chore(cloud-native): sync assets to OCI images

[iromli]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8833

Sub issues: closes #8820, closes #8818, closes #8804

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	7 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	12 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on updating various Docker images and configurations related to the Janssen (previously known as Gluu) application. The changes span multiple components, including the Auth Server, Configurator, Persistence Loader, SAML, and Key Connector Scheduler.

From an application security perspective, the changes appear to be generally focused on improving the security and reliability of the application. Key security-related updates include:

1. Updating dependencies and versions to address potential vulnerabilities.
2. Implementing secure configuration practices, such as using environment variables for sensitive information, enabling SSL/TLS for database connections, and creating non-root users.
3. Enhancing security-related functionality, such as password hashing, token management, and access control.
4. Improving monitoring and observability through health checks, metrics, and logging.

However, it's important to review the specific changes in each component and their broader context to ensure that there are no unintended security implications. Aspects such as input validation, credential management, and the handling of sensitive data should be carefully evaluated.

Files Changed:

• docker-jans-auth-server/scripts/lock.py: The changes introduce a new base endpoint configuration for the jans-auth application.
• docker-jans-all-in-one/Dockerfile: The changes update the source code version and ensure secure deployment practices, such as creating a non-root user and configuring Nginx.
• docker-jans-auth-server/scripts/upgrade.py: The changes update the configuration for the Jans Auth Server, including the base endpoint and various other security-related settings.
• docker-jans-auth-server/Dockerfile: The changes update dependencies, synchronize assets, and improve security-related configurations, such as Jetty server settings and non-root user creation.
• docker-jans-config-api/Dockerfile: The changes update the source code version and configure the environment for the Jans Config API.
• docker-jans-configurator/Dockerfile: The changes update the source code version and configure the environment for the Jans Configurator.
• docker-jans-casa/Dockerfile: The changes update the source code version and configure the environment for the Jans Casa (Client-Assisted Server Authentication) application.
• docker-jans-kc-scheduler/Dockerfile: The changes update the source code version and configure the environment for the Jans Key Connector Scheduler.
• docker-jans-link/Dockerfile: The changes update the source code version for the Jans Link server.
• docker-jans-fido2/Dockerfile: The changes update the source code version and configure the environment for the Jans FIDO2 server.
• docker-jans-keycloak-link/Dockerfile: The changes update the source code version and configure the environment for the Jans Keycloak Link server.
• docker-jans-persistence-loader/Dockerfile: The changes update the source code version and configure the environment for the Jans Persistence Loader.
• docker-jans-persistence-loader/scripts/upgrade.py: The changes update the configuration for the Jans Persistence Loader, including updates to the LDIF file mappings and other security-related settings.
• docker-jans-saml/Dockerfile: The changes update the source code version and configure the environment for the Jans SAML application.
• docker-jans-saml/scripts/bootstrap.py: The changes configure the Keycloak integration and persistence settings for the Jans SAML application.
• docker-jans-saml/scripts/entrypoint.sh: The changes configure the Java options and optimize the Keycloak server for the Jans SAML application.
• docker-jans-saml/scripts/healthcheck.py: The changes update the health check functionality for the Jans SAML application.
• docker-jans-saml/scripts/configure_kc.py: The changes configure the Keycloak instance for the Jans SAML integration.
• docker-jans-saml/templates/jans-ldap.properties: The changes configure the LDAP connection settings for the Jans SAML application.
• docker-jans-saml/templates/jans-pgsql.properties: The changes configure the PostgreSQL database connection settings for the Jans SAML application.

Powered by DryRun Security