chore(jans-casa): remove dependency on jython scripts

[jgomer2001]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8849

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The pull request covers various improvements to the authentication and security features of the Jans Casa application, including streamlining configuration management, enhancing input validation and error handling, implementing secure caching mechanisms, improving user credential and enrolled device handling, and consolidating the retrieval of authentication context references.

Expand for full summary

Summary:

The code changes in this pull request cover various aspects of the Jans Casa application's authentication and security features. The changes focus on improving the handling of different authentication methods, such as FIDO2 (Security Key 2), Twilio SMS, SuperGluu, and One-Time Password (OTP) authentication.

The key security-related improvements include:

1. Streamlining the configuration management and retrieval processes for the various authentication methods, reducing the reliance on custom scripts and promoting a more modular and flexible design.
2. Enhancing input validation and error handling to mitigate potential security vulnerabilities, such as injection attacks and information disclosure.
3. Implementing secure caching mechanisms to manage the state of the authentication processes and prevent potential abuse or unauthorized access.
4. Improving the handling of user credentials and enrolled devices, ensuring uniqueness and proper deprovisioning to maintain the overall security posture.
5. Consolidating the retrieval of authentication context references (ACRs) and aligning them with more descriptive and unique identifiers.

Overall, the changes in this pull request appear to be focused on improving the security, reliability, and maintainability of the Jans Casa application's authentication functionality. While there are no obvious security vulnerabilities introduced, it's important to continue reviewing the entire codebase and related infrastructure to identify and address any potential security risks.

Files Changed:

• HomeInitiator.java: Changes the authentication flow used for the home page, from the default to the "AGAMA_FLOW_ACR".
• UserService.java: Refactors the authentication method management, removing the 2FA requisite methods.
• ReloginInitiator.java: Updates the authentication context class reference (ACR) used for the re-login process.
• ConfigurationHandler.java: Optimizes the initialization process and the handling of ACR plugin mapping and CORS origins.
• OTPTwilioExtension.java: Performs minor changes to the Twilio SMS authentication method implementation.
• SuperGluuExtension.java: Updates the ACR identifier for the SuperGluu authentication method.
• OTPExtension.java: Modifies the ACR identifier and the handling of the "2fa_requisite" property for the OTP authentication method.
• SecurityKey2Extension.java: Refactors the FIDO2 (Security Key 2) authentication method implementation, improving the configuration handling and device management.
• QRConfig.java: Simplifies the configuration handling for the QR code-based authentication method.
• SGConfig.java: Refactors the configuration handling for the SuperGluu authentication method.
• OTPConfig.java: Simplifies the configuration parsing for the OTP authentication method.
• OTPEnrollingWS.java: Modifies the URL path for the OTP enrollment process.
• OTPValidationWS.java: Streamlines the TOTP and HOTP validation logic.
• TwilioMobilePhoneEnrollingWS.java: Refactors the Twilio SMS enrollment process.
• SuperGluuEnrollingWS.java: Simplifies the SuperGluu enrollment process.
• SecurityKey2EnrollingWS.java: Updates the URL path for the FIDO2 (Security Key 2) enrollment process.
• BaseService.java: Refactors the configuration property handling.
• ValidateCode.java: Simplifies the response generation for SMS code validation.
• OTPService.java: Handles the management of OTP devices and configuration.
• Fido2Service.java: Improves the FIDO2 (Security Key 2) configuration handling and device management.
• SGService.java: Enhances the SuperGluu authentication method integration, including geolocation tracking.
• TwilioMobilePhoneService.java: Refactors the Twilio SMS service configuration handling.
• TOTPAlgorithmService.java: Improves the TOTP algorithm implementation.
• AuthnMethodsWS.java: Simplifies the authentication method management.
• HOTPAlgorithmService.java: Enhances the HOTP algorithm implementation.
• AuthnScriptsReloader.java: Refactors the authentication flow configuration monitoring.
• SecurityKey2ViewModel.java: Improves the user interface for managing security keys.

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	59 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.