Hello,
Trying to bypass authorization ( as we are SP ) at our end and looking at the option that Sharana mentioned i.e. "You can request IDP to send some static value to the NameID field in the assertion, So that SP can validate this static value for all the users and once the validation is successful, user will be authenticated and authorized and finally redirected to the target." i am trying to find out which SQL query is used to authorize the user at the ODBC database?
We have number of SQL queries configured, which one of the below are used for authorization?
Enumerate
SELECT Name, 'Group' AS Class FROM SmGroup ORDER BY Class
Lookup
SELECT Distinct Signum FROM [user] u JOIN [Space] s ON u.SpaceId = s.Id JOIN HostAddress h ON h.TenantId = s.TenantId WHERE %s AND h.Hostname = 'abc.com'
Lookup Users
SELECT Signum, 'User' AS Class FROM [user] u JOIN [Space] s ON u.SpaceId = s.Id JOIN HostAddress h ON h.TenantId = s.TenantId WHERE %s AND h.Hostname = 'abc.com'
Lookup Groups
SELECT Name, 'Group' AS Class FROM [user] WHERE %s
Get User/Group Info
SELECT Signum, 'User' FROM [user] u JOIN [Space] s ON u.SpaceId = s.Id JOIN HostAddress h ON h.TenantId = s.TenantId WHERE Signum = '%s' AND h.Hostname = 'abc.com'
Init user
SELECT Signum FROM [user] u JOIN [Space] s ON u.SpaceId = s.Id JOIN HostAddress h ON h.TenantId = s.TenantId WHERE Signum = '%s' AND h.Hostname = 'abc.com'
Authenticate User
SELECT Signum FROM [user] WHERE Signum = '%s'
Is Group Member
SELECT ID FROM SmUserGroup WHERE UserID = (SELECT UserID FROM SmUser WHERE Name = '%s') AND GroupID = (SELECT GroupID FROM SmGroup WHERE Name = '%s')
Get User Groups
SELECT SmGroup.Name from SmGroup, SmUser, SmUserGroup where SmUser.Name = '%s' and SmUser.UserID = SmUserGroup.UserID and SmGroup.GroupID = SmUserGroup.GroupID
Get User Properties
Signum
Get User Property
SELECT %s FROM [user] WHERE Signum = '%s'
Set User Property
UPDATE Person SET %s = '%s' WHERE Signum = '%s'
Set User Password
UPDATE Person SET Password = '%s' WHERE Signum = '%s'
Get Group Properties
Name, GroupID
Get Group Property
SELECT %s FROM SmGroup WHERE Name = '%s'
Set Group Property
UPDATE SmGroup SET %s = '%s' WHERE Name = '%s'
which one of the below are used for authorization which i can edit at my end to bypass the authorization? and session is generated for all the user and we can forward the traffic to the Target.