Add keys to authentication for XSRF - Githubissues

Altinn / altinn-studio

Next generation open source Altinn platform and applications.

https://docs.altinn.studio

BSD 3-Clause "New" or "Revised" License

115 stars 70 forks source link

Add keys to authentication for XSRF #7279

Closed TheTechArch closed 2 years ago

TheTechArch commented 3 years ago

Description

We need to configure shared keys between the different authentication pods similar to apps.

Currently this is used to validate state when validating OIDC login

In app we uses dataProtectionConfiguration https://github.com/Altinn/altinn-studio/blob/master/src/Altinn.Apps/AppTemplates/AspNet/Altinn.App.PlatformServices/Extensions/DataProtectionConfiguration.cs

Considerations

Separate key for platform or reuse from apps?
Store on disk as apps?
Kubernetes setup?

Ops requirements

Are there any requirements for monitoring? What is being built and what could go wrong? Are there any requirements related to backup?

Acceptance criteria

All authentication pods uses a shared key like apps

Specification tasks

[x] Development tasks are defined

Development tasks

[x] Extend provisioning script for platform cluster to include creation of a new container for keys- [ ] Update helm chart for authentication to mount the created volume
[x] Update authentication to store keys in blob storage
[x] QA
[x] Manual test in AT21 of pod startup
[x] Run provisioning script in all envs
- [x] AT
- [x] YT
- [x] TT ~~- [ ] Prod~~ Task in infra board
[x] Manual test

Test

[x] Login to app with login from OIDC provider

jeevananthank commented 2 years ago

test is complete. issue can be closed once all the tasks are complete for TT, YT, Prod.