From e9586172191fc1490d9906ef9163d3400f6d36f1 Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Tue, 17 Sep 2024 16:50:36 +0200 Subject: [PATCH] Add notifications for linked users (#142) Notifications introduced in https://github.com/neo-technology/neo4j/pull/25227 (merged, but behind feature flag). Feature flag removed in https://github.com/neo-technology/neo4j/pull/26923. --- modules/ROOT/pages/changelogs.adoc | 2 + .../notifications/all-notifications.adoc | 101 ++++++++++++++++++ 2 files changed, 103 insertions(+) diff --git a/modules/ROOT/pages/changelogs.adoc b/modules/ROOT/pages/changelogs.adoc index e28a8798..4c18af52 100644 --- a/modules/ROOT/pages/changelogs.adoc +++ b/modules/ROOT/pages/changelogs.adoc @@ -9,6 +9,8 @@ ----- Neo.ClientNotification.Statement.RedundantOptionalProcedure Neo.ClientNotification.Statement.RedundantOptionalSubquery +Neo.ClientNotification.Security.AuthProviderNotDefined +Neo.ClientNotification.Security.ExternalAuthNotEnabled ----- == Neo4j 5.23 diff --git a/modules/ROOT/pages/notifications/all-notifications.adoc b/modules/ROOT/pages/notifications/all-notifications.adoc index ac6fc60a..ef54a7de 100644 --- a/modules/ROOT/pages/notifications/all-notifications.adoc +++ b/modules/ROOT/pages/notifications/all-notifications.adoc @@ -2726,6 +2726,107 @@ Use `DATABASE *` without the parameter to revoke the privilege on all databases. ====== ===== +[#_neo_clientnotification_security_authprovidernotdefined] +=== AuthProviderNotDefined + +.Notification details +[cols="<1s,<4"] +|=== +|Code +m|Neo.ClientNotification.Security.AuthProviderNotDefined +|Title +a|The auth provider is not defined. +|Description +a|The auth provider `` is not defined in the configuration. +Verify that the spelling is correct or define `` in the configuration. +|Severity +m|INFORMATION +|Category +m|SECURITY +|=== + +.Create a user with an auth provider that is not defined in the configuration +==== +Command:: ++ +[source, cypher] +---- +CREATE USER foo SET AUTH 'unknownProvider' { SET ID 'idString' } +---- + +Description of the returned code:: +The auth provider `unknownProvider` is not defined in the configuration. +Verify that the spelling is correct or define `unknownProvider` in the configuration. + +Suggestions for improvement:: +Make sure that the given provider is correct, or replace it if not. +If it is correct, make sure to add it as a known auth provider in one or both of `dbms.security.authentication_providers` and `dbms.security.authorization_providers`. +==== + +.Alter a user to add an auth provider that is not defined in the configuration +==== +Command:: ++ +[source, cypher] +---- +ALTER USER foo SET AUTH 'unknownProvider' { SET ID 'idString' } +---- + +Description of the returned code:: +The auth provider `unknownProvider` is not defined in the configuration. +Verify that the spelling is correct or define `unknownProvider` in the configuration. + +Suggestions for improvement:: +Make sure that the given provider is correct, or replace it if not. +If it is correct, make sure to add it as a known auth provider in one or both of `dbms.security.authentication_providers` and `dbms.security.authorization_providers`. +==== + +[#_neo_clientnotification_security_externalauthnotenabled] +=== ExternalAuthNotEnabled + +.Notification details +[cols="<1s,<4"] +|=== +|Code +m|Neo.ClientNotification.Security.ExternalAuthNotEnabled +|Title +a|External auth for user is not enabled. +|Description +a|Use setting `dbms.security.require_local_user` to enable external auth. +|Severity +m|WARNING +|Category +m|SECURITY +|=== + +.Create a user with an external auth provider when linked users are not enabled +==== +Command:: ++ +[source, cypher] +---- +CREATE USER foo SET AUTH 'exampleProvider' { SET ID 'idString' } +---- + +Suggestions for improvement:: +Enable linked users through the `dbms.security.require_local_user` setting. +Until enabled, the new external auth will be ignored, and current external auth behaviors will continue to apply. +==== + +.Alter a user to add an external auth provider when linked users are not enabled +==== +Command:: ++ +[source, cypher] +---- +ALTER USER foo SET AUTH 'exampleProvider' { SET ID 'idString' } +---- + +Suggestions for improvement:: +Enable linked users through the `dbms.security.require_local_user` setting. +Until enabled, the new external auth will be ignored, and current external auth behaviors will continue to apply. +==== + [#_topology_notifications] == `TOPOLOGY` category