Implement Method to Mask Content in Adaptive Authentication Scripts

[dhaura]

Purpose

There is an already written logger util method called LoggerUtils.getMaskedContent() [1] which is used to mask PII in backend components (ex: [2][3]) but currently, this is not exposed to adaptive authentication scripts. Hence, this PR includes exposing this masking method to adaptive authentication scripts through one of the conditional auth utility functions [4].

Goals

Expose masking capability to adaptive authentication scripts.

Approach

A summary of the implemented method is as follows.

• Method Name: getMaskedValue
• Input Parameters: String value [Value to be masked] (ex: [email protected])
• Return Type: String [Masked value] (ex: j***************m)
• Functionality:
  • Always mask the given value and return it.

User stories

For debugging purposes, if there is a need to add some logs including PII then it can be masked using the above method. Consider the following example.

var onLoginRequest = function(context) {
    executeStep(1, {
        onSuccess: function(context) {
                var email = context.currentKnownSubject.username;
                Log.info("Email of the logged user : " + getMaskedValue(email));
            }
        },
    });
};

Release note

A new utility function (getMaskedValue) is introduced to mask content in adaptive authentication scripts.

Documentation

• [Docs] Introduction of New Conditional Auth Utility Function: getMaskedValue wso2/product-is#20545

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to [email protected] and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Covered with this PR.

• Integration tests

  N/A

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes
• Ran FindSecurityBugs plugin and verified report? yes
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes

Samples

Provide high-level details about the samples related to this feature

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

• JDK version: 11
• OS: macos Sonoma
• Database: mssql
• Browser: Firefox

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Refrences

[1] - https://github.com/wso2/carbon-identity-framework/blob/e100a46b3431bbc676c2410ad00adc5926f2c0fb/components/central-logger/org.wso2.carbon.identity.central.log.mgt/src/main/java/org/wso2/carbon/identity/central/log/mgt/utils/LoggerUtils.java#L255-L261
[2] - https://github.com/wso2/carbon-identity-framework/blob/e100a46b3431bbc676c2410ad00adc5926f2c0fb/components/user-mgt/org.wso2.carbon.user.mgt/src/main/java/org/wso2/carbon/user/mgt/listeners/UserManagementAuditLogger.java#L193
[3] - https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/61d5bbb98d68b031a3540b7fff48e8f090474455/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java#L188
[4] - https://github.com/wso2-extensions/identity-conditional-auth-functions/tree/master/components/org.wso2.carbon.identity.conditional.auth.functions.utils

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/9444244875

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/9444244875
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/9444244875

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/9448310872

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/9448310872
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/9448310872

[jenkins-is-staging]

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/9477258111

[jenkins-is-staging]

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/9477258111
Status: success

[jenkins-is-staging]

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/9477258111