yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/2021-W08.org

299 lines
7.5 KiB
Org Mode
Raw Normal View History

2021-W08.org
2021-08-17 12:47:04 +00:00
** 2021-W08
*** 2021-02-22 Monday
**** MEETING Core Team: SecureX Account Activation Optimization :work:meeting:
:LOGBOOK:
CLOCK: [2021-02-22 Mon 16:02]--[2021-02-23 Tue 08:47] => 16:45
:END:
[2021-02-22 Mon 16:02]
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*revision chaudiere][revision chaudiere]]
#+begin_quote
Meeting Agenda:
* Discussion to drive forward SecureX Account Activation Optimization Q3 efforts
* Account Creation Workflow
* CSA Migration (has it own dedicated work stream but is there anything impacting the overall initiative?)
* Firepower Onboarding (has it own dedicated work stream but is there anything impacting the overall initiative?)
* Workflow
* Role Based Access
* Module Addition/Health Workflow
* Status of action items from last core team call
* What help is needed (decisions, clarity, etc.)
* Any blockers or issues?
#+end_quote
- http://github.com/threatgrid/response/issues/567
Doing in Q3.
Most conversation is good.
Agenda:
@Jyoti, this is a huge item.
Audience in this meeting is too big.
Where to track.
Some github issue are dead.
Namrata: focus on first 3 items.
Martin: item named workflow, don't know what that is.
Module Addition.
*** 2021-02-23 Tuesday
**** CHAT webex morning routine :work:chat:
:LOGBOOK:
CLOCK: [2021-02-23 Tue 08:47]--[2021-02-23 Tue 09:47] => 1:00
:END:
[2021-02-23 Tue 08:47]
***** CSA Migration
- https://jira-eng-rtp3.cisco.com/jira/browse/VOL-3882
***** DONE Houman
SCHEDULED: <2021-02-23 Tue 16:00>
@Houman
Hi Yann - something for tomorrow, none of the QA orgs in TEST or INT are
showing the registered devices in SSE.
When I cross launch to SSE, I am able to see the devices, but in SecureX
there is no device.
Both are AMP orgs and already migrated.
Here are the org IDs:
#+begin_src
c395f3c8-723b-4d15-b8b7-e17bec459c6b
cc6a35bc-1739-4fcd-a285-aa95adbd5e41
#+end_src
Could you please take a look and unblock QA orgs?
****** Investigation
INT org
#+begin_src js
{
"id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b",
"name": "adminctrqa",
"enabled?": true,
"created-at": "2019-04-04T20:33:53.033Z",
"idp-mapping": {
"idp": "idb-amp-staging",
"enabled?": true,
"organization-id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b"
},
"scim-status": "activated",
"additional-scopes": [
"iroh-admin",
"iroh-master",
"iroh-auth",
"sse",
"cisco"
]
}
#+end_src
Contains =idp-mapping=.
Logs during OIDC does not contain it:
The client claim-aliases looks ok:
#+begin_src
"id-token-aliases": [
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg-staging": "TG",
"idb-amp-staging": "AMP"
},
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
},
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg-staging": "TG",
"idb-amp-staging": "AMP"
},
"claim-to-alias": "idp-mapping-idp"
},
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg-staging": "TG",
"idb-amp-staging": "AMP"
},
"claim-to-alias": "old-idp-mapping-idp"
},
#+end_src
*** 2021-02-24 Wednesday
**** MEETING Fix SSE client :work:meeting:
:LOGBOOK:
CLOCK: [2021-02-24 Wed 18:33]--[2021-02-25 Thu 18:07] => 23:34
:END:
[2021-02-24 Wed 18:33]
client PATCH
TEST:
#+begin_src js
{"id-token-aliases": [
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg": "TG",
"threatgrid":"TG",
"idb-amp": "AMP",
"idb-tg-staging": "TG",
"idb-amp-staging": "AMP"
},
"default-value": "AMP",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
},
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg": "TG",
"threatgrid":"TG",
"idb-amp": "AMP",
"idb-tg-staging": "TG",
"idb-amp-staging": "AMP"
},
"claim-to-alias": "idp-mapping-idp"
},
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg": "TG",
"threatgrid":"TG",
"idb-amp": "AMP",
"idb-tg-staging": "TG",
"idb-amp-staging": "AMP"
},
"claim-to-alias": "old-idp-mapping-idp"
},
{
"alias": "companyId",
"replace-value": [
[
"^threatgrid[:]",
""
]
],
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id"
},
{
"alias": "companyId",
"replace-value": [
[
"^threatgrid[:]",
""
]
],
"claim-to-alias": "idp-mapping-organization-id"
},
{
"alias": "companyId",
"replace-value": [
[
"^threatgrid[:]",
""
]
],
"claim-to-alias": "old-idp-mapping-organization-id"
},
{
"alias": "companyName",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name"
},
{
"alias": "user_name",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name"
},
{
"alias": "user_email",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email"
},
{
"alias": "role",
"case-value": {
"admin": "admin",
"master": "admin",
"iroh-admin": "admin"
},
"default-value": "user",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role"
}
]}
#+end_src
**** IN-PROGRESS continue the day :work:
:LOGBOOK:
CLOCK: [2021-02-24 Wed 17:04]--[2021-02-24 Wed 18:33] => 1:29
:END:
[2021-02-24 Wed 17:04]
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Notes][Notes]]
**** MEETING dev weekly :work:meeting:
:LOGBOOK:
CLOCK: [2021-02-24 Wed 15:55]--[2021-02-24 Wed 17:04] => 1:09
:END:
[2021-02-24 Wed 15:55]
***** Weekly status
****** commits
IROH:
- Provisioning: organization-id added to idp-mapping (#4855)
- Use entities in DB during SSE id-token generation (#4844) …
- Added tests to verify #4808 (#4817) …
- Hide provisioning API routes (#4835)
- OAuth2 client availabilty restriction for non admin (#4820) …
- Prevent user merge by email for some IdP (#4819) …
Tenzin-config:
Provisioning API in PROD (#375)
Mark some IdP as safe for email (#374)
****** Reviews
- Extract `user->identity` helper
- RFC Problem Statement: Managing transitive dependencies for "test" jars
- Add schema validation for `gen-jwt`
- Use EmailService in iroh-feedback
- RFC: Prevent dependency confusion attack on our code base
- Add a `svc-helper` for `iroh-int.test-helpers.auth`
****** Issues
- [ ] Write tests for #4844
- [ ] Update SSE Clients
- [X] SSE wrong org object passed to id_token generation
- [X] Prevent merge user by email for TG accounts
- [X] Claim aliases bug fix
- [X] Prevent non-admin users to create client with availability "Org"
****** Webex
***** Notes
- Yann:
+ CSA Migration, Talk about SSE, and release.
- Guillaume:
+ CSA Migration
+ Status API route
+ FMC
- Rob:
+ discussion about Ben Greenbaum and Umbrella module (409 hit)
- Ag:
+ Bundle assets
- Ambrose:
+ Fixed the cron-job
+ finished email service
+ research work about problem statement
Real Work™ discussion.
Reference in a new issue Copy permalink