docs(fido2): updates to fido2 config doc

[ossdhaval]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #issue-number-here

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Server-Side Request Forgery Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code change introduces documentation on how to configure the Janssen FIDO2 (Fast IDentity Online) functionality in the Janssen Server. The documentation covers three main aspects: command-line configuration, text-based UI configuration, and REST API configuration. From an application security perspective, the changes are notable for their emphasis on secure configuration management, proper handling of sensitive configuration properties, configurable security settings, and the inclusion of logging and monitoring capabilities.

The documentation highlights the use of secure command-line, text-based UI, and REST API interfaces to manage the FIDO2 configuration, ensuring that configuration changes are performed through controlled and auditable channels. The FIDO2 configuration includes sensitive information, such as the issuer, base endpoint, and various folder paths for storing certificates and metadata, which require proper access control and secure storage. Additionally, the configuration allows administrators to control various security-related settings, and the inclusion of logging and monitoring features can be leveraged to monitor and audit the FIDO2 functionality for any security-related events or anomalies.

Files Changed:

• docs/admin/config-guide/janssen-fido2-configuration.md: This file provides comprehensive documentation on how to configure the Janssen FIDO2 functionality, covering command-line configuration, text-based UI configuration, and REST API configuration. The documentation emphasizes the importance of secure configuration management, proper handling of sensitive configuration properties, configurable security settings, and the inclusion of logging and monitoring capabilities to maintain the overall security of the FIDO2 functionality within the Janssen Server.

Powered by DryRun Security