Update identity.xml.j2

[O-sura]

Description

• $subject

Ports the fix added for: https://github.com/wso2-enterprise/wso2-apim-internal/issues/15883

Summary by CodeRabbit

• Bug Fixes
  • Removed unprotected access to OpenID-related endpoints across multiple platform modules. These endpoints now require proper authentication instead of being publicly accessible, enhancing security.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 47a37d61-113f-47c5-a8fd-2a08774ee742

📥 Commits

Reviewing files that changed from the base of the PR and between 2432949 and 061242d.

📒 Files selected for processing (4)

• all-in-one-apim/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2
• api-control-plane/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2
• gateway/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2
• traffic-manager/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2

💤 Files with no reviewable changes (4)

• traffic-manager/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2
• api-control-plane/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2
• all-in-one-apim/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2
• gateway/modules/distribution/product/src/main/resources/conf/templates/repository/conf/identity/identity.xml.j2

---

Walkthrough

This change removes two unsecured resource access control entries from four identity configuration templates across different modules, requiring authentication for OpenID-related paths (/openidserver(.*) and /openid(.*)) instead of allowing open access.

Changes

Cohort / File(s)	Summary
Identity Configuration Templates all-in-one-apim/.../identity/identity.xml.j2, api-control-plane/.../identity/identity.xml.j2, gateway/.../identity/identity.xml.j2, traffic-manager/.../identity/identity.xml.j2	Removed two unprotected (secured="false") ResourceAccessControl entries for /openidserver(.*) and /openid(.*) wildcard paths, making these OpenID endpoints require authentication.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A hop and a skip through security's door,
Two open gates shall open no more,
OpenID paths now guarded with care,
Protected and safe, beyond compare! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Update identity.xml.j2' is vague and generic, failing to convey the specific security change—removal of OpenID endpoint exemptions from access control.	Consider a more descriptive title such as 'Remove unsecured access exemptions for OpenID endpoints from identity.xml.j2' to clearly communicate the security-related change.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}