feat(jans-auth-server): used single-valued attribute for client id instead of multi-valued where it is needed (e.g. jansClntAuthz ) #10033

[yuriyz]

Description

feat(jans-auth-server): used single-valued attribute for client id instead of multi-valued where it is needed (e.g. jansClntAuthz )

Target issue

closes #10033

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The pull request includes updates to the ClientAuthorization and PairwiseIdentifier classes, as well as changes to the Jans schema, which should be carefully reviewed to ensure that the application's security is not compromised.

Expand for full summary

Summary:

The code changes in this pull request involve updates to the ClientAuthorization and PairwiseIdentifier classes, as well as changes to the Jans schema. While these changes do not appear to introduce any immediate security concerns, it's essential to review them carefully to ensure that the application's security is not compromised.

The key changes include the renaming of the jansClntId attribute to clnId in the ClientAuthorization classes, and the renaming of the jansClntId attribute to clnId in the PairwiseIdentifier class. These changes seem to be part of a refactoring effort and do not directly impact the application's security.

However, it's important to consider the broader context of these changes and ensure that the application's security practices are not affected. This includes verifying that the client ID is properly validated and sanitized, that the authorization information is properly secured, and that the pairwise identifier functionality is implemented securely and in accordance with best practices.

Additionally, the changes to the Jans schema introduce several attributes related to authentication, OAuth2, OpenID Connect, and SAML. These changes should be thoroughly reviewed to ensure that the application's security mechanisms are not compromised and that sensitive user data is properly protected.

Files Changed:

1. jans-casa/plugins/client-authorizations/src/main/java/io/jans/casa/plugins/consent/model/ClientAuthorization.java:

   • The @AttributeName annotation on the jansClntId field has been updated to include the name attribute, setting it to "clnId".

2. jans-auth-server/persistence-model/src/main/java/io/jans/as/persistence/model/ClientAuthorization.java:

   • The @AttributeName(name = "jansClntId", consistency = true) annotation has been changed to @AttributeName(name = "clnId", consistency = true).

3. jans-auth-server/persistence-model/src/main/java/io/jans/as/persistence/model/PairwiseIdentifier.java:

   • The jansClntId attribute has been renamed to clnId.

4. jans-linux-setup/jans_setup/schema/jans_schema.json:

   • The schema includes changes to the jansPairwiseIdentifier and jansPerson object classes, as well as attributes related to authentication, OAuth2, OpenID Connect, and SAML.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	3 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud