299 lines
7.5 KiB
Org Mode
299 lines
7.5 KiB
Org Mode
|
** 2021-W08
|
|||
|
*** 2021-02-22 Monday
|
|||
|
**** MEETING Core Team: SecureX Account Activation Optimization :work:meeting:
|
|||
|
:LOGBOOK:
|
|||
|
CLOCK: [2021-02-22 Mon 16:02]--[2021-02-23 Tue 08:47] => 16:45
|
|||
|
:END:
|
|||
|
[2021-02-22 Mon 16:02]
|
|||
|
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*revision chaudiere][revision chaudiere]]
|
|||
|
|
|||
|
#+begin_quote
|
|||
|
Meeting Agenda:
|
|||
|
|
|||
|
* Discussion to drive forward SecureX Account Activation Optimization Q3 efforts
|
|||
|
|
|||
|
* Account Creation Workflow
|
|||
|
* CSA Migration (has it own dedicated work stream – but is there anything impacting the overall initiative?)
|
|||
|
* Firepower Onboarding (has it own dedicated work stream – but is there anything impacting the overall initiative?)
|
|||
|
* Workflow
|
|||
|
* Role Based Access
|
|||
|
* Module Addition/Health Workflow
|
|||
|
|
|||
|
* Status of action items from last core team call
|
|||
|
* What help is needed (decisions, clarity, etc.)
|
|||
|
* Any blockers or issues?
|
|||
|
#+end_quote
|
|||
|
|
|||
|
- http://github.com/threatgrid/response/issues/567
|
|||
|
|
|||
|
Doing in Q3.
|
|||
|
|
|||
|
Most conversation is good.
|
|||
|
|
|||
|
Agenda:
|
|||
|
|
|||
|
@Jyoti, this is a huge item.
|
|||
|
Audience in this meeting is too big.
|
|||
|
|
|||
|
Where to track.
|
|||
|
Some github issue are dead.
|
|||
|
|
|||
|
Namrata: focus on first 3 items.
|
|||
|
Martin: item named workflow, don't know what that is.
|
|||
|
|
|||
|
Module Addition.
|
|||
|
*** 2021-02-23 Tuesday
|
|||
|
**** CHAT webex morning routine :work:chat:
|
|||
|
:LOGBOOK:
|
|||
|
CLOCK: [2021-02-23 Tue 08:47]--[2021-02-23 Tue 09:47] => 1:00
|
|||
|
:END:
|
|||
|
[2021-02-23 Tue 08:47]
|
|||
|
***** CSA Migration
|
|||
|
- https://jira-eng-rtp3.cisco.com/jira/browse/VOL-3882
|
|||
|
***** DONE Houman
|
|||
|
SCHEDULED: <2021-02-23 Tue 16:00>
|
|||
|
|
|||
|
@Houman
|
|||
|
|
|||
|
Hi Yann - something for tomorrow, none of the QA orgs in TEST or INT are
|
|||
|
showing the registered devices in SSE.
|
|||
|
When I cross launch to SSE, I am able to see the devices, but in SecureX
|
|||
|
there is no device.
|
|||
|
Both are AMP orgs and already migrated.
|
|||
|
Here are the org IDs:
|
|||
|
|
|||
|
#+begin_src
|
|||
|
c395f3c8-723b-4d15-b8b7-e17bec459c6b
|
|||
|
cc6a35bc-1739-4fcd-a285-aa95adbd5e41
|
|||
|
#+end_src
|
|||
|
|
|||
|
Could you please take a look and unblock QA orgs?
|
|||
|
****** Investigation
|
|||
|
|
|||
|
INT org
|
|||
|
|
|||
|
#+begin_src js
|
|||
|
{
|
|||
|
"id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b",
|
|||
|
"name": "adminctrqa",
|
|||
|
"enabled?": true,
|
|||
|
"created-at": "2019-04-04T20:33:53.033Z",
|
|||
|
"idp-mapping": {
|
|||
|
"idp": "idb-amp-staging",
|
|||
|
"enabled?": true,
|
|||
|
"organization-id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b"
|
|||
|
},
|
|||
|
"scim-status": "activated",
|
|||
|
"additional-scopes": [
|
|||
|
"iroh-admin",
|
|||
|
"iroh-master",
|
|||
|
"iroh-auth",
|
|||
|
"sse",
|
|||
|
"cisco"
|
|||
|
]
|
|||
|
}
|
|||
|
#+end_src
|
|||
|
|
|||
|
Contains =idp-mapping=.
|
|||
|
Logs during OIDC does not contain it:
|
|||
|
|
|||
|
The client claim-aliases looks ok:
|
|||
|
|
|||
|
#+begin_src
|
|||
|
"id-token-aliases": [
|
|||
|
{
|
|||
|
"alias": "spId",
|
|||
|
"case-value": {
|
|||
|
"sxso": "SXSO",
|
|||
|
"idb-tg-staging": "TG",
|
|||
|
"idb-amp-staging": "AMP"
|
|||
|
},
|
|||
|
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "spId",
|
|||
|
"case-value": {
|
|||
|
"sxso": "SXSO",
|
|||
|
"idb-tg-staging": "TG",
|
|||
|
"idb-amp-staging": "AMP"
|
|||
|
},
|
|||
|
"claim-to-alias": "idp-mapping-idp"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "spId",
|
|||
|
"case-value": {
|
|||
|
"sxso": "SXSO",
|
|||
|
"idb-tg-staging": "TG",
|
|||
|
"idb-amp-staging": "AMP"
|
|||
|
},
|
|||
|
"claim-to-alias": "old-idp-mapping-idp"
|
|||
|
},
|
|||
|
#+end_src
|
|||
|
*** 2021-02-24 Wednesday
|
|||
|
**** MEETING Fix SSE client :work:meeting:
|
|||
|
:LOGBOOK:
|
|||
|
CLOCK: [2021-02-24 Wed 18:33]--[2021-02-25 Thu 18:07] => 23:34
|
|||
|
:END:
|
|||
|
[2021-02-24 Wed 18:33]
|
|||
|
|
|||
|
client PATCH
|
|||
|
|
|||
|
TEST:
|
|||
|
|
|||
|
#+begin_src js
|
|||
|
{"id-token-aliases": [
|
|||
|
{
|
|||
|
"alias": "spId",
|
|||
|
"case-value": {
|
|||
|
"sxso": "SXSO",
|
|||
|
"idb-tg": "TG",
|
|||
|
"threatgrid":"TG",
|
|||
|
"idb-amp": "AMP",
|
|||
|
"idb-tg-staging": "TG",
|
|||
|
"idb-amp-staging": "AMP"
|
|||
|
},
|
|||
|
"default-value": "AMP",
|
|||
|
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "spId",
|
|||
|
"case-value": {
|
|||
|
"sxso": "SXSO",
|
|||
|
"idb-tg": "TG",
|
|||
|
"threatgrid":"TG",
|
|||
|
"idb-amp": "AMP",
|
|||
|
"idb-tg-staging": "TG",
|
|||
|
"idb-amp-staging": "AMP"
|
|||
|
},
|
|||
|
"claim-to-alias": "idp-mapping-idp"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "spId",
|
|||
|
"case-value": {
|
|||
|
"sxso": "SXSO",
|
|||
|
"idb-tg": "TG",
|
|||
|
"threatgrid":"TG",
|
|||
|
"idb-amp": "AMP",
|
|||
|
"idb-tg-staging": "TG",
|
|||
|
"idb-amp-staging": "AMP"
|
|||
|
|
|||
|
},
|
|||
|
"claim-to-alias": "old-idp-mapping-idp"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "companyId",
|
|||
|
"replace-value": [
|
|||
|
[
|
|||
|
"^threatgrid[:]",
|
|||
|
""
|
|||
|
]
|
|||
|
],
|
|||
|
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "companyId",
|
|||
|
"replace-value": [
|
|||
|
[
|
|||
|
"^threatgrid[:]",
|
|||
|
""
|
|||
|
]
|
|||
|
],
|
|||
|
"claim-to-alias": "idp-mapping-organization-id"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "companyId",
|
|||
|
"replace-value": [
|
|||
|
[
|
|||
|
"^threatgrid[:]",
|
|||
|
""
|
|||
|
]
|
|||
|
],
|
|||
|
"claim-to-alias": "old-idp-mapping-organization-id"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "companyName",
|
|||
|
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "user_name",
|
|||
|
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "user_email",
|
|||
|
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email"
|
|||
|
},
|
|||
|
{
|
|||
|
"alias": "role",
|
|||
|
"case-value": {
|
|||
|
"admin": "admin",
|
|||
|
"master": "admin",
|
|||
|
"iroh-admin": "admin"
|
|||
|
},
|
|||
|
"default-value": "user",
|
|||
|
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role"
|
|||
|
}
|
|||
|
]}
|
|||
|
#+end_src
|
|||
|
**** IN-PROGRESS continue the day :work:
|
|||
|
:LOGBOOK:
|
|||
|
CLOCK: [2021-02-24 Wed 17:04]--[2021-02-24 Wed 18:33] => 1:29
|
|||
|
:END:
|
|||
|
[2021-02-24 Wed 17:04]
|
|||
|
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Notes][Notes]]
|
|||
|
**** MEETING dev weekly :work:meeting:
|
|||
|
:LOGBOOK:
|
|||
|
CLOCK: [2021-02-24 Wed 15:55]--[2021-02-24 Wed 17:04] => 1:09
|
|||
|
:END:
|
|||
|
[2021-02-24 Wed 15:55]
|
|||
|
***** Weekly status
|
|||
|
****** commits
|
|||
|
|
|||
|
IROH:
|
|||
|
|
|||
|
- Provisioning: organization-id added to idp-mapping (#4855)
|
|||
|
- Use entities in DB during SSE id-token generation (#4844) …
|
|||
|
- Added tests to verify #4808 (#4817) …
|
|||
|
- Hide provisioning API routes (#4835)
|
|||
|
- OAuth2 client availabilty restriction for non admin (#4820) …
|
|||
|
- Prevent user merge by email for some IdP (#4819) …
|
|||
|
|
|||
|
Tenzin-config:
|
|||
|
|
|||
|
Provisioning API in PROD (#375)
|
|||
|
Mark some IdP as safe for email (#374)
|
|||
|
****** Reviews
|
|||
|
|
|||
|
- Extract `user->identity` helper
|
|||
|
- RFC Problem Statement: Managing transitive dependencies for "test" jars
|
|||
|
- Add schema validation for `gen-jwt`
|
|||
|
- Use EmailService in iroh-feedback
|
|||
|
- RFC: Prevent dependency confusion attack on our code base
|
|||
|
- Add a `svc-helper` for `iroh-int.test-helpers.auth`
|
|||
|
****** Issues
|
|||
|
|
|||
|
- [ ] Write tests for #4844
|
|||
|
- [ ] Update SSE Clients
|
|||
|
- [X] SSE wrong org object passed to id_token generation
|
|||
|
- [X] Prevent merge user by email for TG accounts
|
|||
|
- [X] Claim aliases bug fix
|
|||
|
- [X] Prevent non-admin users to create client with availability "Org"
|
|||
|
****** Webex
|
|||
|
***** Notes
|
|||
|
|
|||
|
- Yann:
|
|||
|
+ CSA Migration, Talk about SSE, and release.
|
|||
|
- Guillaume:
|
|||
|
+ CSA Migration
|
|||
|
+ Status API route
|
|||
|
+ FMC
|
|||
|
- Rob:
|
|||
|
+ discussion about Ben Greenbaum and Umbrella module (409 hit)
|
|||
|
- Ag:
|
|||
|
+ Bundle assets
|
|||
|
- Ambrose:
|
|||
|
+ Fixed the cron-job
|
|||
|
+ finished email service
|
|||
|
+ research work about problem statement
|
|||
|
|
|||
|
Real Work™ discussion.
|