Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-core): use DB document store by default #9267

Merged
merged 1 commit into from
Aug 26, 2024
Merged

feat(jans-core): use DB document store by default #9267

merged 1 commit into from
Aug 26, 2024

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Aug 26, 2024
edited by mo-auto
Loading

closes #9179

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #9268,

@yurem
feat(jans-core): use DB document store by default
eaf3c79 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Aug 26, 2024
edited
Loading

DryRun Security Summary

The pull request includes changes to the Jans application's configuration, such as transitioning to a database-based document store, updating the SMTP configuration with sensitive information, and configuring an LDAP-based authentication mechanism, all of which require careful security review to ensure proper access controls, encryption, and data protection measures are in place.

Expand for full summary

Summary:

The code changes in this pull request are related to the configuration settings for the Jans application. The key changes include the transition from a local document store to a database-based document store, updates to the SMTP configuration that contain sensitive information, and the configuration of an LDAP-based authentication mechanism.

From a security perspective, these changes require careful review to ensure that proper access controls, encryption, and data protection measures are in place for the database storage, the SMTP configuration is properly secured, and the LDAP authentication process is implemented securely, including the use of SSL/TLS. Additionally, the miscellaneous configuration changes should be reviewed to understand their purpose and potential security implications within the overall application architecture.

Files Changed:

  • jans-linux-setup/jans_setup/templates/configuration.ldif: This file contains the configuration settings for the Jans application, including the following changes:
    1. Document Store Configuration: The jansDocStoreConf configuration has been changed from using a "LOCAL" document store to a "DB" (database) document store, which may impact the way sensitive data is stored and accessed.
    2. SMTP Configuration: The jansSmtpConf configuration contains sensitive information, such as the key store file name, password, and signing algorithm, which need to be properly secured.
    3. LDAP Authentication Configuration: The jansDbAuth configuration sets up an LDAP-based authentication mechanism, which requires review to ensure the security of the authentication process, including the use of SSL/TLS.
    4. Miscellaneous Configuration: The jansOrgProfileMgt and jansScimEnabled settings are included in the configuration, and their security implications should be reviewed in the context of the overall application architecture.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@yurem yurem enabled auto-merge (squash) August 26, 2024 10:21
@mo-auto mo-auto added comp-jans-core Component affected by issue or PR comp-jans-linux-setup Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Aug 26, 2024
@mo-auto mo-auto mentioned this pull request Aug 26, 2024
Closed
@mo-auto
Copy link
Member

mo-auto commented Aug 26, 2024

Error: Hi @yurem, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@yurem yurem merged commit 7408954 into main Aug 26, 2024
11 checks passed
@yurem yurem deleted the issue_9179 branch August 26, 2024 10:30
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@yurem
feat(jans-core): use DB document store by default (#9267)
06b893e 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Former-commit-id: 7408954
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyz yuriyz yuriyz approved these changes

@devrimyatar devrimyatar devrimyatar approved these changes

@yuriyzz yuriyzz Awaiting requested review from yuriyzz yuriyzz is a code owner

Assignees
No one assigned
Labels
comp-jans-core Component affected by issue or PR comp-jans-linux-setup Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
4 participants
@yurem @mo-auto @yuriyz @devrimyatar