Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jans-cli-tui): hide realm in idp setup #9538

Merged
merged 3 commits into from
Sep 19, 2024
Merged

fix(jans-cli-tui): hide realm in idp setup #9538

merged 3 commits into from
Sep 19, 2024

Conversation

devrimyatar
Copy link
Contributor

@devrimyatar devrimyatar commented Sep 19, 2024
edited
Loading

closes #9533

  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

@devrimyatar devrimyatar added kind-bug Issue or PR is a bug in existing functionality comp-jans-cli-tui Component affected by issue or PR labels Sep 19, 2024
@devrimyatar devrimyatar marked this pull request as draft September 19, 2024 13:44
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 19, 2024
edited
Loading

DryRun Security Summary

The pull request updates the documentation for creating and managing SAML identity providers in the Janssen system and modifies the EditIdentityProvideDialog class to introduce new functionality, such as the ability to select the metadata source type and upload or manually configure the IDP metadata, while also highlighting the need for robust validation and sanitization to address potential security risks.

Expand for full summary

Summary:

The changes in this pull request are related to the configuration of SAML identity providers (IDPs) in the Janssen system. The first set of changes updates the documentation for creating and managing SAML IDPs using the Janssen Text-based UI (TUI) or command-line interface. The second set of changes modifies the EditIdentityProvideDialog class, which is responsible for the IDP editing functionality in the command-line application.

The documentation changes provide clear instructions on how to create a new SAML IDP, including navigating to the appropriate section, adding the necessary details, and persisting the IDP configuration in the Janssen database. This centralized management approach is a positive security feature, as it avoids the need for manual configuration in the Keycloak admin console.

The code changes to the EditIdentityProvideDialog class introduce new functionality, such as the ability to select the metadata source type (file or manual), upload a metadata file, and manually configure the IDP metadata. While these changes improve the user experience, they also introduce potential security risks that need to be addressed.

Specifically, the application should implement robust validation and sanitization of the uploaded metadata file and the manually entered metadata fields to prevent the introduction of malicious content or configurations. Additionally, the application should continue to properly handle and validate the realm configuration, as it can have security implications.

Files Changed:

  1. docs/admin/keycloak/keycloak-saml-inbound.md:

    • The changes update the documentation for creating and managing SAML IDPs in the Janssen system using the Janssen TUI or command-line interface.
    • The new steps include navigating to the "Jans SAML" > "Identity Providers" section, adding a new identity provider, and providing the necessary details.
    • The IDP details are persisted in the Janssen database, and the ability to edit the IDP details later is also documented.

  2. jans-cli-tui/cli_tui/plugins/100_saml/edit_identity_provider_dialog.py:

    • The changes remove the "Realm" field from the EditIdentityProvideDialog class.
    • The dialog now includes a dropdown to select the metadata source type (file or manual).
    • If the "file" option is selected, the dialog displays a button to browse and upload a metadata file.
    • If the "manual" option is selected, the dialog displays various fields for configuring the IDP metadata.
    • The save method handles the save operation, including validation of the metadata file or manual metadata configuration.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto
Copy link
Member

mo-auto commented Sep 19, 2024

Error: Hi @devrimyatar, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto mentioned this pull request Sep 19, 2024
Closed
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 19, 2024

Quality Gate Passed Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@devrimyatar devrimyatar added the area-documentation Documentation needs to change as part of issue or PR label Sep 19, 2024
@devrimyatar devrimyatar marked this pull request as ready for review September 19, 2024 14:05
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 19, 2024

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@yuriyz yuriyz merged commit 6580d48 into main Sep 19, 2024
29 checks passed
@yuriyz yuriyz deleted the jans-cli-tui-kc-realm-9533 branch September 19, 2024 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ossdhaval ossdhaval ossdhaval approved these changes

@yuriyz yuriyz yuriyz approved these changes

@uprightech uprightech Awaiting requested review from uprightech

Assignees
No one assigned
Labels
area-documentation Documentation needs to change as part of issue or PR comp-jans-cli-tui Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(jans-tui): remove the realm configuration item on the identity provider management page
4 participants
@devrimyatar @mo-auto @ossdhaval @yuriyz