;
var autharr = persdata["authorisation"].toLowerCase().split(/[;\|]/);
var sql = "DELETE FROM fac_gebruikersgroep"
+ " WHERE prs_perslid_key = " + user_key
+ " AND fac_groep_key NOT IN (SELECT fac_groep_key "

12
APPL/AUT/SAML/default.asp
View File

@@ -11,13 +11,15 @@
<%
Response.Expires=-1;
ANONYMOUS_Allowed = 1;
Session("logging") = 3
%>
<!-- #include file="../../../appl/Shared/common.inc" -->
<!-- #include file="../../../appl/shared/login.inc" -->
<!-- #include file="../../../appl/api2/api2.inc" -->
<!-- #include file="../../../appl/api2/model_fac_idp.inc" -->
<!-- #include file="../../../appl/api2/model_aut_idp.inc" -->
<%
var claim = {};
debugger;
for (i=1; i <= Request.ServerVariables.Count; i++)
{
var name = Request.ServerVariables.key(i);
@@ -29,13 +31,12 @@
// Correct binnen? Dan ....
var return_to = getQParam("return_to", "");
var issuer = String(Request.ServerVariables("HTTP_SHIBIDENTITYPROVIDER"));
__DoLog(issuer);
var idp_data_arr = new model_fac_idp({ internal: true }).REST_GET({ filter: { type: 5, issuer: issuer }, include: [ "idpmappings" ]});
__Log("Detected SAML identity provider (entityId): " + issuer);
var idp_data_arr = new model_aut_idp({ internal: true }).REST_GET({ filter: { type: 5, issuer: issuer }, include: [ "idpmappings" ]});
if (!idp_data_arr.length)
shared.internal_error("Unknown SAML issuer {0}".format(issuer));
var idp_data = idp_data_arr[0];
__DoLog(idp_data);
__Log(idp_data);
process_claim(claim, idp_data);
@@ -81,6 +82,7 @@ HTTP_REMOTEUSER: myself@testshib.org
else
{ // Automatisch naar het inlogscherm
__DoLog("SAML login not found in Facilitor: " + uname);
// TODO: Voorkomen dat je in oneindige loop komt als login_url op /saml is gezet
Response.Redirect(newUrl);
}
%>

14
APPL/AUT/login.asp
View File

@@ -143,16 +143,16 @@ if (device.test(device.isMobile))
}
/*
var sql = "SELECT fac_idp_omschrijving"
+ " , fac_idp_code"
+ " FROM fac_idp"
+ " WHERE fac_idp_code <> 'DEFAULT'"
+ " AND fac_idp_internal = 0"
+ " AND fac_idp_type = 4" // alleen nog even de JWT versie. Misschien SAML (5) er later bij
var sql = "SELECT aut_idp_omschrijving"
+ " , aut_idp_code"
+ " FROM aut_idp"
+ " WHERE aut_idp_code <> 'DEFAULT'"
+ " AND aut_idp_internal = 0"
+ " AND aut_idp_type = 4" // alleen nog even de JWT versie. Misschien SAML (5) er later bij
var oRs = Oracle.Execute(sql);
while (!oRs.Eof)
{
buttons.push ({ title: oRs("fac_idp_omschrijving").Value, action: "alert()".format(oRs("fac_idp_code").Value) });
buttons.push ({ title: oRs("aut_idp_omschrijving").Value, action: "alert()".format(oRs("aut_idp_code").Value) });
oRs.MoveNext();
}
oRs.Close()

2
APPL/AUT/loginTry.asp
View File

@@ -135,7 +135,7 @@ if ((user_key < 0 || getQParamInt("jwtforce", 0) == 1) && jwt)
audience: claim.payload.aud
}
var idp_data_arr = new model_fac_idp({ internal: true }).REST_GET({ filter: filter , include: [ "idpmappings" ]});
var idp_data_arr = new model_aut_idp({ internal: true }).REST_GET({ filter: filter , include: [ "idpmappings" ]});
if (!idp_data_arr.length)
shared.internal_error("Unknown JWT issuer {0} for audience {1}".format(claim.payload.iss, claim.payload.aud));
var idp_data = idp_data_arr[0];

10
APPL/FAC/fac_scan_cust.asp
View File

@@ -60,13 +60,13 @@ for (; !fc1.atEnd(); fc1.moveNext())
result.schemaversion = oRs("fac_version_schema").Value;
oRs.Close();
var sql = "SELECT fac_idp_audience"
+ " FROM fac_idp"
+ " WHERE fac_idp_type = 4" // JWT
+ " AND fac_idp_code = 'FACILITORSUPPORT'";
var sql = "SELECT aut_idp_audience"
+ " FROM aut_idp"
+ " WHERE aut_idp_type = 4" // JWT
+ " AND aut_idp_code = 'FACILITORSUPPORT'";
var oRs = Oracle.Execute(sql);
if (!oRs.Eof)
result.support_idp_audience = oRs("fac_idp_audience").Value;
result.support_idp_audience = oRs("aut_idp_audience").Value;
oRs.Close();
var sql = "SELECT count(*) FROM fac_v_orderqueue";

8
APPL/MGT/fac_idp.asp → APPL/MGT/aut_idp.asp
View File

@@ -3,7 +3,7 @@
$Revision$
$Id$
File: fac_idp.asp
File: aut_idp.asp
Description:
@@ -14,9 +14,9 @@
%>
<!-- #include file="../scf/scaffolding.inc" -->
<!-- #include file="../mgt/mgt_tools.inc" -->
<!-- #include file="../api2/model_fac_idp.inc" -->
<!-- #include file="../api2/model_aut_idp.inc" -->
<%
var this_model = new model_fac_idp();
var this_model = new model_aut_idp();
this_model.hook_pre_edit = function (obj, fld)
{
@@ -47,7 +47,7 @@ scaffolding(this_model,
},
"edit": {
"requires": {
"js": ["../mgt/fac_idp.js"]
"js": ["../mgt/aut_idp.js"]
},
"modal": false
}

4
APPL/MGT/fac_idp.js → APPL/MGT/aut_idp.js
View File

@@ -1,8 +1,8 @@
$(document).ready(function () {
setTimeout("init_fac_idp()", 10);
setTimeout("init_aut_idp()", 10);
});
function init_fac_idp()
function init_aut_idp()
{
var typ = $("input#type").val();
var fld_hide = "";