Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-73849] Adding token and SSL verification disabling check for FIPS #1

Closed
wants to merge 16 commits into from
Closed

[JENKINS-73849] Adding token and SSL verification disabling check for FIPS #1

wants to merge 16 commits into from

Conversation

PereBueno
Copy link

When in FIPs mode SSL and token verificaiton can not be disabled.
This change adds a form validation that will warn the user, fails with an IllegalArgumentException if trying to save regardless the warning and checks values on readResolve, in case config file was manually modified.

Testing done

Added 3 tests and checked manually.

### Submitter checklist
- [ ] Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch!
- [ ] Ensure that the pull request title represents the desired changelog entry
- [ ] Please describe what you did
- [ ] Link to relevant issues in GitHub or Jira
- [ ] Link to relevant pull requests, esp. upstream and downstream changes
- [ ] Ensure you have provided tests - that demonstrates feature works or fixes the issue

jtnord and others added 3 commits September 27, 2024 12:33
@jtnord
Replace EOL Google Oauth library
6e17311 
This changes the Google OAuth library which is in maintainance mode with
a supported library (nimbusds via pac4j)

The library requires that the Issuer is set to enforce security and
there is no option to disable this requirement as it is mandated in the
specificiation.  As such users must first update to 4.355.v3a_fb_fca_b_96d4
to set the Issuer before updating to this version.

fixes: jenkinsci#313
@PereBueno
[JENKINS-73849] added validations for ssl & token verification disabling
76a9620
@PereBueno
[JENKINS-73849] testing the feature
176faeb
@jtnord
Replace EOL Google Oauth library
d7120c5 
This changes the Google OAuth library which is in maintainance mode with
a supported library (nimbusds via pac4j)

The library requires that the Issuer is set to enforce security and
there is no option to disable this requirement as it is mandated in the
specificiation.  As such users must first update to 4.355.v3a_fb_fca_b_96d4
to set the Issuer before updating to this version.

fixes: jenkinsci#313
@jtnord jtnord force-pushed the pac4j branch 7 times, most recently from b6041de to 60fc090 Compare October 4, 2024 12:00
@PereBueno PereBueno requested a review from jtnord October 9, 2024 09:01
@PereBueno PereBueno mentioned this pull request Oct 9, 2024
Merged
6 tasks
@PereBueno PereBueno mentioned this pull request Oct 11, 2024
Merged
6 tasks
@PereBueno
Copy link
Author

Now in the real repo jenkinsci#423

@PereBueno PereBueno closed this Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fcojfernandez fcojfernandez fcojfernandez approved these changes

@jtnord jtnord Awaiting requested review from jtnord

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PereBueno @jtnord @fcojfernandez