feat(jans-cli-tui): client tokens and sessions #9602

devrimyatar · 2024-09-26T11:50:55Z

[x] closes #9413
[ ] closes #9412

Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

…8801) Signed-off-by: Mustafa Baser <mbaser@mail.com>

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* chore(jans-cli-tui): more logging Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): User Admin UI roles Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com>

…nd cn #8776 (#8806) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): remove references to jans standalone persistence layer Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper for kc #8614 * added persistence manager configuration for protocol mapper Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): added dependencies for protocol mapper #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added dependencies to protocol mapper * added protocol mapper main class Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): experimental protocol mapper #8614 * added relevant models to fetch user attributes * refactored the db configuration classes Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * created maven project for janssen spi bundle Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): janssen spi bundle #8614 * added dependencies xml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to job-scheduler #8614 * added support for new protocol mapper in job scheduler * fixed typo in application shutdown log message Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added support for the protocol-mapper in job-scheduler configuration * fixed issue in job-scheduler logging configuration that caused too many log files to be created Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): spi bundle #8614 * additions to the spi bundle pom file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): keycloak integration enhancements #8614 * added protocol mapper implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added thin bridge spi provider * added models for thin bridge provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator spi to spi module * minor refactoring to the authenticator spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * moved authenticator rest service spi to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added new storage provider implementation Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added missing files to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * added resource files to spi module Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * bump spi version to 1.1.3-SNAPSHOT * removed protocol-mapper PoC from build modules Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * minor bugfix to scheduler. did not show fatal startup errors in log file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 *fix for fatal errors which don't still appear in the logs Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * further housekeeping in job-scheduler Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixed bug in user storage spi preventing authentication in new version of keycloak Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * have scheduler create saml clients with document and assertion signing as default configuration Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancement to jans-keycloak-integration #8614 * removed reference to protocol-mapper poc submodule Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed reference to storage-spi module * restored job-scheduler module in build pom Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * removed authenticator source as it was moved to spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 * fixes suggested by static analyser Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * marked jans authenticator in the kc authentication flow ALTERNATIVE * updated providerId for our custom user storage provider Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * bump keycloak version in setup to 25.0.1 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * removed references to scim client configuration reference (used by former user storage provider) Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * moved kc service configuration parameters from service file to keycloak configuration file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): update kc-saml integration installation for ce and cn #8776 * added quarkus.properties * minor change to keycloak service file Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): fix build issue after bumping keycloak libs version #8776 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* docs: user password validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation doc Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation doc Signed-off-by: pujavs <pujas.works@gmail.com> * docs: user password validation doc Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: default acr script validation Signed-off-by: pujavs <pujas.works@gmail.com> * docs: move the note about cust scripts and add link to docs * docs: add information about absence of default * docs: reword the note Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: remove the image from update section Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: pujavs <pujas.works@gmail.com> Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>

Signed-off-by: mmrraju <mrraju.ice.iu@gmail.com>

* chore(jans-auth-server): renamed OXAUTH_UMA_TICKET -> UMA_TICKET Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): Token Status List support #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): corrected requestContext and azd decoding #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added token status list endpoint and status claim with index. #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): new cluster beans and services Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added head index to list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): move beans to core model Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): add index range to TokenPool Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added application/statuslist+json support #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): add methods to allocate/release TokenPool Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fix TokenPool sort Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): implement method to get nextIndex for token Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): implement method to get nextIndex for token Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): instead of using token list status use expiration date Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * fix(jans-auth-server): fixed index during list joins and npe on nextIndex. #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): populate statusListIndex in access and id tokens #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): add ClusterNode services Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): add node base dn Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added status list update on revoke #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix after merge Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): add schema for new entries Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fix allocate Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fix cluster nodes expiration Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added status list as jwt support #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): Deprecate TokenPoolStatus Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): implement updateWithLock for concurent lock on revoke Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): use updateWithLock during status update index #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): update status list on token revoke in separate thread #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): renamed TokenPool -> StatusTokenPool, TokenPoolService -> StatusTokenPoolService #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): removed token head index (we are using status token pools instead) #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added status list to swagger #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added ou=node,o=jans to config #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): throw configuration exception if node baseDn is missed #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): set status_list feature flag enabled by default #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed node allocation #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): corrected bug in getClusterNodeLast #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): keep lockKey static and save in jansNode after locking #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): different fixes for cluster node management #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed allocation of status index pools #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): added more logs for status index pool allocation #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth): igore timezone when DB is PostgresSQL Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): fetch all node entries if DB is LDAP Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth-server): added status list client #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed pool allocation #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): renamed endpoint /token_status_list -> /status_list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-orm): resovle bean property name with AttributeName #8773 * chore(jans-auth-server): renamed token_status_list -> status_list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): token statuses VALID - 0, INVALID - 1 #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): moved status list to model for re-using #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): added batch index update and fixed concurrent update issue #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): use new index update method in existing revoke code #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * fix(jans-auth-server): fixed status pool index joining #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * chore(jans-auth-server): code improvements #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * test(jans-auth-server): added full integration test for status list #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * test(jans-auth-server): added test for CN case #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * feat(jans-auth-server): mark indexes which we are about to re-use as VALID #8562 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * code re-format Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> * docs(config-api): regenerating config swagger api Signed-off-by: pujavs <pujas.works@gmail.com> --------- Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Signed-off-by: pujavs <pujas.works@gmail.com> Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: pujavs <pujas.works@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

#8823 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

…BMS #8825 (#8826) #8825 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* feat: ui improvement and fido authentication integration #5962 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding loader Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fix loading issue Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing logout Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing logout Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding docs Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding docs Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding docs Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: remove extra OP_config call Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: modify README Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: modify README Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: changing ReadMe Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* chore(docker-jans-auth-server): sync jans-lock assets Signed-off-by: iromli <isman.firmansyah@gmail.com> * feat(cloud-native): add Token Status List support Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore(cloud-native): sync assets to OCI images Signed-off-by: iromli <isman.firmansyah@gmail.com> * feat(docker-jans-saml): update kc-saml integration installation Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix: migrate jans storage Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore: remove unused client Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com>

* docs: update fido2 configuration document Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fido2 : add schema format and example Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: update file names Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: remove old files Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(fido2): update the instructions for update conf section Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(fido2): proofreading Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

#8839) #8838 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

* docs: update JWKS conf * jwks : add schema format and example Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwks): add schema format and example Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwk): Add tui section and add schema Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwks): fix update instructions Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(jwk): rephrase and proofread Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

…8857) * feat(cloud-native): add ingress for jans-lock as jans-auth service Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix(docker-jans-all-in-one): remove unused KC_PROXY env Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs(charts): add ingress for jans-lock config Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

* chore(docker-jans-saml): sync asset for OCI image Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore(all-in-one): update JANS_SOURCE_VERSION Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com>

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

#8863 (#8865) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * feat(jans-keycloak-integration): disable keycloak required action verify_profile #8863 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

) Signed-off-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Yuriy M <95305560+yuremm@users.noreply.github.com>

* feat(cloud-native): disable keycloak verify_profile action Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore(cloud-native): update JANS_SOURCE_VERSION for aio Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

chore: release 1.1.6 SNAPSHOT Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

…operty #7010 (#9513) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

Updated README - Jans Lock and intro edit. Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>

* docs(loggin): logging config update changes Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(logging): fix loggin document format Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(logging): update detail of TUI Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

…e review profile step in the first broker login flow (#9522) Signed-off-by: Mustafa Baser <mbaser@mail.com>

…e of client_name #9415 (#9523) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* fix(jans-cli-tui): hide realm in idp setup Signed-off-by: Mustafa Baser <mbaser@mail.com> * docs(jans-cli-tui): update IDP for TUI Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com>

* feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> --------- Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: Yuriy M. <95305560+yuremm@users.noreply.github.com>

* feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * feat(jans-auth): update SG script to conform API Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> --------- Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* fix(config-api): asset mgt endpoint fixes Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): asset upload Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): lock review comments Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock code review comments Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 delete functionality Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): acr validation Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): doc(config-api): IDP schema attribute descriptions #9187 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): uploading assets via API generates 2 entries #9178 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset mgt, fido and IDP changes Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 device endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): fido2 endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): resolved sonar review issues Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sonar review comment fix Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): swagger spec Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): saml config attribute description Signed-off-by: pujavs <pujas.works@gmail.com> * doc(config-api): added SAML attribute description Signed-off-by: pujavs <pujas.works@gmail.com> * doc(config-api): added SAML attribute description Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs <pujas.works@gmail.com> * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock review point Signed-off-by: pujavs <pujas.works@gmail.com> * fix(lock): code review comment Signed-off-by: pujavs <pujas.works@gmail.com> * fix(lock): code review comment Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): sync with main Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): lock endpoint fixes and SAML IDP NPE Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): asset enhancement Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403 Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): scope validation issue #9426 Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-api): asset delete error fix Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): sysnc with main Signed-off-by: pujavs <pujas.works@gmail.com> * fix(config-ap): lock audit endpoint parameter declaration error#9460 Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): client token functionality Signed-off-by: pujavs <pujas.works@gmail.com> * fix(Config-api): lock audit endpoint path param rectification Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): clint token endpoint - wip Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): clint token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): client token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): client token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> * feat(config-api): token endpoint Signed-off-by: pujavs <pujas.works@gmail.com> --------- Signed-off-by: pujavs <pujas.works@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>

* refactor: move cedarling top level Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * ci: update labels schema Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> --------- Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

* docs:add license header instrucstion Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: add license header and CLA section Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs: add link to the CLA file Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Signed-off-by: Mustafa Baser <mbaser@mail.com>

dryrunsecurity · 2024-09-26T11:51:18Z

DryRun Security Summary

The provided text summarizes a comprehensive set of GitHub Actions workflow and configuration file changes for the Janssen Project, focusing on enhancing security, reliability, and maintainability through improved dependency management, code quality checks, secure credential handling, and proactive security practices across the development lifecycle.

Expand for full summary

Summary:

The provided code changes cover a variety of GitHub Actions workflows and configuration files for the Janssen Project. These changes focus on improving the overall security, reliability, and maintainability of the project's development and deployment processes.

Key security-related aspects of these changes include:

Hardening GitHub Actions Runners: Several workflows use the step-security/harden-runner action to enforce strict egress policies and improve the overall security of the runner environment.
Secure Credential Management: The workflows use GitHub secrets and GPG signing to protect sensitive information, such as API tokens and deployment keys.
Dependency Management: The changes include updates to the dependency management processes, such as the use of Dependabot to automatically update dependencies and the integration of CodeQL for comprehensive code analysis.
Secure Code Practices: The workflows enforce best practices, such as requiring pull requests to reference open issues, running linters and code quality checks, and automating the documentation generation and deployment process.

Overall, these changes demonstrate a strong commitment to application security and a proactive approach to identifying and addressing potential security risks throughout the development lifecycle.

Files Changed:

.github/pull_request_template.md: Updates the pull request template to include additional sections and instructions, improving the overall contribution process.
.github/CODEOWNERS: Modifies the code ownership and review responsibilities for various components of the project, ensuring appropriate security-focused oversight.
.github/workflows/activate-nightly-build.yml: Manages the nightly build process, including the deletion and recreation of nightly releases and tags, with a focus on security practices.
.github/dependabot.yml: Configures Dependabot to automatically update dependencies across various package ecosystems, helping to maintain the security of the project's dependencies.
.github/workflows/backport.yml: Implements a backporting workflow to automatically create pull requests for merging changes to other branches, with appropriate security considerations.
.github/workflows/codeql-analysis.yml: Integrates the CodeQL code analysis tool into the project's development process, enabling the identification of security vulnerabilities and code quality issues.
.github/workflows/build-packages.yml: Handles the publishing of binary and Python packages, with a focus on security practices such as package signing and sensitive information removal.
.github/workflows/build-docs.yml: Manages the generation and deployment of the project's documentation to the GitHub Pages site, ensuring the integrity and security of the documentation.
.github/workflows/central_code_quality_check.yml: Runs a code quality check on the project's source code, including the use of SonarCloud for static code analysis.
.github/workflows/flake8-lint.yml: Lints the Python code in the "demos/jans-tent" directory using the Flake8 tool, helping to maintain code quality and identify potential security issues.
.github/workflows/microk8s.yml: Updates the Kubernetes (microk8s) deployment workflow, including the use of the step-security/harden-runner action.
.github/workflows/pr-ref-issue.yml: Enforces the requirement for each pull request to reference an open issue, improving traceability and issue management.
.github/workflows/documenation_check.yml: Checks the documentation changes in a pull request to ensure that the code changes do not impact the documentation.
.github/workflows/sync.yml: Synchronizes changes between the jans repository and the terraform-provider-jans repository, with a focus on security practices such as GPG signing and runner hardening.
.github/workflows/scorecard.yml: Integrates the Scorecard supply-chain security analysis tool to evaluate the security posture of the project.
.github/workflows/testcases.yml: Updates the test case execution workflow, including the use of the step-security/harden-runner action and the integration of Codecov for code coverage reporting.
.github/workflows/test_docker_linux_installer.yml: Tests the Linux installer for the Janssen Project, with a focus on security practices such as runner hardening and secure environment variable management.

Code Analysis

We ran 9 analyzers against 30 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

sonarqubecloud · 2024-09-26T11:58:17Z

Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud · 2024-09-26T11:58:36Z

Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud · 2024-09-26T11:58:45Z

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud · 2024-09-26T11:59:23Z

Quality Gate passed for 'orm'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud · 2024-09-26T12:00:11Z

Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

ossdhaval and others added 30 commits June 27, 2024 20:10

docs(logging): add schema format and example (#8796)

6878c26

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

fix(jans-cli-tui): scim configuration skipDefinedPasswordValidation (#…

54aa3fa

…8801) Signed-off-by: Mustafa Baser <mbaser@mail.com>

feat(jans-core): do log4j reconfigure only on log level change (#8802)

9eddb16

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

fix(jans-cli-tui): Admin UI roles (#8780)

fe1d2e3

* chore(jans-cli-tui): more logging Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): User Admin UI roles Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com>

docs(scim): adding custom attribute using scim (#7151)

eb1b970

Signed-off-by: mmrraju <mrraju.ice.iu@gmail.com>

fix(jans-linux-setup): dummy values for KC db options (#8821)

3e107e1

Signed-off-by: Mustafa Baser <mbaser@mail.com>

test(jans-auth-server): fixed StatusListHttpTest failure #8823 (#8824)

4455363

#8823 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

feat(jans-auth-server): stat RDN must have date to be unique under RD…

12c39ed

…BMS #8825 (#8826) #8825 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

fix(jans-cli-tui): scim config disableLoggerTimer (#8835)

7386cef

Signed-off-by: Mustafa Baser <mbaser@mail.com>

fix(jans-cli-tui): SSA expire date should be greater than now (#8837)

b0ea83f

Signed-off-by: Mustafa Baser <mbaser@mail.com>

First draft of new cedar Lock docs. (#8832)

8240491

feat(jans-linux-setup): status list must be enabled during tests #8838 (

72007ac

#8839) #8838 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

ci: add docs check to make sure every PR is doc checked (#8842)

f0e9a7f

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

fix(jans-linux-setup): typo (#8845)

f7501ee

Signed-off-by: Mustafa Baser <mbaser@mail.com>

ci: fix catching the docs commit (#8861)

f7eec06

Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

fix(jans-linux-setup): kc deployment updates (#8856)

8159644

Signed-off-by: Mustafa Baser <mbaser@mail.com>

feat(jans-linux-setup): KC disable verify_profile required action (#8873

30724cd

) Signed-off-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

fix(fido2): remove weld dependency (#8871)

bc68e75

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Yuriy M <95305560+yuremm@users.noreply.github.com>

fix(jans-linux-setup): KC setup - providerId UserStorageProvider (#8880)

902f2c9

Signed-off-by: Mustafa Baser <mbaser@mail.com>

moabu and others added 14 commits September 17, 2024 17:03

chore(release): prep work for 1.1.6-SNAPSHOT and dev (#9516)

6620624

chore: release 1.1.6 SNAPSHOT Signed-off-by: moabu <47318409+moabu@users.noreply.github.com>

feat(jans-auth-server): added dedicated deviceSessionLifetime conf pr…

c1bb81f

…operty #7010 (#9513) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

docs: update README.md for Lock changes (#9509)

372a1b1

Updated README - Jans Lock and intro edit. Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>

feat(jans-linux-setup): turn off update profile on first login for th…

54c3cb0

…e review profile step in the first broker login flow (#9522) Signed-off-by: Mustafa Baser <mbaser@mail.com>

fix(jans-auth-server): new jans server installation show null in plac…

9560c8d

…e of client_name #9415 (#9523) Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>

feat(jans-auth): update SG script to conform API (#9541)

39ae5fd

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

feat(jans-cli-tui): client active tokens

6a72f9d

Signed-off-by: Mustafa Baser <mbaser@mail.com>

devrimyatar added area-documentation Documentation needs to change as part of issue or PR comp-jans-cli-tui Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Sep 26, 2024

devrimyatar requested review from yuriyz and pujavs September 26, 2024 11:50

devrimyatar marked this pull request as draft September 26, 2024 11:51

moabu force-pushed the main branch from cdfd022 to 04af3b4 Compare November 6, 2024 15:30

moabu force-pushed the jans-cli-tui-script-tokens branch from 5516bac to b98c08c Compare December 26, 2024 19:33

moabu force-pushed the main branch from 5126af2 to aa1b2ed Compare December 27, 2024 04:55

moabu force-pushed the jans-cli-tui-script-tokens branch from b98c08c to 6a72f9d Compare December 27, 2024 04:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(jans-cli-tui): client tokens and sessions #9602

feat(jans-cli-tui): client tokens and sessions #9602

devrimyatar commented Sep 26, 2024

dryrunsecurity bot commented Sep 26, 2024 •

edited

Loading

sonarqubecloud bot commented Sep 26, 2024

sonarqubecloud bot commented Sep 26, 2024

sonarqubecloud bot commented Sep 26, 2024

sonarqubecloud bot commented Sep 26, 2024

sonarqubecloud bot commented Sep 26, 2024

feat(jans-cli-tui): client tokens and sessions #9602

Are you sure you want to change the base?

feat(jans-cli-tui): client tokens and sessions #9602

Conversation

devrimyatar commented Sep 26, 2024

dryrunsecurity bot commented Sep 26, 2024 • edited Loading

DryRun Security Summary

Code Analysis

sonarqubecloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-pycloudlib'

sonarqubecloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-cli'

sonarqubecloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-linux-setup'

sonarqubecloud bot commented Sep 26, 2024

Quality Gate passed for 'orm'

sonarqubecloud bot commented Sep 26, 2024

Quality Gate passed for 'jans-config-api-parent'

dryrunsecurity bot commented Sep 26, 2024 •

edited

Loading