298 lines
7.5 KiB
Org Mode
298 lines
7.5 KiB
Org Mode
** 2021-W08
|
||
*** 2021-02-22 Monday
|
||
**** MEETING Core Team: SecureX Account Activation Optimization :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-02-22 Mon 16:02]--[2021-02-23 Tue 08:47] => 16:45
|
||
:END:
|
||
[2021-02-22 Mon 16:02]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*revision chaudiere][revision chaudiere]]
|
||
|
||
#+begin_quote
|
||
Meeting Agenda:
|
||
|
||
* Discussion to drive forward SecureX Account Activation Optimization Q3 efforts
|
||
|
||
* Account Creation Workflow
|
||
* CSA Migration (has it own dedicated work stream – but is there anything impacting the overall initiative?)
|
||
* Firepower Onboarding (has it own dedicated work stream – but is there anything impacting the overall initiative?)
|
||
* Workflow
|
||
* Role Based Access
|
||
* Module Addition/Health Workflow
|
||
|
||
* Status of action items from last core team call
|
||
* What help is needed (decisions, clarity, etc.)
|
||
* Any blockers or issues?
|
||
#+end_quote
|
||
|
||
- http://github.com/threatgrid/response/issues/567
|
||
|
||
Doing in Q3.
|
||
|
||
Most conversation is good.
|
||
|
||
Agenda:
|
||
|
||
@Jyoti, this is a huge item.
|
||
Audience in this meeting is too big.
|
||
|
||
Where to track.
|
||
Some github issue are dead.
|
||
|
||
Namrata: focus on first 3 items.
|
||
Martin: item named workflow, don't know what that is.
|
||
|
||
Module Addition.
|
||
*** 2021-02-23 Tuesday
|
||
**** CHAT webex morning routine :work:chat:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-02-23 Tue 08:47]--[2021-02-23 Tue 09:47] => 1:00
|
||
:END:
|
||
[2021-02-23 Tue 08:47]
|
||
***** CSA Migration
|
||
- https://jira-eng-rtp3.cisco.com/jira/browse/VOL-3882
|
||
***** DONE Houman
|
||
SCHEDULED: <2021-02-23 Tue 16:00>
|
||
|
||
@Houman
|
||
|
||
Hi Yann - something for tomorrow, none of the QA orgs in TEST or INT are
|
||
showing the registered devices in SSE.
|
||
When I cross launch to SSE, I am able to see the devices, but in SecureX
|
||
there is no device.
|
||
Both are AMP orgs and already migrated.
|
||
Here are the org IDs:
|
||
|
||
#+begin_src
|
||
c395f3c8-723b-4d15-b8b7-e17bec459c6b
|
||
cc6a35bc-1739-4fcd-a285-aa95adbd5e41
|
||
#+end_src
|
||
|
||
Could you please take a look and unblock QA orgs?
|
||
****** Investigation
|
||
|
||
INT org
|
||
|
||
#+begin_src js
|
||
{
|
||
"id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b",
|
||
"name": "adminctrqa",
|
||
"enabled?": true,
|
||
"created-at": "2019-04-04T20:33:53.033Z",
|
||
"idp-mapping": {
|
||
"idp": "idb-amp-staging",
|
||
"enabled?": true,
|
||
"organization-id": "c395f3c8-723b-4d15-b8b7-e17bec459c6b"
|
||
},
|
||
"scim-status": "activated",
|
||
"additional-scopes": [
|
||
"iroh-admin",
|
||
"iroh-master",
|
||
"iroh-auth",
|
||
"sse",
|
||
"cisco"
|
||
]
|
||
}
|
||
#+end_src
|
||
|
||
Contains =idp-mapping=.
|
||
Logs during OIDC does not contain it:
|
||
|
||
The client claim-aliases looks ok:
|
||
|
||
#+begin_src
|
||
"id-token-aliases": [
|
||
{
|
||
"alias": "spId",
|
||
"case-value": {
|
||
"sxso": "SXSO",
|
||
"idb-tg-staging": "TG",
|
||
"idb-amp-staging": "AMP"
|
||
},
|
||
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
|
||
},
|
||
{
|
||
"alias": "spId",
|
||
"case-value": {
|
||
"sxso": "SXSO",
|
||
"idb-tg-staging": "TG",
|
||
"idb-amp-staging": "AMP"
|
||
},
|
||
"claim-to-alias": "idp-mapping-idp"
|
||
},
|
||
{
|
||
"alias": "spId",
|
||
"case-value": {
|
||
"sxso": "SXSO",
|
||
"idb-tg-staging": "TG",
|
||
"idb-amp-staging": "AMP"
|
||
},
|
||
"claim-to-alias": "old-idp-mapping-idp"
|
||
},
|
||
#+end_src
|
||
*** 2021-02-24 Wednesday
|
||
**** MEETING Fix SSE client :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-02-24 Wed 18:33]--[2021-02-25 Thu 18:07] => 23:34
|
||
:END:
|
||
[2021-02-24 Wed 18:33]
|
||
|
||
client PATCH
|
||
|
||
TEST:
|
||
|
||
#+begin_src js
|
||
{"id-token-aliases": [
|
||
{
|
||
"alias": "spId",
|
||
"case-value": {
|
||
"sxso": "SXSO",
|
||
"idb-tg": "TG",
|
||
"threatgrid":"TG",
|
||
"idb-amp": "AMP",
|
||
"idb-tg-staging": "TG",
|
||
"idb-amp-staging": "AMP"
|
||
},
|
||
"default-value": "AMP",
|
||
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
|
||
},
|
||
{
|
||
"alias": "spId",
|
||
"case-value": {
|
||
"sxso": "SXSO",
|
||
"idb-tg": "TG",
|
||
"threatgrid":"TG",
|
||
"idb-amp": "AMP",
|
||
"idb-tg-staging": "TG",
|
||
"idb-amp-staging": "AMP"
|
||
},
|
||
"claim-to-alias": "idp-mapping-idp"
|
||
},
|
||
{
|
||
"alias": "spId",
|
||
"case-value": {
|
||
"sxso": "SXSO",
|
||
"idb-tg": "TG",
|
||
"threatgrid":"TG",
|
||
"idb-amp": "AMP",
|
||
"idb-tg-staging": "TG",
|
||
"idb-amp-staging": "AMP"
|
||
|
||
},
|
||
"claim-to-alias": "old-idp-mapping-idp"
|
||
},
|
||
{
|
||
"alias": "companyId",
|
||
"replace-value": [
|
||
[
|
||
"^threatgrid[:]",
|
||
""
|
||
]
|
||
],
|
||
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id"
|
||
},
|
||
{
|
||
"alias": "companyId",
|
||
"replace-value": [
|
||
[
|
||
"^threatgrid[:]",
|
||
""
|
||
]
|
||
],
|
||
"claim-to-alias": "idp-mapping-organization-id"
|
||
},
|
||
{
|
||
"alias": "companyId",
|
||
"replace-value": [
|
||
[
|
||
"^threatgrid[:]",
|
||
""
|
||
]
|
||
],
|
||
"claim-to-alias": "old-idp-mapping-organization-id"
|
||
},
|
||
{
|
||
"alias": "companyName",
|
||
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name"
|
||
},
|
||
{
|
||
"alias": "user_name",
|
||
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name"
|
||
},
|
||
{
|
||
"alias": "user_email",
|
||
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email"
|
||
},
|
||
{
|
||
"alias": "role",
|
||
"case-value": {
|
||
"admin": "admin",
|
||
"master": "admin",
|
||
"iroh-admin": "admin"
|
||
},
|
||
"default-value": "user",
|
||
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role"
|
||
}
|
||
]}
|
||
#+end_src
|
||
**** IN-PROGRESS continue the day :work:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-02-24 Wed 17:04]--[2021-02-24 Wed 18:33] => 1:29
|
||
:END:
|
||
[2021-02-24 Wed 17:04]
|
||
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Notes][Notes]]
|
||
**** MEETING dev weekly :work:meeting:
|
||
:LOGBOOK:
|
||
CLOCK: [2021-02-24 Wed 15:55]--[2021-02-24 Wed 17:04] => 1:09
|
||
:END:
|
||
[2021-02-24 Wed 15:55]
|
||
***** Weekly status
|
||
****** commits
|
||
|
||
IROH:
|
||
|
||
- Provisioning: organization-id added to idp-mapping (#4855)
|
||
- Use entities in DB during SSE id-token generation (#4844) …
|
||
- Added tests to verify #4808 (#4817) …
|
||
- Hide provisioning API routes (#4835)
|
||
- OAuth2 client availabilty restriction for non admin (#4820) …
|
||
- Prevent user merge by email for some IdP (#4819) …
|
||
|
||
Tenzin-config:
|
||
|
||
Provisioning API in PROD (#375)
|
||
Mark some IdP as safe for email (#374)
|
||
****** Reviews
|
||
|
||
- Extract `user->identity` helper
|
||
- RFC Problem Statement: Managing transitive dependencies for "test" jars
|
||
- Add schema validation for `gen-jwt`
|
||
- Use EmailService in iroh-feedback
|
||
- RFC: Prevent dependency confusion attack on our code base
|
||
- Add a `svc-helper` for `iroh-int.test-helpers.auth`
|
||
****** Issues
|
||
|
||
- [ ] Write tests for #4844
|
||
- [ ] Update SSE Clients
|
||
- [X] SSE wrong org object passed to id_token generation
|
||
- [X] Prevent merge user by email for TG accounts
|
||
- [X] Claim aliases bug fix
|
||
- [X] Prevent non-admin users to create client with availability "Org"
|
||
****** Webex
|
||
***** Notes
|
||
|
||
- Yann:
|
||
+ CSA Migration, Talk about SSE, and release.
|
||
- Guillaume:
|
||
+ CSA Migration
|
||
+ Status API route
|
||
+ FMC
|
||
- Rob:
|
||
+ discussion about Ben Greenbaum and Umbrella module (409 hit)
|
||
- Ag:
|
||
+ Bundle assets
|
||
- Ambrose:
|
||
+ Fixed the cron-job
|
||
+ finished email service
|
||
+ research work about problem statement
|
||
|
||
Real Work™ discussion.
|