admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#41580 FACILITOR ook als identity provider

Browse Source 
svn path=/Website/trunk/; revision=34869
This commit is contained in:
Jos Groot Lipman
2017-08-09 10:35:17 +00:00
parent 591bd4a200
commit d0d2d5dfa3
7 changed files with 160 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
APPL/API2/model_aut_sp.inc Normal file
View File

@@ -0,0 +1,121 @@
<% /*
$Revision$
$Id$
File: model_aut_sp.inc
Description:
Notes:
*/
%>
<!-- #include file="./model_aut_sp_map.inc" -->
<%
function model_aut_sp(params)
{
params = params || {};
this.records_name = "serviceproviders";
this.record_name = "serviceprovider";
this.table = "aut_sp";
this.primary = "aut_sp_key";
this.autfunction = params.internal?false:"WEB_FACTAB";
this.record_title = L("aut_sp");
this.records_title = L("aut_sp_m");
this.fields = {
"id": {
"dbs": "aut_sp_key",
"label": L("lcl_key"),
"typ": "key",
"seq": "aut_s_aut_sp_key"
},
"code": {
"dbs": "aut_sp_code",
"label": L("aut_sp_code"),
"typ": "varchar",
"filter": "exact"
},
"name": {
"dbs": "aut_sp_omschrijving",
"label": L("aut_sp_omschrijving"),
"typ": "varchar",
"required": true
},
"type": {
"dbs": "aut_sp_type",
"label": L("aut_sp_type"),
"typ": "key",
"required": true,
"LOV": L("aut_sp_typeLOV") // TODO?
},
"remark": {
"dbs": "aut_sp_opmerking",
"label": L("aut_sp_opmerking"),
"typ": "memo"
},
"secret": {
"dbs": "aut_sp_secret",
"label": L("aut_sp_secret"),
"typ": "varchar",
"defaultvalue": shared.random(32),
"secret": true
},
"audience": {
"dbs": "aut_sp_audience",
"label": L("aut_sp_audience"),
"typ": "varchar",
"placeholder": customerId + ".facilitor.nl"
},
"redirecturi": {
"dbs": "aut_sp_redirect_uri",
"label": L("aut_sp_redirect_uri"),
"typ": "varchar",
"placeholder": customerId + ".facilitor.nl"
},
"issuer": {
"dbs": "aut_sp_issuer",
"label": L("aut_sp_issuer"),
"typ": "varchar"
},
"algorithm": {
"dbs": "aut_sp_algorithm",
"label": L("aut_sp_algorithm"),
"typ": "varchar"
},
"duration": {
"dbs": "aut_sp_duration",
"label": L("aut_sp_duration"),
"typ": "number"
},
"authorization": {
"dbs": "fac_functie_key",
"label": L("aut_sp_functie_key"),
"typ": "key",
"foreign": "fac_functie"
},
"loglevel": {
"dbs": "aut_sp_loglevel",
"label": L("aut_sp_loglevel"),
"typ": "number",
"defaultvalue": 0
},
"internal": {
"dbs": "aut_sp_internal",
"label": L("aut_sp_internal"),
"typ": "check0",
"readonly": true
}
}
this.includes =
{ "spmappings": { model: new model_aut_sp_map(),
joinfield: "serviceprovider",
enable_update: true
}
};
this.REST_GET = generic_REST_GET(this);
this.REST_POST = generic_REST_POST(this);
this.REST_PUT = generic_REST_PUT(this);
this.REST_DELETE = generic_REST_DELETE(this);
}
%>

31
APPL/API2/model_fac_sp_map.inc → APPL/API2/model_aut_sp_map.inc
View File

@@ -2,38 +2,39 @@
$Revision$
$Id$
File: model_fac_sp_map.inc
File: model_aut_sp_map.inc
Description: Door sp 'released attributes'
Notes:
*/
function model_fac_sp_map()
function model_aut_sp_map(params)
{
params = params || {};
this.records_name = "spmappings";
this.record_name = "spmapping";
this.table = "fac_sp_map";
this.primary = "fac_sp_map_key";
this.autfunction = "WEB_FACFAC";
this.record_title = L("fac_sp_map");
this.records_title = L("fac_sp_map_m");
this.table = "aut_sp_map";
this.primary = "aut_sp_map_key";
this.autfunction = params.internal?false:"WEB_FACTAB";
this.record_title = L("aut_sp_map");
this.records_title = L("aut_sp_map_m");
this.fields = {
"id": {
"dbs": "fac_sp_map_key",
"dbs": "aut_sp_map_key",
"label": L("lcl_key"),
"typ": "key",
"seq": "fac_s_fac_sp_map_key"
"seq": "fac_s_aut_sp_map_key"
},
"serviceprovider": {
"dbs": "fac_sp_key",
"label": L("fac_sp"),
"dbs": "aut_sp_key",
"label": L("aut_sp"),
"typ": "key",
"hidden_fld": true,
"required": true
},
"name": {
"dbs": "fac_sp_map_from",
"label": L("fac_sp_map_from"),
"dbs": "aut_sp_map_from",
"label": L("aut_sp_map_from"),
"typ": "key",
"required": true,
"LOV": "1;" + L("lcl_prs_person_login")
@@ -48,8 +49,8 @@ function model_fac_sp_map()
+ ";101;" + L("fac_groeprechten_m")
},
"to": {
"dbs": "fac_sp_map_to",
"label": L("fac_sp_map_to"),
"dbs": "aut_sp_map_to",
"label": L("aut_sp_map_to"),
"typ": "varchar",
"required": true
}

155
APPL/API2/model_fac_sp.inc
View File

@@ -1,155 +0,0 @@
<% /*
$Revision$
$Id$
File: model_fac_sp.inc
Description:
Notes:
*/
%>
<!-- #include file="./model_fac_sp_map.inc" -->
<%
function model_fac_sp()
{
this.records_name = "identityproviders";
this.record_name = "identityprovider";
this.table = "fac_sp";
this.primary = "fac_sp_key";
this.autfunction = "WEB_FACFAC";
this.record_title = L("fac_sp");
this.records_title = L("fac_sp_m");
this.fields = {
"id": {
"dbs": "fac_sp_key",
"label": L("lcl_key"),
"typ": "key",
"seq": "fac_s_fac_sp_key"
},
"code": {
"dbs": "fac_sp_code",
"label": L("fac_sp_code"),
"typ": "varchar",
"filter": "exact"
},
"name": {
"dbs": "fac_sp_omschrijving",
"label": L("fac_sp_omschrijving"),
"typ": "varchar",
"required": true
},
"type": {
"dbs": "fac_sp_type",
"label": L("fac_sp_type"),
"typ": "key",
"required": true,
"LOV": L("fac_aut_typeLOV") // TODO?
},
"remark": {
"dbs": "fac_sp_opmerking",
"label": L("fac_sp_opmerking"),
"typ": "memo"
},
"secret": {
"dbs": "fac_sp_secret",
"label": L("fac_sp_secret"),
"typ": "varchar",
"defaultvalue": shared.random(32),
"secret": true
},
"audience": {
"dbs": "fac_sp_audience",
"label": L("fac_sp_audience"),
"typ": "varchar",
"placeholder": customerId + ".facilitor.nl"
},
"issuer": {
"dbs": "fac_sp_issuer",
"label": L("fac_sp_issuer"),
"typ": "varchar"
},
"algorithm": {
"dbs": "fac_sp_algorithm",
"label": L("fac_sp_algorithm"),
"typ": "varchar"
},
"timeout": {
"dbs": "fac_sp_clockskew",
"label": L("fac_sp_clockskew"),
"typ": "number",
"defaultvalue": 30
},
"duration": {
"dbs": "fac_sp_duration",
"label": L("fac_sp_duration"),
"typ": "number"
},
"remoteloginurl": {
"dbs": "fac_sp_remote_loginurl",
"label": L("fac_sp_remote_loginurl"),
"typ": "varchar"
},
"remotelogouturl": {
"dbs": "fac_sp_remote_logouturl",
"label": L("fac_sp_remote_logouturl"),
"typ": "varchar"
},
"ipfilter": {
"dbs": "fac_sp_ipfilter",
"label": L("fac_sp_ipfilter"),
"typ": "varchar"
},
"_currentIP" : {
"dbs": "",
"label": "Current IP",
"typ": "label",
"labelvalue": String(Request.ServerVariables("REMOTE_ADDR"))
},
"ipauto": {
"dbs": "fac_sp_ipauto",
"label": L("fac_sp_ipauto"),
"typ": "check0"
},
/*
"company": {
"dbs": "prs_bedrijf_key",
"typ": "key",
"foreign": "prs_bedrijf",
"label": L("lcl_idp_company")
}
,
"department": {
"dbs": "prs_afdeling_key",
"typ": "key",
"foreign": "prs_afdeling",
"label": L("lcl_idp_department")
},
"authorization": {
"dbs": "fac_functie_key",
"label": L("fac_sp_functie_key"),
"typ": "key",
"foreign": "fac_functie"
},
*/
"internal": {
"dbs": "fac_sp_internal",
"label": L("fac_sp_internal"),
"typ": "check0",
"readonly": true
}
}
this.includes =
{ "spmappings": { model: new model_fac_sp_map(),
joinfield: "serviceprovider",
enable_update: true
}
};
this.REST_GET = generic_REST_GET(this);
this.REST_POST = generic_REST_POST(this);
this.REST_PUT = generic_REST_PUT(this);
this.REST_DELETE = generic_REST_DELETE(this);
}
%>

30
APPL/AUT/Login.inc
View File

@@ -1061,20 +1061,24 @@ function jwt_create(perslid_key, aud)
{
var thisPrs = new Perslid(perslid_key)
var sp_key = -1;
var sql = "SELECT *"
+ " FROM fac_sp"
+ " WHERE fac_sp_audience = " + safe.quoted_sql(aud); // TODO ook issuer meenemen?
+ " FROM aut_sp"
+ " WHERE aut_sp_audience = " + safe.quoted_sql(aud); // TODO ook issuer meenemen?
var oRs = Oracle.Execute(sql);
if (oRs.Eof)
shared.internal_error("Service provider for '{0}' is not configured for {1}".format(safe.html(aud), customerId));
sp_key = oRs("fac_sp_key").value;
var sp_key = oRs("aut_sp_key").value;
if (oRs("aut_sp_loglevel").Value > 0)
__Logging = oRs("aut_sp_loglevel").Value;
if (oRs("fac_functie_key").Value)
user.checkAutorisation(oRs("fac_functie_key").Value); // dan moet je die hebben
var params = {
usermapping: oRs("fac_sp_usermapping").Value,
iss: oRs("fac_sp_issuer").Value,
usermapping: oRs("aut_sp_usermapping").Value,
iss: oRs("aut_sp_issuer").Value,
aud: aud,
secret: oRs("fac_sp_secret").Value
secret: oRs("aut_sp_secret").Value
};
oRs.Close();
@@ -1086,18 +1090,18 @@ function jwt_create(perslid_key, aud)
aud: params.aud
}
// fac_sp_map bevat de attributen die wij vrijgeven voor deze SP
// aut_sp_map bevat de attributen die wij vrijgeven voor deze SP
if (sp_key > 0)
{
var sql = "SELECT *"
+ " FROM fac_sp_map"
+ " WHERE fac_sp_key = " + sp_key;
+ " FROM aut_sp_map"
+ " WHERE aut_sp_key = " + sp_key;
var oRs = Oracle.Execute(sql);
while (!oRs.Eof)
{
var clm = oRs("fac_sp_map_to").Value; // zo gaat hij heten in de JWT
switch (oRs("fac_sp_map_from").Value) // zie model_fac_sp_map.inc voor codering
var clm = oRs("aut_sp_map_to").Value; // zo gaat hij heten in de JWT
switch (oRs("aut_sp_map_from").Value) // zie model_aut_sp_map.inc voor codering
{
// Zo veel mogelijk volgens http://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims
case 1: claim[clm] = thisPrs.oslogin();

4
APPL/FAC/fac_goto_logcenter.asp
View File

@@ -7,7 +7,8 @@
Description: Maakt een JWT code en ga daarmee naar logcenter
Parameters:
Context:
Note:
Note: ?? Is dit effectief eigenlijk niet gewoon een hardcoded fac_sp?
Met een IDP initiated SSO?
*/
%>
@@ -31,7 +32,6 @@
"alg":"HS256"
};
var username = "_FACILITOR"
var claim =
{
iat: Math.round(new Date().getTime() / 1000),

9
APPL/MGT/aut_idp.asp
View File

@@ -18,15 +18,6 @@
<%
var this_model = new model_aut_idp();
this_model.hook_pre_edit = function (obj, fld)
{
%>
<script>
var s_vis_parking_key = <%=S("vis_parking_key")%>;
</script>
<%
}
scaffolding(this_model,
{
"search": {

8
APPL/MGT/fac_sp.asp → APPL/MGT/aut_sp.asp
View File

@@ -3,7 +3,7 @@
$Revision$
$Id$
File: fac_sp.asp
File: aut_sp.asp
Description:
@@ -14,9 +14,9 @@
%>
<!-- #include file="../scf/scaffolding.inc" -->
<!-- #include file="../mgt/mgt_tools.inc" -->
<!-- #include file="../api2/model_fac_sp.inc" -->
<!-- #include file="../api2/model_aut_sp.inc" -->
<%
var this_model = new model_fac_sp();
var this_model = new model_aut_sp();
scaffolding(this_model,
{
@@ -33,7 +33,7 @@ scaffolding(this_model,
"code",
"name",
"type",
"remoteloginurl"
"redirecturi"
]
},
"edit": {