Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OB3] Prevent overriding MTLS Cert Header at TokenFilter #99

Merged
merged 1 commit into from
Aug 8, 2024
Merged

[OB3] Prevent overriding MTLS Cert Header at TokenFilter #99

merged 1 commit into from
Aug 8, 2024

Conversation

imesh94
Copy link
Contributor

@imesh94 imesh94 commented Aug 7, 2024

[OB3] Prevent overriding MTLS Cert Header at TokenFilter

When a proxy is added to IS APIs through gateway, TLS is terminated at gateway and the Gateway transport certificate is passed to the IS. This causes client authentication failures. The certificate is added to the request as a header by GatewayClientAuthenticationHandler. This PR adds changes to the TokenFilter to prevent overriding that header if it is available.

Issue link: https://github.com/wso2-enterprise/ob-compliance-toolkit-cds/issues/511

Doc Issue: Optional, link issue from documentation repository

Applicable Labels: Spec, product, version, type (specify requested labels)

Development Checklist

  1. Built complete solution with pull request in place.
  2. Ran checkstyle plugin with pull request in place.
  3. Ran Findbugs plugin with pull request in place.
  4. Formatted code according to WSO2 code style.
  5. Migration scripts written (if applicable).

Secure Development Checklist

  1. Ran FindSecurityBugs plugin and verified report.
  2. Ran Dependency-check plugin and verified report for new dependencies added.
  3. Ran Dependency-check plugin and verified report for dependency version changes.
  4. Have you verify the PR does't commit any keys, passwords, tokens, usernames, or other secrets?
  5. Have you followed secure coding standards in WSO2 Secure Engineering Guidelines?

Testing Checklist

  1. Written unit tests.
  2. Documented test scenarios(link available in guides).
  3. Written automation tests (link available in guides).
  4. Verified tests in multiple database environments (if applicable).
  5. Verified tests in multiple deployed specifications (if applicable).
  6. Tested with OBBI enabled (if applicable).
  7. Tested with specification regulatory conformance suites (if applicable).

Automation Test Details

Test Suite Test Script IDs
Integration Suite TCXXXXX, TCXXXX

Conformance Tests Details

Test Suite Name Test Suite Version Scenarios Result
Security Suite VX.X Foo, Bar Passed

Resources

Knowledge Base: https://sites.google.com/wso2.com/open-banking/

Guides: https://sites.google.com/wso2.com/open-banking/developer-guides

@VimukthiRajapaksha VimukthiRajapaksha merged commit 831d336 into wso2:main Aug 8, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anjuchamantha anjuchamantha anjuchamantha approved these changes

@VimukthiRajapaksha VimukthiRajapaksha VimukthiRajapaksha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@imesh94 @VimukthiRajapaksha @anjuchamantha