FSN#37678 SSO/ JWT aanscherpingen

svn path=/Website/trunk/; revision=30716

APPL/Shared/loginTry.asp

@@ -89,8 +89,7 @@ if (user_key < 0)
 
 // jwt claim
 // TODO: altijd/ ook als user_key > 0?
-// TODO ook uit form POST ondersteunen?
-var jwt = getQParam("jwt", "");
+var jwt = getQParam("jwt", getFParam("jwt", ""));
 if (user_key < 0 && !jwt)
 {
     var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION"));
@@ -112,7 +111,8 @@ if (user_key < 0 && jwt)
 
     var sql = "SELECT *"
             + "  FROM fac_idp"
-            + " WHERE fac_idp_issuer = " + safe.quoted_sql(claim.payload.iss);
+            + " WHERE fac_idp_issuer = " + safe.quoted_sql(claim.payload.iss)
+            + "   AND fac_idp_audience = " + safe.quoted_sql(claim.payload.aud);
     var oRs = Oracle.Execute(sql);
     if (oRs.Eof)
         shared.internal_error("Unknown JWT issuer: " + claim.payload.iss);