Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor Sign In From Outside Country Detection #661

Open
3 tasks
bryan-robitaille opened this issue May 10, 2024 · 1 comment
Open
3 tasks

Refactor Sign In From Outside Country Detection #661

bryan-robitaille opened this issue May 10, 2024 · 1 comment
Labels
Core security

Comments

@bryan-robitaille
Copy link
Contributor

Leverage the ability of the WAF to inject headers into a request so that the Application is aware the request is from outside the country and can trigger alerts as required.

Acceptance Criteria:

  • WAF adds specific header to the request when the request is detected from outside of the accepted Geo Zone.
  • Application verifies header during the JWT callback to ensure that any authenticated action is done from within the accepted Geo Zone.
  • Application produces different alarms based on forbidden action:
    • Sign In at Cognito Level from outside Geo Zone
    • Sigin In Mfa level from outside Geo Zone
    • Authenticated action from outside Geo Zone.
@srtalbot
Copy link

Could we also provide the email address of the user in the alarm? Addresses coming from Global Affairs Canada would have a legitimate reason for logging in, whereas email domains from TBS would not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Core security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@srtalbot @bryan-robitaille