From 49a74494ff9569d12e29ded6d582f21b5f6434f3 Mon Sep 17 00:00:00 2001 From: Victor M Date: Thu, 2 Mar 2023 05:30:15 +0100 Subject: [PATCH 01/13] Update unleash image repository --- .../cloud.redhat.com/providers/featureflags/provider.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/provider.go b/controllers/cloud.redhat.com/providers/featureflags/provider.go index ab631be65..7c4222396 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/provider.go +++ b/controllers/cloud.redhat.com/providers/featureflags/provider.go @@ -7,7 +7,9 @@ import ( p "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers" ) -var DefaultImageFeatureFlagsUnleash = "quay.io/cloudservices/unleash-docker:5.6.9" +// AppSRE Unleash ver. 5.6.9 +// https://github.com/app-sre/unleash/tree/64de4f47c57e84b9838f8f1f932822212caf55fb +var DefaultImageFeatureFlagsUnleash = "quay.io/app-sre/unleash:64de4f4" // ProvName identifies the featureflags provider. var ProvName = "featureflags" From 377f10e476e65a71d1a4a95d5638ad6c3f21bcc2 Mon Sep 17 00:00:00 2001 From: Victor M Date: Tue, 4 Apr 2023 10:49:11 +0200 Subject: [PATCH 02/13] Test AppSRE Unleash image --- .../providers/featureflags/localfeatureflags.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index 3ad604caa..805a91cad 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -231,7 +231,17 @@ func makeLocalFeatureFlags(o obj.ClowdObject, objMap providers.ObjectMap, _ bool port := int32(4242) - envVars := []core.EnvVar{ + envVars := []core.EnvVar{{ + Name: "DATABASE_PASSWORD", + ValueFrom: &core.EnvVarSource{ + SecretKeyRef: &core.SecretKeySelector{ + LocalObjectReference: core.LocalObjectReference{ + Name: "featureflags-db", + }, + Key: "password", + }, + }, + }, { Name: "DATABASE_SSL", Value: "false", From 88a4dd98dee9c1915c3697e7a3a937174194f81d Mon Sep 17 00:00:00 2001 From: Victor M Date: Tue, 4 Apr 2023 16:48:36 +0200 Subject: [PATCH 03/13] Figure out secret values for FF --- .../providers/featureflags/localfeatureflags.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index 805a91cad..514e02b92 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -62,6 +62,8 @@ func NewLocalFeatureFlagsProvider(p *providers.Provider) (providers.ClowderProvi return &localFeatureFlagsProvider{Provider: *p}, nil } +// Runs when Env is reconciled +// CachedMakeComponent: helper function to create a PVC, Service, Deployment (The Cached spin was created around the time Cache system was created) func (ff *localFeatureFlagsProvider) EnvProvide() error { dataInit := createDefaultFFSecMap @@ -182,9 +184,12 @@ func (ff *localFeatureFlagsProvider) EnvProvide() error { } func createDefaultFFSecMap() map[string]string { + + randString := utils.RandHexString(32) + return map[string]string{ - "adminAccessToken": "*:*." + utils.RandHexString(32), - "clientAccessToken": "default:development." + utils.RandHexString(32), + "adminAccessToken": "*:*." + randString, + "clientAccessToken": "*:default." + randString + ",*:development." + randString + ",*:production." + randString, } } From 8ca7b4fe224b5f56cc15a4f225f36c3bfec6f220 Mon Sep 17 00:00:00 2001 From: Victor M Date: Wed, 5 Apr 2023 12:22:14 +0200 Subject: [PATCH 04/13] housekeeping --- .../providers/featureflags/localfeatureflags.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index 514e02b92..00e5eac84 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -62,8 +62,6 @@ func NewLocalFeatureFlagsProvider(p *providers.Provider) (providers.ClowderProvi return &localFeatureFlagsProvider{Provider: *p}, nil } -// Runs when Env is reconciled -// CachedMakeComponent: helper function to create a PVC, Service, Deployment (The Cached spin was created around the time Cache system was created) func (ff *localFeatureFlagsProvider) EnvProvide() error { dataInit := createDefaultFFSecMap From 3b990f0da623489c832f85913c28e277b668ac8a Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Thu, 7 Dec 2023 14:32:26 +0100 Subject: [PATCH 05/13] Add resource cache --- controllers/cloud.redhat.com/providers/providers.go | 4 ++-- .../cloud.redhat.com/providers/web/resources_caddygateway.go | 2 +- .../cloud.redhat.com/providers/web/resources_keycloak.go | 4 ++++ controllers/cloud.redhat.com/providers/web/resources_mbop.go | 2 +- .../providers/web/resources_mocktitlements.go | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/providers.go b/controllers/cloud.redhat.com/providers/providers.go index e4607777b..e7f98be83 100644 --- a/controllers/cloud.redhat.com/providers/providers.go +++ b/controllers/cloud.redhat.com/providers/providers.go @@ -128,7 +128,7 @@ type ClowderProvider interface { GetConfig() *config.AppConfig } -type makeFnCache func(o obj.ClowdObject, objMap ObjectMap, usePVC bool, nodePort bool) +type makeFnCache func(cache *rc.ObjectCache, o obj.ClowdObject, objMap ObjectMap, usePVC bool, nodePort bool) func createResource(cache *rc.ObjectCache, resourceIdent rc.ResourceIdent, nn types.NamespacedName) (client.Object, error) { gvks, nok, err := cache.GetScheme().ObjectKinds(resourceIdent.GetType()) @@ -200,7 +200,7 @@ func CachedMakeComponent(cache *rc.ObjectCache, objList []rc.ResourceIdent, o ob } - fn(o, makeFnMap, usePVC, nodePort) + fn(cache, o, makeFnMap, usePVC, nodePort) for k, v := range makeFnMap { err := updateResource(cache, k, v) diff --git a/controllers/cloud.redhat.com/providers/web/resources_caddygateway.go b/controllers/cloud.redhat.com/providers/web/resources_caddygateway.go index 4a688eb6a..8c4e2cf2e 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_caddygateway.go +++ b/controllers/cloud.redhat.com/providers/web/resources_caddygateway.go @@ -317,7 +317,7 @@ func makeWebGatewayConfigMap(p *providers.Provider) (string, error) { return hash, p.Cache.Update(CoreCaddyConfigMap, cm) } -func makeWebGatewayDeployment(o obj.ClowdObject, objMap providers.ObjectMap, _ bool, _ bool) { +func makeWebGatewayDeployment(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, _ bool) { nn := providers.GetNamespacedName(o, "caddy-gateway") dd := objMap[WebGatewayDeployment].(*apps.Deployment) diff --git a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go index e40b09549..063ff9670 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go +++ b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go @@ -227,6 +227,7 @@ func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, pas return cache.Update(WebKeycloakImportSecret, userData) } +<<<<<<< HEAD func baseProbeHandler(port int32, path string) core.ProbeHandler { return core.ProbeHandler{ HTTPGet: &core.HTTPGetAction{ @@ -247,6 +248,9 @@ func baseProbeHandler(port int32, path string) core.ProbeHandler { } func makeKeycloak(o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { +======= +func makeKeycloak(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { +>>>>>>> b9783e1d (Add resource cache) nn := providers.GetNamespacedName(o, "keycloak") dd := objMap[WebKeycloakDeployment].(*apps.Deployment) diff --git a/controllers/cloud.redhat.com/providers/web/resources_mbop.go b/controllers/cloud.redhat.com/providers/web/resources_mbop.go index c6725ba3e..4a479a26e 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_mbop.go +++ b/controllers/cloud.redhat.com/providers/web/resources_mbop.go @@ -171,7 +171,7 @@ func makeBOPIngress(p *providers.Provider) error { return p.Cache.Update(WebBOPIngress, netobj) } -func makeBOP(o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { +func makeBOP(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { snn := providers.GetNamespacedName(o, "keycloak") nn := providers.GetNamespacedName(o, "mbop") diff --git a/controllers/cloud.redhat.com/providers/web/resources_mocktitlements.go b/controllers/cloud.redhat.com/providers/web/resources_mocktitlements.go index 2fe222055..19c1c661d 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_mocktitlements.go +++ b/controllers/cloud.redhat.com/providers/web/resources_mocktitlements.go @@ -158,7 +158,7 @@ func makeMocktitlementsIngress(p *providers.Provider) error { return p.Cache.Update(WebMocktitlementsIngress, netobj) } -func makeMocktitlements(o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { +func makeMocktitlements(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { snn := providers.GetNamespacedName(o, "keycloak") nn := providers.GetNamespacedName(o, "mocktitlements") From b27d51e3c821c480fbde034afa81c72094468224 Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Thu, 7 Dec 2023 17:21:26 +0100 Subject: [PATCH 06/13] Configure Unleash to use Keycloak --- .../featureflags/localfeatureflags.go | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index 00e5eac84..a37914871 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -11,6 +11,7 @@ import ( "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers/sizing" provutils "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers/utils" + "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/providers/web" apps "k8s.io/api/apps/v1" core "k8s.io/api/core/v1" @@ -212,9 +213,25 @@ func (ff *localFeatureFlagsProvider) Provide(_ *crd.ClowdApp) error { return nil } -func makeLocalFeatureFlags(o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { +func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { nn := providers.GetNamespacedName(o, "featureflags") + //keycloakName := providers.GetNamespacedName(o, "") + keycloakSecret := core.Secret{} + cache.Get(web.WebKeycloakSecret, &keycloakSecret) + + secretName := keycloakSecret.Name + /* + NOTE: about the order ... set the order in the impl. of each provider + REACH the provider, get the data from the cache. + + make "somethingsomething" -> made with component system (make component cache exists) + There was a pattern, all compontents were created the same way each time + the name is makeCachecomponent (or makecomponentcache, one or the other) + + the objMap ... + */ + dd := objMap[LocalFFDeployment].(*apps.Deployment) svc := objMap[LocalFFService].(*core.Service) From e0ebac71dd215540e210ef9f9a43e22b1656aa88 Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Tue, 19 Dec 2023 18:23:57 +0100 Subject: [PATCH 07/13] Add cache to make functions of Minio and Redis --- .../providers/inmemorydb/redis.go | 2 +- .../providers/objectstore/minio.go | 2 +- .../providers/web/resources_keycloak.go | 32 ++++++++++++++++--- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/inmemorydb/redis.go b/controllers/cloud.redhat.com/providers/inmemorydb/redis.go index 30d6c2dcd..97a2f56a3 100644 --- a/controllers/cloud.redhat.com/providers/inmemorydb/redis.go +++ b/controllers/cloud.redhat.com/providers/inmemorydb/redis.go @@ -87,7 +87,7 @@ func (r *localRedis) Provide(app *crd.ClowdApp) error { return providers.CachedMakeComponent(r.Provider.Cache, objList, app, "redis", makeLocalRedis, false, r.Env.IsNodePort()) } -func makeLocalRedis(o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { +func makeLocalRedis(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { nn := providers.GetNamespacedName(o, "redis") dd := objMap[RedisDeployment].(*apps.Deployment) diff --git a/controllers/cloud.redhat.com/providers/objectstore/minio.go b/controllers/cloud.redhat.com/providers/objectstore/minio.go index c26fa3570..b242d10a4 100644 --- a/controllers/cloud.redhat.com/providers/objectstore/minio.go +++ b/controllers/cloud.redhat.com/providers/objectstore/minio.go @@ -279,7 +279,7 @@ func createNetworkPolicy(p *providers.Provider) error { return p.Cache.Update(MinioNetworkPolicy, np) } -func makeLocalMinIO(o obj.ClowdObject, objMap providers.ObjectMap, usePVC bool, nodePort bool) { +func makeLocalMinIO(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, usePVC bool, nodePort bool) { nn := providers.GetNamespacedName(o, "minio") dd := objMap[MinioDeployment].(*apps.Deployment) diff --git a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go index 063ff9670..e22ac5a65 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go +++ b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go @@ -227,7 +227,6 @@ func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, pas return cache.Update(WebKeycloakImportSecret, userData) } -<<<<<<< HEAD func baseProbeHandler(port int32, path string) core.ProbeHandler { return core.ProbeHandler{ HTTPGet: &core.HTTPGetAction{ @@ -247,10 +246,35 @@ func baseProbeHandler(port int32, path string) core.ProbeHandler { } } -func makeKeycloak(o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { -======= +type secretEnvVar struct { + Name string + Key string +} + +func newSecretEnvVar(name, key string) secretEnvVar { + return secretEnvVar{Name: name, Key: key} +} + +func mapEnvVarsToSecret(inputs []secretEnvVar, secName string) []core.EnvVar { + envVars := []core.EnvVar{} + for _, env := range inputs { + newVar := core.EnvVar{ + Name: env.Name, + ValueFrom: &core.EnvVarSource{ + SecretKeyRef: &core.SecretKeySelector{ + LocalObjectReference: core.LocalObjectReference{ + Name: secName, + }, + Key: env.Key, + }, + }, + } + envVars = append(envVars, newVar) + } + return envVars +} + func makeKeycloak(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { ->>>>>>> b9783e1d (Add resource cache) nn := providers.GetNamespacedName(o, "keycloak") dd := objMap[WebKeycloakDeployment].(*apps.Deployment) From 42eb45018c6fb6f1191d9e2d5a5cfde55123a8fb Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Wed, 20 Dec 2023 15:54:32 +0100 Subject: [PATCH 08/13] fix test --- .../featureflags/localfeatureflags.go | 1 - .../providers/inmemorydb/redis_test.go | 2 +- jsons/unleash-realm.json | 1805 +++++++++++++++++ jsons/unleash-users-0.json | 96 + 4 files changed, 1902 insertions(+), 2 deletions(-) create mode 100644 jsons/unleash-realm.json create mode 100644 jsons/unleash-users-0.json diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index a37914871..5430f0d3e 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -220,7 +220,6 @@ func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap prov keycloakSecret := core.Secret{} cache.Get(web.WebKeycloakSecret, &keycloakSecret) - secretName := keycloakSecret.Name /* NOTE: about the order ... set the order in the impl. of each provider REACH the provider, get the data from the cache. diff --git a/controllers/cloud.redhat.com/providers/inmemorydb/redis_test.go b/controllers/cloud.redhat.com/providers/inmemorydb/redis_test.go index 706ccec0a..9ec6f0f0b 100644 --- a/controllers/cloud.redhat.com/providers/inmemorydb/redis_test.go +++ b/controllers/cloud.redhat.com/providers/inmemorydb/redis_test.go @@ -37,7 +37,7 @@ func TestLocalRedis(t *testing.T) { RedisDeployment: &dd, RedisService: &svc, } - makeLocalRedis(&env, objMap, true, false) + makeLocalRedis(nil, &env, objMap, true, false) assert.Equal(t, "env-redis", dd.GetName(), "name was not set correctly") assert.Len(t, svc.Spec.Ports, 1, "number of ports specified is wrong") diff --git a/jsons/unleash-realm.json b/jsons/unleash-realm.json new file mode 100644 index 000000000..008a02137 --- /dev/null +++ b/jsons/unleash-realm.json @@ -0,0 +1,1805 @@ +{ + "id" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87", + "realm" : "unleash", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "bd7b5524-f279-4932-88c9-399da975a744", + "name" : "default-roles-unleash", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87", + "attributes" : { } + }, { + "id" : "d96c0c71-8c3e-4781-b5da-2ba5124f3652", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87", + "attributes" : { } + }, { + "id" : "f1f82600-6c86-4fdc-8ea7-f9485403d3f5", + "name" : "admin", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87", + "attributes" : { } + }, { + "id" : "8e686f41-b8f5-49ee-9818-147ccc4388d8", + "name" : "viewer", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87", + "attributes" : { } + }, { + "id" : "c42034fa-3b5f-492c-b0f7-e0b2cecc7645", + "name" : "editor", + "description" : "", + "composite" : false, + "clientRole" : false, + "containerId" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87", + "attributes" : { } + }, { + "id" : "dbb4ce24-1ab6-424f-82dd-7bcf341f249d", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "2c851be8-47a9-45fd-b871-a7e1e66f784d", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "6777dd3b-c11b-408f-a138-1867182eedde", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "c7cf0c18-ff5a-49be-b642-96417a9f81f7", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "22d02998-759b-4e5c-9fdf-f26b71f8cb90", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "31000a1a-d410-494a-8e7b-55d7bdc00292", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "7fb46281-c7ca-41ac-ac3f-9b6c72e6d5d7", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "e9b11f53-3979-4db5-8403-95ebd4f9b929", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "25671446-a9e9-483e-93a7-ba74452159e6", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "ec34cf9d-9a61-48cd-99e6-86c4aea03b06", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "93388691-ca3b-4ad1-9f69-f81191148df4", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "a510d118-e1ed-4d67-a82b-64671c56163b", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-identity-providers", "manage-realm", "view-users", "query-users", "view-realm", "manage-events", "view-events", "view-clients", "query-groups", "manage-authorization", "view-identity-providers", "query-clients", "manage-clients", "impersonation", "view-authorization", "create-client", "query-realms", "manage-users" ] + } + }, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "c1400e30-fe24-44f7-936e-9d06719f6cc6", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "bfd625aa-8ea7-40e4-9d94-3b10ec20c5fe", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "4dc1f340-e600-48e3-bf25-74c1915fc385", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "14418bb7-5436-4167-b789-01a002e2a9f1", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "4dbd61a0-ac09-47e9-9ae6-dac5f40ddbf5", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "c1e2996f-b0ec-4309-a19c-3ddba259d8dc", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "b5e2f2c3-81c6-475c-86ef-6a53547dc71d", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + }, { + "id" : "0548d131-8328-4a6e-82a5-bb25f5071909", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "unleash" : [ ], + "broker" : [ { + "id" : "6fd18ae1-8e09-4bf2-b2c6-79c1767c9ef9", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "da7b7428-20ca-47d3-9853-c5626c08ec22", + "attributes" : { } + } ], + "account" : [ { + "id" : "021136b3-5502-46de-93f2-c355234f46b4", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + }, { + "id" : "19aaa60b-c297-4faa-b368-3bb5958b0865", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + }, { + "id" : "829a2448-0600-49e2-90ab-c53d790bd416", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + }, { + "id" : "611fa63f-5545-4e2b-9110-49ab48d98108", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + }, { + "id" : "9d5a191d-5f94-416f-bbca-0378344e15b9", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + }, { + "id" : "9163ba04-cb1c-4e8f-9216-2da1e2872ff5", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + }, { + "id" : "b24bc88c-a5a9-4b57-a2d5-120ad788b697", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + }, { + "id" : "190f37cd-0151-43f9-a732-35ec61c11632", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "bd7b5524-f279-4932-88c9-399da975a744", + "name" : "default-roles-unleash", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "f5b67294-1c50-4bc8-beaf-d8f3fdd4df87" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppMicrosoftAuthenticatorName", "totpAppFreeOTPName", "totpAppGoogleName" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "6ab31e24-1694-4d13-8d24-e0d5415ad4ee", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/unleash/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/unleash/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "612757c2-63cd-478b-90be-171299fd398f", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/unleash/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/unleash/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "56dbbb84-65b8-4bbd-be63-bdc568a4a6df", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ef45a587-5e79-44d9-aa9b-2330014b38fb", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "da7b7428-20ca-47d3-9853-c5626c08ec22", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "1cf1aaa6-4142-4bc3-b719-71236ce0e3c5", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "916bee5b-8c0e-4bde-aafa-b4416aa35159", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/unleash/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/unleash/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "694aa8e7-3035-4678-8ddf-546fca73a4d8", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "72b7918f-4aef-4333-8871-7d084bad94a4", + "clientId" : "unleash", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "ZYhToGucoRMwaWHxXyGKsjunXlXV6Uto", + "redirectUris" : [ "http://localhost:4242/api/auth/callback" ], + "webOrigins" : [ "http://localhost:4242" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1698736263", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "2472873a-5db1-472a-97e9-2d6b26652bb9", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "b6ede338-9719-4283-bf22-cdca37e77ac7", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "77e2b72a-21a8-4f8b-9560-dae3d929d4f9", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "d1fbcc11-b0c7-41f8-9df5-304711a7f433", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "d150c3b5-686a-48db-9fda-2fbb1c7070f5", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "d7f26a40-61a2-43a8-ae30-8baf28524820", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "9c85745f-5a21-4e4b-9425-0856787f7281", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "5adb4881-207c-45b2-a1bb-5075142f039c", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "6e55550d-505a-49ca-9eb6-eb59bbb8c504", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "31beddc6-4522-4ec6-a474-ed6cb3ef5d73", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "22abfd52-e28b-4449-99d8-1d781221b345", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "a9192cbc-fe7f-4ece-9fea-4af4985db482", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "7ba38126-c4bd-4aa7-83e0-10b6adea2683", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "ce60de66-1bfe-4e77-bf15-d6014fa6e093", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "2a6a26e3-88bd-4f2a-9039-868c3710a2c4", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "354eba48-8300-4794-9399-ee64af39f5c1", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "3ea886bf-f77f-4bf9-8a73-6d59573ceb8d", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "f854cc44-2db2-489e-80ed-711e2aae7296", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "c61d3d98-5815-411b-bcee-c9b0c64e1365", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "26ba9c5f-7445-48fb-bff5-3f316c600e77", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "ee78f810-9065-446b-bb22-2473641ae64e", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "0490e681-ae18-4266-83c8-889a4fceda49", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "c60fdd31-97d7-45f4-82e4-4f4c7c6e4155", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "ef329283-89e8-4d43-8045-06b1baa2393b", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "56f7a7f4-5c1a-42dc-9d75-67734c720c74", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "3d5ee344-28a3-4563-8364-e4f64b01164d", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "24c895f0-4e85-4f12-a287-5da785f14109", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "ee0aa724-339e-4c39-a7df-708edff3fba8", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "e72bc120-9094-4030-a4c6-d12d069c3d0d", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "aa79821c-d6e2-4824-8c15-eae57982ed9d", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "1ba6774b-cdf9-4251-b2af-85a2dfb1c549", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "2b99b45f-71f5-45d3-a335-4c0f74794fcc", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "3fc0d5b1-8cf7-4291-9b73-3a777317bc98", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "73f6812a-629b-425f-b856-6006feed1388", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "059ca9fb-adc8-4023-ab47-12e6b3267f84", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + } ] + }, { + "id" : "92f241d6-e03f-4576-8d85-3290f79791bd", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "a6ebd0c8-62ef-4059-aa7b-71da70523cd6", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "e757bd89-419c-4de8-b728-46a451da6906", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "a937e1dc-b8c5-44e0-96e2-317697777d64", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "34de8310-ff9d-453a-9bd8-3a697e4e853c", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "56e66c37-ed7d-4880-877e-4c33d31b157b", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper" ] + } + }, { + "id" : "c200a746-4d8d-4fde-9480-d0ffbad6ba88", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "4052db21-c508-46bf-be22-eeab2d75c4a3", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "8a8d9d65-c6f4-4f37-afc6-212f58b08e85", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "6ffccce4-df60-4e70-9497-9c469604f2b4", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "f34e23bc-2b3a-4f01-b013-6d49961fab67", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "d97fa664-2079-4888-b9f0-b4fef139bdf5" ], + "secret" : [ "UzA5k1E3JMEQ0D1AhNlWlUbwY_ZrmJYN0Pm6G3t5L8EgXrE_199TxXD2KlqUAFH7kIEi-tN-pVBguURQi4yBsQ" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "1d38e4ab-4ef1-46be-a81f-ab3229aacd70", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAy8YqVU/lxZI19fpS4lH6TFzV7SafPJ+dARPacNIZBr2826MaLLR87XTqgmEIUBYB2h7EPr/Nxaa2bMNfEYe0rF8uU1Ppl79rV0s+5z9aMRnu3JHUKvYNRXcVV/XIUB8RJW1zv/3i5DQ0gyKeN3gcz6FlOhjtmAITN8zsxxsLIyoaKtqIDo9jZHIiycKopuyDb/2HUQzVa/6vJuhMkIPNEqEhZ+GHdVuZX0yWmkdKayYJogPBYdMkymfZy86+MjwIX+FTmk6x/tJ8BnRDx4TpYkcl6MRxtdPq+mymnE8hQGKGpf0o/1iValIjoobFbl/rjuz8AQKK1X+oMJkxC/JHSQIDAQABAoIBABX91iNsjYF5NOijMjRpoNKCnGB32sHp/0GWrmxJna4mu6M/4tBwpCDjuCFdA87SKTNXPwT/TIpTDSdcyGhLFdpvz+np9EZOasZk1ljnnei5rJfSXIGhxK86rwDWA4nIveAlA/50PHs2D8rClC0BV1P9zj/AYU1BQBNgGCz+xADF1kFc8DU+IPhP3HAOfCDHhuSHJgtLm3n7yeSb+VFxbwyts2TVEN+2uJgdZ0JDINpJZUoIaxZmnHEfLtmObjQC1NSxakaIRDFyahuGXQepGB7nwfnTjaHVzEp2c9qWP8ESLnpII6+ztA0W5unabEl0tlit/1i/4EpmB527fKSXTs8CgYEA7vThgYKcyL3psOqgAVvz5Jf8U1HZZ5HIxjDGPr8s2Sak4fy/WDXpeMZkp8Nhfc1Q1hBAXNlsK4avVvflikX54HpCeRjjdbh/r/GBSTQ2Za1zOgsed0pUdQm9eq9YF8SkyE+4OChfbaQR180NlhI2U8RXP2Um6QOg8JCg76UMl6sCgYEA2k7iyY1ExtpC8p6e8iVxjyzqkRFglZpjtocUfVS61rh4lh88A6EEgZTMR1X5yvLYcbTYvL15ipKDKrujYS/HVBDaNUpEvXhv8z2lLpxTp/GE1Xt4BK9ob6zQ8STQ4BbKQ+EPZ1wC6CCVRP7yTlEnOrVLwnUY5whQQosQQdVdmNsCgYBzpAbOCkudymqht6offkSVyAfQurefq6miYFBQZWxq2ozI4Owo4E5QqJJlreQsYYRRVCQRyxbSKagJSobHV/4JaKFqwWSyv8rrdtC+gIoiwsIUwPTJfitJSKFuEhVryzqDxjC83Kzx/oi0CwQcMEwiVc5zW5xs/9iPEy8PSqzBaQKBgQCiSvz8W6JitoYIunVtjPqUNw8W07Va4pD4dAl+dwwDbtZuvD+wbvbbopQPAFKYVtskBQ8PmUiPBQawMRhvusZTr8eY0GKz/KI1UYHIWf0zIDDhSE3cJc7dHruiWf1San7p4ZnC/DtI+FggF+xo3pnsYjU1FjpyHtMT9TAb0RQo+wKBgQDQSq79DGrImr/UYF2nXUcJ6MdFnbuyggs2X882lK+PuXC0djYHghjQH2vS+cJ5KhaQUD/VyDNhjcJ4tuBdcZuyO4FP70S1Af5hteSICKeAVNineAYQmOQYZ5JfTdPnRCVdVat3b1NOXvCq9ktNG7cO6CNNS1CMFfIKibknB8PVRA==" ], + "keyUse" : [ "ENC" ], + "certificate" : [ "MIICnTCCAYUCBgGLhI/D9TANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd1bmxlYXNoMB4XDTIzMTAzMTA3MDYzNloXDTMzMTAzMTA3MDgxNlowEjEQMA4GA1UEAwwHdW5sZWFzaDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvGKlVP5cWSNfX6UuJR+kxc1e0mnzyfnQET2nDSGQa9vNujGiy0fO106oJhCFAWAdoexD6/zcWmtmzDXxGHtKxfLlNT6Ze/a1dLPuc/WjEZ7tyR1Cr2DUV3FVf1yFAfESVtc7/94uQ0NIMinjd4HM+hZToY7ZgCEzfM7McbCyMqGiraiA6PY2RyIsnCqKbsg2/9h1EM1Wv+ryboTJCDzRKhIWfhh3VbmV9MlppHSmsmCaIDwWHTJMpn2cvOvjI8CF/hU5pOsf7SfAZ0Q8eE6WJHJejEcbXT6vpsppxPIUBihqX9KP9YlWpSI6KGxW5f647s/AECitV/qDCZMQvyR0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAtEt7yK2dE9pEGnKoXDa6WowLx6069J7e9u3EqWKYw9bVaYOV4rFkK+8wb/RtTQTL28teMfGdTH0U9oPBk2wES+h7RjHQdFvTRUWxHMYe7LY2KB0eXOx28NzmGNBWRuV7+i50F1wH0XlRLESHGdTVcseROTnDf2Qe9LtXO0zkZD7l3TfJNB4VbIu1+B/gT/6WOMhyPgDfE4UQESJ4AEhp6tEsoj1lt6f5AfLNx+MmtUyvYR5/6pSV6sOcihhpHyfVCPgcbTz2oy992x4vvtt+wfl7a4513xgVxa8sJquhcFLFXf3oGIcMb/h+ChuZnBuHhueRLuZpbec5cjxnbDGMCg==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "c25ef33b-0403-4657-8c2b-e34366dfe9dc", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEAtmCaBvKnKJ/3Fl8M3efNqbIaBMEbLXlral+iFnYdljWaSpjbDfkJD1F9GrOpRJMrGLkS9PPUbaH6/mtYWwnq1J0zX/Z5NsXxDeP+pDsLXs2TOV3WRwp/pkmfHqRQ2/iH6BTvEO1C4E9OeBuueUu0TSXOaD3O7DchirXJO8G4fJNQuJ5DsUgDrrezV6ntLWC61qFIOjk6+jv2nsrJl/5lVprdwh3g5douE0Y4CYF/wYerpIEb4AxXL28DIodgnFbX/Mlgbdo767KjEI04oNPoZCwpnW1tXsV8jHtR+ZzlcbjktI2vLfzfuv1OIpk5Y3sI2jqN+8CwVfrOzFWzsj9yzwIDAQABAoIBAExOvQOdMb24uKyeloaef5m6EFLe7V0oiX4Xh304bIa15NnDfRwqj9Td9qdedrtfjE+q2DivcLlyZc9f4Lcuvhe5so47VVpKleKG+7uBjO9cunXtQkO1K9XKxg4PGFoBcfP0FlcRvsKVzDJK+sR7nXQOFn/dJKAHLTyZdRpQor1UPQA6MoOkhLpyxMzniCkWSHFQHi2m0BFT1YmOiK6m3+XGMAhGCva7Qx64dMNfrnPEG2CZoKEH/eVS3il+rg53iUMp2fcVUKjCYK4F6Z2xpmHxRGrjlLV+DxVQh8KFFQliNEvlnlIhU+wi647YWBxRk/IgeMPGtEOc+l3M2klbH4ECgYEA5HHs/VSHsAOiWQ+xYJeI2zEztWowQ40nBff8TKW/jG+g+gKBsjariad9p35uP+toWaJV7CpAarLgQQCFQmOdlkWypXyo1IjpWI+ziE2ruNJiE7yd4gOlBWqxWhgXtP45jFodkLMesvVURRyLEHIpg8VCaSd/Yy5avMqxyypd90ECgYEAzGArF5wMZtXRjY6YDXY36D0v9hL+BKKWOZlHN8Pz7kjmUskV2IGyDlGEIyDDVeli7f7fgeDw/O74sDkigi4HTFBy393FjGlSMrPM2vJqcSra29XZsj1F0oImAqUP+MITV0m8n/Pkfqv1wreUHKtIiUbIJiJC9norz3iwk4tGdg8CgYEAv7yXKrEuCZ+jPZkcSXQmW8LaIaP0yl3IqQvQ6Qwcz2RJ+kzsSoX0R98aaeCF7IRK2yCTeVqlImjsK+Kh9mzhsWTiYl9U3L3lDH3gM8DtJnz98I7Y/QAOG5PHM1URYMoXxyNDuVV9qLqcdj1UwwLusTh5WwTZuIcJhXei7mCq6YECgYAzxEgl+sjJY29ow62P+1m94YG8eqMM2YHjpQd9AI1Q1fZBEd4OsQtAxTULEMlpgWwljGFgrHFeH8muGUq8XpxKoDX4rlvTbPn9Db3d13lOoOQ+urQhiZOd9olaMiURhVcQzQSSH1zJGRVu9MD3YgtFekBIKHV9qQRf0NopBSYb0QKBgQCcE3sU4d5Mi/d6jwa5nsyRrwNn2/X+6epn8kezIh1GQVZWmBpUQ/8wL7KadyFYvjG6IX5KgEbXTwU0sm2Dq5Af5E5pn8SYZ49KSNwsWdF2Rwc01s6iYqM9L5gKmow9MhtEueUrdkyUHrASvavx/mwZfZc4YlaU0J8Eyr4ibHcDWQ==" ], + "keyUse" : [ "SIG" ], + "certificate" : [ "MIICnTCCAYUCBgGLhI/CvzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAd1bmxlYXNoMB4XDTIzMTAzMTA3MDYzNVoXDTMzMTAzMTA3MDgxNVowEjEQMA4GA1UEAwwHdW5sZWFzaDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZgmgbypyif9xZfDN3nzamyGgTBGy15a2pfohZ2HZY1mkqY2w35CQ9RfRqzqUSTKxi5EvTz1G2h+v5rWFsJ6tSdM1/2eTbF8Q3j/qQ7C17Nkzld1kcKf6ZJnx6kUNv4h+gU7xDtQuBPTngbrnlLtE0lzmg9zuw3IYq1yTvBuHyTULieQ7FIA663s1ep7S1gutahSDo5Ovo79p7KyZf+ZVaa3cId4OXaLhNGOAmBf8GHq6SBG+AMVy9vAyKHYJxW1/zJYG3aO+uyoxCNOKDT6GQsKZ1tbV7FfIx7Ufmc5XG45LSNry3837r9TiKZOWN7CNo6jfvAsFX6zsxVs7I/cs8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAf6tOU6+T07fU1DDjmfNYTSl5fuhDEVt7p7OmDGO8EWWeH+cA376KtpFjQfNsR68iq4a3+cZTQI94kdPo4AktuhUrZkkDqKa+cnCFrvSGNA2y/XRZkIifik7YWOPRG8IGIy/L6O8q6dml9E8H6ocSneSMJBKUo4KYwUKtr+aMTkluscsMEZEozHv6zE2pV1k3ybRZlr6+MnIl76xcphycXYg9io8V+ijJIaEy4ZMFeSVXkHuUjfhQP+NnFz4f0Ih42hassANhYzDhtGkYYYdwmiyeczt5CtllsAqPL1o7i1Jo6SocOX11TLZQ08k1rxtsH3Oi6k4m8xwzeurucfNk1g==" ], + "priority" : [ "100" ] + } + }, { + "id" : "bfec63bc-c0f3-44f6-9f74-35a0bda18c89", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "cefba496-29aa-4f56-b8ad-6409d2b23059" ], + "secret" : [ "6UgGvQhmAmPjZfai5-VHoA" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "ad4d8004-0b76-465b-b88c-1edb90ced590", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "c870d7d0-19cd-43e9-824a-8e79817ddfc7", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "bae57e0e-e2c8-470c-82e1-a9775b76ffdf", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "28f02b37-87ff-4126-97d2-f162b25731e7", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "74c0febe-8a85-48f3-ab59-af24cf4e8f51", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "cbc8fa59-b298-441f-9314-6c5916438972", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "f593053c-b70e-48da-908c-a34a7e5529bc", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "d5cef615-ae59-48bc-9cb6-aa67de83635d", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "a2f4abc0-d38f-495d-ba6c-b5c9eeb45bff", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "9adc9e7c-19d0-4781-a7da-84147af0caf0", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "37d2cce3-bd86-4eb8-9650-fe4e0a6728e6", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "021fb9f1-323c-49f8-a669-b380074a2e38", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "db452f9a-9b98-47a7-9a87-3c3c5860732c", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "57058569-966f-48aa-96bb-1f2b49cee34a", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "176a4548-551d-469f-9e95-40fb72b760ad", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "9c9cfcfb-a5ca-458f-968c-47158e0ff161", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "dcabbcfc-bf5f-4570-a7c7-9fec88e52285", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "39311bae-4802-4ce4-8635-9cf2310baee7", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "030836c2-827f-4de0-b226-892c52e0201b", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "abfe767d-8e53-4fe9-a522-7182d85e9eb9", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "22.0.5", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/jsons/unleash-users-0.json b/jsons/unleash-users-0.json new file mode 100644 index 000000000..86092cc36 --- /dev/null +++ b/jsons/unleash-users-0.json @@ -0,0 +1,96 @@ +{ + "realm" : "unleash", + "users" : [ { + "id" : "0034c486-3436-4888-ab2a-f2ffddf6c786", + "createdTimestamp" : 1698736364974, + "username" : "unleash-admin", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Admin", + "lastName" : "Unleash", + "email" : "unleash.admin@example.com", + "credentials" : [ { + "id" : "08d153aa-b976-466e-a27a-94578593cffd", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1698736666109, + "secretData" : "{\"value\":\"GHuoF6z+nRK8ETuISgClaPTpwYma7J8EtQeCeO4YCWQ=\",\"salt\":\"P6jOVBpXYHNWWf9/RK7P0A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-unleash", "admin" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "a4e4bd90-b3a8-4869-80ca-4ec6824384f3", + "createdTimestamp" : 1698736387870, + "username" : "unleash-editor", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Editor", + "lastName" : "Unleash", + "email" : "unleash.editor@example.com", + "credentials" : [ { + "id" : "c32b3950-5184-4e07-9451-eb7bf98d9100", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1698736655621, + "secretData" : "{\"value\":\"sfK6FP5wds07p4+rtr16X/ZctGC/tyTQg17G8rcVCWw=\",\"salt\":\"1MnJBUf3vVeUYhqCfM39Lg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-unleash", "editor" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "4b3a9ac4-7c0f-4720-9169-40c2fd3b0c01", + "createdTimestamp" : 1698739340378, + "username" : "unleash-no-role", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "NoRole", + "lastName" : "Unleash", + "email" : "unleash.no.role@example.com", + "credentials" : [ { + "id" : "ce21c839-3820-4e1c-be04-5634b0dda137", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1698739350620, + "secretData" : "{\"value\":\"W9TwxxpzstygDAwj2koy2/PydJdr5+oVMXdSEv1/Iew=\",\"salt\":\"HSQWXKrg7vvmQD6YZlqQqw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-unleash" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "75e23650-5b23-48db-abad-28210f28fce4", + "createdTimestamp" : 1698736412492, + "username" : "unleash-viewer", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Viewer", + "lastName" : "Unleash", + "email" : "unleash.viewer@example.com", + "credentials" : [ { + "id" : "50110050-0659-45d1-a3a1-090d040c06ca", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1698736644582, + "secretData" : "{\"value\":\"kEhGZN7rVupgolbr4mQWzvM/77QdaSw+bTkGvsznOiI=\",\"salt\":\"ka2zdh1bnLx+9KuLUUTZNA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-unleash", "viewer" ], + "notBefore" : 0, + "groups" : [ ] + } ] +} \ No newline at end of file From f05d0378a5302f928546bb2f1ff2d65f0b41ddbf Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Wed, 20 Dec 2023 17:19:26 +0100 Subject: [PATCH 09/13] Fix resources --- .../featureflags/localfeatureflags.go | 69 ++++++++++--------- .../providers/web/resources_keycloak.go | 34 +++++---- 2 files changed, 57 insertions(+), 46 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index 5430f0d3e..eae924113 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -2,7 +2,6 @@ package featureflags import ( "fmt" - "net/url" crd "github.com/RedHatInsights/clowder/apis/cloud.redhat.com/v1alpha1" "github.com/RedHatInsights/clowder/controllers/cloud.redhat.com/config" @@ -109,19 +108,16 @@ func (ff *localFeatureFlagsProvider) EnvProvide() error { username := utils.RandString(16) hostname := fmt.Sprintf("%v.%v.svc", namespacedNameDb.Name, namespacedNameDb.Namespace) - passwordEncode := url.QueryEscape(password) - connectionURL := fmt.Sprintf("postgres://%s:%s@%s/%s", username, passwordEncode, hostname, "unleash") dataInitDb := func() map[string]string { return map[string]string{ - "hostname": hostname, - "port": "5432", - "username": username, - "password": password, - "pgPass": pgPassword, - "name": "unleash", - "connectionURL": connectionURL, + "hostname": hostname, + "port": "5432", + "username": username, + "password": password, + "pgPass": pgPassword, + "name": "unleash", } } @@ -220,17 +216,6 @@ func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap prov keycloakSecret := core.Secret{} cache.Get(web.WebKeycloakSecret, &keycloakSecret) - /* - NOTE: about the order ... set the order in the impl. of each provider - REACH the provider, get the data from the cache. - - make "somethingsomething" -> made with component system (make component cache exists) - There was a pattern, all compontents were created the same way each time - the name is makeCachecomponent (or makecomponentcache, one or the other) - - the objMap ... - */ - dd := objMap[LocalFFDeployment].(*apps.Deployment) svc := objMap[LocalFFService].(*core.Service) @@ -250,25 +235,43 @@ func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap prov port := int32(4242) - envVars := []core.EnvVar{{ - Name: "DATABASE_PASSWORD", - ValueFrom: &core.EnvVarSource{ - SecretKeyRef: &core.SecretKeySelector{ - LocalObjectReference: core.LocalObjectReference{ - Name: "featureflags-db", - }, - Key: "password", - }, - }, - }, + envVars := []core.EnvVar{ { Name: "DATABASE_SSL", Value: "false", }, + { + Name: "KC_HOST", + Value: fmt.Sprintf("http://%s-%s.%s.svc:8080", o.GetClowdName(), "keycloak", o.GetClowdNamespace()), + }, + { + Name: "KC_REALM", + Value: "unleash", + }, + { + Name: "KC_CLIENT_ID", + Value: "unleash", + }, + { + Name: "KC_ADMIN_ROLES", + Value: "admin", + }, + { + Name: "KC_EDITOR_ROLES", + Value: "editor", + }, + { + Name: "KC_VIEWER_ROLES", + Value: "viewer", + }, } envVars = provutils.AppendEnvVarsFromSecret(envVars, "featureflags-db", - provutils.NewSecretEnvVar("DATABASE_URL", "connectionURL"), + provutils.NewSecretEnvVar("DATABASE_HOST", "hostname"), + provutils.NewSecretEnvVar("DATABASE_PORT", "port"), + provutils.NewSecretEnvVar("DATABASE_USERNAME", "username"), + provutils.NewSecretEnvVar("DATABASE_PASSWORD", "password"), + provutils.NewSecretEnvVar("DATABASE_NAME", "name"), ) envVars = provutils.AppendEnvVarsFromSecret(envVars, nn.Name, provutils.NewSecretEnvVar("INIT_CLIENT_API_TOKENS", "clientAccessToken"), diff --git a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go index e22ac5a65..299ec1559 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go +++ b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go @@ -199,10 +199,10 @@ func configureKeycloak(web *localWebProvider) error { } func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, password string) error { - userData := &core.Secret{} + importData := &core.Secret{} userDataNN := providers.GetNamespacedName(o, "keycloak-realm-import") - if err := cache.Create(WebKeycloakImportSecret, userDataNN, userData); err != nil { + if err := cache.Create(WebKeycloakImportSecret, userDataNN, importData); err != nil { return err } @@ -211,20 +211,32 @@ func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, pas labeler := utils.MakeLabeler(userDataNN, labels, o) - labeler(userData) + labeler(importData) - userImportData, err := os.ReadFile("./jsons/redhat-external-realm.json") + readhatRealmData, err := os.ReadFile("./jsons/redhat-external-realm.json") if err != nil { return fmt.Errorf("could not read user data: %w", err) } - userData.StringData = map[string]string{} - userImportDataString := string(userImportData) - userImportDataString = strings.Replace(userImportDataString, "########PASSWORD########", password, 1) + unleashRealmData, err := os.ReadFile("./jsons/unleash-realm.json") + if err != nil { + return fmt.Errorf("could not read unleash-realm data: %w", err) + } + + unleashUsersData, err := os.ReadFile("./jsons/unleash-users.json") + if err != nil { + return fmt.Errorf("could not read unleash-users data: %w", err) + } + + importData.StringData = map[string]string{} + redhatRealmDataString := string(readhatRealmData) + redhatRealmDataString = strings.Replace(redhatRealmDataString, "########PASSWORD########", password, 1) - userData.StringData["redhat-external-realm.json"] = string(userImportDataString) + importData.StringData["redhat-external-realm.json"] = string(redhatRealmDataString) + importData.StringData["unleash-realm.json"] = string(unleashRealmData) + importData.StringData["unleash-users.json"] = string(unleashUsersData) - return cache.Update(WebKeycloakImportSecret, userData) + return cache.Update(WebKeycloakImportSecret, importData) } func baseProbeHandler(port int32, path string) core.ProbeHandler { @@ -307,10 +319,6 @@ func makeKeycloak(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.Obj Name: "PROXY_ADDRESS_FORWARDING", Value: "true", }, - { - Name: "KEYCLOAK_IMPORT", - Value: "/json/redhat-external-realm.json", - }, } envVars = provutils.AppendEnvVarsFromSecret(envVars, "keycloak-db", From 4b0bbee4b027c06dc0819dc72aa4b4f644b8d9f0 Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Thu, 21 Dec 2023 08:37:34 +0100 Subject: [PATCH 10/13] Fix client and typo --- .../providers/featureflags/localfeatureflags.go | 4 ++++ .../cloud.redhat.com/providers/web/resources_keycloak.go | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index eae924113..81a881853 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -264,6 +264,10 @@ func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap prov Name: "KC_VIEWER_ROLES", Value: "viewer", }, + { + Name: "KC_CLIENT_SECRET", + Value: "notsosecret", + }, } envVars = provutils.AppendEnvVarsFromSecret(envVars, "featureflags-db", diff --git a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go index 299ec1559..61ea66e33 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go +++ b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go @@ -223,7 +223,7 @@ func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, pas return fmt.Errorf("could not read unleash-realm data: %w", err) } - unleashUsersData, err := os.ReadFile("./jsons/unleash-users.json") + unleashUsersData, err := os.ReadFile("./jsons/unleash-users-0.json") if err != nil { return fmt.Errorf("could not read unleash-users data: %w", err) } @@ -234,7 +234,7 @@ func makeKeycloakImportSecretRealm(cache *rc.ObjectCache, o obj.ClowdObject, pas importData.StringData["redhat-external-realm.json"] = string(redhatRealmDataString) importData.StringData["unleash-realm.json"] = string(unleashRealmData) - importData.StringData["unleash-users.json"] = string(unleashUsersData) + importData.StringData["unleash-users-0.json"] = string(unleashUsersData) return cache.Update(WebKeycloakImportSecret, importData) } From 4e392b0689b0a30b2fa7a47373ed3e9847811feb Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Tue, 2 Jan 2024 13:00:41 +0100 Subject: [PATCH 11/13] Add security scanner config --- .gitleaks.toml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .gitleaks.toml diff --git a/.gitleaks.toml b/.gitleaks.toml new file mode 100644 index 000000000..2c23ae1a5 --- /dev/null +++ b/.gitleaks.toml @@ -0,0 +1,7 @@ +[allowlist] +description = "Global Allowlist" + +regexes = [ + # keycloak client secret used in local + '''ZYhToGucoRMwaWHxXyGKsjunXlXV6Uto''', +] From 51cc01e67b3f7d579f9bc0ab3ae1d8546ece97e5 Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Tue, 2 Jan 2024 20:15:21 +0100 Subject: [PATCH 12/13] make the getAuthHostname function public --- controllers/cloud.redhat.com/providers/web/local.go | 2 +- .../cloud.redhat.com/providers/web/resources_keycloak.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/web/local.go b/controllers/cloud.redhat.com/providers/web/local.go index 987319427..4f8e86195 100644 --- a/controllers/cloud.redhat.com/providers/web/local.go +++ b/controllers/cloud.redhat.com/providers/web/local.go @@ -262,7 +262,7 @@ func setSecretVersion(cache *rc.ObjectCache, nn types.NamespacedName, desiredVer return nil } -func getAuthHostname(hostname string) string { +func GetAuthHostname(hostname string) string { hostComponents := strings.Split(hostname, ".") hostComponents[0] += "-auth" return strings.Join(hostComponents, ".") diff --git a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go index 61ea66e33..7c60f4103 100644 --- a/controllers/cloud.redhat.com/providers/web/resources_keycloak.go +++ b/controllers/cloud.redhat.com/providers/web/resources_keycloak.go @@ -458,7 +458,7 @@ func makeAuthIngress(p *providers.Provider) error { IngressClassName: &ingressClass, Rules: []networking.IngressRule{ { - Host: getAuthHostname(p.Env.Status.Hostname), + Host: GetAuthHostname(p.Env.Status.Hostname), IngressRuleValue: networking.IngressRuleValue{ HTTP: &networking.HTTPIngressRuleValue{ Paths: []networking.HTTPIngressPath{{ From 01371d973eb48558178198e516ffd9736bc45102 Mon Sep 17 00:00:00 2001 From: "Victor M." Date: Tue, 2 Jan 2024 20:16:36 +0100 Subject: [PATCH 13/13] get keycloak public hostname --- .../providers/featureflags/localfeatureflags.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go index 81a881853..c80c19e8e 100644 --- a/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go +++ b/controllers/cloud.redhat.com/providers/featureflags/localfeatureflags.go @@ -211,14 +211,9 @@ func (ff *localFeatureFlagsProvider) Provide(_ *crd.ClowdApp) error { func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap providers.ObjectMap, _ bool, nodePort bool) { nn := providers.GetNamespacedName(o, "featureflags") - - //keycloakName := providers.GetNamespacedName(o, "") - keycloakSecret := core.Secret{} - cache.Get(web.WebKeycloakSecret, &keycloakSecret) - dd := objMap[LocalFFDeployment].(*apps.Deployment) svc := objMap[LocalFFService].(*core.Service) - + environment := o.(*crd.ClowdEnvironment) labels := o.GetLabels() labels["env-app"] = nn.Name labels["service"] = "featureflags" @@ -242,7 +237,7 @@ func makeLocalFeatureFlags(cache *rc.ObjectCache, o obj.ClowdObject, objMap prov }, { Name: "KC_HOST", - Value: fmt.Sprintf("http://%s-%s.%s.svc:8080", o.GetClowdName(), "keycloak", o.GetClowdNamespace()), + Value: web.GetAuthHostname(environment.Status.Hostname), }, { Name: "KC_REALM",