91 lines
4.4 KiB
SQL
91 lines
4.4 KiB
SQL
-- Multi-instance mode (see auth.instances) table intentionally not supported and ignored.
|
|
|
|
create table if not exists {{ index .Options "Namespace" }}.sso_providers (
|
|
id uuid not null,
|
|
resource_id text null,
|
|
created_at timestamptz null,
|
|
updated_at timestamptz null,
|
|
primary key (id),
|
|
constraint "resource_id not empty" check (resource_id = null or char_length(resource_id) > 0)
|
|
);
|
|
|
|
comment on table {{ index .Options "Namespace" }}.sso_providers is 'Auth: Manages SSO identity provider information; see saml_providers for SAML.';
|
|
comment on column {{ index .Options "Namespace" }}.sso_providers.resource_id is 'Auth: Uniquely identifies a SSO provider according to a user-chosen resource ID (case insensitive), useful in infrastructure as code.';
|
|
|
|
create unique index if not exists sso_providers_resource_id_idx on {{ index .Options "Namespace" }}.sso_providers (lower(resource_id));
|
|
|
|
create table if not exists {{ index .Options "Namespace" }}.sso_domains (
|
|
id uuid not null,
|
|
sso_provider_id uuid not null,
|
|
domain text not null,
|
|
created_at timestamptz null,
|
|
updated_at timestamptz null,
|
|
primary key (id),
|
|
foreign key (sso_provider_id) references {{ index .Options "Namespace" }}.sso_providers (id) on delete cascade,
|
|
constraint "domain not empty" check (char_length(domain) > 0)
|
|
);
|
|
|
|
create index if not exists sso_domains_sso_provider_id_idx on {{ index .Options "Namespace" }}.sso_domains (sso_provider_id);
|
|
create unique index if not exists sso_domains_domain_idx on {{ index .Options "Namespace" }}.sso_domains (lower(domain));
|
|
|
|
comment on table {{ index .Options "Namespace" }}.sso_domains is 'Auth: Manages SSO email address domain mapping to an SSO Identity Provider.';
|
|
|
|
create table if not exists {{ index .Options "Namespace" }}.saml_providers (
|
|
id uuid not null,
|
|
sso_provider_id uuid not null,
|
|
entity_id text not null unique,
|
|
metadata_xml text not null,
|
|
metadata_url text null,
|
|
attribute_mapping jsonb null,
|
|
created_at timestamptz null,
|
|
updated_at timestamptz null,
|
|
primary key (id),
|
|
foreign key (sso_provider_id) references {{ index .Options "Namespace" }}.sso_providers (id) on delete cascade,
|
|
constraint "metadata_xml not empty" check (char_length(metadata_xml) > 0),
|
|
constraint "metadata_url not empty" check (metadata_url = null or char_length(metadata_url) > 0),
|
|
constraint "entity_id not empty" check (char_length(entity_id) > 0)
|
|
);
|
|
|
|
create index if not exists saml_providers_sso_provider_id_idx on {{ index .Options "Namespace" }}.saml_providers (sso_provider_id);
|
|
|
|
comment on table {{ index .Options "Namespace" }}.saml_providers is 'Auth: Manages SAML Identity Provider connections.';
|
|
|
|
create table if not exists {{ index .Options "Namespace" }}.saml_relay_states (
|
|
id uuid not null,
|
|
sso_provider_id uuid not null,
|
|
request_id text not null,
|
|
for_email text null,
|
|
redirect_to text null,
|
|
from_ip_address inet null,
|
|
created_at timestamptz null,
|
|
updated_at timestamptz null,
|
|
primary key (id),
|
|
foreign key (sso_provider_id) references {{ index .Options "Namespace" }}.sso_providers (id) on delete cascade,
|
|
constraint "request_id not empty" check(char_length(request_id) > 0)
|
|
);
|
|
|
|
create index if not exists saml_relay_states_sso_provider_id_idx on {{ index .Options "Namespace" }}.saml_relay_states (sso_provider_id);
|
|
create index if not exists saml_relay_states_for_email_idx on {{ index .Options "Namespace" }}.saml_relay_states (for_email);
|
|
|
|
comment on table {{ index .Options "Namespace" }}.saml_relay_states is 'Auth: Contains SAML Relay State information for each Service Provider initiated login.';
|
|
|
|
create table if not exists {{ index .Options "Namespace" }}.sso_sessions (
|
|
id uuid not null,
|
|
session_id uuid not null,
|
|
sso_provider_id uuid null,
|
|
not_before timestamptz null,
|
|
not_after timestamptz null,
|
|
idp_initiated boolean default false,
|
|
created_at timestamptz null,
|
|
updated_at timestamptz null,
|
|
primary key (id),
|
|
foreign key (session_id) references {{ index .Options "Namespace" }}.sessions (id) on delete cascade,
|
|
foreign key (sso_provider_id) references {{ index .Options "Namespace" }}.sso_providers (id) on delete cascade
|
|
);
|
|
|
|
create index if not exists sso_sessions_session_id_idx on {{ index .Options "Namespace" }}.sso_sessions (session_id);
|
|
create index if not exists sso_sessions_sso_provider_id_idx on {{ index .Options "Namespace" }}.sso_sessions (sso_provider_id);
|
|
|
|
comment on table {{ index .Options "Namespace" }}.sso_sessions is 'Auth: A session initiated by an SSO Identity Provider';
|
|
|