diff --git a/components/identity-core/org.wso2.carbon.identity.core/pom.xml b/components/identity-core/org.wso2.carbon.identity.core/pom.xml
index c869221301a2..3ba7fec95909 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/pom.xml
+++ b/components/identity-core/org.wso2.carbon.identity.core/pom.xml
@@ -142,6 +142,11 @@
xml-apis
xml-apis
+
+ com.h2database
+ h2
+ test
+
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java
index 8a913d5a56f5..9144f15549e8 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java
@@ -261,7 +261,8 @@ private void validateServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO)
throw new IdentityException("Issuer cannot be found in the provided arguments.");
}
- if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) {
+ if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier()) &&
+ !serviceProviderDO.getIssuer().contains(IdentityRegistryResources.QUALIFIER_ID)) {
serviceProviderDO.setIssuer(
getIssuerWithQualifier(serviceProviderDO.getIssuer(), serviceProviderDO.getIssuerQualifier()));
}
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java
index b3c06b2cc990..c9c9d3dd675a 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java
@@ -28,6 +28,7 @@
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import java.util.Objects;
public class SAMLSSOServiceProviderDO implements Serializable {
@@ -669,7 +670,7 @@ public String getSingleLogoutMethod() {
}
/**
- * Get optional configs of the SAML SSO IdP.
+ * Get configs of the SAML SSO IdP.
*
* @return List of SPProperty.
*/
@@ -765,4 +766,69 @@ private void putIfNotNull(List list, String key, String value) {
list.add(new SPProperty(key, value));
}
}
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ SAMLSSOServiceProviderDO that = (SAMLSSOServiceProviderDO) o;
+ return doSingleLogout == that.doSingleLogout &&
+ doSignResponse == that.doSignResponse &&
+ doSignAssertions == that.doSignAssertions &&
+ enableAttributesByDefault == that.enableAttributesByDefault &&
+ isIdPInitSSOEnabled == that.isIdPInitSSOEnabled &&
+ idPInitSLOEnabled == that.idPInitSLOEnabled &&
+ doEnableEncryptedAssertion == that.doEnableEncryptedAssertion &&
+ doValidateSignatureInRequests == that.doValidateSignatureInRequests &&
+ doValidateSignatureInArtifactResolve == that.doValidateSignatureInArtifactResolve &&
+ enableSAML2ArtifactBinding == that.enableSAML2ArtifactBinding &&
+ samlECP == that.samlECP &&
+ doFrontChannelLogout == that.doFrontChannelLogout &&
+ Objects.equals(tenantDomain, that.tenantDomain) &&
+ Objects.equals(issuer, that.issuer) &&
+ Objects.equals(issuerQualifier, that.issuerQualifier) &&
+ Objects.equals(assertionConsumerUrl, that.assertionConsumerUrl) &&
+ Arrays.equals(assertionConsumerUrls, that.assertionConsumerUrls) &&
+ Objects.equals(defaultAssertionConsumerUrl, that.defaultAssertionConsumerUrl) &&
+ Objects.equals(certAlias, that.certAlias) &&
+ Objects.equals(sloResponseURL, that.sloResponseURL) &&
+ Objects.equals(sloRequestURL, that.sloRequestURL) &&
+ Objects.equals(loginPageURL, that.loginPageURL) &&
+ Objects.equals(attributeConsumingServiceIndex, that.attributeConsumingServiceIndex) &&
+ Arrays.equals(requestedClaims, that.requestedClaims) &&
+ Arrays.equals(requestedAudiences, that.requestedAudiences) &&
+ Arrays.equals(requestedRecipients, that.requestedRecipients) &&
+ Objects.equals(nameIdClaimUri, that.nameIdClaimUri) &&
+ Objects.equals(nameIDFormat, that.nameIDFormat) &&
+ Arrays.equals(idpInitSLOReturnToURLs, that.idpInitSLOReturnToURLs) &&
+ Objects.equals(signingAlgorithmUri, that.signingAlgorithmUri) &&
+ Objects.equals(digestAlgorithmUri, that.digestAlgorithmUri) &&
+ Objects.equals(assertionEncryptionAlgorithmUri, that.assertionEncryptionAlgorithmUri) &&
+ Objects.equals(keyEncryptionAlgorithmUri, that.keyEncryptionAlgorithmUri) &&
+ Objects.equals(signingCertificate, that.signingCertificate) &&
+ Objects.equals(encryptionCertificate, that.encryptionCertificate) &&
+ Objects.equals(idpEntityIDAlias, that.idpEntityIDAlias) &&
+ Objects.equals(frontChannelLogoutBinding, that.frontChannelLogoutBinding);
+ }
+
+ @Override
+ public int hashCode() {
+
+ int h = Objects.hash(tenantDomain, issuer, issuerQualifier, assertionConsumerUrl, defaultAssertionConsumerUrl,
+ certAlias, sloResponseURL, sloRequestURL, doSingleLogout, loginPageURL, doSignResponse,
+ doSignAssertions, attributeConsumingServiceIndex, enableAttributesByDefault, nameIdClaimUri,
+ nameIDFormat, isIdPInitSSOEnabled, idPInitSLOEnabled, doEnableEncryptedAssertion,
+ doValidateSignatureInRequests, doValidateSignatureInArtifactResolve, signingAlgorithmUri,
+ digestAlgorithmUri, assertionEncryptionAlgorithmUri, keyEncryptionAlgorithmUri, signingCertificate,
+ encryptionCertificate, isAssertionQueryRequestProfileEnabled, supportedAssertionQueryRequestTypes,
+ enableSAML2ArtifactBinding, samlECP, idpEntityIDAlias, doFrontChannelLogout, frontChannelLogoutBinding);
+ h = 31 * h + Arrays.hashCode(assertionConsumerUrls);
+ h = 31 * h + Arrays.hashCode(requestedClaims);
+ h = 31 * h + Arrays.hashCode(requestedAudiences);
+ h = 31 * h + Arrays.hashCode(requestedRecipients);
+ h = 31 * h + Arrays.hashCode(idpInitSLOReturnToURLs);
+ return h;
+ }
+
+
}
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/SAMLSSOServiceProviderManagerTest.java b/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/SAMLSSOServiceProviderManagerTest.java
new file mode 100644
index 000000000000..a6174a082a6c
--- /dev/null
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/SAMLSSOServiceProviderManagerTest.java
@@ -0,0 +1,360 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.core;
+
+import org.apache.commons.lang.StringUtils;
+import org.mockito.MockedStatic;
+import org.mockito.testng.MockitoTestNGListener;
+import org.testng.annotations.Listeners;
+import org.testng.annotations.Test;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeMethod;
+import org.wso2.carbon.database.utils.jdbc.NamedJdbcTemplate;
+import org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException;
+import org.wso2.carbon.database.utils.jdbc.exceptions.TransactionException;
+import org.wso2.carbon.identity.base.IdentityException;
+import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
+import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.identity.core.util.JdbcUtils;
+import org.wso2.carbon.identity.core.util.TestUtils;
+
+import java.sql.Connection;
+
+import javax.sql.DataSource;
+
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.lenient;
+import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNull;
+import static org.testng.Assert.assertThrows;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.testng.Assert.assertEquals;
+
+import static org.testng.Assert.assertTrue;
+import static org.wso2.carbon.identity.core.constant.TestConstants.*;
+import static org.mockito.ArgumentMatchers.any;
+
+@Listeners(MockitoTestNGListener.class)
+public class SAMLSSOServiceProviderManagerTest {
+
+ private MockedStatic identityUtil;
+ private MockedStatic identityTenantUtil;
+ private MockedStatic identityDatabaseUtil;
+ private DataSource dataSource;
+ private Connection connection;
+ private Connection spyConnection;
+
+ public SAMLSSOServiceProviderManager samlSSOServiceProviderManager;
+
+ public SAMLSSOServiceProviderDO sampleServiceProvider1;
+ public SAMLSSOServiceProviderDO sampleServiceProvider2;
+ public SAMLSSOServiceProviderDO invalidServiceProviderDO;
+
+ @BeforeMethod
+ public void setUp() throws Exception {
+
+ samlSSOServiceProviderManager = new SAMLSSOServiceProviderManager();
+ sampleServiceProvider1 = createServiceProviderDO(ISSUER1);
+ sampleServiceProvider2 = createServiceProviderDO(ISSUER2);
+ invalidServiceProviderDO = createServiceProviderDO(null);
+
+ TestUtils.initiateH2Base();
+ dataSource = mock(DataSource.class);
+ identityDatabaseUtil = mockStatic(IdentityDatabaseUtil.class);
+ identityUtil = mockStatic(IdentityUtil.class);
+ identityTenantUtil = mockStatic(IdentityTenantUtil.class);
+
+ identityUtil.when(() -> IdentityUtil.getProperty("SAMLStorage.Type")).thenReturn("database");
+ identityDatabaseUtil.when(IdentityDatabaseUtil::getDataSource).thenReturn(dataSource);
+
+ connection = TestUtils.getConnection();
+ spyConnection = TestUtils.spyConnection(connection);
+
+ lenient().when(dataSource.getConnection()).thenReturn(spyConnection);
+ lenient().doNothing().when(spyConnection).close();
+
+ }
+
+ @AfterMethod
+ public void tearDown() throws Exception {
+
+ identityUtil.close();
+ identityTenantUtil.close();
+ identityDatabaseUtil.close();
+ TestUtils.closeH2Base();
+ }
+
+ @Test
+ public void testAddServiceProvider() throws Exception {
+
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+ SAMLSSOServiceProviderDO serviceProviderFromStorage =
+ samlSSOServiceProviderManager.getServiceProvider(getIssuerWithQualifier(ISSUER1), TENANT_ID);
+ assertEquals(serviceProviderFromStorage, sampleServiceProvider1);
+ }
+
+ @Test
+ public void testAddEmptyServiceProvider() {
+
+ assertThrows(IdentityException.class,
+ () -> samlSSOServiceProviderManager.addServiceProvider(invalidServiceProviderDO, TENANT_ID));
+ }
+
+ @Test
+ public void addServiceProviderWithDuplicateIssuer() throws Exception {
+
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+ System.out.println("sampleServiceProvider iss " + sampleServiceProvider1);
+ assertFalse(samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID));
+ }
+
+ @Test
+ public void testAddServiceProviderWithException() throws Exception {
+
+ SAMLSSOServiceProviderDO serviceProviderDO = createServiceProviderDO(ISSUER1);
+
+ try (MockedStatic jdbcUtilsMockedStatic = mockStatic(JdbcUtils.class)) {
+ NamedJdbcTemplate namedJdbcTemplate = mock(NamedJdbcTemplate.class);
+ jdbcUtilsMockedStatic.when(JdbcUtils::getNewNamedJdbcTemplate).thenReturn(namedJdbcTemplate);
+ doThrow(new TransactionException("Transaction failed")).when(namedJdbcTemplate).withTransaction(any());
+
+ assertThrows(IdentityException.class,
+ () -> samlSSOServiceProviderManager.addServiceProvider(serviceProviderDO, TENANT_ID));
+ }
+ }
+
+ @Test
+ public void testUpdateServiceProvider() throws Exception {
+
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+ sampleServiceProvider1.setDoSingleLogout(UPDATED_DO_SINGLE_LOGOUT);
+ sampleServiceProvider1.setRequestedRecipients(UPDATED_REQUESTED_RECIPIENTS);
+
+ samlSSOServiceProviderManager.updateServiceProvider(sampleServiceProvider1, getIssuerWithQualifier(ISSUER1),
+ TENANT_ID);
+
+ SAMLSSOServiceProviderDO updatedServiceProvider =
+ samlSSOServiceProviderManager.getServiceProvider(getIssuerWithQualifier(ISSUER1), TENANT_ID);
+ assertEquals(sampleServiceProvider1, updatedServiceProvider);
+ }
+
+ @Test
+ public void testUpdateServiceProviderWithDuplicateIssuer() throws Exception {
+
+ sampleServiceProvider1 = createServiceProviderDO(ISSUER1);
+ sampleServiceProvider2 = createServiceProviderDO(ISSUER2);
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider2, TENANT_ID);
+
+ sampleServiceProvider2.setIssuer(getIssuerWithQualifier(ISSUER1));
+ assertFalse(samlSSOServiceProviderManager.updateServiceProvider(sampleServiceProvider2, ISSUER2, TENANT_ID));
+ }
+
+ @Test
+ public void testUpdateEmptyServiceProvider() {
+
+ assertThrows(IdentityException.class,
+ () -> samlSSOServiceProviderManager.updateServiceProvider(invalidServiceProviderDO, ISSUER1,
+ TENANT_ID));
+ }
+
+ @Test
+ public void testUpdateServiceProviderWithException() throws Exception {
+
+ SAMLSSOServiceProviderDO serviceProviderDO = createServiceProviderDO(ISSUER1);
+
+ try (MockedStatic jdbcUtilsMockedStatic = mockStatic(JdbcUtils.class)) {
+ NamedJdbcTemplate namedJdbcTemplate = mock(NamedJdbcTemplate.class);
+ jdbcUtilsMockedStatic.when(JdbcUtils::getNewNamedJdbcTemplate).thenReturn(namedJdbcTemplate);
+ lenient().doThrow(new TransactionException("Transaction failed")).when(namedJdbcTemplate)
+ .withTransaction(any());
+
+ assertThrows(IdentityException.class,
+ () -> samlSSOServiceProviderManager.updateServiceProvider(serviceProviderDO,
+ getIssuerWithQualifier(ISSUER1), TENANT_ID));
+ }
+ }
+
+ @Test
+ public void testGetServiceProviders() throws Exception {
+
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+ sampleServiceProvider2 = createServiceProviderDO(ISSUER2);
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider2, TENANT_ID);
+
+ SAMLSSOServiceProviderDO[] serviceProviders = samlSSOServiceProviderManager.getServiceProviders(TENANT_ID);
+
+ assertEquals(serviceProviders, new SAMLSSOServiceProviderDO[]{sampleServiceProvider1, sampleServiceProvider2});
+ }
+
+ @Test
+ public void testGetServiceProvidersWithDataAccessException() throws Exception {
+
+ try (MockedStatic jdbcUtilsMockedStatic = mockStatic(JdbcUtils.class)) {
+ NamedJdbcTemplate namedJdbcTemplate = mock(NamedJdbcTemplate.class);
+ jdbcUtilsMockedStatic.when(JdbcUtils::getNewNamedJdbcTemplate).thenReturn(namedJdbcTemplate);
+ doThrow(new DataAccessException("Data access error")).when(namedJdbcTemplate)
+ .executeQuery(any(), any(), any());
+
+ assertThrows(IdentityException.class, () -> samlSSOServiceProviderManager.getServiceProviders(TENANT_ID));
+ }
+ }
+
+ @Test
+ public void testGetServiceProvider() throws Exception {
+
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+
+ SAMLSSOServiceProviderDO serviceProviderFromStorage =
+ samlSSOServiceProviderManager.getServiceProvider(getIssuerWithQualifier(ISSUER1), TENANT_ID);
+
+ assertEquals(serviceProviderFromStorage, sampleServiceProvider1);
+ }
+
+ @Test
+ public void testProcessGetServiceProviderWithDataAccessException() throws Exception {
+
+ try (MockedStatic jdbcUtilsMockedStatic = mockStatic(JdbcUtils.class)) {
+ NamedJdbcTemplate namedJdbcTemplate = mock(NamedJdbcTemplate.class);
+ jdbcUtilsMockedStatic.when(JdbcUtils::getNewNamedJdbcTemplate).thenReturn(namedJdbcTemplate);
+ doThrow(new DataAccessException("Data access error")).when(namedJdbcTemplate)
+ .fetchSingleRecord(any(), any(), any());
+
+ assertThrows(IdentityException.class,
+ () -> samlSSOServiceProviderManager.getServiceProvider(ISSUER1, TENANT_ID));
+ }
+ }
+
+ @Test
+ public void testIsServiceProviderExists() throws Exception {
+
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+ assertTrue(samlSSOServiceProviderManager.isServiceProviderExists(getIssuerWithQualifier(ISSUER1), TENANT_ID));
+ }
+
+ @Test
+ public void testNonExistingIsServiceProviderExists() throws Exception {
+
+ assertFalse(samlSSOServiceProviderManager.isServiceProviderExists(getIssuerWithQualifier(ISSUER1), TENANT_ID));
+ }
+
+ @Test
+ public void testRemoveServiceProvider() throws Exception {
+
+ samlSSOServiceProviderManager.addServiceProvider(sampleServiceProvider1, TENANT_ID);
+ samlSSOServiceProviderManager.removeServiceProvider(getIssuerWithQualifier(ISSUER1), TENANT_ID);
+ assertNull(samlSSOServiceProviderManager.getServiceProvider(getIssuerWithQualifier(ISSUER1), TENANT_ID));
+
+ }
+
+ @Test
+ public void testRemoveNonExistingServiceProvider() throws Exception {
+
+ assertFalse(samlSSOServiceProviderManager.removeServiceProvider(getIssuerWithQualifier(ISSUER1), TENANT_ID));
+ }
+
+ @Test
+ public void testRemoveEmptyServiceProvider() {
+
+ assertThrows(IllegalArgumentException.class,
+ () -> samlSSOServiceProviderManager.removeServiceProvider(null, TENANT_ID));
+ }
+
+ @Test
+ public void testUploadServiceProvider() throws Exception {
+
+ samlSSOServiceProviderManager.uploadServiceProvider(sampleServiceProvider1, TENANT_ID);
+
+ SAMLSSOServiceProviderDO serviceProviderFromStorage =
+ samlSSOServiceProviderManager.getServiceProvider(getIssuerWithQualifier(ISSUER1), TENANT_ID);
+
+ assertEquals(serviceProviderFromStorage, sampleServiceProvider1);
+ }
+
+ @Test
+ public void testUploadDuplicateServiceProvider() throws Exception {
+
+ samlSSOServiceProviderManager.uploadServiceProvider(sampleServiceProvider1, TENANT_ID);
+ assertThrows(IdentityException.class,
+ () -> samlSSOServiceProviderManager.uploadServiceProvider(sampleServiceProvider1, TENANT_ID));
+ }
+
+ @Test
+ public void testUploadServiceProviderWithDataAccessException() throws Exception {
+
+ SAMLSSOServiceProviderDO serviceProviderDO = createServiceProviderDO(ISSUER1);
+
+ try (MockedStatic jdbcUtilsMockedStatic = mockStatic(JdbcUtils.class)) {
+ NamedJdbcTemplate namedJdbcTemplate = mock(NamedJdbcTemplate.class);
+ jdbcUtilsMockedStatic.when(JdbcUtils::getNewNamedJdbcTemplate).thenReturn(namedJdbcTemplate);
+ doThrow(new DataAccessException("Data access error")).when(namedJdbcTemplate).withTransaction(any());
+
+ assertThrows(IdentityException.class,
+ () -> samlSSOServiceProviderManager.uploadServiceProvider(serviceProviderDO, TENANT_ID));
+ }
+ }
+
+ private SAMLSSOServiceProviderDO createServiceProviderDO(String issuer) {
+
+ SAMLSSOServiceProviderDO serviceProviderDO = new SAMLSSOServiceProviderDO();
+ serviceProviderDO.setIssuer(issuer);
+ serviceProviderDO.setIssuerQualifier(ISSUER_QUALIFIER);
+ serviceProviderDO.setAssertionConsumerUrls(ASSERTION_CONSUMER_URLS);
+ serviceProviderDO.setDefaultAssertionConsumerUrl(DEFAULT_ASSERTION_CONSUMER_URL);
+ serviceProviderDO.setCertAlias(CERT_ALIAS);
+ serviceProviderDO.setSloResponseURL(SLO_RESPONSE_URL);
+ serviceProviderDO.setSloRequestURL(SLO_REQUEST_URL);
+ serviceProviderDO.setDoSingleLogout(DO_SINGLE_LOGOUT);
+ serviceProviderDO.setDoSignResponse(DO_SIGN_RESPONSE);
+ serviceProviderDO.setDoSignAssertions(DO_SIGN_ASSERTIONS);
+ serviceProviderDO.setAttributeConsumingServiceIndex(ATTRIBUTE_CONSUMING_SERVICE_INDEX);
+ serviceProviderDO.setRequestedAudiences(REQUESTED_AUDIENCES);
+ serviceProviderDO.setRequestedRecipients(REQUESTED_RECIPIENTS);
+ serviceProviderDO.setEnableAttributesByDefault(ENABLE_ATTRIBUTES_BY_DEFAULT);
+ serviceProviderDO.setNameIDFormat(NAME_ID_FORMAT);
+ serviceProviderDO.setIdPInitSSOEnabled(IS_IDP_INIT_SSO_ENABLED);
+ serviceProviderDO.setIdPInitSLOEnabled(IDP_INIT_SLO_ENABLED);
+ serviceProviderDO.setIdpInitSLOReturnToURLs(IDP_INIT_SLO_RETURN_TO_URLS);
+ serviceProviderDO.setDoEnableEncryptedAssertion(DO_ENABLE_ENCRYPTED_ASSERTION);
+ serviceProviderDO.setDoValidateSignatureInRequests(DO_VALIDATE_SIGNATURE_IN_REQUESTS);
+ serviceProviderDO.setDoValidateSignatureInArtifactResolve(DO_VALIDATE_SIGNATURE_IN_ARTIFACT_RESOLVE);
+ serviceProviderDO.setSigningAlgorithmUri(SIGNING_ALGORITHM_URI);
+ serviceProviderDO.setDigestAlgorithmUri(DIGEST_ALGORITHM_URI);
+ serviceProviderDO.setAssertionEncryptionAlgorithmUri(ASSERTION_ENCRYPTION_ALGORITHM_URI);
+ serviceProviderDO.setKeyEncryptionAlgorithmUri(KEY_ENCRYPTION_ALGORITHM_URI);
+ serviceProviderDO.setAssertionQueryRequestProfileEnabled(IS_ASSERTION_QUERY_REQUEST_PROFILE_ENABLED);
+ serviceProviderDO.setSupportedAssertionQueryRequestTypes(SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES);
+ serviceProviderDO.setEnableSAML2ArtifactBinding(ENABLE_SAML2_ARTIFACT_BINDING);
+ serviceProviderDO.setSamlECP(SAML_ECP);
+ serviceProviderDO.setIdpEntityIDAlias(IDP_ENTITY_ID_ALIAS);
+ serviceProviderDO.setDoFrontChannelLogout(DO_FRONT_CHANNEL_LOGOUT);
+ serviceProviderDO.setFrontChannelLogoutBinding(FRONT_CHANNEL_LOGOUT_BINDING);
+
+ return serviceProviderDO;
+ }
+
+ public String getIssuerWithQualifier(String issuer) {
+
+ return StringUtils.isNotBlank(ISSUER_QUALIFIER) ?
+ issuer + IdentityRegistryResources.QUALIFIER_ID + ISSUER_QUALIFIER : issuer;
+ }
+}
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/constant/TestConstants.java b/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/constant/TestConstants.java
new file mode 100644
index 000000000000..027d7e5747a1
--- /dev/null
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/constant/TestConstants.java
@@ -0,0 +1,49 @@
+package org.wso2.carbon.identity.core.constant;
+
+public class TestConstants {
+
+ public static final int TENANT_ID = 1;
+ public static final String ISSUER1 = "issuer1";
+ public static final String ISSUER2 = "issuer2";
+ public static final String ISSUER_QUALIFIER = "issuerQualifier";
+ public static final String[] ASSERTION_CONSUMER_URLS = {"http://localhost:8080/acs", "http://localhost:8080/acs1"};
+ public static final String DEFAULT_ASSERTION_CONSUMER_URL = "http://localhost:8080/acs";
+ public static final String CERT_ALIAS = "wso2carbon";
+ public static final String SLO_RESPONSE_URL = "http://localhost:8080/sloResponse";
+ public static final String SLO_REQUEST_URL = "http://localhost:8080/sloRequest";
+ public static final boolean DO_SINGLE_LOGOUT = true;
+ public static final String LOGIN_PAGE_URL = "http://localhost:8080/login";
+ public static final boolean DO_SIGN_RESPONSE = true;
+ public static final boolean DO_SIGN_ASSERTIONS = true;
+ public static final String ATTRIBUTE_CONSUMING_SERVICE_INDEX = "index";
+ public static final String[] REQUESTED_CLAIMS = {"claim1", "claim2"};
+ public static final String[] REQUESTED_AUDIENCES = {"audience1", "audience2"};
+ public static final String[] REQUESTED_RECIPIENTS = {"recipient1", "recipient2"};
+ public static final boolean ENABLE_ATTRIBUTES_BY_DEFAULT = true;
+ public static final String NAME_ID_CLAIM_URI = "nameIdClaimUri";
+ public static final String NAME_ID_FORMAT = "nameIDFormat";
+ public static final boolean IS_IDP_INIT_SSO_ENABLED = true;
+ public static final boolean IDP_INIT_SLO_ENABLED = true;
+ public static final String[] IDP_INIT_SLO_RETURN_TO_URLS =
+ {"http://localhost:8080/returnTo1", "http://localhost:8080/returnTo2"};
+ public static final boolean DO_ENABLE_ENCRYPTED_ASSERTION = false;
+ public static final boolean DO_VALIDATE_SIGNATURE_IN_REQUESTS = false;
+ public static final boolean DO_VALIDATE_SIGNATURE_IN_ARTIFACT_RESOLVE = false;
+ public static final String SIGNING_ALGORITHM_URI = "signingAlgorithmUri";
+ public static final String DIGEST_ALGORITHM_URI = "digestAlgorithmUri";
+ public static final String ASSERTION_ENCRYPTION_ALGORITHM_URI = "assertionEncryptionAlgorithmUri";
+ public static final String KEY_ENCRYPTION_ALGORITHM_URI = "keyEncryptionAlgorithmUri";
+ public static final String SIGNING_CERTIFICATE = "signingCertificate";
+ public static final String ENCRYPTION_CERTIFICATE = "encryptionCertificate";
+ public static final boolean IS_ASSERTION_QUERY_REQUEST_PROFILE_ENABLED = true;
+ public static final String SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES = "supportedTypes";
+ public static final boolean ENABLE_SAML2_ARTIFACT_BINDING = true;
+ public static final boolean SAML_ECP = true;
+ public static final String IDP_ENTITY_ID_ALIAS = "idpEntityIDAlias";
+ public static final boolean DO_FRONT_CHANNEL_LOGOUT = true;
+ public static final String FRONT_CHANNEL_LOGOUT_BINDING = "frontChannelLogoutBinding";
+
+ public static final String UPDATED_ISSUER_QUALIFIER = "updatedIssuerQualifier";
+ public static final boolean UPDATED_DO_SINGLE_LOGOUT = false;
+ public static final String[] UPDATED_REQUESTED_RECIPIENTS = {"updatedRecipient1", "updatedRecipient2"};
+}
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/util/TestUtils.java b/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/util/TestUtils.java
new file mode 100644
index 000000000000..e7a0652c08f8
--- /dev/null
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/test/java/org/wso2/carbon/identity/core/util/TestUtils.java
@@ -0,0 +1,65 @@
+package org.wso2.carbon.identity.core.util;
+
+import org.apache.commons.dbcp.BasicDataSource;
+import org.apache.commons.lang.StringUtils;
+
+import java.nio.file.Paths;
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.mockito.Mockito.spy;
+
+public class TestUtils {
+
+ public static final String DB_NAME = "SAMLSSOServiceProviderManagerDB";
+ public static final String H2_SCRIPT_NAME = "h2.sql";
+ public static Map dataSourceMap = new HashMap<>();
+
+ public static Connection spyConnection(Connection connection) throws SQLException {
+
+ Connection spy = spy(connection);
+ return spy;
+ }
+
+ public static String getFilePath(String fileName) {
+
+ if (StringUtils.isNotBlank(fileName)) {
+ return Paths.get(System.getProperty("user.dir"), "src", "test", "resources", "dbscripts", fileName)
+ .toString();
+ }
+ throw new IllegalArgumentException("DB Script file name cannot be empty.");
+ }
+
+ public static void initiateH2Base() throws Exception {
+
+ BasicDataSource dataSource = new BasicDataSource();
+ dataSource.setDriverClassName("org.h2.Driver");
+ dataSource.setUsername("username");
+ dataSource.setPassword("password");
+ dataSource.setUrl("jdbc:h2:mem:test" + DB_NAME);
+ try (Connection connection = dataSource.getConnection()) {
+ connection.createStatement().executeUpdate("DROP ALL OBJECTS");
+ connection.createStatement().executeUpdate("RUNSCRIPT FROM '" + getFilePath(H2_SCRIPT_NAME) + "'");
+ }
+ dataSourceMap.put(DB_NAME, dataSource);
+ }
+
+ public static void closeH2Base() throws Exception {
+
+ BasicDataSource dataSource = dataSourceMap.get(DB_NAME);
+ if (dataSource != null) {
+ dataSource.close();
+ }
+ }
+
+ public static Connection getConnection() throws SQLException {
+
+ if (dataSourceMap.get(DB_NAME) != null) {
+ return dataSourceMap.get(DB_NAME).getConnection();
+ }
+ throw new RuntimeException("No data source initiated for database: " + DB_NAME);
+ }
+
+}
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/test/resources/dbscripts/h2.sql b/components/identity-core/org.wso2.carbon.identity.core/src/test/resources/dbscripts/h2.sql
new file mode 100644
index 000000000000..d4096e5bfec2
--- /dev/null
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/test/resources/dbscripts/h2.sql
@@ -0,0 +1,1662 @@
+CREATE TABLE IF NOT EXISTS IDN_BASE_TABLE (
+ PRODUCT_NAME VARCHAR (20),
+ PRIMARY KEY (PRODUCT_NAME)
+);
+
+INSERT INTO IDN_BASE_TABLE values ('WSO2 Identity Server');
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH_CONSUMER_APPS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ CONSUMER_KEY VARCHAR (255),
+ CONSUMER_SECRET VARCHAR (2048),
+ USERNAME VARCHAR (255),
+ TENANT_ID INTEGER DEFAULT 0,
+ USER_DOMAIN VARCHAR(50),
+ APP_NAME VARCHAR (255),
+ OAUTH_VERSION VARCHAR (128),
+ CALLBACK_URL VARCHAR (2048),
+ GRANT_TYPES VARCHAR (1024),
+ PKCE_MANDATORY CHAR(1) DEFAULT '0',
+ PKCE_SUPPORT_PLAIN CHAR(1) DEFAULT '0',
+ APP_STATE VARCHAR (25) DEFAULT 'ACTIVE',
+ USER_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600,
+ APP_ACCESS_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600,
+ REFRESH_TOKEN_EXPIRE_TIME BIGINT DEFAULT 84600,
+ ID_TOKEN_EXPIRE_TIME BIGINT DEFAULT 3600,
+ CONSTRAINT CONSUMER_KEY_CONSTRAINT UNIQUE (TENANT_ID, CONSUMER_KEY),
+ PRIMARY KEY (ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_VALIDATORS (
+ APP_ID INTEGER NOT NULL,
+ SCOPE_VALIDATOR VARCHAR (128) NOT NULL,
+ PRIMARY KEY (APP_ID,SCOPE_VALIDATOR),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_REQUEST_TOKEN (
+ REQUEST_TOKEN VARCHAR (512),
+ REQUEST_TOKEN_SECRET VARCHAR (512),
+ CONSUMER_KEY_ID INTEGER,
+ CALLBACK_URL VARCHAR (2048),
+ SCOPE VARCHAR(2048),
+ AUTHORIZED VARCHAR (128),
+ OAUTH_VERIFIER VARCHAR (512),
+ AUTHZ_USER VARCHAR (512),
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (REQUEST_TOKEN),
+ FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH1A_ACCESS_TOKEN (
+ ACCESS_TOKEN VARCHAR (512),
+ ACCESS_TOKEN_SECRET VARCHAR (512),
+ CONSUMER_KEY_ID INTEGER,
+ SCOPE VARCHAR(2048),
+ AUTHZ_USER VARCHAR (512),
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (ACCESS_TOKEN),
+ FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN (
+ TOKEN_ID VARCHAR (255),
+ ACCESS_TOKEN VARCHAR (2048),
+ REFRESH_TOKEN VARCHAR (2048),
+ CONSUMER_KEY_ID INTEGER,
+ AUTHZ_USER VARCHAR (100),
+ TENANT_ID INTEGER,
+ USER_DOMAIN VARCHAR(50),
+ USER_TYPE VARCHAR (25),
+ GRANT_TYPE VARCHAR (50),
+ TIME_CREATED TIMESTAMP DEFAULT 0,
+ REFRESH_TOKEN_TIME_CREATED TIMESTAMP DEFAULT 0,
+ VALIDITY_PERIOD BIGINT,
+ REFRESH_TOKEN_VALIDITY_PERIOD BIGINT,
+ TOKEN_SCOPE_HASH VARCHAR (32),
+ TOKEN_STATE VARCHAR (25) DEFAULT 'ACTIVE',
+ TOKEN_STATE_ID VARCHAR (128) DEFAULT 'NONE',
+ SUBJECT_IDENTIFIER VARCHAR(255),
+ ACCESS_TOKEN_HASH VARCHAR (512),
+ REFRESH_TOKEN_HASH VARCHAR (512),
+ IDP_ID INTEGER DEFAULT -1 NOT NULL,
+ TOKEN_BINDING_REF VARCHAR (32) DEFAULT 'NONE',
+ CONSENTED_TOKEN VARCHAR(6),
+ AUTHORIZED_ORGANIZATION VARCHAR(36) DEFAULT 'NONE' NOT NULL,
+ PRIMARY KEY (TOKEN_ID),
+ FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+ CONSTRAINT CON_APP_KEY UNIQUE (CONSUMER_KEY_ID,AUTHZ_USER,TENANT_ID,USER_DOMAIN,USER_TYPE,TOKEN_SCOPE_HASH,
+ TOKEN_STATE,TOKEN_STATE_ID,IDP_ID,TOKEN_BINDING_REF,AUTHORIZED_ORGANIZATION)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_TOKEN_BINDING (
+ TOKEN_ID VARCHAR (255),
+ TOKEN_BINDING_TYPE VARCHAR (32),
+ TOKEN_BINDING_REF VARCHAR (32),
+ TOKEN_BINDING_VALUE VARCHAR (1024),
+ TENANT_ID INTEGER DEFAULT -1,
+ UNIQUE (TOKEN_ID,TOKEN_BINDING_TYPE,TOKEN_BINDING_VALUE),
+ FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_AUDIT (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TOKEN_ID VARCHAR (255),
+ ACCESS_TOKEN VARCHAR(2048),
+ REFRESH_TOKEN VARCHAR(2048),
+ CONSUMER_KEY_ID INTEGER,
+ AUTHZ_USER VARCHAR (100),
+ TENANT_ID INTEGER,
+ USER_DOMAIN VARCHAR(50),
+ USER_TYPE VARCHAR (25),
+ GRANT_TYPE VARCHAR (50),
+ TIME_CREATED TIMESTAMP NULL,
+ REFRESH_TOKEN_TIME_CREATED TIMESTAMP NULL,
+ VALIDITY_PERIOD BIGINT,
+ REFRESH_TOKEN_VALIDITY_PERIOD BIGINT,
+ TOKEN_SCOPE_HASH VARCHAR(32),
+ TOKEN_STATE VARCHAR(25),
+ TOKEN_STATE_ID VARCHAR (128) ,
+ SUBJECT_IDENTIFIER VARCHAR(255),
+ ACCESS_TOKEN_HASH VARCHAR(512),
+ REFRESH_TOKEN_HASH VARCHAR(512),
+ INVALIDATED_TIME TIMESTAMP NULL,
+ IDP_ID INTEGER DEFAULT -1 NOT NULL,
+ PRIMARY KEY(ID)
+);
+
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHORIZATION_CODE (
+ CODE_ID VARCHAR (255),
+ AUTHORIZATION_CODE VARCHAR (2048),
+ CONSUMER_KEY_ID INTEGER,
+ CALLBACK_URL VARCHAR (2048),
+ SCOPE VARCHAR(2048),
+ AUTHZ_USER VARCHAR (100),
+ TENANT_ID INTEGER,
+ USER_DOMAIN VARCHAR(50),
+ TIME_CREATED TIMESTAMP,
+ VALIDITY_PERIOD BIGINT,
+ STATE VARCHAR (25) DEFAULT 'ACTIVE',
+ TOKEN_ID VARCHAR(255),
+ SUBJECT_IDENTIFIER VARCHAR(255),
+ PKCE_CODE_CHALLENGE VARCHAR (255),
+ PKCE_CODE_CHALLENGE_METHOD VARCHAR(128),
+ AUTHORIZATION_CODE_HASH VARCHAR (512),
+ IDP_ID INTEGER DEFAULT -1 NOT NULL,
+ PRIMARY KEY (CODE_ID),
+ FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_AUTHZ_CODE_SCOPE(
+ CODE_ID VARCHAR(255),
+ SCOPE VARCHAR(255),
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (CODE_ID, SCOPE),
+ FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE (CODE_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_DEVICE_FLOW (
+ CODE_ID VARCHAR(255),
+ DEVICE_CODE VARCHAR(255),
+ USER_CODE VARCHAR(25),
+ QUANTIFIER INTEGER NOT NULL DEFAULT 0,
+ CONSUMER_KEY_ID INTEGER,
+ LAST_POLL_TIME TIMESTAMP NOT NULL,
+ EXPIRY_TIME TIMESTAMP NOT NULL,
+ TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ POLL_TIME BIGINT,
+ STATUS VARCHAR (25) DEFAULT 'PENDING',
+ AUTHZ_USER VARCHAR (100),
+ TENANT_ID INTEGER,
+ USER_DOMAIN VARCHAR(50),
+ IDP_ID INTEGER,
+ SUBJECT_IDENTIFIER VARCHAR(255),
+ PRIMARY KEY (DEVICE_CODE),
+ UNIQUE (CODE_ID),
+ CONSTRAINT USRCDE_QNTFR_CONSTRAINT UNIQUE (USER_CODE, QUANTIFIER),
+ FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_DEVICE_FLOW_SCOPES (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ SCOPE_ID VARCHAR(255),
+ SCOPE VARCHAR(255),
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_DEVICE_FLOW(CODE_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_ACCESS_TOKEN_SCOPE (
+ TOKEN_ID VARCHAR (255),
+ TOKEN_SCOPE VARCHAR (255),
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (TOKEN_ID, TOKEN_SCOPE),
+ FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE (
+ SCOPE_ID INTEGER NOT NULL AUTO_INCREMENT,
+ NAME VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ DESCRIPTION VARCHAR(512),
+ TENANT_ID INTEGER NOT NULL DEFAULT -1,
+ SCOPE_TYPE VARCHAR(255) NOT NULL,
+ PRIMARY KEY (SCOPE_ID),
+ UNIQUE (NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_SCOPE_BINDING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ SCOPE_ID INTEGER NOT NULL,
+ SCOPE_BINDING VARCHAR(255) NOT NULL,
+ BINDING_TYPE VARCHAR(255) NOT NULL,
+ FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE,
+ UNIQUE (SCOPE_ID, SCOPE_BINDING, BINDING_TYPE),
+ PRIMARY KEY (ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_RESOURCE_SCOPE (
+ RESOURCE_PATH VARCHAR(255) NOT NULL,
+ SCOPE_ID INTEGER NOT NULL,
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (RESOURCE_PATH),
+ FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE (SCOPE_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_SCIM_GROUP (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ ROLE_NAME VARCHAR(255) NOT NULL,
+ ATTR_NAME VARCHAR(1024) NOT NULL,
+ ATTR_VALUE VARCHAR(1024),
+ AUDIENCE_REF_ID INTEGER DEFAULT -1 NOT NULL,
+ UNIQUE(TENANT_ID, ROLE_NAME, ATTR_NAME, AUDIENCE_REF_ID),
+ PRIMARY KEY (ID)
+);
+
+
+
+CREATE TABLE IF NOT EXISTS IDN_OPENID_REMEMBER_ME (
+ USER_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER DEFAULT 0,
+ COOKIE_VALUE VARCHAR(1024),
+ CREATED_TIME TIMESTAMP,
+ PRIMARY KEY (USER_NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OPENID_USER_RPS (
+ USER_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER DEFAULT 0,
+ RP_URL VARCHAR(255) NOT NULL,
+ TRUSTED_ALWAYS VARCHAR(128) DEFAULT 'FALSE',
+ LAST_VISIT DATE NOT NULL,
+ VISIT_COUNT INTEGER DEFAULT 0,
+ DEFAULT_PROFILE_NAME VARCHAR(255) DEFAULT 'DEFAULT',
+ PRIMARY KEY (USER_NAME, TENANT_ID, RP_URL)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OPENID_ASSOCIATIONS (
+ HANDLE VARCHAR(255) NOT NULL,
+ ASSOC_TYPE VARCHAR(255) NOT NULL,
+ EXPIRE_IN TIMESTAMP NOT NULL,
+ MAC_KEY VARCHAR(255) NOT NULL,
+ ASSOC_STORE VARCHAR(128) DEFAULT 'SHARED',
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (HANDLE)
+);
+
+CREATE TABLE IDN_STS_STORE (
+ ID INTEGER AUTO_INCREMENT,
+ TOKEN_ID VARCHAR(255) NOT NULL,
+ TOKEN_CONTENT BLOB(1024) NOT NULL,
+ CREATE_DATE TIMESTAMP NOT NULL,
+ EXPIRE_DATE TIMESTAMP NOT NULL,
+ STATE INTEGER DEFAULT 0,
+ PRIMARY KEY (ID)
+);
+
+CREATE TABLE IDN_IDENTITY_USER_DATA (
+ TENANT_ID INTEGER DEFAULT -1234,
+ USER_NAME VARCHAR(255) NOT NULL,
+ DATA_KEY VARCHAR(255) NOT NULL,
+ DATA_VALUE VARCHAR(2048),
+ PRIMARY KEY (TENANT_ID, USER_NAME, DATA_KEY)
+);
+
+CREATE TABLE IDN_IDENTITY_META_DATA (
+ USER_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER DEFAULT -1234,
+ METADATA_TYPE VARCHAR(255) NOT NULL,
+ METADATA VARCHAR(255) NOT NULL,
+ VALID VARCHAR(255) NOT NULL,
+ PRIMARY KEY (TENANT_ID, USER_NAME, METADATA_TYPE,METADATA)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_THRIFT_SESSION (
+ SESSION_ID VARCHAR(255) NOT NULL,
+ USER_NAME VARCHAR(255) NOT NULL,
+ CREATED_TIME VARCHAR(255) NOT NULL,
+ LAST_MODIFIED_TIME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (SESSION_ID)
+);
+
+CREATE TABLE IDN_AUTH_SESSION_STORE (
+ SESSION_ID VARCHAR (100) NOT NULL,
+ SESSION_TYPE VARCHAR(100) NOT NULL,
+ OPERATION VARCHAR(10) NOT NULL,
+ SESSION_OBJECT BLOB,
+ TIME_CREATED BIGINT,
+ TENANT_ID INTEGER DEFAULT -1,
+ EXPIRY_TIME BIGINT,
+ PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION)
+);
+
+
+CREATE TABLE IDN_AUTH_TEMP_SESSION_STORE (
+ SESSION_ID VARCHAR (100) NOT NULL,
+ SESSION_TYPE VARCHAR(100) NOT NULL,
+ OPERATION VARCHAR(10) NOT NULL,
+ SESSION_OBJECT BLOB,
+ TIME_CREATED BIGINT,
+ TENANT_ID INTEGER DEFAULT -1,
+ EXPIRY_TIME BIGINT,
+ PRIMARY KEY (SESSION_ID, SESSION_TYPE, TIME_CREATED, OPERATION)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_AUTH_USER (
+ USER_ID VARCHAR(255) NOT NULL,
+ USER_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ DOMAIN_NAME VARCHAR(255) NOT NULL,
+ IDP_ID INTEGER NOT NULL,
+ PRIMARY KEY (USER_ID),
+ CONSTRAINT USER_STORE_CONSTRAINT UNIQUE (USER_NAME, TENANT_ID, DOMAIN_NAME, IDP_ID));
+
+CREATE TABLE IF NOT EXISTS IDN_AUTH_USER_SESSION_MAPPING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ USER_ID VARCHAR(255) NOT NULL,
+ SESSION_ID VARCHAR(255) NOT NULL,
+ CONSTRAINT USER_SESSION_STORE_CONSTRAINT UNIQUE (USER_ID, SESSION_ID),
+ PRIMARY KEY (ID));
+
+CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_APP_INFO (
+ SESSION_ID VARCHAR (100) NOT NULL,
+ SUBJECT VARCHAR (100) NOT NULL,
+ APP_ID INTEGER NOT NULL,
+ INBOUND_AUTH_TYPE VARCHAR (255) NOT NULL,
+ PRIMARY KEY (SESSION_ID, SUBJECT, APP_ID, INBOUND_AUTH_TYPE));
+
+CREATE TABLE IF NOT EXISTS IDN_AUTH_SESSION_META_DATA (
+ SESSION_ID VARCHAR (100) NOT NULL,
+ PROPERTY_TYPE VARCHAR (100) NOT NULL,
+ `VALUE` VARCHAR (255) NOT NULL,
+ PRIMARY KEY (SESSION_ID, PROPERTY_TYPE, `VALUE`)
+ );
+
+CREATE TABLE IF NOT EXISTS SP_APP (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ APP_NAME VARCHAR (255) NOT NULL ,
+ USER_STORE VARCHAR (255) NOT NULL,
+ USERNAME VARCHAR (255) NOT NULL ,
+ DESCRIPTION VARCHAR (1024),
+ ROLE_CLAIM VARCHAR (512),
+ AUTH_TYPE VARCHAR (255) NOT NULL,
+ PROVISIONING_USERSTORE_DOMAIN VARCHAR (512),
+ IS_LOCAL_CLAIM_DIALECT CHAR(1) DEFAULT '1',
+ IS_SEND_LOCAL_SUBJECT_ID CHAR(1) DEFAULT '0',
+ IS_SEND_AUTH_LIST_OF_IDPS CHAR(1) DEFAULT '0',
+ IS_USE_TENANT_DOMAIN_SUBJECT CHAR(1) DEFAULT '1',
+ IS_USE_USER_DOMAIN_SUBJECT CHAR(1) DEFAULT '1',
+ ENABLE_AUTHORIZATION CHAR(1) DEFAULT '0',
+ SUBJECT_CLAIM_URI VARCHAR (512),
+ IS_SAAS_APP CHAR(1) DEFAULT '0',
+ IS_DUMB_MODE CHAR(1) DEFAULT '0',
+ UUID CHAR(36),
+ IMAGE_URL VARCHAR(1024),
+ ACCESS_URL VARCHAR(1024),
+ IS_DISCOVERABLE CHAR(1) DEFAULT '0',
+
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_NAME_CONSTRAINT UNIQUE(APP_NAME, TENANT_ID);
+ALTER TABLE SP_APP ADD CONSTRAINT APPLICATION_UUID_CONSTRAINT UNIQUE(UUID);
+
+CREATE TABLE IF NOT EXISTS SP_METADATA (
+ ID INTEGER AUTO_INCREMENT,
+ SP_ID INTEGER,
+ NAME VARCHAR(255) NOT NULL,
+ `VALUE` VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255),
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (ID),
+ CONSTRAINT SP_METADATA_CONSTRAINT UNIQUE (SP_ID, NAME),
+ FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS SP_INBOUND_AUTH (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ INBOUND_AUTH_KEY VARCHAR (255),
+ INBOUND_AUTH_TYPE VARCHAR (255) NOT NULL,
+ INBOUND_CONFIG_TYPE VARCHAR (255) NOT NULL,
+ PROP_NAME VARCHAR (255),
+ PROP_VALUE VARCHAR (1024) ,
+ APP_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_INBOUND_AUTH ADD CONSTRAINT APPLICATION_ID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_AUTH_STEP (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ STEP_ORDER INTEGER DEFAULT 1,
+ APP_ID INTEGER NOT NULL ,
+ IS_SUBJECT_STEP CHAR(1) DEFAULT '0',
+ IS_ATTRIBUTE_STEP CHAR(1) DEFAULT '0',
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_AUTH_STEP ADD CONSTRAINT APPLICATION_ID_CONSTRAINT_STEP FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_FEDERATED_IDP (
+ ID INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ AUTHENTICATOR_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID, AUTHENTICATOR_ID));
+
+ALTER TABLE SP_FEDERATED_IDP ADD CONSTRAINT STEP_ID_CONSTRAINT FOREIGN KEY (ID) REFERENCES SP_AUTH_STEP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_CLAIM_DIALECT (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ SP_DIALECT VARCHAR (512) NOT NULL,
+ APP_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_CLAIM_DIALECT ADD CONSTRAINT DIALECTID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_CLAIM_MAPPING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ IDP_CLAIM VARCHAR (512) NOT NULL ,
+ SP_CLAIM VARCHAR (512) NOT NULL ,
+ APP_ID INTEGER NOT NULL,
+ IS_REQUESTED VARCHAR(128) DEFAULT '0',
+ IS_MANDATORY VARCHAR(128) DEFAULT '0',
+ DEFAULT_VALUE VARCHAR(255),
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_CLAIM_MAPPING ADD CONSTRAINT CLAIMID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_ROLE_MAPPING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ IDP_ROLE VARCHAR (255) NOT NULL ,
+ SP_ROLE VARCHAR (255) NOT NULL ,
+ APP_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_ROLE_MAPPING ADD CONSTRAINT ROLEID_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_REQ_PATH_AUTHENTICATOR (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ AUTHENTICATOR_NAME VARCHAR (255) NOT NULL ,
+ APP_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_REQ_PATH_AUTHENTICATOR ADD CONSTRAINT REQ_AUTH_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_PROVISIONING_CONNECTOR (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER NOT NULL,
+ IDP_NAME VARCHAR (255) NOT NULL ,
+ CONNECTOR_NAME VARCHAR (255) NOT NULL ,
+ APP_ID INTEGER NOT NULL,
+ IS_JIT_ENABLED CHAR(1) NOT NULL DEFAULT '0',
+ BLOCKING CHAR(1) NOT NULL DEFAULT '0',
+ RULE_ENABLED CHAR(1) NOT NULL DEFAULT '0',
+ PRIMARY KEY (ID));
+
+ALTER TABLE SP_PROVISIONING_CONNECTOR ADD CONSTRAINT PRO_CONNECTOR_APPID_CONSTRAINT FOREIGN KEY (APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE;
+
+CREATE TABLE IF NOT EXISTS SP_AUTH_SCRIPT (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ APP_ID INTEGER NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ CONTENT BLOB DEFAULT NULL,
+ IS_ENABLED CHAR(1) NOT NULL DEFAULT '0',
+ PRIMARY KEY (ID));
+
+CREATE TABLE SP_TEMPLATE (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ DESCRIPTION VARCHAR(1023),
+ CONTENT BLOB DEFAULT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT SP_TEMPLATE_CONSTRAINT UNIQUE (TENANT_ID, NAME));
+
+CREATE TABLE IF NOT EXISTS SP_TRUSTED_APPS (
+ ID INTEGER AUTO_INCREMENT,
+ SP_ID INTEGER NOT NULL,
+ PLATFORM_TYPE VARCHAR(255) NOT NULL,
+ APP_IDENTIFIER VARCHAR(255) NOT NULL,
+ THUMBPRINTS VARCHAR(2048),
+ IS_FIDO_TRUSTED BOOLEAN DEFAULT FALSE,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ UNIQUE (SP_ID, PLATFORM_TYPE),
+ FOREIGN KEY (SP_ID) REFERENCES SP_APP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDN_AUTH_WAIT_STATUS (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ LONG_WAIT_KEY VARCHAR(255) NOT NULL,
+ WAIT_STATUS CHAR(1) NOT NULL DEFAULT '1',
+ TIME_CREATED TIMESTAMP DEFAULT 0,
+ EXPIRE_TIME TIMESTAMP DEFAULT 0,
+ PRIMARY KEY (ID),
+ CONSTRAINT IDN_AUTH_WAIT_STATUS_KEY UNIQUE (LONG_WAIT_KEY));
+
+CREATE TABLE IF NOT EXISTS IDP (
+ ID INTEGER AUTO_INCREMENT,
+ TENANT_ID INTEGER,
+ NAME VARCHAR(254) NOT NULL,
+ IS_ENABLED CHAR(1) NOT NULL DEFAULT '1',
+ IS_PRIMARY CHAR(1) NOT NULL DEFAULT '0',
+ HOME_REALM_ID VARCHAR(254),
+ IMAGE MEDIUMBLOB,
+ CERTIFICATE BLOB,
+ ALIAS VARCHAR(254),
+ INBOUND_PROV_ENABLED CHAR(1) NOT NULL DEFAULT '0',
+ INBOUND_PROV_USER_STORE_ID VARCHAR(254),
+ USER_CLAIM_URI VARCHAR(254),
+ ROLE_CLAIM_URI VARCHAR(254),
+ DESCRIPTION VARCHAR(1024),
+ DEFAULT_AUTHENTICATOR_NAME VARCHAR(254),
+ DEFAULT_PRO_CONNECTOR_NAME VARCHAR(254),
+ PROVISIONING_ROLE VARCHAR(128),
+ IS_FEDERATION_HUB CHAR(1) NOT NULL DEFAULT '0',
+ IS_LOCAL_CLAIM_DIALECT CHAR(1) NOT NULL DEFAULT '0',
+ DISPLAY_NAME VARCHAR(255),
+ IMAGE_URL VARCHAR(1024),
+ UUID CHAR(36) NOT NULL,
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, NAME),
+ UNIQUE (UUID)
+);
+
+CREATE TABLE IF NOT EXISTS IDP_ROLE (
+ ID INTEGER AUTO_INCREMENT,
+ IDP_ID INTEGER,
+ TENANT_ID INTEGER,
+ ROLE VARCHAR(254),
+ PRIMARY KEY (ID),
+ UNIQUE (IDP_ID, ROLE),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_GROUP (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ IDP_ID INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ GROUP_NAME VARCHAR(255) NOT NULL,
+ UUID CHAR(36) NOT NULL,
+ PRIMARY KEY (ID),
+ UNIQUE (IDP_ID, GROUP_NAME),
+ UNIQUE (UUID),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_ROLE_MAPPING (
+ ID INTEGER AUTO_INCREMENT,
+ IDP_ROLE_ID INTEGER,
+ TENANT_ID INTEGER,
+ USER_STORE_ID VARCHAR (253),
+ LOCAL_ROLE VARCHAR(253),
+ PRIMARY KEY (ID),
+ UNIQUE (IDP_ROLE_ID, TENANT_ID, USER_STORE_ID, LOCAL_ROLE),
+ FOREIGN KEY (IDP_ROLE_ID) REFERENCES IDP_ROLE(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_CLAIM (
+ ID INTEGER AUTO_INCREMENT,
+ IDP_ID INTEGER,
+ TENANT_ID INTEGER,
+ CLAIM VARCHAR(254),
+ PRIMARY KEY (ID),
+ UNIQUE (IDP_ID, CLAIM),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_CLAIM_MAPPING (
+ ID INTEGER AUTO_INCREMENT,
+ IDP_CLAIM_ID INTEGER,
+ TENANT_ID INTEGER,
+ LOCAL_CLAIM VARCHAR(253),
+ DEFAULT_VALUE VARCHAR(255),
+ IS_REQUESTED VARCHAR(128) DEFAULT '0',
+ PRIMARY KEY (ID),
+ UNIQUE (IDP_CLAIM_ID, TENANT_ID, LOCAL_CLAIM),
+ FOREIGN KEY (IDP_CLAIM_ID) REFERENCES IDP_CLAIM(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_AUTHENTICATOR (
+ ID INTEGER AUTO_INCREMENT,
+ TENANT_ID INTEGER,
+ IDP_ID INTEGER,
+ NAME VARCHAR(255) NOT NULL,
+ IS_ENABLED CHAR (1) DEFAULT '1',
+ DISPLAY_NAME VARCHAR(255),
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, IDP_ID, NAME),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_METADATA (
+ ID INTEGER AUTO_INCREMENT,
+ IDP_ID INTEGER,
+ NAME VARCHAR(255) NOT NULL,
+ `VALUE` VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255),
+ TENANT_ID INTEGER DEFAULT -1,
+ PRIMARY KEY (ID),
+ CONSTRAINT IDP_METADATA_CONSTRAINT UNIQUE (IDP_ID, NAME),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_AUTHENTICATOR_PROPERTY (
+ ID INTEGER AUTO_INCREMENT,
+ TENANT_ID INTEGER,
+ AUTHENTICATOR_ID INTEGER,
+ PROPERTY_KEY VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2047),
+ IS_SECRET CHAR (1) DEFAULT '0',
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, AUTHENTICATOR_ID, PROPERTY_KEY),
+ FOREIGN KEY (AUTHENTICATOR_ID) REFERENCES IDP_AUTHENTICATOR(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_PROVISIONING_CONFIG (
+ ID INTEGER AUTO_INCREMENT,
+ TENANT_ID INTEGER,
+ IDP_ID INTEGER,
+ PROVISIONING_CONNECTOR_TYPE VARCHAR(255) NOT NULL,
+ IS_ENABLED CHAR (1) DEFAULT '0',
+ IS_BLOCKING CHAR (1) DEFAULT '0',
+ IS_RULES_ENABLED CHAR (1) DEFAULT '0',
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, IDP_ID, PROVISIONING_CONNECTOR_TYPE),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_PROV_CONFIG_PROPERTY (
+ ID INTEGER AUTO_INCREMENT,
+ TENANT_ID INTEGER,
+ PROVISIONING_CONFIG_ID INTEGER,
+ PROPERTY_KEY VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2048),
+ PROPERTY_BLOB_VALUE BLOB,
+ PROPERTY_TYPE VARCHAR(32) NOT NULL,
+ IS_SECRET CHAR (1) DEFAULT '0',
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, PROVISIONING_CONFIG_ID, PROPERTY_KEY),
+ FOREIGN KEY (PROVISIONING_CONFIG_ID) REFERENCES IDP_PROVISIONING_CONFIG(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_PROVISIONING_ENTITY (
+ ID INTEGER AUTO_INCREMENT,
+ PROVISIONING_CONFIG_ID INTEGER,
+ ENTITY_TYPE VARCHAR(255) NOT NULL,
+ ENTITY_LOCAL_USERSTORE VARCHAR(255) NOT NULL,
+ ENTITY_NAME VARCHAR(255) NOT NULL,
+ ENTITY_VALUE VARCHAR(255),
+ TENANT_ID INTEGER,
+ ENTITY_LOCAL_ID VARCHAR(255),
+ PRIMARY KEY (ID),
+ UNIQUE (ENTITY_TYPE, TENANT_ID, ENTITY_LOCAL_USERSTORE, ENTITY_NAME, PROVISIONING_CONFIG_ID),
+ UNIQUE (PROVISIONING_CONFIG_ID, ENTITY_TYPE, ENTITY_VALUE),
+ FOREIGN KEY (PROVISIONING_CONFIG_ID) REFERENCES IDP_PROVISIONING_CONFIG(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDP_LOCAL_CLAIM (
+ ID INTEGER AUTO_INCREMENT,
+ TENANT_ID INTEGER,
+ IDP_ID INTEGER,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ DEFAULT_VALUE VARCHAR(255),
+ IS_REQUESTED VARCHAR(128) DEFAULT '0',
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, IDP_ID, CLAIM_URI),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE);
+
+CREATE TABLE IF NOT EXISTS IDN_ASSOCIATED_ID (
+ ID INTEGER AUTO_INCREMENT,
+ IDP_USER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER DEFAULT -1234,
+ IDP_ID INTEGER NOT NULL,
+ DOMAIN_NAME VARCHAR(255) NOT NULL,
+ USER_NAME VARCHAR(255) NOT NULL,
+ ASSOCIATION_ID CHAR(36) NOT NULL,
+ PRIMARY KEY (ID),
+ UNIQUE(IDP_USER_ID, TENANT_ID, IDP_ID),
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_USER_ACCOUNT_ASSOCIATION (
+ ASSOCIATION_KEY VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER,
+ DOMAIN_NAME VARCHAR(255) NOT NULL,
+ USER_NAME VARCHAR(255) NOT NULL,
+ PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME));
+
+CREATE TABLE IF NOT EXISTS FIDO_DEVICE_STORE (
+ TENANT_ID INTEGER,
+ DOMAIN_NAME VARCHAR(255) NOT NULL,
+ USER_NAME VARCHAR(45) NOT NULL,
+ TIME_REGISTERED TIMESTAMP,
+ KEY_HANDLE VARCHAR(200) NOT NULL,
+ DEVICE_DATA VARCHAR(2048) NOT NULL,
+ PRIMARY KEY (TENANT_ID, DOMAIN_NAME, USER_NAME, KEY_HANDLE));
+
+CREATE TABLE IF NOT EXISTS FIDO2_DEVICE_STORE (
+ TENANT_ID INTEGER,
+ DOMAIN_NAME VARCHAR(255) NOT NULL,
+ USER_NAME VARCHAR(45) NOT NULL,
+ TIME_REGISTERED TIMESTAMP,
+ USER_HANDLE VARCHAR(200) NOT NULL,
+ CREDENTIAL_ID VARCHAR(200) NOT NULL,
+ PUBLIC_KEY_COSE VARCHAR(2048) NOT NULL,
+ SIGNATURE_COUNT BIGINT,
+ USER_IDENTITY VARCHAR(200) NOT NULL,
+ DISPLAY_NAME VARCHAR(255),
+ IS_USERNAMELESS_SUPPORTED CHAR(1) DEFAULT '0',
+ PRIMARY KEY (CREDENTIAL_ID, USER_HANDLE));
+
+CREATE TABLE IF NOT EXISTS IDN_RECOVERY_FLOW_DATA (
+ RECOVERY_FLOW_ID VARCHAR(255) NOT NULL,
+ CODE VARCHAR(255),
+ FAILED_ATTEMPTS INTEGER DEFAULT 0 NOT NULL,
+ RESEND_COUNT INTEGER DEFAULT 0 NOT NULL,
+ TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ PRIMARY KEY(RECOVERY_FLOW_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_RECOVERY_DATA (
+ USER_NAME VARCHAR(255) NOT NULL,
+ USER_DOMAIN VARCHAR(127) NOT NULL,
+ TENANT_ID INTEGER DEFAULT -1,
+ CODE VARCHAR(255) NOT NULL,
+ SCENARIO VARCHAR(255) NOT NULL,
+ STEP VARCHAR(127) NOT NULL,
+ TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ REMAINING_SETS VARCHAR(2500) DEFAULT NULL,
+ RECOVERY_FLOW_ID VARCHAR(255),
+ PRIMARY KEY(USER_NAME, USER_DOMAIN, TENANT_ID, SCENARIO,STEP),
+ FOREIGN KEY (RECOVERY_FLOW_ID) REFERENCES IDN_RECOVERY_FLOW_DATA(RECOVERY_FLOW_ID) ON DELETE CASCADE,
+ UNIQUE(CODE)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_PASSWORD_HISTORY_DATA (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ USER_NAME VARCHAR(255) NOT NULL,
+ USER_DOMAIN VARCHAR(127) NOT NULL,
+ TENANT_ID INTEGER DEFAULT -1,
+ SALT_VALUE VARCHAR(255),
+ HASH VARCHAR(255) NOT NULL,
+ TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ PRIMARY KEY (ID),
+ UNIQUE (USER_NAME,USER_DOMAIN,TENANT_ID,SALT_VALUE,HASH)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_DIALECT (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ DIALECT_URI VARCHAR (255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT DIALECT_URI_CONSTRAINT UNIQUE (DIALECT_URI, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ DIALECT_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR (255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (DIALECT_ID) REFERENCES IDN_CLAIM_DIALECT(ID) ON DELETE CASCADE,
+ CONSTRAINT CLAIM_URI_CONSTRAINT UNIQUE (DIALECT_ID, CLAIM_URI, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPED_ATTRIBUTE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ LOCAL_CLAIM_ID INTEGER,
+ USER_STORE_DOMAIN_NAME VARCHAR (255) NOT NULL,
+ ATTRIBUTE_NAME VARCHAR (255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+ CONSTRAINT USER_STORE_DOMAIN_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, USER_STORE_DOMAIN_NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_PROPERTY (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ LOCAL_CLAIM_ID INTEGER,
+ PROPERTY_NAME VARCHAR (255) NOT NULL,
+ PROPERTY_VALUE VARCHAR (255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+ CONSTRAINT PROPERTY_NAME_CONSTRAINT UNIQUE (LOCAL_CLAIM_ID, PROPERTY_NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CLAIM_MAPPING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ EXT_CLAIM_ID INTEGER NOT NULL,
+ MAPPED_LOCAL_CLAIM_ID INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (EXT_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+ FOREIGN KEY (MAPPED_LOCAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+ CONSTRAINT EXT_TO_LOC_MAPPING_CONSTRN UNIQUE (EXT_CLAIM_ID, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_SAML2_ASSERTION_STORE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ SAML2_ID VARCHAR(255) ,
+ SAML2_ISSUER VARCHAR(255) ,
+ SAML2_SUBJECT VARCHAR(255) ,
+ SAML2_SESSION_INDEX VARCHAR(255) ,
+ SAML2_AUTHN_CONTEXT_CLASS_REF VARCHAR(255) ,
+ SAML2_ASSERTION VARCHAR(4096) ,
+ ASSERTION BLOB ,
+ PRIMARY KEY (ID)
+);
+
+CREATE TABLE IDN_SAML2_ARTIFACT_STORE (
+ ID INT NOT NULL AUTO_INCREMENT,
+ SOURCE_ID VARCHAR(255) NOT NULL,
+ MESSAGE_HANDLER VARCHAR(255) NOT NULL,
+ AUTHN_REQ_DTO BLOB NOT NULL,
+ SESSION_ID VARCHAR(255) NOT NULL,
+ INIT_TIMESTAMP TIMESTAMP NOT NULL,
+ EXP_TIMESTAMP TIMESTAMP NOT NULL,
+ ASSERTION_ID VARCHAR(255),
+ PRIMARY KEY (`ID`)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_JTI (
+ JWT_ID VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ EXP_TIME TIMESTAMP NOT NULL ,
+ TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+ PRIMARY KEY (JWT_ID, TENANT_ID)
+);
+
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_PROPERTY (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TENANT_ID INTEGER,
+ CONSUMER_KEY VARCHAR(255) ,
+ PROPERTY_KEY VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2047) ,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (TENANT_ID, CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(TENANT_ID, CONSUMER_KEY) ON DELETE CASCADE
+);
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_REFERENCE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ CONSUMER_KEY_ID INTEGER ,
+ CODE_ID VARCHAR(255) ,
+ TOKEN_ID VARCHAR(255) ,
+ SESSION_DATA_KEY VARCHAR(255),
+ PRIMARY KEY (ID),
+ FOREIGN KEY (CONSUMER_KEY_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE,
+ FOREIGN KEY (TOKEN_ID) REFERENCES IDN_OAUTH2_ACCESS_TOKEN(TOKEN_ID) ON DELETE CASCADE,
+ FOREIGN KEY (CODE_ID) REFERENCES IDN_OAUTH2_AUTHORIZATION_CODE(CODE_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJECT_CLAIMS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ REQ_OBJECT_ID INTEGER,
+ CLAIM_ATTRIBUTE VARCHAR(255) ,
+ ESSENTIAL CHAR(1) NOT NULL DEFAULT '0',
+ `VALUE` VARCHAR(255) ,
+ IS_USERINFO CHAR(1) NOT NULL DEFAULT '0',
+ PRIMARY KEY (ID),
+ FOREIGN KEY (REQ_OBJECT_ID) REFERENCES IDN_OIDC_REQ_OBJECT_REFERENCE (ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_REQ_OBJ_CLAIM_VALUES (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ REQ_OBJECT_CLAIMS_ID INTEGER ,
+ CLAIM_VALUES VARCHAR(255) ,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (REQ_OBJECT_CLAIMS_ID) REFERENCES IDN_OIDC_REQ_OBJECT_CLAIMS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CERTIFICATE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ NAME VARCHAR(100),
+ CERTIFICATE_IN_PEM BLOB,
+ TENANT_ID INTEGER DEFAULT 0,
+ PRIMARY KEY(ID),
+ CONSTRAINT CERTIFICATE_UNIQUE_KEY UNIQUE (NAME, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OIDC_SCOPE_CLAIM_MAPPING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ SCOPE_ID INTEGER NOT NULL,
+ EXTERNAL_CLAIM_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OAUTH2_SCOPE(SCOPE_ID) ON DELETE CASCADE,
+ FOREIGN KEY (EXTERNAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE,
+ UNIQUE (SCOPE_ID, EXTERNAL_CLAIM_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_FUNCTION_LIBRARY (
+ NAME VARCHAR(255) NOT NULL,
+ DESCRIPTION VARCHAR(1023),
+ TYPE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ DATA BLOB NOT NULL,
+ PRIMARY KEY (TENANT_ID,NAME)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_CIBA_AUTH_CODE (
+ AUTH_CODE_KEY CHAR (36),
+ AUTH_REQ_ID CHAR (36),
+ ISSUED_TIME TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ CONSUMER_KEY VARCHAR(255),
+ LAST_POLLED_TIME TIMESTAMP NOT NULL,
+ POLLING_INTERVAL INTEGER,
+ EXPIRES_IN INTEGER,
+ AUTHENTICATED_USER_NAME VARCHAR(255),
+ USER_STORE_DOMAIN VARCHAR(100),
+ TENANT_ID INTEGER,
+ AUTH_REQ_STATUS VARCHAR (100) DEFAULT 'REQUESTED',
+ IDP_ID INTEGER,
+ UNIQUE(AUTH_REQ_ID),
+ PRIMARY KEY (AUTH_CODE_KEY),
+ FOREIGN KEY (TENANT_ID, CONSUMER_KEY) REFERENCES IDN_OAUTH_CONSUMER_APPS(TENANT_ID, CONSUMER_KEY) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_CIBA_REQUEST_SCOPES (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ AUTH_CODE_KEY CHAR (36),
+ SCOPE VARCHAR (255),
+ FOREIGN KEY (AUTH_CODE_KEY) REFERENCES IDN_OAUTH2_CIBA_AUTH_CODE(AUTH_CODE_KEY) ON DELETE CASCADE,
+ PRIMARY KEY (ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_FED_AUTH_SESSION_MAPPING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ IDP_SESSION_ID VARCHAR(255) NOT NULL,
+ SESSION_ID VARCHAR(255) NOT NULL,
+ IDP_NAME VARCHAR(255) NOT NULL,
+ AUTHENTICATOR_ID VARCHAR(255),
+ PROTOCOL_TYPE VARCHAR(255),
+ TIME_CREATED TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ TENANT_ID INTEGER NOT NULL DEFAULT 0,
+ IDP_ID INTEGER NOT NULL DEFAULT 0,
+ FOREIGN KEY (IDP_ID) REFERENCES IDP(ID) ON DELETE CASCADE,
+ PRIMARY KEY (ID),
+ UNIQUE (IDP_SESSION_ID, TENANT_ID, IDP_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CONFIG_TYPE (
+ ID VARCHAR(255) NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ DESCRIPTION VARCHAR(1023) NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TYPE_NAME_CONSTRAINT UNIQUE (NAME)
+);
+
+INSERT INTO IDN_CONFIG_TYPE (ID, NAME, DESCRIPTION) VALUES
+('9ab0ef95-13e9-4ed5-afaf-d29bed62f7bd', 'IDP_TEMPLATE', 'Template type to uniquely identify IDP templates'),
+('3c4ac3d0-5903-4e3d-aaca-38df65b33bfd', 'APPLICATION_TEMPLATE', 'Template type to uniquely identify Application templates'),
+('8ec6dbf1-218a-49bf-bc34-0d2db52d151c', 'CORS_CONFIGURATION', 'A resource type to keep the tenant CORS configurations'),
+('669b99ca-cdb0-44a6-8cae-babed3b585df', 'Publisher', 'A resource type to keep the event publisher configurations'),
+('73f6d9ca-62f4-4566-bab9-2a930ae51ba8', 'BRANDING_PREFERENCES', 'A resource type to keep the tenant branding preferences'),
+('8469a176-3e6c-438a-ba01-71e9077072fa', 'APPLICATION_BRANDING_PREFERENCES', 'A resource type to keep the application branding preferences'),
+('899c69b2-8bf7-46b5-9666-f7f99f90d6cc', 'fido-config', 'A resource type to store FIDO authenticator related preferences'),
+('7f24050f-3e3d-4a00-b10f-fd5450d6523e', 'input-validation-configurations', 'A resource type to store input validation related configurations'),
+('f4e83b8a-d1c4-a0d6-03a7-d48e268c60c5', 'PK_JWT_CONFIGURATION', 'A resource type to keep the tenant private key jwt configuration.'),
+('9ec61e9d-f0e6-4952-9a09-ab842aeb2db2', 'ATTRIBUTE_CONFIGURATION', 'A resource type to store attribute related configurations.'),
+('132b0ee6-43e0-462d-8b4b-15b68109d71d', 'ORGANIZATION_CONFIGURATION', 'A resource type to keep the organization configurations.'),
+('1fc809a0-dc0d-4cb2-82f3-58934d389236', 'CUSTOM_TEXT', 'A resource type to keep the tenant custom text preferences.'),
+('c385a42a-5697-4604-b49a-62456621e926', 'DCR_CONFIGURATION', 'A resource type to keep the DCR configurations.'),
+('3e5b1f91-72d8-4fbc-94d1-1b9a4f8c3b07', 'IMPERSONATION_CONFIGURATION', 'A resource type to keep the tenant impersonation preferences.');
+
+CREATE TABLE IF NOT EXISTS IDN_CONFIG_RESOURCE (
+ ID VARCHAR(255) NOT NULL,
+ TENANT_ID INT NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ CREATED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED TIMESTAMP NOT NULL,
+ HAS_FILE BOOLEAN NOT NULL,
+ HAS_ATTRIBUTE BOOLEAN NOT NULL,
+ TYPE_ID VARCHAR(255) NOT NULL,
+ UNIQUE (NAME, TENANT_ID, TYPE_ID),
+ PRIMARY KEY (ID)
+);
+ALTER TABLE IDN_CONFIG_RESOURCE
+ADD CONSTRAINT TYPE_ID_FOREIGN_CONSTRAINT FOREIGN KEY (TYPE_ID) REFERENCES IDN_CONFIG_TYPE (ID)
+ON DELETE CASCADE ON UPDATE CASCADE;
+
+CREATE TABLE IF NOT EXISTS IDN_CONFIG_ATTRIBUTE (
+ ID VARCHAR(255) NOT NULL,
+ RESOURCE_ID VARCHAR(255) NOT NULL,
+ ATTR_KEY VARCHAR(255) NOT NULL,
+ ATTR_VALUE VARCHAR(1023) NULL,
+ PRIMARY KEY (ID),
+ UNIQUE (RESOURCE_ID, ATTR_KEY)
+);
+ALTER TABLE IDN_CONFIG_ATTRIBUTE
+ADD CONSTRAINT RESOURCE_ID_ATTRIBUTE_FOREIGN_CONSTRAINT FOREIGN KEY (RESOURCE_ID) REFERENCES
+IDN_CONFIG_RESOURCE (ID) ON DELETE CASCADE ON UPDATE CASCADE;
+
+CREATE TABLE IF NOT EXISTS IDN_CONFIG_FILE (
+ ID VARCHAR(255) NOT NULL,
+ `VALUE` BLOB NULL,
+ RESOURCE_ID VARCHAR(255) NOT NULL,
+ NAME VARCHAR(255) NULL,
+ PRIMARY KEY (ID)
+);
+ALTER TABLE IDN_CONFIG_FILE
+ADD CONSTRAINT RESOURCE_ID_FILE_FOREIGN_CONSTRAINT FOREIGN KEY (RESOURCE_ID) REFERENCES
+IDN_CONFIG_RESOURCE (ID) ON DELETE CASCADE ON UPDATE CASCADE;
+
+CREATE TABLE IF NOT EXISTS IDN_REMOTE_FETCH_CONFIG (
+ ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ IS_ENABLED CHAR(1) NOT NULL,
+ REPO_MANAGER_TYPE VARCHAR(255) NOT NULL,
+ ACTION_LISTENER_TYPE VARCHAR(255) NOT NULL,
+ CONFIG_DEPLOYER_TYPE VARCHAR(255) NOT NULL,
+ REMOTE_FETCH_NAME VARCHAR(255),
+ REMOTE_RESOURCE_URI VARCHAR(255) NOT NULL,
+ ATTRIBUTES_JSON MEDIUMTEXT NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT UC_REMOTE_RESOURCE_TYPE UNIQUE (TENANT_ID, CONFIG_DEPLOYER_TYPE)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_REMOTE_FETCH_REVISIONS (
+ ID VARCHAR(255) NOT NULL,
+ CONFIG_ID VARCHAR(255) NOT NULL,
+ FILE_PATH VARCHAR(255) NOT NULL,
+ FILE_HASH VARCHAR(255),
+ DEPLOYED_DATE TIMESTAMP,
+ LAST_SYNC_TIME TIMESTAMP,
+ DEPLOYMENT_STATUS VARCHAR(255),
+ ITEM_NAME VARCHAR(255),
+ DEPLOY_ERR_LOG MEDIUMTEXT,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (CONFIG_ID) REFERENCES IDN_REMOTE_FETCH_CONFIG(ID) ON DELETE CASCADE,
+ CONSTRAINT UC_REVISIONS UNIQUE (CONFIG_ID, ITEM_NAME)
+);
+
+
+CREATE TABLE IF NOT EXISTS IDN_USER_FUNCTIONALITY_MAPPING (
+ ID VARCHAR(255) NOT NULL,
+ USER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ FUNCTIONALITY_ID VARCHAR(255) NOT NULL,
+ IS_FUNCTIONALITY_LOCKED BOOLEAN NOT NULL,
+ FUNCTIONALITY_UNLOCK_TIME BIGINT NOT NULL,
+ FUNCTIONALITY_LOCK_REASON VARCHAR(1023),
+ FUNCTIONALITY_LOCK_REASON_CODE VARCHAR(255),
+ PRIMARY KEY (ID),
+ CONSTRAINT IDN_USER_FUNCTIONALITY_MAPPING_CONSTRAINT UNIQUE (USER_ID, TENANT_ID, FUNCTIONALITY_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_USER_FUNCTIONALITY_PROPERTY (
+ ID VARCHAR(255) NOT NULL,
+ USER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ FUNCTIONALITY_ID VARCHAR(255) NOT NULL,
+ PROPERTY_NAME VARCHAR(255),
+ PROPERTY_VALUE VARCHAR(255),
+ PRIMARY KEY (ID),
+ CONSTRAINT IDN_USER_FUNCTIONALITY_PROPERTY_CONSTRAINT UNIQUE (USER_ID, TENANT_ID, FUNCTIONALITY_ID, PROPERTY_NAME)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CORS_ORIGIN (
+ ID INT NOT NULL AUTO_INCREMENT,
+ TENANT_ID INT NOT NULL,
+ ORIGIN VARCHAR(2048) NOT NULL,
+ UUID CHAR(36) NOT NULL,
+
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, ORIGIN),
+ UNIQUE (UUID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_CORS_ASSOCIATION (
+ IDN_CORS_ORIGIN_ID INT NOT NULL,
+ SP_APP_ID INT NOT NULL,
+
+ PRIMARY KEY (IDN_CORS_ORIGIN_ID, SP_APP_ID),
+ FOREIGN KEY (IDN_CORS_ORIGIN_ID) REFERENCES IDN_CORS_ORIGIN (ID) ON DELETE CASCADE,
+ FOREIGN KEY (SP_APP_ID) REFERENCES SP_APP (ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_USER_CONSENT (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ USER_ID VARCHAR(255) NOT NULL,
+ APP_ID CHAR(36) NOT NULL,
+ TENANT_ID INTEGER NOT NULL DEFAULT -1,
+ CONSENT_ID VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE,
+ UNIQUE (USER_ID, APP_ID, TENANT_ID),
+ UNIQUE (CONSENT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_USER_CONSENTED_SCOPES (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ CONSENT_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL DEFAULT -1,
+ SCOPE VARCHAR(255) NOT NULL,
+ CONSENT BOOLEAN NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (CONSENT_ID) REFERENCES IDN_OAUTH2_USER_CONSENT(CONSENT_ID) ON DELETE CASCADE,
+ UNIQUE (CONSENT_ID, SCOPE)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_SECRET_TYPE (
+ ID VARCHAR(255) NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ DESCRIPTION VARCHAR(1023) NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT SECRET_TYPE_NAME_CONSTRAINT UNIQUE (NAME)
+);
+
+INSERT INTO IDN_SECRET_TYPE (ID, NAME, DESCRIPTION) VALUES
+('1358bdbf-e0cc-4268-a42c-c3e0960e13f0', 'ADAPTIVE_AUTH_CALL_CHOREO', 'Secret type to uniquely identify secrets relevant to callChoreo adaptive auth function'),
+('c508ca28-60c0-4493-a758-77e4173ffdb9', 'IDP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity providers'),
+('433df096-62b7-4a36-b3eb-1bed9150ed35', 'IDVP_SECRET_PROPERTIES', 'Secret type to uniquely identify secrets relevant to identity verification providers'),
+('29d0c37d-139a-4b1e-a343-7b8d26f0a2a9', 'ANDROID_ATTESTATION_CREDENTIALS', 'Secret type to uniquely identify secrets relevant to android client attestation credentials'),
+('33f0a41b-569d-4ea5-a891-6c0e78a1c3b0', 'ACTION_API_ENDPOINT_AUTH_SECRETS', 'Secret type to uniquely identify secrets relevant to action endpoint authentication properties');
+
+CREATE TABLE IF NOT EXISTS IDN_SECRET (
+ ID VARCHAR(255) NOT NULL,
+ TENANT_ID INT NOT NULL,
+ SECRET_NAME VARCHAR(1023) NOT NULL,
+ SECRET_VALUE VARCHAR(8000) NOT NULL,
+ CREATED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED TIMESTAMP NOT NULL,
+ TYPE_ID VARCHAR(255) NOT NULL,
+ DESCRIPTION VARCHAR(1023) NULL,
+ KEY_ID VARCHAR(255) NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (TYPE_ID) REFERENCES IDN_SECRET_TYPE(ID) ON DELETE CASCADE,
+ UNIQUE (SECRET_NAME, TENANT_ID, TYPE_ID)
+);
+
+CREATE TABLE IF NOT EXISTS SP_SHARED_APP (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ MAIN_APP_ID CHAR(36) NOT NULL,
+ OWNER_ORG_ID CHAR(36) NOT NULL,
+ SHARED_APP_ID CHAR(36) NOT NULL,
+ SHARED_ORG_ID CHAR(36) NOT NULL,
+ SHARE_WITH_ALL_CHILDREN BOOLEAN DEFAULT FALSE,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (MAIN_APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE,
+ FOREIGN KEY (SHARED_APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE,
+ UNIQUE (MAIN_APP_ID, OWNER_ORG_ID, SHARED_ORG_ID),
+ UNIQUE (SHARED_APP_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDVP (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ UUID CHAR(36) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ IDVP_TYPE VARCHAR(254),
+ NAME VARCHAR(254),
+ DESCRIPTION VARCHAR(1024),
+ IS_ENABLED CHAR(1) NOT NULL DEFAULT '0',
+ PRIMARY KEY (ID),
+ UNIQUE (TENANT_ID, NAME),
+ UNIQUE (UUID)
+);
+
+CREATE TABLE IF NOT EXISTS IDVP_CLAIM_MAPPING (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ IDVP_ID INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ CLAIM VARCHAR(254),
+ LOCAL_CLAIM VARCHAR(254),
+ PRIMARY KEY (ID),
+ UNIQUE (IDVP_ID, CLAIM, TENANT_ID),
+ FOREIGN KEY (IDVP_ID) REFERENCES IDVP(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDVP_CONFIG (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ IDVP_ID INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PROPERTY_KEY VARCHAR(254) NOT NULL,
+ PROPERTY_VALUE VARCHAR(1024),
+ IS_SECRET CHAR (1) DEFAULT '0',
+ PRIMARY KEY (ID),
+ UNIQUE (IDVP_ID, PROPERTY_KEY, TENANT_ID),
+ FOREIGN KEY (IDVP_ID) REFERENCES IDVP(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDV_CLAIM (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ UUID CHAR(36) NOT NULL,
+ USER_ID VARCHAR(254) NOT NULL,
+ CLAIM_URI VARCHAR(254),
+ IDVP_ID CHAR(36) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ IS_VERIFIED CHAR(1) NOT NULL DEFAULT '0',
+ METADATA BLOB,
+ PRIMARY KEY (ID),
+ UNIQUE (CLAIM_URI, TENANT_ID, USER_ID, IDVP_ID),
+ UNIQUE (UUID),
+ FOREIGN KEY (IDVP_ID) REFERENCES IDVP(UUID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH_PAR (
+ REQ_URI_REF VARCHAR(255) PRIMARY KEY,
+ CLIENT_ID VARCHAR(255) NOT NULL,
+ SCHEDULED_EXPIRY BIGINT NOT NULL,
+ PARAMETERS MEDIUMTEXT
+);
+
+CREATE TABLE IF NOT EXISTS IDN_SAML2_SERVICE_PROVIDER (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ ISSUER VARCHAR(255) NOT NULL,
+ DEFAULT_ASSERTION_CONSUMER_URL VARCHAR(2048) NOT NULL,
+ NAME_ID_FORMAT VARCHAR(255) NOT NULL,
+ CERT_ALIAS VARCHAR(255),
+ REQ_SIG_VALIDATION BOOLEAN,
+ SIGN_RESPONSE BOOLEAN NOT NULL,
+ SIGN_ASSERTIONS BOOLEAN NOT NULL,
+ SIGNING_ALGO VARCHAR(255) NOT NULL,
+ DIGEST_ALGO VARCHAR(255) NOT NULL,
+ ENCRYPT_ASSERTION BOOLEAN,
+ ASSERTION_ENCRYPTION_ALGO VARCHAR(255),
+ KEY_ENCRYPTION_ALGO VARCHAR(255),
+ ATTR_PROFILE_ENABLED BOOLEAN NOT NULL,
+ ATTR_SERVICE_INDEX VARCHAR(255),
+ SLO_PROFILE_ENABLED BOOLEAN NOT NULL,
+ SLO_METHOD VARCHAR(255),
+ SLO_RESPONSE_URL VARCHAR(2048),
+ SLO_REQUEST_URL VARCHAR(2048),
+ IDP_INIT_SSO_ENABLED BOOLEAN,
+ IDP_INIT_SLO_ENABLED BOOLEAN,
+ QUERY_REQUEST_PROFILE_ENABLED BOOLEAN NOT NULL,
+ ECP_ENABLED BOOLEAN NOT NULL,
+ ARTIFACT_BINDING_ENABLED BOOLEAN NOT NULL,
+ ARTIFACT_RESOLVE_REQ_SIG_VALIDATION BOOLEAN,
+ IDP_ENTITY_ID_ALIAS VARCHAR(255),
+ ISSUER_QUALIFIER VARCHAR(255),
+ SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES VARCHAR(255),
+ TENANT_ID INTEGER,
+ PRIMARY KEY (ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_SAML2_SP_PROPERTIES (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ PROPERTY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2048) NOT NULL,
+ SP_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SP_ID) REFERENCES IDN_SAML2_SERVICE_PROVIDER (ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_ORG_USER_INVITATION (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ INVITATION_ID VARCHAR(40) NOT NULL,
+ CONFIRMATION_CODE VARCHAR(40) NOT NULL,
+ USER_NAME VARCHAR(254) NOT NULL,
+ DOMAIN_NAME VARCHAR(254) NOT NULL,
+ EMAIL VARCHAR(254) NOT NULL,
+ USER_ORG_ID VARCHAR(254) NOT NULL,
+ INVITED_ORG_ID VARCHAR(254) NOT NULL,
+ USER_REDIRECT_URL VARCHAR(1024) NOT NULL,
+ STATUS VARCHAR(10) NOT NULL,
+ CREATED_AT TIMESTAMP NOT NULL,
+ EXPIRED_AT TIMESTAMP NOT NULL,
+ PRIMARY KEY (INVITATION_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_ORG_USER_INVITE_ASSIGNMENT(
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ INVITATION_ID VARCHAR(40) NOT NULL,
+ ASSIGNMENT_ID VARCHAR(255) NOT NULL,
+ ASSIGNMENT_TYPE VARCHAR(255) NOT NULL,
+ PRIMARY KEY (INVITATION_ID, ASSIGNMENT_ID, ASSIGNMENT_TYPE),
+ FOREIGN KEY (INVITATION_ID) REFERENCES IDN_ORG_USER_INVITATION(INVITATION_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS API_RESOURCE (
+ ID CHAR(36) NOT NULL PRIMARY KEY,
+ CURSOR_KEY INTEGER NOT NULL AUTO_INCREMENT,
+ NAME VARCHAR(255) NOT NULL,
+ IDENTIFIER VARCHAR(255) NOT NULL,
+ TENANT_ID INT,
+ DESCRIPTION VARCHAR(255),
+ TYPE VARCHAR(255) NOT NULL,
+ REQUIRES_AUTHORIZATION BOOLEAN NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS API_RESOURCE_PROPERTY (
+ ID INTEGER AUTO_INCREMENT,
+ API_ID CHAR(36) NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ `VALUE` VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT API_RESOURCE_PROPERTY_CONSTRAINT UNIQUE (API_ID, NAME),
+ FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS SCOPE (
+ ID CHAR(36) NOT NULL PRIMARY KEY,
+ CURSOR_KEY INTEGER NOT NULL AUTO_INCREMENT,
+ API_ID CHAR(36) NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INT,
+ DESCRIPTION VARCHAR(300),
+ FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS APP_ROLE_ASSOCIATION (
+ APP_ID CHAR(36) NOT NULL,
+ ROLE_ID VARCHAR(255) NOT NULL,
+ PRIMARY KEY (APP_ID, ROLE_ID),
+ FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS ROLE_SCOPE (
+ ROLE_ID VARCHAR(255) NOT NULL,
+ SCOPE_ID CHAR(36) NOT NULL,
+ PRIMARY KEY (ROLE_ID, SCOPE_ID),
+ FOREIGN KEY (SCOPE_ID) REFERENCES SCOPE(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS AUTHORIZED_API(
+ APP_ID CHAR(36) NOT NULL,
+ API_ID CHAR(36) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ CONSTRAINT PK_APP_API PRIMARY KEY (APP_ID, API_ID),
+ FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID) ON DELETE CASCADE,
+ FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS AUTHORIZED_SCOPE(
+ APP_ID CHAR(36) NOT NULL,
+ API_ID CHAR(36) NOT NULL,
+ SCOPE_ID CHAR(36) NOT NULL,
+ CONSTRAINT PK_APP_API_SCOPE PRIMARY KEY (APP_ID, API_ID, SCOPE_ID),
+ FOREIGN KEY (API_ID) REFERENCES API_RESOURCE(ID),
+ FOREIGN KEY (SCOPE_ID) REFERENCES SCOPE(ID) ON DELETE CASCADE,
+ FOREIGN KEY (APP_ID) REFERENCES SP_APP(UUID),
+ FOREIGN KEY (APP_ID, API_ID) REFERENCES AUTHORIZED_API(APP_ID, API_ID) ON DELETE CASCADE,
+ CONSTRAINT AUTHORIZED_SCOPE_UNIQUE UNIQUE (APP_ID, SCOPE_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_NOTIFICATION_TYPE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TYPE_KEY VARCHAR(255) NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ CHANNEL VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT NOTIFICATION_TYPE_KEY_CONSTRAINT UNIQUE (TYPE_KEY, CHANNEL, TENANT_ID),
+ CONSTRAINT NOTIFICATION_TYPE_NAME_CONSTRAINT UNIQUE (NAME, CHANNEL, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_NOTIFICATION_ORG_TEMPLATE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TEMPLATE_KEY VARCHAR(50) NOT NULL,
+ LOCALE VARCHAR(50) NOT NULL,
+ SUBJECT VARCHAR(4000),
+ BODY MEDIUMTEXT,
+ FOOTER MEDIUMTEXT,
+ CONTENT_TYPE VARCHAR(50),
+ TYPE_ID INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (TYPE_ID) REFERENCES IDN_NOTIFICATION_TYPE(ID) ON DELETE CASCADE,
+ CONSTRAINT ORG_NOTIFICATION_TEMPLATE_KEY_CONSTRAINT UNIQUE (TEMPLATE_KEY, TYPE_ID, TENANT_ID),
+ CONSTRAINT ORG_NOTIFICATION_TEMPLATE_LOCALE_CONSTRAINT UNIQUE (LOCALE, TYPE_ID, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_NOTIFICATION_APP_TEMPLATE (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ TEMPLATE_KEY VARCHAR(50) NOT NULL,
+ LOCALE VARCHAR(50) NOT NULL,
+ SUBJECT VARCHAR(4000),
+ BODY MEDIUMTEXT,
+ FOOTER MEDIUMTEXT,
+ CONTENT_TYPE VARCHAR(50),
+ TYPE_ID INTEGER NOT NULL,
+ APP_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (TYPE_ID) REFERENCES IDN_NOTIFICATION_TYPE(ID) ON DELETE CASCADE,
+ CONSTRAINT APP_NOTIFICATION_TEMPLATE_KEY_CONSTRAINT UNIQUE (TEMPLATE_KEY, TYPE_ID, APP_ID, TENANT_ID),
+ CONSTRAINT APP_NOTIFICATION_TEMPLATE_LOCALE_CONSTRAINT UNIQUE (LOCALE, TYPE_ID, APP_ID, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_ACTION (
+ UUID CHAR(36) NOT NULL,
+ TYPE VARCHAR(50) NOT NULL,
+ NAME VARCHAR(255) NOT NULL,
+ DESCRIPTION VARCHAR(255),
+ STATUS VARCHAR(10) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (UUID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_ACTION_ENDPOINT (
+ ACTION_UUID CHAR(36) NOT NULL,
+ PROPERTY_NAME VARCHAR(100) NOT NULL,
+ PROPERTY_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ACTION_UUID, PROPERTY_NAME),
+ FOREIGN KEY (ACTION_UUID) REFERENCES IDN_ACTION(UUID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_OAUTH2_TOKEN_CLAIMS (
+ ID INTEGER NOT NULL AUTO_INCREMENT,
+ APP_ID INTEGER NOT NULL,
+ CLAIM_URI VARCHAR(255) NOT NULL,
+ PRIMARY KEY (ID),
+ CONSTRAINT TOKEN_CLAIMS_CONSTRAINT UNIQUE (APP_ID, CLAIM_URI),
+ FOREIGN KEY (APP_ID) REFERENCES IDN_OAUTH_CONSUMER_APPS(ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_CONFIG (
+ CONFIG_KEY VARCHAR(255) NOT NULL,
+ CONFIG_VALUE VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (TENANT_ID, CONFIG_KEY)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY (
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ IS_IN_PAP BOOLEAN NOT NULL DEFAULT TRUE,
+ IS_IN_PDP BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY CLOB NOT NULL,
+ IS_ACTIVE BOOLEAN NOT NULL DEFAULT FALSE,
+ POLICY_TYPE VARCHAR(255) NOT NULL,
+ POLICY_EDITOR VARCHAR(255),
+ POLICY_ORDER INTEGER NOT NULL,
+ LAST_MODIFIED_TIME TIMESTAMP NOT NULL,
+ LAST_MODIFIED_USER VARCHAR(255),
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (POLICY_ID, VERSION, TENANT_ID),
+ CONSTRAINT IDN_XACML_POLICY_KEY_CONSTRAINT UNIQUE (POLICY_ID, VERSION, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_ATTRIBUTE (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ ATTRIBUTE_ID VARCHAR(255) NOT NULL,
+ ATTRIBUTE_VALUE VARCHAR(255) NOT NULL,
+ DATA_TYPE VARCHAR(255) NOT NULL,
+ CATEGORY VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_EDITOR_DATA (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ DATA VARCHAR(500),
+ DATA_ORDER INTEGER NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_REFERENCE (
+ REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_SET_REFERENCE (
+ SET_REFERENCE VARCHAR(255) NOT NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ VERSION INTEGER NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SET_REFERENCE, POLICY_ID, VERSION, TENANT_ID),
+ FOREIGN KEY (POLICY_ID, VERSION, TENANT_ID) REFERENCES IDN_XACML_POLICY (POLICY_ID, VERSION, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER (
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ ENTITLEMENT_MODULE_NAME VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (SUBSCRIBER_ID, TENANT_ID),
+ CONSTRAINT IDN_XACML_SUBSCRIBER_KEY_CONSTRAINT UNIQUE (SUBSCRIBER_ID, TENANT_ID)
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_PROPERTY (
+ PROPERTY_ID VARCHAR(255) NOT NULL,
+ DISPLAY_NAME VARCHAR(255) NOT NULL,
+ PROPERTY_VALUE VARCHAR(2000) NOT NULL,
+ IS_REQUIRED BOOLEAN NOT NULL DEFAULT FALSE,
+ DISPLAY_ORDER INTEGER NOT NULL,
+ IS_SECRET BOOLEAN NOT NULL DEFAULT FALSE,
+ PROPERTY_MODULE VARCHAR(255),
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (PROPERTY_ID, SUBSCRIBER_ID, TENANT_ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_SUBSCRIBER_STATUS (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255) NULL,
+ SUBSCRIBER_ID VARCHAR(255) NOT NULL,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID),
+ FOREIGN KEY (SUBSCRIBER_ID, TENANT_ID) REFERENCES IDN_XACML_SUBSCRIBER (SUBSCRIBER_ID, TENANT_ID) ON DELETE CASCADE
+);
+
+CREATE TABLE IF NOT EXISTS IDN_XACML_POLICY_STATUS (
+ ID INTEGER AUTO_INCREMENT NOT NULL,
+ TYPE VARCHAR(255) NOT NULL,
+ IS_SUCCESS BOOLEAN NOT NULL DEFAULT FALSE,
+ USERNAME VARCHAR(255) NOT NULL,
+ TARGET VARCHAR(255) NOT NULL,
+ TARGET_ACTION VARCHAR(255) NOT NULL,
+ LOGGED_AT TIMESTAMP NOT NULL,
+ MESSAGE VARCHAR(255) NULL,
+ POLICY_ID VARCHAR(255) NOT NULL,
+ POLICY_VERSION INTEGER NOT NULL DEFAULT -1,
+ TENANT_ID INTEGER NOT NULL,
+ PRIMARY KEY (ID)
+);
+
+-- --------------------------- INDEX CREATION -----------------------------
+-- IDN_OAUTH2_ACCESS_TOKEN --
+CREATE INDEX IDX_TC ON IDN_OAUTH2_ACCESS_TOKEN(TIME_CREATED);
+CREATE INDEX IDX_ATH ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN_HASH);
+CREATE INDEX IDX_AT_TI_UD ON IDN_OAUTH2_ACCESS_TOKEN(AUTHZ_USER, TENANT_ID, TOKEN_STATE, USER_DOMAIN);
+CREATE INDEX IDX_AT_AT ON IDN_OAUTH2_ACCESS_TOKEN(ACCESS_TOKEN);
+CREATE INDEX IDX_AT_RTH ON IDN_OAUTH2_ACCESS_TOKEN(REFRESH_TOKEN_HASH);
+CREATE INDEX IDX_AT_RT ON IDN_OAUTH2_ACCESS_TOKEN(REFRESH_TOKEN);
+CREATE INDEX IDX_TBR_TS ON IDN_OAUTH2_ACCESS_TOKEN(TOKEN_BINDING_REF, TOKEN_STATE);
+
+-- IDN_OAUTH2_AUTHORIZATION_CODE --
+CREATE INDEX IDX_AUTHORIZATION_CODE_HASH ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHORIZATION_CODE_HASH, CONSUMER_KEY_ID);
+CREATE INDEX IDX_AUTHORIZATION_CODE_AU_TI ON IDN_OAUTH2_AUTHORIZATION_CODE (AUTHZ_USER, TENANT_ID, USER_DOMAIN, STATE);
+CREATE INDEX IDX_AC_CKID ON IDN_OAUTH2_AUTHORIZATION_CODE(CONSUMER_KEY_ID);
+CREATE INDEX IDX_AC_TID ON IDN_OAUTH2_AUTHORIZATION_CODE(TOKEN_ID);
+CREATE INDEX IDX_AC_AC_CKID ON IDN_OAUTH2_AUTHORIZATION_CODE(AUTHORIZATION_CODE, CONSUMER_KEY_ID);
+CREATE INDEX IDX_AT_CKID_AU_TID_UD_TSH_TS ON IDN_OAUTH2_ACCESS_TOKEN(CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, TOKEN_SCOPE_HASH, TOKEN_STATE);
+
+-- IDN_SCIM_GROUP --
+CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME);
+CREATE INDEX IDX_IDN_SCIM_GROUP_TI_RN_AN ON IDN_SCIM_GROUP (TENANT_ID, ROLE_NAME, ATTR_NAME);
+
+-- IDN_AUTH_SESSION_STORE --
+CREATE INDEX IDX_IDN_AUTH_SESSION_TIME ON IDN_AUTH_SESSION_STORE (TIME_CREATED);
+CREATE INDEX IDX_IDN_AUTH_SSTR_ST_OP_ID_TM ON IDN_AUTH_SESSION_STORE (OPERATION, SESSION_TYPE, SESSION_ID, TIME_CREATED);
+CREATE INDEX IDX_IDN_AUTH_SSTR_ET_ID ON IDN_AUTH_SESSION_STORE (EXPIRY_TIME, SESSION_ID);
+
+-- IDN_AUTH_TEMP_SESSION_STORE --
+CREATE INDEX IDX_IDN_AUTH_TMP_SESSION_TIME ON IDN_AUTH_TEMP_SESSION_STORE (TIME_CREATED);
+
+-- IDN_OIDC_SCOPE_CLAIM_MAPPING --
+CREATE INDEX IDX_AT_SI_ECI ON IDN_OIDC_SCOPE_CLAIM_MAPPING(SCOPE_ID, EXTERNAL_CLAIM_ID);
+
+-- IDN_OAUTH2_SCOPE --
+CREATE INDEX IDX_SC_TID ON IDN_OAUTH2_SCOPE(TENANT_ID);
+
+-- IDN_OAUTH2_SCOPE_BINDING --
+CREATE INDEX IDX_SB_SCPID ON IDN_OAUTH2_SCOPE_BINDING(SCOPE_ID);
+
+-- IDN_OIDC_REQ_OBJECT_REFERENCE --
+CREATE INDEX IDX_OROR_TID ON IDN_OIDC_REQ_OBJECT_REFERENCE(TOKEN_ID);
+
+-- IDN_OAUTH2_ACCESS_TOKEN_SCOPE --
+CREATE INDEX IDX_ATS_TID ON IDN_OAUTH2_ACCESS_TOKEN_SCOPE(TOKEN_ID);
+
+-- SP_TEMPLATE --
+CREATE INDEX IDX_SP_TEMPLATE ON SP_TEMPLATE (TENANT_ID, NAME);
+
+-- IDN_AUTH_USER --
+CREATE INDEX IDX_AUTH_USER_UN_TID_DN ON IDN_AUTH_USER (USER_NAME, TENANT_ID, DOMAIN_NAME);
+CREATE INDEX IDX_AUTH_USER_DN_TOD ON IDN_AUTH_USER (DOMAIN_NAME, TENANT_ID);
+
+-- IDN_AUTH_USER_SESSION_MAPPING --
+CREATE INDEX IDX_USER_ID ON IDN_AUTH_USER_SESSION_MAPPING (USER_ID);
+CREATE INDEX IDX_SESSION_ID ON IDN_AUTH_USER_SESSION_MAPPING (SESSION_ID);
+
+-- IDN_AUTH_SESSION_APP_INFO --
+CREATE INDEX IDX_AUTH_SAI_UN_AID_SID ON IDN_AUTH_SESSION_APP_INFO (APP_ID, SUBJECT, SESSION_ID);
+
+-- IDN_OAUTH_CONSUMER_APPS --
+CREATE INDEX IDX_OCA_UM_TID_UD_APN ON IDN_OAUTH_CONSUMER_APPS(USERNAME,TENANT_ID,USER_DOMAIN, APP_NAME);
+
+-- IDX_SPI_APP --
+CREATE INDEX IDX_SPI_APP ON SP_INBOUND_AUTH(APP_ID);
+
+-- IDN_OIDC_PROPERTY --
+CREATE INDEX IDX_IOP_CK ON IDN_OIDC_PROPERTY(TENANT_ID, CONSUMER_KEY);
+
+-- IDN_FIDO2_PROPERTY --
+CREATE INDEX IDX_FIDO2_STR ON FIDO2_DEVICE_STORE(USER_NAME, TENANT_ID, DOMAIN_NAME, CREDENTIAL_ID, USER_HANDLE);
+
+-- IDN_ASSOCIATED_ID --
+CREATE INDEX IDX_AI_DN_UN_AI ON IDN_ASSOCIATED_ID(DOMAIN_NAME, USER_NAME, ASSOCIATION_ID);
+
+-- IDN_OAUTH2_TOKEN_BINDING --
+CREATE INDEX IDX_IDN_AUTH_BIND ON IDN_OAUTH2_TOKEN_BINDING (TOKEN_BINDING_REF);
+CREATE INDEX IDX_TK_VALUE_TYPE ON IDN_OAUTH2_TOKEN_BINDING (TOKEN_BINDING_VALUE, TOKEN_BINDING_TYPE);
+
+-- IDN_FED_AUTH_SESSION_MAPPING --
+CREATE INDEX IDX_FEDERATED_AUTH_SESSION_ID ON IDN_FED_AUTH_SESSION_MAPPING (SESSION_ID);
+
+-- IDN_REMOTE_FETCH_REVISIONS --
+CREATE INDEX IDX_REMOTE_FETCH_REVISION_CONFIG_ID ON IDN_REMOTE_FETCH_REVISIONS (CONFIG_ID);
+
+-- IDN_CORS_ASSOCIATION --
+CREATE INDEX IDX_CORS_SP_APP_ID ON IDN_CORS_ASSOCIATION (SP_APP_ID);
+
+-- IDN_CORS_ASSOCIATION --
+CREATE INDEX IDX_CORS_ORIGIN_ID ON IDN_CORS_ASSOCIATION (IDN_CORS_ORIGIN_ID);
+
+-- IDN_SECRET --
+CREATE INDEX IDN_SECRET_TYPE_ID ON IDN_SECRET (TYPE_ID);
+
+-- IDN_CLAIM --
+CREATE INDEX IDX_CLAIM_TI_CU ON IDN_CLAIM (TENANT_ID, CLAIM_URI);
+
+-- IDP_AUTHENTICATOR_PROPERTY --
+CREATE INDEX IDX_AUTH_PROP_AUTH_ID ON IDP_AUTHENTICATOR_PROPERTY (AUTHENTICATOR_ID);
+
+-- IDN_CONFIG_FILE --
+CREATE INDEX IDX_CON_FILE_RES_ID ON IDN_CONFIG_FILE (RESOURCE_ID);
+
+-- SCOPE --
+CREATE INDEX API_ID_NAME_INDEX ON SCOPE (API_ID, NAME);
+
+-- ACTIONS --
+CREATE INDEX IDX_IDN_ACTION_TY_TI ON IDN_ACTION (TYPE, TENANT_ID);
+CREATE INDEX IDX_IDN_ACTION_ENDPOINT_AU_TI ON IDN_ACTION_ENDPOINT (ACTION_UUID, TENANT_ID);
+-- XACML --
+CREATE INDEX IDX_POLICY_ATTRIBUTE ON IDN_XACML_POLICY_ATTRIBUTE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_EDITOR_DATA_FK ON IDN_XACML_POLICY_EDITOR_DATA (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_REF ON IDN_XACML_POLICY_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_POLICY_SET_REF ON IDN_XACML_POLICY_SET_REFERENCE (POLICY_ID, VERSION, TENANT_ID);
+CREATE INDEX IDX_SUBSCRIBER_PROPERTY ON IDN_XACML_SUBSCRIBER_PROPERTY (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_SUBSCRIBER_STATUS ON IDN_XACML_SUBSCRIBER_STATUS (SUBSCRIBER_ID, TENANT_ID);
+CREATE INDEX IDX_XACML_POLICY_STATUS ON IDN_XACML_POLICY_STATUS (POLICY_ID, POLICY_VERSION, TENANT_ID);
+
+--SAML--
+CREATE INDEX IDX_SAML2_SP_ISSUER ON IDN_SAML2_SERVICE_PROVIDER (ISSUER, TENANT_ID);
+CREATE INDEX IDX_SAML2_SP_TENANT_ID ON IDN_SAML2_SERVICE_PROVIDER (TENANT_ID);
+CREATE INDEX IDX_SAML2_SP_PROPERTIES ON IDN_SAML2_SP_PROPERTIES (SP_ID);
diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/test/resources/testng.xml b/components/identity-core/org.wso2.carbon.identity.core/src/test/resources/testng.xml
index 043fa43d7ae7..515455319c13 100644
--- a/components/identity-core/org.wso2.carbon.identity.core/src/test/resources/testng.xml
+++ b/components/identity-core/org.wso2.carbon.identity.core/src/test/resources/testng.xml
@@ -30,6 +30,7 @@
+