fix: avoid user provisioning when user already exists

[jgomer2001]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8734

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	1 finding
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are primarily focused on updating the documentation and improving the functionality of the account linking feature in the Casa application. The changes do not appear to introduce any significant security concerns, but as an application security engineer, it is important to review the overall security of the Casa application and its integrated components.

The documentation update changes the link to the "Accounts linking" plugin documentation, which is a benign change. However, it is crucial to review the security of the Casa application, including input validation, authentication and authorization mechanisms, sensitive data handling, secure communication, and secure configuration and deployment practices.

The changes to the UidUtils class in the acct-linking plugin are aimed at improving the lookup and management of user identifiers (UIDs) and their association with external accounts. While these changes do not directly introduce security vulnerabilities, it is important to ensure that the caching, UID generation, and attribute management mechanisms are properly implemented and do not introduce any security risks, such as collisions, predictability, or injection vulnerabilities.

Files Changed:

1. docs/casa/index.md: The link to the "Accounts linking" plugin documentation has been updated from ./plugins/accts-linking/index.md to ./plugins/accts-linking/account-linking-index.md. This change does not introduce any security concerns, but the overall security of the Casa application should be reviewed.

2. jans-casa/plugins/acct-linking/extras/agama/lib/io/jans/casa/acctlinking/UidUtils.java: The changes in this file are related to the UidUtils class, which is responsible for managing user identifiers (UIDs) and their association with external accounts. The key changes include the lookupUid method for finding the appropriate UID, the use of a cache to store UID references, and the attrValuesAdding method for adding new values to user attributes. While these changes do not directly introduce security vulnerabilities, it is important to ensure that the caching, UID generation, and attribute management mechanisms are properly implemented and do not introduce any security risks.

Powered by DryRun Security

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud