search

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
https://docs.jans.io
Apache License 2.0
479 stars 75 forks source link

feat(docs): session management #10252

Open devrimyatar opened 5 days ago

devrimyatar commented 5 days ago

Closes #10176

dryrunsecurity[bot] commented 5 days ago

DryRun Security Summary

The pull request enhances the session management capabilities of the Janssen Server, including adding documentation for searching, viewing, and deleting user sessions using the CLI, TUI, and REST API, which improves application security by allowing administrators to monitor and revoke user sessions.

Expand for full summary
**Summary:** The code changes in this pull request are focused on enhancing the session management capabilities of the Janssen Server. The changes include adding a new section to the documentation for "Session Management" under the "Auth Server Configuration" section, as well as providing detailed documentation and examples for searching, viewing, and deleting user sessions using the command-line interface (CLI), the text-based user interface (TUI), and the REST API. From an application security perspective, these changes are positive as they highlight the importance of session management in the context of authentication and authorization. The ability to monitor and revoke user sessions is a critical security feature, as it allows administrators to address scenarios where a user's account may have been compromised or when a user needs to be logged out of the system. Additionally, the use of access tokens for the REST API calls and the correct handling of percent encoding for special characters in the API endpoints demonstrate a focus on secure implementation. The documentation also covers various session management configuration options, such as session lifetimes, session invalidation, and session persistence, which are important for balancing usability and security. The availability of session revocation endpoints and the ability to add custom scripts to handle session events further enhance the security capabilities of the Janssen Server. **Files Changed:** 1. `mkdocs.yml`: This file has been updated to add a new section for "Session Management" under the "Auth Server Configuration" section in the Janssen Server documentation, indicating the importance of session management in the application. 2. `docs/janssen-server/config-guide/auth-server-config/session-management.md`: This new file provides detailed documentation and examples for searching, viewing, and deleting user sessions using the CLI, TUI, and REST API. It highlights the security benefits of these session management capabilities, such as monitoring and revoking user sessions. 3. `docs/janssen-server/auth-server/session-management/README.md`: This document provides an overview of session management in the Jans Auth Server, including details on session configuration, session invalidation, session revocation, and session event interception. It covers various security-related aspects of session management, such as session lifetime management, session persistence, and the availability of session revocation endpoints.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.