chore: rework availability of authentication methods

[jgomer2001]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8850

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The changes in this pull request focus on improving the documentation and configuration of the Casa (Janssen Server's administration interface) application, with a strong emphasis on enhancing the security of the authentication mechanisms, including updates to the documentation, authentication method management, sensitive information handling, and secure configuration and deployment.

Expand for full summary

Summary:

The changes in this pull request focus on improving the documentation and configuration of the Casa (Janssen Server's administration interface) application, with a strong emphasis on enhancing the security of the authentication mechanisms. The key changes include:

1. Documentation Updates: The changes update the documentation for various administrative tasks, such as configuring authentication methods, troubleshooting authentication failures, and managing Two-Factor Authentication (2FA) settings. These updates provide more detailed guidance and security-focused recommendations to Casa administrators.

2. Authentication Method Management: The changes introduce improvements to the way authentication methods are managed, including the ability to prioritize "safer" methods, configure 2FA settings, and handle plugin-based authentication extensions. These features help strengthen the overall security of the authentication process.

3. Sensitive Information Handling: The changes address potential security concerns related to the handling and storage of sensitive information, such as browser details and plugin configurations. The removal of unnecessary data collection and improved input validation help mitigate security risks.

4. Secure Configuration and Deployment: The documentation now emphasizes the importance of secure configuration practices, such as disabling administrative console access, enabling stronger authentication methods, and properly configuring plugin-related settings. These recommendations help enhance the overall security posture of the Casa application.

Files Changed:

1. docs/casa/administration/faq.md: Updates the FAQ section with information on adjusting OTP token issuer, troubleshooting authentication failures, and enabling authentication methods.
2. docs/casa/administration/2fa-basics.md: Provides updates on the strength of authentication credentials and the ability to force enrollment of specific credential types.
3. docs/casa/administration/quick-start.md: Emphasizes the importance of configuring authentication methods, setting up OTP via SMS, and disabling administrative console access.
4. docs/casa/administration/admin-console.md: Describes the configuration of authentication methods, password reset functionality, and 2FA settings management.
5. docs/casa/index.md: Removes the section on Janssen Server integration, potentially indicating architectural changes.
6. jans-casa/app/src/main/java/io/jans/casa/ui/model/AuthnMethodStatus.java: Updates the AuthnMethodStatus class with changes to the fields and methods.
7. jans-casa/app/src/main/java/io/jans/casa/core/ExtensionsManager.java: Improves the handling of authentication method extensions.
8. jans-casa/app/src/main/java/io/jans/casa/ui/vm/HomeViewModel.java: Streamlines the browser information handling process.
9. jans-casa/app/src/main/java/io/jans/casa/ui/vm/admin/AuthnMethodsViewModel.java: Enhances the management of authentication methods and their associated plugins/extensions.
10. jans-casa/app/src/main/webapp/admin-api.yaml: Removes the /authn-methods/assign-plugin endpoint, reducing the application's attack surface.
11. jans-casa/app/src/main/resources/labels/admin.properties: Updates the labels and descriptions related to authentication method management.
12. jans-casa/app/src/main/webapp/scripts/gluu/main-util.js: Removes the sendBrowserData() function, reducing the transmission of potentially sensitive information.
13. mkdocs.yml: Removes the "Credentials storage" section from the documentation, potentially indicating a shift in security practices.
14. jans-casa/app/src/main/webapp/index.zul: Introduces the use of the UA-Parser.js library to collect and send user browser information to the server.
15. jans-casa/app/src/main/webapp/admin/methods.zul: Updates the authentication method management interface, including sorting functionality and a modal dialog.
16. jans-casa/config/src/main/java/io/jans/casa/conf/MainSettings.java: Adds new properties for ACR priority and plugin settings, which have security implications.

Overall, the changes in this pull request demonstrate a strong focus on enhancing the security of the Casa application, particularly in the areas of authentication management, sensitive data handling, and secure configuration practices.

Code Analysis

We ran 9 analyzers against 23 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	5 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.