docs: misc doc updates for SCIM Fido 2

[jgomer2001]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #4319

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request primarily focus on updates to the documentation for various security-related features and components of the Janssen Project, including the SCIM extension, the Super Gluu external authenticator, and the SCIM script interface.

The key security-related aspects of these changes are:

1. The removal of the "SCIM Extension" section from the "FIDO Admin Guide" suggests that the SCIM extension for FIDO2 authentication is no longer being maintained or supported in this version of the Janssen Project documentation.

2. The updated documentation for the Super Gluu external authenticator provides important details on the security mechanisms involved, such as the use of public-key encryption and challenge-response authentication, as well as the configuration steps required to enable this critical two-factor authentication feature.

3. The changes to the SCIM script interface documentation highlight the ability to customize the behavior of the SCIM API, including controlling access to resources and modifying search results. This demonstrates the need to thoroughly review any custom SCIM scripts to ensure they are not introducing security vulnerabilities.

4. The updates to the SCIM user management documentation provide guidance on working with the SCIM API, including details on FIDO2 device management, performance optimization, and the overall user registration process, all of which are important considerations for building secure and robust SCIM-based applications.

Files Changed:

1. mkdocs.yml: This file has been updated to remove the "SCIM Extension" section from the "FIDO Admin Guide" documentation, indicating that the SCIM extension for FIDO2 authentication is no longer being maintained or supported.

2. docs/script-catalog/person_authentication/super-gluu-external-authenticator/README.md: The documentation for the Super Gluu external authenticator has been updated, providing more details on the security mechanisms involved, the configuration steps required, and the different authentication flows supported.

3. docs/script-catalog/scim/README.md: The documentation for the SCIM script interface has been updated, including details on the available methods, the "manageResourceOperation" and "manageSearchOperation" methods, and an example implementation of user base segmentation based on access control.

4. docs/admin/usermgmt/usermgmt-scim.md: The documentation for SCIM user management has been updated, including information on FIDO2 device management, potential performance issues with the SCIM Group endpoints, and guidance on implementing a secure user registration process using the SCIM API.

Powered by DryRun Security