0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-06 20:40:08 -05:00

feat(schemas): add IdP initiated SAML SSO sessions table (#6663)

* feat(schemas): add idp-initiated saml sso sessions table

add idp-iniaited saml sso sessions table

* refactor(schemas): remove nameID index

remove nameID index
This commit is contained in:
simeng-li 2024-10-14 13:34:35 +08:00 committed by GitHub
parent 17c2a79caf
commit d4f7d098dc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 68 additions and 1 deletions

View file

@ -0,0 +1,36 @@
import { sql } from '@silverhand/slonik';
import type { AlterationScript } from '../lib/types/alteration.js';
import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
const alteration: AlterationScript = {
up: async (pool) => {
await pool.query(sql`
create table idp_initiated_saml_sso_sessions (
tenant_id varchar(21) not null
references tenants (id) on update cascade on delete cascade,
/** The globally unique identifier of the assertion record. */
id varchar(21) not null,
/** The identifier of the SAML SSO connector. */
connector_id varchar(128) not null
references sso_connectors (id) on update cascade on delete cascade,
/** The SAML assertion. */
assertion_content jsonb /* @use SsoSamlAssertionContent */ not null default '{}'::jsonb,
created_at timestamptz not null default(now()),
/** The expiration time of the assertion. */
expires_at timestamptz not null,
primary key (tenant_id, id)
);
`);
await applyTableRls(pool, 'idp_initiated_saml_sso_sessions');
},
down: async (pool) => {
await dropTableRls(pool, 'idp_initiated_saml_sso_sessions');
await pool.query(sql`
drop table idp_initiated_saml_sso_sessions;
`);
},
};
export default alteration;

View file

@ -10,6 +10,8 @@ export const ssoBrandingGuard = z.object({
darkLogo: z.string().optional(), darkLogo: z.string().optional(),
}); });
export type SsoBranding = z.infer<typeof ssoBrandingGuard>;
export const idpInitiatedAuthParamsGuard = z export const idpInitiatedAuthParamsGuard = z
.object({ .object({
resources: z.array(z.string()).optional(), resources: z.array(z.string()).optional(),
@ -19,4 +21,17 @@ export const idpInitiatedAuthParamsGuard = z
export type IdpInitiatedAuthParams = z.infer<typeof idpInitiatedAuthParamsGuard>; export type IdpInitiatedAuthParams = z.infer<typeof idpInitiatedAuthParamsGuard>;
export type SsoBranding = z.infer<typeof ssoBrandingGuard>; export const ssoSamlAssertionContentGuard = z
.object({
nameID: z.string().optional(),
attributes: z.record(z.string().or(z.array(z.string()))).optional(),
conditions: z
.object({
notBefore: z.string(),
notOnOrAfter: z.string(),
})
.optional(),
})
.catchall(z.unknown());
export type SsoSamlAssertionContent = z.infer<typeof ssoSamlAssertionContentGuard>;

View file

@ -0,0 +1,16 @@
/* init_order = 2 */
create table idp_initiated_saml_sso_sessions (
tenant_id varchar(21) not null
references tenants (id) on update cascade on delete cascade,
/** The globally unique identifier of the assertion record. */
id varchar(21) not null,
/** The identifier of the SAML SSO connector. */
connector_id varchar(128) not null
references sso_connectors (id) on update cascade on delete cascade,
/** The SAML assertion. */
assertion_content jsonb /* @use SsoSamlAssertionContent */ not null default '{}'::jsonb,
created_at timestamptz not null default(now()),
/** The expiration time of the assertion. */
expires_at timestamptz not null,
primary key (tenant_id, id)
);