fac_idp_code (?sso=xxxxx) case-insensitive gemaakt

svn path=/Website/trunk/; revision=32779
2017-02-09 14:11:54 +00:00
parent e3c0e155b8
commit 4e9eed2c1b
1 changed files with 2 additions and 2 deletions
--- a/APPL/Shared/loginTry.asp
+++ b/APPL/Shared/loginTry.asp
@@ -220,7 +220,7 @@ if (user_key < 0 && sso && sso != "0") // "0" is een hardcoded special case
 {
    var sql = "SELECT *"
            + "  FROM fac_idp"
-            + " WHERE fac_idp_code = " + safe.quoted_sql(sso);
+            + " WHERE fac_idp_code = " + safe.quoted_sql_upper(sso); // een trigger zorg dat fac_idp_code uppercase is
    var oRs = Oracle.Execute(sql);
    if (oRs.Eof)
        shared.internal_error("Identity provider '{0}' is not configured for {1}".format(sso, customerId));
@@ -247,7 +247,7 @@ if (user_key < 0 && sso && sso != "0") // "0" is een hardcoded special case
    if (!ip_ok)
        shared.internal_error("IP {0} not allowed for this IDP".format(ip)); // TODO of 400 code forbidden?

-    if (oRs("fac_idp_type").Value == 3) // die doet het verder zelf
+    if (oRs("fac_idp_type").Value == 3) // Oldstyle SecureSSO, die doet het verder zelf
    {
        SecureSSO({ strSharedKey: oRs("fac_idp_secret").Value,
                    Timeout: oRs("fac_idp_clockskew").Value,