Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-auth-server): add externalUriWhiteList configuration property before call external uri from AS #3130

Closed
6 tasks
yuriyz opened this issue Nov 30, 2022 · 0 comments · Fixed by #3425
Closed
6 tasks

feat(jans-auth-server): add externalUriWhiteList configuration property before call external uri from AS #3130

yuriyz opened this issue Nov 30, 2022 · 0 comments · Fixed by #3425
Assignees
@yuriyz
Labels
comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request
Milestone
1.0.6

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Nov 30, 2022

Description

Add externalUriWhiteList configuration property before call external uri.

For request_uri we restrict uri in client directly. In addition we have requestUriBlockList. However we don't have anything for jwks_uri. Or check for uri injected into SSA. Such cases must go via new externalUriWhiteList configuration property.

If property is not set then external uri call is not restricted.

Motivation: #2980

Test cases and code coverage

  • Write unit test to cover added/changed code
  • Update integration tests to cover added/changed code

Document the changes

  • task for updating user guides if needed
  • task for updating installation and configuration guides if needed
  • task for updating developer documentation if needed
  • task for updating technical documentation if needed
@yuriyz yuriyz added comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Nov 30, 2022
@yuriyz yuriyz added this to the 1.0.5 milestone Nov 30, 2022
@yuriyz yuriyz self-assigned this Nov 30, 2022
@moabu moabu modified the milestones: 1.0.5, 1.0.6 Dec 1, 2022
yuriyz added a commit that referenced this issue Dec 27, 2022
@yuriyz
feat(jans-auth-server): added externalUriWhiteList configuration prop…
4a5b190 
…erty before call external uri from AS #3130
@yuriyz yuriyz mentioned this issue Dec 27, 2022
Merged
yuriyz added a commit that referenced this issue Dec 27, 2022
@yuriyz
feat(jans-auth-server): added externalUriWhiteList configuration prop…
6c7df6f 
…erty before call external uri from AS #3130 (#3425)
@mo-auto3 mo-auto3 mentioned this issue Jan 9, 2023
Merged
@mo-auto mo-auto mentioned this issue Jan 9, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
1.0.6
2 participants
@yuriyz @moabu