Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(jans-fido): changes to refactor requestedParties #9111 #9329

Merged
merged 1 commit into from
Sep 2, 2024

Conversation

shekhar16
Copy link
Contributor

#9111
Changes to refactor requestedParties

Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>
Copy link

dryrunsecurity bot commented Sep 2, 2024

DryRun Security Summary

The pull request primarily focuses on updating the configuration of the FIDO2 (Fast Identity Online) server in the Janssen application, renaming and aligning the configuration properties with the FIDO2 specification to improve clarity and consistency.

Expand for full summary

Summary:

The code changes in this pull request are primarily focused on updating the configuration of the FIDO2 (Fast Identity Online) server in the Janssen application. The changes involve renaming and aligning the configuration properties with the FIDO2 specification, improving the clarity and consistency of the configuration options.

From an application security perspective, the changes do not introduce any obvious security vulnerabilities. The updates are mainly refactoring and renaming of configuration fields, such as changing "requestedParties" to "rp" (Relying Party), "name" to "id", and "domains" to "origins". These changes align the configuration with industry-standard terminology and best practices for FIDO2 implementation.

However, it's important to ensure that the overall FIDO2 configuration is properly set up and secured, as it is a critical component of the authentication and authorization mechanisms for the application. This includes reviewing the enabled FIDO2 algorithms, the Metadata Service (MDS) configuration, the Relying Party (RP) settings, and the expiration settings for unfinished requests and authentication history.

Files Changed:

  1. docs/admin/fido/logs.md: The changes in this file update the configuration of the Janssen's FIDO2 server, renaming and aligning the properties with the FIDO2 specification.
  2. docs/admin/config-guide/fido2-config/janssen-fido2-configuration.md: Similar to the changes in the logs.md file, this update renames the "requestedParties" property to "rp" and the "domains" property to "origins".
  3. docs/admin/reference/json/properties/fido2-properties.md: This file contains updates to the Fido2 configuration properties, including the renaming of "requestedParties" to "rp" and the addition of a new property "sessionIdPersistInCache".
  4. docs/admin/fido/config.md: The changes in this file also involve the renaming of "requestedParties" to "rp" and "domains" to "origins" in the FIDO2 configuration.
  5. jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/fido2.json: This file contains similar changes to the FIDO2 configuration, with the renaming of "requestedParties" to "rp", "name" to "id", and "domains" to "origins".
  6. jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/dynamiconf.json: The changes in this file are also related to the renaming of "requestedParties" to "rp", "name" to "id", and "domains" to "origins".
  7. jans-config-api/plugins/docs/fido2-plugin-swagger.yaml: The update in this file is focused on renaming the "requestedParties" property to "rp" in the Fido2Configuration schema.
  8. jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/ref_dynami_conf.json: Similar to the other files, the changes here involve the renaming of "requestedParties" to "rp", "name" to "id", and "domains" to "origins".
  9. jans-fido2/model/src/main/java/io/jans/fido2/model/conf/RequestedParty.java: The changes in this file involve renaming the "name" field to "id" and the "domains" field to "origins".
  10. jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java: The changes in this file update the code to use the "getOrigins()" method instead of "getDomains()" and the "getId()" method instead of "getName()" when working with the Relying Party information.
  11. jans-fido2/model/src/main/java/io/jans/fido2/model/conf/Fido2Configuration.java: This file includes changes related to the addition of the "rp" property to the Fido2Configuration class, which is used to configure the Relying Party information.
  12. **jans

Code Analysis

We ran 9 analyzers against 13 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 2 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@yurem yurem merged commit 40aac09 into passkeys-project Sep 2, 2024
11 checks passed
@yurem yurem deleted the issues_9111 branch September 2, 2024 19:39
moabu pushed a commit that referenced this pull request Nov 7, 2024
Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants