fix(jans-linux-setup): kc deployment updates

[devrimyatar]

closes #8855

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	5 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code change in this pull request is related to the installation and configuration of the Jans SAML (Security Assertion Markup Language) Installer, which is responsible for setting up the Keycloak identity provider (IDP) and its associated components. From an application security perspective, there are several important aspects to consider:

1. Secure Configuration Management: The code sets various configuration parameters for the Keycloak IDP, such as the realm, client ID, client secret, and user credentials. It's crucial to ensure these values are securely managed and not stored in plain text.

2. Dependency Management: The code downloads and installs several JAR files and ZIP archives from the Jans Maven repository. It's essential to ensure these dependencies are from trusted sources and that their versions are kept up-to-date to mitigate potential security vulnerabilities.

3. Authentication and Authorization: The code sets up an authentication flow and user storage provider component for the Keycloak IDP. It's important to review these configurations to ensure they align with the application's security requirements and best practices.

4. Database Security: The code sets up database connection details, such as the database provider, username, and password. These values should be securely managed and not hardcoded in the codebase.

Files Changed:

• jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py: This file is responsible for the installation and configuration of the Jans SAML Installer, which sets up the Keycloak IDP and its associated components. The changes in this file cover various security-related aspects, such as secure configuration management, dependency management, privilege separation, authentication and authorization, logging and monitoring, and database security. These changes should be reviewed carefully to ensure the application's security posture is maintained throughout the deployment process.

Powered by DryRun Security

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud