feat(jans-keycloak-integration): disable verify_profile required action #8863

[uprightech]

Closes #8863

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code change in this pull request appears to be disabling the "Verify Profile" required action in the Jans SAML configuration. From an application security perspective, this change should be carefully reviewed, as disabling required actions can have security implications and may reduce the overall security posture of the application.

The key concerns are that disabling the "Verify Profile" action could lead to users being able to authenticate without verifying their profile information, which could potentially introduce security risks, such as stale or inaccurate user data. Without additional context about the specific use case and the reasons for disabling this required action, it's difficult to fully assess the security implications. The security team should investigate the rationale and potential impact of this change to ensure that it does not introduce any security vulnerabilities or compromise the overall security of the application.

Files Changed:

• jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.disable-required-action-verify-profile.json: This file contains the code change that disables the "Verify Profile" required action in the Jans SAML configuration. The change sets the "enabled" property to "false" for the "VERIFY_PROFILE" required action, which means that users will no longer be required to verify their profile as part of the authentication process.

Powered by DryRun Security

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud