We at Samagra are working with the Indian State Government. As a mandate, we are required to have a security audit for all our tech stack. FusionAuth being part of it also requires to be audited. We are facing a couple of issues here,
-
The admin session does not log out itself after the specified period in Tenant => OAuth. We have specified it for 60 seconds. Is there any way I can debug this?
-
They are asking us to disable the back button on the browser for all sensitive pages including users, tenants, etc. The attack vector here is the browser itself. Since we are not able to add additional JS on the pages that are not managed by themes, we are finding it a bit difficult.
We are okay with Enterprise support as well if this is a feature that is provided to enterprise customers.
Thanks.