FSN$51355 Auto-sso op basis van IP-adres

svn path=/Website/branches/v2017.2/; revision=36092
2017-11-23 11:52:33 +00:00
parent b3785ebfc8
commit 7884a527d1
3 changed files with 33 additions and 5 deletions
--- a/APPL/AUT/LogOff.asp
+++ b/APPL/AUT/LogOff.asp
@@ -37,6 +37,7 @@ if (Session("org_user_key") > 0)
 else
 {
    result.return_url = S("logoff_return_url");
+    var allow_auto_sso = false;
    if (Session("idp_key") > 0)
    {
        var sql = "SELECT aut_idp_remote_logouturl"
@@ -44,11 +45,14 @@ else
                + " WHERE aut_idp_key = " + Session("idp_key");
        var oRs = Oracle.Execute(sql);
        if (oRs("aut_idp_remote_logouturl").Value)
+        {
            result.return_url = oRs("aut_idp_remote_logouturl").Value;
+            allow_auto_sso = true;
+        }
        oRs.Close();
    }

-    doLogoff();
+    doLogoff(allow_auto_sso);
 }
 Response.Write(JSON.stringify(result));
 Response.End;
--- a/APPL/AUT/Login.inc
+++ b/APPL/AUT/Login.inc
@@ -197,9 +197,10 @@ function doLoginStateless(prs_key, params)

 // Session.Abondon is gevaarlijk: dan verlies je ook CustomerID etc.
 // Bovendien krijg je met IIS dan nog steeds geen nieuwe ASPSESSIONID
-function doLogoff()
+function doLogoff(allow_auto_sso)
 {
-    Session("no_sso") = 1; // Voorkom autosso
+    if (!allow_auto_sso)
+        Session("no_sso") = 1; // Voorkom auto_sso
    Session.Contents.Remove("user_key");
    Session.Contents.Remove("ASPFIXATION");
    Session.Contents.Remove("must_reset_password");
--- a/APPL/AUT/loginTry.asp
+++ b/APPL/AUT/loginTry.asp
@@ -333,8 +333,31 @@ if (user_key < 0 && S("os_logon")
        IntegratedSSO(); // Voor licentieklanten
 }

-//if (user_key < 0)
-//    trySSO("DEFAULT"); // zal je standaard naar het loginscherm sturen
+// Tenslotte proberen we automatische iDP's
+if (user_key < 0
+        && typeof Session("no_sso") == "undefined"
+        && !Request.ServerVariables("HTTP_X_FACILITOR_API_KEY").Count
+        && !Request.QueryString("APIKEY").Count)
+{
+    var ip = String(Request.ServerVariables("REMOTE_ADDR"));
+    var sql = "SELECT aut_idp_code"
+            + "     , aut_idp_ipfilter"
+            + "  FROM aut_idp"
+            + " WHERE aut_idp_internal = 0"
+            + "   AND aut_idp_ipauto = 1"
+            + "   AND aut_idp_ipfilter IS NOT NULL"
+            + " ORDER BY aut_idp_ipfilter"; // liefst wil ik sorteren met CIDR met de meeste significante bits (specifiekste) eerst?
+    var oRs = Oracle.Execute(sql);
+    while (user_key < 0 && !oRs.Eof)
+    {
+        var ip_restrict = oRs("aut_idp_ipfilter").Value;
+        var ip_ok = IP.inAnySubnet(ip, ip_restrict);
+        if (IP.inAnySubnet(ip, ip_restrict))
+            trySSO(oRs("aut_idp_code").Value);
+        oRs.MoveNext();
+    }
+    oRs.Close();
+}

 if (user_key > 0) // dan hebben we (nu) een nieuwe user
 {