Story #12364: improve saml documentation & #13112: upgrade external providers

[bbenaissa]

Description

• L'objectif de cette US est d'améliorer la documentation CAS pour l'integration d'IDP en Saml
• Ajouter un script de migration des providers externes existants pour s'adapter au nouveau modèle
• Ajouter un message d'information pour indiquer la nécessite de redémarrage de cas server suite à la création/modification des providers externes.

Type de changement

Indiquer le ou les types de changements

• Build
• Ansiblerie
• Correction

Contributeur

• VAS (Vitam Accessible en Service)

[vitam-devops]

Checkmarx One – Scan Summary & Details – 0aa2330a-19a6-4515-a41a-9ec62cdea322

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2019-15599	Npm-tree-kill-1.2.1	Vulnerable Package
	CVE-2020-28469	Npm-glob-parent-3.1.0	Vulnerable Package
	CVE-2020-28502	Npm-xmlhttprequest-ssl-1.5.5	Vulnerable Package
	CVE-2020-36048	Npm-engine.io-3.2.1	Vulnerable Package
	CVE-2020-36049	Npm-socket.io-parser-3.2.0	Vulnerable Package
	CVE-2020-7660	Npm-serialize-javascript-1.9.1	Vulnerable Package
	CVE-2020-7788	Npm-ini-1.3.5	Vulnerable Package
	CVE-2021-23382	Npm-postcss-7.0.14	Vulnerable Package
	CVE-2021-23424	Npm-ansi-html-0.0.7	Vulnerable Package
	CVE-2021-31597	Npm-xmlhttprequest-ssl-1.5.5	Vulnerable Package
	CVE-2022-2421	Npm-socket.io-parser-3.2.0	Vulnerable Package
	CVE-2022-24771	Npm-node-forge-0.10.0	Vulnerable Package
	CVE-2022-24772	Npm-node-forge-0.10.0	Vulnerable Package
	CVE-2022-25858	Npm-terser-3.17.0	Vulnerable Package
	CVE-2022-25881	Npm-http-cache-semantics-3.8.1	Vulnerable Package
	CVE-2022-25883	Npm-semver-6.3.0	Vulnerable Package
	CVE-2022-25883	Npm-semver-6.0.0	Vulnerable Package
	CVE-2022-37599	Npm-loader-utils-1.2.3	Vulnerable Package
	CVE-2022-37601	Npm-loader-utils-1.2.3	Vulnerable Package
	CVE-2022-37603	Npm-loader-utils-1.2.3	Vulnerable Package
	CVE-2023-32695	Npm-socket.io-parser-3.2.0	Vulnerable Package
	CVE-2023-45133	Npm-babel-traverse-6.26.0	Vulnerable Package
	CVE-2024-29180	Npm-webpack-dev-middleware-3.6.2	Vulnerable Package
	CVE-2024-38355	Npm-socket.io-2.1.1	Vulnerable Package
	CVE-2024-4068	Npm-braces-2.3.2	Vulnerable Package
	Cx347a3da7-ba99	Npm-node-forge-0.10.0	Vulnerable Package
	CVE-2019-16769	Npm-serialize-javascript-1.9.1	Vulnerable Package
	CVE-2020-15366	Npm-ajv-6.10.0	Vulnerable Package
	CVE-2020-15366	Npm-ajv-5.5.2	Vulnerable Package
	CVE-2020-28481	Npm-socket.io-2.1.1	Vulnerable Package
	CVE-2020-7608	Npm-yargs-parser-11.1.1	Vulnerable Package
	CVE-2020-7693	Npm-sockjs-0.3.19	Vulnerable Package
	CVE-2021-23364	Npm-browserslist-4.5.5	Vulnerable Package
	CVE-2021-23368	Npm-postcss-7.0.14	Vulnerable Package
	CVE-2021-23495	Npm-karma-4.1.0	Vulnerable Package
	CVE-2021-4231	Npm-@angular/core-8.2.14	Vulnerable Package
	CVE-2022-0122	Npm-node-forge-0.10.0	Vulnerable Package
	CVE-2022-0437	Npm-karma-4.1.0	Vulnerable Package
	CVE-2022-21704	Npm-log4js-4.5.1	Vulnerable Package
	CVE-2022-24773	Npm-node-forge-0.10.0	Vulnerable Package
	CVE-2022-41940	Npm-engine.io-3.2.1	Vulnerable Package
	CVE-2023-44270	Npm-postcss-7.0.14	Vulnerable Package
	CVE-2024-28863	Npm-tar-4.4.19	Vulnerable Package
	CVE-2020-15262	Npm-webpack-subresource-integrity-1.1.0-rc.6	Vulnerable Package
	Cxda14f253-4e52	Npm-bluebird-3.7.2	Vulnerable Package
	Logging of Sensitive Data	/ansible.cfg: 2	To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True
	Logging of Sensitive Data	/ansible.cfg: 2	To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True
	Logging of Sensitive Data	/ansible.cfg: 1	To keep sensitive values out of logs, tasks that expose them need to be marked defining 'no_log' and setting to True

Fixed Issues

Severity	Issue	Source File / Package
	CVE-2024-39249	Npm-async-3.2.4
	CVE-2024-39249	Npm-async-3.2.5