feat(jans-cli-tui): client tokens and sessions #9602

devrimyatar · 2024-09-26T11:50:55Z

[x] closes #9413
[ ] closes #9412

Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

…8801) Signed-off-by: Mustafa Baser <mbaser@mail.com>

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* chore(jans-cli-tui): more logging Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): User Admin UI roles Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com>

…nd cn #8776 (#8806) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): remove references to jans standalone persistence layer Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper for kc #8614 * added persistence manager configuration for protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): added dependencies for protocol mapper #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added dependencies to protocol mapper * added protocol mapper main class Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added relevant models to fetch user attributes * refactored the db configuration classes Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * created maven project for janssen spi bundle Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * added dependencies xml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to job-scheduler #8614 * added support for new protocol mapper in job scheduler * fixed typo in application shutdown log message Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added support for the protocol-mapper in job-scheduler configuration * fixed issue in job-scheduler logging configuration that caused too many log files to be created Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): spi bundle #8614 * additions to the spi bundle pom file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added protocol mapper implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added thin bridge spi provider * added models for thin bridge provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator spi to spi module * minor refactoring to the authenticator spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator rest service spi to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added new storage provider implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added missing files to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added resource files to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * bump spi version to 1.1.3-SNAPSHOT * removed protocol-mapper PoC from build modules Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * minor bugfix to scheduler. did not show fatal startup errors in log file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 *fix for fatal errors which don't still appear in the logs Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * further housekeeping in job-scheduler Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixed bug in user storage spi preventing authentication in new version of keycloak Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * have scheduler create saml clients with document and assertion signing as default configuration Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancement to jans-keycloak-integration #8614 * removed reference to protocol-mapper poc submodule Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed reference to storage-spi module * restored job-scheduler module in build pom Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed authenticator source as it was moved to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixes suggested by static analyser Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * marked jans authenticator in the kc authentication flow ALTERNATIVE * updated providerId for our custom user storage provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * bump keycloak version in setup to 25.0.1 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * removed references to scim client configuration reference (used by former user storage provider) Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * moved kc service configuration parameters from service file to keycloak configuration file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * added quarkus.properties * minor change to keycloak service file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): fix build issue after bumping keycloak libs version #8776 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* docs: user password validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation doc Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation doc Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation doc Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: move the note about cust scripts and add link to docs * docs: add information about absence of default * docs: reword the note Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: remove the image from update section Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: pujavs <pujas.works@gmail.com> Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>

Signed-off-by: mmrraju <mrraju.ice.iu@gmail.com>

* chore(jans-auth-server): renamed OXAUTH_UMA_TICKET -> UMA_TICKET Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): Token Status List support #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): corrected requestContext and azd decoding #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added token status list endpoint and status claim with index. #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): new cluster beans and services Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added head index to list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): move beans to core model Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): add index range to TokenPool Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added application/statuslist+json support #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): add methods to allocate/release TokenPool Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fix TokenPool sort Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): implement method to get nextIndex for token Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): implement method to get nextIndex for token Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): instead of using token list status use expiration date Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * fix(jans-auth-server): fixed index during list joins and npe on nextIndex. #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): populate statusListIndex in access and id tokens #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): add ClusterNode services Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): add node base dn Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added status list update on revoke #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix after merge Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): add schema for new entries Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fix allocate Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fix cluster nodes expiration Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added status list as jwt support #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): Deprecate TokenPoolStatus Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): implement updateWithLock for concurent lock on revoke Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): use updateWithLock during status update index #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): update status list on token revoke in separate thread #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): renamed TokenPool -> StatusTokenPool, TokenPoolService -> StatusTokenPoolService #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): removed token head index (we are using status token pools instead) #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added status list to swagger #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added ou=node,o=jans to config #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): throw configuration exception if node baseDn is missed #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): set status_list feature flag enabled by default #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed node allocation #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): corrected bug in getClusterNodeLast #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): keep lockKey static and save in jansNode after locking #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): different fixes for cluster node management #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed allocation of status index pools #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): added more logs for status index pool allocation #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): igore timezone when DB is PostgresSQL Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fetch all node entries if DB is LDAP Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added status list client #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed pool allocation #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): renamed endpoint /token_status_list -> /status_list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-orm): resovle bean property name with AttributeName #8773 * chore(jans-auth-server): renamed token_status_list -> status_list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): token statuses VALID - 0, INVALID - 1 #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): moved status list to model for re-using #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added batch index update and fixed concurrent update issue #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): use new index update method in existing revoke code #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed status pool index joining #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): code improvements #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * test(jans-auth-server): added full integration test for status list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * test(jans-auth-server): added test for CN case #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): mark indexes which we are about to re-use as VALID #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * code re-format Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * docs(config-api): regenerating config swagger api Signed-off-by: pujavs <pujas.works@gmail.com> --------- Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Signed-off-by: pujavs <pujas.works@gmail.com> Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: pujavs <pujas.works@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

#8823 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

…BMS #8825 (#8826) #8825 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* feat: ui improvement and fido authentication integration #5962 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding loader Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fix loading issue Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing logout Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing logout Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding docs Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding docs Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding docs Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: remove extra OP_config call Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: modify README Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: modify README Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: changing ReadMe Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* chore(docker-jans-auth-server): sync jans-lock assets Signed-off-by: iromli <isman.firmansyah@gmail.com> * feat(cloud-native): add Token Status List support Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore(cloud-native): sync assets to OCI images Signed-off-by: iromli <isman.firmansyah@gmail.com> * feat(docker-jans-saml): update kc-saml integration installation Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix: migrate jans storage Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore: remove unused client Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com>

* docs: update fido2 configuration document Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fido2 : add schema format and example Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: update file names Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: remove old files Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(fido2): update the instructions for update conf section Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(fido2): proofreading Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

#8839) #8838 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* docs: update JWKS conf * jwks : add schema format and example Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwks): add schema format and example Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwk): Add tui section and add schema Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwks): fix update instructions Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwk): rephrase and proofread Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

…8857) * feat(cloud-native): add ingress for jans-lock as jans-auth service Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix(docker-jans-all-in-one): remove unused KC_PROXY env Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs(charts): add ingress for jans-lock config Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

* chore(docker-jans-saml): sync asset for OCI image Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore(all-in-one): update JANS_SOURCE_VERSION Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com>

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

#8863 (#8865) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): disable keycloak required action verify_profile #8863 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

) Signed-off-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Yuriy M <95305560+yuremm@users.noreply.github.com>

* feat(cloud-native): disable keycloak verify_profile action Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore(cloud-native): update JANS_SOURCE_VERSION for aio Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

…y and maintainance (#9493) * feat!(jans-lock): remove cedarling code Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): created empty cedarling crate, with default parameters Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): add auth module Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): add init module Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): add jwt module Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * docs(jans-lock): added readme file Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): added license notice Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): add test module Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): add lock module Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): add models module Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> * chore(jans-lock): add log module Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com> --------- Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore: sync assets for OCI images Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore(docker-jans-casa): cleanup code --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

* chore(release): release 1.1.5 Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * chore(release): update Dockerfile source version Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * chore: update Dockerfile * fix: missing pip package Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> --------- Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

chore: release 1.1.6 SNAPSHOT Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

…operty #7010 (#9513) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

Updated README - Jans Lock and intro edit. Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>

* docs(loggin): logging config update changes Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(logging): fix loggin document format Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(logging): update detail of TUI Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

…e review profile step in the first broker login flow (#9522) Signed-off-by: Mustafa Baser <mbaser@mail.com>

…e of client_name #9415 (#9523) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* fix(jans-cli-tui): hide realm in idp setup Signed-off-by: Mustafa Baser <mbaser@mail.com> * docs(jans-cli-tui): update IDP for TUI Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com>

* feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> --------- Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: Yuriy M. <95305560+yuremm@users.noreply.github.com>

* feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> --------- Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* fix(config-api): asset mgt endpoint fixes Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): asset upload Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): lock review comments Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock code review comments Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 delete functionality Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): acr validation Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): doc(config-api): IDP schema attribute descriptions #9187 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): uploading assets via API generates 2 entries #9178 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset mgt, fido and IDP changes Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 device endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): resolved sonar review issues Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sonar review comment fix Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): swagger spec Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): saml config attribute description Signed-off-by: pujavs <pujas.works@gmail.com> * doc(config-api): added SAML attribute description Signed-off-by: pujavs <pujas.works@gmail.com> * doc(config-api): added SAML attribute description Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs <pujas.works@gmail.com> * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock review point Signed-off-by: pujavs <pujas.works@gmail.com> * fix(lock): code review comment Signed-off-by: pujavs <pujas.works@gmail.com> * fix(lock): code review comment Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock endpoint fixes and SAML IDP NPE Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset enhancement Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403 Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): scope validation issue #9426 Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): asset delete error fix Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sysnc with main Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-ap): lock audit endpoint parameter declaration error#9460 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): client token functionality Signed-off-by: pujavs <pujas.works@gmail.com> * fix(Config-api): lock audit endpoint path param rectification Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): clint token endpoint - wip Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): clint token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): client token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): client token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> --------- Signed-off-by: pujavs <pujas.works@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>

* refactor: move cedarling top level Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * ci: update labels schema Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> --------- Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* docs:add license header instrucstion Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: add license header and CLA section Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: add link to the CLA file Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

dryrunsecurity · 2024-09-26T11:51:18Z

DryRun Security Summary

The pull request includes changes to the jans-cli-tui application, focusing on improving the user interface and functionality, particularly in the areas of SMTP configuration, OAuth client management, and various utility functions, while highlighting the need for thorough security review in areas such as input validation, secure storage and transmission, encryption and signing configuration, error handling and logging, and access control and authorization.

Expand for full summary

Summary:

The code changes in this pull request span across three different files in the jans-cli-tui application. The changes primarily focus on improving the user interface and functionality of the application, with a particular emphasis on the SMTP configuration, OAuth client management, and various utility functions.

From an application security perspective, the changes do not introduce any obvious security vulnerabilities. However, there are several areas that should be carefully reviewed to ensure the overall security of the application:

Input Validation: It's crucial to thoroughly validate all user inputs, especially those related to sensitive information (e.g., SMTP credentials, keystore details, OAuth client configurations) to prevent potential security issues such as injection attacks.
Secure Storage and Transmission: Sensitive information, such as SMTP credentials and OAuth client secrets, must be stored and transmitted securely to protect against unauthorized access and data breaches.
Encryption and Signing Configuration: The proper configuration of encryption and signing algorithms for various purposes (e.g., ID tokens, access tokens) is essential to ensure the confidentiality and integrity of sensitive data.
Error Handling and Logging: Robust error handling and comprehensive logging mechanisms can help identify and address potential security issues, as well as provide valuable information for incident response and forensic analysis.
Access Control and Authorization: The management of OAuth clients and their associated resources (e.g., scopes, active tokens, UMA resources) should be implemented with a strong access control and authorization model to prevent unauthorized access and modifications.

Overall, the code changes appear to be focused on improving the user experience and functionality of the application, and they do not immediately raise any major security concerns. However, it's important to review the application's security posture holistically and address the areas mentioned above to maintain a secure and robust system.

Files Changed:

jans-cli-tui/cli_tui/utils/static.py:
- A new string constant confirm has been added to the common_strings class, likely to be used for displaying a confirmation message or dialog in the application. This change does not introduce any obvious security concerns.
jans-cli-tui/cli_tui/plugins/080_smtp/main.py:
- The changes involve the removal of several imported modules and the simplification of the prepare_container method, which is responsible for creating the user interface elements for the SMTP configuration.
- The code allows users to configure SMTP authentication credentials, keystore details, and connection protection methods. It's important to ensure that these configurations are handled securely to prevent potential security issues.
jans-cli-tui/cli_tui/plugins/010_auth_server/edit_client_dialog.py:
- This file implements an "Edit Client Dialog" for managing OAuth clients, including their basic information, token settings, logout configurations, software information, and more.
- The code covers a wide range of client configuration options and provides mechanisms for managing sensitive information, such as client secrets and access tokens. It's important to review the implementation of access control, input validation, and secure storage of sensitive data.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

sonarcloud · 2024-09-26T11:58:17Z

Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarcloud · 2024-09-26T11:58:36Z

Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarcloud · 2024-09-26T11:58:45Z

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarcloud · 2024-09-26T11:59:23Z

Quality Gate passed for 'orm'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarcloud · 2024-09-26T12:00:11Z

Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

ossdhaval and others added 30 commits June 27, 2024 20:10

docs(logging): add schema format and example (#8796)

14bf29d

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

fix(jans-cli-tui): scim configuration skipDefinedPasswordValidation (#…

435ba39

…8801) Signed-off-by: Mustafa Baser <mbaser@mail.com>

feat(jans-core): do log4j reconfigure only on log level change (#8802)

2269019

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

fix(jans-cli-tui): Admin UI roles (#8780)

8a88d6f

* chore(jans-cli-tui): more logging Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): User Admin UI roles Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com>

docs(scim): adding custom attribute using scim (#7151)

1e2a4b0

Signed-off-by: mmrraju <mrraju.ice.iu@gmail.com>

fix(jans-linux-setup): dummy values for KC db options (#8821)

dfbf29e

Signed-off-by: Mustafa Baser <mbaser@mail.com>

test(jans-auth-server): fixed StatusListHttpTest failure #8823 (#8824)

4ab1bde

#8823 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

feat(jans-auth-server): stat RDN must have date to be unique under RD…

4b4e618

…BMS #8825 (#8826) #8825 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

fix(jans-cli-tui): scim config disableLoggerTimer (#8835)

e104077

Signed-off-by: Mustafa Baser <mbaser@mail.com>

fix(jans-cli-tui): SSA expire date should be greater than now (#8837)

07674e6

Signed-off-by: Mustafa Baser <mbaser@mail.com>

First draft of new cedar Lock docs. (#8832)

fdea2b2

feat(jans-linux-setup): status list must be enabled during tests #8838 (

ca7e04c

#8839) #8838 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

ci: add docs check to make sure every PR is doc checked (#8842)

c0154b3

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

fix(jans-linux-setup): typo (#8845)

8a9340a

Signed-off-by: Mustafa Baser <mbaser@mail.com>

ci: fix catching the docs commit (#8861)

364ca5c

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

fix(jans-linux-setup): kc deployment updates (#8856)

5964bce

Signed-off-by: Mustafa Baser <mbaser@mail.com>

feat(jans-linux-setup): KC disable verify_profile required action (#8873

950f5c3

) Signed-off-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

fix(fido2): remove weld dependency (#8871)

6b4504f

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Yuriy M <95305560+yuremm@users.noreply.github.com>

fix(jans-linux-setup): KC setup - providerId UserStorageProvider (#8880)

6fca35b

Signed-off-by: Mustafa Baser <mbaser@mail.com>

olehbozhok and others added 17 commits September 16, 2024 06:58

chore(release): prep work for 1.1.6-SNAPSHOT and dev (#9516)

2cbfeed

chore: release 1.1.6 SNAPSHOT Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

feat(jans-auth-server): added dedicated deviceSessionLifetime conf pr…

df0fb3d

…operty #7010 (#9513) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

docs: update README.md for Lock changes (#9509)

016bf37

Updated README - Jans Lock and intro edit. Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>

feat(jans-linux-setup): turn off update profile on first login for th…

9b4f5cf

…e review profile step in the first broker login flow (#9522) Signed-off-by: Mustafa Baser <mbaser@mail.com>

fix(jans-auth-server): new jans server installation show null in plac…

23ef80c

…e of client_name #9415 (#9523) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

feat(jans-auth): update SG script to conform API (#9541)

dc7afcd

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

feat(jans-cli-tui): client active tokens

5516bac

Signed-off-by: Mustafa Baser <mbaser@mail.com>

devrimyatar added area-documentation Documentation needs to change as part of issue or PR comp-jans-cli-tui Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Sep 26, 2024

devrimyatar requested review from yuriyz and pujavs September 26, 2024 11:50

devrimyatar marked this pull request as draft September 26, 2024 11:51

moabu force-pushed the main branch from cdfd022 to 04af3b4 Compare November 6, 2024 15:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(jans-cli-tui): client tokens and sessions #9602

feat(jans-cli-tui): client tokens and sessions #9602

devrimyatar commented Sep 26, 2024

dryrunsecurity bot commented Sep 26, 2024

sonarcloud bot commented Sep 26, 2024

sonarcloud bot commented Sep 26, 2024

sonarcloud bot commented Sep 26, 2024

sonarcloud bot commented Sep 26, 2024

sonarcloud bot commented Sep 26, 2024

feat(jans-cli-tui): client tokens and sessions #9602

Are you sure you want to change the base?

feat(jans-cli-tui): client tokens and sessions #9602

Conversation

devrimyatar commented Sep 26, 2024

dryrunsecurity bot commented Sep 26, 2024

DryRun Security Summary

Code Analysis

Riskiness

sonarcloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-pycloudlib'

sonarcloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-cli'

sonarcloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-linux-setup'

sonarcloud bot commented Sep 26, 2024

Quality Gate passed for 'orm'

sonarcloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-config-api-parent'