chore(docker-jans-saml): sync asset for OCI image

[iromli]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8858

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	1 finding
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	2 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes appear to be updates to the Docker images for the Janssen All-in-One (Jans AIO) and Janssen SAML (Security Assertion Markup Language) components. The key changes include updating the source code versions, syncing assets, and modifying configuration settings.

From an application security perspective, the main areas of focus should be:

1. Dependency Management: Ensure that the updated source code versions and external dependencies (e.g., Keycloak, Python packages) do not introduce any known security vulnerabilities.
2. Secrets Management: Review the handling of sensitive information, such as credentials and certificates, to ensure they are stored and managed securely (e.g., using Vault, Kubernetes Secrets).
3. Configuration Settings: Validate that the various environment variables, configuration files, and asset imports do not expose any sensitive information or introduce potential security issues.
4. Logging and Monitoring: Ensure that appropriate logging and monitoring mechanisms are in place to detect and respond to any security-related events or anomalies.

Overall, the code changes appear to be routine updates to the Janssen Docker images, and there are no immediate security concerns based on the provided information. However, it is crucial to thoroughly review the changes and their implementation to maintain the overall security posture of the application.

Files Changed:

1. docker-jans-all-in-one/Dockerfile:

   • The JANS_SOURCE_VERSION environment variable has been updated, indicating a change in the source code version.
   • Apart from the version update, there are no other significant changes in the Dockerfile.

2. docker-jans-saml/scripts/bootstrap.py:

   • The code updates the "keycloack_hostname" to "keycloak_hostname" in the context dictionary.
   • The code handles the generation and storage of various credentials, such as Keycloak admin credentials and client IDs/secrets.
   • The code imports LDIF files to configure the SAML setup, and it is crucial to ensure the LDIF files are properly validated.
   • The code generates a base64-encoded version of the "jans-saml-config.json" template, and it is important to ensure the template does not contain any sensitive information or vulnerabilities.

3. docker-jans-saml/Dockerfile:

   • The JANS_SOURCE_VERSION environment variable has been updated, indicating a change in the source code version.
   • The code changes include updating the process for syncing assets from the Janssen project repository.
   • The Docker image exposes a large number of environment variables related to configuration, and it is important to ensure these variables are properly secured.
   • The image uses several external dependencies, and it is crucial to keep these dependencies up-to-date and address any known vulnerabilities.
   • The code includes steps to adjust file permissions and ownership, which is a good security practice.
   • The image uses Vault and Kubernetes Secrets to manage sensitive information, and it is important to ensure these secret management systems are properly configured and secured.

Powered by DryRun Security