chore(cloud-native): sync assets for OCI images

[iromli]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8777

Implementation Details

• add validation for default auth method (docker-jans-config-api)
• apply password validation (docker-jans-scim)

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	1 finding
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	2 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes are part of the upgrade process for the Janssen SCIM (System for Cross-domain Identity Management) and Janssen Config API applications. The changes focus on maintaining the consistency and proper configuration of these components within the Jans platform.

From an application security perspective, the key changes include:

1. Updating Client Scopes and Dynamic Configuration: The changes ensure that the client scopes and SCIM dynamic configuration are up-to-date, which helps maintain the principle of least privilege and reduces the risk of unauthorized access.

2. Improving Redirect URI and API Configuration: The changes related to the client redirect URI and the API dynamic configuration help prevent unauthorized access and improve the overall security posture of the applications.

3. Maintaining Scope Management: The updates to the client and test client scopes ensure that the clients have access to the appropriate resources, which is a crucial aspect of OAuth 2.0 and OpenID Connect security.

4. Dependency and Configuration Management: The Dockerfile changes update the SCIM server version, Janssen source version, and various configuration settings. It's important to review these changes to ensure that any known security vulnerabilities in the updated dependencies are addressed and that the configurations are properly secured.

Overall, the code changes appear to be focused on maintaining the security and stability of the Janssen SCIM and Janssen Config API applications through the upgrade process.

Files Changed:

• docker-jans-scim/scripts/upgrade.py: The changes in this file focus on updating the client scopes and SCIM dynamic configuration to ensure that the necessary settings are in place.
• docker-jans-config-api/scripts/upgrade.py: The changes in this file focus on updating the client redirect URI, API dynamic configuration, client scopes, and scope creator attributes to maintain the security and stability of the Janssen Config API application.
• docker-jans-scim/Dockerfile: The changes in this Dockerfile update the SCIM server version and Janssen source version, and also include security-related configurations, such as creating a non-root user and adjusting file permissions.
• docker-jans-config-api/Dockerfile: The changes in this Dockerfile update the Janssen Config API server version and Janssen source version, and include various configuration settings that should be reviewed for security implications.

Powered by DryRun Security