Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-linux-setup): KC disable verify_profile required action #8873

Merged
merged 3 commits into from
Jul 4, 2024
Merged

feat(jans-linux-setup): KC disable verify_profile required action #8873

merged 3 commits into from
Jul 4, 2024

Conversation

devrimyatar
Copy link
Contributor

@devrimyatar devrimyatar commented Jul 4, 2024
edited
Loading

closes #8863

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #8874,

@devrimyatar devrimyatar added kind-feature Issue or PR is a new feature request comp-jans-linux-setup Component affected by issue or PR labels Jul 4, 2024
@devrimyatar devrimyatar requested a review from uprightech July 4, 2024 13:47
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 4, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
Secrets Analyzer 0 findings
Authn/Authz Analyzer 1 finding
SQL Injection Analyzer 0 findings
Sensitive Files Analyzer 0 findings
IDOR Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on the configuration and installation of the Jans SAML (Security Assertion Markup Language) component, which is part of the Jans application. The changes include disabling the Keycloak "VERIFY_PROFILE" required action, creating a new Keycloak client, configuring a new authentication flow, creating a Keycloak user storage provider component, and installing the Keycloak scheduler.

From an application security perspective, the key points to consider are the potential security implications of disabling the "Verify Profile" required action, the proper configuration of the new Keycloak client, the review of the custom authentication flow and execution steps, and the integration of the Jans user directory with Keycloak through the user storage provider component. These changes should be carefully evaluated to ensure that the resulting system is secure and meets the organization's security requirements.

Files Changed:

  • jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py: This file is responsible for setting up the Jans SAML integration with Keycloak. The changes include:
    1. Disabling the Keycloak "VERIFY_PROFILE" required action.
    2. Creating a new Keycloak client in the Jans IDP (Identity Provider) realm.
    3. Creating a new authentication flow in the Jans IDP realm, including a custom "Jans Auth" execution step.
    4. Creating a new Keycloak user storage provider component in the Jans IDP realm.
    5. Installing and configuring the Keycloak scheduler.

Powered by DryRun Security

@mo-auto mo-auto mentioned this pull request Jul 4, 2024
Closed
@mo-auto
Copy link
Member

mo-auto commented Jul 4, 2024

Error: Hi @devrimyatar, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@yuriyz yuriyz enabled auto-merge (squash) July 4, 2024 15:21
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jul 4, 2024

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@yuriyz yuriyz merged commit 950f5c3 into main Jul 4, 2024
10 checks passed
@yuriyz yuriyz deleted the jans-linux-setup-kc-disable-verify-profile branch July 4, 2024 15:47
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@devrimyatar @moabu
feat(jans-linux-setup): KC disable verify_profile required action (#8873
bc59cef 
)

Signed-off-by: Mustafa Baser <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
Former-commit-id: 950f5c3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uprightech uprightech uprightech approved these changes

@yuriyz yuriyz yuriyz approved these changes

@yurem yurem Awaiting requested review from yurem yurem is a code owner

@yuriyzz yuriyzz Awaiting requested review from yuriyzz yuriyzz is a code owner

Assignees
No one assigned
Labels
comp-jans-linux-setup Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
5 participants
@devrimyatar @mo-auto @uprightech @yuriyz @moabu